mirror of
https://github.com/systemd/systemd-stable.git
synced 2024-12-22 13:33:56 +03:00
integritysetup: do not use crypt_init_data_device after crypt_init
crypt_init_data_device() replaces the crypt_device struct with a new allocation, losing the old one, which we get from crypt_init(). Use crypt_set_data_device() instead. Enhance the test to cover this option too.
This commit is contained in:
parent
29e804dffd
commit
872f9da4d8
@ -152,12 +152,6 @@ static int run(int argc, char *argv[]) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (!isempty(arg_existing_data_device)) {
|
||||
r = crypt_init_data_device(&cd, device, arg_existing_data_device);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to add separate data device: %m");
|
||||
}
|
||||
|
||||
r = crypt_load(cd,
|
||||
CRYPT_INTEGRITY,
|
||||
&(struct crypt_params_integrity) {
|
||||
@ -168,6 +162,12 @@ static int run(int argc, char *argv[]) {
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to load integrity superblock: %m");
|
||||
|
||||
if (!isempty(arg_existing_data_device)) {
|
||||
r = crypt_set_data_device(cd, arg_existing_data_device);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to add separate data device: %m");
|
||||
}
|
||||
|
||||
r = crypt_activate_by_volume_key(cd, volume, key_buf, key_buf_size, arg_activate_flags);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to set up integrity device: %m");
|
||||
|
@ -41,6 +41,7 @@ if [ -z "${image_dir}" ] || [ ! -d "${image_dir}" ]; then
|
||||
fi
|
||||
|
||||
dd if=/dev/zero of="${image_dir}/image" bs=1048576 count=64 || exit 1
|
||||
dd if=/dev/zero of="${image_dir}/data" bs=1048576 count=64 || exit 1
|
||||
loop="$(losetup --show -f "${image_dir}/image")"
|
||||
|
||||
if [[ ! -e ${loop} ]]; then
|
||||
@ -48,10 +49,18 @@ if [[ ! -e ${loop} ]]; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Do one iteration with a separate data device, to test those branches
|
||||
separate_data=1
|
||||
|
||||
for algorithm in crc32c crc32 sha1 sha256
|
||||
do
|
||||
integritysetup format "${loop}" --batch-mode -I "${algorithm}" || exit 1
|
||||
integritysetup open -I "${algorithm}" "${loop}" "${DM_NAME}" || exit 1
|
||||
if [ "${separate_data}" -eq 1 ]; then
|
||||
data_option="--data-device=${image_dir}/data"
|
||||
else
|
||||
data_option=""
|
||||
fi
|
||||
integritysetup format "${loop}" --batch-mode -I "${algorithm}" "${data_option}" || exit 1
|
||||
integritysetup open -I "${algorithm}" "${loop}" "${DM_NAME}" "${data_option}" || exit 1
|
||||
mkfs.ext4 -U "${FS_UUID}" "${FULL_DM_DEV_NAME}" || exit 1
|
||||
|
||||
# Give userspace time to handle udev events for new FS showing up ...
|
||||
@ -60,7 +69,12 @@ do
|
||||
integritysetup close "${DM_NAME}" || exit 1
|
||||
|
||||
# create integritytab, generate units, start service
|
||||
build_integrity_tab ${algorithm}
|
||||
if [ "${separate_data}" -eq 1 ]; then
|
||||
data_option=",data-device=${image_dir}/data"
|
||||
else
|
||||
data_option=""
|
||||
fi
|
||||
build_integrity_tab "${algorithm}${data_option}"
|
||||
|
||||
# Cause the generator to re-run
|
||||
systemctl daemon-reload || exit 1
|
||||
@ -77,7 +91,13 @@ do
|
||||
|
||||
# Check the signature on the FS to ensure we can retrieve it and that is matches
|
||||
if [ -e "${FULL_DM_DEV_NAME}" ]; then
|
||||
if [ "${FULL_DM_DEV_NAME}" != "$(blkid -U "${FS_UUID}")" ]; then
|
||||
# If a separate device is used for the metadata storage, then blkid will return one of the loop devices
|
||||
if [ "${separate_data}" -eq 1 ]; then
|
||||
dev_name="$(integritysetup status ${DM_NAME} | grep '^\s*device:' | awk '{print $2}')"
|
||||
else
|
||||
dev_name="${FULL_DM_DEV_NAME}"
|
||||
fi
|
||||
if [ "${dev_name}" != "$(blkid -U "${FS_UUID}")" ]; then
|
||||
echo "Failed to locate FS with matching UUID!"
|
||||
exit 1
|
||||
fi
|
||||
@ -93,6 +113,7 @@ do
|
||||
exit 1
|
||||
fi
|
||||
|
||||
separate_data=0
|
||||
done
|
||||
|
||||
echo OK >/testok
|
||||
|
Loading…
Reference in New Issue
Block a user