From dc5cd7800a004b9c58d0cdd5482d6980e3e47205 Mon Sep 17 00:00:00 2001
From: Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi>
Date: Mon, 27 Nov 2017 10:14:17 +0200
Subject: [PATCH] tests/initrd-network-ssh: Don't build during evaluation

Issue #29774
---
 nixos/release.nix                             |   2 +-
 .../default.nix}                              |  25 +++------
 nixos/tests/initrd-network-ssh/dropbear.priv  | Bin 0 -> 1573 bytes
 nixos/tests/initrd-network-ssh/dropbear.pub   |   1 +
 .../initrd-network-ssh/generate-keys.nix      |  12 +++++
 nixos/tests/initrd-network-ssh/openssh.priv   |  51 ++++++++++++++++++
 nixos/tests/initrd-network-ssh/openssh.pub    |   1 +
 7 files changed, 72 insertions(+), 20 deletions(-)
 rename nixos/tests/{initrd-network-ssh.nix => initrd-network-ssh/default.nix} (69%)
 create mode 100644 nixos/tests/initrd-network-ssh/dropbear.priv
 create mode 100644 nixos/tests/initrd-network-ssh/dropbear.pub
 create mode 100644 nixos/tests/initrd-network-ssh/generate-keys.nix
 create mode 100644 nixos/tests/initrd-network-ssh/openssh.priv
 create mode 100644 nixos/tests/initrd-network-ssh/openssh.pub

diff --git a/nixos/release.nix b/nixos/release.nix
index 6eb896106a1..ac4dd3d7892 100644
--- a/nixos/release.nix
+++ b/nixos/release.nix
@@ -263,7 +263,7 @@ in rec {
   tests.hibernate = callTest tests/hibernate.nix {};
   tests.hound = callTest tests/hound.nix {};
   tests.i3wm = callTest tests/i3wm.nix {};
-  tests.initrd-network-ssh = callTest tests/initrd-network-ssh.nix {};
+  tests.initrd-network-ssh = callTest tests/initrd-network-ssh {};
   tests.installer = callSubTests tests/installer.nix {};
   tests.influxdb = callTest tests/influxdb.nix {};
   tests.ipv6 = callTest tests/ipv6.nix {};
diff --git a/nixos/tests/initrd-network-ssh.nix b/nixos/tests/initrd-network-ssh/default.nix
similarity index 69%
rename from nixos/tests/initrd-network-ssh.nix
rename to nixos/tests/initrd-network-ssh/default.nix
index 59661049392..9d476cb1a96 100644
--- a/nixos/tests/initrd-network-ssh.nix
