Remove trialing newline in passwordFile

2024-09-17 09:37:17 +03:00 · 2023-08-14 23:16:20 +02:00 · 2023-08-14 23:16:20 +02:00 · bf50636a65
commit bf50636a65
parent 3eb703b7bc
3 changed files with 56 additions and 4 deletions
--- a/example/luks-interactive-login.nix
+++ b/example/luks-interactive-login.nix
@ -0,0 +1,38 @@
+{
+  disko.devices = {
+    disk = {
+      vdb = {
+        type = "disk";
+        device = "/dev/vdb";
+        content = {
+          type = "gpt";
+          partitions = {
+            ESP = {
+              size = "100M";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+              };
+            };
+            luks = {
+              size = "100%";
+              content = {
+                type = "luks";
+                name = "crypted";
+                extraOpenArgs = [ "--allow-discards" ];
+                passwordFile = "/tmp/secret.key";
+                content = {
+                  type = "filesystem";
+                  format = "ext4";
+                  mountpoint = "/";
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}
--- a/lib/types/luks.nix
+++ b/lib/types/luks.nix
@ -4,9 +4,12 @@ let
    if lib.hasAttr "keyFile" config.settings
    then config.settings.keyFile
    else if config.passwordFile != null
-    then config.passwordFile
+    then ''<(echo -n "$(cat ${config.passwordFile})")''
    else if config.keyFile != null
-    then lib.warn "The option `keyFile` is deprecated. Use passwordFile instead" config.keyFile
+    then lib.warn
+      ("The option `keyFile` is deprecated."
+      + "Use passwordFile instead if you want to use interactive login or settings.keyFile if you want to use key file login")
+      config.keyFile
    else null;
  keyFileArgs = ''\
    ${lib.optionalString (keyFile != null) "--key-file ${keyFile}"} \
@ -33,13 +36,13 @@ in
    keyFile = lib.mkOption {
      type = lib.types.nullOr diskoLib.optionTypes.absolute-pathname;
      default = null;
-      description = "Path to the key for encryption (Renamed to passwordFile)";
+      description = "DEPRECATED use passwordFile or settings.keyFile. Path to the key for encryption";
      example = "/tmp/disk.key";
    };
    passwordFile = lib.mkOption {
      type = lib.types.nullOr diskoLib.optionTypes.absolute-pathname;
      default = null;
-      description = "Path to the file which contains the password for initial encryption. Make sure it doesn't contain a trailing newline";
+      description = "Path to the file which contains the password for initial encryption";
      example = "/tmp/disk.key";
    };
    settings = lib.mkOption {
--- a/tests/luks-interactive-login.nix
+++ b/tests/luks-interactive-login.nix
@ -0,0 +1,11 @@
+{ pkgs ? import <nixpkgs> { }
+, diskoLib ? pkgs.callPackage ../lib { }
+}:
+diskoLib.testLib.makeDiskoTest {
+  inherit pkgs;
+  name = "luks-interactive-login";
+  disko-config = ../example/luks-interactive-login.nix;
+  extraTestScript = ''
+    machine.succeed("cryptsetup isLuks /dev/vda2");
+  '';
+}