Merge pull request #234030 from NixOS/cleanup-overlay-mounts

nixosTests: fix tests that relies on an empty rootfs using a bootloader
2023-06-08 18:20:23 +02:00 · 2023-06-08 18:20:23 +02:00 · a384c9b01d
parent d604f5fd92 89952f7bb6
commit a384c9b01d
10 changed files with 26 additions and 3 deletions
--- a/nixos/tests/initrd-luks-empty-passphrase.nix
+++ b/nixos/tests/initrd-luks-empty-passphrase.nix
@ -18,6 +18,11 @@ in {
      emptyDiskImages = [ 512 ];
      useBootLoader = true;
      useEFIBoot = true;
+      # This requires to have access
+      # to a host Nix store as
+      # the new root device is /dev/vdb
+      # an empty 512MiB drive, containing no Nix store.
+      mountHostNixStore = true;
    };

    boot.loader.systemd-boot.enable = true;
--- a/nixos/tests/luks.nix
+++ b/nixos/tests/luks.nix
@ -7,6 +7,8 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: {
      emptyDiskImages = [ 512 512 ];
      useBootLoader = true;
      useEFIBoot = true;
+      # To boot off the encrypted disk, we need to have a init script which comes from the Nix store
+      mountHostNixStore = true;
    };
    boot.loader.systemd-boot.enable = true;

--- a/nixos/tests/lvm2/systemd-stage-1.nix
+++ b/nixos/tests/lvm2/systemd-stage-1.nix
@ -65,6 +65,8 @@ in import ../make-test-python.nix ({ pkgs, ... }: {
      emptyDiskImages = [ 8192 8192 ];
      useBootLoader = true;
      useEFIBoot = true;
+      # To boot off the LVM disk, we need to have a init script which comes from the Nix store.
+      mountHostNixStore = true;
    };
    boot.loader.systemd-boot.enable = true;
    boot.loader.efi.canTouchEfiVariables = true;
--- a/nixos/tests/systemd-initrd-btrfs-raid.nix
+++ b/nixos/tests/systemd-initrd-btrfs-raid.nix
@ -6,6 +6,8 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: {
    virtualisation = {
      emptyDiskImages = [ 512 512 ];
      useBootLoader = true;
+      # Booting off the BTRFS RAID requires an available init script from the Nix store
+      mountHostNixStore = true;
      useEFIBoot = true;
    };
    boot.loader.systemd-boot.enable = true;
--- a/nixos/tests/systemd-initrd-luks-fido2.nix
+++ b/nixos/tests/systemd-initrd-luks-fido2.nix
@ -6,6 +6,8 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: {
    virtualisation = {
      emptyDiskImages = [ 512 ];
      useBootLoader = true;
+      # Booting off the encrypted disk requires having a Nix store available for the init script
+      mountHostNixStore = true;
      useEFIBoot = true;
      qemu.package = lib.mkForce (pkgs.qemu_test.override { canokeySupport = true; });
      qemu.options = [ "-device canokey,file=/tmp/canokey-file" ];
--- a/nixos/tests/systemd-initrd-luks-keyfile.nix
+++ b/nixos/tests/systemd-initrd-luks-keyfile.nix
@ -14,6 +14,8 @@ in {
    virtualisation = {
      emptyDiskImages = [ 512 ];
      useBootLoader = true;
+      # Necessary to boot off the encrypted disk because it requires a init script coming from the Nix store
+      mountHostNixStore = true;
      useEFIBoot = true;
    };
    boot.loader.systemd-boot.enable = true;
--- a/nixos/tests/systemd-initrd-luks-password.nix
+++ b/nixos/tests/systemd-initrd-luks-password.nix
@ -6,6 +6,8 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: {
    virtualisation = {
      emptyDiskImages = [ 512 512 ];
      useBootLoader = true;
+      # Booting off the encrypted disk requires an available init script
+      mountHostNixStore = true;
      useEFIBoot = true;
    };
    boot.loader.systemd-boot.enable = true;
--- a/nixos/tests/systemd-initrd-luks-tpm2.nix
+++ b/nixos/tests/systemd-initrd-luks-tpm2.nix
@ -6,6 +6,8 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: {
    virtualisation = {
      emptyDiskImages = [ 512 ];
      useBootLoader = true;
+      # Booting off the TPM2-encrypted device requires an available init script
+      mountHostNixStore = true;
      useEFIBoot = true;
      qemu.options = ["-chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock -tpmdev emulator,id=tpm0,chardev=chrtpm -device tpm-tis,tpmdev=tpm0"];
    };
--- a/nixos/tests/systemd-initrd-networkd-ssh.nix
+++ b/nixos/tests/systemd-initrd-networkd-ssh.nix
@ -10,13 +10,15 @@ import ./make-test-python.nix ({ lib, ... }: {
      virtualisation = {
        emptyDiskImages = [ 4096 ];
        useBootLoader = true;
+        # Booting off the encrypted disk requires an available init script from the Nix store
+        mountHostNixStore = true;
        useEFIBoot = true;
      };

      specialisation.encrypted-root.configuration = {
-        virtualisation.bootDevice = "/dev/mapper/root";
+        virtualisation.rootDevice = "/dev/mapper/root";
        boot.initrd.luks.devices = lib.mkVMOverride {
-          root.device = "/dev/vdc";
+          root.device = "/dev/vdb";
        };
        boot.initrd.systemd.enable = true;
        boot.initrd.network = {
@ -61,7 +63,7 @@ import ./make-test-python.nix ({ lib, ... }: {

    server.wait_for_unit("multi-user.target")
    server.succeed(
-        "echo somepass | cryptsetup luksFormat --type=luks2 /dev/vdc",
+        "echo somepass | cryptsetup luksFormat --type=luks2 /dev/vdb",
        "bootctl set-default nixos-generation-1-specialisation-encrypted-root.conf",
        "sync",
    )
--- a/nixos/tests/systemd-initrd-swraid.nix
+++ b/nixos/tests/systemd-initrd-swraid.nix
@ -6,6 +6,8 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: {
    virtualisation = {
      emptyDiskImages = [ 512 512 ];
      useBootLoader = true;
+      # Booting off the RAID requires an available init script
+      mountHostNixStore = true;
      useEFIBoot = true;
    };
    boot.loader.systemd-boot.enable = true;