{ system ? builtins.currentSystem, config ? {}, pkgs ? import ../.. { inherit system config; } }: with import ../lib/testing-python.nix { inherit system pkgs; }; with pkgs.lib; let common = { virtualisation.useBootLoader = true; virtualisation.useEFIBoot = true; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; environment.systemPackages = [ pkgs.efibootmgr ]; # Needed for machine-id to be persisted between reboots environment.etc."machine-id".text = "00000000000000000000000000000000"; }; commonXbootldr = { config, lib, pkgs, ... }: let diskImage = import ../lib/make-disk-image.nix { inherit config lib pkgs; label = "nixos"; format = "qcow2"; partitionTableType = "efixbootldr"; touchEFIVars = true; installBootLoader = true; }; in { imports = [ common ]; virtualisation.useBootLoader = lib.mkForce false; # Only way to tell qemu-vm not to create the default system image virtualisation.directBoot.enable = false; # But don't direct boot either because we're testing systemd-boot system.build.diskImage = diskImage; # Use custom disk image with an XBOOTLDR partition virtualisation.efi.variables = "${diskImage}/efi-vars.fd"; virtualisation.useDefaultFilesystems = false; # Needs custom setup for `diskImage` virtualisation.bootPartition = null; virtualisation.fileSystems = { "/" = { device = "/dev/vda3"; fsType = "ext4"; }; "/boot" = { device = "/dev/vda2"; fsType = "vfat"; noCheck = true; }; "/efi" = { device = "/dev/vda1"; fsType = "vfat"; noCheck = true; }; }; boot.loader.systemd-boot.enable = true; boot.loader.efi.efiSysMountPoint = "/efi"; boot.loader.systemd-boot.xbootldrMountPoint = "/boot"; }; customDiskImage = nodes: '' import os import subprocess import tempfile tmp_disk_image = tempfile.NamedTemporaryFile() subprocess.run([ "${nodes.machine.virtualisation.qemu.package}/bin/qemu-img", "create", "-f", "qcow2", "-b", "${nodes.machine.system.build.diskImage}/nixos.qcow2", "-F", "qcow2", tmp_disk_image.name, ]) # Set NIX_DISK_IMAGE so that the qemu script finds the right disk image. os.environ['NIX_DISK_IMAGE'] = tmp_disk_image.name ''; in rec { basic = makeTest { name = "systemd-boot"; meta.maintainers = with pkgs.lib.maintainers; [ danielfullmer julienmalka ]; nodes.machine = common; testScript = '' machine.start() machine.wait_for_unit("multi-user.target") machine.succeed("test -e /boot/loader/entries/nixos-generation-1.conf") # our sort-key will uses r to sort before nixos machine.succeed("grep 'sort-key nixor-default' /boot/loader/entries/nixos-generation-1.conf") # Ensure we actually booted using systemd-boot # Magic number is the vendor UUID used by systemd-boot. machine.succeed( "test -e /sys/firmware/efi/efivars/LoaderEntrySelected-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f" ) # "bootctl install" should have created an EFI entry machine.succeed('efibootmgr | grep "Linux Boot Manager"') ''; }; # Test that systemd-boot works with secure boot secureBoot = makeTest { name = "systemd-boot-secure-boot"; nodes.machine = { imports = [ common ]; environment.systemPackages = [ pkgs.sbctl ]; virtualisation.useSecureBoot = true; }; testScript = let efiArch = pkgs.stdenv.hostPlatform.efiArch; in { nodes, ... }: '' machine.start(allow_reboot=True) machine.wait_for_unit("multi-user.target") machine.succeed("sbctl create-keys") machine.succeed("sbctl enroll-keys --yes-this-might-brick-my-machine") machine.succeed('sbctl sign /boot/EFI/systemd/systemd-boot${efiArch}.efi') machine.succeed('sbctl sign /boot/EFI/BOOT/BOOT${toUpper efiArch}.EFI') machine.succeed('sbctl sign /boot/EFI/nixos/*${nodes.machine.system.boot.loader.kernelFile}.efi') machine.reboot() assert "Secure Boot: enabled (user)" in machine.succeed("bootctl status") ''; }; basicXbootldr = makeTest { name = "systemd-boot-xbootldr"; meta.maintainers = with pkgs.lib.maintainers; [ sdht0 ]; nodes.machine = commonXbootldr; testScript = { nodes, ... }: '' ${customDiskImage nodes} machine.start() machine.wait_for_unit("multi-user.target") machine.succeed("test -e /efi/EFI/systemd/systemd-bootx64.efi") machine.succeed("test -e /boot/loader/entries/nixos-generation-1.conf") # Ensure we actually booted using systemd-boot # Magic number is the vendor UUID used by systemd-boot. machine.succeed( "test -e /sys/firmware/efi/efivars/LoaderEntrySelected-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f" ) # "bootctl install" should have created an EFI entry machine.succeed('efibootmgr | grep "Linux Boot Manager"') ''; }; # Check that specialisations create corresponding boot entries. specialisation = makeTest { name = "systemd-boot-specialisation"; meta.maintainers = with pkgs.lib.maintainers; [ lukegb julienmalka ]; nodes.machine = { pkgs, lib, ... }: { imports = [ common ]; specialisation.something.configuration = { boot.loader.systemd-boot.sortKey = "something"; # Since qemu will dynamically create a devicetree blob when starting # up, it is not straight forward to create an export of that devicetree # blob without knowing before-hand all the flags we would pass to qemu # (we would then be able to use `dumpdtb`). Thus, the following config # will not boot, but it does allow us to assert that the boot entry has # the correct contents. boot.loader.systemd-boot.installDeviceTree = pkgs.stdenv.hostPlatform.isAarch64; hardware.deviceTree.name = "dummy.dtb"; hardware.deviceTree.package = lib.mkForce (pkgs.runCommand "dummy-devicetree-package" { } '' mkdir -p $out cp ${pkgs.emptyFile} $out/dummy.dtb ''); }; }; testScript = { nodes, ... }: '' machine.start() machine.wait_for_unit("multi-user.target") machine.succeed( "test -e /boot/loader/entries/nixos-generation-1-specialisation-something.conf" ) machine.succeed( "grep -q 'title NixOS (something)' /boot/loader/entries/nixos-generation-1-specialisation-something.conf" ) machine.succeed( "grep 'sort-key something' /boot/loader/entries/nixos-generation-1-specialisation-something.conf" ) '' + pkgs.lib.optionalString pkgs.stdenv.hostPlatform.isAarch64 '' machine.succeed( "grep 'devicetree .*dummy' /boot/loader/entries/nixos-generation-1-specialisation-something.conf" ) ''; }; # Boot without having created an EFI entry--instead using default "/EFI/BOOT/BOOTX64.EFI" fallback = makeTest { name = "systemd-boot-fallback"; meta.maintainers = with pkgs.lib.maintainers; [ danielfullmer julienmalka ]; nodes.machine = { pkgs, lib, ... }: { imports = [ common ]; boot.loader.efi.canTouchEfiVariables = mkForce false; }; testScript = '' machine.start() machine.wait_for_unit("multi-user.target") machine.succeed("test -e /boot/loader/entries/nixos-generation-1.conf") # Ensure we actually booted using systemd-boot # Magic number is the vendor UUID used by systemd-boot. machine.succeed( "test -e /sys/firmware/efi/efivars/LoaderEntrySelected-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f" ) # "bootctl install" should _not_ have created an EFI entry machine.fail('efibootmgr | grep "Linux Boot Manager"') ''; }; update = makeTest { name = "systemd-boot-update"; meta.maintainers = with pkgs.lib.maintainers; [ danielfullmer julienmalka ]; nodes.machine = common; testScript = '' machine.succeed("mount -o remount,rw /boot") # Replace version inside sd-boot with something older. See magic[] string in systemd src/boot/efi/boot.c machine.succeed( """ find /boot -iname '*boot*.efi' -print0 | \ xargs -0 -I '{}' sed -i 's/#### LoaderInfo: systemd-boot .