nixosTests.gocryptfs: fix test

This actually didn't work due to multiple issues: - Some statements used machine.execute, swallowing nonzero exit codes. In this particular case, it caused the mountpoint to stick around. - using `fileSytems."/plain"` has no effect in VM tests, virtualisation.fileSystems."/plain" needs to be used instead - `switch-to-configuration test` was invoked, so not actually switching at all. - Checking for `data.txt` to be present is a bit brittle. /tmp can be cleaned up. We can just add a known text and grep for that.
2026-06-05 21:03:40 +00:00 · 2026-06-02 20:10:32 +02:00
parent c3cc188e10
commit 14e17b46e4
1 changed files with 15 additions and 21 deletions
--- a/nixos/tests/gocryptfs.nix
+++ b/nixos/tests/gocryptfs.nix
@@ -14,7 +14,8 @@
      ];

      specialisation.fstab-test.configuration = {
-        fileSystems."/plain" = {
+        # This can't be fileSytems, as the qemu machinery doesn't honor it.
+        virtualisation.fileSystems."/plain" = {
          device = "/encrypted";
          fsType = "fuse.gocryptfs";
          options = [
@@ -27,31 +28,24 @@
    };

  testScript = ''
+    # Initialize a gocryptfs filesystem and mount it
+    machine.succeed("openssl rand -base64 32 > /tmp/password.txt")
+    machine.succeed("mkdir -p /encrypted /plain")
+    machine.succeed("gocryptfs -init /encrypted  -passfile /tmp/password.txt -quiet")
+    machine.succeed("gocryptfs /encrypted /plain  -passfile /tmp/password.txt -quiet")

-    # Generate a password
-    machine.execute("openssl rand -base64 32 > /tmp/password.txt")
+    # Drop a canary file and unmount
+    machine.succeed("echo success > /plain/data.txt")
+    machine.succeed("fusermount -u /plain")

-    # Initialize an encrypted vault
-    machine.execute("mkdir -p /encrypted /plain")
-    machine.execute("gocryptfs -init /encrypted  -passfile /password.txt -quiet")
+    # Switch to a specialisation that has this in /etc/fstab
+    machine.succeed("/run/current-system/specialisation/fstab-test/bin/switch-to-configuration switch")

-    # Open and mount vault
-    machine.execute("gocryptfs /encrypted /plain  -passfile /tmp/password.txt -quiet")
-
-    machine.execute("echo test > /plain/data.txt")
-    machine.execute("echo test > /tmp/data.txt")
-
-    # Unmount
-    machine.execute("fusermount -u /plain")
-
-    # Switch to the specialisation
-    machine.succeed("/run/current-system/specialisation/fstab-test/bin/switch-to-configuration test")
-
-    # Wait for mount
+    # Wait for mounts
    machine.wait_for_unit("local-fs.target")

-    # Check data
-    machine.succeed("diff /plain/data.txt /tmp/data.txt")
+    # Ensure the canary is alive
+    machine.succeed("grep -q success /plain/data.txt")

  '';
 }