From dc5cd7800a004b9c58d0cdd5482d6980e3e47205 Mon Sep 17 00:00:00 2001 From: Tuomas Tynkkynen Date: Mon, 27 Nov 2017 10:14:17 +0200 Subject: [PATCH] tests/initrd-network-ssh: Don't build during evaluation Issue #29774 --- nixos/release.nix | 2 +- .../default.nix} | 25 +++------ nixos/tests/initrd-network-ssh/dropbear.priv | Bin 0 -> 1573 bytes nixos/tests/initrd-network-ssh/dropbear.pub | 1 + .../initrd-network-ssh/generate-keys.nix | 12 +++++ nixos/tests/initrd-network-ssh/openssh.priv | 51 ++++++++++++++++++ nixos/tests/initrd-network-ssh/openssh.pub | 1 + 7 files changed, 72 insertions(+), 20 deletions(-) rename nixos/tests/{initrd-network-ssh.nix => initrd-network-ssh/default.nix} (69%) create mode 100644 nixos/tests/initrd-network-ssh/dropbear.priv create mode 100644 nixos/tests/initrd-network-ssh/dropbear.pub create mode 100644 nixos/tests/initrd-network-ssh/generate-keys.nix create mode 100644 nixos/tests/initrd-network-ssh/openssh.priv create mode 100644 nixos/tests/initrd-network-ssh/openssh.pub diff --git a/nixos/release.nix b/nixos/release.nix index 6eb896106a14..ac4dd3d78923 100644 --- a/nixos/release.nix +++ b/nixos/release.nix @@ -263,7 +263,7 @@ in rec { tests.hibernate = callTest tests/hibernate.nix {}; tests.hound = callTest tests/hound.nix {}; tests.i3wm = callTest tests/i3wm.nix {}; - tests.initrd-network-ssh = callTest tests/initrd-network-ssh.nix {}; + tests.initrd-network-ssh = callTest tests/initrd-network-ssh {}; tests.installer = callSubTests tests/installer.nix {}; tests.influxdb = callTest tests/influxdb.nix {}; tests.ipv6 = callTest tests/ipv6.nix {}; diff --git a/nixos/tests/initrd-network-ssh.nix b/nixos/tests/initrd-network-ssh/default.nix similarity index 69% rename from nixos/tests/initrd-network-ssh.nix rename to nixos/tests/initrd-network-ssh/default.nix index 596610493921..9d476cb1a967 100644 --- a/nixos/tests/initrd-network-ssh.nix +++ b/nixos/tests/initrd-network-ssh/default.nix @@ -1,19 +1,6 @@ -import ./make-test.nix ({ pkgs, lib, ... }: +import ../make-test.nix ({ pkgs, lib, ... }: -let - keys = pkgs.runCommand "gen-keys" { - outputs = [ "out" "dbPub" "dbPriv" "sshPub" "sshPriv" ]; - buildInputs = with pkgs; [ dropbear openssh ]; - } - '' - touch $out - dropbearkey -t rsa -f $dbPriv -s 4096 | sed -n 2p > $dbPub - ssh-keygen -q -t rsa -b 4096 -N "" -f client - mv client $sshPriv - mv client.pub $sshPub - ''; - -in { +{ name = "initrd-network-ssh"; meta = with lib.maintainers; { maintainers = [ willibutz ]; @@ -32,9 +19,9 @@ in { enable = true; ssh = { enable = true; - authorizedKeys = [ "${readFile keys.sshPub}" ]; + authorizedKeys = [ "${readFile ./openssh.pub}" ]; port = 22; - hostRSAKey = keys.dbPriv; + hostRSAKey = ./dropbear.priv; }; }; boot.initrd.preLVMCommands = '' @@ -56,7 +43,7 @@ in { "${toString (head (splitString " " ( toString (elemAt (splitString "\n" config.networking.extraHosts) 2) )))} " - "${readFile keys.dbPub}" + "${readFile ./dropbear.pub}" ]; }; }; @@ -65,7 +52,7 @@ in { testScript = '' startAll; $client->waitForUnit("network.target"); - $client->copyFileFromHost("${keys.sshPriv}","/etc/sshKey"); + $client->copyFileFromHost("${./openssh.priv}","/etc/sshKey"); $client->succeed("chmod 0600 /etc/sshKey"); $client->waitUntilSucceeds("ping -c 1 server"); $client->succeed("ssh -i /etc/sshKey -o UserKnownHostsFile=/etc/knownHosts server 'touch /fnord'"); diff --git a/nixos/tests/initrd-network-ssh/dropbear.priv b/nixos/tests/initrd-network-ssh/dropbear.priv new file mode 100644 index 0000000000000000000000000000000000000000..af340535f0a3841d2b9ed2abbd60f64118f924da GIT binary patch literal 1573 zcmV+=2HN=m000Mbb7(Dcb724g00RL40RR930RXcnL#K$aebmZN3(knvZScUCfOFxd zd$z#2qR3PC5`6qIPm@mU$HJ#W?)Qio468$2%Rj+*G;J^y4d4Y9M@WyU0S4)WnF7L0 zzC5dCF${&(EkDHk03eU5yITkXgSYUTg=3$L`)N#p$H5;*FS-3BGI@zw+&|?NhzyII zcn_j}$>e?{@F}!0KOr7Si!)X3W;A8W7h@sot>{SB)YuS8qhDRwsV)u(5mvx=wLo}L zG|!_R7XVGTB9bs8@LYvH((iNUQdZe6g$XS}UHS$uGciOQSFffsvghb9TnW)W5oiJ&$kP+*9Q3SqjekH$mS)$XFtl7~$A|N$py2}lI5Z}x z5KeRAQ;tgEInhZa>DXuD4fv1%tv(&4zzRt26&}31wSs1lbq2?^Is%OfQEIgqNUxCM zl}7gc?n4MEg^|}xQOM?Etl4$7&9}Gc@F7$!@1|}bsq^bhgNBh!pxOL+J>GDy7*10^ zY^e~&-!G}rRIArII9H0f_0 z;v)&KDwH~E$;#Bd%8{sPV^p^`6h8ee#) zGlK;LR4J(w1L#kSpwCerId}`%Hi-ZL0st~pCVFc*0kDL@9u)v~6yBVSGbY;3byUjX zo2+4iIBaS_#1$h4`?_FR0!jg{m*|N736MCRw?nZ_NZ*w%L<&o3bOUG@yAOU`CfQD5 z7#(MSlD(#G5bqStCgT+4_weP2(+8TWE? z;qB4RIJM4>RgZfX4}hmnh!lAUK}dBMrcE@k3! zGL8U8X;$7fN^%2mxw}z0JN0k>)S1>`9h`oiMd)HR03kIrvfkNfw1dUC!no~@Ny%4C zrlTOfGL{J-iM7&=VpVXudt_+j%?m1OdpYtS>z@?k0RRT47R7ZzB>jc(A^UOD=WUb% zPsY)lY-aR>SK#O7JY&o8uD}8m&X7L{-2E8`Kp04e6+neP1>LVQB;6;vvj!GqTaL1X z(X>+_%VptHLYWU#F_y3p**zUnZO6b{N5~ER%IK73f)J=BO!