X-Git-Url: http://git.scottworley.com/trustix-integration-tests/blobdiff_plain/c5557e80db6b143ff7f6bff308398ff526b2a908..10dab29e82c78c396984b1d4a331679702bb0895:/checks/one-publisher.nix?ds=inline diff --git a/checks/one-publisher.nix b/checks/one-publisher.nix index b661624..c24d3a9 100644 --- a/checks/one-publisher.nix +++ b/checks/one-publisher.nix @@ -67,6 +67,7 @@ let binaryCachePublicKeys = lib.mkForce [ "clint://@binaryCachePubKey@" ]; }; services.trustix = { + enable = true; # Fails with and without: https://github.com/tweak/trustix/issue/24 subscribers = [{ protocol = "nix"; publicKey = { @@ -154,11 +155,27 @@ in nixosTest { }; testScript = '' from os import getenv + from threading import Thread alisha.wait_for_file("/keys/trustix-pub") alisha.copy_from_vm("/keys/trustix-pub") clint.copy_from_host(getenv("out") + "/trustix-pub", "/keys/alisha-signing-pub") + clint.wait_for_file("/keys/cache-priv-key.pem") + clint_thread = Thread( + target=lambda: clint.succeed( + "${ + mkConfig { + config = clientConfig; + trustixPubKeyPath = "/keys/alisha-signing-pub"; + binaryCachePubKeyPath = "/keys/cache-priv-key.pem"; + } + }", + "nixos-rebuild switch --show-trace", + ) + ) + clint_thread.start() + alisha.succeed( "${ mkConfig { @@ -170,17 +187,7 @@ in nixosTest { ) alisha.succeed("nix-build '' -A hello") - clint.wait_for_file("/keys/cache-priv-key.pem") - clint.succeed( - "${ - mkConfig { - config = clientConfig; - trustixPubKeyPath = "/keys/alisha-signing-pub"; - binaryCachePubKeyPath = "/keys/cache-priv-key.pem"; - } - }", - "nixos-rebuild switch --show-trace", - ) + clint_thread.join() clint.succeed("nix-build '' -A hello") clint.fail("grep hello /var/log/local-builds") '';