mirror of
https://github.com/systemd/systemd.git
synced 2024-10-27 18:55:40 +03:00
Merge pull request #23517 from mrc0mmand/cryptsetup-switchroot-transition
test: cover initrd->sysroot transition in TEST-24
This commit is contained in:
commit
6d3bb9e7d1
@ -201,12 +201,11 @@ static int device_coldplug(Unit *u) {
|
|||||||
* Of course, deserialized parameters may be outdated, but the unit state can be adjusted later by
|
* Of course, deserialized parameters may be outdated, but the unit state can be adjusted later by
|
||||||
* device_catchup() or uevents. */
|
* device_catchup() or uevents. */
|
||||||
|
|
||||||
if (!m->honor_device_enumeration && !MANAGER_IS_USER(m)) {
|
if (!m->honor_device_enumeration && !MANAGER_IS_USER(m) &&
|
||||||
|
!FLAGS_SET(d->enumerated_found, DEVICE_FOUND_UDEV)) {
|
||||||
found &= ~DEVICE_FOUND_UDEV; /* ignore DEVICE_FOUND_UDEV bit */
|
found &= ~DEVICE_FOUND_UDEV; /* ignore DEVICE_FOUND_UDEV bit */
|
||||||
if (state == DEVICE_PLUGGED)
|
if (state == DEVICE_PLUGGED)
|
||||||
state = DEVICE_TENTATIVE; /* downgrade state */
|
state = DEVICE_TENTATIVE; /* downgrade state */
|
||||||
if (found == DEVICE_NOT_FOUND)
|
|
||||||
state = DEVICE_DEAD; /* If nobody sees the device, downgrade more */
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (d->found == found && d->state == state)
|
if (d->found == found && d->state == state)
|
||||||
|
@ -10,6 +10,11 @@ TEST_FORCE_NEWIMAGE=1
|
|||||||
# shellcheck source=test/test-functions
|
# shellcheck source=test/test-functions
|
||||||
. "${TEST_BASE_DIR:?}/test-functions"
|
. "${TEST_BASE_DIR:?}/test-functions"
|
||||||
|
|
||||||
|
PART_UUID="deadbeef-dead-dead-beef-000000000000"
|
||||||
|
DM_NAME="test24_varcrypt"
|
||||||
|
KERNEL_APPEND+=" rd.luks=1 luks.name=$PART_UUID=$DM_NAME luks.key=$PART_UUID=/keyfile:LABEL=varcrypt_keydev"
|
||||||
|
QEMU_OPTIONS+=" -drive format=raw,cache=unsafe,file=${STATEDIR:?}/keydev.img"
|
||||||
|
|
||||||
check_result_qemu() {
|
check_result_qemu() {
|
||||||
local ret=1
|
local ret=1
|
||||||
|
|
||||||
@ -17,13 +22,13 @@ check_result_qemu() {
|
|||||||
[[ -e "${initdir:?}/testok" ]] && ret=0
|
[[ -e "${initdir:?}/testok" ]] && ret=0
|
||||||
[[ -f "$initdir/failed" ]] && cp -a "$initdir/failed" "${TESTDIR:?}"
|
[[ -f "$initdir/failed" ]] && cp -a "$initdir/failed" "${TESTDIR:?}"
|
||||||
|
|
||||||
cryptsetup luksOpen "${LOOPDEV:?}p2" varcrypt <"$TESTDIR/keyfile"
|
cryptsetup luksOpen "${LOOPDEV:?}p2" "${DM_NAME:?}" <"$TESTDIR/keyfile"
|
||||||
mount /dev/mapper/varcrypt "$initdir/var"
|
mount "/dev/mapper/$DM_NAME" "$initdir/var"
|
||||||
save_journal "$initdir/var/log/journal"
|
save_journal "$initdir/var/log/journal"
|
||||||
check_coverage_reports "${initdir:?}" || ret=5
|
check_coverage_reports "${initdir:?}" || ret=5
|
||||||
