security/fortify
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 35 Wiki Activity

test: build test program in nixos config
All checks were successful
Test / Create distribution (push) Successful in 26s
Details
Test / Fpkg (push) Successful in 34s
Details
Test / Data race detector (push) Successful in 3m18s
Details
Test / Fortify (push) Successful in 1m53s
Details
Test / Flake checks (push) Successful in 57s
Details

Browse Source 
Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
Ophestra 2025-03-29 19:33:17 +09:00
parent 72c59f9229
commit 8b62e08b44
Signed by: cat
SSH Key Fingerprint: SHA256:gQ67O0enBZ7UdZypgtspB2FDM1g3GVw8nX0XSdcFw8Q
3 changed files with 37 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
test/configuration.nix
View File

@ -5,7 +5,38 @@
... ...
}: }:
let let
testCases = import ./sandbox/case pkgs config.environment.fortify.package.version; testProgram =
let
inherit (pkgs)
buildGoModule
pkg-config
util-linux
;
in
buildGoModule rec {
pname = "check-sandbox";
inherit (config.environment.fortify.package) version;
src = builtins.path {
name = "${pname}-src";
path = lib.cleanSource ./.;
filter = path: type: (type == "directory" && lib.hasSuffix "sandbox" path) || (type == "regular" && lib.hasSuffix ".go" path);
};
vendorHash = null;
buildInputs = [ util-linux ];
nativeBuildInputs = [ pkg-config ];
preBuild = ''
go mod init git.gensokyo.uk/security/fortify/test >& /dev/null
'';
postInstall = ''
mv $out/bin/test $out/bin/fortify-test
'';
};
testCases = import ./sandbox/case lib testProgram;
in in
{ {
users.users = { users.users = {
@ -42,7 +73,7 @@ in
mako mako
# For checking seccomp outcome: # For checking seccomp outcome:
testCases._testProgram testProgram
]; ];
variables = { variables = {

0
test/sandbox/case/main.go → test/main.go
View File

39
test/sandbox/case/default.nix
View File

@ -1,14 +1,5 @@
pkgs: version: lib: testProgram:
let let
inherit (pkgs)
lib
writeText
buildGoModule
pkg-config
util-linux
foot
;
fs = mode: dir: data: { fs = mode: dir: data: {
mode = lib.fromHexString mode; mode = lib.fromHexString mode;
inherit inherit
@ -32,26 +23,6 @@ let
; ;
}; };
checkSandbox = buildGoModule {
pname = "check-sandbox";
inherit version;
src = ../../.;
vendorHash = null;
buildInputs = [ util-linux ];
nativeBuildInputs = [ pkg-config ];
preBuild = ''
go mod init git.gensokyo.uk/security/fortify/test >& /dev/null
cp ${./main.go} main.go
'';
postInstall = ''
mv $out/bin/test $out/bin/fortify-test
'';
};
callTestCase = callTestCase =
path: path:
let let
@ -67,12 +38,12 @@ let
name = "check-sandbox-${tc.name}"; name = "check-sandbox-${tc.name}";
verbose = true; verbose = true;
inherit (tc) tty mapRealUid; inherit (tc) tty mapRealUid;
share = foot; share = testProgram;
packages = [ ]; packages = [ ];
path = "${checkSandbox}/bin/fortify-test"; path = "${testProgram}/bin/fortify-test";
args = [ args = [
"test" "test"
(toString (writeText "fortify-${tc.name}-want.json" (builtins.toJSON tc.want))) (toString (builtins.toFile "fortify-${tc.name}-want.json" (builtins.toJSON tc.want)))
]; ];
}; };
in in
@ -80,6 +51,4 @@ in
preset = callTestCase ./preset.nix; preset = callTestCase ./preset.nix;
tty = callTestCase ./tty.nix; tty = callTestCase ./tty.nix;
mapuid = callTestCase ./mapuid.nix; mapuid = callTestCase ./mapuid.nix;
_testProgram = checkSandbox;
} }