test(nix): add basic functionality testing infra

Use nixos-test scaffolding to spawn VMs and run any scripts in
`checks/*.sh` as tests inside of the VM. This should lessen the risk of
any obvious breakage in the CI but needs more and better tests to cover
more commands.

Signed-off-by: Thomas Mühlbacher <tmuehlbacher@posteo.net>

README.md

@@ -30,6 +30,20 @@ Build and install
 
 Refer to [INSTALL.md](./INSTALL.md)
 
+Testing
+-------
+
+Besides manual testing, which is also encouraged, there are also a number of
+checks defined that are used for CI (e.g. github actions).
+
+These checks can be listed using `nix flake show`. You can, for example, test
+the current state of the repo or test every patch before publishing them.
+
+```console
+$ nix flake check
+$ git rev-list origin/master.. | xargs -I{} nix flake check "git+file://$(pwd)?rev={}"
+```
+
 Bug reports and contributions
 -----------------------------
 

checks/README.md

@@ -0,0 +1,72 @@
+# NixOS tests
+
+Any `*.sh` file in this directory will be run in a NixOS VM for basic
+functionality testing as part of CI. To list all outputs, including the checks,
+you can use this command:
+
+```console
+$ nix flake show
+```
+
+You can also run these tests locally by running `nix flake check`. To run one
+specific test you can use `nix build` like this:
+
+```console
+$ nix build ".#checks.x86_64-linux.subvolume"
+```
+
+With the flag `-L`/`--print-build-logs` outputs are shown fully as checks are
+executing. Additionally, if the specific check has already been run locally, you
+can view the log for the check or force another run with the following:
+
+```console
+$ nix log .#checks.x86_64-linux.subvolume
+$ nix build --rebuild .#checks.x86_64-linux.subvolume
+```
+
+If you need any more packages inside of the VM for a test, you can add them to
+`environment.systemPackages` in `default.nix`. If you're unsure about the
+package you need, [NixOS package search] may be able to help.
+
+For more information about the NixOS testing library see the
+[testing wiki article].
+
+## Kernel version inside VM
+
+By default `linuxPackages_latest` from nixpkgs is used in the testing VM. This
+is the latest stable kernel version available in the nixpkgs revision. Updating
+the nixpkgs flake input may update the used kernel. A custom-built kernel can be
+used as well but with added build times in CI.
+
+## Adding new tests
+
+The easiest way to add new tests is of course to copy an existing test and adapt
+it accordingly. Importantly, for nix to see a file as part of the sources, the
+file needs to be in the git index. It doesn't have to be committed to the repo
+just yet but you need to `git add` it. If `git ls-files` lists the file, nix
+will also see it.
+
+## Interactive debugging of tests
+
+When writing a new test or experiencing a difficult to understand test failure,
+an interactive login can be very handy. This can be achieved by building the
+`driverInteractive` attribute of the check, for example like this:
+
+```console
+$ nix build .#checks.x86_64-linux.subvolume.driverInteractive
+```
+
+The `nix build` will create a symlink in your working directory called `result`
+which leads to a script that launches the VM interactively:
+
+```console
+$ ./result/bin/nixos-test-driver
+```
+
+There is more information about this in the NixOS manual under
+[running tests interactively].
+
+[Linux wiki article]: https://wiki.nixos.org/wiki/Linux_kernel
+[NixOS package search]: https://search.nixos.org
+[running tests interactively]: https://nixos.org/manual/nixos/stable/#sec-running-nixos-tests-interactively
+[testing wiki article]: https://wiki.nixos.org/wiki/NixOS_Testing_library

checks/default.nix

@@ -0,0 +1,47 @@
+{ pkgs }:
+let
+  inherit (builtins) baseNameOf readDir;
+  inherit (pkgs.lib)
+    filterAttrs
+    genAttrs
+    hasSuffix
+    mapAttrsToList
+    removeSuffix
+    ;
+
+  scriptName = shFile: removeSuffix ".sh" (baseNameOf shFile);
+
+  scriptNames = mapAttrsToList (n: v: scriptName n) (
+    filterAttrs (n: v: v == "regular" && hasSuffix ".sh" n) (readDir ./.)
+  );
+
+  mkTest =
+    name:
+    pkgs.testers.runNixOSTest {
+      inherit name;
+
+      nodes.machine =
+        { pkgs, ... }:
+        {
+          virtualisation.emptyDiskImages = [ 4096 ];
+          boot.supportedFilesystems = [ "bcachefs" ];
+          boot.kernelPackages = pkgs.linuxPackages_latest;
+
+          # Add any packages you need inside test scripts here
+          environment.systemPackages = with pkgs; [
+            genpass
+            keyutils
+          ];
+
+          environment.variables = {
+            RUST_BACKTRACE = "full";
+          };
+        };
+
+      testScript = ''
+        machine.succeed("modprobe bcachefs")
+        machine.succeed("${./${name}.sh} 1>&2")
+      '';
+    };
+in
+genAttrs scriptNames mkTest

