systemd/test/units/TEST-67-INTEGRITY.sh

#!/usr/bin/env bash
# SPDX-License-Identifier: LGPL-2.1-or-later
set -euxo pipefail

DM_NAME="integrity_test"
DM_NODE="/dev/mapper/${DM_NAME}"
DM_SERVICE="systemd-integritysetup@${DM_NAME}.service"
FS_UUID="01234567-ffff-eeee-eeee-0123456789ab"

TMP_DIR=
LOOP=

cleanup() (
    set +e

    if [[ -n "${LOOP}" ]]; then
        losetup -d "${LOOP}"
    fi

    if [[ -n "${TMP_DIR}" ]]; then
        rm -rf "${TMP_DIR}"
    fi

    rm -rf /run/udev/rules.d/
    udevadm control --reload
)

trap cleanup EXIT

udevadm settle

# Enable debugging logs for loop and dm block devices.
mkdir -p /run/udev/rules.d/
cat >/run/udev/rules.d/00-integrity-test.rules <<EOF
SUBSYSTEM=="block", KERNEL=="loop*|dm-*", OPTIONS="log_level=debug"
EOF

# FIXME:
# There is no ordering restriction between underlying loopback block devices and DM devices.
# Hence, we may get wrong device node symlinks. To workaround that issue, let's decrease the
# priority for loopback block devices.
cat >/run/udev/rules.d/99-priority.rules <<EOF
SUBSYSTEM=="block", KERNEL=="loop*", OPTIONS="link_priority=-200"
EOF

udevadm control --reload

TMP_DIR="$(mktemp -d -t -p / integrity.tmp.XXXXXX)"
dd if=/dev/zero of="${TMP_DIR}/image" bs=1048576 count=64
dd if=/dev/zero of="${TMP_DIR}/data" bs=1048576 count=64
LOOP="$(losetup --show -f "${TMP_DIR}/image")"
udevadm wait --timeout=30 --settle "${LOOP}"

test_cleanup() (
    set +e

    if [[ -e "/run/systemd/generator/${DM_SERVICE}" ]]; then
        systemctl stop "${DM_SERVICE}"
    elif [[ -e "${DM_NODE}" ]]; then
        integritysetup close "${DM_NAME}"
    fi

    udevadm wait --timeout=30 --settle --removed "${DM_NODE}"

    # Clear integritytab.
    rm -f /etc/integritytab

    # Make the generator to re-run.
    systemctl daemon-reload
)

test_one() {
    local algorithm="${1?}"
    local separate_data="${2?}"
    local data_option

    trap test_cleanup RETURN

    if [[ "${separate_data}" == 1 ]]; then
        data_option="--data-device=${TMP_DIR}/data"
    else
        data_option=""
    fi

    integritysetup format "${LOOP}" --batch-mode -I "${algorithm}" "${data_option}"
    integritysetup open -I "${algorithm}" "${LOOP}" "${DM_NAME}" "${data_option}"
    udevadm wait --timeout=30 --settle "${DM_NODE}"
    mkfs.ext4 -U "${FS_UUID}" "${DM_NODE}"
    # Wait for synthetic events being processed.
    udevadm settle
    integritysetup close "${DM_NAME}"
    udevadm wait --timeout=30 --settle --removed "${DM_NODE}"

    # Create integritytab.
    if [[ "${separate_data}" == 1 ]]; then
        data_option=",data-device=${TMP_DIR}/data"
    else
        data_option=""
    fi
    cat >"/etc/integritytab" <<EOF
${DM_NAME} ${LOOP} - integrity-algorithm=${algorithm}${data_option}
EOF

    # Make the generator to re-run.
    systemctl daemon-reload

    # Check for existence of the unit file.
    [[ -e "/run/systemd/generator/${DM_SERVICE}" ]]

    # Make sure we are in a consistent state, e.g. not already active before we start.
    [[ "$(systemctl is-active "${DM_SERVICE}")" == inactive ]]
    systemctl start "${DM_SERVICE}"
    udevadm wait --timeout=30 --settle "${DM_NODE}"

