Ophestra
faf59e12c0
Some test elements implemented in the test tool might need to run outside the sandbox. This change allows that to happen. Signed-off-by: Ophestra <cat@gensokyo.uk>
86 lines
1.5 KiB
Nix
86 lines
1.5 KiB
Nix
pkgs: version:
|
|
let
|
|
inherit (pkgs)
|
|
lib
|
|
writeText
|
|
buildGoModule
|
|
pkg-config
|
|
util-linux
|
|
foot
|
|
;
|
|
|
|
fs = mode: dir: data: {
|
|
mode = lib.fromHexString mode;
|
|
inherit
|
|
dir
|
|
data
|
|
;
|
|
};
|
|
|
|
ignore = "//ignore";
|
|
|
|
ent = root: target: vfs_optstr: fstype: source: fs_optstr: {
|
|
id = -1;
|
|
parent = -1;
|
|
inherit
|
|
root
|
|
target
|
|
vfs_optstr
|
|
fstype
|
|
source
|
|
fs_optstr
|
|
;
|
|
};
|
|
|
|
checkSandbox = buildGoModule {
|
|
pname = "check-sandbox";
|
|
inherit version;
|
|
|
|
src = ../../.;
|
|
vendorHash = null;
|
|
|
|
buildInputs = [ util-linux ];
|
|
nativeBuildInputs = [ pkg-config ];
|
|
|
|
preBuild = ''
|
|
go mod init git.gensokyo.uk/security/fortify/test >& /dev/null
|
|
cp ${./main.go} main.go
|
|
'';
|
|
|
|
postInstall = ''
|
|
mv $out/bin/test $out/bin/fortify-test
|
|
'';
|
|
};
|
|
|
|
callTestCase =
|
|
path:
|
|
let
|
|
tc = import path {
|
|
inherit
|
|
fs
|
|
ent
|
|
ignore
|
|
;
|
|
};
|
|
in
|
|
{
|
|
name = "check-sandbox-${tc.name}";
|
|
verbose = true;
|
|
inherit (tc) tty mapRealUid;
|
|
share = foot;
|
|
packages = [ ];
|
|
path = "${checkSandbox}/bin/fortify-test";
|
|
args = [
|
|
"test"
|
|
(toString (writeText "fortify-${tc.name}-want.json" (builtins.toJSON tc.want)))
|
|
];
|
|
};
|
|
in
|
|
{
|
|
preset = callTestCase ./preset.nix;
|
|
tty = callTestCase ./tty.nix;
|
|
mapuid = callTestCase ./mapuid.nix;
|
|
|
|
_testProgram = checkSandbox;
|
|
}
|