#!/usr/bin/env bash # SPDX-License-Identifier: LGPL-2.1-or-later set -e TEST_DESCRIPTION="cryptsetup systemd setup" IMAGE_NAME="cryptsetup" TEST_NO_NSPAWN=1 TEST_FORCE_NEWIMAGE=1 # shellcheck source=test/test-functions . "${TEST_BASE_DIR:?}/test-functions" PART_UUID="deadbeef-dead-dead-beef-000000000000" DM_NAME="test24_varcrypt" KERNEL_APPEND+=" rd.luks=1 luks.name=$PART_UUID=$DM_NAME luks.key=$PART_UUID=/keyfile:LABEL=varcrypt_keydev" QEMU_OPTIONS+=" -drive format=raw,cache=unsafe,file=${STATEDIR:?}/keydev.img" check_result_qemu() { local ret=1 mount_initdir [[ -e "${initdir:?}/testok" ]] && ret=0 [[ -f "$initdir/failed" ]] && cp -a "$initdir/failed" "${TESTDIR:?}" cryptsetup luksOpen "${LOOPDEV:?}p2" "${DM_NAME:?}" <"$TESTDIR/keyfile" mount "/dev/mapper/$DM_NAME" "$initdir/var" save_journal "$initdir/var/log/journal" check_coverage_reports "${initdir:?}" || ret=5 _umount_dir "$initdir/var" _umount_dir "$initdir" cryptsetup luksClose "/dev/mapper/$DM_NAME" [[ -f "$TESTDIR/failed" ]] && cat "$TESTDIR/failed" echo "${JOURNAL_LIST:-No journals were saved}" test -s "$TESTDIR/failed" && ret=1 return $ret } test_create_image() { create_empty_image_rootdir echo -n test >"${TESTDIR:?}/keyfile" cryptsetup -q luksFormat --uuid="$PART_UUID" --pbkdf pbkdf2 --pbkdf-force-iterations 1000 "${LOOPDEV:?}p2" "$TESTDIR/keyfile" cryptsetup luksOpen "${LOOPDEV}p2" "${DM_NAME:?}" <"$TESTDIR/keyfile" mkfs.ext4 -L var "/dev/mapper/$DM_NAME" mkdir -p "${initdir:?}/var" mount "/dev/mapper/$DM_NAME" "$initdir/var" LOG_LEVEL=5 setup_basic_environment mask_supporting_services install_dmevent generate_module_dependencies # Create a keydev dd if=/dev/zero of="${STATEDIR:?}/keydev.img" bs=1M count=16 mkfs.ext4 -L varcrypt_keydev "$STATEDIR/keydev.img" mkdir -p "$STATEDIR/keydev" mount "$STATEDIR/keydev.img" "$STATEDIR/keydev" echo -n test >"$STATEDIR/keydev/keyfile" umount "$STATEDIR/keydev" cat >>"$initdir/etc/fstab" <>"$initdir/etc/systemd/journald.conf" # If $INITRD wasn't provided explicitly, generate a custom one with dm-crypt # support if [[ -z "$INITRD" ]]; then INITRD="${TESTDIR:?}/initrd.img" dinfo "Generating a custom initrd with dm-crypt support in '${INITRD:?}'" if command -v dracut >/dev/null; then dracut --force --verbose --add crypt "$INITRD" elif command -v mkinitcpio >/dev/null; then mkinitcpio --addhooks sd-encrypt --generate "$INITRD" elif command -v mkinitramfs >/dev/null; then # The cryptroot hook is provided by the cryptsetup-initramfs package if ! dpkg-query -s cryptsetup-initramfs; then derror "Missing 'cryptsetup-initramfs' package for dm-crypt support in initrd" return 1 fi mkinitramfs -o "$INITRD" else dfatal "Unrecognized initrd generator, can't continue" return 1 fi fi } cleanup_root_var() { ddebug "umount ${initdir:?}/var" mountpoint "$initdir/var" && umount "$initdir/var" [[ -b "/dev/mapper/${DM_NAME:?}" ]] && cryptsetup luksClose "/dev/mapper/$DM_NAME" } test_cleanup() { # ignore errors, so cleanup can continue cleanup_root_var || : _test_cleanup } test_setup_cleanup() { cleanup_root_var || : cleanup_initdir } do_test "$@"