Merge pull request #29269 from Moredread/test_crypt_with_keyfile

Test opening encrypted filesystem with keyfile
This commit is contained in:
Franz Pletz 2017-11-19 20:30:59 +01:00 committed by GitHub
commit bdbaaad7de
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -461,6 +461,47 @@ in {
'';
};
# Test whether opening encrypted filesystem with keyfile
# Checks for regression of missing cryptsetup, when no luks device without
# keyfile is configured
filesystemEncryptedWithKeyfile = makeInstallerTest "filesystemEncryptedWithKeyfile"
{ createPartitions = ''
$machine->succeed(
"parted /dev/vda mklabel msdos",
"parted /dev/vda -- mkpart primary ext2 1M 50MB", # /boot
"parted /dev/vda -- mkpart primary linux-swap 50M 1024M",
"parted /dev/vda -- mkpart primary 1024M 1280M", # LUKS with keyfile
"parted /dev/vda -- mkpart primary 1280M -1s",
"udevadm settle",
"mkswap /dev/vda2 -L swap",
"swapon -L swap",
"mkfs.ext3 -L nixos /dev/vda4",
"mount LABEL=nixos /mnt",
"mkfs.ext3 -L boot /dev/vda1",
"mkdir -p /mnt/boot",
"mount LABEL=boot /mnt/boot",
"modprobe dm_mod dm_crypt",
"echo -n supersecret > /mnt/keyfile",
"cryptsetup luksFormat -q /dev/vda3 --key-file /mnt/keyfile",
"cryptsetup luksOpen --key-file /mnt/keyfile /dev/vda3 crypt",
"mkfs.ext3 -L test /dev/mapper/crypt",
"cryptsetup luksClose crypt",
"mkdir -p /mnt/test"
);
'';
extraConfig = ''
fileSystems."/test" =
{ device = "/dev/disk/by-label/test";
fsType = "ext3";
encrypted.enable = true;
encrypted.blkDev = "/dev/vda3";
encrypted.label = "crypt";
encrypted.keyFile = "/mnt-root/keyfile";
};
'';
};
swraid = makeInstallerTest "swraid"
{ createPartitions =
''