[thirdparty/systemd.git] / test / units / testsuite-67.sh

#!/usr/bin/env bash
# SPDX-License-Identifier: LGPL-2.1-or-later
set -euxo pipefail

export DM_NAME="integrity_test"
export FULL_DM_DEV_NAME="/dev/mapper/${DM_NAME}"
export FS_UUID="01234567-ffff-eeee-eeee-0123456789ab"
export GEN="/var/run/systemd/generator"

image_dir=""

cleanup()
{
    if [ -z "${image_dir}" ]; then
        return
    fi

    if [ -f "${image_dir}/image" ]; then
        if [ -e "${FULL_DM_DEV_NAME}" ]; then
            integritysetup close "${DM_NAME}"
        fi
        losetup -d "${loop}"
    fi

    rm -rf "${image_dir}"
}

trap cleanup EXIT

build_integrity_tab()
{
cat <<EOF >"/etc/integritytab"
${DM_NAME} ${loop} - integrity-algorithm=$1
EOF
}

image_dir="$(mktemp -d -t -p / integrity.tmp.XXXXXX)"
if [ -z "${image_dir}" ] || [ ! -d "${image_dir}" ]; then
    echo "mktemp under / failed"
    exit 1
fi

dd if=/dev/zero of="${image_dir}/image" bs=1048576 count=64 || exit 1
dd if=/dev/zero of="${image_dir}/data" bs=1048576 count=64 || exit 1
loop="$(losetup --show -f "${image_dir}/image")"

if [[ ! -e ${loop} ]]; then
    echo "Loopback device created not found!"
    exit 1
fi

# Do one iteration with a separate data device, to test those branches
separate_data=1

for algorithm in crc32c crc32 sha1 sha256
do
    if [ "${separate_data}" -eq 1 ]; then
        data_option="--data-device=${image_dir}/data"
    else
        data_option=""
    fi
    integritysetup format "${loop}" --batch-mode -I "${algorithm}" "${data_option}" || exit 1
    integritysetup open -I "${algorithm}" "${loop}" "${DM_NAME}" "${data_option}" || exit 1
    mkfs.ext4 -U "${FS_UUID}" "${FULL_DM_DEV_NAME}" || exit 1

    # Give userspace time to handle udev events for new FS showing up ...
    udevadm settle

    integritysetup close "${DM_NAME}" || exit 1

    # create integritytab, generate units, start service
    if [ "${separate_data}" -eq 1 ]; then
        data_option=",data-device=${image_dir}/data"
    else
        data_option=""
    fi
    build_integrity_tab "${algorithm}${data_option}"

    # Cause the generator to re-run
    systemctl daemon-reload || exit 1

    # Check for existence of unit files...
    if [[ ! -e "/run/systemd/generator/systemd-integritysetup@${DM_NAME}.service" ]]; then
        echo "Service file does not exist!"
        exit 1
    fi

    # Make sure we are in a consistent state, e.g. not already active before we start
    systemctl stop systemd-integritysetup@"${DM_NAME}".service || exit 1
    systemctl start systemd-integritysetup@"${DM_NAME}".service || exit 1

    # Check the signature on the FS to ensure we can retrieve it and that is matches
    if [ -e "${FULL_DM_DEV_NAME}" ]; then
        # If a separate device is used for the metadata storage, then blkid will return one of the loop devices
        if [ "${separate_data}" -eq 1 ]; then
            dev_name="$(integritysetup status ${DM_NAME} | grep '^\s*device:' | awk '{print $2}')"
        else
            dev_name="${FULL_DM_DEV_NAME}"
        fi
        if [ "${dev_name}" != "$(blkid -U "${FS_UUID}")" ]; then
            echo "Failed to locate FS with matching UUID!"
            exit 1
        fi
    else
        echo "Failed to bring up integrity device!"
        exit 1
    fi

    systemctl stop systemd-integritysetup@"${DM_NAME}".service || exit 1

    if [ -e "${FULL_DM_DEV_NAME}" ]; then
        echo "Expecting ${FULL_DM_DEV_NAME} to not exist after stopping unit!"
        exit 1
    fi

    separate_data=0
done

echo OK >/testok
Commit	Line	Data
788a0ef1 TA	1	#!/usr/bin/env bash
	2	# SPDX-License-Identifier: LGPL-2.1-or-later
	3	set -euxo pipefail
	4
	5	export DM_NAME="integrity_test"
	6	export FULL_DM_DEV_NAME="/dev/mapper/${DM_NAME}"
	7	export FS_UUID="01234567-ffff-eeee-eeee-0123456789ab"
	8	export GEN="/var/run/systemd/generator"
	9
	10	image_dir=""
	11
	12	cleanup()
	13	{
	14	if [ -z "${image_dir}" ]; then
	15	return
	16	fi
	17
	18	if [ -f "${image_dir}/image" ]; then
	19	if [ -e "${FULL_DM_DEV_NAME}" ]; then
	20	integritysetup close "${DM_NAME}"
	21	fi
	22	losetup -d "${loop}"
	23	fi
	24
	25	rm -rf "${image_dir}"
	26	}
	27
	28	trap cleanup EXIT
	29
	30	build_integrity_tab()
	31	{
7a17e41d	32	cat <<EOF >"/etc/integritytab"
788a0ef1	33	${DM_NAME} ${loop} - integrity-algorithm=$1
7a17e41d	34	EOF
788a0ef1 TA	35	}
	36
	37	image_dir="$(mktemp -d -t -p / integrity.tmp.XXXXXX)"
	38	if [ -z "${image_dir}" ] \|\| [ ! -d "${image_dir}" ]; then
	39	echo "mktemp under / failed"
	40	exit 1
	41	fi
	42
	43	dd if=/dev/zero of="${image_dir}/image" bs=1048576 count=64 \|\| exit 1
872f9da4	44	dd if=/dev/zero of="${image_dir}/data" bs=1048576 count=64 \|\| exit 1
788a0ef1 TA	45	loop="$(losetup --show -f "${image_dir}/image")"
	46
	47	if [[ ! -e ${loop} ]]; then
	48	echo "Loopback device created not found!"
	49	exit 1
	50	fi
	51
872f9da4 LB	52	# Do one iteration with a separate data device, to test those branches
	53	separate_data=1
	54
788a0ef1 TA	55	for algorithm in crc32c crc32 sha1 sha256
788a0ef1 TA	56	do
872f9da4 LB	57	if [ "${separate_data}" -eq 1 ]; then
	58	data_option="--data-device=${image_dir}/data"
	59	else
	60	data_option=""
	61	fi
	62	integritysetup format "${loop}" --batch-mode -I "${algorithm}" "${data_option}" \|\| exit 1
	63	integritysetup open -I "${algorithm}" "${loop}" "${DM_NAME}" "${data_option}" \|\| exit 1
788a0ef1 TA	64	mkfs.ext4 -U "${FS_UUID}" "${FULL_DM_DEV_NAME}" \|\| exit 1
	65
	66	# Give userspace time to handle udev events for new FS showing up ...
	67	udevadm settle
	68
	69	integritysetup close "${DM_NAME}" \|\| exit 1
	70
	71	# create integritytab, generate units, start service
872f9da4 LB	72	if [ "${separate_data}" -eq 1 ]; then
	73	data_option=",data-device=${image_dir}/data"
	74	else
	75	data_option=""
	76	fi
	77	build_integrity_tab "${algorithm}${data_option}"
788a0ef1 TA	78
	79	# Cause the generator to re-run
	80	systemctl daemon-reload \|\| exit 1
	81
a6f44d61	82	# Check for existence of unit files...
788a0ef1 TA	83	if [[ ! -e "/run/systemd/generator/systemd-integritysetup@${DM_NAME}.service" ]]; then
	84	echo "Service file does not exist!"
	85	exit 1
	86	fi
	87
	88	# Make sure we are in a consistent state, e.g. not already active before we start
	89	systemctl stop systemd-integritysetup@"${DM_NAME}".service \|\| exit 1
	90	systemctl start systemd-integritysetup@"${DM_NAME}".service \|\| exit 1
	91
	92	# Check the signature on the FS to ensure we can retrieve it and that is matches
	93	if [ -e "${FULL_DM_DEV_NAME}" ]; then
872f9da4 LB	94	# If a separate device is used for the metadata storage, then blkid will return one of the loop devices
	95	if [ "${separate_data}" -eq 1 ]; then
	96	dev_name="$(integritysetup status ${DM_NAME} \| grep '^\s*device:' \| awk '{print $2}')"
	97	else
	98	dev_name="${FULL_DM_DEV_NAME}"
	99	fi
	100	if [ "${dev_name}" != "$(blkid -U "${FS_UUID}")" ]; then
788a0ef1 TA	101	echo "Failed to locate FS with matching UUID!"
	102	exit 1
	103	fi
	104	else
	105	echo "Failed to bring up integrity device!"
	106	exit 1
	107	fi
	108
	109	systemctl stop systemd-integritysetup@"${DM_NAME}".service \|\| exit 1
	110
	111	if [ -e "${FULL_DM_DEV_NAME}" ]; then
a6f44d61	112	echo "Expecting ${FULL_DM_DEV_NAME} to not exist after stopping unit!"
788a0ef1 TA	113	exit 1
	114	fi
	115
872f9da4	116	separate_data=0
788a0ef1 TA	117	done
	118
	119	echo OK >/testok