[thirdparty/systemd.git] / test / TEST-24-CRYPTSETUP / test.sh

#!/usr/bin/env bash
# SPDX-License-Identifier: LGPL-2.1-or-later
set -e

TEST_DESCRIPTION="cryptsetup systemd setup"
IMAGE_NAME="cryptsetup"
TEST_NO_NSPAWN=1
TEST_FORCE_NEWIMAGE=1

# shellcheck source=test/test-functions
. "${TEST_BASE_DIR:?}/test-functions"

check_result_qemu() {
    local ret=1

    mount_initdir
    [[ -e "${initdir:?}/testok" ]] && ret=0
    [[ -f "$initdir/failed" ]] && cp -a "$initdir/failed" "${TESTDIR:?}"

    cryptsetup luksOpen "${LOOPDEV:?}p2" varcrypt <"$TESTDIR/keyfile"
    mount /dev/mapper/varcrypt "$initdir/var"
    save_journal "$initdir/var/log/journal"
    check_coverage_reports "${initdir:?}" || ret=5
    _umount_dir "$initdir/var"
    _umount_dir "$initdir"
    cryptsetup luksClose /dev/mapper/varcrypt

    [[ -f "$TESTDIR/failed" ]] && cat "$TESTDIR/failed"
    echo "${JOURNAL_LIST:-No journals were saved}"

    test -s "$TESTDIR/failed" && ret=1
    return $ret
}

test_create_image() {
    create_empty_image_rootdir

    echo -n test >"${TESTDIR:?}/keyfile"
    cryptsetup -q luksFormat --pbkdf pbkdf2 --pbkdf-force-iterations 1000 "${LOOPDEV:?}p2" "$TESTDIR/keyfile"
    cryptsetup luksOpen "${LOOPDEV}p2" varcrypt <"$TESTDIR/keyfile"
    mkfs.ext4 -L var /dev/mapper/varcrypt
    mkdir -p "${initdir:?}/var"
    mount /dev/mapper/varcrypt "$initdir/var"

    # Create what will eventually be our root filesystem onto an overlay
    (
        LOG_LEVEL=5
        # shellcheck source=/dev/null
        source <(udevadm info --export --query=env --name=/dev/mapper/varcrypt)
        # shellcheck source=/dev/null
        source <(udevadm info --export --query=env --name="${LOOPDEV}p2")

        setup_basic_environment
        mask_supporting_services

        install_dmevent
        generate_module_dependencies
        cat >"$initdir/etc/crypttab" <<EOF
$DM_NAME UUID=$ID_FS_UUID /etc/varkey
EOF
        echo -n test >"$initdir/etc/varkey"
        ddebug <"$initdir/etc/crypttab"

        cat >>"$initdir/etc/fstab" <<EOF
/dev/mapper/varcrypt    /var    ext4    defaults 0 1
EOF

        # Forward journal messages to the console, so we have something
        # to investigate even if we fail to mount the encrypted /var
        echo ForwardToConsole=yes >> "$initdir/etc/systemd/journald.conf"
    )
}

cleanup_root_var() {
    ddebug "umount ${initdir:?}/var"
    mountpoint "$initdir/var" && umount "$initdir/var"
    [[ -b /dev/mapper/varcrypt ]] && cryptsetup luksClose /dev/mapper/varcrypt
}

test_cleanup() {
    # ignore errors, so cleanup can continue
    cleanup_root_var || :
    _test_cleanup
}

