New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nixos/tests/initrd-network-ssh: fix with real initrd secrets implementation #91744
Conversation
@ofborg test initrd-network-ssh |
Thank you for taking care of this :) |
It looks like |
920f532
to
06fc2a6
Compare
@GrahamcOfBorg test initrd-network-ssh |
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: |
ping @emilazy could you please take a look? :) |
Unfortunately I no longer remember what the |
ce8dac5
to
9e27deb
Compare
@emilazy now that I think of it, I fully agree that this is quite important to keep in mind! For instance, I'm now using |
If your bootloader has initrd secrets support it's generally preferable to use the quoted paths; non-quoted paths will always be copied to the Nix store, whereas quoted paths are processed by the initrd secrets generator during |
No they don't, unless you do e.g. |
…ementation Previously, the test did not use a bootloader, but was still configured to use GRUB, which did not have an initrd secrets implementation, so the secrets were stored in the Nix store. Now that GRUB has a initrd secrets implementation, we need to use a bootloader in the VM so the secrets get copied correctly.
9e27deb
to
05e073d
Compare
Yes, there are a lot of edge cases here. I think I have fixed it now. In the test, the bootloader is installed in a VM (using |
This PR probably wants to revert or at least adjust #102530. |
I marked this as stale due to inactivity. → More info |
Motivation for this change
Fixes the
initrd-network-ssh
test, which was broken by the use of a real initrd secrets implementation. This was fixed by enabling the bootloader in the VM, which also exposed a few other bugs along the way.The
-serial pty
QEMU option specified in the boot disk image builder prevented errors from being shown, and-nographics
is redundant.For the secret to be accessible to the VM disk builder, it needed to be added to the store, which broke some assumptions in the initrd-ssh module. I removed some hacks there that do not seem to be necessary, though I may be missing some problem with this.
Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)cc @emilazy @CRTified