test/TEST-24-CRYPTSETUP/test.sh

   1 #!/usr/bin/env bash
   2 set -e
   3 TEST_DESCRIPTION="cryptsetup systemd setup"
   4 IMAGE_NAME="cryptsetup"
   5 TEST_NO_NSPAWN=1
   6
   7 . $TEST_BASE_DIR/test-functions
   8
   9 check_result_qemu() {
  10     ret=1
  11     mount_initdir
  12     [[ -e $initdir/testok ]] && ret=0
  13     [[ -f $initdir/failed ]] && cp -a $initdir/failed $TESTDIR
  14     cryptsetup luksOpen ${LOOPDEV}p2 varcrypt <$TESTDIR/keyfile
  15     mount /dev/mapper/varcrypt $initdir/var
  16     save_journal $initdir/var/log/journal
  17     _umount_dir $initdir/var
  18     _umount_dir $initdir
  19     cryptsetup luksClose /dev/mapper/varcrypt
  20     [[ -f $TESTDIR/failed ]] && cat $TESTDIR/failed
  21     echo $JOURNAL_LIST
  22     test -s $TESTDIR/failed && ret=$(($ret+1))
  23     return $ret
  24 }
  25
  26 test_create_image() {
  27     create_empty_image_rootdir
  28     echo -n test >$TESTDIR/keyfile
  29     cryptsetup -q luksFormat --pbkdf pbkdf2 --pbkdf-force-iterations 1000 ${LOOPDEV}p2 $TESTDIR/keyfile
  30     cryptsetup luksOpen ${LOOPDEV}p2 varcrypt <$TESTDIR/keyfile
  31     mkfs.ext4 -L var /dev/mapper/varcrypt
  32     mkdir -p $initdir/var
  33     mount /dev/mapper/varcrypt $initdir/var
  34
  35     # Create what will eventually be our root filesystem onto an overlay
  36     (
  37         LOG_LEVEL=5
  38         eval $(udevadm info --export --query=env --name=/dev/mapper/varcrypt)
  39         eval $(udevadm info --export --query=env --name=${LOOPDEV}p2)
  40
  41         setup_basic_environment
  42         mask_supporting_services
  43
  44         install_dmevent
  45         generate_module_dependencies
  46         cat >$initdir/etc/crypttab <<EOF
  47 $DM_NAME UUID=$ID_FS_UUID /etc/varkey
  48 EOF
  49         echo -n test >$initdir/etc/varkey
  50         cat $initdir/etc/crypttab | ddebug
  51
  52         cat >>$initdir/etc/fstab <<EOF
  53 /dev/mapper/varcrypt    /var    ext4    defaults 0 1
  54 EOF
  55
  56         # Forward journal messages to the console, so we have something
  57         # to investigate even if we fail to mount the encrypted /var
  58         echo ForwardToConsole=yes >> $initdir/etc/systemd/journald.conf
  59     )
  60 }
  61
  62 cleanup_root_var() {
  63     ddebug "umount $initdir/var"
  64     mountpoint $initdir/var && umount $initdir/var
  65     [[ -b /dev/mapper/varcrypt ]] && cryptsetup luksClose /dev/mapper/varcrypt
  66 }
  67
  68 test_cleanup() {
  69     # ignore errors, so cleanup can continue
  70     cleanup_root_var || :
  71     _test_cleanup
  72 }
  73
  74 test_setup_cleanup() {
  75     cleanup_root_var || :
  76     cleanup_initdir
  77 }
  78
  79 do_test "$@" 24