pyrox.dev / nixpkgs
lol
fork atom

Merge pull request #29269 from Moredread/test_crypt_with_keyfile

Test opening encrypted filesystem with keyfile

authored by Franz Pletz and committed by GitHub bdbaaad7 edcf51a3

+41
unified split
+41
nixos/tests/installer.nix
··· 461 461 ''; 462 462 }; 463 463 464 + # Test whether opening encrypted filesystem with keyfile 465 + # Checks for regression of missing cryptsetup, when no luks device without 466 + # keyfile is configured 467 + filesystemEncryptedWithKeyfile = makeInstallerTest "filesystemEncryptedWithKeyfile" 468 + { createPartitions = '' 469 + $machine->succeed( 470 + "parted /dev/vda mklabel msdos", 471 + "parted /dev/vda -- mkpart primary ext2 1M 50MB", # /boot 472 + "parted /dev/vda -- mkpart primary linux-swap 50M 1024M", 473 + "parted /dev/vda -- mkpart primary 1024M 1280M", # LUKS with keyfile 474 + "parted /dev/vda -- mkpart primary 1280M -1s", 475 + "udevadm settle", 476 + "mkswap /dev/vda2 -L swap", 477 + "swapon -L swap", 478 + "mkfs.ext3 -L nixos /dev/vda4", 479 + "mount LABEL=nixos /mnt", 480 + "mkfs.ext3 -L boot /dev/vda1", 481 + "mkdir -p /mnt/boot", 482 + "mount LABEL=boot /mnt/boot", 483 + "modprobe dm_mod dm_crypt", 484 + "echo -n supersecret > /mnt/keyfile", 485 + "cryptsetup luksFormat -q /dev/vda3 --key-file /mnt/keyfile", 486 + "cryptsetup luksOpen --key-file /mnt/keyfile /dev/vda3 crypt", 487 + "mkfs.ext3 -L test /dev/mapper/crypt", 488 + "cryptsetup luksClose crypt", 489 + "mkdir -p /mnt/test" 490 + ); 491 + ''; 492 + extraConfig = '' 493 + fileSystems."/test" = 494 + { device = "/dev/disk/by-label/test"; 495 + fsType = "ext3"; 496 + encrypted.enable = true; 497 + encrypted.blkDev = "/dev/vda3"; 498 + encrypted.label = "crypt"; 499 + encrypted.keyFile = "/mnt-root/keyfile"; 500 + }; 501 + ''; 502 + }; 503 + 504 + 464 505 swraid = makeInstallerTest "swraid" 465 506 { createPartitions = 466 507 ''