* ####/#### LoaderInfo: systemd-boot 000.0-1-notnixos ####/' '{}' """ ) output = machine.succeed("/run/current-system/bin/switch-to-configuration boot 2>&1") assert "updating systemd-boot from 000.0-1-notnixos to " in output, "Couldn't find systemd-boot update message" assert 'to "/boot/EFI/systemd/systemd-bootx64.efi"' in output, "systemd-boot not copied to to /boot/EFI/systemd/systemd-bootx64.efi" assert 'to "/boot/EFI/BOOT/BOOTX64.EFI"' in output, "systemd-boot not copied to to /boot/EFI/BOOT/BOOTX64.EFI" ''; }; memtest86 = makeTest { name = "systemd-boot-memtest86"; meta.maintainers = with pkgs.lib.maintainers; [ julienmalka ]; nodes.machine = { pkgs, lib, ... }: { imports = [ common ]; boot.loader.systemd-boot.memtest86.enable = true; }; testScript = '' machine.succeed("test -e /boot/loader/entries/memtest86.conf") machine.succeed("test -e /boot/efi/memtest86/memtest.efi") ''; }; netbootxyz = makeTest { name = "systemd-boot-netbootxyz"; meta.maintainers = with pkgs.lib.maintainers; [ julienmalka ]; nodes.machine = { pkgs, lib, ... }: { imports = [ common ]; boot.loader.systemd-boot.netbootxyz.enable = true; }; testScript = '' machine.succeed("test -e /boot/loader/entries/netbootxyz.conf") machine.succeed("test -e /boot/efi/netbootxyz/netboot.xyz.efi") ''; }; memtestSortKey = makeTest { name = "systemd-boot-memtest-sortkey"; meta.maintainers = with pkgs.lib.maintainers; [ julienmalka ]; nodes.machine = { pkgs, lib, ... }: { imports = [ common ]; boot.loader.systemd-boot.memtest86.enable = true; boot.loader.systemd-boot.memtest86.sortKey = "apple"; }; testScript = '' machine.succeed("test -e /boot/loader/entries/memtest86.conf") machine.succeed("test -e /boot/efi/memtest86/memtest.efi") machine.succeed("grep 'sort-key apple' /boot/loader/entries/memtest86.conf") ''; }; entryFilenameXbootldr = makeTest { name = "systemd-boot-entry-filename-xbootldr"; meta.maintainers = with pkgs.lib.maintainers; [ sdht0 ]; nodes.machine = { pkgs, lib, ... }: { imports = [ commonXbootldr ]; boot.loader.systemd-boot.memtest86.enable = true; }; testScript = { nodes, ... }: '' ${customDiskImage nodes} machine.start() machine.wait_for_unit("multi-user.target") machine.succeed("test -e /efi/EFI/systemd/systemd-bootx64.efi") machine.succeed("test -e /boot/loader/entries/memtest86.conf") machine.succeed("test -e /boot/EFI/memtest86/memtest.efi") ''; }; extraEntries = makeTest { name = "systemd-boot-extra-entries"; meta.maintainers = with pkgs.lib.maintainers; [ julienmalka ]; nodes.machine = { pkgs, lib, ... }: { imports = [ common ]; boot.loader.systemd-boot.extraEntries = { "banana.conf" = '' title banana ''; }; }; testScript = '' machine.succeed("test -e /boot/loader/entries/banana.conf") machine.succeed("test -e /boot/efi/nixos/.extra-files/loader/entries/banana.conf") ''; }; extraFiles = makeTest { name = "systemd-boot-extra-files"; meta.maintainers = with pkgs.lib.maintainers; [ julienmalka ]; nodes.machine = { pkgs, lib, ... }: { imports = [ common ]; boot.loader.systemd-boot.extraFiles = { "efi/fruits/tomato.efi" = pkgs.netbootxyz-efi; }; }; testScript = '' machine.succeed("test -e /boot/efi/fruits/tomato.efi") machine.succeed("test -e /boot/efi/nixos/.extra-files/efi/fruits/tomato.efi") ''; }; switch-test = makeTest { name = "systemd-boot-switch-test"; meta.maintainers = with pkgs.lib.maintainers; [ julienmalka ]; nodes = { inherit common; machine = { pkgs, nodes, ... }: { imports = [ common ]; boot.loader.systemd-boot.extraFiles = { "efi/fruits/tomato.efi" = pkgs.netbootxyz-efi; }; # These are configs for different nodes, but we'll use them here in `machine` system.extraDependencies = [ nodes.common.system.build.toplevel nodes.with_netbootxyz.system.build.toplevel ]; }; with_netbootxyz = { pkgs, ... }: { imports = [ common ]; boot.loader.systemd-boot.netbootxyz.enable = true; }; }; testScript = { nodes, ... }: let originalSystem = nodes.machine.system.build.toplevel; baseSystem = nodes.common.system.build.toplevel; finalSystem = nodes.with_netbootxyz.system.build.toplevel; in '' machine.succeed("test -e /boot/efi/fruits/tomato.efi") machine.succeed("test -e /boot/efi/nixos/.extra-files/efi/fruits/tomato.efi") with subtest("remove files when no longer needed"): machine.succeed("${baseSystem}/bin/switch-to-configuration boot") machine.fail("test -e /boot/efi/fruits/tomato.efi") machine.fail("test -d /boot/efi/fruits") machine.succeed("test -d /boot/efi/nixos/.extra-files") machine.fail("test -e /boot/efi/nixos/.extra-files/efi/fruits/tomato.efi") machine.fail("test -d /boot/efi/nixos/.extra-files/efi/fruits") with subtest("files are added back when needed again"): machine.succeed("${originalSystem}/bin/switch-to-configuration boot") machine.succeed("test -e /boot/efi/fruits/tomato.efi") machine.succeed("test -e /boot/efi/nixos/.extra-files/efi/fruits/tomato.efi") with subtest("simultaneously removing and adding files works"): machine.succeed("${finalSystem}/bin/switch-to-configuration boot") machine.fail("test -e /boot/efi/fruits/tomato.efi") machine.fail("test -e /boot/efi/nixos/.extra-files/efi/fruits/tomato.efi") machine.succeed("test -e /boot/loader/entries/netbootxyz.conf") machine.succeed("test -e /boot/efi/netbootxyz/netboot.xyz.efi") machine.succeed("test -e /boot/efi/nixos/.extra-files/loader/entries/netbootxyz.conf") machine.succeed("test -e /boot/efi/nixos/.extra-files/efi/netbootxyz/netboot.xyz.efi") ''; }; garbage-collect-entry = { withBootCounting ? false, ... }: makeTest { name = "systemd-boot-garbage-collect-entry" + optionalString withBootCounting "-with-boot-counting"; meta.maintainers = with pkgs.lib.maintainers; [ julienmalka ]; nodes = { inherit common; machine = { pkgs, nodes, ... }: { imports = [ common ]; boot.loader.systemd-boot.bootCounting.enable = withBootCounting; # These are configs for different nodes, but we'll use them here in `machine` system.extraDependencies = [ nodes.common.system.build.toplevel ]; }; }; testScript = { nodes, ... }: let baseSystem = nodes.common.system.build.toplevel; in '' machine.succeed("nix-env -p /nix/var/nix/profiles/system --set ${baseSystem}") machine.succeed("nix-env -p /nix/var/nix/profiles/system --delete-generations 1") # At this point generation 1 has already been marked as good so we reintroduce counters artificially ${optionalString withBootCounting '' machine.succeed("mv /boot/loader/entries/nixos-generation-1.conf /boot/loader/entries/nixos-generation-1+3.conf") ''} machine.succeed("${baseSystem}/bin/switch-to-configuration boot") machine.fail("test -e /boot/loader/entries/nixos-generation-1*") machine.succeed("test -e /boot/loader/entries/nixos-generation-2.conf") ''; }; no-bootspec = makeTest { name = "systemd-boot-no-bootspec"; meta.maintainers = with pkgs.lib.maintainers; [ julienmalka ]; nodes.machine = { imports = [ common ]; boot.bootspec.enable = false; }; testScript = '' machine.start() machine.wait_for_unit("multi-user.target") ''; }; # Check that we are booting the default entry and not the generation with largest version number defaultEntry = { withBootCounting ? false, ... }: makeTest { name = "systemd-boot-default-entry" + optionalString withBootCounting "-with-boot-counting"; meta.maintainers = with pkgs.lib.maintainers; [ julienmalka ]; nodes = { machine = { pkgs, lib, nodes, ... }: { imports = [ common ]; system.extraDependencies = [ nodes.other_machine.system.build.toplevel ]; boot.loader.systemd-boot.bootCounting.enable = withBootCounting; }; other_machine = { pkgs, lib, ... }: { imports = [ common ]; boot.loader.systemd-boot.bootCounting.enable = withBootCounting; environment.systemPackages = [ pkgs.hello ]; }; }; testScript = { nodes, ... }: let orig = nodes.machine.system.build.toplevel; other = nodes.other_machine.system.build.toplevel; in '' orig = "${orig}" other = "${other}" def check_current_system(system_path): machine.succeed(f'test $(readlink -f /run/current-system) = "{system_path}"') check_current_system(orig) # Switch to other configuration machine.succeed("nix-env -p /nix/var/nix/profiles/system --set ${other}") machine.succeed(f"{other}/bin/switch-to-configuration boot") # Rollback, default entry is now generation 1 machine.succeed("nix-env -p /nix/var/nix/profiles/system --rollback") machine.succeed(f"{orig}/bin/switch-to-configuration boot") machine.shutdown() machine.start() machine.wait_for_unit("multi-user.target") # Check that we booted generation 1 (default) # even though generation 2 comes first in alphabetical order check_current_system(orig) ''; }; bootCounting = let baseConfig = { pkgs, lib, ... }: { imports = [ common ]; boot.loader.systemd-boot.bootCounting.enable = true; boot.loader.systemd-boot.bootCounting.tries = 2; }; in makeTest { name = "systemd-boot-counting"; meta.maintainers = with pkgs.lib.maintainers; [ julienmalka ]; nodes = { machine = { pkgs, lib, nodes, ... }: { imports = [ baseConfig ]; system.extraDependencies = [ nodes.bad_machine.system.build.toplevel ]; }; bad_machine = { pkgs, lib, ... }: { imports = [ baseConfig ]; systemd.services."failing" = { script = "exit 1"; requiredBy = [ "boot-complete.target" ]; before = [ "boot-complete.target" ]; serviceConfig.Type = "oneshot"; }; }; }; testScript = { nodes, ... }: let orig = nodes.machine.system.build.toplevel; bad = nodes.bad_machine.system.build.toplevel; in '' orig = "${orig}" bad = "${bad}" def check_current_system(system_path): machine.succeed(f'test $(readlink -f /run/current-system) = "{system_path}"') # Ensure we booted using an entry with counters enabled machine.succeed( "test -e /sys/firmware/efi/efivars/LoaderBootCountPath-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f" ) # systemd-bless-boot should have already removed the "+2" suffix from the boot entry machine.wait_for_unit("systemd-bless-boot.service") machine.succeed("test -e /boot/loader/entries/nixos-generation-1.conf") check_current_system(orig) # Switch to bad configuration machine.succeed("nix-env -p /nix/var/nix/profiles/system --set ${bad}") machine.succeed(f"{bad}/bin/switch-to-configuration boot") # Ensure new bootloader entry has initialized counter machine.succeed("test -e /boot/loader/entries/nixos-generation-1.conf") machine.succeed("test -e /boot/loader/entries/nixos-generation-2+2.conf") machine.shutdown() machine.start() machine.wait_for_unit("multi-user.target") check_current_system(bad) machine.succeed("test -e /boot/loader/entries/nixos-generation-1.conf") machine.succeed("test -e /boot/loader/entries/nixos-generation-2+1-1.conf") machine.shutdown() machine.start() machine.wait_for_unit("multi-user.target") check_current_system(bad) machine.succeed("test -e /boot/loader/entries/nixos-generation-1.conf") machine.succeed("test -e /boot/loader/entries/nixos-generation-2+0-2.conf") machine.shutdown() # Should boot back into original configuration machine.start() check_current_system(orig) machine.wait_for_unit("multi-user.target") machine.succeed("test -e /boot/loader/entries/nixos-generation-1.conf") machine.succeed("test -e /boot/loader/entries/nixos-generation-2+0-2.conf") machine.shutdown() ''; }; defaultEntryWithBootCounting = defaultEntry { withBootCounting = true; }; garbageCollectEntryWithBootCounting = garbage-collect-entry { withBootCounting = true; }; }