systemd-stable/test/TEST-02-CRYPTSETUP/test.sh

#!/usr/bin/env bash
set -e
TEST_DESCRIPTION="cryptsetup systemd setup"
IMAGE_NAME="cryptsetup"
TEST_NO_NSPAWN=1

. $TEST_BASE_DIR/test-functions

check_result_qemu() {
    ret=1
    mount_initdir
    [[ -e $initdir/testok ]] && ret=0
    [[ -f $initdir/failed ]] && cp -a $initdir/failed $TESTDIR
    cryptsetup luksOpen ${LOOPDEV}p2 varcrypt <$TESTDIR/keyfile
    mount /dev/mapper/varcrypt $initdir/var
    save_journal $initdir/var/log/journal
    _umount_dir $initdir/var
    _umount_dir $initdir
    cryptsetup luksClose /dev/mapper/varcrypt
    [[ -f $TESTDIR/failed ]] && cat $TESTDIR/failed
    echo $JOURNAL_LIST
    test -s $TESTDIR/failed && ret=$(($ret+1))
    return $ret
}

test_create_image() {
    create_empty_image_rootdir
    echo -n test >$TESTDIR/keyfile
    cryptsetup -q luksFormat --pbkdf pbkdf2 --pbkdf-force-iterations 1000 ${LOOPDEV}p2 $TESTDIR/keyfile
    cryptsetup luksOpen ${LOOPDEV}p2 varcrypt <$TESTDIR/keyfile
    mkfs.ext4 -L var /dev/mapper/varcrypt
    mkdir -p $initdir/var
    mount /dev/mapper/varcrypt $initdir/var

    # Create what will eventually be our root filesystem onto an overlay
    (
        LOG_LEVEL=5
        eval $(udevadm info --export --query=env --name=/dev/mapper/varcrypt)
        eval $(udevadm info --export --query=env --name=${LOOPDEV}p2)

        setup_basic_environment
        mask_supporting_services

        install_dmevent
        generate_module_dependencies
        cat >$initdir/etc/crypttab <<EOF
$DM_NAME UUID=$ID_FS_UUID /etc/varkey
EOF
        echo -n test >$initdir/etc/varkey
        cat $initdir/etc/crypttab | ddebug

        cat >>$initdir/etc/fstab <<EOF
/dev/mapper/varcrypt    /var    ext4    defaults 0 1
EOF

        # Forward journal messages to the console, so we have something
        # to investigate even if we fail to mount the encrypted /var
        echo ForwardToConsole=yes >> $initdir/etc/systemd/journald.conf
    )
}

cleanup_root_var() {
    ddebug "umount $initdir/var"
    mountpoint $initdir/var && umount $initdir/var
    [[ -b /dev/mapper/varcrypt ]] && cryptsetup luksClose /dev/mapper/varcrypt
}

test_cleanup() {
    # ignore errors, so cleanup can continue
    cleanup_root_var || :
    _test_cleanup
}

