import ./make-test-python.nix ({ lib, pkgs, ... }: let gpgKeyring = (pkgs.runCommand "gpg-keyring" { buildInputs = [ pkgs.gnupg ]; } '' mkdir -p $out export GNUPGHOME=$out cat > foo <<EOF %echo Generating a basic OpenPGP key %no-protection Key-Type: DSA Key-Length: 1024 Subkey-Type: ELG-E Subkey-Length: 1024 Name-Real: Foo Example Name-Email: foo@example.org Expire-Date: 0 # Do a commit here, so that we can later print "done" %commit %echo done EOF gpg --batch --generate-key foo rm $out/S.gpg-agent $out/S.gpg-agent.* ''); in { name = "hockeypuck"; meta.maintainers = with lib.maintainers; [ etu ]; nodes.machine = { ... }: { # Used for test environment.systemPackages = [ pkgs.gnupg ]; services.hockeypuck.enable = true; services.postgresql = { enable = true; ensureDatabases = [ "hockeypuck" ]; ensureUsers = [{ name = "hockeypuck"; ensureDBOwnership = true; }]; }; }; testScript = '' machine.wait_for_unit("hockeypuck.service") machine.wait_for_open_port(11371) response = machine.succeed("curl -vvv -s http://127.0.0.1:11371/") assert "<title>OpenPGP Keyserver</title>" in response, "HTML title not found" # Copy the keyring machine.succeed("cp -R ${gpgKeyring} /tmp/GNUPGHOME") # Extract our GPG key id keyId = machine.succeed("GNUPGHOME=/tmp/GNUPGHOME gpg --list-keys | grep dsa1024 --after-context=1 | grep -v dsa1024").strip() # Send the key to our local keyserver machine.succeed("GNUPGHOME=/tmp/GNUPGHOME gpg --keyserver hkp://127.0.0.1:11371 --send-keys " + keyId) # Receive the key from our local keyserver to a separate directory machine.succeed("GNUPGHOME=$(mktemp -d) gpg --keyserver hkp://127.0.0.1:11371 --recv-keys " + keyId) ''; })