movefasta/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-14 14:10:33 +03:00
Code Activity
nixpkgs/nixos/tests/nix-store-veritysetup.nix
nikstur 50d0a81800 nixos/nix-store-veritysetup: init
2025-06-16 10:28:53 +02:00

108 lines
2.4 KiB
Nix
Raw Blame History

{ lib, ... }:
{
name = "nix-store-veritysetup";
meta.maintainers = with lib.maintainers; [ nikstur ];
nodes.machine =
{ config, modulesPath, ... }:
{
imports = [
"${modulesPath}/image/repart.nix"
];
image.repart = {
name = "nix-store";
partitions = {
"nix-store" = {
storePaths = [ config.system.build.toplevel ];
stripNixStorePrefix = true;
repartConfig = {
Type = "linux-generic";
Label = "nix-store";
Format = "erofs";
Minimize = "best";
Verity = "data";
VerityMatchKey = "nix-store";
};
};
"nix-store-verity" = {
repartConfig = {
Type = "linux-generic";
Label = "nix-store-verity";
Verity = "hash";
VerityMatchKey = "nix-store";
Minimize = "best";
};
};
};
};
boot.initrd = {
systemd = {
enable = true;
dmVerity.enable = true;
};
nix-store-veritysetup.enable = true;
};
virtualisation = {
mountHostNixStore = false;
qemu.drives = [
{
name = "nix-store";
file = ''"$NIX_STORE"'';
}
];
fileSystems = {
"/nix/store" = {
fsType = "erofs";
device = "/dev/mapper/nix-store";
};
};
};
};
testScript =
{ nodes, ... }:
''
import os
import json
import subprocess
import tempfile
with open("${nodes.machine.system.build.image}/repart-output.json") as f:
data = json.load(f)
storehash = data[0]["roothash"]
os.environ["QEMU_KERNEL_PARAMS"] = f"storehash={storehash}"
tmp_disk_image = tempfile.NamedTemporaryFile()
subprocess.run([
"${nodes.machine.virtualisation.qemu.package}/bin/qemu-img",
"create",
"-f",
"qcow2",
"-b",
"${nodes.machine.system.build.image}/${nodes.machine.image.repart.imageFile}",
"-F",
"raw",
tmp_disk_image.name,
])
os.environ["NIX_STORE"] = tmp_disk_image.name
machine.start()
print(machine.succeed("findmnt"))
print(machine.succeed("dmsetup info nix-store"))
machine.wait_for_unit("multi-user.target")
'';
}
View git blame Copy permalink