+++ b/nixos/tests/initrd-network-ssh/default.nix
@@ -1,19 +1,6 @@
-import ./make-test.nix ({ pkgs, lib, ... }:
+import ../make-test.nix ({ pkgs, lib, ... }:
 
-let
-  keys = pkgs.runCommand "gen-keys" {
-    outputs = [ "out" "dbPub" "dbPriv" "sshPub" "sshPriv" ];
-    buildInputs = with pkgs; [ dropbear openssh ];
-  }
-  ''
-    touch $out
-    dropbearkey -t rsa -f $dbPriv -s 4096 | sed -n 2p > $dbPub
-    ssh-keygen -q -t rsa -b 4096 -N "" -f client
-    mv client $sshPriv
-    mv client.pub $sshPub
-  '';
-
-in {
+{
   name = "initrd-network-ssh";
   meta = with lib.maintainers; {
     maintainers = [ willibutz ];
@@ -32,9 +19,9 @@ in {
           enable = true;
           ssh = {
             enable = true;
-            authorizedKeys = [ "${readFile keys.sshPub}" ];
+            authorizedKeys = [ "${readFile ./openssh.pub}" ];
             port = 22;
-            hostRSAKey = keys.dbPriv;
+            hostRSAKey = ./dropbear.priv;
           };
         };
         boot.initrd.preLVMCommands = ''
@@ -56,7 +43,7 @@ in {
             "${toString (head (splitString " " (
               toString (elemAt (splitString "\n" config.networking.extraHosts) 2)
             )))} "
-            "${readFile keys.dbPub}"
+            "${readFile ./dropbear.pub}"
           ];
         };
       };
@@ -65,7 +52,7 @@ in {
   testScript = ''
     startAll;
     $client->waitForUnit("network.target");
-    $client->copyFileFromHost("${keys.sshPriv}","/etc/sshKey");
+    $client->copyFileFromHost("${./openssh.priv}","/etc/sshKey");
     $client->succeed("chmod 0600 /etc/sshKey");
     $client->waitUntilSucceeds("ping -c 1 server");
     $client->succeed("ssh -i /etc/sshKey -o UserKnownHostsFile=/etc/knownHosts server 'touch /fnord'");
diff --git a/nixos/tests/initrd-network-ssh/dropbear.priv b/nixos/tests/initrd-network-ssh/dropbear.priv
new file mode 100644
index 0000000000000000000000000000000000000000..af340535f0a3841d2b9ed2abbd60f64118f924da
GIT binary patch
literal 1573
zcmZQzU|=sU&d@C?PGn$UU}j`sWME)oWZ10kyu4#W?Uhsh+~+#3<$gFYy`lKwvg&OI
