646b892680
Some checks failed
Periodic Merges (6h) / master → staging-nixos (push) Failing after 12m50s
Periodic Merges (6h) / master → staging-next (push) Failing after 12m54s
Periodic Merges (24h) / merge-base(master,staging) → haskell-updates (push) Failing after 11m54s
Periodic Merges (6h) / staging-next → staging (push) Failing after 12m13s
Periodic Merges (24h) / staging-next-25.05 → staging-25.05 (push) Failing after 13m24s
Periodic Merges (24h) / release-25.05 → staging-next-25.05 (push) Failing after 14m28s
56 lines
1.4 KiB
Nix
56 lines
1.4 KiB
Nix
{
|
|
system ? builtins.currentSystem,
|
|
config ? { },
|
|
pkgs ? import ../.. { inherit system config; },
|
|
lib ? pkgs.lib,
|
|
testing ? import ../lib/testing-python.nix { inherit system pkgs; },
|
|
}:
|
|
let
|
|
secretInStore = pkgs.writeText "topsecret" "iamasecret";
|
|
testWithCompressor =
|
|
compressor:
|
|
testing.makeTest {
|
|
name = "initrd-secrets-${compressor}";
|
|
|
|
meta.maintainers = [ ];
|
|
|
|
nodes.machine =
|
|
{ ... }:
|
|
{
|
|
virtualisation.useBootLoader = true;
|
|
boot.initrd.secrets = {
|
|
"/test" = secretInStore;
|
|
|
|
# This should *not* need to be copied in postMountCommands
|
|
"/run/keys/test" = secretInStore;
|
|
};
|
|
boot.initrd.postMountCommands = ''
|
|
cp /test /mnt-root/secret-from-initramfs
|
|
'';
|
|
boot.initrd.compressor = compressor;
|
|
# zstd compression is only supported from 5.9 onwards. Remove when 5.10 becomes default.
|
|
boot.kernelPackages = pkgs.linuxPackages_latest;
|
|
};
|
|
|
|
testScript = ''
|
|
start_all()
|
|
machine.wait_for_unit("multi-user.target")
|
|
machine.succeed(
|
|
"cmp ${secretInStore} /secret-from-initramfs",
|
|
"cmp ${secretInStore} /run/keys/test",
|
|
)
|
|
'';
|
|
};
|
|
in
|
|
lib.flip lib.genAttrs testWithCompressor [
|
|
"cat"
|
|
"gzip"
|
|
"bzip2"
|
|
"xz"
|
|
"lzma"
|
|
"lzop"
|
|
"pigz"
|
|
"pixz"
|
|
"zstd"
|
|
]
|