test_setup_cleanup() {
    cleanup_root_var || :
    cleanup_initdir
}

do_test "$@" 02
treewide: more portable bash shebangs As in 2a5fcfae024ffc370bb780572279f45a1da3f946 and in 3e67e5c9928f8b1e1c5a63def88d53ed1fed12eb using /usr/bin/env allows bash to be looked up in PATH rather than being hard-coded. As with the previous changes the same arguments apply - distributions have scripts to rewrite shebangs on installation and they know what locations to rely on. - For tests/compilation we should rather rely on the user to have setup there PATH correctly. In particular this makes testing from git easier on NixOS where do not provide /bin/bash to improve compose-ability. 2020-03-04 09:35:06 +00:00			`#!/usr/bin/env bash`
test: Run qemu/nspawn tests with "set -e" This catches errors like "ninja not found", missing programs etc. early, instead of silently ignoring them and trying to boot a broken VM. In install_config_files(), allow some distro specific files to be absent (such as /etc/sysconfig/init). 2017-08-07 21:09:21 +02:00			`set -e`
test: split of cryptsetup into its own test 2012-09-13 23:19:05 +02:00			`TEST_DESCRIPTION="cryptsetup systemd setup"`
test: rework how images are created Before, we'd create a separate image for each test, in /var/tmp/systemd-test.XXXXX/rootdisk.img. Most of the images where very similar, except that each one had some unit files installed specifically for the test. The installation of those custom unit files was removed in previous commits (all the unit files are always installed). The new approach is to only create as few distinct images as possible. We have: default.img: the "normal" image suitable for almost all the tests basic.img: the same as default image but doesn't mask any services cryptsetup.img: p2 is used for encrypted /var badid.img: /etc/machine-id is overwritten with stuff selinux.img: with selinux added for fun and fun and a few others: ls -l build/test/*img lrwxrwxrwx 1 root root 38 Mar 21 21:23 build/test/badid.img -> /var/tmp/systemd-test.PJFFeo/badid.img lrwxrwxrwx 1 root root 38 Mar 21 21:17 build/test/basic.img -> /var/tmp/systemd-test.na0xOI/basic.img lrwxrwxrwx 1 root root 43 Mar 21 21:18 build/test/cryptsetup.img -> /var/tmp/systemd-test.Tzjv06/cryptsetup.img lrwxrwxrwx 1 root root 40 Mar 21 21:19 build/test/default.img -> /var/tmp/systemd-test.EscAsS/default.img lrwxrwxrwx 1 root root 39 Mar 21 21:22 build/test/nspawn.img -> /var/tmp/systemd-test.HSebKo/nspawn.img lrwxrwxrwx 1 root root 40 Mar 21 21:20 build/test/selinux.img -> /var/tmp/systemd-test.daBjbx/selinux.img lrwxrwxrwx 1 root root 39 Mar 21 21:21 build/test/test08.img -> /var/tmp/systemd-test.OgnN8Z/test08.img I considered trying to use the same image everywhere. It would probably be possible, but it would be very brittle. By using separate images where it is necessary we keep various orthogonal modifications independent. The way that images are cached is complicated by the fact that we still want to keep them in /var/tmp. Thus, an image is created on first use and linked to from build/test/ so it can be found by other tests. Tests cannot be run in parallel. I think that is an acceptable limitation. Creation of the images was probably taking more resources then the actual tests, so we should be better off anyway. 2019-12-12 09:37:19 +01:00			`IMAGE_NAME="cryptsetup"`
test: Factorize common integration test functions (#6540) All test/TEST* but TEST-02-CRYPTSETUP share the same check_result_qemu() and test_cleanup(), so move them into test_functions and only override them in TEST-02-CRYPTSETUP. Also provide a common test_run() which by default assumes that both QEMU and nspawn tests are run. Particular tests which don't support either need to explicitly opt out by setting $TEST_NO_{QEMU,NSPAWN}. Do it this way around to avoid accidentally forgetting to opt in, and to encourage test authors to at least always support nspawn. 2017-08-04 14:34:14 +02:00			`TEST_NO_NSPAWN=1`
test: split of cryptsetup into its own test 2012-09-13 23:19:05 +02:00
test: make it easier to override kernel version 2013-04-22 20:39:40 -04:00			`. $TEST_BASE_DIR/test-functions`
test: split of cryptsetup into its own test 2012-09-13 23:19:05 +02:00
test: remove duplicated code 2013-11-05 23:32:56 +01:00			`check_result_qemu() {`
test: split of cryptsetup into its own test 2012-09-13 23:19:05 +02:00			`ret=1`
test: stop caching loopdev It is more trouble than it is worth. The setup is of a loopback device is very quick, so it's better to always create it when needed and immediately drop afterwards. 2020-03-20 20:17:11 +01:00			`mount_initdir`
test: replace $TESTDIR/root with $initdir The $initdir var is already set to $TESTDIR/root, it should be used instead of direct use of $TESTDIR/root. 2019-08-15 09:39:31 -04:00			`[[ -e $initdir/testok ]] && ret=0`
			`[[ -f $initdir/failed ]] && cp -a $initdir/failed $TESTDIR`
test: split of cryptsetup into its own test 2012-09-13 23:19:05 +02:00			`cryptsetup luksOpen ${LOOPDEV}p2 varcrypt <$TESTDIR/keyfile`
test: replace $TESTDIR/root with $initdir The $initdir var is already set to $TESTDIR/root, it should be used instead of direct use of $TESTDIR/root. 2019-08-15 09:39:31 -04:00			`mount /dev/mapper/varcrypt $initdir/var`
test: use a helper function to move the journal files 2020-03-30 16:39:31 +02:00			`save_journal $initdir/var/log/journal`
test: stop caching loopdev It is more trouble than it is worth. The setup is of a loopback device is very quick, so it's better to always create it when needed and immediately drop afterwards. 2020-03-20 20:17:11 +01:00			`_umount_dir $initdir/var`
			`_umount_dir $initdir`
test: split of cryptsetup into its own test 2012-09-13 23:19:05 +02:00			`cryptsetup luksClose /dev/mapper/varcrypt`
test: remove duplicated code 2013-11-05 23:32:56 +01:00			`[[ -f $TESTDIR/failed ]] && cat $TESTDIR/failed`
test: use a helper function to move the journal files 2020-03-30 16:39:31 +02:00			`echo $JOURNAL_LIST`
test: split of cryptsetup into its own test 2012-09-13 23:19:05 +02:00			`test -s $TESTDIR/failed && ret=$(($ret+1))`
			`return $ret`
			`}`