_umount_dir "$initdir/var"
|
_umount_dir "$initdir/var"
|
||||||
_umount_dir "$initdir"
|
_umount_dir "$initdir"
|
||||||
cryptsetup luksClose /dev/mapper/varcrypt
|
cryptsetup luksClose "/dev/mapper/$DM_NAME"
|
||||||
|
|
||||||
[[ -f "$TESTDIR/failed" ]] && cat "$TESTDIR/failed"
|
[[ -f "$TESTDIR/failed" ]] && cat "$TESTDIR/failed"
|
||||||
echo "${JOURNAL_LIST:-No journals were saved}"
|
echo "${JOURNAL_LIST:-No journals were saved}"
|
||||||
@ -36,45 +41,65 @@ test_create_image() {
|
|||||||
create_empty_image_rootdir
|
create_empty_image_rootdir
|
||||||
|
|
||||||
echo -n test >"${TESTDIR:?}/keyfile"
|
echo -n test >"${TESTDIR:?}/keyfile"
|
||||||
cryptsetup -q luksFormat --pbkdf pbkdf2 --pbkdf-force-iterations 1000 "${LOOPDEV:?}p2" "$TESTDIR/keyfile"
|
cryptsetup -q luksFormat --uuid="$PART_UUID" --pbkdf pbkdf2 --pbkdf-force-iterations 1000 "${LOOPDEV:?}p2" "$TESTDIR/keyfile"
|
||||||
cryptsetup luksOpen "${LOOPDEV}p2" varcrypt <"$TESTDIR/keyfile"
|
cryptsetup luksOpen "${LOOPDEV}p2" "${DM_NAME:?}" <"$TESTDIR/keyfile"
|
||||||
mkfs.ext4 -L var /dev/mapper/varcrypt
|
mkfs.ext4 -L var "/dev/mapper/$DM_NAME"
|
||||||
mkdir -p "${initdir:?}/var"
|
mkdir -p "${initdir:?}/var"
|
||||||
mount /dev/mapper/varcrypt "$initdir/var"
|
mount "/dev/mapper/$DM_NAME" "$initdir/var"
|
||||||
|
|
||||||
# Create what will eventually be our root filesystem onto an overlay
|
LOG_LEVEL=5
|
||||||
(
|
|
||||||
LOG_LEVEL=5
|
|
||||||
# shellcheck source=/dev/null
|
|
||||||
source <(udevadm info --export --query=env --name=/dev/mapper/varcrypt)
|
|
||||||
# shellcheck source=/dev/null
|
|
||||||
source <(udevadm info --export --query=env --name="${LOOPDEV}p2")
|
|
||||||
|
|
||||||
setup_basic_environment
|
setup_basic_environment
|
||||||
mask_supporting_services
|
mask_supporting_services
|
||||||
|
|
||||||
install_dmevent
|
install_dmevent
|
||||||
generate_module_dependencies
|
generate_module_dependencies
|
||||||
cat >"$initdir/etc/crypttab" <<EOF
|
|
||||||
$DM_NAME UUID=$ID_FS_UUID /etc/varkey
|
|
||||||
EOF
|
|
||||||
echo -n test >"$initdir/etc/varkey"
|
|
||||||
ddebug <"$initdir/etc/crypttab"
|
|
||||||
|
|
||||||
cat >>"$initdir/etc/fstab" <<EOF
|
# Create a keydev
|
||||||
/dev/mapper/varcrypt /var ext4 defaults 0 1
|
dd if=/dev/zero of="${STATEDIR:?}/keydev.img" bs=1M count=16
|
||||||
|
mkfs.ext4 -L varcrypt_keydev "$STATEDIR/keydev.img"
|
||||||
|
mkdir -p "$STATEDIR/keydev"
|
||||||
|
mount "$STATEDIR/keydev.img" "$STATEDIR/keydev"
|
||||||
|
echo -n test >"$STATEDIR/keydev/keyfile"
|
||||||
|
umount "$STATEDIR/keydev"
|
||||||
|
|
||||||
|
cat >>"$initdir/etc/fstab" <<EOF
|
||||||
|
/dev/mapper/$DM_NAME /var ext4 defaults 0 1
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
# Forward journal messages to the console, so we have something
|
