test/TEST-24-CRYPTSETUP/test.sh

   1 #!/usr/bin/env bash
   2 # SPDX-License-Identifier: LGPL-2.1-or-later
   3 set -e
   4
   5 TEST_DESCRIPTION="cryptsetup systemd setup"
   6 IMAGE_NAME="cryptsetup"
   7 TEST_NO_NSPAWN=1
   8 TEST_FORCE_NEWIMAGE=1
   9
  10 # shellcheck source=test/test-functions
  11 . "${TEST_BASE_DIR:?}/test-functions"
  12
  13 check_result_qemu() {
  14     local ret=1
  15
  16     mount_initdir
  17     [[ -e "${initdir:?}/testok" ]] && ret=0
  18     [[ -f "$initdir/failed" ]] && cp -a "$initdir/failed" "${TESTDIR:?}"
  19
  20     cryptsetup luksOpen "${LOOPDEV:?}p2" varcrypt <"$TESTDIR/keyfile"
  21     mount /dev/mapper/varcrypt "$initdir/var"
  22     save_journal "$initdir/var/log/journal"
  23     _umount_dir "$initdir/var"
  24     _umount_dir "$initdir"
  25     cryptsetup luksClose /dev/mapper/varcrypt
  26
  27     [[ -f "$TESTDIR/failed" ]] && cat "$TESTDIR/failed"
  28     echo "${JOURNAL_LIST:-No journals were saved}"
  29
  30     test -s "$TESTDIR/failed" && ret=1
  31     return $ret
  32 }
  33
  34 test_create_image() {
  35     create_empty_image_rootdir
  36
  37     echo -n test >"${TESTDIR:?}/keyfile"
  38     cryptsetup -q luksFormat --pbkdf pbkdf2 --pbkdf-force-iterations 1000 "${LOOPDEV:?}p2" "$TESTDIR/keyfile"
  39     cryptsetup luksOpen "${LOOPDEV}p2" varcrypt <"$TESTDIR/keyfile"
  40     mkfs.ext4 -L var /dev/mapper/varcrypt
  41     mkdir -p "${initdir:?}/var"
  42     mount /dev/mapper/varcrypt "$initdir/var"
  43
  44     # Create what will eventually be our root filesystem onto an overlay
  45     (
  46         LOG_LEVEL=5
  47         # shellcheck source=/dev/null
  48         source <(udevadm info --export --query=env --name=/dev/mapper/varcrypt)
  49         # shellcheck source=/dev/null
  50         source <(udevadm info --export --query=env --name="${LOOPDEV}p2")
  51
  52         setup_basic_environment
  53         mask_supporting_services
  54
  55         install_dmevent
  56         generate_module_dependencies
  57         cat >"$initdir/etc/crypttab" <<EOF
  58 $DM_NAME UUID=$ID_FS_UUID /etc/varkey
  59 EOF
  60         echo -n test >"$initdir/etc/varkey"
  61         ddebug <"$initdir/etc/crypttab"
  62
  63         cat >>"$initdir/etc/fstab" <<EOF
  64 /dev/mapper/varcrypt    /var    ext4    defaults 0 1
  65 EOF
  66
  67         # Forward journal messages to the console, so we have something
  68         # to investigate even if we fail to mount the encrypted /var
  69         echo ForwardToConsole=yes >> "$initdir/etc/systemd/journald.conf"
  70     )
  71 }
  72
  73 cleanup_root_var() {
  74     ddebug "umount ${initdir:?}/var"
  75     mountpoint "$initdir/var" && umount "$initdir/var"
  76     [[ -b /dev/mapper/varcrypt ]] && cryptsetup luksClose /dev/mapper/varcrypt
  77 }
  78
  79 test_cleanup() {
  80     # ignore errors, so cleanup can continue
  81     cleanup_root_var || :
  82     _test_cleanup
  83 }
  84
  85 test_setup_cleanup() {
  86     cleanup_root_var || :
  87     cleanup_initdir
  88 }
  89
  90 do_test "$@"