From 2e14a72fa0de69db2b837e972c8ba36d1ed604de Mon Sep 17 00:00:00 2001
From: Neyts Zupan <zupo@users.noreply.github.com>
Date: Thu, 20 Mar 2025 17:07:29 +0000
Subject: [PATCH] paretosecurity: 0.0.88 -> 0.0.89

(cherry picked from commit c75a5fa70f5a671fc41a82bdefa7648f35360239)
---
 nixos/tests/paretosecurity.nix             | 19 +++++++++++++++++--
 pkgs/by-name/pa/paretosecurity/package.nix |  4 ++--
 2 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/nixos/tests/paretosecurity.nix b/nixos/tests/paretosecurity.nix
index 9e4c11c5f5c9..f4866359bd72 100644
--- a/nixos/tests/paretosecurity.nix
+++ b/nixos/tests/paretosecurity.nix
@@ -7,10 +7,25 @@
     { config, pkgs, ... }:
     {
       services.paretosecurity.enable = true;
+
+      users.users.alice = {
+        isNormalUser = true;
+      };
     };
 
   testScript = ''
-    (status, out) = machine.execute("paretosecurity check")
-    assert status == 1, "paretosecurity did not return 1 on failing checks"
+    machine.succeed(
+      "su -- alice -c 'paretosecurity check"
+
+      # Disable some checks that need intricate test setup so that this test
+      # remains simple and fast. Tests for all checks and edge cases available
+      # at https://github.com/ParetoSecurity/agent/tree/main/test/integration
+      + " --skip c96524f2-850b-4bb9-abc7-517051b6c14e"  # SecureBoot
+      + " --skip 37dee029-605b-4aab-96b9-5438e5aa44d8"  # Screen lock
+      + " --skip 21830a4e-84f1-48fe-9c5b-beab436b2cdb"  # Disk encryption
+      + " --skip 44e4754a-0b42-4964-9cc2-b88b2023cb1e"  # Pareto Security is up to date
+      + " --skip f962c423-fdf5-428a-a57a-827abc9b253e"  # Password manager installed
+      + "'"
+    )
   '';
 }
diff --git a/pkgs/by-name/pa/paretosecurity/package.nix b/pkgs/by-name/pa/paretosecurity/package.nix
index 6a128e775047..6a31b5b01783 100644
--- a/pkgs/by-name/pa/paretosecurity/package.nix
+++ b/pkgs/by-name/pa/paretosecurity/package.nix
@@ -9,13 +9,13 @@
 
 buildGoModule rec {
   pname = "paretosecurity";
-  version = "0.0.88";
+  version = "0.0.89";
 
   src = fetchFromGitHub {
     owner = "ParetoSecurity";
     repo = "agent";
     rev = version;
-    hash = "sha256-UVnZhkajrc9q6AZvIU7oi931ugxkiVSPk1NugAERnek=";
+    hash = "sha256-qZMJFrkHRurUvltDVubyfol5IHKxfyDbNE2XFo/KXF8=";
   };
 
   vendorHash = "sha256-HReQu23sHLaxc5N8h2vYv64ruJPmY4HM9whAEKV+3Eo=";