File tree Expand file tree Collapse file tree 1 file changed +9
-0
lines changed Expand file tree Collapse file tree 1 file changed +9
-0
lines changed Original file line number Diff line number Diff line change 3434 start_all()
3535 installer.succeed("mkdir -p /tmp/extra-files/var/lib/secrets")
3636 installer.succeed("echo value > /tmp/extra-files/var/lib/secrets/key")
37+ installer.succeed("mkdir -p /tmp/extra-files/home/user/.ssh")
38+ installer.succeed("echo secretkey > /tmp/extra-files/home/user/.ssh/id_ed25519")
39+ installer.succeed("echo publickey > /tmp/extra-files/home/user/.ssh/id_ed25519.pub")
40+ installer.succeed("chmod 600 /tmp/extra-files/home/user/.ssh/id_ed25519")
3741 ssh_key_path = "/etc/ssh/ssh_host_ed25519_key.pub"
3842 ssh_key_output = installer.wait_until_succeeds(f"""
3943 ssh -i /root/.ssh/install_key -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no \
4650 --kexec /etc/nixos-anywhere/kexec-installer \
4751 --extra-files /tmp/extra-files \
4852 --store-paths /etc/nixos-anywhere/disko /etc/nixos-anywhere/system-to-install \
53+ --chown /home/user 1000:100 \
4954 --copy-host-keys \
5055 root@installed >&2
5156 """)
6267 assert "value" == content, f"secret does not have expected value: {content}"
6368 ssh_key_content = new_machine.succeed(f"cat {ssh_key_path}").strip()
6469 assert ssh_key_content in ssh_key_output, "SSH host identity changed"
70+ priv_key_perms = new_machine.succeed("stat -c %a /home/user/.ssh/").strip()
71+ assert priv_key_perms == "600", f"unexpected permissions for private key: {priv_key_perms}"
72+ user_dir_ownership = new_machine.succeed("stat -c %u:%g /home/user").strip()
73+ assert user_dir_ownership == "1000:100", f"unexpected user home dir permissions: {user_dir_ownership}"
6574 '' ;
6675 }
6776)
You can’t perform that action at this time.
0 commit comments