aboutsummaryrefslogtreecommitdiff
path: root/gnu/tests
diff options
context:
space:
mode:
authorMiguel Ángel Arruga Vivas <rosen644835@gmail.com>2020-12-21 13:02:01 +0100
committerMiguel Ángel Arruga Vivas <rosen644835@gmail.com>2020-12-21 18:41:11 +0100
commitf00e68ace070fd5240a4b5874e61c26f6e909b6c (patch)
treebc24d20c57d7f979c62707496cdb4f8bff3adfcc /gnu/tests
parent0127e683f4b701cde6a4869cd0db9618dd5332ee (diff)
downloadguix-f00e68ace070fd5240a4b5874e61c26f6e909b6c.tar
guix-f00e68ace070fd5240a4b5874e61c26f6e909b6c.tar.gz
system: Allow separated /boot and encrypted root.
* gnu/bootloader/grub.scm (grub-configuration-file): New parameter store-crypto-devices. [crypto-devices]: New helper function. [builder]: Use crypto-devices. * gnu/machine/ssh.scm (roll-back-managed-host): Use boot-parameters-store-crypto-devices to provide its contents to the bootloader configuration generation process. * gnu/tests/install.scm (%encrypted-root-not-boot-os, %encrypted-root-not-boot-os): New os declaration. (%encrypted-root-not-boot-installation-script): New script, whose contents were initially taken from %encrypted-root-installation-script. (%test-encrypted-root-not-boot-os): New test. * gnu/system.scm (define-module): Export operating-system-bootoader-crypto-devices and boot-parameters-store-crypto-devices. (<boot-parameters>): Add field store-crypto-devices. (read-boot-parameters): Parse store-crypto-devices field. [uuid-sexp->uuid]: New helper function extracted from device-sexp->device. (operating-system-bootloader-crypto-devices): New function. (operating-system-bootcfg): Use operating-system-bootloader-crypto-devices to provide its contents to the bootloader configuration generation process. (operating-system-boot-parameters): Add store-crypto-devices to the generated boot-parameters. (operating-system-boot-parameters-file): Likewise to the file with the serialized structure. * guix/scripts/system.scm (reinstall-bootloader): Use boot-parameters-store-crypto-devices to provide its contents to the bootloader configuration generation process. * tests/boot-parameters.scm (%default-store-crypto-devices): New variable. (%grub-boot-parameters, test-read-boot-parameters): Use %default-store-crypto-devices. (tests store-crypto-devices): New tests.
Diffstat (limited to 'gnu/tests')
-rw-r--r--gnu/tests/install.scm102
1 files changed, 102 insertions, 0 deletions
diff --git a/gnu/tests/install.scm b/gnu/tests/install.scm
index 71caa3a493..bf94e97c2a 100644
--- a/gnu/tests/install.scm
+++ b/gnu/tests/install.scm
@@ -63,6 +63,7 @@
%test-separate-home-os
%test-raid-root-os
%test-encrypted-root-os
+ %test-encrypted-root-not-boot-os
%test-btrfs-root-os
%test-btrfs-root-on-subvolume-os
%test-jfs-root-os
@@ -885,6 +886,107 @@ reboot\n")
;;;
+;;; LUKS-encrypted root file system and /boot in a non-encrypted partition.
+;;;
+
+(define-os-with-source (%encrypted-root-not-boot-os
+ %encrypted-root-not-boot-os-source)
+ ;; The OS we want to install.
+ (use-modules (gnu) (gnu tests) (srfi srfi-1))
+
+ (operating-system
+ (host-name "bootroot")
+ (timezone "Europe/Madrid")
+ (locale "en_US.UTF-8")
+
+ (bootloader (bootloader-configuration
+ (bootloader grub-bootloader)
+ (target "/dev/vdb")))
+
+ (mapped-devices (list (mapped-device
+ (source
+ (uuid "12345678-1234-1234-1234-123456789abc"))
+ (target "root")
+ (type luks-device-mapping))))
+ (file-systems (cons* (file-system
+ (device (file-system-label "my-boot"))
+ (mount-point "/boot")
+ (type "ext4"))
+ (file-system
+ (device "/dev/mapper/root")
+ (mount-point "/")
+ (type "ext4"))
+ %base-file-systems))
+ (users (cons (user-account
+ (name "alice")
+ (group "users")
+ (supplementary-groups '("wheel" "audio" "video")))
+ %base-user-accounts))
+ (services (cons (service marionette-service-type
+ (marionette-configuration
+ (imported-modules '((gnu services herd)
+ (guix combinators)))))
+ %base-services))))
+
+(define %encrypted-root-not-boot-installation-script
+ ;; Shell script for an installation with boot not encrypted but root
+ ;; encrypted.
+ (format #f "\
+. /etc/profile
+set -e -x
+guix --version
+
+export GUIX_BUILD_OPTIONS=--no-grafts
+ls -l /run/current-system/gc-roots
+parted --script /dev/vdb mklabel gpt \\
+ mkpart primary ext2 1M 3M \\
+ mkpart primary ext2 3M 50M \\
+ mkpart primary ext2 50M 1.6G \\
+ set 1 boot on \\
+ set 1 bios_grub on
+echo -n \"~a\" | cryptsetup luksFormat --uuid=\"~a\" -q /dev/vdb3 -
+echo -n \"~a\" | cryptsetup open --type luks --key-file - /dev/vdb3 root
+mkfs.ext4 -L my-root /dev/mapper/root
+mkfs.ext4 -L my-boot /dev/vdb2
+mount LABEL=my-root /mnt
+mkdir /mnt/boot
+mount LABEL=my-boot /mnt/boot
+echo \"Checking mounts\"
+mount
+herd start cow-store /mnt
+mkdir /mnt/etc
+cp /etc/target-config.scm /mnt/etc/config.scm
+guix system build /mnt/etc/config.scm
+guix system init /mnt/etc/config.scm /mnt --no-substitutes
+sync
+echo \"Debugging info\"
+blkid
+cat /mnt/boot/grub/grub.cfg
+reboot\n"
+ %luks-passphrase "12345678-1234-1234-1234-123456789abc"
+ %luks-passphrase))
+
+(define %test-encrypted-root-not-boot-os
+ (system-test
+ (name "encrypted-root-not-boot-os")
+ (description
+ "Test the manual installation on an OS with / in an encrypted partition
+but /boot on a different, non-encrypted partition. This test is expensive in
+terms of CPU and storage usage since we need to build (current-guix) and then
+store a couple of full system images.")
+ (value
+ (mlet* %store-monad
+ ((image (run-install %encrypted-root-not-boot-os
+ %encrypted-root-not-boot-os-source
+ #:script
+ %encrypted-root-not-boot-installation-script))
+ (command (qemu-command/writable-image image)))
+ (run-basic-test %encrypted-root-not-boot-os command
+ "encrypted-root-not-boot-os"
+ #:initialization enter-luks-passphrase)))))
+
+
+;;;
;;; Btrfs root file system.
;;;