[thirdparty/systemd.git] / test / TEST-24-CRYPTSETUP / test.sh

#!/usr/bin/env bash
# SPDX-License-Identifier: LGPL-2.1-or-later
set -e

TEST_DESCRIPTION="cryptsetup systemd setup"
IMAGE_NAME="cryptsetup"
IMAGE_ADDITIONAL_DATA_SIZE=100
TEST_NO_NSPAWN=1
TEST_FORCE_NEWIMAGE=1

# shellcheck source=test/test-functions
. "${TEST_BASE_DIR:?}/test-functions"

PART_UUID="deadbeef-dead-dead-beef-000000000000"
DM_NAME="test24_varcrypt"
KERNEL_APPEND+=" rd.luks=1 luks.name=$PART_UUID=$DM_NAME luks.key=$PART_UUID=/keyfile:LABEL=varcrypt_keydev"
QEMU_OPTIONS+=" -drive format=raw,cache=unsafe,file=${STATEDIR:?}/keydev.img"

check_result_qemu() {
    local ret=1

    mount_initdir
    [[ -e "${initdir:?}/testok" ]] && ret=0
    [[ -f "$initdir/failed" ]] && cp -a "$initdir/failed" "${TESTDIR:?}"

    cryptsetup luksOpen "${LOOPDEV:?}p2" "${DM_NAME:?}" <"$TESTDIR/keyfile"
    mount "/dev/mapper/$DM_NAME" "$initdir/var"
    save_journal "$initdir/var/log/journal"
    check_coverage_reports "${initdir:?}" || ret=5
    _umount_dir "$initdir/var"
    _umount_dir "$initdir"
    cryptsetup luksClose "/dev/mapper/$DM_NAME"

    [[ -f "$TESTDIR/failed" ]] && cat "$TESTDIR/failed"
    echo "${JOURNAL_LIST:-No journals were saved}"

    test -s "$TESTDIR/failed" && ret=1
    return $ret
}

test_create_image() {
    create_empty_image_rootdir

    echo -n test >"${TESTDIR:?}/keyfile"
    cryptsetup -q luksFormat --uuid="$PART_UUID" --pbkdf pbkdf2 --pbkdf-force-iterations 1000 "${LOOPDEV:?}p2" "$TESTDIR/keyfile"
    cryptsetup luksOpen "${LOOPDEV}p2" "${DM_NAME:?}" <"$TESTDIR/keyfile"
    mkfs.ext4 -L var "/dev/mapper/$DM_NAME"
    mkdir -p "${initdir:?}/var"
    mount "/dev/mapper/$DM_NAME" "$initdir/var"

    LOG_LEVEL=5

    setup_basic_environment
    mask_supporting_services

    install_dmevent
    generate_module_dependencies

    # Create a keydev
    dd if=/dev/zero of="${STATEDIR:?}/keydev.img" bs=1M count=16
    mkfs.ext4 -L varcrypt_keydev "$STATEDIR/keydev.img"
    mkdir -p "$STATEDIR/keydev"
    mount "$STATEDIR/keydev.img" "$STATEDIR/keydev"
    echo -n test >"$STATEDIR/keydev/keyfile"
    sync "$STATEDIR/keydev"
    umount "$STATEDIR/keydev"

    cat >>"$initdir/etc/fstab" <<EOF
/dev/mapper/$DM_NAME    /var    ext4    defaults 0 1
EOF

    # Forward journal messages to the console, so we have something
    # to investigate even if we fail to mount the encrypted /var
    echo ForwardToConsole=yes >>"$initdir/etc/systemd/journald.conf"