zb}l**{9UN#kD>o$zc<GZEq8wRy+eX$wR6mA`-2rGxdx)V4_L+AJ^EKNvb}7X$#lqP
zpUvu2L!Q>Fy7ou@Fevn|+8xco)V%$}?AGM@J-;)38jl~8ch}$fSH-BZGwP20Q_&8d
z?l~3wi|S53sZ;r&xy8_4QO={=IP_hbN$M%_WX0EOUwB-*aznstaeVB}m3n*}f?)^B
zw>ne=nw(!OC(huzLurzM@`spKyG!qjp9h8A)NAF`b&CDPrf+QMA``xTnenFQFAQS%
zf^BzgJf+)wIVzRml#I{!c}Y#d%b(i{W-!T|xGeli=F6J0-g*a*X=&FN8f=NlINttw
z`GSW`|1C_^RtWeNKML;idT4pkQ}yMI^hdluCNQkElU;g%%j2D>+@9TAo6;tfvK`-Q
z#nj6cn6*{HWBr6jQ{BG(edo-f**fvMPvD7XNo#JFZauqw`-=~XA-eCE<teQE{Mx6v
zZKCgjn|~^8?-i_<@C&xjSt)SrzW&OKA*-)jS;X#D5olOr_~Wg~oq!`UDs2~}q8eXR
zpNvY+e$u~o<C3YzcN>|!%$I$n%(-4`idELhQ&;w$nz$k}Ib^$;h}~b^W1A06bDne{
z_<8v;<?Hv%PlQx6DfDcVG5b(3`=fC)D@%yxN@3;~{@n}C2g+GiaNjiRWME)oFbYwt
z%C=<O&~i{tl%Y)I-kcs|wOi*(Lry)My(Y2AA}7n?h^R9A?_CLzOkRxZroZU;%Q?Yf
z-gf7Wz8?3d>bY=vXO=K$NbKgXi&4Ajmnb2dUO#E?vOIzJB4^bei#+}Q;p-A^IgY9A
z{bhlN&9(M=-jJ5?SKQs+`z_M)m22^L$?rwQ58qxqXR-BMkF(bOMcfm9rm&p}?$9hh
z^I`MinA4&~mYI2(e>K`CcF&wNH$AQL;K|c^sgH_``WW0Z!|s`S6)_j=+#P6X{Wbsp
zm6_KPWare)bA6Fy%Aja!vgzK<j4jPacO2UBw$JlqxX-f13j2(vaVm6fz0{i&TCl4+
zCF99iZmq0p%TMyJ=ZidMWMEq^cC^${<!|c;#ovXOpXW|t@;`QQPEOjF=I{s4pV=gz
z{<!V{lgPOV_8fQqO0qjhc(jW;wA!)WU2mjvSAExJHnEiGzD+F`w*)JkPJI~cG?PEX
zaM}ieo3^q+xyKJgyPx3wd+NoM)Fy!ysy;tjOb@KN<ag$_-nB;$B%TDmtV;9U%X}@N
zoaefIs`yt+wG#`ktL}=eJe`-OADC~MvU#fThwBq0jmpkhrL67U8*Hz+E%VaWd9B&)
z?R*zzubuKkMW^HNWv+hvro@@k&m6BhFWRv#BZ@81?LwW!63-W3>-QBHH(b4>{Bm1R
z&E)XP#Z3$Q6jTr0S#Xzufsv8nAb0HNqpe3R9INW1=WdB``~0m!Yo)I1x?^cg4sHxr
z`j59tXG~wPuIgN{><5kcH)nM5HW+c0u8dTvjjjKB!rJ}dpWRne4(~p)G;r1F++W!u
zhP$U7SG^@69;dtNpRrka`Si{D@_P<9+o|bDZ!wSenLFp{bpNxv_;!~)S^Tm}Zg<zd
zF#cWdY~2_9;wr6*`xulOms@=4l9H^VzMT`Vn^N7LBaVM&uu9e)S)RbYC;sh03ELiy
zfUPape^kGpIk)vi3nvpxlJK#eSAP9EVe;<RWY5!AKJQz+RApy*_lCHAk5;L_tl6>g
z)hpdq>(UA><{jDZ<Dhn}{L07By#n%2oLRgAU+9Aa;q4T?UMtppb!C1J*}7XLt_aSK
zihI5;Smffvk~KQ|bC>-+x$yRjLyfwvW;?DdJovW$--Lhv*kipOJ6ug(kYM0vp_kbe
zxHqMo%j?<92U;IE<(&Grzqz_#v3GFU&Lt^ZvKNFhXMdkq#kkn<&jai2s|AElC^P1%
z9K0c}bYiyup+}3-blPQiA9^aq7tP|7H1pY#b(J??ZVcL5`M$*M_{CR#VawTP1Z}xG
z?IKs6iRPL&M&F*u-!J+h&272&oX&xDw{n^;m(-_BcAE2cmjs)B(<CmzgMqKOR|S;K