    # Check the signature on the FS to ensure we can retrieve it and that is matches.
    [[ "$(blkid -U "${FS_UUID}")" == "${DM_NODE}" ]]
}

for a in crc32c crc32 xxhash64 sha1 sha256; do
    test_one "$a" 0
    test_one "$a" 1
done

touch /testok
test: exercise sytemd-integritysetup & generator Ensures we can open a dm-integrity volume formated with integritysetup. 2021-11-04 22:19:56 +03:00			`#!/usr/bin/env bash`
			`# SPDX-License-Identifier: LGPL-2.1-or-later`
			`set -euxo pipefail`

TEST-67-INTEGRITY: modernize test code - make udevd generate debugging logs for loopback and DM devices, - insert 'udevadm wait' at several places to make the device processed by udevd, - cleanup generated integritysetup service before moving to next algorithm, - drop unnecessary exit on command failure, - also test data splitting mode for all algorithms. 2024-11-26 18:06:39 +03:00			`DM_NAME="integrity_test"`
			`DM_NODE="/dev/mapper/${DM_NAME}"`
			`DM_SERVICE="systemd-integritysetup@${DM_NAME}.service"`
			`FS_UUID="01234567-ffff-eeee-eeee-0123456789ab"`
test: exercise sytemd-integritysetup & generator Ensures we can open a dm-integrity volume formated with integritysetup. 2021-11-04 22:19:56 +03:00
TEST-67-INTEGRITY: modernize test code - make udevd generate debugging logs for loopback and DM devices, - insert 'udevadm wait' at several places to make the device processed by udevd, - cleanup generated integritysetup service before moving to next algorithm, - drop unnecessary exit on command failure, - also test data splitting mode for all algorithms. 2024-11-26 18:06:39 +03:00			`TMP_DIR=`
			`LOOP=`
test: exercise sytemd-integritysetup & generator Ensures we can open a dm-integrity volume formated with integritysetup. 2021-11-04 22:19:56 +03:00
TEST-67-INTEGRITY: modernize test code - make udevd generate debugging logs for loopback and DM devices, - insert 'udevadm wait' at several places to make the device processed by udevd, - cleanup generated integritysetup service before moving to next algorithm, - drop unnecessary exit on command failure, - also test data splitting mode for all algorithms. 2024-11-26 18:06:39 +03:00			`cleanup() (`
			`set +e`

			`if [[ -n "${LOOP}" ]]; then`
			`losetup -d "${LOOP}"`
test: exercise sytemd-integritysetup & generator Ensures we can open a dm-integrity volume formated with integritysetup. 2021-11-04 22:19:56 +03:00			`fi`

TEST-67-INTEGRITY: modernize test code - make udevd generate debugging logs for loopback and DM devices, - insert 'udevadm wait' at several places to make the device processed by udevd, - cleanup generated integritysetup service before moving to next algorithm, - drop unnecessary exit on command failure, - also test data splitting mode for all algorithms. 2024-11-26 18:06:39 +03:00			`if [[ -n "${TMP_DIR}" ]]; then`
			`rm -rf "${TMP_DIR}"`
test: exercise sytemd-integritysetup & generator Ensures we can open a dm-integrity volume formated with integritysetup. 2021-11-04 22:19:56 +03:00			`fi`

TEST-67-INTEGRITY: modernize test code - make udevd generate debugging logs for loopback and DM devices, - insert 'udevadm wait' at several places to make the device processed by udevd, - cleanup generated integritysetup service before moving to next algorithm, - drop unnecessary exit on command failure, - also test data splitting mode for all algorithms. 2024-11-26 18:06:39 +03:00			`rm -rf /run/udev/rules.d/`
			`udevadm control --reload`
			`)`
test: exercise sytemd-integritysetup & generator Ensures we can open a dm-integrity volume formated with integritysetup. 2021-11-04 22:19:56 +03:00
			`trap cleanup EXIT`

TEST-67-INTEGRITY: modernize test code - make udevd generate debugging logs for loopback and DM devices, - insert 'udevadm wait' at several places to make the device processed by udevd, - cleanup generated integritysetup service before moving to next algorithm, - drop unnecessary exit on command failure, - also test data splitting mode for all algorithms. 2024-11-26 18:06:39 +03:00			`udevadm settle`

