diff options
author | Yu Watanabe <watanabe.yu+github@gmail.com> | 2022-05-27 07:36:17 +0900 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-05-27 07:36:17 +0900 |
commit | 6d3bb9e7d1689cdab31af5b9912be45b325fc03d (patch) | |
tree | 280eb5cd3267775653657a7c177c9abeaeafbf91 /test | |
parent | 815068d3a3bab32df94dff2cfe8e84d0ab973ceb (diff) | |
parent | 4fc69e8a0949c2537019466f839d9b7aee5628c9 (diff) | |
download | systemd-6d3bb9e7d1689cdab31af5b9912be45b325fc03d.tar.gz |
Merge pull request #23517 from mrc0mmand/cryptsetup-switchroot-transition
test: cover initrd->sysroot transition in TEST-24
Diffstat (limited to 'test')
-rwxr-xr-x | test/TEST-24-CRYPTSETUP/test.sh | 91 | ||||
-rw-r--r-- | test/test-functions | 5 |
2 files changed, 63 insertions, 33 deletions
diff --git a/test/TEST-24-CRYPTSETUP/test.sh b/test/TEST-24-CRYPTSETUP/test.sh index 96d255dd96..b81b811654 100755 --- a/test/TEST-24-CRYPTSETUP/test.sh +++ b/test/TEST-24-CRYPTSETUP/test.sh @@ -10,6 +10,11 @@ TEST_FORCE_NEWIMAGE=1 # shellcheck source=test/test-functions . "${TEST_BASE_DIR:?}/test-functions" +PART_UUID="deadbeef-dead-dead-beef-000000000000" +DM_NAME="test24_varcrypt" +KERNEL_APPEND+=" rd.luks=1 luks.name=$PART_UUID=$DM_NAME luks.key=$PART_UUID=/keyfile:LABEL=varcrypt_keydev" +QEMU_OPTIONS+=" -drive format=raw,cache=unsafe,file=${STATEDIR:?}/keydev.img" + check_result_qemu() { local ret=1 @@ -17,13 +22,13 @@ check_result_qemu() { [[ -e "${initdir:?}/testok" ]] && ret=0 [[ -f "$initdir/failed" ]] && cp -a "$initdir/failed" "${TESTDIR:?}" - cryptsetup luksOpen "${LOOPDEV:?}p2" varcrypt <"$TESTDIR/keyfile" - mount /dev/mapper/varcrypt "$initdir/var" + cryptsetup luksOpen "${LOOPDEV:?}p2" "${DM_NAME:?}" <"$TESTDIR/keyfile" + mount "/dev/mapper/$DM_NAME" "$initdir/var" save_journal "$initdir/var/log/journal" check_coverage_reports "${initdir:?}" || ret=5 _umount_dir "$initdir/var" _umount_dir "$initdir" - cryptsetup luksClose /dev/mapper/varcrypt + cryptsetup luksClose "/dev/mapper/$DM_NAME" [[ -f "$TESTDIR/failed" ]] && cat "$TESTDIR/failed" echo "${JOURNAL_LIST:-No journals were saved}" @@ -36,45 +41,65 @@ test_create_image() { create_empty_image_rootdir echo -n test >"${TESTDIR:?}/keyfile" - cryptsetup -q luksFormat --pbkdf pbkdf2 --pbkdf-force-iterations 1000 "${LOOPDEV:?}p2" "$TESTDIR/keyfile" - cryptsetup luksOpen "${LOOPDEV}p2" varcrypt <"$TESTDIR/keyfile" - mkfs.ext4 -L var /dev/mapper/varcrypt + cryptsetup -q luksFormat --uuid="$PART_UUID" --pbkdf pbkdf2 --pbkdf-force-iterations 1000 "${LOOPDEV:?}p2" "$TESTDIR/keyfile" + cryptsetup luksOpen "${LOOPDEV}p2" "${DM_NAME:?}" <"$TESTDIR/keyfile" + mkfs.ext4 -L var "/dev/mapper/$DM_NAME" mkdir -p "${initdir:?