]> git.scottworley.com Git - trustix-integration-tests/blobdiff - checks/one-publisher.nix
Try enabling the trustix service in the subscriber?
[trustix-integration-tests] / checks / one-publisher.nix
index b661624c0f476e184bd43f8b30c5d9e6d3ccf67a..c24d3a991e720b47284d81fec09de0bb8e70b08e 100644 (file)
@@ -67,6 +67,7 @@ let
         binaryCachePublicKeys = lib.mkForce [ "clint://@binaryCachePubKey@" ];
       };
       services.trustix = {
         binaryCachePublicKeys = lib.mkForce [ "clint://@binaryCachePubKey@" ];
       };
       services.trustix = {
+        enable = true;  # Fails with and without: https://github.com/tweak/trustix/issue/24
         subscribers = [{
           protocol = "nix";
           publicKey = {
         subscribers = [{
           protocol = "nix";
           publicKey = {
@@ -154,11 +155,27 @@ in nixosTest {
   };
   testScript = ''
     from os import getenv
   };
   testScript = ''
     from os import getenv
+    from threading import Thread
 
     alisha.wait_for_file("/keys/trustix-pub")
     alisha.copy_from_vm("/keys/trustix-pub")
     clint.copy_from_host(getenv("out") + "/trustix-pub", "/keys/alisha-signing-pub")
 
 
     alisha.wait_for_file("/keys/trustix-pub")
     alisha.copy_from_vm("/keys/trustix-pub")
     clint.copy_from_host(getenv("out") + "/trustix-pub", "/keys/alisha-signing-pub")
 
+    clint.wait_for_file("/keys/cache-priv-key.pem")
+    clint_thread = Thread(
+        target=lambda: clint.succeed(
+            "${
+              mkConfig {
+                config = clientConfig;
+                trustixPubKeyPath = "/keys/alisha-signing-pub";
+                binaryCachePubKeyPath = "/keys/cache-priv-key.pem";
+              }
+            }",
+            "nixos-rebuild switch --show-trace",
+        )
+    )
+    clint_thread.start()
+
     alisha.succeed(
         "${
           mkConfig {
     alisha.succeed(
         "${
           mkConfig {
@@ -170,17 +187,7 @@ in nixosTest {
     )
     alisha.succeed("nix-build '<nixpkgs>' -A hello")
 
     )
     alisha.succeed("nix-build '<nixpkgs>' -A hello")
 
-    clint.wait_for_file("/keys/cache-priv-key.pem")
-    clint.succeed(
-        "${
-          mkConfig {
-            config = clientConfig;
-            trustixPubKeyPath = "/keys/alisha-signing-pub";
-            binaryCachePubKeyPath = "/keys/cache-priv-key.pem";
-          }
-        }",
-        "nixos-rebuild switch --show-trace",
-    )
+    clint_thread.join()
     clint.succeed("nix-build '<nixpkgs>' -A hello")
     clint.fail("grep hello /var/log/local-builds")
   '';
     clint.succeed("nix-build '<nixpkgs>' -A hello")
     clint.fail("grep hello /var/log/local-builds")
   '';