2 # SPDX-License-Identifier: LGPL-2.1-or-later
5 TEST_DESCRIPTION
="cryptsetup systemd setup"
6 IMAGE_NAME
="cryptsetup"
7 IMAGE_ADDITIONAL_DATA_SIZE
=100
11 # shellcheck source=test/test-functions
12 .
"${TEST_BASE_DIR:?}/test-functions"
14 PART_UUID
="deadbeef-dead-dead-beef-000000000000"
15 DM_NAME
="test24_varcrypt"
18 "luks.name=$PART_UUID=$DM_NAME"
19 "luks.key=$PART_UUID=/keyfile:LABEL=varcrypt_keydev"
20 "luks.options=$PART_UUID=x-initrd.attach"
22 KERNEL_APPEND
+=" ${KERNEL_OPTIONS[*]}"
23 QEMU_OPTIONS
+=" -drive format=raw,cache=unsafe,file=${STATEDIR:?}/keydev.img"
30 cryptsetup luksOpen
"${LOOPDEV:?}p2" "${DM_NAME:?}" <"$TESTDIR/keyfile"
31 mount
"/dev/mapper/$DM_NAME" "$initdir/var"
33 check_result_common
"${initdir:?}" && ret
=0 || ret
=$?
35 _umount_dir
"$initdir/var"
36 _umount_dir
"$initdir"
37 cryptsetup luksClose
"/dev/mapper/$DM_NAME"
43 create_empty_image_rootdir
45 echo -n test >"${TESTDIR:?}/keyfile"
46 cryptsetup
-q luksFormat
--uuid="$PART_UUID" --pbkdf pbkdf2
--pbkdf-force-iterations 1000 "${LOOPDEV:?}p2" "$TESTDIR/keyfile"
47 cryptsetup luksOpen
"${LOOPDEV}p2" "${DM_NAME:?}" <"$TESTDIR/keyfile"
48 mkfs.ext4
-L var
"/dev/mapper/$DM_NAME"
49 mkdir
-p "${initdir:?}/var"
50 mount
"/dev/mapper/$DM_NAME" "$initdir/var"
54 setup_basic_environment
55 mask_supporting_services
58 generate_module_dependencies
61 dd if=/dev
/zero of
="${STATEDIR:?}/keydev.img" bs
=1M count
=16
62 mkfs.ext4
-L varcrypt_keydev
"$STATEDIR/keydev.img"
63 mkdir
-p "$STATEDIR/keydev"
64 mount
"$STATEDIR/keydev.img" "$STATEDIR/keydev"
65 echo -n test >"$STATEDIR/keydev/keyfile"
66 sync
"$STATEDIR/keydev"
67 umount
"$STATEDIR/keydev"
69 cat >>"$initdir/etc/fstab" <<EOF
70 /dev/mapper/$DM_NAME /var ext4 defaults 0 1
73 # Forward journal messages to the console, so we have something
74 # to investigate even if we fail to mount the encrypted /var
75 echo ForwardToConsole
=yes >>"$initdir/etc/systemd/journald.conf"
77 # If $INITRD wasn't provided explicitly, generate a custom one with dm-crypt
79 if [[ -z "$INITRD" ]]; then
80 INITRD
="${TESTDIR:?}/initrd.img"
81 dinfo
"Generating a custom initrd with dm-crypt support in '${INITRD:?}'"
83 if command -v dracut
>/dev
/null
; then
84 dracut
--force --verbose --add crypt "$INITRD"
85 elif command -v mkinitcpio
>/dev
/null
; then
86 mkinitcpio
--addhooks sd-encrypt
--generate "$INITRD"
87 elif command -v mkinitramfs
>/dev
/null
; then
88 # The cryptroot hook is provided by the cryptsetup-initramfs package
89 if ! dpkg-query
-s cryptsetup-initramfs
; then
90 derror
"Missing 'cryptsetup-initramfs' package for dm-crypt support in initrd"
94 mkinitramfs
-o "$INITRD"
96 dfatal
"Unrecognized initrd generator, can't continue"
103 mountpoint
-q "$initdir/var" && umount
"$initdir/var"
104 [[ -b "/dev/mapper/${DM_NAME:?}" ]] && cryptsetup luksClose
"/dev/mapper/$DM_NAME"
105 mountpoint
-q "${STATEDIR:?}/keydev" && umount
"$STATEDIR/keydev"
109 # ignore errors, so cleanup can continue
110 cleanup_root_var ||
:
114 test_setup_cleanup
() {
115 cleanup_root_var ||
: