nathan/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2026-06-05 21:03:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

nixosTests/initrd-luks-empty-passphrase: replace direct bootctl call with switch-to-configuration invocation

Browse Source
This commit is contained in:
r-vdp
2026-06-05 18:55:20 +03:00
parent 7e7ed65f29
commit 923a32a64f
1 changed files with 52 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

88
nixos/tests/initrd-luks-empty-passphrase.nix
View File

@@ -61,47 +61,63 @@ in
};
};
testScript = ''
# Encrypt key with empty key so boot should try keyfile and then fallback to empty passphrase
testScript =
{ nodes, ... }:
let
toplevel = nodes.machine.system.build.toplevel;
boot-luks-missing-keyfile =
nodes.machine.specialisation.boot-luks-missing-keyfile.configuration.system.build.toplevel;
boot-luks-wrong-keyfile =
nodes.machine.specialisation.boot-luks-wrong-keyfile.configuration.system.build.toplevel;
in
# python
''
# Encrypt key with empty key so boot should try keyfile and then fallback to empty passphrase
def grub_select_boot_luks_wrong_key_file():
"""
Selects "boot-luks" from the GRUB menu
to trigger a login request.
"""
machine.send_monitor_command("sendkey down")
machine.send_monitor_command("sendkey down")
machine.send_monitor_command("sendkey ret")
def grub_select_boot_luks_wrong_key_file():
"""
Selects "boot-luks" from the GRUB menu
to trigger a login request.
"""
machine.send_monitor_command("sendkey down")
machine.send_monitor_command("sendkey down")
machine.send_monitor_command("sendkey ret")
def grub_select_boot_luks_missing_key_file():
"""
Selects "boot-luks" from the GRUB menu
to trigger a login request.
"""
machine.send_monitor_command("sendkey down")
machine.send_monitor_command("sendkey ret")
def grub_select_boot_luks_missing_key_file():
"""
Selects "boot-luks" from the GRUB menu
to trigger a login request.
"""
machine.send_monitor_command("sendkey down")
machine.send_monitor_command("sendkey ret")
# Create encrypted volume
machine.wait_for_unit("multi-user.target")
machine.succeed("echo "" | cryptsetup luksFormat /dev/vdb --batch-mode")
machine.succeed("echo "" | cryptsetup luksOpen /dev/vdb cryptroot")
machine.succeed("mkfs.ext4 /dev/mapper/cryptroot")
machine.succeed("bootctl set-default nixos-generation-1-specialisation-boot-luks-wrong-keyfile.conf")
machine.succeed("sync")
machine.crash()
# Create encrypted volume
machine.wait_for_unit("multi-user.target")
machine.succeed("echo "" | cryptsetup luksFormat /dev/vdb --batch-mode")
machine.succeed("echo "" | cryptsetup luksOpen /dev/vdb cryptroot")
machine.succeed("mkfs.ext4 /dev/mapper/cryptroot")
machine.succeed("${boot-luks-wrong-keyfile}/bin/switch-to-configuration boot")
machine.succeed("sync")
machine.crash()
# Check if rootfs is on /dev/mapper/cryptroot
machine.wait_for_unit("multi-user.target")
assert "/dev/mapper/cryptroot on / type ext4" in machine.succeed("mount")
# Check if rootfs is on /dev/mapper/cryptroot
machine.wait_for_unit("multi-user.target")
assert "/dev/mapper/cryptroot on / type ext4" in machine.succeed("mount")
# Choose boot-luks-missing-keyfile specialisation
machine.succeed("bootctl set-default nixos-generation-1-specialisation-boot-luks-missing-keyfile.conf")
machine.succeed("sync")
machine.crash()
# Choose boot-luks-missing-keyfile specialisation
machine.succeed(
"mkdir -p /nix/var/nix/profiles",
"ln -sfn ${toplevel} /nix/var/nix/profiles/system-1-link",
"ln -sfn system-1-link /nix/var/nix/profiles/system",
)
# Check if rootfs is on /dev/mapper/cryptroot
machine.wait_for_unit("multi-user.target")
assert "/dev/mapper/cryptroot on / type ext4" in machine.succeed("mount")
'';
machine.succeed("${boot-luks-missing-keyfile}/bin/switch-to-configuration boot")
machine.succeed("sync")
machine.crash()
# Check if rootfs is on /dev/mapper/cryptroot
machine.wait_for_unit("multi-user.target")
assert "/dev/mapper/cryptroot on / type ext4" in machine.succeed("mount")
'';
}