mirror of
https://github.com/systemd/systemd-stable.git
synced 2025-01-11 05:17:44 +03:00
e47add9edc
Prompted by systemd/systemd#16111. * check if /var is a mountpoint - if not, something went wrong. In case of systemd/systemd#16111 the /failed file was created, because systemd-cryptsetup failed, but it ended up being empty, making the result check incorrectly pass * forward journal messages to console - if we fail to mount /var, journald won't flush logs to the persistent storage and we end up empty handed and with no clue what went wrong For example, without systemd/systemd#16111 and with this patch: ... [FAILED] Failed to start systemd-cryptsetup@varcrypt.service. See 'systemctl status systemd-cryptsetup@varcrypt.service' for details. [DEPEND] Dependency failed for cryptsetup.target. ... [ 3.882451] systemd-cryptsetup[581]: Key file /etc/varkey is world-readable. This is not a good idea! [ 3.883946] systemd-cryptsetup[581]: WARNING: Locking directory /run/cryptsetup is missing! [ 3.884846] systemd-cryptsetup[581]: Failed to load Bitlocker superblock on device /dev/disk/by-uuid/180ba5ef-873b-4018-9968-47c23431f71a: Invalid argument ... [ 4.099451] sh[606]: + mountpoint /var [ 4.100025] sh[603]: + systemctl poweroff --no-block [ 4.101636] systemd[1]: Finished systemd-user-sessions.service. [ 4.102598] sh[608]: /var is not a mountpoint [FAILED] Failed to start testsuite-02.service.
80 lines
2.3 KiB
Bash
Executable File
80 lines
2.3 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
set -e
|
|
TEST_DESCRIPTION="cryptsetup systemd setup"
|
|
IMAGE_NAME="cryptsetup"
|
|
TEST_NO_NSPAWN=1
|
|
|
|
. $TEST_BASE_DIR/test-functions
|
|
|
|
check_result_qemu() {
|
|
ret=1
|
|
mount_initdir
|
|
[[ -e $initdir/testok ]] && ret=0
|
|
[[ -f $initdir/failed ]] && cp -a $initdir/failed $TESTDIR
|
|
cryptsetup luksOpen ${LOOPDEV}p2 varcrypt <$TESTDIR/keyfile
|
|
mount /dev/mapper/varcrypt $initdir/var
|
|
save_journal $initdir/var/log/journal
|
|
_umount_dir $initdir/var
|
|
_umount_dir $initdir
|
|
cryptsetup luksClose /dev/mapper/varcrypt
|
|
[[ -f $TESTDIR/failed ]] && cat $TESTDIR/failed
|
|
echo $JOURNAL_LIST
|
|
test -s $TESTDIR/failed && ret=$(($ret+1))
|
|
return $ret
|
|
}
|
|
|
|
test_create_image() {
|
|
create_empty_image_rootdir
|
|
echo -n test >$TESTDIR/keyfile
|
|
cryptsetup -q luksFormat --pbkdf pbkdf2 --pbkdf-force-iterations 1000 ${LOOPDEV}p2 $TESTDIR/keyfile
|
|
cryptsetup luksOpen ${LOOPDEV}p2 varcrypt <$TESTDIR/keyfile
|
|
mkfs.ext4 -L var /dev/mapper/varcrypt
|
|
mkdir -p $initdir/var
|
|
mount /dev/mapper/varcrypt $initdir/var
|
|
|
|
# Create what will eventually be our root filesystem onto an overlay
|
|
(
|
|
LOG_LEVEL=5
|
|
eval $(udevadm info --export --query=env --name=/dev/mapper/varcrypt)
|
|
eval $(udevadm info --export --query=env --name=${LOOPDEV}p2)
|
|
|
|
setup_basic_environment
|
|
mask_supporting_services
|
|
|
|
install_dmevent
|
|
generate_module_dependencies
|
|
cat >$initdir/etc/crypttab <<EOF
|
|
$DM_NAME UUID=$ID_FS_UUID /etc/varkey
|
|
EOF
|
|
echo -n test >$initdir/etc/varkey
|
|
cat $initdir/etc/crypttab | ddebug
|
|
|
|
cat >>$initdir/etc/fstab <<EOF
|
|
/dev/mapper/varcrypt /var ext4 defaults 0 1
|
|
EOF
|
|
|
|
# Forward journal messages to the console, so we have something
|
|
# to investigate even if we fail to mount the encrypted /var
|
|
echo ForwardToConsole=yes >> $initdir/etc/systemd/journald.conf
|
|
)
|
|
}
|
|
|
|
cleanup_root_var() {
|
|
ddebug "umount $initdir/var"
|
|
mountpoint $initdir/var && umount $initdir/var
|
|
[[ -b /dev/mapper/varcrypt ]] && cryptsetup luksClose /dev/mapper/varcrypt
|
|
}
|
|
|
|
test_cleanup() {
|
|
# ignore errors, so cleanup can continue
|
|
cleanup_root_var || :
|
|
_test_cleanup
|
|
}
|
|
|
|
test_setup_cleanup() {
|
|
cleanup_root_var || :
|
|
cleanup_initdir
|
|
}
|
|
|
|
do_test "$@" 02
|