mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-25 07:00:43 +00:00
Merge pull request #56607 from andir/cryptsetup-2.1
cryptsetup: 2.0.6 -> 2.1.0
This commit is contained in:
commit
219b247e5b
|
@ -273,6 +273,37 @@ let
|
|||
};
|
||||
};
|
||||
|
||||
makeLuksRootTest = name: luksFormatOpts: makeInstallerTest "luksroot-format2"
|
||||
{ createPartitions = ''
|
||||
$machine->succeed(
|
||||
"flock /dev/vda parted --script /dev/vda -- mklabel msdos"
|
||||
. " mkpart primary ext2 1M 50MB" # /boot
|
||||
. " mkpart primary linux-swap 50M 1024M"
|
||||
. " mkpart primary 1024M -1s", # LUKS
|
||||
"udevadm settle",
|
||||
"mkswap /dev/vda2 -L swap",
|
||||
"swapon -L swap",
|
||||
"modprobe dm_mod dm_crypt",
|
||||
"echo -n supersecret | cryptsetup luksFormat ${luksFormatOpts} -q /dev/vda3 -",
|
||||
"echo -n supersecret | cryptsetup luksOpen --key-file - /dev/vda3 cryptroot",
|
||||
"mkfs.ext3 -L nixos /dev/mapper/cryptroot",
|
||||
"mount LABEL=nixos /mnt",
|
||||
"mkfs.ext3 -L boot /dev/vda1",
|
||||
"mkdir -p /mnt/boot",
|
||||
"mount LABEL=boot /mnt/boot",
|
||||
);
|
||||
'';
|
||||
extraConfig = ''
|
||||
boot.kernelParams = lib.mkAfter [ "console=tty0" ];
|
||||
'';
|
||||
enableOCR = true;
|
||||
preBootCommands = ''
|
||||
$machine->start;
|
||||
$machine->waitForText(qr/Passphrase for/);
|
||||
$machine->sendChars("supersecret\n");
|
||||
'';
|
||||
};
|
||||
|
||||
|
||||
in {
|
||||
|
||||
|
@ -446,37 +477,14 @@ in {
|
|||
'';
|
||||
};
|
||||
|
||||
# Boot off an encrypted root partition
|
||||
luksroot = makeInstallerTest "luksroot"
|
||||
{ createPartitions = ''
|
||||
$machine->succeed(
|
||||
"flock /dev/vda parted --script /dev/vda -- mklabel msdos"
|
||||
. " mkpart primary ext2 1M 50MB" # /boot
|
||||
. " mkpart primary linux-swap 50M 1024M"
|
||||
. " mkpart primary 1024M -1s", # LUKS
|
||||
"udevadm settle",
|
||||
"mkswap /dev/vda2 -L swap",
|
||||
"swapon -L swap",
|
||||
"modprobe dm_mod dm_crypt",
|
||||
"echo -n supersecret | cryptsetup luksFormat -q /dev/vda3 -",
|
||||
"echo -n supersecret | cryptsetup luksOpen --key-file - /dev/vda3 cryptroot",
|
||||
"mkfs.ext3 -L nixos /dev/mapper/cryptroot",
|
||||
"mount LABEL=nixos /mnt",
|
||||
"mkfs.ext3 -L boot /dev/vda1",
|
||||
"mkdir -p /mnt/boot",
|
||||
"mount LABEL=boot /mnt/boot",
|
||||
);
|
||||
'';
|
||||
extraConfig = ''
|
||||
boot.kernelParams = lib.mkAfter [ "console=tty0" ];
|
||||
'';
|
||||
enableOCR = true;
|
||||
preBootCommands = ''
|
||||
$machine->start;
|
||||
$machine->waitForText(qr/Passphrase for/);
|
||||
$machine->sendChars("supersecret\n");
|
||||
'';
|
||||
};
|
||||
# Boot off an encrypted root partition with the default LUKS header format
|
||||
luksroot = makeLuksRootTest "luksroot-format1" "";
|
||||
|
||||
# Boot off an encrypted root partition with LUKS1 format
|
||||
luksroot-format1 = makeLuksRootTest "luksroot-format1" "--type=LUKS1";
|
||||
|
||||
# Boot off an encrypted root partition with LUKS2 format
|
||||
luksroot-format2 = makeLuksRootTest "luksroot-format2" "--type=LUKS2";
|
||||
|
||||
# Test whether opening encrypted filesystem with keyfile
|
||||
# Checks for regression of missing cryptsetup, when no luks device without
|
||||
|
|
|
@ -5,13 +5,13 @@
|
|||
assert enablePython -> python2 != null;
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "cryptsetup-2.0.6";
|
||||
name = "cryptsetup-2.1.0";
|
||||
|
||||
outputs = [ "out" "dev" "man" ];
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://kernel/linux/utils/cryptsetup/v2.0/${name}.tar.xz";
|
||||
sha256 = "0c1x125s7p4ps13spsqrcsd9dclz01vsrchmypq9msp7y3hgllbw";
|
||||
url = "mirror://kernel/linux/utils/cryptsetup/v2.1/${name}.tar.xz";
|
||||
sha256 = "15y8n547garz0x5kqv09gscdsrz0c0y1y6c5cp8pccwg3xsb5vm3";
|
||||
};
|
||||
|
||||
# Disable 4 test cases that fail in a sandbox
|
||||
|
|
Loading…
Reference in a new issue