Test the inclusion of transitive symlinks in the sandbox

This commit is contained in:
Théophane Hufschmitt 2024-04-12 16:10:22 +02:00
parent acbb1523c1
commit cef677ddbc

View file

@ -61,9 +61,11 @@ testCert () {
nocert=$TEST_ROOT/no-cert-file.pem
cert=$TEST_ROOT/some-cert-file.pem
symlinkcert=$TEST_ROOT/symlink-cert-file.pem
transitivesymlinkcert=$TEST_ROOT/transitive-symlink-cert-file.pem
symlinkDir=$TEST_ROOT/symlink-dir
echo -n "CERT_CONTENT" > $cert
ln -s $cert $symlinkcert
ln -s $symlinkcert $transitivesymlinkcert
ln -s $TEST_ROOT $symlinkDir
# No cert in sandbox when not a fixed-output derivation
@ -78,8 +80,9 @@ testCert missing fixed-output "$nocert"
# Cert in sandbox when ssl-cert-file is set to an existing file
testCert present fixed-output "$cert"
# Cert in sandbox when ssl-cert-file is set to a symlink to an existing file
# Cert in sandbox when ssl-cert-file is set to a (potentially transitive) symlink to an existing file
testCert present fixed-output "$symlinkcert"
testCert present fixed-output "$transitivesymlinkcert"
# Symlinks should be added in the sandbox directly and not followed
nix-sandbox-build symlink-derivation.nix -A depends_on_symlink