diff options
| author | Linus Heckemann <git@sphalerite.org> | 2020-12-12 14:39:58 +0100 |
|---|---|---|
| committer | Linus Heckemann <git@sphalerite.org> | 2020-12-17 11:44:25 +0100 |
| commit | 3136e49b8ef0c40f33f618ee56f1c8959e6cbf88 (patch) | |
| tree | 4cceb1b2376df9fbd63e23cb48a13393ae84d9bb /nixos | |
| parent | d4ef25db5d794474b2e1a0e5afc55d42d10ac49f (diff) | |
| download | nixpkgs-3136e49b8ef0c40f33f618ee56f1c8959e6cbf88.tar nixpkgs-3136e49b8ef0c40f33f618ee56f1c8959e6cbf88.tar.gz nixpkgs-3136e49b8ef0c40f33f618ee56f1c8959e6cbf88.tar.bz2 nixpkgs-3136e49b8ef0c40f33f618ee56f1c8959e6cbf88.tar.lz nixpkgs-3136e49b8ef0c40f33f618ee56f1c8959e6cbf88.tar.xz nixpkgs-3136e49b8ef0c40f33f618ee56f1c8959e6cbf88.tar.zst nixpkgs-3136e49b8ef0c40f33f618ee56f1c8959e6cbf88.zip | |
nixos/tests: Add test for initrd secrets
lz4 compression is excluded because it doesn't work for a reason which remains unclear to me.
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/tests/all-tests.nix | 1 | ||||
| -rw-r--r-- | nixos/tests/initrd-secrets.nix | 35 |
2 files changed, 36 insertions, 0 deletions
diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 0c06e3f4424..8cbac702308 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -168,6 +168,7 @@ in initrd-network-openvpn = handleTest ./initrd-network-openvpn {}; initrd-network-ssh = handleTest ./initrd-network-ssh {}; initrdNetwork = handleTest ./initrd-network.nix {}; + initrd-secrets = handleTest ./initrd-secrets.nix {}; installer = handleTest ./installer.nix {}; iodine = handleTest ./iodine.nix {}; ipfs = handleTest ./ipfs.nix {}; diff --git a/nixos/tests/initrd-secrets.nix b/nixos/tests/initrd-secrets.nix new file mode 100644 index 00000000000..10dd908502d --- /dev/null +++ b/nixos/tests/initrd-secrets.nix @@ -0,0 +1,35 @@ +{ system ? builtins.currentSystem +, config ? {} +, pkgs ? import ../.. { inherit system config; } +, lib ? pkgs.lib +, testing ? import ../lib/testing-python.nix { inherit system pkgs; } +}: +let + secretInStore = pkgs.writeText "topsecret" "iamasecret"; + testWithCompressor = compressor: testing.makeTest { + name = "initrd-secrets-${compressor}"; + + meta.maintainers = [ lib.maintainers.lheckemann ]; + + machine = { ... }: { + virtualisation.useBootLoader = true; + boot.initrd.secrets."/test" = secretInStore; + boot.initrd.postMountCommands = '' + cp /test /mnt-root/secret-from-initramfs + ''; + boot.initrd.compressor = compressor; + # zstd compression is only supported from 5.9 onwards. Remove when 5.10 becomes default. + boot.kernelPackages = pkgs.linuxPackages_latest; + }; + + testScript = '' + start_all() + machine.wait_for_unit("multi-user.target") + machine.succeed( + "cmp ${secretInStore} /secret-from-initramfs" + ) + ''; + }; +in lib.flip lib.genAttrs testWithCompressor [ + "cat" "gzip" "bzip2" "xz" "lzma" "lzop" "pigz" "pixz" "zstd" +] |