nathan/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2026-06-05 21:03:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

nixosTests.gocryptfs: fix test (#527254)

Browse Source
This commit is contained in:
Pavol Rusnak
2026-06-03 12:40:57 +00:00
committed by GitHub
parent 3bb5f598e1 d31f1369fb
commit b5280b9d20
2 changed files with 18 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
nixos/tests/gocryptfs.nix
View File

@@ -14,7 +14,8 @@
];
specialisation.fstab-test.configuration = {
fileSystems."/plain" = {
# This can't be fileSytems, as the qemu machinery doesn't honor it.
virtualisation.fileSystems."/plain" = {
device = "/encrypted";
fsType = "fuse.gocryptfs";
options = [
@@ -27,31 +28,24 @@
};
testScript = ''
# Initialize a gocryptfs filesystem and mount it
machine.succeed("openssl rand -base64 32 > /tmp/password.txt")
machine.succeed("mkdir -p /encrypted /plain")
machine.succeed("gocryptfs -init /encrypted -passfile /tmp/password.txt -quiet")
machine.succeed("gocryptfs /encrypted /plain -passfile /tmp/password.txt -quiet")
# Generate a password
machine.execute("openssl rand -base64 32 > /tmp/password.txt")
# Drop a canary file and unmount
machine.succeed("echo success > /plain/data.txt")
machine.succeed("fusermount -u /plain")
# Initialize an encrypted vault
machine.execute("mkdir -p /encrypted /plain")
machine.execute("gocryptfs -init /encrypted -passfile /password.txt -quiet")
# Switch to a specialisation that has this in /etc/fstab
machine.succeed("/run/current-system/specialisation/fstab-test/bin/switch-to-configuration switch")
# Open and mount vault
machine.execute("gocryptfs /encrypted /plain -passfile /tmp/password.txt -quiet")
machine.execute("echo test > /plain/data.txt")
machine.execute("echo test > /tmp/data.txt")
# Unmount
machine.execute("fusermount -u /plain")
# Switch to the specialisation
machine.succeed("/run/current-system/specialisation/fstab-test/bin/switch-to-configuration test")
# Wait for mount
# Wait for mounts
machine.wait_for_unit("local-fs.target")
# Check data
machine.succeed("diff /plain/data.txt /tmp/data.txt")
# Ensure the canary is alive
machine.succeed("grep -q success /plain/data.txt")
'';
}

3
pkgs/by-name/go/gocryptfs/package.nix
View File

@@ -8,6 +8,7 @@
pandoc,
pkg-config,
libfido2,
nixosTests,
}:
buildGoModule (finalAttrs: {
@@ -63,6 +64,8 @@ buildGoModule (finalAttrs: {
ln -s $out/bin/gocryptfs $out/bin/mount.fuse.gocryptfs
'';
passthru.tests.gocryptfs = nixosTests.gocryptfs;
meta = {
description = "Encrypted overlay filesystem written in Go";
license = lib.licenses.mit;