security.pki: add test for ca-certificates.crt

author: Daiderd Jordan <daiderd@gmail.com> 2019-01-15 22:14:56 +0100
committer: Daiderd Jordan <daiderd@gmail.com> 2019-01-15 22:14:56 +0100
commit: c50ba6a354d939db008f2d5d4cd8da1dcda9ec12 (patch)
tree: f25cdb4b6fa3e33d161d0a8c3fa6ebbbbc06d16b /tests
parent: 2e525a93da518525567987c8097787e2aa22fd7a (diff)
1 files changed, 24 insertions, 0 deletions
diff --git a/tests/security-pki.nix b/tests/security-pki.nix
new file mode 100644
index 0000000..7aa8ec8
--- /dev/null
+++ b/tests/security-pki.nix
@@ -0,0 +1,24 @@
+{ config, pkgs, ... }:
+
+{
+  security.pki.certificates = [
+    ''
+      Fake Root CA
+      ------------
+    ''
+  ];
+
+  test = ''
+    echo "checking for ca-certificates.crt in /etc" >&2
+    test -e ${config.out}/etc/ssl/certs/ca-certificates.crt
+
+    echo "checking NIX_SSL_CERT_FILE in set-environment" >&2
+    grep 'NIX_SSL_CERT_FILE="/etc/ssl/certs/ca-certificates.crt"' ${config.system.build.setEnvironment}
+
+    echo "checking for certificates in ca-certificates.crt" >&2
+    grep -q 'BEGIN CERTIFICATE' ${config.out}/etc/ssl/certs/ca-certificates.crt
+
+    echo "checking for extra certificate in ca-certificates.crt" >&2
+    grep 'Fake Root CA' ${config.out}/etc/ssl/certs/ca-certificates.crt
+  '';
+}
author	Daiderd Jordan <daiderd@gmail.com>	2019-01-15 22:14:56 +0100
committer	Daiderd Jordan <daiderd@gmail.com>	2019-01-15 22:14:56 +0100
commit	c50ba6a354d939db008f2d5d4cd8da1dcda9ec12 (patch)
tree	f25cdb4b6fa3e33d161d0a8c3fa6ebbbbc06d16b /tests
parent	2e525a93da518525567987c8097787e2aa22fd7a (diff)