}/var" - mount /dev/mapper/varcrypt "$initdir/var" - - # Create what will eventually be our root filesystem onto an overlay - ( - LOG_LEVEL=5 - # shellcheck source=/dev/null - source <(udevadm info --export --query=env --name=/dev/mapper/varcrypt) - # shellcheck source=/dev/null - source <(udevadm info --export --query=env --name="${LOOPDEV}p2") - - setup_basic_environment - mask_supporting_services - - install_dmevent - generate_module_dependencies - cat >"$initdir/etc/crypttab" <<EOF -$DM_NAME UUID=$ID_FS_UUID /etc/varkey -EOF - echo -n test >"$initdir/etc/varkey" - ddebug <"$initdir/etc/crypttab" + mount "/dev/mapper/$DM_NAME" "$initdir/var" + + LOG_LEVEL=5 + + setup_basic_environment + mask_supporting_services + + install_dmevent + generate_module_dependencies + + # Create a keydev + dd if=/dev/zero of="${STATEDIR:?}/keydev.img" bs=1M count=16 + mkfs.ext4 -L varcrypt_keydev "$STATEDIR/keydev.img" + mkdir -p "$STATEDIR/keydev" + mount "$STATEDIR/keydev.img" "$STATEDIR/keydev" + echo -n test >"$STATEDIR/keydev/keyfile" + umount "$STATEDIR/keydev" - cat >>"$initdir/etc/fstab" <<EOF -/dev/mapper/varcrypt /var ext4 defaults 0 1 + cat >>"$initdir/etc/fstab" <<EOF +/dev/mapper/$DM_NAME /var ext4 defaults 0 1 EOF - # Forward journal messages to the console, so we have something - # to investigate even if we fail to mount the encrypted /var - echo ForwardToConsole=yes >> "$initdir/etc/systemd/journald.conf" - ) + # Forward journal messages to the console, so we have something + # to investigate even if we fail to mount the encrypted /var + echo ForwardToConsole=yes >> "$initdir/etc/systemd/journald.conf" + + # If $INITRD wasn't provided explicitly, generate a custom one with dm-crypt + # support + if [[ -z "$INITRD" ]]; then + INITRD="${TESTDIR:?}/initrd.img" + dinfo "Generating a custom initrd with dm-crypt support in '${INITRD:?}'" + + if command -v dracut >/dev/null; then + dracut --force --verbose --add crypt "$INITRD" + elif command -v mkinitcpio >/dev/null; then + mkinitcpio --addhooks sd-encrypt --generate "$INITRD" + elif command -v mkinitramfs >/dev/null; then + # The cryptroot hook is provided by the cryptsetup-initramfs package + if ! dpkg-query -s cryptsetup-initramfs; then + derror "Missing 'cryptsetup-initramfs' package for dm-crypt support in initrd" + return 1 + fi + + mkinitramfs -o "$INITRD" + else + dfatal "Unrecognized initrd generator, can't continue" + return 1 + fi + fi } cleanup_root_var() { ddebug "umount ${initdir:?}/var" mountpoint "$initdir/var" && umount "$initdir/var" - [[ -b /dev/mapper/varcrypt ]] && cryptsetup luksClose /dev/mapper/varcrypt + [[ -b "/dev/mapper/${DM_NAME:?}" ]] && cryptsetup luksClose "/dev/mapper/$DM_NAME" } test_cleanup() { diff --git a/test/test-functions b/test/test-functions index 06a06e706a..daed481a29 100644 --- a/test/test-functions +++ b/test/test-functions @@ -337,6 +337,11 @@ qemu_min_version() { # Return 0 if qemu did run (then you must check the result state/logs for actual # success), or 1 if qemu is not available. run_qemu() { + # If the test provided its own initrd, use it (e.g. TEST-24) + if [[ -z "$INITRD" && -f "${TESTDIR:?}/initrd.img" ]]; then + INITRD="$TESTDIR/initrd.img" + fi + if [ -f /etc/machine-id ]; then read -r MACHINE_ID </etc/machine-id [ -z "$INITRD" ] && [ -e "$EFI_MOUNT/$MACHINE_ID/$KERNEL_VER/initrd" ] \ |