2021-11-04 22:19:56 +03:00
#!/usr/bin/env bash
# SPDX-License-Identifier: LGPL-2.1-or-later
set -euxo pipefail
export DM_NAME = "integrity_test"
export FULL_DM_DEV_NAME = " /dev/mapper/ ${ DM_NAME } "
export FS_UUID = "01234567-ffff-eeee-eeee-0123456789ab"
export GEN = "/var/run/systemd/generator"
image_dir = ""
cleanup( )
{
if [ -z " ${ image_dir } " ] ; then
return
fi
if [ -f " ${ image_dir } /image " ] ; then
if [ -e " ${ FULL_DM_DEV_NAME } " ] ; then
integritysetup close " ${ DM_NAME } "
fi
losetup -d " ${ loop } "
fi
rm -rf " ${ image_dir } "
}
trap cleanup EXIT
build_integrity_tab( )
{
cat << _EOL > "/etc/integritytab"
${ DM_NAME } ${ loop } - integrity-algorithm= $1
_EOL
}
image_dir = " $( mktemp -d -t -p / integrity.tmp.XXXXXX) "
if [ -z " ${ image_dir } " ] || [ ! -d " ${ image_dir } " ] ; then
echo "mktemp under / failed"
exit 1
fi
dd if = /dev/zero of = " ${ image_dir } /image " bs = 1048576 count = 64 || exit 1
2022-08-03 20:41:13 +03:00
dd if = /dev/zero of = " ${ image_dir } /data " bs = 1048576 count = 64 || exit 1
2021-11-04 22:19:56 +03:00
loop = " $( losetup --show -f " ${ image_dir } /image " ) "
if [ [ ! -e ${ loop } ] ] ; then
echo "Loopback device created not found!"
exit 1
fi
2022-08-03 20:41:13 +03:00
# Do one iteration with a separate data device, to test those branches
separate_data = 1
2021-11-04 22:19:56 +03:00
for algorithm in crc32c crc32 sha1 sha256
do
2022-08-03 20:41:13 +03:00
if [ " ${ separate_data } " -eq 1 ] ; then
data_option = " --data-device= ${ image_dir } /data "
else
data_option = ""
fi
integritysetup format " ${ loop } " --batch-mode -I " ${ algorithm } " " ${ data_option } " || exit 1
integritysetup open -I " ${ algorithm } " " ${ loop } " " ${ DM_NAME } " " ${ data_option } " || exit 1
2021-11-04 22:19:56 +03:00
mkfs.ext4 -U " ${ FS_UUID } " " ${ FULL_DM_DEV_NAME } " || exit 1
# Give userspace time to handle udev events for new FS showing up ...
udevadm settle
integritysetup close " ${ DM_NAME } " || exit 1
# create integritytab, generate units, start service
2022-08-03 20:41:13 +03:00
if [ " ${ separate_data } " -eq 1 ] ; then
data_option = " ,data-device= ${ image_dir } /data "
else
data_option = ""
fi
build_integrity_tab " ${ algorithm } ${ data_option } "
2021-11-04 22:19:56 +03:00
# Cause the generator to re-run
systemctl daemon-reload || exit 1
2021-11-30 12:26:17 +03:00
# Check for existence of unit files...
2021-11-04 22:19:56 +03:00
if [ [ ! -e " /run/systemd/generator/systemd-integritysetup@ ${ DM_NAME } .service " ] ] ; then
echo "Service file does not exist!"
exit 1
fi
# Make sure we are in a consistent state, e.g. not already active before we start
systemctl stop systemd-integritysetup@" ${ DM_NAME } " .service || exit 1
systemctl start systemd-integritysetup@" ${ DM_NAME } " .service || exit 1
# Check the signature on the FS to ensure we can retrieve it and that is matches
if [ -e " ${ FULL_DM_DEV_NAME } " ] ; then
2022-08-03 20:41:13 +03:00
# If a separate device is used for the metadata storage, then blkid will return one of the loop devices
if [ " ${ separate_data } " -eq 1 ] ; then
dev_name = " $( integritysetup status ${ DM_NAME } | grep '^\s*device:' | awk '{print $2}' ) "
else
dev_name = " ${ FULL_DM_DEV_NAME } "
fi
if [ " ${ dev_name } " != " $( blkid -U " ${ FS_UUID } " ) " ] ; then
2021-11-04 22:19:56 +03:00
echo "Failed to locate FS with matching UUID!"
exit 1
fi
else
echo "Failed to bring up integrity device!"
exit 1
fi
systemctl stop systemd-integritysetup@" ${ DM_NAME } " .service || exit 1
if [ -e " ${ FULL_DM_DEV_NAME } " ] ; then
2021-11-30 12:26:17 +03:00
echo " Expecting ${ FULL_DM_DEV_NAME } to not exist after stopping unit! "
2021-11-04 22:19:56 +03:00
exit 1
fi
2022-08-03 20:41:13 +03:00
separate_data = 0
2021-11-04 22:19:56 +03:00
done
echo OK >/testok