test: rework how images are created Before, we'd create a separate image for each test, in /var/tmp/systemd-test.XXXXX/rootdisk.img. Most of the images where very similar, except that each one had some unit files installed specifically for the test. The installation of those custom unit files was removed in previous commits (all the unit files are always installed). The new approach is to only create as few distinct images as possible. We have: default.img: the "normal" image suitable for almost all the tests basic.img: the same as default image but doesn't mask any services cryptsetup.img: p2 is used for encrypted /var badid.img: /etc/machine-id is overwritten with stuff selinux.img: with selinux added for fun and fun and a few others: ls -l build/test/*img lrwxrwxrwx 1 root root 38 Mar 21 21:23 build/test/badid.img -> /var/tmp/systemd-test.PJFFeo/badid.img lrwxrwxrwx 1 root root 38 Mar 21 21:17 build/test/basic.img -> /var/tmp/systemd-test.na0xOI/basic.img lrwxrwxrwx 1 root root 43 Mar 21 21:18 build/test/cryptsetup.img -> /var/tmp/systemd-test.Tzjv06/cryptsetup.img lrwxrwxrwx 1 root root 40 Mar 21 21:19 build/test/default.img -> /var/tmp/systemd-test.EscAsS/default.img lrwxrwxrwx 1 root root 39 Mar 21 21:22 build/test/nspawn.img -> /var/tmp/systemd-test.HSebKo/nspawn.img lrwxrwxrwx 1 root root 40 Mar 21 21:20 build/test/selinux.img -> /var/tmp/systemd-test.daBjbx/selinux.img lrwxrwxrwx 1 root root 39 Mar 21 21:21 build/test/test08.img -> /var/tmp/systemd-test.OgnN8Z/test08.img I considered trying to use the same image everywhere. It would probably be possible, but it would be very brittle. By using separate images where it is necessary we keep various orthogonal modifications independent. The way that images are cached is complicated by the fact that we still want to keep them in /var/tmp. Thus, an image is created on first use and linked to from build/test/ so it can be found by other tests. Tests cannot be run in parallel. I think that is an acceptable limitation. Creation of the images was probably taking more resources then the actual tests, so we should be better off anyway. 2019-12-12 09:37:19 +01:00			`test_create_image() {`
test: add create_empty_image_rootdir() to simplify testcase setup Almost all tests were manually mounting/unmounting $TESTDIR/root from the loopback image; this moves all that into test-functions so the test setup functions are simplier. Also add test_setup_cleanup() function, to cleanup what is mounted by create_empty_image_rootdir() 2019-07-12 11:47:26 -04:00			`create_empty_image_rootdir`
test: split of cryptsetup into its own test 2012-09-13 23:19:05 +02:00			`echo -n test >$TESTDIR/keyfile`
test: use PBKDF2 instead of Argon2 in cryptsetup... to reduce memory requirements for volume manipulation. Also, to further improve the test performance, reduce number of PBKDF iterations to 1000 (allowed minimum). 2019-03-15 10:05:33 +01:00			`cryptsetup -q luksFormat --pbkdf pbkdf2 --pbkdf-force-iterations 1000 ${LOOPDEV}p2 $TESTDIR/keyfile`
test: split of cryptsetup into its own test 2012-09-13 23:19:05 +02:00			`cryptsetup luksOpen ${LOOPDEV}p2 varcrypt <$TESTDIR/keyfile`
test: switch to using ext4 instead of ext3 as default fallback fs (#7265) Using ext3 is not representative anymore, and Ubuntu has stopped shipping fsck.ext3 in the initramfs. 2017-11-07 09:51:30 -05:00			`mkfs.ext4 -L var /dev/mapper/varcrypt`
test: replace $TESTDIR/root with $initdir The $initdir var is already set to $TESTDIR/root, it should be used instead of direct use of $TESTDIR/root. 2019-08-15 09:39:31 -04:00			`mkdir -p $initdir/var`
			`mount /dev/mapper/varcrypt $initdir/var`
test: split of cryptsetup into its own test 2012-09-13 23:19:05 +02:00
			`# Create what will eventually be our root filesystem onto an overlay`
			`(`
			`LOG_LEVEL=5`
			`eval $(udevadm info --export --query=env --name=/dev/mapper/varcrypt)`
			`eval $(udevadm info --export --query=env --name=${LOOPDEV}p2)`

