diff options
| author | Luca Boccassi <luca.boccassi@microsoft.com> | 2020-05-29 17:51:20 +0100 |
|---|---|---|
| committer | Luca Boccassi <luca.boccassi@microsoft.com> | 2020-06-09 12:19:21 +0100 |
| commit | e7cbe5cb9e7d246474dcee1d8e759ed3c8786913 (patch) | |
| tree | 79db422f24c020d05f224a86af620321d47ad4d9 /test/units | |
| parent | b1806441bbf72fb227f41767ceaf2d6330701f51 (diff) | |
| download | systemd-e7cbe5cb9e7d246474dcee1d8e759ed3c8786913.tar.gz | |
dissect: support single-filesystem verity images with external verity hash
dm-verity support in dissect-image at the moment is restricted to GPT
volumes.
If the image a single-filesystem type without a partition table (eg: squashfs)
and a roothash/verity file are passed, set the verity flag and mark as
read-only.
Diffstat (limited to 'test/units')
| -rw-r--r-- | test/units/testsuite-50.service | 7 | ||||
| -rwxr-xr-x | test/units/testsuite-50.sh | 31 |
2 files changed, 38 insertions, 0 deletions
diff --git a/test/units/testsuite-50.service b/test/units/testsuite-50.service new file mode 100644 index 0000000000..5a10a6418b --- /dev/null +++ b/test/units/testsuite-50.service @@ -0,0 +1,7 @@ +[Unit] +Description=TEST-50-DISSECT + +[Service] +ExecStartPre=rm -f /failed /testok +ExecStart=/usr/lib/systemd/tests/testdata/units/%N.sh +Type=oneshot diff --git a/test/units/testsuite-50.sh b/test/units/testsuite-50.sh new file mode 100755 index 0000000000..9f35ffd653 --- /dev/null +++ b/test/units/testsuite-50.sh @@ -0,0 +1,31 @@ +#!/usr/bin/env bash +# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*- +# ex: ts=8 sw=4 sts=4 et filetype=sh +set -ex +set -o pipefail + +cd /tmp + +image=$(mktemp -d -t -p /tmp tmp.XXXXXX) +if [ -z "${image}" ] || [ ! -d "${image}" ]; then + echo "Could not create temporary directory with mktemp under /tmp" + exit 1 +fi + +mkdir -p ${image}/usr/lib ${image}/etc +cp /usr/lib/os-release ${image}/usr/lib/ +cp /etc/machine-id /etc/os-release ${image}/etc/ +mksquashfs ${image} ${image}.raw +veritysetup format ${image}.raw ${image}.verity | grep '^Root hash:' | cut -f2 | tr -d '\n' > ${image}.roothash + +/usr/lib/systemd/systemd-dissect ${image}.raw | grep -q -F "Found read-only 'root' partition of type squashfs with verity" +/usr/lib/systemd/systemd-dissect ${image}.raw | grep -q -F -f /usr/lib/os-release + +mv ${image}.verity ${image}.fooverity +mv ${image}.roothash ${image}.foohash +/usr/lib/systemd/systemd-dissect ${image}.raw --root-hash=`cat ${image}.foohash` --verity-data=${image}.fooverity | grep -q -F "Found read-only 'root' partition of type squashfs with verity" +/usr/lib/systemd/systemd-dissect ${image}.raw --root-hash=`cat ${image}.foohash` --verity-data=${image}.fooverity | grep -q -F -f /usr/lib/os-release + +echo OK > /testok + +exit 0 |