test_setup_cleanup() {
    cleanup_root_var || :
    cleanup_initdir
}

do_test "$@"
Commit	Line	Data
ff12a795	1	#!/usr/bin/env bash
7b3cec95	2	# SPDX-License-Identifier: LGPL-2.1-or-later
818567fc	3	set -e
3f161ba9	4
71dc3ed1	5	TEST_DESCRIPTION="cryptsetup systemd setup"
8c3534b5	6	IMAGE_NAME="cryptsetup"
054ee249	7	TEST_NO_NSPAWN=1
d9e606e8	8	TEST_FORCE_NEWIMAGE=1
71dc3ed1	9
3f161ba9 FS	10	# shellcheck source=test/test-functions
3f161ba9 FS	11	. "${TEST_BASE_DIR:?}/test-functions"
71dc3ed1	12
889a9042	13	check_result_qemu() {
3f161ba9 FS	14	local ret=1
3f161ba9 FS	15
1506edca	16	mount_initdir
3f161ba9 FS	17	[[ -e "${initdir:?}/testok" ]] && ret=0
	18	[[ -f "$initdir/failed" ]] && cp -a "$initdir/failed" "${TESTDIR:?}"
	19
	20	cryptsetup luksOpen "${LOOPDEV:?}p2" varcrypt <"$TESTDIR/keyfile"
	21	mount /dev/mapper/varcrypt "$initdir/var"
	22	save_journal "$initdir/var/log/journal"
9bc10d31	23	check_coverage_reports "${initdir:?}" \|\| ret=5
3f161ba9 FS	24	_umount_dir "$initdir/var"
3f161ba9 FS	25	_umount_dir "$initdir"
71dc3ed1	26	cryptsetup luksClose /dev/mapper/varcrypt
3f161ba9 FS	27
	28	[[ -f "$TESTDIR/failed" ]] && cat "$TESTDIR/failed"
	29	echo "${JOURNAL_LIST:-No journals were saved}"
	30
7bf20e48	31	test -s "$TESTDIR/failed" && ret=1
71dc3ed1 LP	32	return $ret
	33	}
	34
8c3534b5	35	test_create_image() {
ec4cab49	36	create_empty_image_rootdir
3f161ba9 FS	37
	38	echo -n test >"${TESTDIR:?}/keyfile"
	39	cryptsetup -q luksFormat --pbkdf pbkdf2 --pbkdf-force-iterations 1000 "${LOOPDEV:?}p2" "$TESTDIR/keyfile"
	40	cryptsetup luksOpen "${LOOPDEV}p2" varcrypt <"$TESTDIR/keyfile"
4b742c8a	41	mkfs.ext4 -L var /dev/mapper/varcrypt
3f161ba9 FS	42	mkdir -p "${initdir:?}/var"
3f161ba9 FS	43	mount /dev/mapper/varcrypt "$initdir/var"
71dc3ed1 LP	44
	45	# Create what will eventually be our root filesystem onto an overlay
	46	(
	47	LOG_LEVEL=5
3f161ba9 FS	48	# shellcheck source=/dev/null
	49	source <(udevadm info --export --query=env --name=/dev/mapper/varcrypt)
	50	# shellcheck source=/dev/null
	51	source <(udevadm info --export --query=env --name="${LOOPDEV}p2")
71dc3ed1	52
889a9042	53	setup_basic_environment
51fa8591	54	mask_supporting_services
056ae881	55
889a9042	56	install_dmevent
1a6dc653	57	generate_module_dependencies
3f161ba9	58	cat >"$initdir/etc/crypttab" <<EOF
889a9042	59	$DM_NAME UUID=$ID_FS_UUID /etc/varkey
71dc3ed1	60	EOF
3f161ba9 FS	61	echo -n test >"$initdir/etc/varkey"
3f161ba9 FS	62	ddebug <"$initdir/etc/crypttab"
71dc3ed1	63
3f161ba9	64	cat >>"$initdir/etc/fstab" <<EOF
4b742c8a	65	/dev/mapper/varcrypt /var ext4 defaults 0 1
889a9042	66	EOF
e47add9e FS	67
	68	# Forward journal messages to the console, so we have something
	69	# to investigate even if we fail to mount the encrypted /var
3f161ba9	70	echo ForwardToConsole=yes >> "$initdir/etc/systemd/journald.conf"
cc469c3d	71	)
ec4cab49	72	}
71dc3ed1	73
ec4cab49	74	cleanup_root_var() {
3f161ba9 FS	75	ddebug "umount ${initdir:?}/var"
3f161ba9 FS	76	mountpoint "$initdir/var" && umount "$initdir/var"
ec4cab49	77	[[ -b /dev/mapper/varcrypt ]] && cryptsetup luksClose /dev/mapper/varcrypt
71dc3ed1 LP	78	}
	79
	80	test_cleanup() {
f85bc044	81	# ignore errors, so cleanup can continue
65dd488f	82	cleanup_root_var \|\| :
ec4cab49 DS	83	_test_cleanup
	84	}
	85
	86	test_setup_cleanup() {
ec43f686 ZJS	87	cleanup_root_var \|\| :
ec43f686 ZJS	88	cleanup_initdir
71dc3ed1 LP	89	}
71dc3ed1 LP	90
c4cd6205	91	do_test "$@"