nixos/tests: update initrd-secrets test to test secret in /run/keys

Since /run/keys is a ramfs, it is not paged out and a good place to copy
secrets to. Test whether secrets with a path in /run/keys exist after initrd.
This commit is contained in:
Dino A. Dai Zovi 2021-07-11 20:00:06 +00:00
parent 14df81c809
commit b089c39a23
No known key found for this signature in database
GPG key ID: D91B0FFA090C3312

View file

@ -13,7 +13,12 @@ let
machine = { ... }: {
virtualisation.useBootLoader = true;
boot.initrd.secrets."/test" = secretInStore;
boot.initrd.secrets = {
"/test" = secretInStore;
# This should *not* need to be copied in postMountCommands
"/run/keys/test" = secretInStore;
};
boot.initrd.postMountCommands = ''
cp /test /mnt-root/secret-from-initramfs
'';
@ -26,7 +31,8 @@ let
start_all()
machine.wait_for_unit("multi-user.target")
machine.succeed(
"cmp ${secretInStore} /secret-from-initramfs"
"cmp ${secretInStore} /secret-from-initramfs",
"cmp ${secretInStore} /run/keys/test",
)
'';
};