diff options
author | Dino A. Dai Zovi <ddz@theta44.org> | 2021-07-11 20:00:06 +0000 |
---|---|---|
committer | Dino A. Dai Zovi <ddz@theta44.org> | 2021-07-11 20:27:00 +0000 |
commit | b089c39a2364725a7331f8e9a3a5198fc3dc0ef8 (patch) | |
tree | 7f6ee5fd3c1fad7daf1aa02b7a3670749bd324f3 | |
parent | 14df81c809e950da1c7356984abf0ff367a94136 (diff) | |
download | nixpkgs-b089c39a2364725a7331f8e9a3a5198fc3dc0ef8.tar nixpkgs-b089c39a2364725a7331f8e9a3a5198fc3dc0ef8.tar.gz nixpkgs-b089c39a2364725a7331f8e9a3a5198fc3dc0ef8.tar.bz2 nixpkgs-b089c39a2364725a7331f8e9a3a5198fc3dc0ef8.tar.lz nixpkgs-b089c39a2364725a7331f8e9a3a5198fc3dc0ef8.tar.xz nixpkgs-b089c39a2364725a7331f8e9a3a5198fc3dc0ef8.tar.zst nixpkgs-b089c39a2364725a7331f8e9a3a5198fc3dc0ef8.zip |
nixos/tests: update initrd-secrets test to test secret in /run/keys
Since /run/keys is a ramfs, it is not paged out and a good place to copy secrets to. Test whether secrets with a path in /run/keys exist after initrd.
-rw-r--r-- | nixos/tests/initrd-secrets.nix | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/nixos/tests/initrd-secrets.nix b/nixos/tests/initrd-secrets.nix index 10dd908502d..113a9cebf78 100644 --- a/nixos/tests/initrd-secrets.nix +++ b/nixos/tests/initrd-secrets.nix @@ -13,7 +13,12 @@ let machine = { ... }: { virtualisation.useBootLoader = true; - boot.initrd.secrets."/test" = secretInStore; + boot.initrd.secrets = { + "/test" = secretInStore; + + # This should *not* need to be copied in postMountCommands + "/run/keys/test" = secretInStore; + }; boot.initrd.postMountCommands = '' cp /test /mnt-root/secret-from-initramfs ''; @@ -26,7 +31,8 @@ let start_all() machine.wait_for_unit("multi-user.target") machine.succeed( - "cmp ${secretInStore} /secret-from-initramfs" + "cmp ${secretInStore} /secret-from-initramfs", + "cmp ${secretInStore} /run/keys/test", ) ''; }; |