--- /dev/null
+#!/usr/bin/env bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -euxo pipefail
+
+export DM_NAME="integrity_test"
+export FULL_DM_DEV_NAME="/dev/mapper/${DM_NAME}"
+export FS_UUID="01234567-ffff-eeee-eeee-0123456789ab"
+export GEN="/var/run/systemd/generator"
+
+image_dir=""
+
+cleanup()
+{
+ if [ -z "${image_dir}" ]; then
+ return
+ fi
+
+ if [ -f "${image_dir}/image" ]; then
+ if [ -e "${FULL_DM_DEV_NAME}" ]; then
+ integritysetup close "${DM_NAME}"
+ fi
+ losetup -d "${loop}"
+ fi
+
+ rm -rf "${image_dir}"
+}
+
+trap cleanup EXIT
+
+build_integrity_tab()
+{
+cat << _EOL > "/etc/integritytab"
+${DM_NAME} ${loop} - integrity-algorithm=$1
+_EOL
+}
+
+image_dir="$(mktemp -d -t -p / integrity.tmp.XXXXXX)"
+if [ -z "${image_dir}" ] || [ ! -d "${image_dir}" ]; then
+ echo "mktemp under / failed"
+ exit 1
+fi
+
+dd if=/dev/zero of="${image_dir}/image" bs=1048576 count=64 || exit 1
+loop="$(losetup --show -f "${image_dir}/image")"
+
+if [[ ! -e ${loop} ]]; then
+ echo "Loopback device created not found!"
+ exit 1
+fi
+
+for algorithm in crc32c crc32 sha1 sha256
+do
+ integritysetup format "${loop}" --batch-mode -I "${algorithm}" || exit 1
+ integritysetup open -I "${algorithm}" "${loop}" "${DM_NAME}" || exit 1
+ mkfs.ext4 -U "${FS_UUID}" "${FULL_DM_DEV_NAME}" || exit 1
+
+ # Give userspace time to handle udev events for new FS showing up ...
+ udevadm settle
+
+ integritysetup close "${DM_NAME}" || exit 1
+
+ # create integritytab, generate units, start service
+ build_integrity_tab ${algorithm}
+
+ # Cause the generator to re-run
+ systemctl daemon-reload || exit 1
+
+ # Check for existance of unit files...
+ if [[ ! -e "/run/systemd/generator/systemd-integritysetup@${DM_NAME}.service" ]]; then
+ echo "Service file does not exist!"
+ exit 1
+ fi
+
+ # Make sure we are in a consistent state, e.g. not already active before we start
+ systemctl stop systemd-integritysetup@"${DM_NAME}".service || exit 1
+ systemctl start systemd-integritysetup@"${DM_NAME}".service || exit 1
+
+ # Check the signature on the FS to ensure we can retrieve it and that is matches
+ if [ -e "${FULL_DM_DEV_NAME}" ]; then
+ if [ "${FULL_DM_DEV_NAME}" != "$(blkid -U "${FS_UUID}")" ]; then
+ echo "Failed to locate FS with matching UUID!"
+ exit 1
+ fi
+ else
+ echo "Failed to bring up integrity device!"
+ exit 1
+ fi
+
+ systemctl stop systemd-integritysetup@"${DM_NAME}".service || exit 1
+
+ if [ -e "${FULL_DM_DEV_NAME}" ]; then
+ echo "Expecting ${FULL_DM_DEV_NAME} to not exist after stoping unit!"
+ exit 1
+ fi
+
+done
+
+echo OK >/testok
projects / thirdparty / systemd.git / commitdiff