vHONb6e(iAeq3|0g?freqj^=J+r<S-zB)G>Mvv*nlqvF5BcfUP~u4%^sa`g2^

literal 0
HcmV?d00001

diff --git a/nixos/tests/initrd-network-ssh/dropbear.pub b/nixos/tests/initrd-network-ssh/dropbear.pub
new file mode 100644
index 00000000000..385c625522a
--- /dev/null
+++ b/nixos/tests/initrd-network-ssh/dropbear.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCzJ0OniLB91MpPC86I1m3wwJeAc+Gme7bAuaLIU/cSfPwxT5NO7MfCp0Pu94gYDKtDXMs/wXg0bTAVDeAFFkdIj6kBBumEmQLCTL48q2UxDIXVLT/E/AAgj6q7WwgCg7fwm4Vjn4z7aUyBx8EfRy+5/SQyeYla3D/lFYgMi5x4D6J+yeR+JPAptDE/IR5IizNV7mY0ZcoXYyHrrehI1tTYEEqjX13ZqS4OCBFWwHe1QHhRNM+jHhcATbgikjAj8FyFPtLvc+dSVtkuhQktQl36Bi8zMUQcV6+mM7Ln6DBcDlM9urHKLYPTWmUAyhxM955iglOn5z0RaAIcyNMT6hz0rHaNf0BIlmbXoTC0XGjHh/OnoOEC/zg0JqgQTnPiU45K4TnRSSXp2GfiDfiQAK0+HaXACkjuFR68u7WCZpB1Bse1OgKNClFqtRhIr5DilUb2/e5DCCmFkddMUcjmYqzZdbXNt7fo8CFULe+mbiCp8+tMg4aRTaDZ/Hk93nCvGE5TP2ypEMbfL6nRVKvXOjhdvSQQgKwx+O003FDEHCSG0Bpageh7yVpna+SPrbGklce7MjTpbx3iIwmvKpQ6asnK1L3KkahpY1S3NhQ+/S3Gs8KWQ5LAU+d3xiPX3jfIVHsCIIyxHDbwcJvxM4MFBFQpqRMD6E+LoM9RHjl4C9k2iQ== tmtynkky@duuni
diff --git a/nixos/tests/initrd-network-ssh/generate-keys.nix b/nixos/tests/initrd-network-ssh/generate-keys.nix
new file mode 100644
index 00000000000..0183e12d7a8
--- /dev/null
+++ b/nixos/tests/initrd-network-ssh/generate-keys.nix
@@ -0,0 +1,12 @@
+with import ../../.. {};
+
+runCommand "gen-keys" {
+    buildInputs = [ dropbear openssh ];
+  }
+  ''
+    mkdir $out
+    dropbearkey -t rsa -f $out/dropbear.priv -s 4096 | sed -n 2p > $out/dropbear.pub
+    ssh-keygen -q -t rsa -b 4096 -N "" -f client
+    mv client $out/openssh.priv
+    mv client.pub $out/openssh.pub
+  ''
diff --git a/nixos/tests/initrd-network-ssh/openssh.priv b/nixos/tests/initrd-network-ssh/openssh.priv
new file mode 100644
index 00000000000..816d65435fd
--- /dev/null
+++ b/nixos/tests/initrd-network-ssh/openssh.priv
@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKAIBAAKCAgEA7+9A2PCPOTAlFmrablrUWA+VZdAuLfM6JXeHsOF7ZbC2F6lv
+WmvDM925DQqhiAjcgWnt5WHWS5Y+b7lGnuzT7fyKegXd80nCRmqlpSG3srX0/lxR