# Forward journal messages to the console, so we have something
|
||||||
# to investigate even if we fail to mount the encrypted /var
|
# to investigate even if we fail to mount the encrypted /var
|
||||||
echo ForwardToConsole=yes >> "$initdir/etc/systemd/journald.conf"
|
echo ForwardToConsole=yes >> "$initdir/etc/systemd/journald.conf"
|
||||||
)
|
|
||||||
|
# If $INITRD wasn't provided explicitly, generate a custom one with dm-crypt
|
||||||
|
# support
|
||||||
|
if [[ -z "$INITRD" ]]; then
|
||||||
|
INITRD="${TESTDIR:?}/initrd.img"
|
||||||
|
dinfo "Generating a custom initrd with dm-crypt support in '${INITRD:?}'"
|
||||||
|
|
||||||
|
if command -v dracut >/dev/null; then
|
||||||
|
dracut --force --verbose --add crypt "$INITRD"
|
||||||
|
elif command -v mkinitcpio >/dev/null; then
|
||||||
|
mkinitcpio --addhooks sd-encrypt --generate "$INITRD"
|
||||||
|
elif command -v mkinitramfs >/dev/null; then
|
||||||
|
# The cryptroot hook is provided by the cryptsetup-initramfs package
|
||||||
|
if ! dpkg-query -s cryptsetup-initramfs; then
|
||||||
|
derror "Missing 'cryptsetup-initramfs' package for dm-crypt support in initrd"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
mkinitramfs -o "$INITRD"
|
||||||
|
else
|
||||||
|
dfatal "Unrecognized initrd generator, can't continue"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
cleanup_root_var() {
|
cleanup_root_var() {
|
||||||
ddebug "umount ${initdir:?}/var"
|
ddebug "umount ${initdir:?}/var"
|
||||||
mountpoint "$initdir/var" && umount "$initdir/var"
|
mountpoint "$initdir/var" && umount "$initdir/var"
|
||||||
[[ -b /dev/mapper/varcrypt ]] && cryptsetup luksClose /dev/mapper/varcrypt
|
[[ -b "/dev/mapper/${DM_NAME:?}" ]] && cryptsetup luksClose "/dev/mapper/$DM_NAME"
|
||||||
}
|
}
|
||||||
|
|
||||||
test_cleanup() {
|
test_cleanup() {
|
||||||
|
@ -337,6 +337,11 @@ qemu_min_version() {
|
|||||||
# Return 0 if qemu did run (then you must check the result state/logs for actual
|
# Return 0 if qemu did run (then you must check the result state/logs for actual
|
||||||
# success), or 1 if qemu is not available.
|
# success), or 1 if qemu is not available.
|
||||||
run_qemu() {
|
run_qemu() {
|
||||||
|
# If the test provided its own initrd, use it (e.g. TEST-24)
|
||||||
|
if [[ -z "$INITRD" && -f "${TESTDIR:?}/initrd.img" ]]; then
|
||||||
|
INITRD="$TESTDIR/initrd.img"
|
||||||
|
fi
|
||||||
|
|
||||||
if [ -f /etc/machine-id ]; then
|
if [ -f /etc/machine-id ]; then
|
||||||
read -r MACHINE_ID </etc/machine-id
|
read -r MACHINE_ID </etc/machine-id
|
||||||
[ -z "$INITRD" ] && [ -e "$EFI_MOUNT/$MACHINE_ID/$KERNEL_VER/initrd" ] \
|
[ -z "$INITRD" ] && [ -e "$EFI_MOUNT/$MACHINE_ID/$KERNEL_VER/initrd" ] \
|
||||||
|
Loading…
Reference in New Issue
Block a user