Test opening encrypted filesystem with keyfile

Checks for regression of missing cryptsetup, when no luks device without
keyfile is configured
This commit is contained in:
André-Patrick Bubel 2017-09-12 13:57:37 +02:00
parent a7637b3795
commit 58374fbaf3
No known key found for this signature in database
GPG key ID: 118CE7C424B45728

View file

@ -430,6 +430,47 @@ in {
'';
};
# Test whether opening encrypted filesystem with keyfile
# Checks for regression of missing cryptsetup, when no luks device without
# keyfile is configured
filesystemEncryptedWithKeyfile = makeInstallerTest "filesystemEncryptedWithKeyfile"
{ createPartitions = ''
$machine->succeed(
"parted /dev/vda mklabel msdos",
"parted /dev/vda -- mkpart primary ext2 1M 50MB", # /boot
"parted /dev/vda -- mkpart primary linux-swap 50M 1024M",
"parted /dev/vda -- mkpart primary 1024M 1280M", # LUKS with keyfile
"parted /dev/vda -- mkpart primary 1280M -1s",
"udevadm settle",
"mkswap /dev/vda2 -L swap",
"swapon -L swap",
"mkfs.ext3 -L nixos /dev/vda4",
"mount LABEL=nixos /mnt",
"mkfs.ext3 -L boot /dev/vda1",
"mkdir -p /mnt/boot",
"mount LABEL=boot /mnt/boot",
"modprobe dm_mod dm_crypt",
"echo -n supersecret > /mnt/keyfile",
"cryptsetup luksFormat -q /dev/vda3 --key-file /mnt/keyfile",
"cryptsetup luksOpen --key-file /mnt/keyfile /dev/vda3 crypt",
"mkfs.ext3 -L test /dev/mapper/crypt",
"cryptsetup luksClose crypt",
"mkdir -p /mnt/test"
);
'';
extraConfig = ''
fileSystems."/test" =
{ device = "/dev/disk/by-label/test";
fsType = "ext3";
encrypted.enable = true;
encrypted.blkDev = "/dev/vda3";
encrypted.label = "crypt";
encrypted.keyFile = "/mnt-root/keyfile";
};
'';
};
swraid = makeInstallerTest "swraid"
{ createPartitions =
''