From b9ae16305487198d1553e78a7ad9c7b8e2cfa1af Mon Sep 17 00:00:00 2001 From: Joshua Peek Date: Sun, 16 Feb 2025 09:49:59 -0800 Subject: [PATCH] age-plugin-tpm: 0.2.0 -> 0.3.0 --- nixos/tests/age-plugin-tpm-decrypt.nix | 33 +++++++++++++++++++ nixos/tests/all-tests.nix | 1 + pkgs/by-name/ag/age-plugin-tpm/package.nix | 19 ++++++++--- .../ag/age-plugin-tpm/tests/encrypt.nix | 18 ++++++++++ 4 files changed, 66 insertions(+), 5 deletions(-) create mode 100644 nixos/tests/age-plugin-tpm-decrypt.nix create mode 100644 pkgs/by-name/ag/age-plugin-tpm/tests/encrypt.nix diff --git a/nixos/tests/age-plugin-tpm-decrypt.nix b/nixos/tests/age-plugin-tpm-decrypt.nix new file mode 100644 index 000000000000..d46bc875be18 --- /dev/null +++ b/nixos/tests/age-plugin-tpm-decrypt.nix @@ -0,0 +1,33 @@ +{ pkgs, lib, ... }: +{ + name = "age-plugin-tpm-decrypt"; + meta = with lib.maintainers; { + maintainers = [ + sgo + josh + ]; + }; + + nodes.machine = + { pkgs, ... }: + { + virtualisation.tpm.enable = true; + environment.systemPackages = with pkgs; [ + age + age-plugin-tpm + ]; + }; + + testScript = '' + machine.start() + + machine.succeed("age-plugin-tpm --generate --output identity.txt") + machine.succeed("age-plugin-tpm --convert identity.txt --output recipient.txt") + machine.succeed("echo -n 'Hello World' >data.txt") + + machine.succeed("age --encrypt --recipients-file recipient.txt --output data.age data.txt") + data = machine.succeed("age --decrypt --identity identity.txt data.age") + + assert data == "Hello World" + ''; +} diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 23beacd88d27..80eac3c033a9 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -112,6 +112,7 @@ in { aesmd = runTestOn ["x86_64-linux"] ./aesmd.nix; agate = runTest ./web-servers/agate.nix; agda = handleTest ./agda.nix {}; + age-plugin-tpm-decrypt = runTest ./age-plugin-tpm-decrypt.nix; agorakit = runTest ./web-apps/agorakit.nix; airsonic = handleTest ./airsonic.nix {}; akkoma = handleTestOn [ "x86_64-linux" "aarch64-linux" ] ./akkoma.nix {}; diff --git a/pkgs/by-name/ag/age-plugin-tpm/package.nix b/pkgs/by-name/ag/age-plugin-tpm/package.nix index 0e8dc385600d..73437e75bd37 100644 --- a/pkgs/by-name/ag/age-plugin-tpm/package.nix +++ b/pkgs/by-name/ag/age-plugin-tpm/package.nix @@ -1,27 +1,31 @@ { lib, + callPackage, buildGoModule, fetchFromGitHub, + nixosTests, swtpm, openssl, + age, }: buildGoModule rec { pname = "age-plugin-tpm"; - version = "0.2.0"; + version = "0.3.0"; src = fetchFromGitHub { owner = "Foxboron"; repo = "age-plugin-tpm"; - rev = "v${version}"; - hash = "sha256-oTvK8U5j+llHgoChhGb+vcUrUf9doVYxd3d5MEuCNz8="; + tag = "v${version}"; + hash = "sha256-yr1PSSmcUoOrQ8VMQEoaCLNvDO+3+6N7XXdNUyYVz9M="; }; proxyVendor = true; - vendorHash = "sha256-veduD0K3Onkqvyg9E5v854a6/8UIRQZEH098lUepRNU="; + vendorHash = "sha256-VEx6qP02QcwETOQUkMsrqVb+cOElceXcTDaUr480ngs="; nativeCheckInputs = [ + age swtpm ]; @@ -34,12 +38,17 @@ buildGoModule rec { "-w" ]; + passthru.tests = { + encrypt = callPackage ./tests/encrypt.nix { }; + decrypt = nixosTests.age-plugin-tpm-decrypt; + }; + meta = with lib; { description = "TPM 2.0 plugin for age (This software is experimental, use it at your own risk)"; mainProgram = "age-plugin-tpm"; homepage = "https://github.com/Foxboron/age-plugin-tpm"; license = licenses.mit; - platforms = platforms.linux; + platforms = platforms.all; maintainers = with maintainers; [ kranzes sgo diff --git a/pkgs/by-name/ag/age-plugin-tpm/tests/encrypt.nix b/pkgs/by-name/ag/age-plugin-tpm/tests/encrypt.nix new file mode 100644 index 000000000000..fe652b30792b --- /dev/null +++ b/pkgs/by-name/ag/age-plugin-tpm/tests/encrypt.nix @@ -0,0 +1,18 @@ +{ + runCommand, + age, + age-plugin-tpm, +}: +runCommand "age-plugin-tpm-encrypt" + { + nativeBuildInputs = [ + age + age-plugin-tpm + ]; + # example pubkey from Foxboron/age-plugin-tpm README + env.AGE_RECIPIENT = "age1tpm1qg86fn5esp30u9h6jy6zvu9gcsvnac09vn8jzjxt8s3qtlcv5h2x287wm36"; + } + '' + echo "Hello World" | age --encrypt --armor --recipient "$AGE_RECIPIENT" + touch $out + ''