2 # SPDX-License-Identifier: LGPL-2.1-or-later
5 TEST_DESCRIPTION
="cryptsetup systemd setup"
6 IMAGE_NAME
="cryptsetup"
7 IMAGE_ADDITIONAL_DATA_SIZE
=100
11 # shellcheck source=test/test-functions
12 .
"${TEST_BASE_DIR:?}/test-functions"
14 PART_UUID
="deadbeef-dead-dead-beef-000000000000"
15 DM_NAME
="test24_varcrypt"
16 KERNEL_APPEND
+=" rd.luks=1 luks.name=$PART_UUID=$DM_NAME luks.key=$PART_UUID=/keyfile:LABEL=varcrypt_keydev"
17 QEMU_OPTIONS
+=" -drive format=raw,cache=unsafe,file=${STATEDIR:?}/keydev.img"
23 [[ -e "${initdir:?}/testok" ]] && ret
=0
24 [[ -f "$initdir/failed" ]] && cp -a "$initdir/failed" "${TESTDIR:?}"
26 cryptsetup luksOpen
"${LOOPDEV:?}p2" "${DM_NAME:?}" <"$TESTDIR/keyfile"
27 mount
"/dev/mapper/$DM_NAME" "$initdir/var"
28 save_journal
"$initdir/var/log/journal"
29 check_coverage_reports
"${initdir:?}" || ret
=5
30 _umount_dir
"$initdir/var"
31 _umount_dir
"$initdir"
32 cryptsetup luksClose
"/dev/mapper/$DM_NAME"
34 [[ -f "$TESTDIR/failed" ]] && cat "$TESTDIR/failed"
35 echo "${JOURNAL_LIST:-No journals were saved}"
37 test -s "$TESTDIR/failed" && ret
=1
42 create_empty_image_rootdir
44 echo -n test >"${TESTDIR:?}/keyfile"
45 cryptsetup
-q luksFormat
--uuid="$PART_UUID" --pbkdf pbkdf2
--pbkdf-force-iterations 1000 "${LOOPDEV:?}p2" "$TESTDIR/keyfile"
46 cryptsetup luksOpen
"${LOOPDEV}p2" "${DM_NAME:?}" <"$TESTDIR/keyfile"
47 mkfs.ext4
-L var
"/dev/mapper/$DM_NAME"
48 mkdir
-p "${initdir:?}/var"
49 mount
"/dev/mapper/$DM_NAME" "$initdir/var"
53 setup_basic_environment
54 mask_supporting_services
57 generate_module_dependencies
60 dd if=/dev
/zero of
="${STATEDIR:?}/keydev.img" bs
=1M count
=16
61 mkfs.ext4
-L varcrypt_keydev
"$STATEDIR/keydev.img"
62 mkdir
-p "$STATEDIR/keydev"
63 mount
"$STATEDIR/keydev.img" "$STATEDIR/keydev"
64 echo -n test >"$STATEDIR/keydev/keyfile"
65 sync
"$STATEDIR/keydev"
66 umount
"$STATEDIR/keydev"
68 cat >>"$initdir/etc/fstab" <<EOF
69 /dev/mapper/$DM_NAME /var ext4 defaults 0 1
72 # Forward journal messages to the console, so we have something
73 # to investigate even if we fail to mount the encrypted /var
74 echo ForwardToConsole
=yes >>"$initdir/etc/systemd/journald.conf"
76 # If $INITRD wasn't provided explicitly, generate a custom one with dm-crypt
78 if [[ -z "$INITRD" ]]; then
79 INITRD
="${TESTDIR:?}/initrd.img"
80 dinfo
"Generating a custom initrd with dm-crypt support in '${INITRD:?}'"
82 if command -v dracut
>/dev
/null
; then
83 dracut
--force --verbose --add crypt "$INITRD"
84 elif command -v mkinitcpio
>/dev
/null
; then
85 mkinitcpio
--addhooks sd-encrypt
--generate "$INITRD"
86 elif command -v mkinitramfs
>/dev
/null
; then
87 # The cryptroot hook is provided by the cryptsetup-initramfs package
88 if ! dpkg-query
-s cryptsetup-initramfs
; then
89 derror
"Missing 'cryptsetup-initramfs' package for dm-crypt support in initrd"
93 mkinitramfs
-o "$INITRD"
95 dfatal
"Unrecognized initrd generator, can't continue"
102 mountpoint
-q "$initdir/var" && umount
"$initdir/var"
103 [[ -b "/dev/mapper/${DM_NAME:?}" ]] && cryptsetup luksClose
"/dev/mapper/$DM_NAME"
104 mountpoint
-q "${STATEDIR:?}/keydev" && umount
"$STATEDIR/keydev"
108 # ignore errors, so cleanup can continue
109 cleanup_root_var ||
:
113 test_setup_cleanup
() {
114 cleanup_root_var ||
: