[thirdparty/systemd.git] / test / TEST-24-CRYPTSETUP / test.sh

#!/usr/bin/env bash
set -e

TEST_DESCRIPTION="cryptsetup systemd setup"
IMAGE_NAME="cryptsetup"
TEST_NO_NSPAWN=1
TEST_FORCE_NEWIMAGE=1

# shellcheck source=test/test-functions
. "${TEST_BASE_DIR:?}/test-functions"

check_result_qemu() {
    local ret=1

    mount_initdir
    [[ -e "${initdir:?}/testok" ]] && ret=0
    [[ -f "$initdir/failed" ]] && cp -a "$initdir/failed" "${TESTDIR:?}"

    cryptsetup luksOpen "${LOOPDEV:?}p2" varcrypt <"$TESTDIR/keyfile"
    mount /dev/mapper/varcrypt "$initdir/var"
    save_journal "$initdir/var/log/journal"
    _umount_dir "$initdir/var"
    _umount_dir "$initdir"
    cryptsetup luksClose /dev/mapper/varcrypt

    [[ -f "$TESTDIR/failed" ]] && cat "$TESTDIR/failed"
    echo "${JOURNAL_LIST:-No journals were saved}"

    test -s "$TESTDIR/failed" && ret=$((ret + 1))
    return $ret
}

test_create_image() {
    create_empty_image_rootdir

    echo -n test >"${TESTDIR:?}/keyfile"
    cryptsetup -q luksFormat --pbkdf pbkdf2 --pbkdf-force-iterations 1000 "${LOOPDEV:?}p2" "$TESTDIR/keyfile"
    cryptsetup luksOpen "${LOOPDEV}p2" varcrypt <"$TESTDIR/keyfile"
    mkfs.ext4 -L var /dev/mapper/varcrypt
    mkdir -p "${initdir:?}/var"
    mount /dev/mapper/varcrypt "$initdir/var"

    # Create what will eventually be our root filesystem onto an overlay
    (
        LOG_LEVEL=5
        # shellcheck source=/dev/null
        source <(udevadm info --export --query=env --name=/dev/mapper/varcrypt)
        # shellcheck source=/dev/null
        source <(udevadm info --export --query=env --name="${LOOPDEV}p2")

        setup_basic_environment
        mask_supporting_services

        install_dmevent
        generate_module_dependencies
        cat >"$initdir/etc/crypttab" <<EOF
$DM_NAME UUID=$ID_FS_UUID /etc/varkey
EOF
        echo -n test >"$initdir/etc/varkey"
        ddebug <"$initdir/etc/crypttab"

        cat >>"$initdir/etc/fstab" <<EOF
/dev/mapper/varcrypt    /var    ext4    defaults 0 1
EOF

        # Forward journal messages to the console, so we have something
        # to investigate even if we fail to mount the encrypted /var
        echo ForwardToConsole=yes >> "$initdir/etc/systemd/journald.conf"
    )
}

cleanup_root_var() {
    ddebug "umount ${initdir:?}/var"
    mountpoint "$initdir/var" && umount "$initdir/var"
    [[ -b /dev/mapper/varcrypt ]] && cryptsetup luksClose /dev/mapper/varcrypt
}

test_cleanup() {
    # ignore errors, so cleanup can continue
    cleanup_root_var || :
    _test_cleanup
}

