]>
Commit | Line | Data |
---|---|---|
ff12a795 | 1 | #!/usr/bin/env bash |
818567fc | 2 | set -e |
3f161ba9 | 3 | |
71dc3ed1 | 4 | TEST_DESCRIPTION="cryptsetup systemd setup" |
8c3534b5 | 5 | IMAGE_NAME="cryptsetup" |
054ee249 | 6 | TEST_NO_NSPAWN=1 |
d9e606e8 | 7 | TEST_FORCE_NEWIMAGE=1 |
71dc3ed1 | 8 | |
3f161ba9 FS |
9 | # shellcheck source=test/test-functions |
10 | . "${TEST_BASE_DIR:?}/test-functions" | |
71dc3ed1 | 11 | |
889a9042 | 12 | check_result_qemu() { |
3f161ba9 FS |
13 | local ret=1 |
14 | ||
1506edca | 15 | mount_initdir |
3f161ba9 FS |
16 | [[ -e "${initdir:?}/testok" ]] && ret=0 |
17 | [[ -f "$initdir/failed" ]] && cp -a "$initdir/failed" "${TESTDIR:?}" | |
18 | ||
19 | cryptsetup luksOpen "${LOOPDEV:?}p2" varcrypt <"$TESTDIR/keyfile" | |
20 | mount /dev/mapper/varcrypt "$initdir/var" | |
21 | save_journal "$initdir/var/log/journal" | |
22 | _umount_dir "$initdir/var" | |
23 | _umount_dir "$initdir" | |
71dc3ed1 | 24 | cryptsetup luksClose /dev/mapper/varcrypt |
3f161ba9 FS |
25 | |
26 | [[ -f "$TESTDIR/failed" ]] && cat "$TESTDIR/failed" | |
27 | echo "${JOURNAL_LIST:-No journals were saved}" | |
28 | ||
29 | test -s "$TESTDIR/failed" && ret=$((ret + 1)) | |
71dc3ed1 LP |
30 | return $ret |
31 | } | |
32 | ||
8c3534b5 | 33 | test_create_image() { |
ec4cab49 | 34 | create_empty_image_rootdir |
3f161ba9 FS |
35 | |
36 | echo -n test >"${TESTDIR:?}/keyfile" | |
37 | cryptsetup -q luksFormat --pbkdf pbkdf2 --pbkdf-force-iterations 1000 "${LOOPDEV:?}p2" "$TESTDIR/keyfile" | |
38 | cryptsetup luksOpen "${LOOPDEV}p2" varcrypt <"$TESTDIR/keyfile" | |
4b742c8a | 39 | mkfs.ext4 -L var /dev/mapper/varcrypt |
3f161ba9 FS |
40 | mkdir -p "${initdir:?}/var" |
41 | mount /dev/mapper/varcrypt "$initdir/var" | |
71dc3ed1 LP |
42 | |
43 | # Create what will eventually be our root filesystem onto an overlay | |
44 | ( | |
45 | LOG_LEVEL=5 | |
3f161ba9 FS |
46 | # shellcheck source=/dev/null |
47 | source <(udevadm info --export --query=env --name=/dev/mapper/varcrypt) | |
48 | # shellcheck source=/dev/null | |
49 | source <(udevadm info --export --query=env --name="${LOOPDEV}p2") | |
71dc3ed1 | 50 | |
889a9042 | 51 | setup_basic_environment |
51fa8591 | 52 | mask_supporting_services |
056ae881 | 53 | |
889a9042 | 54 | install_dmevent |
1a6dc653 | 55 | generate_module_dependencies |
3f161ba9 | 56 | cat >"$initdir/etc/crypttab" <<EOF |
889a9042 | 57 | $DM_NAME UUID=$ID_FS_UUID /etc/varkey |
71dc3ed1 | 58 | EOF |
3f161ba9 FS |
59 | echo -n test >"$initdir/etc/varkey" |
60 | ddebug <"$initdir/etc/crypttab" | |
71dc3ed1 | 61 | |
3f161ba9 | 62 | cat >>"$initdir/etc/fstab" <<EOF |
4b742c8a | 63 | /dev/mapper/varcrypt /var ext4 defaults 0 1 |
889a9042 | 64 | EOF |
e47add9e FS |
65 | |
66 | # Forward journal messages to the console, so we have something | |
67 | # to investigate even if we fail to mount the encrypted /var | |
3f161ba9 | 68 | echo ForwardToConsole=yes >> "$initdir/etc/systemd/journald.conf" |
cc469c3d | 69 | ) |
ec4cab49 | 70 | } |
71dc3ed1 | 71 | |
ec4cab49 | 72 | cleanup_root_var() { |
3f161ba9 FS |
73 | ddebug "umount ${initdir:?}/var" |
74 | mountpoint "$initdir/var" && umount "$initdir/var" | |
ec4cab49 | 75 | [[ -b /dev/mapper/varcrypt ]] && cryptsetup luksClose /dev/mapper/varcrypt |
71dc3ed1 LP |
76 | } |
77 | ||
78 | test_cleanup() { | |
f85bc044 | 79 | # ignore errors, so cleanup can continue |
65dd488f | 80 | cleanup_root_var || : |
ec4cab49 DS |
81 | _test_cleanup |
82 | } | |
83 | ||
84 | test_setup_cleanup() { | |
ec43f686 ZJS |
85 | cleanup_root_var || : |
86 | cleanup_initdir | |
71dc3ed1 LP |
87 | } |
88 | ||
9309a23b | 89 | do_test "$@" 24 |