			`# Enable debugging logs for loop and dm block devices.`
			`mkdir -p /run/udev/rules.d/`
			`cat >/run/udev/rules.d/00-integrity-test.rules <<EOF`
			`SUBSYSTEM=="block", KERNEL=="loop\|dm-", OPTIONS="log_level=debug"`
test: drop whitespace after shell redirection operators (The one case that is left unchanged is '< <(subcommand)'.) This way, the style with no gap was already dominant. This way, the reader immediately knows that ' < ' is a comparison operator and ' << ' is a shift. In a few cases, replace custom EOF replacement by just EOF. There is no point in using someting like "_EOL" unless "EOF" appears in the text. 2023-02-05 23:41:24 +03:00			`EOF`
test: exercise sytemd-integritysetup & generator Ensures we can open a dm-integrity volume formated with integritysetup. 2021-11-04 22:19:56 +03:00
TEST-67-INTEGRITY: blkid should not provide the underlying loopback block device Fixes #35363. 2024-11-27 18:10:36 +03:00			`# FIXME:`
			`# There is no ordering restriction between underlying loopback block devices and DM devices.`
			`# Hence, we may get wrong device node symlinks. To workaround that issue, let's decrease the`
			`# priority for loopback block devices.`
			`cat >/run/udev/rules.d/99-priority.rules <<EOF`
			`SUBSYSTEM=="block", KERNEL=="loop*", OPTIONS="link_priority=-200"`
			`EOF`

TEST-67-INTEGRITY: modernize test code - make udevd generate debugging logs for loopback and DM devices, - insert 'udevadm wait' at several places to make the device processed by udevd, - cleanup generated integritysetup service before moving to next algorithm, - drop unnecessary exit on command failure, - also test data splitting mode for all algorithms. 2024-11-26 18:06:39 +03:00			`udevadm control --reload`

			`TMP_DIR="$(mktemp -d -t -p / integrity.tmp.XXXXXX)"`
			`dd if=/dev/zero of="${TMP_DIR}/image" bs=1048576 count=64`
			`dd if=/dev/zero of="${TMP_DIR}/data" bs=1048576 count=64`
			`LOOP="$(losetup --show -f "${TMP_DIR}/image")"`
			`udevadm wait --timeout=30 --settle "${LOOP}"`

			`test_cleanup() (`
			`set +e`

			`if [[ -e "/run/systemd/generator/${DM_SERVICE}" ]]; then`
			`systemctl stop "${DM_SERVICE}"`
			`elif [[ -e "${DM_NODE}" ]]; then`
			`integritysetup close "${DM_NAME}"`
			`fi`

			`udevadm wait --timeout=30 --settle --removed "${DM_NODE}"`
test: exercise sytemd-integritysetup & generator Ensures we can open a dm-integrity volume formated with integritysetup. 2021-11-04 22:19:56 +03:00
TEST-67-INTEGRITY: modernize test code - make udevd generate debugging logs for loopback and DM devices, - insert 'udevadm wait' at several places to make the device processed by udevd, - cleanup generated integritysetup service before moving to next algorithm, - drop unnecessary exit on command failure, - also test data splitting mode for all algorithms. 2024-11-26 18:06:39 +03:00			`# Clear integritytab.`
			`rm -f /etc/integritytab`
test: exercise sytemd-integritysetup & generator Ensures we can open a dm-integrity volume formated with integritysetup. 2021-11-04 22:19:56 +03:00
TEST-67-INTEGRITY: modernize test code - make udevd generate debugging logs for loopback and DM devices, - insert 'udevadm wait' at several places to make the device processed by udevd, - cleanup generated integritysetup service before moving to next algorithm, - drop unnecessary exit on command failure, - also test data splitting mode for all algorithms. 2024-11-26 18:06:39 +03:00			`# Make the generator to re-run.`
			`systemctl daemon-reload`
			`)`
test: exercise sytemd-integritysetup & generator Ensures we can open a dm-integrity volume formated with integritysetup. 2021-11-04 22:19:56 +03:00
TEST-67-INTEGRITY: modernize test code - make udevd generate debugging logs for loopback and DM devices, - insert 'udevadm wait' at several places to make the device processed by udevd, - cleanup generated integritysetup service before moving to next algorithm, - drop unnecessary exit on command failure, - also test data splitting mode for all algorithms. 2024-11-26 18:06:39 +03:00			`test_one() {`
			`local algorithm="${1?}"`
			`local separate_data="${2?}"`
TEST-67-INTEGRITY: blkid should not provide the underlying loopback block device Fixes #35363. 2024-11-27 18:10:36 +03:00			`local data_option`
integritysetup: do not use crypt_init_data_device after crypt_init crypt_init_data_device() replaces the crypt_device struct with a new allocation, losing the old one, which we get from crypt_init(). Use crypt_set_data_device() instead. Enhance the test to cover this option too. 2022-08-03 20:41:13 +03:00
TEST-67-INTEGRITY: modernize test code - make udevd generate debugging logs for loopback and DM devices, - insert 'udevadm wait' at several places to make the device processed by udevd, - cleanup generated integritysetup service before moving to next algorithm, - drop unnecessary exit on command failure, - also test data splitting mode for all algorithms. 2024-11-26 18:06:39 +03:00			`trap test_cleanup RETURN`

