From beb3918809f0743e2275f6a3f358f622cea73d6b Mon Sep 17 00:00:00 2001
From: Ophestra <cat@gensokyo.uk>
Date: Thu, 13 Mar 2025 20:56:32 +0900
Subject: [PATCH] test: run go test under regular user

By default test vm commands run as root, this causes buildFHSEnv bwrap to cover some parts of /proc, making it impossible to mount proc in a mount namespace created under it. Running as a regular user gets around this issue.

Signed-off-by: Ophestra <cat@gensokyo.uk>
---
 test/default.nix | 11 +++++++++--
 test/test.py     |  9 ++++-----
 2 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/test/default.nix b/test/default.nix
index d803a23..bf3e007 100644
--- a/test/default.nix
+++ b/test/default.nix
@@ -15,8 +15,15 @@ nixosTest {
     {
       environment.systemPackages = [
         # For go tests:
-        self.packages.${system}.fhs
-        (writeShellScriptBin "fortify-src" "echo -n ${self.packages.${system}.fortify.src}")
+        (writeShellScriptBin "fortify-go-test" ''
+          set -e
+          WORK="$(mktemp -ud)"
+          cp -r "${self.packages.${system}.fortify.src}" "$WORK"
+          chmod -R +w "$WORK"
+          cd "$WORK"
+          ${self.packages.${system}.fhs}/bin/fortify-fhs -c \
+            'go generate ./... && go test ./... && touch /tmp/go-test-ok'
+        '')
       ];
 
       # Run with Go race detector:
diff --git a/test/test.py b/test/test.py
index 5a2ac24..03414a4 100644
--- a/test/test.py
+++ b/test/test.py
@@ -78,8 +78,7 @@ start_all()
 machine.wait_for_unit("multi-user.target")
 
 # Run fortify Go tests outside of nix build in the background:
-machine.succeed("rm -rf /tmp/src && cp -a \"$(fortify-src)\" /tmp/src")
-machine.succeed("fortify-fhs -c '(cd /tmp/src && go generate ./... && go test ./... && touch /tmp/success-gotest)' &> /tmp/gotest &")
+machine.succeed("sudo -u untrusted -i fortify-go-test &> /tmp/go-test &")
 
 # To check fortify's version:
 print(machine.succeed("sudo -u alice -i fortify version"))
@@ -217,6 +216,6 @@ machine.wait_for_file("/tmp/sway-exit-ok")
 print(machine.succeed("find /run/user/1000/fortify"))
 
 # Verify go test status:
-machine.wait_for_file("/tmp/gotest", timeout=5)
-print(machine.succeed("cat /tmp/gotest"))
-machine.wait_for_file("/tmp/success-gotest", timeout=5)
+machine.wait_for_file("/tmp/go-test", timeout=5)
+print(machine.succeed("cat /tmp/go-test"))
+machine.wait_for_file("/tmp/go-test-ok", timeout=5)