age-plugin-tpm: 0.2.0 -> 0.3.0

NixOS · Feb 18, 2025 · 2661ba9 · 2661ba9
1 parent b921710
commit 2661ba9
Show file tree

Hide file tree

Showing 4 changed files with 68 additions and 5 deletions.
diff --git a/nixos/tests/age-plugin-tpm-decrypt.nix b/nixos/tests/age-plugin-tpm-decrypt.nix
@@ -0,0 +1,35 @@
+import ./make-test-python.nix (
+  { pkgs, ... }:
+  {
+    name = "age-plugin-tpm-decrypt";
+    meta = with pkgs.lib.maintainers; {
+      maintainers = [
+        sgo
+        josh
+      ];
+    };
+
+    nodes.machine =
+      { pkgs, ... }:
+      {
+        virtualisation.tpm.enable = true;
+        environment.systemPackages = with pkgs; [
+          age
+          age-plugin-tpm
+        ];
+      };
+
+    testScript = ''
+      machine.start()
+
+      machine.succeed("age-plugin-tpm --generate --output identity.txt")
+      machine.succeed("age-plugin-tpm --convert identity.txt --output recipient.txt")
+      machine.succeed("echo -n 'Hello World' >data.txt")
+
+      machine.succeed("age --encrypt --recipients-file recipient.txt --output data.age data.txt")
+      data = machine.succeed("age --decrypt --identity identity.txt data.age")
+
+      assert data == "Hello World"
+    '';
+  }
+)
diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix
@@ -112,6 +112,7 @@ in {
   aesmd = runTestOn ["x86_64-linux"] ./aesmd.nix;
   agate = runTest ./web-servers/agate.nix;
   agda = handleTest ./agda.nix {};
+  age-plugin-tpm-decrypt = runTest ./age-plugin-tpm-decrypt.nix {};
   agorakit = runTest ./web-apps/agorakit.nix;
   airsonic = handleTest ./airsonic.nix {};
   akkoma = handleTestOn [ "x86_64-linux" "aarch64-linux" ] ./akkoma.nix {};

diff --git a/pkgs/by-name/ag/age-plugin-tpm/package.nix b/pkgs/by-name/ag/age-plugin-tpm/package.nix
@@ -1,27 +1,31 @@
 {
   lib,
+  callPackage,
   buildGoModule,
   fetchFromGitHub,
+  nixosTests,
   swtpm,
   openssl,
+  age,
 }:
 
 buildGoModule rec {
   pname = "age-plugin-tpm";
-  version = "0.2.0";
+  version = "0.3.0";
 
   src = fetchFromGitHub {
     owner = "Foxboron";
     repo = "age-plugin-tpm";
-    rev = "v${version}";
-    hash = "sha256-oTvK8U5j+llHgoChhGb+vcUrUf9doVYxd3d5MEuCNz8=";
+    tag = "v${version}";
+    hash = "sha256-yr1PSSmcUoOrQ8VMQEoaCLNvDO+3+6N7XXdNUyYVz9M=";
   };
 
   proxyVendor = true;
 
-  vendorHash = "sha256-veduD0K3Onkqvyg9E5v854a6/8UIRQZEH098lUepRNU=";
+  vendorHash = "sha256-VEx6qP02QcwETOQUkMsrqVb+cOElceXcTDaUr480ngs=";
 
   nativeCheckInputs = [
+    age
     swtpm
   ];
 
@@ -34,12 +38,17 @@ buildGoModule rec {
     "-w"
   ];
 
+  passthru.tests = {
+    encrypt = callPackage ./tests/encrypt.nix { };
+    decrypt = nixosTests.age-plugin-tpm-decrypt;
+  };
+
   meta = with lib; {
     description = "TPM 2.0 plugin for age (This software is experimental, use it at your own risk)";
     mainProgram = "age-plugin-tpm";
     homepage = "https://github.com/Foxboron/age-plugin-tpm";
     license = licenses.mit;
-    platforms = platforms.linux;
+    platforms = platforms.all;
     maintainers = with maintainers; [
       kranzes
       sgo

diff --git a/pkgs/by-name/ag/age-plugin-tpm/tests/encrypt.nix b/pkgs/by-name/ag/age-plugin-tpm/tests/encrypt.nix
@@ -0,0 +1,18 @@
+{
+  runCommand,
+  age,
+  age-plugin-tpm,
+}:
+runCommand "age-plugin-tpm-encrypt"
+  {
+    nativeBuildInputs = [
+      age
+      age-plugin-tpm
+    ];
+    # example pubkey from Foxboron/age-plugin-tpm README
+    env.AGE_RECIPIENT = "age1tpm1qg86fn5esp30u9h6jy6zvu9gcsvnac09vn8jzjxt8s3qtlcv5h2x287wm36";
+  }
+  ''
+    echo "Hello World" | age --encrypt --armor --recipient "$AGE_RECIPIENT"
+    touch $out
+  ''