+aQAJLzfoDjcsF+ceswQo6GSsYnCHVxMNs007gbbVY3f7o+sWZtLdxJPD2iHvl5Zr
+LK0d1RLMmU6cfIhIABlL0S8EWiv29RROepsCQnS0dnK2b+von1SCYoggvAMe2ToA
+IAJ8+uqaYfGAyn9q8fjZiRHxLmKDq90tKoCUL5r/2dmEIE+t8T/3PfHoq1QzZts9
+W9idhBdT21dEXBtGyoMtckp5njk5m82LQDYiOXkuSoIUhSOteh5g7fBv1BtVSERx
+Jg3UeJjPeGKFwdnzapmAKC2w/6V8xcIINNA+fhZA7B9fD1RAi2TECZ+gyMYDc4T+
+USlMSm9cfvSOrf2+5ngtFb84nHjqvClxCMLu+bCWK8HamqUzhE/a5LbR+48E7PyG
+s3KV+sWFN9KOnakTjj/6iQhXZRhgeAK39F2XTk5Ms5Y+BRSStnMoMZA2grIV+jHi
+1zbWokVqXPI5YRo5isR/PgtKAV6FfNWumcYoFJ9F40pMHQ6hJVEmtrCBx7EApSl3
+mSGbQJUmilLC51qNhwQRbD//ZtpIrN82HTMKzZ6kj7kDCdsff+wsnkIXmmMCAwEA
+AQKCAgA4tMINw6UF7hQF3VEsnbjr6xrzCiWv5HlMm5htPI1OdlpC81+G7ksfOfrf
+UzDkFrwOtftsqBfem268Nvyy2OQprfMIbdSMCFWrEM9/XJ2u1gRGDYmMGF8TUtI8
+cduw9oWx53zHl+uKBHBoKu+k/c7flFeQf63wisIroRCawhWau0SF/h3sXCndzuie
+Hw8q+4aQx2m80bDkotlmCNuXbIU3MZ/pEql9gDLlXTLHmMaryM0EqAmZhx0ErGe6
+WDqJIV4kPB0loSDwRoY6GzbugZ8ENUzcruTkQhCpIOYNNNw5idfwKkaxK1vm+SBv
+iYt1fVjYyfH2vhVKSNoNsaGEloa1u4Dymt/FpFztEpRzHXcw93N8BdLxJ4OUhzm2
+iAbpiyjniTIeAVVi7BUwLXh5WAx8nT0eeb1zKoZg1p1ciK5cYl1Uel7j8xRycsSW
+3YgmtuPqY4Agbc9v3eXbQZNDk48JFMEqpIxk97FAkRYpzfxg5Qq14WJCp60CkdRt
+T60hXy8lT/BcI8OWLfGJuBbsVLNRiC7PpwqRKQAinXSv134FpP7jrhpkMybs2oIS
+5obRG7J5OfOTp925erG5mrpwqa3BPkgqx347Wj9z8quOZyuhi+XaPvqmPtvs5JOl
+4RCqjt6RQlHm7xos9ZZGI4jDAIFaFWgyVZrYplOgwxWma4DTgQKCAQEA9+tizQRU
+lF0lxNcEPvsFnYJo80Y+MQK9VdtlhR19YuSfwP1NCaMG1MhQ+PVBVmepOwJMRJR7
+9PLfOouNMfixKBGP12dtStMuh7jowq/BxhRI6JWp3RhTZ1yJ9ouzHze7IDrEBa6w
+p0hUu9H0Sbt51LXbC3JmTyhbdhfry559DfyGW1Ma/bv/pihL9B5Y7sNf1thNp1gi
+GbQ9B+o2Yyw8ZD8zY+sl+aYDSWyCtcBV/KXEF74Bkfs/a5ExJ00X0jYj/TAp2ray
+T4PY0FR8wN/O10bFLP9j+Xa/ywbcPhoj8nvVRIg9VfWT/QaEd+KR0EZVxdjCCqne
+enbSQksTpAZNwQKCAQEA98E+BMmS+yHUVUhNZABtQ5avwuV4+DoSN8KTp3xwQ0CH
+m9fWxSDs12FdyMhDxrJPeywvHtZ18/7cl3dr8wnFVE0s4ongnRDXsNk5xN6J3AaO
+KqW4HF9cbwZqzLILy8TrO+EK/EQV9FypbrxqvxAlP1kezIA2CJNzVRAgimSuV/H7
+05HTnp5W06fjtEf8U1CUrdNetoSROUo1j/IMGPYGlsBFYAGrj5y/BlKd+3T3kjRp
+Xje7HpiykjrZHn0WDp04Ln+u9nveEewXmHKch313emt7HpW0xspp8JM8OZtEKozk
+D5PfYdBfMJJOUlqovCCzTTJ6kNOahknKXFeO/qs5IwKCAQEAjF0/zhWikXF/fcfD
