]>
Commit | Line | Data |
---|---|---|
ff12a795 | 1 | #!/usr/bin/env bash |
7b3cec95 | 2 | # SPDX-License-Identifier: LGPL-2.1-or-later |
818567fc | 3 | set -e |
3f161ba9 | 4 | |
71dc3ed1 | 5 | TEST_DESCRIPTION="cryptsetup systemd setup" |
8c3534b5 | 6 | IMAGE_NAME="cryptsetup" |
b7e91384 | 7 | IMAGE_ADDITIONAL_DATA_SIZE=100 |
054ee249 | 8 | TEST_NO_NSPAWN=1 |
d9e606e8 | 9 | TEST_FORCE_NEWIMAGE=1 |
71dc3ed1 | 10 | |
3f161ba9 FS |
11 | # shellcheck source=test/test-functions |
12 | . "${TEST_BASE_DIR:?}/test-functions" | |
71dc3ed1 | 13 | |
1fb7f8e1 FS |
14 | PART_UUID="deadbeef-dead-dead-beef-000000000000" |
15 | DM_NAME="test24_varcrypt" | |
6b70d3cf FS |
16 | KERNEL_APPEND+=" rd.luks=1 luks.name=$PART_UUID=$DM_NAME luks.key=$PART_UUID=/keyfile:LABEL=varcrypt_keydev" |
17 | QEMU_OPTIONS+=" -drive format=raw,cache=unsafe,file=${STATEDIR:?}/keydev.img" | |
1fb7f8e1 | 18 | |
889a9042 | 19 | check_result_qemu() { |
3f161ba9 FS |
20 | local ret=1 |
21 | ||
1506edca | 22 | mount_initdir |
3f161ba9 FS |
23 | [[ -e "${initdir:?}/testok" ]] && ret=0 |
24 | [[ -f "$initdir/failed" ]] && cp -a "$initdir/failed" "${TESTDIR:?}" | |
25 | ||
1fb7f8e1 FS |
26 | cryptsetup luksOpen "${LOOPDEV:?}p2" "${DM_NAME:?}" <"$TESTDIR/keyfile" |
27 | mount "/dev/mapper/$DM_NAME" "$initdir/var" | |
3f161ba9 | 28 | save_journal "$initdir/var/log/journal" |
9bc10d31 | 29 | check_coverage_reports "${initdir:?}" || ret=5 |
3f161ba9 FS |
30 | _umount_dir "$initdir/var" |
31 | _umount_dir "$initdir" | |
1fb7f8e1 | 32 | cryptsetup luksClose "/dev/mapper/$DM_NAME" |
3f161ba9 FS |
33 | |
34 | [[ -f "$TESTDIR/failed" ]] && cat "$TESTDIR/failed" | |
35 | echo "${JOURNAL_LIST:-No journals were saved}" | |
36 | ||
7bf20e48 | 37 | test -s "$TESTDIR/failed" && ret=1 |
71dc3ed1 LP |
38 | return $ret |
39 | } | |
40 | ||
8c3534b5 | 41 | test_create_image() { |
ec4cab49 | 42 | create_empty_image_rootdir |
3f161ba9 FS |
43 | |
44 | echo -n test >"${TESTDIR:?}/keyfile" | |
1fb7f8e1 FS |
45 | cryptsetup -q luksFormat --uuid="$PART_UUID" --pbkdf pbkdf2 --pbkdf-force-iterations 1000 "${LOOPDEV:?}p2" "$TESTDIR/keyfile" |
46 | cryptsetup luksOpen "${LOOPDEV}p2" "${DM_NAME:?}" <"$TESTDIR/keyfile" | |
47 | mkfs.ext4 -L var "/dev/mapper/$DM_NAME" | |
3f161ba9 | 48 | mkdir -p "${initdir:?}/var" |
1fb7f8e1 FS |
49 | mount "/dev/mapper/$DM_NAME" "$initdir/var" |
50 | ||
51 | LOG_LEVEL=5 | |
52 | ||
53 | setup_basic_environment | |
54 | mask_supporting_services | |
55 | ||
56 | install_dmevent | |
57 | generate_module_dependencies | |
