gitea-mirror/rosenpass
1
0
Fork 0
mirror of https://github.com/rosenpass/rosenpass.git synced 2026-02-28 14:33:37 -08:00
Code Issues Packages Projects Releases Wiki Activity

chore(rosenpass): Generate new keys for wireguard everytime the integration tests are run.

Browse Source
This commit is contained in:
David Niehues
2025-08-08 14:50:01 +02:00
parent 9d37c63da7
commit 7f9cc510a1
1 changed files with 26 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
tests/integration/rpsc-test.nix
View File

@@ -18,12 +18,32 @@ let
keyExchangePathBC = "/root/peer-bc.osk"; keyExchangePathBC = "/root/peer-bc.osk";
keyExchangePathCB = "/root/peer-cb.osk"; keyExchangePathCB = "/root/peer-cb.osk";
generateWgKeys =
name:
let
# The trailing line break that is generated by `wg genkey` and `wg pubkey` breaks the script rp-key-sync.nix to copy the preshared keys.
# We therefore remove the trailing spaces here.
privateKey = pkgs.runCommand "wg-private-${name}" { } ''
${pkgs.wireguard-tools}/bin/wg genkey | tr -d '\n' > $out
'';
publicKey = pkgs.runCommand "wg-public-${name}" { buildInputs = [ pkgs.wireguard-tools ]; } ''
cat ${privateKey} | wg pubkey | tr -d '\n' > $out
'';
in
{
inherit privateKey publicKey;
};
peerAWgKeys = generateWgKeys "peerA";
peerBWgKeys = generateWgKeys "peerB";
peerCWgKeys = if multiPeer then generateWgKeys "peerC" else null;
staticConfig = staticConfig =
{ {
peerA = { peerA = {
innerIp = "10.100.0.1"; innerIp = "10.100.0.1";
privateKey = "cB+EYXqf63F+8Kqn3Q1dr9ds5tQi4PkQU+WfLpZf2nU="; privateKey = builtins.readFile peerAWgKeys.privateKey;
publicKey = "+gsv8wlhKGKXUOYTw5r2tPpSr7CEeVBgH/kxZzeo9E8="; publicKey = builtins.readFile peerAWgKeys.publicKey;
rosenpassConfig = builtins.toFile "peer-a.toml" ( rosenpassConfig = builtins.toFile "peer-a.toml" (
'' ''
public_key = "${rosenpassKeyFolder}/self.pk" public_key = "${rosenpassKeyFolder}/self.pk"
@@ -46,8 +66,8 @@ let
}; };
peerB = { peerB = {
innerIp = "10.100.0.2"; innerIp = "10.100.0.2";
privateKey = "sL+9z4HAzkV01QYTQX5TA645PV8Vprk09vNNWSKjjW4="; privateKey = builtins.readFile peerBWgKeys.privateKey;
publicKey = "ZErZhjoSTiLCfPXl3TcnWyfvUtjP1mIQUH+2sRxI/wE="; publicKey = builtins.readFile peerBWgKeys.publicKey;
rosenpassConfig = builtins.toFile "peer-b.toml" ( rosenpassConfig = builtins.toFile "peer-b.toml" (
'' ''
public_key = "${rosenpassKeyFolder}/self.pk" public_key = "${rosenpassKeyFolder}/self.pk"
@@ -73,8 +93,8 @@ let
# peerC is only defined if we are in a multiPeer context. # peerC is only defined if we are in a multiPeer context.
peerC = { peerC = {
innerIp = "10.100.0.3"; innerIp = "10.100.0.3";
privateKey = "gOrlrKattR+hdpGc/0X2qFXWSbw0hW7AMLzb68cWBmI="; privateKey = builtins.readFile peerCWgKeys.privateKey;
publicKey = "23S38TaISe+GlrNJL5DyoN+EC6g2fSYbT1Kt1LUxhRA="; publicKey = builtins.readFile peerCWgKeys.publicKey;
rosenpassConfig = builtins.toFile "peer-c.toml" '' rosenpassConfig = builtins.toFile "peer-c.toml" ''
public_key = "${rosenpassKeyFolder}/self.pk" public_key = "${rosenpassKeyFolder}/self.pk"
secret_key = "${rosenpassKeyFolder}/self.sk" secret_key = "${rosenpassKeyFolder}/self.sk"
@@ -459,7 +479,6 @@ in
peerC.wait_for_unit("rp-key-sync-CB.service") peerC.wait_for_unit("rp-key-sync-CB.service")
''} ''}
# Voila! # Voila!
peerA.succeed("ping -c 1 ${staticConfig.peerB.innerIp}") peerA.succeed("ping -c 1 ${staticConfig.peerB.innerIp}")
peerB.succeed("ping -c 1 ${staticConfig.peerA.innerIp}") peerB.succeed("ping -c 1 ${staticConfig.peerA.innerIp}")