			`if [[ "${separate_data}" == 1 ]]; then`
			`data_option="--data-device=${TMP_DIR}/data"`
integritysetup: do not use crypt_init_data_device after crypt_init crypt_init_data_device() replaces the crypt_device struct with a new allocation, losing the old one, which we get from crypt_init(). Use crypt_set_data_device() instead. Enhance the test to cover this option too. 2022-08-03 20:41:13 +03:00			`else`
			`data_option=""`
			`fi`
test: exercise sytemd-integritysetup & generator Ensures we can open a dm-integrity volume formated with integritysetup. 2021-11-04 22:19:56 +03:00
TEST-67-INTEGRITY: modernize test code - make udevd generate debugging logs for loopback and DM devices, - insert 'udevadm wait' at several places to make the device processed by udevd, - cleanup generated integritysetup service before moving to next algorithm, - drop unnecessary exit on command failure, - also test data splitting mode for all algorithms. 2024-11-26 18:06:39 +03:00			`integritysetup format "${LOOP}" --batch-mode -I "${algorithm}" "${data_option}"`
			`integritysetup open -I "${algorithm}" "${LOOP}" "${DM_NAME}" "${data_option}"`
			`udevadm wait --timeout=30 --settle "${DM_NODE}"`
			`mkfs.ext4 -U "${FS_UUID}" "${DM_NODE}"`
			`# Wait for synthetic events being processed.`
test: exercise sytemd-integritysetup & generator Ensures we can open a dm-integrity volume formated with integritysetup. 2021-11-04 22:19:56 +03:00			`udevadm settle`
TEST-67-INTEGRITY: modernize test code - make udevd generate debugging logs for loopback and DM devices, - insert 'udevadm wait' at several places to make the device processed by udevd, - cleanup generated integritysetup service before moving to next algorithm, - drop unnecessary exit on command failure, - also test data splitting mode for all algorithms. 2024-11-26 18:06:39 +03:00			`integritysetup close "${DM_NAME}"`
			`udevadm wait --timeout=30 --settle --removed "${DM_NODE}"`
test: exercise sytemd-integritysetup & generator Ensures we can open a dm-integrity volume formated with integritysetup. 2021-11-04 22:19:56 +03:00
TEST-67-INTEGRITY: modernize test code - make udevd generate debugging logs for loopback and DM devices, - insert 'udevadm wait' at several places to make the device processed by udevd, - cleanup generated integritysetup service before moving to next algorithm, - drop unnecessary exit on command failure, - also test data splitting mode for all algorithms. 2024-11-26 18:06:39 +03:00			`# Create integritytab.`
			`if [[ "${separate_data}" == 1 ]]; then`
			`data_option=",data-device=${TMP_DIR}/data"`
integritysetup: do not use crypt_init_data_device after crypt_init crypt_init_data_device() replaces the crypt_device struct with a new allocation, losing the old one, which we get from crypt_init(). Use crypt_set_data_device() instead. Enhance the test to cover this option too. 2022-08-03 20:41:13 +03:00			`else`
			`data_option=""`
			`fi`
TEST-67-INTEGRITY: modernize test code - make udevd generate debugging logs for loopback and DM devices, - insert 'udevadm wait' at several places to make the device processed by udevd, - cleanup generated integritysetup service before moving to next algorithm, - drop unnecessary exit on command failure, - also test data splitting mode for all algorithms. 2024-11-26 18:06:39 +03:00			`cat >"/etc/integritytab" <<EOF`
			`${DM_NAME} ${LOOP} - integrity-algorithm=${algorithm}${data_option}`
			`EOF`
test: exercise sytemd-integritysetup & generator Ensures we can open a dm-integrity volume formated with integritysetup. 2021-11-04 22:19:56 +03:00
