Testing with Nix - Public Room Timeline

	Testing with Nix	95 Members
		24 Servers

You have reached the beginning of time (for this room).

Sender	Message	Time
16 Oct 2023
Artturin	Maybe a new arg to `wait_for_unit`	06:11:39
Artturin	failState successState	06:12:13
l0b0	Weird. I just tried this: `service_name = "ssh-audit.service" ${serverName}.succeed(f"systemd-run --unit={service_name} ${pkgs.ssh-audit}/bin/ssh-audit --client-audit --port=${toString sshAuditPort}") ${serverName}.wait_for_unit(service_name) ${clientName}.execute( f"ssh {ssh_options} -i privkey.snakeoil -p ${toString sshAuditPort} ${sshUsername}@server true", check_return=False, timeout=10 ) ${serverName}.succeed(f"exit $(systemctl show --property=ExecMainStatus --value {service_name})")` Couldn't get it to fail when the configuration was bad.	06:15:40
Artturin	Btw it's possible to add env vars to the systemd-run env `dbus-update-activation-environment --systemd PATH` this would add the PATH	06:17:55
Artturin	* Btw it's possible to add env vars to the systemd-run env `dbus-update-activation-environment --systemd PATH` this would add the PATH, the sway module has `dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK XDG_CURRENT_DESKTOP`	06:18:27
Artturin	In reply to @vengmark2:matrix.org Weird. I just tried this: `service_name = "ssh-audit.service" ${serverName}.succeed(f"systemd-run --unit={service_name} ${pkgs.ssh-audit}/bin/ssh-audit --client-audit --port=${toString sshAuditPort}") ${serverName}.wait_for_unit(service_name) ${clientName}.execute( f"ssh {ssh_options} -i privkey.snakeoil -p ${toString sshAuditPort} ${sshUsername}@server true", check_return=False, timeout=10 ) ${serverName}.succeed(f"exit $(systemctl show --property=ExecMainStatus --value {service_name})")` Couldn't get it to fail when the configuration was bad. All the outputted thing should be in the output	06:20:24
Artturin	did it print the expected output but just didn't fail	06:20:34
l0b0	OIC, `${serverName}.wait_for_unit(service_name)` doesn't wait long enough, so the next line just never talks to `ssh-audit`.	06:22:36
l0b0	I think I might still need the `sleep(5)` then.	06:23:00
Artturin	hm yeah it just waits for active	06:23:19
l0b0	Because there's just no way to check that the port is open without shutting down `ssh-audit`.	06:23:28
l0b0	Yay, it worked! This is something I've been hoping to be able to do for years. Thank you, Artturin !	07:05:48
Artturin	l0b0: That tests looks like it could be added to nixpkgs	07:45:32
Artturin	and added to the package	07:46:15
Artturin	* and added to the package's passthru.tests	07:46:22
Artturin	hmm well there's your ssh-server.nix and ssh-client.nix	07:47:28
Artturin	well if you can think of a way im sure it would be useful	07:47:48
Artturin	Not exactly sure what it's testing	07:48:10
l0b0	It's checking that my configuration conforms to best practices as recommended by `ssh-audit`. I'm no SSH/security expert, but at least some of the recommendations make sense.	07:49:19
l0b0	It might be useful as a demo for what could be considered a secure configuration (at least by some segment of users) "right now", rather than just using the OpenSSH defaults like NixOS does.	07:50:41

Show newer messages

Back to Room ListRoom Version: 9