diff options
author | Andreas Rammhold <andreas@rammhold.de> | 2019-03-01 23:47:19 +0100 |
---|---|---|
committer | Andreas Rammhold <andreas@rammhold.de> | 2019-03-02 13:56:52 +0100 |
commit | 839a37fdd24d66b04fc8bd634ffab17598ec485c (patch) | |
tree | 3adda0b6f9b2f721b9f576ca2ff7532fdd2342c4 /nixos/tests | |
parent | f716a7ec3221d3954395a0bc9b8124f4532bebb9 (diff) |
nixos/tests/installer: add cryptsetup tests for LUKS format 2 & default format
Diffstat (limited to 'nixos/tests')
-rw-r--r-- | nixos/tests/installer.nix | 70 |
1 files changed, 39 insertions, 31 deletions
diff --git a/nixos/tests/installer.nix b/nixos/tests/installer.nix index 2553a0d116ae..5e363f5d09e9 100644 --- a/nixos/tests/installer.nix +++ b/nixos/tests/installer.nix @@ -273,6 +273,37 @@ let }; }; + makeLuksRootTest = name: luksFormatOpts: makeInstallerTest "luksroot-format2" + { createPartitions = '' + $machine->succeed( + "flock /dev/vda parted --script /dev/vda -- mklabel msdos" + . " mkpart primary ext2 1M 50MB" # /boot + . " mkpart primary linux-swap 50M 1024M" + . " mkpart primary 1024M -1s", # LUKS + "udevadm settle", + "mkswap /dev/vda2 -L swap", + "swapon -L swap", + "modprobe dm_mod dm_crypt", + "echo -n supersecret | cryptsetup luksFormat ${luksFormatOpts} -q /dev/vda3 -", + "echo -n supersecret | cryptsetup luksOpen --key-file - /dev/vda3 cryptroot", + "mkfs.ext3 -L nixos /dev/mapper/cryptroot", + "mount LABEL=nixos /mnt", + "mkfs.ext3 -L boot /dev/vda1", + "mkdir -p /mnt/boot", + "mount LABEL=boot /mnt/boot", + ); + ''; + extraConfig = '' + boot.kernelParams = lib.mkAfter [ "console=tty0" ]; + ''; + enableOCR = true; + preBootCommands = '' + $machine->start; + $machine->waitForText(qr/Passphrase for/); + $machine->sendChars("supersecret\n"); + ''; + }; + in { @@ -446,37 +477,14 @@ in { ''; }; - # Boot off an encrypted root partition - luksroot = makeInstallerTest "luksroot" - { createPartitions = '' - $machine->succeed( - "flock /dev/vda parted --script /dev/vda -- mklabel msdos" - . " mkpart primary ext2 1M 50MB" # /boot - . " mkpart primary linux-swap 50M 1024M" - . " mkpart primary 1024M -1s", # LUKS - "udevadm settle", - "mkswap /dev/vda2 -L swap", - "swapon -L swap", - "modprobe dm_mod dm_crypt", - "echo -n supersecret | cryptsetup luksFormat -q /dev/vda3 -", - "echo -n supersecret | cryptsetup luksOpen --key-file - /dev/vda3 cryptroot", - "mkfs.ext3 -L nixos /dev/mapper/cryptroot", - "mount LABEL=nixos /mnt", - "mkfs.ext3 -L boot /dev/vda1", - "mkdir -p /mnt/boot", - "mount LABEL=boot /mnt/boot", - ); - ''; - extraConfig = '' - boot.kernelParams = lib.mkAfter [ "console=tty0" ]; - ''; - enableOCR = true; - preBootCommands = '' - $machine->start; - $machine->waitForText(qr/Passphrase for/); - $machine->sendChars("supersecret\n"); - ''; - }; + # Boot off an encrypted root partition with the default LUKS header format + luksroot = makeLuksRootTest "luksroot-format1" ""; + + # Boot off an encrypted root partition with LUKS1 format + luksroot-format1 = makeLuksRootTest "luksroot-format1" "--type=LUKS1"; + + # Boot off an encrypted root partition with LUKS2 format + luksroot-format2 = makeLuksRootTest "luksroot-format2" "--type=LUKS2"; # Test whether opening encrypted filesystem with keyfile # Checks for regression of missing cryptsetup, when no luks device without |