test: run go test under regular user

By default test vm commands run as root, this causes buildFHSEnv bwrap to cover some parts of /proc, making it impossible to mount proc in a mount namespace created under it. Running as a regular user gets around this issue.

Signed-off-by: Ophestra <cat@gensokyo.uk>

test/default.nix

@@ -15,8 +15,15 @@ nixosTest {
     {
       environment.systemPackages = [
         # For go tests:
-        self.packages.${system}.fhs
-        (writeShellScriptBin "fortify-src" "echo -n ${self.packages.${system}.fortify.src}")
+        (writeShellScriptBin "fortify-go-test" ''
+          set -e
+          WORK="$(mktemp -ud)"
+          cp -r "${self.packages.${system}.fortify.src}" "$WORK"
+          chmod -R +w "$WORK"
+          cd "$WORK"
+          ${self.packages.${system}.fhs}/bin/fortify-fhs -c \
+            'go generate ./... && go test ./... && touch /tmp/go-test-ok'
+        '')
       ];
 
       # Run with Go race detector:

test/test.py

@@ -78,8 +78,7 @@ start_all()
 machine.wait_for_unit("multi-user.target")
 
 # Run fortify Go tests outside of nix build in the background:
-machine.succeed("rm -rf /tmp/src && cp -a \"$(fortify-src)\" /tmp/src")
-machine.succeed("fortify-fhs -c '(cd /tmp/src && go generate ./... && go test ./... && touch /tmp/success-gotest)' &> /tmp/gotest &")
+machine.succeed("sudo -u untrusted -i fortify-go-test &> /tmp/go-test &")
 
 # To check fortify's version:
 print(machine.succeed("sudo -u alice -i fortify version"))
@@ -217,6 +216,6 @@ machine.wait_for_file("/tmp/sway-exit-ok")
 print(machine.succeed("find /run/user/1000/fortify"))
 
 # Verify go test status:
-machine.wait_for_file("/tmp/gotest", timeout=5)
-print(machine.succeed("cat /tmp/gotest"))
-machine.wait_for_file("/tmp/success-gotest", timeout=5)
+machine.wait_for_file("/tmp/go-test", timeout=5)
+print(machine.succeed("cat /tmp/go-test"))
+machine.wait_for_file("/tmp/go-test-ok", timeout=5)