TEST-67-INTEGRITY: modernize test code - make udevd generate debugging logs for loopback and DM devices, - insert 'udevadm wait' at several places to make the device processed by udevd, - cleanup generated integritysetup service before moving to next algorithm, - drop unnecessary exit on command failure, - also test data splitting mode for all algorithms. 2024-11-26 18:06:39 +03:00			`# Make the generator to re-run.`
			`systemctl daemon-reload`
test: exercise sytemd-integritysetup & generator Ensures we can open a dm-integrity volume formated with integritysetup. 2021-11-04 22:19:56 +03:00
TEST-67-INTEGRITY: modernize test code - make udevd generate debugging logs for loopback and DM devices, - insert 'udevadm wait' at several places to make the device processed by udevd, - cleanup generated integritysetup service before moving to next algorithm, - drop unnecessary exit on command failure, - also test data splitting mode for all algorithms. 2024-11-26 18:06:39 +03:00			`# Check for existence of the unit file.`
			`[[ -e "/run/systemd/generator/${DM_SERVICE}" ]]`
test: exercise sytemd-integritysetup & generator Ensures we can open a dm-integrity volume formated with integritysetup. 2021-11-04 22:19:56 +03:00
TEST-67-INTEGRITY: modernize test code - make udevd generate debugging logs for loopback and DM devices, - insert 'udevadm wait' at several places to make the device processed by udevd, - cleanup generated integritysetup service before moving to next algorithm, - drop unnecessary exit on command failure, - also test data splitting mode for all algorithms. 2024-11-26 18:06:39 +03:00			`# Make sure we are in a consistent state, e.g. not already active before we start.`
			`[[ "$(systemctl is-active "${DM_SERVICE}")" == inactive ]]`
			`systemctl start "${DM_SERVICE}"`
			`udevadm wait --timeout=30 --settle "${DM_NODE}"`
test: exercise sytemd-integritysetup & generator Ensures we can open a dm-integrity volume formated with integritysetup. 2021-11-04 22:19:56 +03:00
TEST-67-INTEGRITY: modernize test code - make udevd generate debugging logs for loopback and DM devices, - insert 'udevadm wait' at several places to make the device processed by udevd, - cleanup generated integritysetup service before moving to next algorithm, - drop unnecessary exit on command failure, - also test data splitting mode for all algorithms. 2024-11-26 18:06:39 +03:00			`# Check the signature on the FS to ensure we can retrieve it and that is matches.`
TEST-67-INTEGRITY: blkid should not provide the underlying loopback block device Fixes #35363. 2024-11-27 18:10:36 +03:00			`[[ "$(blkid -U "${FS_UUID}")" == "${DM_NODE}" ]]`
TEST-67-INTEGRITY: modernize test code - make udevd generate debugging logs for loopback and DM devices, - insert 'udevadm wait' at several places to make the device processed by udevd, - cleanup generated integritysetup service before moving to next algorithm, - drop unnecessary exit on command failure, - also test data splitting mode for all algorithms. 2024-11-26 18:06:39 +03:00			`}`
test: exercise sytemd-integritysetup & generator Ensures we can open a dm-integrity volume formated with integritysetup. 2021-11-04 22:19:56 +03:00
TEST-67-INTEGRITY: modernize test code - make udevd generate debugging logs for loopback and DM devices, - insert 'udevadm wait' at several places to make the device processed by udevd, - cleanup generated integritysetup service before moving to next algorithm, - drop unnecessary exit on command failure, - also test data splitting mode for all algorithms. 2024-11-26 18:06:39 +03:00			`for a in crc32c crc32 xxhash64 sha1 sha256; do`
			`test_one "$a" 0`
			`test_one "$a" 1`
test: exercise sytemd-integritysetup & generator Ensures we can open a dm-integrity volume formated with integritysetup. 2021-11-04 22:19:56 +03:00			`done`

test: unify /testok & /failed handling And drop it where not necessary. 2023-07-12 16:49:55 +03:00			`touch /testok`