diff options
author | Jörg Thalheim <Mic92@users.noreply.github.com> | 2020-08-24 13:42:11 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-08-24 13:42:11 +0100 |
commit | 4c9ad3ca793e2418a725f2c227108b71db109913 (patch) | |
tree | 3dfb818a33da2cf65515970586a1723cb8792cb3 /nixos/tests/systemd.nix | |
parent | 5c70c5eeaa275aae90e1d3e5b63a6fdcf29bc850 (diff) | |
parent | e207de63f4f4a8f377eed1f522dc872f338eb26c (diff) | |
download | nixpkgs-4c9ad3ca793e2418a725f2c227108b71db109913.tar nixpkgs-4c9ad3ca793e2418a725f2c227108b71db109913.tar.gz nixpkgs-4c9ad3ca793e2418a725f2c227108b71db109913.tar.bz2 nixpkgs-4c9ad3ca793e2418a725f2c227108b71db109913.tar.lz nixpkgs-4c9ad3ca793e2418a725f2c227108b71db109913.tar.xz nixpkgs-4c9ad3ca793e2418a725f2c227108b71db109913.tar.zst nixpkgs-4c9ad3ca793e2418a725f2c227108b71db109913.zip |
Merge branch 'master' into nginx-update
Diffstat (limited to 'nixos/tests/systemd.nix')
-rw-r--r-- | nixos/tests/systemd.nix | 25 |
1 files changed, 24 insertions, 1 deletions
diff --git a/nixos/tests/systemd.nix b/nixos/tests/systemd.nix index a653932fb37..9d21f9158f3 100644 --- a/nixos/tests/systemd.nix +++ b/nixos/tests/systemd.nix @@ -4,7 +4,10 @@ import ./make-test-python.nix ({ pkgs, ... }: { machine = { lib, ... }: { imports = [ common/user-account.nix common/x11.nix ]; - virtualisation.emptyDiskImages = [ 512 ]; + virtualisation.emptyDiskImages = [ 512 512 ]; + virtualisation.memorySize = 1024; + + environment.systemPackages = [ pkgs.cryptsetup ]; fileSystems = lib.mkVMOverride { "/test-x-initrd-mount" = { @@ -144,5 +147,25 @@ import ./make-test-python.nix ({ pkgs, ... }: { assert "RuntimeWatchdogUSec=30s" in output assert "RebootWatchdogUSec=10m" in output assert "KExecWatchdogUSec=5m" in output + + # Test systemd cryptsetup support + with subtest("systemd successfully reads /etc/crypttab and unlocks volumes"): + # create a luks volume and put a filesystem on it + machine.succeed( + "echo -n supersecret | cryptsetup luksFormat -q /dev/vdc -", + "echo -n supersecret | cryptsetup luksOpen --key-file - /dev/vdc foo", + "mkfs.ext3 /dev/mapper/foo", + ) + + # create a keyfile and /etc/crypttab + machine.succeed("echo -n supersecret > /var/lib/luks-keyfile") + machine.succeed("chmod 600 /var/lib/luks-keyfile") + machine.succeed("echo 'luks1 /dev/vdc /var/lib/luks-keyfile luks' > /etc/crypttab") + + # after a reboot, systemd should unlock the volume and we should be able to mount it + machine.shutdown() + machine.succeed("systemctl status systemd-cryptsetup@luks1.service") + machine.succeed("mkdir -p /tmp/luks1") + machine.succeed("mount /dev/mapper/luks1 /tmp/luks1") ''; }) |