Merge pull request #29269 from Moredread/test_crypt_with_keyfile
Test opening encrypted filesystem with keyfile
This commit is contained in:
commit
bdbaaad7de
@ -461,6 +461,47 @@ in {
|
||||
'';
|
||||
};
|
||||
|
||||
# Test whether opening encrypted filesystem with keyfile
|
||||
# Checks for regression of missing cryptsetup, when no luks device without
|
||||
# keyfile is configured
|
||||
filesystemEncryptedWithKeyfile = makeInstallerTest "filesystemEncryptedWithKeyfile"
|
||||
{ createPartitions = ''
|
||||
$machine->succeed(
|
||||
"parted /dev/vda mklabel msdos",
|
||||
"parted /dev/vda -- mkpart primary ext2 1M 50MB", # /boot
|
||||
"parted /dev/vda -- mkpart primary linux-swap 50M 1024M",
|
||||
"parted /dev/vda -- mkpart primary 1024M 1280M", # LUKS with keyfile
|
||||
"parted /dev/vda -- mkpart primary 1280M -1s",
|
||||
"udevadm settle",
|
||||
"mkswap /dev/vda2 -L swap",
|
||||
"swapon -L swap",
|
||||
"mkfs.ext3 -L nixos /dev/vda4",
|
||||
"mount LABEL=nixos /mnt",
|
||||
"mkfs.ext3 -L boot /dev/vda1",
|
||||
"mkdir -p /mnt/boot",
|
||||
"mount LABEL=boot /mnt/boot",
|
||||
"modprobe dm_mod dm_crypt",
|
||||
"echo -n supersecret > /mnt/keyfile",
|
||||
"cryptsetup luksFormat -q /dev/vda3 --key-file /mnt/keyfile",
|
||||
"cryptsetup luksOpen --key-file /mnt/keyfile /dev/vda3 crypt",
|
||||
"mkfs.ext3 -L test /dev/mapper/crypt",
|
||||
"cryptsetup luksClose crypt",
|
||||
"mkdir -p /mnt/test"
|
||||
);
|
||||
'';
|
||||
extraConfig = ''
|
||||
fileSystems."/test" =
|
||||
{ device = "/dev/disk/by-label/test";
|
||||
fsType = "ext3";
|
||||
encrypted.enable = true;
|
||||
encrypted.blkDev = "/dev/vda3";
|
||||
encrypted.label = "crypt";
|
||||
encrypted.keyFile = "/mnt-root/keyfile";
|
||||
};
|
||||
'';
|
||||
};
|
||||
|
||||
|
||||
swraid = makeInstallerTest "swraid"
|
||||
{ createPartitions =
|
||||
''
|
||||
|
Loading…
Reference in New Issue
Block a user