Merge pull request #93 from nix-community/zfs-crypto

tests: change passphrase to secretsecret
2024-09-11 06:25:33 +03:00 · 2022-12-27 09:05:22 +00:00 · 2022-12-27 09:05:22 +00:00 · 1006ff074c
commit 1006ff074c
parent 267fc7a66a 33f93c658e
7 changed files with 35 additions and 5 deletions
--- a/example/zfs.nix
+++ b/example/zfs.nix
@ -88,6 +88,21 @@
            mountpoint = "/ext4onzfs";
          };
        };
+        encrypted = {
+          zfs_type = "filesystem";
+          size = "20M";
+          options = {
+            mountpoint = "none";
+            encryption = "aes-256-gcm";
+            keyformat = "passphrase";
+            keylocation = "file:///tmp/secret.key";
+          };
+        };
+        "encrypted/test" = {
+          zfs_type = "filesystem";
+          size = "2M";
+          mountpoint = "/zfs_crypted";
+        };
      };
    };
  };
--- a/tests/cli.nix
+++ b/tests/cli.nix
@ -20,7 +20,7 @@ makeDiskoTest {
  enableOCR = true;
  bootCommands = ''
    machine.wait_for_text("Passphrase for")
-    machine.send_chars("secret\n")
+    machine.send_chars("secretsecret\n")
  '';
  extraConfig = {
    boot.kernelModules = [ "dm-raid" "dm-mirror" ];
--- a/tests/complex.nix
+++ b/tests/complex.nix
@ -19,7 +19,7 @@ makeDiskoTest {
  enableOCR = true;
  bootCommands = ''
    machine.wait_for_text("Passphrase for")
-    machine.send_chars("secret\n")
+    machine.send_chars("secretsecret\n")
  '';
  extraConfig = {
    boot.kernelModules = [ "dm-raid" "dm-mirror" ];
--- a/tests/lib.nix
+++ b/tests/lib.nix
@ -12,6 +12,7 @@
    , grub-devices ? [ "nodev" ]
    , efi ? true
    , enableOCR ? false
+    , postDisko ? ""
    , testMode ? "direct" # can be one of direct module cli
    , testBoot ? true # if we actually want to test booting or just create/mount
    }:
@ -123,7 +124,7 @@
            return machine

        machine.start()
-        machine.succeed("echo -n 'secret' > /tmp/secret.key")
+        machine.succeed("echo -n 'secretsecret' > /tmp/secret.key")
        ${lib.optionalString (testMode == "direct") ''
          machine.succeed("${tsp-create}")
          machine.succeed("${tsp-mount}")
@ -148,6 +149,8 @@
          machine.succeed("${tsp-disko}") # verify that we can destroy and recreate
        ''}

+        ${postDisko}
+
        ${lib.optionalString testBoot ''
          # mount nix-store in /mnt
          machine.succeed("mkdir -p /mnt/nix/store")
--- a/tests/luks-lvm.nix
+++ b/tests/luks-lvm.nix
@ -10,6 +10,6 @@ makeDiskoTest {
  enableOCR = true;
  bootCommands = ''
    machine.wait_for_text("Passphrase for")
-    machine.send_chars("secret\n")
+    machine.send_chars("secretsecret\n")
  '';
 }
--- a/tests/module.nix
+++ b/tests/module.nix
@ -20,7 +20,7 @@ makeDiskoTest {
  enableOCR = true;
  bootCommands = ''
    machine.wait_for_text("Passphrase for")
-    machine.send_chars("secret\n")
+    machine.send_chars("secretsecret\n")
  '';
  extraConfig = {
    boot.kernelModules = [ "dm-raid" "dm-mirror" ];
--- a/tests/zfs.nix
+++ b/tests/zfs.nix
@ -5,7 +5,16 @@ makeDiskoTest {
  disko-config = ../example/zfs.nix;
  extraConfig = {
    fileSystems."/zfs_legacy_fs".options = [ "nofail" ]; # TODO find out why we need this!
+    boot.zfs.requestEncryptionCredentials = true;
  };
+  postDisko = ''
+    machine.succeed("zfs set keylocation=prompt zroot/encrypted")
+  '';
+  enableOCR = true;
+  bootCommands = ''
+    machine.wait_for_text("passphrase for")
+    machine.send_chars("secretsecret\n")
+  '';
  extraTestScript = ''
    machine.succeed("test -b /dev/zvol/zroot/zfs_testvolume");

@ -25,5 +34,8 @@ makeDiskoTest {
    machine.succeed("mountpoint /zfs_fs");
    machine.succeed("mountpoint /zfs_legacy_fs");
    machine.succeed("mountpoint /ext4onzfs");
+    machine.succeed("mountpoint /zfs_crypted");
+    machine.succeed("zfs get keystatus zroot/encrypted");
+    machine.succeed("zfs get keystatus zroot/encrypted/test");
  '';
 }