pyrox.dev
Merge pull request #139907 from rnhmjoj/test-fixes
nixos/tests: fix for memorySize being an integer
authored by
Michele Guerini Rocco
and committed by
GitHub
28e1ca8e
3ffc3d27
+12
-12
nixos/tests/custom-ca.nix
+12
-12
nixos/tests/custom-ca.nix
···
82
# chromium-based browsers refuse to run as root
83
test-support.displayManager.auto.user = "alice";
84
# browsers may hang with the default memory
85
-
virtualisation.memorySize = "500";
86
87
networking.hosts."127.0.0.1" = [ "good.example.com" "bad.example.com" ];
88
security.pki.certificateFiles = [ "${example-good-cert}/ca.crt" ];
···
113
# which is why it will not use the system certificate store for the time being.
114
# firefox
115
chromium
116
-
falkon
117
midori
118
];
119
};
···
152
with subtest("Unknown CA is untrusted in curl"):
153
machine.fail("curl -fv https://bad.example.com")
154
155
-
browsers = [
156
# Firefox was disabled here, because we needed to disable p11-kit support in nss,
157
# which is why it will not use the system certificate store for the time being.
158
-
# "firefox",
159
-
"chromium",
160
-
"falkon",
161
-
"midori"
162
-
]
163
-
errors = ["Security Risk", "not private", "Certificate Error", "Security"]
164
165
machine.wait_for_x()
166
-
for browser, error in zip(browsers, errors):
167
with subtest("Good certificate is trusted in " + browser):
168
execute_as(
169
-
"alice", f"env P11_KIT_DEBUG=trust {browser} https://good.example.com & >&2"
170
)
171
wait_for_window_as("alice", browser)
172
machine.wait_for_text("It works!")
···
174
execute_as("alice", "xdotool key ctrl+w") # close tab
175
176
with subtest("Unknown CA is untrusted in " + browser):
177
-
execute_as("alice", f"{browser} https://bad.example.com & >&2")
178
machine.wait_for_text(error)
179
machine.screenshot("bad" + browser)
180
machine.succeed("pkill " + browser)
···
82
# chromium-based browsers refuse to run as root
83
test-support.displayManager.auto.user = "alice";
84
# browsers may hang with the default memory
85
+
virtualisation.memorySize = 500;
86
87
networking.hosts."127.0.0.1" = [ "good.example.com" "bad.example.com" ];
88
security.pki.certificateFiles = [ "${example-good-cert}/ca.crt" ];
···
113
# which is why it will not use the system certificate store for the time being.
114
# firefox
115
chromium
116
+
qutebrowser
117
midori
118
];
119
};
···
152
with subtest("Unknown CA is untrusted in curl"):
153
machine.fail("curl -fv https://bad.example.com")
154
155
+
browsers = {
156
# Firefox was disabled here, because we needed to disable p11-kit support in nss,
157
# which is why it will not use the system certificate store for the time being.
158
+
#"firefox": "Security Risk",
159
+
"chromium": "not private",
160
+
"qutebrowser -T": "Certificate error",
161
+
"midori": "Security"
162
+
}
163
164
machine.wait_for_x()
165
+
for command, error in browsers.items():
166
+
browser = command.split()[0]
167
with subtest("Good certificate is trusted in " + browser):
168
execute_as(
169
+
"alice", f"env P11_KIT_DEBUG=trust {command} https://good.example.com & >&2"
170
)
171
wait_for_window_as("alice", browser)
172
machine.wait_for_text("It works!")
···
174
execute_as("alice", "xdotool key ctrl+w") # close tab
175
176
with subtest("Unknown CA is untrusted in " + browser):
177
+
execute_as("alice", f"{command} https://bad.example.com & >&2")
178
machine.wait_for_text(error)
179
machine.screenshot("bad" + browser)
180
machine.succeed("pkill " + browser)
+1
-1
nixos/tests/firefox.nix
+1
-1
nixos/tests/firefox.nix