From 58374fbaf31f3e248072bb7be7311055b72520a1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9-Patrick=20Bubel?= Date: Tue, 12 Sep 2017 13:57:37 +0200 Subject: [PATCH] Test opening encrypted filesystem with keyfile Checks for regression of missing cryptsetup, when no luks device without keyfile is configured --- nixos/tests/installer.nix | 41 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/nixos/tests/installer.nix b/nixos/tests/installer.nix index c1dae2a34fa3..670e4ce1aeaf 100644 --- a/nixos/tests/installer.nix +++ b/nixos/tests/installer.nix @@ -430,6 +430,47 @@ in { ''; }; + # Test whether opening encrypted filesystem with keyfile + # Checks for regression of missing cryptsetup, when no luks device without + # keyfile is configured + filesystemEncryptedWithKeyfile = makeInstallerTest "filesystemEncryptedWithKeyfile" + { createPartitions = '' + $machine->succeed( + "parted /dev/vda mklabel msdos", + "parted /dev/vda -- mkpart primary ext2 1M 50MB", # /boot + "parted /dev/vda -- mkpart primary linux-swap 50M 1024M", + "parted /dev/vda -- mkpart primary 1024M 1280M", # LUKS with keyfile + "parted /dev/vda -- mkpart primary 1280M -1s", + "udevadm settle", + "mkswap /dev/vda2 -L swap", + "swapon -L swap", + "mkfs.ext3 -L nixos /dev/vda4", + "mount LABEL=nixos /mnt", + "mkfs.ext3 -L boot /dev/vda1", + "mkdir -p /mnt/boot", + "mount LABEL=boot /mnt/boot", + "modprobe dm_mod dm_crypt", + "echo -n supersecret > /mnt/keyfile", + "cryptsetup luksFormat -q /dev/vda3 --key-file /mnt/keyfile", + "cryptsetup luksOpen --key-file /mnt/keyfile /dev/vda3 crypt", + "mkfs.ext3 -L test /dev/mapper/crypt", + "cryptsetup luksClose crypt", + "mkdir -p /mnt/test" + ); + ''; + extraConfig = '' + fileSystems."/test" = + { device = "/dev/disk/by-label/test"; + fsType = "ext3"; + encrypted.enable = true; + encrypted.blkDev = "/dev/vda3"; + encrypted.label = "crypt"; + encrypted.keyFile = "/mnt-root/keyfile"; + }; + ''; + }; + + swraid = makeInstallerTest "swraid" { createPartitions = ''