]>
Commit | Line | Data |
---|---|---|
ff12a795 | 1 | #!/usr/bin/env bash |
7b3cec95 | 2 | # SPDX-License-Identifier: LGPL-2.1-or-later |
818567fc | 3 | set -e |
3f161ba9 | 4 | |
71dc3ed1 | 5 | TEST_DESCRIPTION="cryptsetup systemd setup" |
8c3534b5 | 6 | IMAGE_NAME="cryptsetup" |
054ee249 | 7 | TEST_NO_NSPAWN=1 |
d9e606e8 | 8 | TEST_FORCE_NEWIMAGE=1 |
71dc3ed1 | 9 | |
3f161ba9 FS |
10 | # shellcheck source=test/test-functions |
11 | . "${TEST_BASE_DIR:?}/test-functions" | |
71dc3ed1 | 12 | |
889a9042 | 13 | check_result_qemu() { |
3f161ba9 FS |
14 | local ret=1 |
15 | ||
1506edca | 16 | mount_initdir |
3f161ba9 FS |
17 | [[ -e "${initdir:?}/testok" ]] && ret=0 |
18 | [[ -f "$initdir/failed" ]] && cp -a "$initdir/failed" "${TESTDIR:?}" | |
19 | ||
20 | cryptsetup luksOpen "${LOOPDEV:?}p2" varcrypt <"$TESTDIR/keyfile" | |
21 | mount /dev/mapper/varcrypt "$initdir/var" | |
22 | save_journal "$initdir/var/log/journal" | |
23 | _umount_dir "$initdir/var" | |
24 | _umount_dir "$initdir" | |
71dc3ed1 | 25 | cryptsetup luksClose /dev/mapper/varcrypt |
3f161ba9 FS |
26 | |
27 | [[ -f "$TESTDIR/failed" ]] && cat "$TESTDIR/failed" | |
28 | echo "${JOURNAL_LIST:-No journals were saved}" | |
29 | ||
7bf20e48 | 30 | test -s "$TESTDIR/failed" && ret=1 |
71dc3ed1 LP |
31 | return $ret |
32 | } | |
33 | ||
8c3534b5 | 34 | test_create_image() { |
ec4cab49 | 35 | create_empty_image_rootdir |
3f161ba9 FS |
36 | |
37 | echo -n test >"${TESTDIR:?}/keyfile" | |
38 | cryptsetup -q luksFormat --pbkdf pbkdf2 --pbkdf-force-iterations 1000 "${LOOPDEV:?}p2" "$TESTDIR/keyfile" | |
39 | cryptsetup luksOpen "${LOOPDEV}p2" varcrypt <"$TESTDIR/keyfile" | |
4b742c8a | 40 | mkfs.ext4 -L var /dev/mapper/varcrypt |
3f161ba9 FS |
41 | mkdir -p "${initdir:?}/var" |
42 | mount /dev/mapper/varcrypt "$initdir/var" | |
71dc3ed1 LP |
43 | |
44 | # Create what will eventually be our root filesystem onto an overlay | |
45 | ( | |
46 | LOG_LEVEL=5 | |
3f161ba9 FS |
47 | # shellcheck source=/dev/null |
48 | source <(udevadm info --export --query=env --name=/dev/mapper/varcrypt) | |
49 | # shellcheck source=/dev/null | |
50 | source <(udevadm info --export --query=env --name="${LOOPDEV}p2") | |
71dc3ed1 | 51 | |
889a9042 | 52 | setup_basic_environment |
51fa8591 | 53 | mask_supporting_services |
056ae881 | 54 | |
889a9042 | 55 | install_dmevent |
1a6dc653 | 56 | generate_module_dependencies |
3f161ba9 | 57 | cat >"$initdir/etc/crypttab" <<EOF |
889a9042 | 58 | $DM_NAME UUID=$ID_FS_UUID /etc/varkey |
71dc3ed1 | 59 | EOF |
3f161ba9 FS |
60 | echo -n test >"$initdir/etc/varkey" |
61 | ddebug <"$initdir/etc/crypttab" | |
71dc3ed1 | 62 | |
3f161ba9 | 63 | cat >>"$initdir/etc/fstab" <<EOF |
4b742c8a | 64 | /dev/mapper/varcrypt /var ext4 defaults 0 1 |
889a9042 | 65 | EOF |
e47add9e FS |
66 | |
67 | # Forward journal messages to the console, so we have something | |
68 | # to investigate even if we fail to mount the encrypted /var | |
3f161ba9 | 69 | echo ForwardToConsole=yes >> "$initdir/etc/systemd/journald.conf" |
cc469c3d | 70 | ) |
ec4cab49 | 71 | } |
71dc3ed1 | 72 | |
ec4cab49 | 73 | cleanup_root_var() { |
3f161ba9 FS |
74 | ddebug "umount ${initdir:?}/var" |
75 | mountpoint "$initdir/var" && umount "$initdir/var" | |
ec4cab49 | 76 | [[ -b /dev/mapper/varcrypt ]] && cryptsetup luksClose /dev/mapper/varcrypt |
71dc3ed1 LP |
77 | } |
78 | ||
79 | test_cleanup() { | |
f85bc044 | 80 | # ignore errors, so cleanup can continue |
65dd488f | 81 | cleanup_root_var || : |
ec4cab49 DS |
82 | _test_cleanup |
83 | } | |
84 | ||
85 | test_setup_cleanup() { | |
ec43f686 ZJS |
86 | cleanup_root_var || : |
87 | cleanup_initdir | |
71dc3ed1 LP |
88 | } |
89 | ||
c4cd6205 | 90 | do_test "$@" |