checks/encrypted-multidev.sh

@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+set -euxo pipefail
+
+blkdev="/dev/vdb"
+mnt="/tmp/mnt"
+pw=$(genpass)
+uuid=$(uuidgen)
+
+# link user and session keyrings so that the key can be found by the kernel
+keyctl link @u @s
+
+sfdisk "$blkdev" <<EOF
+label: gpt
+type=linux, size=1G
+type=linux, size=1G
+type=linux
+EOF
+
+udevadm settle
+
+echo "$pw" | bcachefs format \
+    --verbose \
+    --encrypted \
+    --replicas=2 \
+    --uuid "$uuid" \
+    --fs_label test-fs \
+    "$blkdev"?
+
+udevadm settle
+
+mkdir -p "$mnt"
+echo "$pw" | bcachefs mount -v "UUID=$uuid" "$mnt"
+
+keyctl search @u user "bcachefs:$uuid"

checks/encrypted-unlock.sh

@@ -0,0 +1,39 @@
+#!/usr/bin/env bash
+set -euxo pipefail
+
+blkdev="/dev/vdb"
+mnt="/tmp/mnt"
+pw=$(genpass)
+uuid=$(uuidgen)
+
+# link user and session keyrings so that the key can be found by the kernel
+keyctl link @u @s
+
+echo "$pw" | bcachefs format \
+    --verbose \
+    --encrypted \
+    --uuid "$uuid" \
+    --fs_label test-fs \
+    "$blkdev"
+
+udevadm settle
+
+mkdir -p "$mnt"
+
+bcachefs unlock -c "$blkdev"
+
+echo "$pw" | bcachefs unlock "$blkdev"
+key_id=$(keyctl search @u user "bcachefs:$uuid")
+
+bcachefs mount -v "$blkdev" "$mnt"
+umount "$mnt"
+
+keyctl unlink "$key_id"
+
+echo "$pw" | bcachefs unlock -k session "$blkdev"
+key_id=$(keyctl search @s user "bcachefs:$uuid")
+
+mount -t bcachefs "$blkdev" "$mnt"
+umount "$mnt"
+
+keyctl unlink "$key_id"

checks/outputs.sh

@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+set -euxo pipefail
+
+blkdev="/dev/vdb"
+mnt="/tmp/mnt"
+uuid=$(uuidgen)
+
+bcachefs format \
+    --verbose \
+    --uuid "$uuid" \
+    --fs_label test-fs \
+    "$blkdev"
+
+udevadm settle
+
+mkdir -p "$mnt"
+mount "$blkdev" "$mnt"
+
+bcachefs show-super "$blkdev" | grep -i "external.*$uuid"
+bcachefs fs usage "$mnt" | grep "$uuid"

checks/subvolume.sh

@@ -0,0 +1,36 @@
+#!/usr/bin/env bash
+set -euxo pipefail
+
+blkdev="/dev/vdb"
+mnt="/tmp/mnt"
+uuid=$(uuidgen)
+
+bcachefs format \
+    --verbose \
+    --uuid "$uuid" \
+    --fs_label test-fs \
+    "$blkdev"
+
+udevadm settle
+
+mkdir -p "$mnt"
+mount "$blkdev" "$mnt"
+
+touch "$mnt/file1"
+
+bcachefs subvolume create "$mnt/subvol1"
+bcachefs subvolume delete "$mnt/subvol1"
+
+(
+    cd "$mnt"
+
+    bcachefs subvolume create subvol1
+    bcachefs subvolume create subvol1/subvol1
+    bcachefs subvolume create subvol1/subvol2
+    touch subvol1/file1
+
+    rm subvol1/file1
+    bcachefs subvolume delete subvol1/subvol2
+    bcachefs subvolume delete subvol1/subvol1
+    bcachefs subvolume delete subvol1
+)

flake.nix

@@ -143,31 +143,37 @@
             }
           );
 
-          checks.cargo-clippy = craneLib.cargoClippy (
+          checks =
-            commonArgs
+            let
-            // {
+              overlay = final: prev: { inherit (config.packages) bcachefs-tools; };
-              inherit cargoArtifacts;
-              cargoClippyExtraArgs = "--all-targets -- --deny warnings";
-            }
-          );
 
-          # we have to build our own `craneLib.cargoTest`
+              cargo-clippy = craneLib.cargoClippy (
-          checks.cargo-test = craneLib.mkCargoDerivation (
+                commonArgs
-            commonArgs
+                // {
-            // {
+                  inherit cargoArtifacts;
-              inherit cargoArtifacts;
+                  cargoClippyExtraArgs = "--all-targets -- --deny warnings";
-              doCheck = true;
+                }
+              );
 
-              enableParallelChecking = true;
+              # we have to build our own `craneLib.cargoTest`
+              cargo-test = craneLib.mkCargoDerivation (
+                commonArgs
+                // {
+                  inherit cargoArtifacts;
+                  doCheck = true;
 
-              pnameSuffix = "-test";
+                  enableParallelChecking = true;
-              buildPhaseCargoCommand = "";
+
-              checkPhaseCargoCommand = ''
+                  pnameSuffix = "-test";
-                make ''${enableParallelChecking:+-j''${NIX_BUILD_CORES}} $makeFlags libbcachefs.a
+                  buildPhaseCargoCommand = "";
-                cargo test --profile release -- --nocapture
+                  checkPhaseCargoCommand = ''
-              '';
+                    make ''${enableParallelChecking:+-j''${NIX_BUILD_CORES}} $makeFlags libbcachefs.a
-            }
+                    cargo test --profile release -- --nocapture
-          );
+                  '';
+                }
+              );
+            in
+            (import ./checks { pkgs = pkgs.extend overlay; }) // { inherit cargo-clippy cargo-test; };
 
           devShells.default = pkgs.mkShell {
             inputsFrom = [