$N~z^u|v%-b&3;@}wM zQR#YSO}zuwV0R4HKV=v7IVQ-V*Co1LdCP8QFHvtfWV4kM@Yj$TGIq{7WUY<8Q$H!T zY0|Zxg=>e04$zyel=vhph{Mwgk3WK8nU~DRde0Szu4q~YQAW^yIHXDF^?$x_Gl137 zBk8tMe3Mssqk^H1ASJ@wpxpof0RaHP3tjWYg~d2QdVgD;v{**-_IN6(Ek&-zW`aOQ z0Mw7ig&Sy>pssq(QyuUqpV^p-4S+HVb*Wh-eO-U`$U8^D{JYg;!@I<#QL4*r`fC(1 zyOzf#+87sJEvo)AHg|WIvo9aK!-GC1EE}{pUre2x<(E&*x(>T`P}Xt2bfZ{)t1o;ZZs*Z>@xP`AK!BL8w)wT z&Md&L+H8W;bbn-%LY(co7zQtbk_r*QQR)k-P_RKQjw3-gMi$DX XMOa`*T*f~{ulRWX823)RAw_1#a`g2^ literal 0 HcmV?d00001 diff --git a/nixos/tests/initrd-network-ssh/dropbear.pub b/nixos/tests/initrd-network-ssh/dropbear.pub new file mode 100644 index 000000000000..385c625522aa --- /dev/null +++ b/nixos/tests/initrd-network-ssh/dropbear.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCzJ0OniLB91MpPC86I1m3wwJeAc+Gme7bAuaLIU/cSfPwxT5NO7MfCp0Pu94gYDKtDXMs/wXg0bTAVDeAFFkdIj6kBBumEmQLCTL48q2UxDIXVLT/E/AAgj6q7WwgCg7fwm4Vjn4z7aUyBx8EfRy+5/SQyeYla3D/lFYgMi5x4D6J+yeR+JPAptDE/IR5IizNV7mY0ZcoXYyHrrehI1tTYEEqjX13ZqS4OCBFWwHe1QHhRNM+jHhcATbgikjAj8FyFPtLvc+dSVtkuhQktQl36Bi8zMUQcV6+mM7Ln6DBcDlM9urHKLYPTWmUAyhxM955iglOn5z0RaAIcyNMT6hz0rHaNf0BIlmbXoTC0XGjHh/OnoOEC/zg0JqgQTnPiU45K4TnRSSXp2GfiDfiQAK0+HaXACkjuFR68u7WCZpB1Bse1OgKNClFqtRhIr5DilUb2/e5DCCmFkddMUcjmYqzZdbXNt7fo8CFULe+mbiCp8+tMg4aRTaDZ/Hk93nCvGE5TP2ypEMbfL6nRVKvXOjhdvSQQgKwx+O003FDEHCSG0Bpageh7yVpna+SPrbGklce7MjTpbx3iIwmvKpQ6asnK1L3KkahpY1S3NhQ+/S3Gs8KWQ5LAU+d3xiPX3jfIVHsCIIyxHDbwcJvxM4MFBFQpqRMD6E+LoM9RHjl4C9k2iQ== tmtynkky@duuni diff --git a/nixos/tests/initrd-network-ssh/generate-keys.nix b/nixos/tests/initrd-network-ssh/generate-keys.nix new file mode 100644 index 000000000000..0183e12d7a88 --- /dev/null +++ b/nixos/tests/initrd-network-ssh/generate-keys.nix @@ -0,0 +1,12 @@ +with import ../../.. {}; + +runCommand "gen-keys" { + buildInputs = [ dropbear openssh ]; + } + '' + mkdir $out + dropbearkey -t rsa -f $out/dropbear.priv -s 4096 | sed -n 2p > $out/dropbear.pub + ssh-keygen -q -t rsa -b 4096 -N "" -f client + mv client $out/openssh.priv + mv client.pub $out/openssh.pub + '' diff --git a/nixos/tests/initrd-network-ssh/openssh.priv