test/units/testsuite-67.sh

   1 #!/usr/bin/env bash
   2 # SPDX-License-Identifier: LGPL-2.1-or-later
   3 set -euxo pipefail
   4
   5 export DM_NAME="integrity_test"
   6 export FULL_DM_DEV_NAME="/dev/mapper/${DM_NAME}"
   7 export FS_UUID="01234567-ffff-eeee-eeee-0123456789ab"
   8 export GEN="/var/run/systemd/generator"
   9
  10 image_dir=""
  11
  12 cleanup()
  13 {
  14     if [ -z "${image_dir}" ]; then
  15         return
  16     fi
  17
  18     if [ -f "${image_dir}/image" ]; then
  19         if [ -e "${FULL_DM_DEV_NAME}" ]; then
  20             integritysetup close "${DM_NAME}"
  21         fi
  22         losetup -d "${loop}"
  23     fi
  24
  25     rm -rf "${image_dir}"
  26 }
  27
  28 trap cleanup EXIT
  29
  30 build_integrity_tab()
  31 {
  32 cat <<EOF >"/etc/integritytab"
  33 ${DM_NAME} ${loop} - integrity-algorithm=$1
  34 EOF
  35 }
  36
  37 image_dir="$(mktemp -d -t -p / integrity.tmp.XXXXXX)"
  38 if [ -z "${image_dir}" ] || [ ! -d "${image_dir}" ]; then
  39     echo "mktemp under / failed"
  40     exit 1
  41 fi
  42
  43 dd if=/dev/zero of="${image_dir}/image" bs=1048576 count=64 || exit 1
  44 dd if=/dev/zero of="${image_dir}/data" bs=1048576 count=64 || exit 1
  45 loop="$(losetup --show -f "${image_dir}/image")"
  46
  47 if [[ ! -e ${loop} ]]; then
  48     echo "Loopback device created not found!"
  49     exit 1
  50 fi
  51
  52 # Do one iteration with a separate data device, to test those branches
  53 separate_data=1
  54
  55 for algorithm in crc32c crc32 sha1 sha256
  56 do
  57     if [ "${separate_data}" -eq 1 ]; then
  58         data_option="--data-device=${image_dir}/data"
  59     else
  60         data_option=""
  61     fi
  62     integritysetup format "${loop}" --batch-mode -I "${algorithm}" "${data_option}" || exit 1
  63     integritysetup open -I "${algorithm}" "${loop}" "${DM_NAME}" "${data_option}" || exit 1
  64     mkfs.ext4 -U "${FS_UUID}" "${FULL_DM_DEV_NAME}" || exit 1
  65
  66     # Give userspace time to handle udev events for new FS showing up ...
  67     udevadm settle
  68
  69     integritysetup close "${DM_NAME}" || exit 1
  70
  71     # create integritytab, generate units, start service
  72     if [ "${separate_data}" -eq 1 ]; then
  73         data_option=",data-device=${image_dir}/data"
  74     else
  75         data_option=""
  76     fi
  77     build_integrity_tab "${algorithm}${data_option}"
  78
  79     # Cause the generator to re-run
  80     systemctl daemon-reload || exit 1
  81
  82     # Check for existence of unit files...
  83     if [[ ! -e "/run/systemd/generator/systemd-integritysetup@${DM_NAME}.service" ]]; then
  84         echo "Service file does not exist!"
  85         exit 1
  86     fi
  87
  88     # Make sure we are in a consistent state, e.g. not already active before we start
  89     systemctl stop systemd-integritysetup@"${DM_NAME}".service || exit 1
  90     systemctl start systemd-integritysetup@"${DM_NAME}".service || exit 1
  91
  92     # Check the signature on the FS to ensure we can retrieve it and that is matches
  93     if [ -e "${FULL_DM_DEV_NAME}" ]; then
  94         # If a separate device is used for the metadata storage, then blkid will return one of the loop devices
  95         if [ "${separate_data}" -eq 1 ]; then
  96             dev_name="$(integritysetup status ${DM_NAME} | grep '^\s*device:' | awk '{print $2}')"
  97         else
  98             dev_name="${FULL_DM_DEV_NAME}"
  99         fi
 100         if [ "${dev_name}" != "$(blkid -U "${FS_UUID}")" ]; then
 101             echo "Failed to locate FS with matching UUID!"
 102             exit 1
 103         fi
 104     else
 105         echo "Failed to bring up integrity device!"
 106         exit 1
 107     fi
 108
 109     systemctl stop systemd-integritysetup@"${DM_NAME}".service || exit 1
 110
 111     if [ -e "${FULL_DM_DEV_NAME}" ]; then
 112         echo "Expecting ${FULL_DM_DEV_NAME} to not exist after stopping unit!"
 113         exit 1
 114     fi
 115
 116     separate_data=0
 117 done
 118
 119 echo OK >/testok