    # If $INITRD wasn't provided explicitly, generate a custom one with dm-crypt
    # support
    if [[ -z "$INITRD" ]]; then
        INITRD="${TESTDIR:?}/initrd.img"
        dinfo "Generating a custom initrd with dm-crypt support in '${INITRD:?}'"

        if command -v dracut >/dev/null; then
            dracut --force --verbose --add crypt "$INITRD"
        elif command -v mkinitcpio >/dev/null; then
            mkinitcpio --addhooks sd-encrypt --generate "$INITRD"
        elif command -v mkinitramfs >/dev/null; then
            # The cryptroot hook is provided by the cryptsetup-initramfs package
            if ! dpkg-query -s cryptsetup-initramfs; then
                derror "Missing 'cryptsetup-initramfs' package for dm-crypt support in initrd"
                return 1
            fi

            mkinitramfs -o "$INITRD"
        else
            dfatal "Unrecognized initrd generator, can't continue"
            return 1
        fi
    fi
}

cleanup_root_var() {
    mountpoint -q "$initdir/var" && umount "$initdir/var"
    [[ -b "/dev/mapper/${DM_NAME:?}" ]] && cryptsetup luksClose "/dev/mapper/$DM_NAME"
    mountpoint -q "${STATEDIR:?}/keydev" && umount "$STATEDIR/keydev"
}

test_cleanup() {
    # ignore errors, so cleanup can continue
    cleanup_root_var || :
    _test_cleanup
}

test_setup_cleanup() {
    cleanup_root_var || :
    cleanup_initdir
}

do_test "$@"
Commit	Line	Data
ff12a795	1	#!/usr/bin/env bash
7b3cec95	2	# SPDX-License-Identifier: LGPL-2.1-or-later
818567fc	3	set -e
3f161ba9	4
71dc3ed1	5	TEST_DESCRIPTION="cryptsetup systemd setup"
8c3534b5	6	IMAGE_NAME="cryptsetup"
b7e91384	7	IMAGE_ADDITIONAL_DATA_SIZE=100
054ee249	8	TEST_NO_NSPAWN=1
d9e606e8	9	TEST_FORCE_NEWIMAGE=1
71dc3ed1	10
3f161ba9 FS	11	# shellcheck source=test/test-functions
3f161ba9 FS	12	. "${TEST_BASE_DIR:?}/test-functions"
71dc3ed1	13
1fb7f8e1 FS	14	PART_UUID="deadbeef-dead-dead-beef-000000000000"
1fb7f8e1 FS	15	DM_NAME="test24_varcrypt"
6b70d3cf FS	16	KERNEL_APPEND+=" rd.luks=1 luks.name=$PART_UUID=$DM_NAME luks.key=$PART_UUID=/keyfile:LABEL=varcrypt_keydev"
6b70d3cf FS	17	QEMU_OPTIONS+=" -drive format=raw,cache=unsafe,file=${STATEDIR:?}/keydev.img"
1fb7f8e1	18
889a9042	19	check_result_qemu() {
3f161ba9 FS	20	local ret=1
3f161ba9 FS	21
1506edca	22	mount_initdir
3f161ba9 FS	23	[[ -e "${initdir:?}/testok" ]] && ret=0
	24	[[ -f "$initdir/failed" ]] && cp -a "$initdir/failed" "${TESTDIR:?}"
	25
1fb7f8e1 FS	26	cryptsetup luksOpen "${LOOPDEV:?}p2" "${DM_NAME:?}" <"$TESTDIR/keyfile"
1fb7f8e1 FS	27	mount "/dev/mapper/$DM_NAME" "$initdir/var"
3f161ba9	28	save_journal "$initdir/var/log/journal"
9bc10d31	29	check_coverage_reports "${initdir:?}" \|\| ret=5
3f161ba9 FS	30	_umount_dir "$initdir/var"
3f161ba9 FS	31	_umount_dir "$initdir"
1fb7f8e1	32	cryptsetup luksClose "/dev/mapper/$DM_NAME"
3f161ba9 FS	33
	34	[[ -f "$TESTDIR/failed" ]] && cat "$TESTDIR/failed"
	35	echo "${JOURNAL_LIST:-No journals were saved}"
	36
7bf20e48	37	test -s "$TESTDIR/failed" && ret=1
71dc3ed1 LP	38	return $ret
	39	}
	40
8c3534b5	41	test_create_image() {
ec4cab49	42	create_empty_image_rootdir
3f161ba9 FS	43
3f161ba9 FS	44	echo -n test >"${TESTDIR:?}/keyfile"
1fb7f8e1 FS	45	cryptsetup -q luksFormat --uuid="$PART_UUID" --pbkdf pbkdf2 --pbkdf-force-iterations 1000 "${LOOPDEV:?}p2" "$TESTDIR/keyfile"
	46	cryptsetup luksOpen "${LOOPDEV}p2" "${DM_NAME:?}" <"$TESTDIR/keyfile"
	47	mkfs.ext4 -L var "/dev/mapper/$DM_NAME"
3f161ba9	48	mkdir -p "${initdir:?}/var"
1fb7f8e1 FS	49	mount "/dev/mapper/$DM_NAME" "$initdir/var"
	50
	51	LOG_LEVEL=5
	52
	53	setup_basic_environment
	54	mask_supporting_services
	55
	56	install_dmevent
	57	generate_module_dependencies
	58
6b70d3cf FS	59	# Create a keydev
	60	dd if=/dev/zero of="${STATEDIR:?}/keydev.img" bs=1M count=16
	61	mkfs.ext4 -L varcrypt_keydev "$STATEDIR/keydev.img"
	62	mkdir -p "$STATEDIR/keydev"
	63	mount "$STATEDIR/keydev.img" "$STATEDIR/keydev"
	64	echo -n test >"$STATEDIR/keydev/keyfile"
168ccb87	65	sync "$STATEDIR/keydev"
6b70d3cf	66	umount "$STATEDIR/keydev"
71dc3ed1	67
1fb7f8e1 FS	68	cat >>"$initdir/etc/fstab" <<EOF
1fb7f8e1 FS	69	/dev/mapper/$DM_NAME /var ext4 defaults 0 1
889a9042	70	EOF
e47add9e	71
1fb7f8e1 FS	72	# Forward journal messages to the console, so we have something
1fb7f8e1 FS	73	# to investigate even if we fail to mount the encrypted /var
7a17e41d	74	echo ForwardToConsole=yes >>"$initdir/etc/systemd/journald.conf"
b22d90e5 FS	75
	76	# If $INITRD wasn't provided explicitly, generate a custom one with dm-crypt
	77	# support
	78	if [[ -z "$INITRD" ]]; then
	79	INITRD="${TESTDIR:?}/initrd.img"
	80	dinfo "Generating a custom initrd with dm-crypt support in '${INITRD:?}'"
	81
	82	if command -v dracut >/dev/null; then
	83	dracut --force --verbose --add crypt "$INITRD"
	84	elif command -v mkinitcpio >/dev/null; then
	85	mkinitcpio --addhooks sd-encrypt --generate "$INITRD"
	86	elif command -v mkinitramfs >/dev/null; then
	87	# The cryptroot hook is provided by the cryptsetup-initramfs package
	88	if ! dpkg-query -s cryptsetup-initramfs; then
	89	derror "Missing 'cryptsetup-initramfs' package for dm-crypt support in initrd"
	90	return 1
	91	fi
	92
	93	mkinitramfs -o "$INITRD"
	94	else
	95	dfatal "Unrecognized initrd generator, can't continue"
	96	return 1
	97	fi
	98	fi
ec4cab49	99	}
71dc3ed1	100
ec4cab49	101	cleanup_root_var() {
168ccb87	102	mountpoint -q "$initdir/var" && umount "$initdir/var"
1fb7f8e1	103	[[ -b "/dev/mapper/${DM_NAME:?}" ]] && cryptsetup luksClose "/dev/mapper/$DM_NAME"
168ccb87	104	mountpoint -q "${STATEDIR:?}/keydev" && umount "$STATEDIR/keydev"
71dc3ed1 LP	105	}
	106
	107	test_cleanup() {
f85bc044	108	# ignore errors, so cleanup can continue
65dd488f	109	cleanup_root_var \|\| :
ec4cab49 DS	110	_test_cleanup
	111	}
	112
	113	test_setup_cleanup() {
ec43f686 ZJS	114	cleanup_root_var \|\| :
ec43f686 ZJS	115	cleanup_initdir
71dc3ed1 LP	116	}
71dc3ed1 LP	117
c4cd6205	118	do_test "$@"