tests zfs: add crypted

2024-11-10 06:14:14 +00:00 · 2022-12-26 17:46:05 +01:00 · 2022-12-26 17:46:05 +01:00 · 33f93c658e
commit 33f93c658e
parent a3e511d3c8
3 changed files with 30 additions and 0 deletions
--- a/example/zfs.nix
+++ b/example/zfs.nix
@ -88,6 +88,21 @@
            mountpoint = "/ext4onzfs";
          };
        };
+        encrypted = {
+          zfs_type = "filesystem";
+          size = "20M";
+          options = {
+            mountpoint = "none";
+            encryption = "aes-256-gcm";
+            keyformat = "passphrase";
+            keylocation = "file:///tmp/secret.key";
+          };
+        };
+        "encrypted/test" = {
+          zfs_type = "filesystem";
+          size = "2M";
+          mountpoint = "/zfs_crypted";
+        };
      };
    };
  };
--- a/tests/lib.nix
+++ b/tests/lib.nix
@ -12,6 +12,7 @@
    , grub-devices ? [ "nodev" ]
    , efi ? true
    , enableOCR ? false
+    , postDisko ? ""
    , testMode ? "direct" # can be one of direct module cli
    , testBoot ? true # if we actually want to test booting or just create/mount
    }:
@ -148,6 +149,8 @@
          machine.succeed("${tsp-disko}") # verify that we can destroy and recreate
        ''}

+        ${postDisko}
+
        ${lib.optionalString testBoot ''
          # mount nix-store in /mnt
          machine.succeed("mkdir -p /mnt/nix/store")
--- a/tests/zfs.nix
+++ b/tests/zfs.nix
@ -5,7 +5,16 @@ makeDiskoTest {
  disko-config = ../example/zfs.nix;
  extraConfig = {
    fileSystems."/zfs_legacy_fs".options = [ "nofail" ]; # TODO find out why we need this!
+    boot.zfs.requestEncryptionCredentials = true;
  };
+  postDisko = ''
+    machine.succeed("zfs set keylocation=prompt zroot/encrypted")
+  '';
+  enableOCR = true;
+  bootCommands = ''
+    machine.wait_for_text("passphrase for")
+    machine.send_chars("secretsecret\n")
+  '';
  extraTestScript = ''
    machine.succeed("test -b /dev/zvol/zroot/zfs_testvolume");

@ -25,5 +34,8 @@ makeDiskoTest {
    machine.succeed("mountpoint /zfs_fs");
    machine.succeed("mountpoint /zfs_legacy_fs");
    machine.succeed("mountpoint /ext4onzfs");
+    machine.succeed("mountpoint /zfs_crypted");
+    machine.succeed("zfs get keystatus zroot/encrypted");
+    machine.succeed("zfs get keystatus zroot/encrypted/test");
  '';
 }