Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nixos/tests/installer: test full disk encryption with both luks formats #85154

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

nixos/tests/installer: test full disk encryption with both luks formats #85154

wants to merge 1 commit into from

Conversation

sorki
Copy link
Member

@sorki sorki commented Apr 13, 2020

Motivation for this change

Full disc encryption tests utilizing GRUB LUKS support - v2 and default is supposed to fail for now due to missing (partial) v2 header support.

See also #65375

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@andir
Copy link
Member

andir commented Apr 13, 2020

I think Grub 2.06 will have support for LUKS2.

@sorki
Copy link
Member Author

sorki commented Apr 13, 2020

@andir That's good! We will have a test ready :)

@ofborg test

@sorki
Copy link
Member Author

sorki commented Apr 13, 2020
edited

@GrahamcOfBorg test installer

(I'm not a trusted user If anyone can try this)

@nh2
Copy link
Contributor

nh2 commented Apr 23, 2020

@GrahamcOfBorg test installer

@brainrake
Copy link
Contributor

Hey, how come the tests pass? I thought they should fail currently.

@sorki
Copy link
Member Author

sorki commented May 20, 2020

Check result is deceptive, when you look at the logs there are no test runs. It actually makes sense as the installer tests are quite heavyweight and I have issues testing them all - commenting most of the tests works but maybe splitting them might be better? Also the test just hangs waiting for time-out so there's not much point in running it either.

@Mic92
Copy link
Member

Mic92 commented May 20, 2020
edited

Maybe tests.installer should be split up them to allow evaluation with less memory.

@stale
Copy link

stale bot commented Nov 16, 2020

I marked this as stale due to inactivity. → More info

@stale stale bot added the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Nov 16, 2020
@sorki
Copy link
Member Author

sorki commented Nov 28, 2020

Still a thing.

@stale stale bot removed the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Nov 28, 2020
@stale
Copy link

stale bot commented Jun 3, 2021

I marked this as stale due to inactivity. → More info

@stale stale bot added the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Jun 3, 2021
@sorki
Copy link
Member Author

sorki commented Aug 28, 2021

Still a thing.

@stale stale bot removed the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Aug 28, 2021
@andir
Copy link
Member

andir commented Aug 28, 2021

Still a thing.

Is this ready yet? It is still marked as WIP.

@sorki
Copy link
Member Author

sorki commented Aug 28, 2021

Still a thing.

Is this ready yet? It is still marked as WIP.

It is fine but I still want to try splitting the installer tests into more manageable chunks instead of current all-in-one file.

@stale
Copy link

stale bot commented Apr 18, 2022

I marked this as stale due to inactivity. → More info

@stale stale bot added the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Apr 18, 2022
@sorki
Copy link
Member Author

sorki commented Oct 18, 2023
edited

I've adapted this to use FDE test by @rnhmjoj but the LUKS2 variant with --type=LUKS2 --pbkdf pbkdf2 takes 10 times longer to fully execute (around 45 minutes, compared to 5 minutes of the original test using LUKS1).

It seems to consistently hang early in boot (Linux 6.1)

boot-after-install # [    1.309611] cdrom: Uniform CD-ROM driver Revision: 3.20
boot-after-install # [  737.820858] Key type encrypted registered

so no dice again. Keeping as draft..

@brainrake
Copy link
Contributor

brainrake commented Oct 18, 2023 via email

@stale stale bot removed the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Oct 18, 2023
@sorki
Copy link
Member Author

sorki commented Oct 19, 2023

Could it be waiting for entropy?

I'm not sure. The VM has a virtio-rng-pci and I've checked the available entropy on host via /proc/sys/kernel/random/entropy_avail and grafana and it is constant at 256.

I've tried running this interactively, connecting to VNC and mashing keys but it doesn't seem to help.

If anyone wants to try, you can compare these two

NIX_PATH=nixpkgs=../.. nix-build installer.nix -A fullDiskEncryption
NIX_PATH=nixpkgs=../.. nix-build installer.nix -A fullDiskEncryptionFormat2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
2.status: merge conflict 6.topic: nixos 10.rebuild-darwin: 0 10.rebuild-linux: 0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@sorki @andir @nh2 @brainrake @Mic92 @wegank