test: remove duplicated code 2013-11-05 23:32:56 +01:00			`setup_basic_environment`
test: add function to reduce copied setup boilerplate Many tests were also masking systemd-machined.service. But machined should only start when activated, so having it not masked shouldn't be noticable. TEST-25-IMPORT needs it. 2019-10-08 09:10:12 +02:00			`mask_supporting_services`
test: mask several unnecessary services This may make CIs run faster. 2018-11-01 17:26:36 +09:00
test: remove duplicated code 2013-11-05 23:32:56 +01:00			`install_dmevent`
test: fix TEST-02-CRYPTSETUP missing generate_module_dependencies call which prevents dm_mod and dm_crypt modules to be loaded 2013-12-08 00:30:16 +01:00			`generate_module_dependencies`
test: remove duplicated code 2013-11-05 23:32:56 +01:00			`cat >$initdir/etc/crypttab <<EOF`
			`$DM_NAME UUID=$ID_FS_UUID /etc/varkey`
test: split of cryptsetup into its own test 2012-09-13 23:19:05 +02:00			`EOF`
test: move part of TEST-02-CRYPTSETUP setup to static files Since we create an encrypted partition for this test, let's create a separate image here. 2019-12-12 09:59:53 +01:00			`echo -n test >$initdir/etc/varkey`
test: remove duplicated code 2013-11-05 23:32:56 +01:00			`cat $initdir/etc/crypttab \| ddebug`
test: split of cryptsetup into its own test 2012-09-13 23:19:05 +02:00
test: remove duplicated code 2013-11-05 23:32:56 +01:00			`cat >>$initdir/etc/fstab <<EOF`
test: switch to using ext4 instead of ext3 as default fallback fs (#7265) Using ext3 is not representative anymore, and Ubuntu has stopped shipping fsck.ext3 in the initramfs. 2017-11-07 09:51:30 -05:00			`/dev/mapper/varcrypt /var ext4 defaults 0 1`
test: remove duplicated code 2013-11-05 23:32:56 +01:00			`EOF`
test: make TEST-02-CRYPTSETUP a bit more robust Prompted by systemd/systemd#16111. * check if /var is a mountpoint - if not, something went wrong. In case of systemd/systemd#16111 the /failed file was created, because systemd-cryptsetup failed, but it ended up being empty, making the result check incorrectly pass * forward journal messages to console - if we fail to mount /var, journald won't flush logs to the persistent storage and we end up empty handed and with no clue what went wrong For example, without systemd/systemd#16111 and with this patch: ... [FAILED] Failed to start systemd-cryptsetup@varcrypt.service. See 'systemctl status systemd-cryptsetup@varcrypt.service' for details. [DEPEND] Dependency failed for cryptsetup.target. ... [ 3.882451] systemd-cryptsetup[581]: Key file /etc/varkey is world-readable. This is not a good idea! [ 3.883946] systemd-cryptsetup[581]: WARNING: Locking directory /run/cryptsetup is missing! [ 3.884846] systemd-cryptsetup[581]: Failed to load Bitlocker superblock on device /dev/disk/by-uuid/180ba5ef-873b-4018-9968-47c23431f71a: Invalid argument ... [ 4.099451] sh[606]: + mountpoint /var [ 4.100025] sh[603]: + systemctl poweroff --no-block [ 4.101636] systemd[1]: Finished systemd-user-sessions.service. [ 4.102598] sh[608]: /var is not a mountpoint [FAILED] Failed to start testsuite-02.service. 2020-06-09 16:51:55 +02:00
			`# Forward journal messages to the console, so we have something`
			`# to investigate even if we fail to mount the encrypted /var`
			`echo ForwardToConsole=yes >> $initdir/etc/systemd/journald.conf`
test: drop \|\| return 1 expression which is incompatible with set -e The `set -e` option is incompatible with a subshell/compound command, which is followed by \|\| <EXPR>. In such case, the -e option is ignored in all affected subshells/functions (see man bash(1) for command `set`). 2019-07-08 21:11:32 +02:00			`)`
test: add create_empty_image_rootdir() to simplify testcase setup Almost all tests were manually mounting/unmounting $TESTDIR/root from the loopback image; this moves all that into test-functions so the test setup functions are simplier. Also add test_setup_cleanup() function, to cleanup what is mounted by create_empty_image_rootdir() 2019-07-12 11:47:26 -04:00			`}`
test: split of cryptsetup into its own test 2012-09-13 23:19:05 +02:00
test: add create_empty_image_rootdir() to simplify testcase setup Almost all tests were manually mounting/unmounting $TESTDIR/root from the loopback image; this moves all that into test-functions so the test setup functions are simplier. Also add test_setup_cleanup() function, to cleanup what is mounted by create_empty_image_rootdir() 2019-07-12 11:47:26 -04:00			`cleanup_root_var() {`
test: replace $TESTDIR/root with $initdir The $initdir var is already set to $TESTDIR/root, it should be used instead of direct use of $TESTDIR/root. 2019-08-15 09:39:31 -04:00			`ddebug "umount $initdir/var"`
			`mountpoint $initdir/var && umount $initdir/var`
test: add create_empty_image_rootdir() to simplify testcase setup Almost all tests were manually mounting/unmounting $TESTDIR/root from the loopback image; this moves all that into test-functions so the test setup functions are simplier. Also add test_setup_cleanup() function, to cleanup what is mounted by create_empty_image_rootdir() 2019-07-12 11:47:26 -04:00			`[[ -b /dev/mapper/varcrypt ]] && cryptsetup luksClose /dev/mapper/varcrypt`
test: split of cryptsetup into its own test 2012-09-13 23:19:05 +02:00			`}`

			`test_cleanup() {`
test: ignore errors during test cleanup, so cleanup can finish Also move TESTDIR and STATEFILE removal into test_cleanup 2019-07-12 14:09:48 -04:00			`# ignore errors, so cleanup can continue`
test: convert all uses of '\|\| true' into '\|\| :' No change in functionality; just use the shorter \|\| : 2019-07-18 20:34:57 -04:00			`cleanup_root_var \|\| :`
test: add create_empty_image_rootdir() to simplify testcase setup Almost all tests were manually mounting/unmounting $TESTDIR/root from the loopback image; this moves all that into test-functions so the test setup functions are simplier. Also add test_setup_cleanup() function, to cleanup what is mounted by create_empty_image_rootdir() 2019-07-12 11:47:26 -04:00			`_test_cleanup`
			`}`

			`test_setup_cleanup() {`
test: run tests directly from the loopback device Before, we'd copy the test tree into nspawn-root, and run the tests from there. This is OK, and doesn't actually take much extra time. But it uses quite a lot of extra disk space. So let's make things a bit more efficient by running directly from the image file. We still run the unprivileged nspawn tests from a copy. Once the kernel implements fs shift, we can do away with that too. 2019-12-13 14:21:31 +01:00			`cleanup_root_var \|\| :`
			`cleanup_initdir`
test: split of cryptsetup into its own test 2012-09-13 23:19:05 +02:00			`}`

test: move part of TEST-02-CRYPTSETUP setup to static files Since we create an encrypted partition for this test, let's create a separate image here. 2019-12-12 09:59:53 +01:00			`do_test "$@" 02`