+Bql2z2vTYdEmSvdjHSYff1Nn90K71DdVk5wytOxJM/sfp/z+yoMNjVKIL/IGQw5Z
+va4xFx+CUhGjxlZ0pLEjT37U9gHsGYsK5jvslLvG/MixfH5AOwoqi5ERQVTpbIF9
+jvVPEAh6YSu/ExglWGJIxTsRUIblxvTxdjEnl/p+rlM0RNJnA6vpo1J51BXA7CdF
+7bZQ5u0Feo/bK1I70ClYg/DGfkmYEV0pZG5cxNkqfDbgwsqWa7YGLGd94xkh+ymq
+jETqxeWyozxhbQ83nYpfzeVc7t//qlJ8b5uf0wUKoRmtNr9rtp13lzP/21REzPXW
+w+oxwQKCAQAoAf2Y2lAw25KlPuq4ZlU+n9u8FkBFnWMJvBMJ7c9XHNmJMf6NkLaO
+RTvWy3geYvbwxf7J9QnRH+vRTciR05cY+Olxn6A03N5nwXxRrToH3MsiWeZ0NnX/
+u8KNUYcUHbV60ulqOThuYHQ/3I9EUUAijaqqjV2sXts19ke68W0x6HKpBJhuudT9
+ktPzbdhyP8Xyl/pocNnerXwexZBsi3Ye6+eIDFz+8OnsBHVcgNPluS72tvsxgqj7
+ciNTiBGCxKKo55eCWBhRPpXE2WUrf/hGPYsBMl2h6FfZMH1+M/N7B4tgdJmS+woU
+Ftws8lTjJEiwA6HFN1ZxrwLNjJobx9yPAoIBAE0igsBuWWn6rXeOPylYg4264XOq
+8gb94pte2n9amDgCzyCn8m6AL3snLC/AoCD19DK+gyK0ukoesXPa3iX6w2xv69ZC
+urDx36Jhd4zrJb4QsFPoeKfDP+UvNVZaS41vipRRzY/y11em15prUZ4U8FA/UT1Y
+FzkBo9r6iUZRnyBLppMuEfWASDtuRNmeIHynoT1AcQOH3l9vR210iEpmAuJr0CYA
+bvTuz3UzzGGEAuIUvuaiRtkfKY52jBmiEr7SSPCr1HvLj3Ccz8bgjgR2kiXmcU50
+1zLnaPAD44LZ/0Fjqj+PimQGT6K7CNXPllmYh7MvoU52g3SVPf6rHlIR0Nc=
+-----END RSA PRIVATE KEY-----
diff --git a/nixos/tests/initrd-network-ssh/openssh.pub b/nixos/tests/initrd-network-ssh/openssh.pub
new file mode 100644
index 00000000000..5b72b8085f2
--- /dev/null
+++ b/nixos/tests/initrd-network-ssh/openssh.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDv70DY8I85MCUWatpuWtRYD5Vl0C4t8zold4ew4XtlsLYXqW9aa8Mz3bkNCqGICNyBae3lYdZLlj5vuUae7NPt/Ip6Bd3zScJGaqWlIbeytfT+XFFpAAkvN+gONywX5x6zBCjoZKxicIdXEw2zTTuBttVjd/uj6xZm0t3Ek8PaIe+XlmssrR3VEsyZTpx8iEgAGUvRLwRaK/b1FE56mwJCdLR2crZv6+ifVIJiiCC8Ax7ZOgAgAnz66pph8YDKf2rx+NmJEfEuYoOr3S0qgJQvmv/Z2YQgT63xP/c98eirVDNm2z1b2J2EF1PbV0RcG0bKgy1ySnmeOTmbzYtANiI5eS5KghSFI616HmDt8G/UG1VIRHEmDdR4mM94YoXB2fNqmYAoLbD/pXzFwgg00D5+FkDsH18PVECLZMQJn6DIxgNzhP5RKUxKb1x+9I6t/b7meC0VvziceOq8KXEIwu75sJYrwdqapTOET9rkttH7jwTs/IazcpX6xYU30o6dqROOP/qJCFdlGGB4Arf0XZdOTkyzlj4FFJK2cygxkDaCshX6MeLXNtaiRWpc8jlhGjmKxH8+C0oBXoV81a6ZxigUn0XjSkwdDqElUSa2sIHHsQClKXeZIZtAlSaKUsLnWo2HBBFsP/9m2kis3zYdMwrNnqSPuQMJ2x9/7CyeQheaYw== tmtynkky@duuni