wroclaw-git-backups/nix
1
0
Fork 0
mirror of https://github.com/NixOS/nix synced 2025-07-10 04:43:53 +02:00
Code Activity

Merge pull request #8589 from jfroche/sign-paths-as-allowed-user

Browse source 
Allow to sign path as unprivileged user
This commit is contained in:
Eelco Dolstra 2023-06-30 13:13:42 +02:00 committed by GitHub
commit a0c617348b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 18 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

15
tests/nixos/authorization.nix
View file

@ -75,5 +75,20 @@
su --login bob -c '(! nix-store --verify --repair 2>&1)' | tee diag 1>&2
grep -F "you are not privileged to repair paths" diag
""")
machine.succeed("""
set -x
su --login mallory -c '
nix-store --generate-binary-cache-key cache1.example.org sk1 pk1
(! nix store sign --key-file sk1 ${pathFour} 2>&1)' | tee diag 1>&2
grep -F "cannot open connection to remote store 'daemon'" diag
""")
machine.succeed("""
su --login bob -c '
nix-store --generate-binary-cache-key cache1.example.org sk1 pk1
nix store sign --key-file sk1 ${pathFour}
'
""")
'';
}