security/hakurei
6
3
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 11 Wiki Activity

test: run go test under regular user
All checks were successful
Test / Create distribution (push) Successful in 24s
Details
Test / Fpkg (push) Successful in 32s
Details
Test / Fortify (push) Successful in 2m16s
Details
Test / Data race detector (push) Successful in 2m46s
Details
Test / Flake checks (push) Successful in 54s
Details

Browse Source 
By default test vm commands run as root, this causes buildFHSEnv bwrap to cover some parts of /proc, making it impossible to mount proc in a mount namespace created under it. Running as a regular user gets around this issue.

Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
Ophestra
2025-03-13 20:56:32 +09:00
parent 2871426df2
commit beb3918809
2 changed files with 13 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
test/test.py
View File

@@ -78,8 +78,7 @@ start_all()
machine.wait_for_unit("multi-user.target")
# Run fortify Go tests outside of nix build in the background:
machine.succeed("rm -rf /tmp/src && cp -a \"$(fortify-src)\" /tmp/src")
machine.succeed("fortify-fhs -c '(cd /tmp/src && go generate ./... && go test ./... && touch /tmp/success-gotest)' &> /tmp/gotest &")
machine.succeed("sudo -u untrusted -i fortify-go-test &> /tmp/go-test &")
# To check fortify's version:
print(machine.succeed("sudo -u alice -i fortify version"))
@@ -217,6 +216,6 @@ machine.wait_for_file("/tmp/sway-exit-ok")
print(machine.succeed("find /run/user/1000/fortify"))
# Verify go test status:
machine.wait_for_file("/tmp/gotest", timeout=5)
print(machine.succeed("cat /tmp/gotest"))
machine.wait_for_file("/tmp/success-gotest", timeout=5)
machine.wait_for_file("/tmp/go-test", timeout=5)
print(machine.succeed("cat /tmp/go-test"))
machine.wait_for_file("/tmp/go-test-ok", timeout=5)