1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-25 07:00:43 +00:00

Merge pull request #56607 from andir/cryptsetup-2.1

cryptsetup: 2.0.6 -> 2.1.0
This commit is contained in:
Andreas Rammhold 2019-03-06 16:55:26 +01:00 committed by GitHub
commit 219b247e5b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 42 additions and 34 deletions

View file

@ -273,6 +273,37 @@ let
};
};
makeLuksRootTest = name: luksFormatOpts: makeInstallerTest "luksroot-format2"
{ createPartitions = ''
$machine->succeed(
"flock /dev/vda parted --script /dev/vda -- mklabel msdos"
. " mkpart primary ext2 1M 50MB" # /boot
. " mkpart primary linux-swap 50M 1024M"
. " mkpart primary 1024M -1s", # LUKS
"udevadm settle",
"mkswap /dev/vda2 -L swap",
"swapon -L swap",
"modprobe dm_mod dm_crypt",
"echo -n supersecret | cryptsetup luksFormat ${luksFormatOpts} -q /dev/vda3 -",
"echo -n supersecret | cryptsetup luksOpen --key-file - /dev/vda3 cryptroot",
"mkfs.ext3 -L nixos /dev/mapper/cryptroot",
"mount LABEL=nixos /mnt",
"mkfs.ext3 -L boot /dev/vda1",
"mkdir -p /mnt/boot",
"mount LABEL=boot /mnt/boot",
);
'';
extraConfig = ''
boot.kernelParams = lib.mkAfter [ "console=tty0" ];
'';
enableOCR = true;
preBootCommands = ''
$machine->start;
$machine->waitForText(qr/Passphrase for/);
$machine->sendChars("supersecret\n");
'';
};
in {
@ -446,37 +477,14 @@ in {
'';
};
# Boot off an encrypted root partition
luksroot = makeInstallerTest "luksroot"
{ createPartitions = ''
$machine->succeed(
"flock /dev/vda parted --script /dev/vda -- mklabel msdos"
. " mkpart primary ext2 1M 50MB" # /boot
. " mkpart primary linux-swap 50M 1024M"
. " mkpart primary 1024M -1s", # LUKS
"udevadm settle",
"mkswap /dev/vda2 -L swap",
"swapon -L swap",
"modprobe dm_mod dm_crypt",
"echo -n supersecret | cryptsetup luksFormat -q /dev/vda3 -",
"echo -n supersecret | cryptsetup luksOpen --key-file - /dev/vda3 cryptroot",
"mkfs.ext3 -L nixos /dev/mapper/cryptroot",
"mount LABEL=nixos /mnt",
"mkfs.ext3 -L boot /dev/vda1",
"mkdir -p /mnt/boot",
"mount LABEL=boot /mnt/boot",
);
'';
extraConfig = ''
boot.kernelParams = lib.mkAfter [ "console=tty0" ];
'';
enableOCR = true;
preBootCommands = ''
$machine->start;
$machine->waitForText(qr/Passphrase for/);
$machine->sendChars("supersecret\n");
'';
};
# Boot off an encrypted root partition with the default LUKS header format
luksroot = makeLuksRootTest "luksroot-format1" "";
# Boot off an encrypted root partition with LUKS1 format
luksroot-format1 = makeLuksRootTest "luksroot-format1" "--type=LUKS1";
# Boot off an encrypted root partition with LUKS2 format
luksroot-format2 = makeLuksRootTest "luksroot-format2" "--type=LUKS2";
# Test whether opening encrypted filesystem with keyfile
# Checks for regression of missing cryptsetup, when no luks device without

View file

@ -5,13 +5,13 @@
assert enablePython -> python2 != null;
stdenv.mkDerivation rec {
name = "cryptsetup-2.0.6";
name = "cryptsetup-2.1.0";
outputs = [ "out" "dev" "man" ];
src = fetchurl {
url = "mirror://kernel/linux/utils/cryptsetup/v2.0/${name}.tar.xz";
sha256 = "0c1x125s7p4ps13spsqrcsd9dclz01vsrchmypq9msp7y3hgllbw";
url = "mirror://kernel/linux/utils/cryptsetup/v2.1/${name}.tar.xz";
sha256 = "15y8n547garz0x5kqv09gscdsrz0c0y1y6c5cp8pccwg3xsb5vm3";
};
# Disable 4 test cases that fail in a sandbox