summary refs log tree commit diff
path: root/nixos/tests/initrd-secrets.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/tests/initrd-secrets.nix')
-rw-r--r--nixos/tests/initrd-secrets.nix35
1 files changed, 35 insertions, 0 deletions
diff --git a/nixos/tests/initrd-secrets.nix b/nixos/tests/initrd-secrets.nix
new file mode 100644
index 00000000000..10dd908502d
--- /dev/null
+++ b/nixos/tests/initrd-secrets.nix
@@ -0,0 +1,35 @@
+{ system ? builtins.currentSystem
+, config ? {}
+, pkgs ? import ../.. { inherit system config; }
+, lib ? pkgs.lib
+, testing ? import ../lib/testing-python.nix { inherit system pkgs; }
+}:
+let
+  secretInStore = pkgs.writeText "topsecret" "iamasecret";
+  testWithCompressor = compressor: testing.makeTest {
+    name = "initrd-secrets-${compressor}";
+
+    meta.maintainers = [ lib.maintainers.lheckemann ];
+
+    machine = { ... }: {
+      virtualisation.useBootLoader = true;
+      boot.initrd.secrets."/test" = secretInStore;
+      boot.initrd.postMountCommands = ''
+        cp /test /mnt-root/secret-from-initramfs
+      '';
+      boot.initrd.compressor = compressor;
+      # zstd compression is only supported from 5.9 onwards. Remove when 5.10 becomes default.
+      boot.kernelPackages = pkgs.linuxPackages_latest;
+    };
+
+    testScript = ''
+      start_all()
+      machine.wait_for_unit("multi-user.target")
+      machine.succeed(
+          "cmp ${secretInStore} /secret-from-initramfs"
+      )
+    '';
+  };
+in lib.flip lib.genAttrs testWithCompressor [
+  "cat" "gzip" "bzip2" "xz" "lzma" "lzop" "pigz" "pixz" "zstd"
+]