b/nixos/tests/initrd-network-ssh/openssh.priv new file mode 100644 index 000000000000..816d65435fd7 --- /dev/null +++ b/nixos/tests/initrd-network-ssh/openssh.priv @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKAIBAAKCAgEA7+9A2PCPOTAlFmrablrUWA+VZdAuLfM6JXeHsOF7ZbC2F6lv +WmvDM925DQqhiAjcgWnt5WHWS5Y+b7lGnuzT7fyKegXd80nCRmqlpSG3srX0/lxR +aQAJLzfoDjcsF+ceswQo6GSsYnCHVxMNs007gbbVY3f7o+sWZtLdxJPD2iHvl5Zr +LK0d1RLMmU6cfIhIABlL0S8EWiv29RROepsCQnS0dnK2b+von1SCYoggvAMe2ToA +IAJ8+uqaYfGAyn9q8fjZiRHxLmKDq90tKoCUL5r/2dmEIE+t8T/3PfHoq1QzZts9 +W9idhBdT21dEXBtGyoMtckp5njk5m82LQDYiOXkuSoIUhSOteh5g7fBv1BtVSERx +Jg3UeJjPeGKFwdnzapmAKC2w/6V8xcIINNA+fhZA7B9fD1RAi2TECZ+gyMYDc4T+ +USlMSm9cfvSOrf2+5ngtFb84nHjqvClxCMLu+bCWK8HamqUzhE/a5LbR+48E7PyG +s3KV+sWFN9KOnakTjj/6iQhXZRhgeAK39F2XTk5Ms5Y+BRSStnMoMZA2grIV+jHi +1zbWokVqXPI5YRo5isR/PgtKAV6FfNWumcYoFJ9F40pMHQ6hJVEmtrCBx7EApSl3 +mSGbQJUmilLC51qNhwQRbD//ZtpIrN82HTMKzZ6kj7kDCdsff+wsnkIXmmMCAwEA +AQKCAgA4tMINw6UF7hQF3VEsnbjr6xrzCiWv5HlMm5htPI1OdlpC81+G7ksfOfrf +UzDkFrwOtftsqBfem268Nvyy2OQprfMIbdSMCFWrEM9/XJ2u1gRGDYmMGF8TUtI8 +cduw9oWx53zHl+uKBHBoKu+k/c7flFeQf63wisIroRCawhWau0SF/h3sXCndzuie +Hw8q+4aQx2m80bDkotlmCNuXbIU3MZ/pEql9gDLlXTLHmMaryM0EqAmZhx0ErGe6 +WDqJIV4kPB0loSDwRoY6GzbugZ8ENUzcruTkQhCpIOYNNNw5idfwKkaxK1vm+SBv +iYt1fVjYyfH2vhVKSNoNsaGEloa1u4Dymt/FpFztEpRzHXcw93N8BdLxJ4OUhzm2 +iAbpiyjniTIeAVVi7BUwLXh5WAx8nT0eeb1zKoZg1p1ciK5cYl1Uel7j8xRycsSW +3YgmtuPqY4Agbc9v3eXbQZNDk48JFMEqpIxk97FAkRYpzfxg5Qq14WJCp60CkdRt +T60hXy8lT/BcI8OWLfGJuBbsVLNRiC7PpwqRKQAinXSv134FpP7jrhpkMybs2oIS +5obRG7J5OfOTp925erG5mrpwqa3BPkgqx347Wj9z8quOZyuhi+XaPvqmPtvs5JOl +4RCqjt6RQlHm7xos9ZZGI4jDAIFaFWgyVZrYplOgwxWma4DTgQKCAQEA9+tizQRU +lF0lxNcEPvsFnYJo80Y+MQK9VdtlhR19YuSfwP1NCaMG1MhQ+PVBVmepOwJMRJR7 +9PLfOouNMfixKBGP12dtStMuh7jowq/BxhRI6JWp3RhTZ1yJ9ouzHze7IDrEBa6w +p0hUu9H0Sbt51LXbC3JmTyhbdhfry559DfyGW1Ma/bv/pihL9B5Y7sNf1thNp1gi +GbQ9B+o2Yyw8ZD8zY+sl+aYDSWyCtcBV/KXEF74Bkfs/a5ExJ00X0jYj/TAp2ray +T4PY0FR8wN/O10bFLP9j+Xa/ywbcPhoj8nvVRIg9VfWT/QaEd+KR0EZVxdjCCqne +enbSQksTpAZNwQKCAQEA98E+BMmS+yHUVUhNZABtQ5avwuV4+DoSN8KTp3xwQ0CH +m9fWxSDs12FdyMhDxrJPeywvHtZ18/7cl3dr8wnFVE0s4ongnRDXsNk5xN6J3AaO +KqW4HF9cbwZqzLILy8TrO+EK/EQV9FypbrxqvxAlP1kezIA2CJNzVRAgimSuV/H7 +05HTnp5W06fjtEf8U1CUrdNetoSROUo1j/IMGPYGlsBFYAGrj5y/BlKd+3T3kjRp +Xje7HpiykjrZHn0WDp04Ln+u9nveEewXmHKch313emt7HpW0xspp8JM8OZtEKozk +D5PfYdBfMJJOUlqovCCzTTJ6kNOahknKXFeO/qs5IwKCAQEAjF0/zhWikXF/fcfD +Bql2z2vTYdEmSvdjHSYff1Nn90K71DdVk5wytOxJM/sfp/z+yoMNjVKIL/IGQw5Z +va4xFx+CUhGjxlZ0pLEjT37U9gHsGYsK5jvslLvG/MixfH5AOwoqi5ERQVTpbIF9 +jvVPEAh6YSu/ExglWGJIxTsRUIblxvTxdjEnl/p+rlM0RNJnA6vpo1J51BXA7CdF +7bZQ5u0Feo/bK1I70ClYg/DGfkmYEV0pZG5cxNkqfDbgwsqWa7YGLGd94xkh+ymq +jETqxeWyozxhbQ83nYpfzeVc7t//qlJ8b5uf0wUKoRmtNr9rtp13lzP/21REzPXW +w+oxwQKCAQAoAf2Y2lAw25KlPuq4ZlU+n9u8FkBFnWMJvBMJ7c9XHNmJMf6NkLaO +RTvWy3geYvbwxf7J9QnRH+vRTciR05cY+Olxn6A03N5nwXxRrToH3MsiWeZ0NnX/ +u8KNUYcUHbV60ulqOThuYHQ/3I9EUUAijaqqjV2sXts19ke68W0x6HKpBJhuudT9 +ktPzbdhyP8Xyl/pocNnerXwexZBsi3Ye6+eIDFz+8OnsBHVcgNPluS72tvsxgqj7 +ciNTiBGCxKKo55eCWBhRPpXE2WUrf/hGPYsBMl2h6FfZMH1+M/N7B4tgdJmS+woU +Ftws8lTjJEiwA6HFN1ZxrwLNjJobx9yPAoIBAE0igsBuWWn6rXeOPylYg4264XOq +8gb94pte2n9amDgCzyCn8m6AL3snLC/AoCD19DK+gyK0ukoesXPa3iX6w2xv69ZC +urDx36Jhd4zrJb4QsFPoeKfDP+UvNVZaS41vipRRzY/y11em15prUZ4U8FA/UT1Y +FzkBo9r6iUZRnyBLppMuEfWASDtuRNmeIHynoT1AcQOH3l9vR210iEpmAuJr0CYA +bvTuz3UzzGGEAuIUvuaiRtkfKY52jBmiEr7SSPCr1HvLj3Ccz8bgjgR2kiXmcU50 +1zLnaPAD44LZ/0Fjqj+PimQGT6K7CNXPllmYh7MvoU52g3SVPf6rHlIR0Nc= +-----END RSA PRIVATE KEY----- diff --git a/nixos/tests/initrd-network-ssh/openssh.pub b/nixos/tests/initrd-network-ssh/openssh.pub new file mode 100644 index 000000000000..5b72b8085f27 --- /dev/null +++ b/nixos/tests/initrd-network-ssh/openssh.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDv70DY8I85MCUWatpuWtRYD5Vl0C4t8zold4ew4XtlsLYXqW9aa8Mz3bkNCqGICNyBae3lYdZLlj5vuUae7NPt/Ip6Bd3zScJGaqWlIbeytfT+XFFpAAkvN+gONywX5x6zBCjoZKxicIdXEw2zTTuBttVjd/uj6xZm0t3Ek8PaIe+XlmssrR3VEsyZTpx8iEgAGUvRLwRaK/b1FE56mwJCdLR2crZv6+ifVIJiiCC8Ax7ZOgAgAnz66pph8YDKf2rx+NmJEfEuYoOr3S0qgJQvmv/Z2YQgT63xP/c98eirVDNm2z1b2J2EF1PbV0RcG0bKgy1ySnmeOTmbzYtANiI5eS5KghSFI616HmDt8G/UG1VIRHEmDdR4mM94YoXB2fNqmYAoLbD/pXzFwgg00D5+FkDsH18PVECLZMQJn6DIxgNzhP5RKUxKb1x+9I6t/b7meC0VvziceOq8KXEIwu75sJYrwdqapTOET9rkttH7jwTs/IazcpX6xYU30o6dqROOP/qJCFdlGGB4Arf0XZdOTkyzlj4FFJK2cygxkDaCshX6MeLXNtaiRWpc8jlhGjmKxH8+C0oBXoV81a6ZxigUn0XjSkwdDqElUSa2sIHHsQClKXeZIZtAlSaKUsLnWo2HBBFsP/9m2kis3zYdMwrNnqSPuQMJ2x9/7CyeQheaYw== tmtynkky@duuni