nixos/tests: update initrd-secrets test to test secret in /run/keys
Since /run/keys is a ramfs, it is not paged out and a good place to copy secrets to. Test whether secrets with a path in /run/keys exist after initrd.
This commit is contained in:
parent
14df81c809
commit
b089c39a23
@ -13,7 +13,12 @@ let
|
|||||||
|
|
||||||
machine = { ... }: {
|
machine = { ... }: {
|
||||||
virtualisation.useBootLoader = true;
|
virtualisation.useBootLoader = true;
|
||||||
boot.initrd.secrets."/test" = secretInStore;
|
boot.initrd.secrets = {
|
||||||
|
"/test" = secretInStore;
|
||||||
|
|
||||||
|
# This should *not* need to be copied in postMountCommands
|
||||||
|
"/run/keys/test" = secretInStore;
|
||||||
|
};
|
||||||
boot.initrd.postMountCommands = ''
|
boot.initrd.postMountCommands = ''
|
||||||
cp /test /mnt-root/secret-from-initramfs
|
cp /test /mnt-root/secret-from-initramfs
|
||||||
'';
|
'';
|
||||||
@ -26,7 +31,8 @@ let
|
|||||||
start_all()
|
start_all()
|
||||||
machine.wait_for_unit("multi-user.target")
|
machine.wait_for_unit("multi-user.target")
|
||||||
machine.succeed(
|
machine.succeed(
|
||||||
"cmp ${secretInStore} /secret-from-initramfs"
|
"cmp ${secretInStore} /secret-from-initramfs",
|
||||||
|
"cmp ${secretInStore} /run/keys/test",
|
||||||
)
|
)
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
Loading…
Reference in New Issue
Block a user