2020-03-04 09:35:06 +00:00
#!/usr/bin/env bash
2021-10-17 18:13:06 +02:00
# SPDX-License-Identifier: LGPL-2.1-or-later
2017-08-07 21:09:21 +02:00
set -e
2021-04-19 13:01:59 +02:00
2012-09-13 23:19:05 +02:00
TEST_DESCRIPTION = "cryptsetup systemd setup"
2019-12-12 09:37:19 +01:00
IMAGE_NAME = "cryptsetup"
2023-06-05 09:40:21 +02:00
IMAGE_ADDITIONAL_DATA_SIZE = 100
2017-08-04 14:34:14 +02:00
TEST_NO_NSPAWN = 1
2021-01-06 21:42:28 +00:00
TEST_FORCE_NEWIMAGE = 1
2012-09-13 23:19:05 +02:00
2021-04-19 13:01:59 +02:00
# shellcheck source=test/test-functions
. " ${ TEST_BASE_DIR : ? } /test-functions "
2012-09-13 23:19:05 +02:00
2022-05-25 17:39:14 +02:00
PART_UUID = "deadbeef-dead-dead-beef-000000000000"
DM_NAME = "test24_varcrypt"
2022-05-26 14:52:52 +02:00
KERNEL_APPEND += " rd.luks=1 luks.name= $PART_UUID = $DM_NAME luks.key= $PART_UUID =/keyfile:LABEL=varcrypt_keydev "
QEMU_OPTIONS += " -drive format=raw,cache=unsafe,file= ${ STATEDIR : ? } /keydev.img "
2022-05-25 17:39:14 +02:00
2013-11-05 23:32:56 +01:00
check_result_qemu( ) {
2021-04-19 13:01:59 +02:00
local ret = 1
2020-03-20 20:17:11 +01:00
mount_initdir
2021-04-19 13:01:59 +02:00
[ [ -e " ${ initdir : ? } /testok " ] ] && ret = 0
[ [ -f " $initdir /failed " ] ] && cp -a " $initdir /failed " " ${ TESTDIR : ? } "
2022-05-25 17:39:14 +02:00
cryptsetup luksOpen " ${ LOOPDEV : ? } p2 " " ${ DM_NAME : ? } " <" $TESTDIR /keyfile "
mount " /dev/mapper/ $DM_NAME " " $initdir /var "
2021-04-19 13:01:59 +02:00
save_journal " $initdir /var/log/journal "
2021-10-21 18:12:06 +02:00
check_coverage_reports " ${ initdir : ? } " || ret = 5
2021-04-19 13:01:59 +02:00
_umount_dir " $initdir /var "
_umount_dir " $initdir "
2022-05-25 17:39:14 +02:00
cryptsetup luksClose " /dev/mapper/ $DM_NAME "
2021-04-19 13:01:59 +02:00
[ [ -f " $TESTDIR /failed " ] ] && cat " $TESTDIR /failed "
echo " ${ JOURNAL_LIST :- No journals were saved } "
2021-04-23 10:55:49 +02:00
test -s " $TESTDIR /failed " && ret = 1
2012-09-13 23:19:05 +02:00
return $ret
}
2019-12-12 09:37:19 +01:00
test_create_image( ) {
2019-07-12 11:47:26 -04:00
create_empty_image_rootdir
2021-04-19 13:01:59 +02:00
echo -n test >" ${ TESTDIR : ? } /keyfile "
2022-05-25 17:39:14 +02:00
cryptsetup -q luksFormat --uuid= " $PART_UUID " --pbkdf pbkdf2 --pbkdf-force-iterations 1000 " ${ LOOPDEV : ? } p2 " " $TESTDIR /keyfile "
cryptsetup luksOpen " ${ LOOPDEV } p2 " " ${ DM_NAME : ? } " <" $TESTDIR /keyfile "
mkfs.ext4 -L var " /dev/mapper/ $DM_NAME "
2021-04-19 13:01:59 +02:00
mkdir -p " ${ initdir : ? } /var "
2022-05-25 17:39:14 +02:00
mount " /dev/mapper/ $DM_NAME " " $initdir /var "
LOG_LEVEL = 5
setup_basic_environment
mask_supporting_services
install_dmevent
generate_module_dependencies
2022-05-26 14:52:52 +02:00
# Create a keydev
dd if = /dev/zero of = " ${ STATEDIR : ? } /keydev.img " bs = 1M count = 16
mkfs.ext4 -L varcrypt_keydev " $STATEDIR /keydev.img "
mkdir -p " $STATEDIR /keydev "
mount " $STATEDIR /keydev.img " " $STATEDIR /keydev "
echo -n test >" $STATEDIR /keydev/keyfile "
umount " $STATEDIR /keydev "
2012-09-13 23:19:05 +02:00
2022-05-25 17:39:14 +02:00
cat >>" $initdir /etc/fstab " <<EOF
/dev/mapper/$DM_NAME /var ext4 defaults 0 1
2013-11-05 23:32:56 +01:00
EOF
2020-06-09 16:51:55 +02:00
2022-05-25 17:39:14 +02:00
# Forward journal messages to the console, so we have something
# to investigate even if we fail to mount the encrypted /var
2023-02-05 21:41:24 +01:00
echo ForwardToConsole = yes >>" $initdir /etc/systemd/journald.conf "
2022-05-26 13:19:11 +02:00
# If $INITRD wasn't provided explicitly, generate a custom one with dm-crypt
# support
if [ [ -z " $INITRD " ] ] ; then
INITRD = " ${ TESTDIR : ? } /initrd.img "
dinfo " Generating a custom initrd with dm-crypt support in ' ${ INITRD : ? } ' "
if command -v dracut >/dev/null; then
dracut --force --verbose --add crypt " $INITRD "
elif command -v mkinitcpio >/dev/null; then
mkinitcpio --addhooks sd-encrypt --generate " $INITRD "
elif command -v mkinitramfs >/dev/null; then
# The cryptroot hook is provided by the cryptsetup-initramfs package
if ! dpkg-query -s cryptsetup-initramfs; then
derror "Missing 'cryptsetup-initramfs' package for dm-crypt support in initrd"
return 1
fi
mkinitramfs -o " $INITRD "
else
dfatal "Unrecognized initrd generator, can't continue"
return 1
fi
fi
2019-07-12 11:47:26 -04:00
}
2012-09-13 23:19:05 +02:00
2019-07-12 11:47:26 -04:00
cleanup_root_var( ) {
2021-04-19 13:01:59 +02:00
ddebug " umount ${ initdir : ? } /var "
mountpoint " $initdir /var " && umount " $initdir /var "
2022-05-25 17:39:14 +02:00
[ [ -b " /dev/mapper/ ${ DM_NAME : ? } " ] ] && cryptsetup luksClose " /dev/mapper/ $DM_NAME "
2012-09-13 23:19:05 +02:00
}
test_cleanup( ) {
2019-07-12 14:09:48 -04:00
# ignore errors, so cleanup can continue
2019-07-18 20:34:57 -04:00
cleanup_root_var || :
2019-07-12 11:47:26 -04:00
_test_cleanup
}
test_setup_cleanup( ) {
2019-12-13 14:21:31 +01:00
cleanup_root_var || :
cleanup_initdir
2012-09-13 23:19:05 +02:00
}
2021-04-26 19:20:18 +02:00
do_test " $@ "