58 | ||
6b70d3cf FS |
59 | # Create a keydev |
60 | dd if=/dev/zero of="${STATEDIR:?}/keydev.img" bs=1M count=16 | |
61 | mkfs.ext4 -L varcrypt_keydev "$STATEDIR/keydev.img" | |
62 | mkdir -p "$STATEDIR/keydev" | |
63 | mount "$STATEDIR/keydev.img" "$STATEDIR/keydev" | |
64 | echo -n test >"$STATEDIR/keydev/keyfile" | |
168ccb87 | 65 | sync "$STATEDIR/keydev" |
6b70d3cf | 66 | umount "$STATEDIR/keydev" |
71dc3ed1 | 67 | |
1fb7f8e1 FS |
68 | cat >>"$initdir/etc/fstab" <<EOF |
69 | /dev/mapper/$DM_NAME /var ext4 defaults 0 1 | |
889a9042 | 70 | EOF |
e47add9e | 71 | |
1fb7f8e1 FS |
72 | # Forward journal messages to the console, so we have something |
73 | # to investigate even if we fail to mount the encrypted /var | |
7a17e41d | 74 | echo ForwardToConsole=yes >>"$initdir/etc/systemd/journald.conf" |
b22d90e5 FS |
75 | |
76 | # If $INITRD wasn't provided explicitly, generate a custom one with dm-crypt | |
77 | # support | |
78 | if [[ -z "$INITRD" ]]; then | |
79 | INITRD="${TESTDIR:?}/initrd.img" | |
80 | dinfo "Generating a custom initrd with dm-crypt support in '${INITRD:?}'" | |
81 | ||
82 | if command -v dracut >/dev/null; then | |
83 | dracut --force --verbose --add crypt "$INITRD" | |
84 | elif command -v mkinitcpio >/dev/null; then | |
85 | mkinitcpio --addhooks sd-encrypt --generate "$INITRD" | |
86 | elif command -v mkinitramfs >/dev/null; then | |
87 | # The cryptroot hook is provided by the cryptsetup-initramfs package | |
88 | if ! dpkg-query -s cryptsetup-initramfs; then | |
89 | derror "Missing 'cryptsetup-initramfs' package for dm-crypt support in initrd" | |
90 | return 1 | |
91 | fi | |
92 | ||
93 | mkinitramfs -o "$INITRD" | |
94 | else | |
95 | dfatal "Unrecognized initrd generator, can't continue" | |
96 | return 1 | |
97 | fi | |
98 | fi | |
ec4cab49 | 99 | } |
71dc3ed1 | 100 | |
ec4cab49 | 101 | cleanup_root_var() { |
168ccb87 | 102 | mountpoint -q "$initdir/var" && umount "$initdir/var" |
1fb7f8e1 | 103 | [[ -b "/dev/mapper/${DM_NAME:?}" ]] && cryptsetup luksClose "/dev/mapper/$DM_NAME" |
168ccb87 | 104 | mountpoint -q "${STATEDIR:?}/keydev" && umount "$STATEDIR/keydev" |
71dc3ed1 LP |
105 | } |
106 | ||
107 | test_cleanup() { | |
f85bc044 | 108 | # ignore errors, so cleanup can continue |
65dd488f | 109 | cleanup_root_var || : |
ec4cab49 DS |
110 | _test_cleanup |
111 | } | |
112 | ||
113 | test_setup_cleanup() { | |
ec43f686 ZJS |
114 | cleanup_root_var || : |
115 | cleanup_initdir | |
71dc3ed1 LP |
116 | } |
117 | ||
c4cd6205 | 118 | do_test "$@" |