Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

nixos/initrd-network-ssh: fix test #102530

Merged
merged 1 commit into from Nov 3, 2020
Merged

Conversation

Ma27
Copy link
Member

@Ma27 Ma27 commented Nov 2, 2020

Motivation for this change

The test relied on moving initrd secrets from the store into the
initrd which was fine here as it's only an integration test and not a
production environment.

However, this broke in 20.09 when support for this was dropped[1]. To make
sure that the snakeoil key used as hostkey for sshd here actually gets
copied into the VM, I added a small script for this that takes care of
this process while building the initial ramdisk.

[1] d930466

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

The test relied on moving `initrd` secrets from the store into the
`initrd` which was fine here as it's only an integration test and not a
production environment.

However, this broke in 20.09 when support for this was dropped[1]. To make
sure that the snakeoil key used as hostkey for `sshd` here actually gets
copied into the VM, I added a small script for this that takes care of
this process while building the initial ramdisk.

[1] d930466
@Ma27 Ma27 added the 9.needs: port to stable A PR needs a backport to the stable release. label Nov 2, 2020
@emilazy
Copy link
Member

emilazy commented Nov 3, 2020

Hm, does this relate to #91744?

@Ma27
Copy link
Member Author

Ma27 commented Nov 3, 2020

The problem I have with #91744 is that I don't want to touch the initrd-ssh-module right now as the current behavior is (from my PoV at least) rather unintuitive and I'm too afraid to change something there and probably causing further breakage.

I filed this PR since I wrote a similar testcase for a personal pet-project where I encountered the same issue, so I figured that it would make sense to fix this test as well. Until we have a working solution everyone agrees on, it would make sense IMHO to use this (temporary) fix to make sure that the current functionality works fine and we don't introduce some accidental regressions.

Copy link
Member

@WilliButz WilliButz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Given that the current version of initrd.network.ssh works, while still having some quirks, I also find it important to have a working test for it, so I'm with @Ma27 on this approach.
These two extra commands in the test should be removed when the fixes to the module are added, for example in the mentioned PR.

@WilliButz
Copy link
Member

@GrahamcOfBorg test initrd-network-ssh

@WilliButz
Copy link
Member

@emilazy what do you think? :)

Copy link
Member

@emilazy emilazy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems reasonable to me.

@Ma27 Ma27 merged commit d6b804d into NixOS:master Nov 3, 2020
@Ma27 Ma27 deleted the fix-initrd-network-ssh-test branch November 3, 2020 23:01
@Ma27
Copy link
Member Author

Ma27 commented Nov 3, 2020

Ported to 20.09 as 3090f4d.

@Ma27 Ma27 added 8.has: port to stable A PR already has a backport to the stable release. and removed 9.needs: port to stable A PR needs a backport to the stable release. labels Nov 3, 2020
@andir
Copy link
Member

andir commented Nov 3, 2020

This is probably related to #99618 where I was trying to provide a mechanism to properly do it during bootloader install time (as that allows you to generate the key on the server/during install/…).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

4 participants