Loading nixos/tests/stratis/default.nix +1 −0 Original line number Diff line number Diff line Loading @@ -4,4 +4,5 @@ { simple = import ./simple.nix { inherit system pkgs; }; encryption = import ./encryption.nix { inherit system pkgs; }; } nixos/tests/stratis/encryption.nix 0 → 100644 +33 −0 Original line number Diff line number Diff line import ../make-test-python.nix ({ pkgs, ... }: { name = "stratis"; meta = with pkgs.lib.maintainers; { maintainers = [ nickcao ]; }; nodes.machine = { pkgs, ... }: { services.stratis.enable = true; virtualisation.emptyDiskImages = [ 2048 ]; }; testScript = let testkey1 = pkgs.writeText "testkey1" "supersecret1"; testkey2 = pkgs.writeText "testkey2" "supersecret2"; in '' machine.wait_for_unit("stratisd") # test creation of encrypted pool and filesystem machine.succeed("stratis key set testkey1 --keyfile-path ${testkey1}") machine.succeed("stratis key set testkey2 --keyfile-path ${testkey2}") machine.succeed("stratis pool create testpool /dev/vdb --key-desc testkey1") machine.succeed("stratis fs create testpool testfs") # test rebinding encrypted pool machine.succeed("stratis pool rebind keyring testpool testkey2") # test restarting encrypted pool uuid = machine.succeed("stratis pool list | grep -oE '[0-9a-fA-F-]{36}'").rstrip('\n') machine.succeed(" stratis pool stop testpool") machine.succeed(f"stratis pool start {uuid} --unlock-method keyring") ''; }) pkgs/os-specific/linux/kernel/common-config.nix +5 −0 Original line number Diff line number Diff line Loading @@ -505,6 +505,11 @@ let # Depends on MODULE_SIG and only really helps when you sign your modules # and enforce signatures which we don't do by default. SECURITY_LOCKDOWN_LSM = option no; # provides a register of persistent per-UID keyrings, useful for encrypting storage pools in stratis PERSISTENT_KEYRINGS = yes; # enable temporary caching of the last request_key() result KEYS_REQUEST_CACHE = whenAtLeast "5.3" yes; } // optionalAttrs (!stdenv.hostPlatform.isAarch32) { # Detect buffer overflows on the stack Loading Loading
nixos/tests/stratis/default.nix +1 −0 Original line number Diff line number Diff line Loading @@ -4,4 +4,5 @@ { simple = import ./simple.nix { inherit system pkgs; }; encryption = import ./encryption.nix { inherit system pkgs; }; }
nixos/tests/stratis/encryption.nix 0 → 100644 +33 −0 Original line number Diff line number Diff line import ../make-test-python.nix ({ pkgs, ... }: { name = "stratis"; meta = with pkgs.lib.maintainers; { maintainers = [ nickcao ]; }; nodes.machine = { pkgs, ... }: { services.stratis.enable = true; virtualisation.emptyDiskImages = [ 2048 ]; }; testScript = let testkey1 = pkgs.writeText "testkey1" "supersecret1"; testkey2 = pkgs.writeText "testkey2" "supersecret2"; in '' machine.wait_for_unit("stratisd") # test creation of encrypted pool and filesystem machine.succeed("stratis key set testkey1 --keyfile-path ${testkey1}") machine.succeed("stratis key set testkey2 --keyfile-path ${testkey2}") machine.succeed("stratis pool create testpool /dev/vdb --key-desc testkey1") machine.succeed("stratis fs create testpool testfs") # test rebinding encrypted pool machine.succeed("stratis pool rebind keyring testpool testkey2") # test restarting encrypted pool uuid = machine.succeed("stratis pool list | grep -oE '[0-9a-fA-F-]{36}'").rstrip('\n') machine.succeed(" stratis pool stop testpool") machine.succeed(f"stratis pool start {uuid} --unlock-method keyring") ''; })
pkgs/os-specific/linux/kernel/common-config.nix +5 −0 Original line number Diff line number Diff line Loading @@ -505,6 +505,11 @@ let # Depends on MODULE_SIG and only really helps when you sign your modules # and enforce signatures which we don't do by default. SECURITY_LOCKDOWN_LSM = option no; # provides a register of persistent per-UID keyrings, useful for encrypting storage pools in stratis PERSISTENT_KEYRINGS = yes; # enable temporary caching of the last request_key() result KEYS_REQUEST_CACHE = whenAtLeast "5.3" yes; } // optionalAttrs (!stdenv.hostPlatform.isAarch32) { # Detect buffer overflows on the stack Loading