test_setup_cleanup() {
    cleanup_root_var || :
    cleanup_initdir
}

do_test "$@" 24
Commit	Line	Data
ff12a795	1	#!/usr/bin/env bash
818567fc	2	set -e
3f161ba9	3
71dc3ed1	4	TEST_DESCRIPTION="cryptsetup systemd setup"
8c3534b5	5	IMAGE_NAME="cryptsetup"
054ee249	6	TEST_NO_NSPAWN=1
d9e606e8	7	TEST_FORCE_NEWIMAGE=1
71dc3ed1	8
3f161ba9 FS	9	# shellcheck source=test/test-functions
3f161ba9 FS	10	. "${TEST_BASE_DIR:?}/test-functions"
71dc3ed1	11
889a9042	12	check_result_qemu() {
3f161ba9 FS	13	local ret=1
3f161ba9 FS	14
1506edca	15	mount_initdir
3f161ba9 FS	16	[[ -e "${initdir:?}/testok" ]] && ret=0
	17	[[ -f "$initdir/failed" ]] && cp -a "$initdir/failed" "${TESTDIR:?}"
	18
	19	cryptsetup luksOpen "${LOOPDEV:?}p2" varcrypt <"$TESTDIR/keyfile"
	20	mount /dev/mapper/varcrypt "$initdir/var"
	21	save_journal "$initdir/var/log/journal"
	22	_umount_dir "$initdir/var"
	23	_umount_dir "$initdir"
71dc3ed1	24	cryptsetup luksClose /dev/mapper/varcrypt
3f161ba9 FS	25
	26	[[ -f "$TESTDIR/failed" ]] && cat "$TESTDIR/failed"
	27	echo "${JOURNAL_LIST:-No journals were saved}"
	28
	29	test -s "$TESTDIR/failed" && ret=$((ret + 1))
71dc3ed1 LP	30	return $ret
	31	}
	32
8c3534b5	33	test_create_image() {
ec4cab49	34	create_empty_image_rootdir
3f161ba9 FS	35
	36	echo -n test >"${TESTDIR:?}/keyfile"
	37	cryptsetup -q luksFormat --pbkdf pbkdf2 --pbkdf-force-iterations 1000 "${LOOPDEV:?}p2" "$TESTDIR/keyfile"
	38	cryptsetup luksOpen "${LOOPDEV}p2" varcrypt <"$TESTDIR/keyfile"
4b742c8a	39	mkfs.ext4 -L var /dev/mapper/varcrypt
3f161ba9 FS	40	mkdir -p "${initdir:?}/var"
3f161ba9 FS	41	mount /dev/mapper/varcrypt "$initdir/var"
71dc3ed1 LP	42
	43	# Create what will eventually be our root filesystem onto an overlay
	44	(
	45	LOG_LEVEL=5
3f161ba9 FS	46	# shellcheck source=/dev/null
	47	source <(udevadm info --export --query=env --name=/dev/mapper/varcrypt)
	48	# shellcheck source=/dev/null
	49	source <(udevadm info --export --query=env --name="${LOOPDEV}p2")
71dc3ed1	50
889a9042	51	setup_basic_environment
51fa8591	52	mask_supporting_services
056ae881	53
889a9042	54	install_dmevent
1a6dc653	55	generate_module_dependencies
3f161ba9	56	cat >"$initdir/etc/crypttab" <<EOF
889a9042	57	$DM_NAME UUID=$ID_FS_UUID /etc/varkey
71dc3ed1	58	EOF
3f161ba9 FS	59	echo -n test >"$initdir/etc/varkey"
3f161ba9 FS	60	ddebug <"$initdir/etc/crypttab"
71dc3ed1	61
3f161ba9	62	cat >>"$initdir/etc/fstab" <<EOF
4b742c8a	63	/dev/mapper/varcrypt /var ext4 defaults 0 1
889a9042	64	EOF
e47add9e FS	65
	66	# Forward journal messages to the console, so we have something
	67	# to investigate even if we fail to mount the encrypted /var
3f161ba9	68	echo ForwardToConsole=yes >> "$initdir/etc/systemd/journald.conf"
cc469c3d	69	)
ec4cab49	70	}
71dc3ed1	71
ec4cab49	72	cleanup_root_var() {
3f161ba9 FS	73	ddebug "umount ${initdir:?}/var"
3f161ba9 FS	74	mountpoint "$initdir/var" && umount "$initdir/var"
ec4cab49	75	[[ -b /dev/mapper/varcrypt ]] && cryptsetup luksClose /dev/mapper/varcrypt
71dc3ed1 LP	76	}
	77
	78	test_cleanup() {
f85bc044	79	# ignore errors, so cleanup can continue
65dd488f	80	cleanup_root_var \|\| :
ec4cab49 DS	81	_test_cleanup
	82	}
	83
	84	test_setup_cleanup() {
ec43f686 ZJS	85	cleanup_root_var \|\| :
ec43f686 ZJS	86	cleanup_initdir
71dc3ed1 LP	87	}
71dc3ed1 LP	88
9309a23b	89	do_test "$@" 24