age-plugin-tpm: 0.2.0 -> 0.3.0

nixos/tests/age-plugin-tpm-decrypt.nix

@@ -0,0 +1,33 @@
+{ pkgs, lib, ... }:
+{
+  name = "age-plugin-tpm-decrypt";
+  meta = with lib.maintainers; {
+    maintainers = [
+      sgo
+      josh
+    ];
+  };
+
+  nodes.machine =
+    { pkgs, ... }:
+    {
+      virtualisation.tpm.enable = true;
+      environment.systemPackages = with pkgs; [
+        age
+        age-plugin-tpm
+      ];
+    };
+
+  testScript = ''
+    machine.start()
+
+    machine.succeed("age-plugin-tpm --generate --output identity.txt")
+    machine.succeed("age-plugin-tpm --convert identity.txt --output recipient.txt")
+    machine.succeed("echo -n 'Hello World' >data.txt")
+
+    machine.succeed("age --encrypt --recipients-file recipient.txt --output data.age data.txt")
+    data = machine.succeed("age --decrypt --identity identity.txt data.age")
+
+    assert data == "Hello World"
+  '';
+}

nixos/tests/all-tests.nix

@@ -112,6 +112,7 @@ in {
   aesmd = runTestOn ["x86_64-linux"] ./aesmd.nix;
   agate = runTest ./web-servers/agate.nix;
   agda = handleTest ./agda.nix {};
+  age-plugin-tpm-decrypt = runTest ./age-plugin-tpm-decrypt.nix;
   agorakit = runTest ./web-apps/agorakit.nix;
   airsonic = handleTest ./airsonic.nix {};
   akkoma = handleTestOn [ "x86_64-linux" "aarch64-linux" ] ./akkoma.nix {};

pkgs/by-name/ag/age-plugin-tpm/package.nix

@@ -1,27 +1,31 @@
 {
   lib,
+  callPackage,
   buildGoModule,
   fetchFromGitHub,
+  nixosTests,
   swtpm,
   openssl,
+  age,
 }:
 
 buildGoModule rec {
   pname = "age-plugin-tpm";
-  version = "0.2.0";
+  version = "0.3.0";
 
   src = fetchFromGitHub {
     owner = "Foxboron";
     repo = "age-plugin-tpm";
-    rev = "v${version}";
-    hash = "sha256-oTvK8U5j+llHgoChhGb+vcUrUf9doVYxd3d5MEuCNz8=";
+    tag = "v${version}";
+    hash = "sha256-yr1PSSmcUoOrQ8VMQEoaCLNvDO+3+6N7XXdNUyYVz9M=";
   };
 
   proxyVendor = true;
 
-  vendorHash = "sha256-veduD0K3Onkqvyg9E5v854a6/8UIRQZEH098lUepRNU=";
+  vendorHash = "sha256-VEx6qP02QcwETOQUkMsrqVb+cOElceXcTDaUr480ngs=";
 
   nativeCheckInputs = [
+    age
     swtpm
   ];
 
@@ -34,12 +38,17 @@ buildGoModule rec {
     "-w"
   ];
 
+  passthru.tests = {
+    encrypt = callPackage ./tests/encrypt.nix { };
+    decrypt = nixosTests.age-plugin-tpm-decrypt;
+  };
+
   meta = with lib; {
     description = "TPM 2.0 plugin for age (This software is experimental, use it at your own risk)";
     mainProgram = "age-plugin-tpm";
     homepage = "https://github.com/Foxboron/age-plugin-tpm";
     license = licenses.mit;
-    platforms = platforms.linux;
+    platforms = platforms.all;
     maintainers = with maintainers; [
       kranzes
       sgo

pkgs/by-name/ag/age-plugin-tpm/tests/encrypt.nix

@@ -0,0 +1,18 @@
+{
+  runCommand,
+  age,
+  age-plugin-tpm,
+}:
+runCommand "age-plugin-tpm-encrypt"
+  {
+    nativeBuildInputs = [
+      age
+      age-plugin-tpm
+    ];
+    # example pubkey from Foxboron/age-plugin-tpm README
+    env.AGE_RECIPIENT = "age1tpm1qg86fn5esp30u9h6jy6zvu9gcsvnac09vn8jzjxt8s3qtlcv5h2x287wm36";
+  }
+  ''
+    echo "Hello World" | age --encrypt --armor --recipient "$AGE_RECIPIENT"
+    touch $out
+  ''