From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 21 Nov 2023 20:31:25 +0000 (+0100)
Subject: test: make sure pcrlock tests run headless
X-Git-Tag: v255-rc3~16
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5e5d4d36b434d0963ef1f409cead4787cf8ddbe2;p=thirdparty%2Fsystemd.git

test: make sure pcrlock tests run headless

We want the tests to fail rather than hang if unlock via tpm doesn't
work.
---

diff --git a/test/units/testsuite-70.pcrlock.sh b/test/units/testsuite-70.pcrlock.sh
index 46060c1dc3e..3da992613b2 100755
--- a/test/units/testsuite-70.pcrlock.sh
+++ b/test/units/testsuite-70.pcrlock.sh
@@ -86,7 +86,7 @@ chmod 0600 /tmp/pcrlockpwd
 cryptsetup luksFormat -q --pbkdf pbkdf2 --pbkdf-force-iterations 1000 --use-urandom "$img" /tmp/pcrlockpwd
 
 systemd-cryptenroll --unlock-key-file=/tmp/pcrlockpwd --tpm2-device=auto --tpm2-pcrlock=/var/lib/systemd/pcrlock.json --tpm2-public-key= --wipe-slot=tpm2 "$img"
-systemd-cryptsetup attach pcrlock "$img" - tpm2-device=auto,tpm2-pcrlock=/var/lib/systemd/pcrlock.json
+systemd-cryptsetup attach pcrlock "$img" - tpm2-device=auto,tpm2-pcrlock=/var/lib/systemd/pcrlock.json,headless
 systemd-cryptsetup detach pcrlock
 
 # Measure something into PCR 16 (the "debug" PCR), which should make the activation fail
@@ -104,7 +104,7 @@ echo -n test70 | "$SD_PCRLOCK" lock-raw --pcrlock=/var/lib/pcrlock.d/910-test70.
 (! "$SD_PCRLOCK" make-policy --pcr="$PCRS")
 PIN=huhu "$SD_PCRLOCK" make-policy --pcr="$PCRS" --recovery-pin=yes
 
-systemd-cryptsetup attach pcrlock "$img" - tpm2-device=auto,tpm2-pcrlock=/var/lib/systemd/pcrlock.json
+systemd-cryptsetup attach pcrlock "$img" - tpm2-device=auto,tpm2-pcrlock=/var/lib/systemd/pcrlock.json,headless
 systemd-cryptsetup detach pcrlock
 
 # And now let's do it the clean way, and generate the right policy ahead of time.
@@ -115,7 +115,7 @@ echo -n test70-take-two | "$SD_PCRLOCK" lock-raw --pcrlock=/var/lib/pcrlock.d/92
 
 "$SD_PCRLOCK" cel --json=pretty
 
-systemd-cryptsetup attach pcrlock "$img" - tpm2-device=auto,tpm2-pcrlock=/var/lib/systemd/pcrlock.json
+systemd-cryptsetup attach pcrlock "$img" - tpm2-device=auto,tpm2-pcrlock=/var/lib/systemd/pcrlock.json,headless
 systemd-cryptsetup detach pcrlock
 
 "$SD_PCRLOCK" remove-policy