summaryrefslogtreecommitdiffstats
path: root/debian/tests/utils
diff options
context:
space:
mode:
Diffstat (limited to 'debian/tests/utils')
-rwxr-xr-xdebian/tests/utils/cryptroot-common537
-rwxr-xr-xdebian/tests/utils/debootstrap125
-rwxr-xr-xdebian/tests/utils/init273
-rwxr-xr-xdebian/tests/utils/mkinitramfs159
-rw-r--r--debian/tests/utils/mock.pm347
5 files changed, 1441 insertions, 0 deletions
diff --git a/debian/tests/utils/cryptroot-common b/debian/tests/utils/cryptroot-common
new file mode 100755
index 0000000..a7df37f
--- /dev/null
+++ b/debian/tests/utils/cryptroot-common
@@ -0,0 +1,537 @@
+#!/bin/bash
+
+# Base test file for cryptroot testing in KVM guests
+#
+# Copyright © 2021-2022 Guilhem Moulin <guilhem@debian.org>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+set -eu
+
+TESTNAME="$(basename -- "$0")"
+TESTDIR="$(dirname -- "$0")"
+INTERACTIVE="n" # set to "y" to interact with the guest instead of mocking the session
+export TESTNAME TESTDIR
+
+declare -a EXTRA_REPOS=( "$@" ) # blindly append any extra arguments to sources.list
+START_TIME="$(printf "%(%s)T")"
+
+# Try to create /dev/kvm if missing, for instance in a chroot where /dev isn't managed by udev.
+# Then we can drop root privileges and run the rest of the script as a normal user
+if uid="$(id -u)" && [ $uid -eq 0 ]; then
+ if [ ! -c /dev/kvm ] && mknod -m0600 /dev/kvm c 10 232; then
+ echo "INFO: Created character special file /dev/kvm" >&2
+ fi
+ if [ -z "${AUTOPKGTEST_NORMAL_USER-}" ]; then
+ echo "WARN: \$AUTOPKGTEST_NORMAL_USER is empty or unset, preserving root privileges!" >&2
+ else
+ chown --from="root" -- "$AUTOPKGTEST_NORMAL_USER:" "$AUTOPKGTEST_TMP"
+ if [ -c /dev/kvm ]; then
+ if getent group kvm >/dev/null && chgrp -c kvm /dev/kvm; then
+ # kvm group is created by udev.postinst
+ chmod -c 0660 /dev/kvm
+ usermod -a -G kvm -- "$AUTOPKGTEST_NORMAL_USER"
+ else
+ chown -c -- "$AUTOPKGTEST_NORMAL_USER" "/dev/kvm"
+ fi
+ fi
+ echo "INFO: Dropping root privileges: re-executing as user '$AUTOPKGTEST_NORMAL_USER'" >&2
+ exec runuser -u "$AUTOPKGTEST_NORMAL_USER" -- "$0" "$@"
+ exit 1
+ fi
+fi
+
+set -x
+PATH="/usr/bin:/bin"
+export PATH
+
+if [ -t 1 ]; then
+ # set VT100 autowrap mode (DECAWM)
+ printf '\033[?7h'
+fi
+
+# get src:cryptsetup current version and distribution
+DEB_VERSION="$(dpkg-parsechangelog -SVERSION)"
+DEB_DISTRIBUTION="$(dpkg-parsechangelog -SDistribution)"
+DEB_BUILD_ARCHITECTURE="$(dpkg-architecture -qDEB_BUILD_ARCH)"
+DEB_BUILD_ARCH_BITS="$(dpkg-architecture -qDEB_BUILD_ARCH_BITS)"
+if [ "$DEB_DISTRIBUTION" = "UNRELEASED" ]; then
+ # take Distribution from the previous entry instead
+ DEB_DISTRIBUTION="$(dpkg-parsechangelog -o1 -c1 -SDistribution)" || DEB_DISTRIBUTION="unstable"
+ echo "WARN: Using Distribution: $DEB_DISTRIBUTION instead of UNRELEASED" >&2
+fi
+
+# determine suitable values for the APT repository Origin (for
+# autopkgtests) and URI (used outside autopkgtests) fields
+load_os_release() {
+ local os_release # see os-release(5)
+ [ -e "/etc/os-release" ] && os_release="/etc/os-release" || os_release="/usr/lib/os-release"
+ . "$os_release"
+}
+case "${DISTRIBUTOR_ID:="$(load_os_release && printf "%s" "${ID,,[A-Z]}")"}" in
+ debian) APT_REPO_ORIGIN="Debian"; APT_REPO_URI="http://deb.debian.org/debian";;
+ # suitable values for derivative can be added here
+ *) echo "ERROR: Unknown distributor ID '$DISTRIBUTOR_ID', can't extract APT origin" >&2;
+ exit 1;;
+esac
+
+# QEMU command and default options
+unset QEMU_MACHINE_TYPE QEMU_ACCEL QEMU_CPU_MODEL QEMU_SMP QEMU_MEMORY BOOT
+if [ -c /dev/kvm ] && dd if=/dev/kvm count=0 status=none; then
+ QEMU_ACCEL="kvm"
+else
+ echo "WARN: KVM is not available, guests will be slow!" >&2
+fi
+case "$DEB_BUILD_ARCHITECTURE" in
+ # see `kvm -machine help` and `kvm -cpu help`
+ amd64|i386)
+ BOOT="bios"
+ if [ "$DEB_BUILD_ARCHITECTURE" = "amd64" ]; then
+ QEMU_SYSTEM_CMD="qemu-system-x86_64"
+ else
+ QEMU_SYSTEM_CMD="qemu-system-$DEB_BUILD_ARCHITECTURE"
+ fi
+ QEMU_MACHINE_TYPE="q35"
+ if [ "${QEMU_ACCEL-}" = "kvm" ]; then
+ QEMU_CPU_MODEL="kvm$DEB_BUILD_ARCH_BITS,+aes,+sha-ni"
+ else
+ QEMU_CPU_MODEL="qemu$DEB_BUILD_ARCH_BITS,-svm,-vmx"
+ fi
+ ;;
+ arm64)
+ BOOT="efi"
+ QEMU_SYSTEM_CMD="qemu-system-aarch64"
+ QEMU_MACHINE_TYPE="virt"
+ QEMU_CPU_MODEL="cortex-a72"
+ ;;
+ armhf)
+ BOOT="efi"
+ QEMU_SYSTEM_CMD="qemu-system-arm"
+ QEMU_MACHINE_TYPE="virt"
+ QEMU_CPU_MODEL="cortex-a15"
+ ;;
+ *) echo "ERROR: Unknown architecture $DEB_BUILD_ARCHITECTURE" >&2; exit 1;;
+esac
+
+if ! command -v "$QEMU_SYSTEM_CMD" >/dev/null; then
+ echo "ERROR: Couldn't find $QEMU_SYSTEM_CMD in PATH" >&2
+ exit 1
+fi
+
+CPU_COUNT="$(getconf _NPROCESSORS_ONLN)" && [ -n "$CPU_COUNT" ] || CPU_COUNT=0
+if [ $CPU_COUNT -ge 8 ]; then
+ QEMU_SMP="cpus=4"
+elif [ $CPU_COUNT -ge 4 ]; then
+ QEMU_SMP="cpus=2"
+else
+ QEMU_SMP="cpus=1"
+fi
+
+MEM_AVAIL="$(awk '/MemAvailable/ { printf "%.0f \n", $2/1024^2 }' </proc/meminfo)" && [ -n "$MEM_AVAIL" ] || MEM_AVAIL=0
+if [ $MEM_AVAIL -gt 2 ] && [ $DEB_BUILD_ARCH_BITS -gt 32 ]; then
+ QEMU_MEMORY="size=2G"
+else
+ QEMU_MEMORY="size=1G"
+fi
+
+# number of times to powercycle the guest
+GUEST_POWERCYCLE=0
+
+# kernel flavor
+case "$DEB_BUILD_ARCHITECTURE" in
+ # see `ssh $porterbox.debian.org uname -r`
+ amd64) KERNEL_ARCH="amd64";;
+ arm64) KERNEL_ARCH="arm64";;
+ armhf) KERNEL_ARCH="armmp-lpae";;
+ i386) KERNEL_ARCH="686-pae";;
+ *) echo "ERROR: Unknown architecture $DEB_BUILD_ARCHITECTURE" >&2; exit 1;;
+esac
+
+# at the very least we need a boot loader, a kernel, and an init system
+case "$BOOT" in
+ bios) PKG_BOOTLOADER="grub-pc";;
+ efi) PKG_BOOTLOADER="grub-efi";;
+ *) echo "ERROR unknown boot method '$BOOT'" >&2; exit 1;;
+esac
+PKG_KERNEL="linux-image-$KERNEL_ARCH"
+PKG_INIT="systemd-sysv" # default pid1
+MERGED_USR="" # use default layout for the target version
+declare -a PKGS_EXTRA=() DRIVE_SIZES=( "2G" )
+PKGS_EXTRA+=( "zstd" ) # default initrd compression, see #976054
+
+if [ -f "$TESTDIR/$TESTNAME.d/config" ]; then
+ . "$TESTDIR/$TESTNAME.d/config" || exit 1
+fi
+
+if [ -n "${AUTOPKGTEST_TMP+x}" ] || [ ! -t 0 ] || [ ! -t 1 ]; then
+ INTERACTIVE="n"
+fi
+
+unset EFI_CODE EFI_VARS
+if [ "$BOOT" = "efi" ]; then
+ case "$DEB_BUILD_ARCHITECTURE" in
+ amd64|i386)
+ efi_fw_pkg="ovmf"
+ EFI_CODE="/usr/share/OVMF/OVMF_CODE.fd"
+ EFI_VARS="/usr/share/OVMF/OVMF_VARS.fd"
+ ;;
+ arm64)
+ efi_fw_pkg="qemu-efi-aarch64"
+ EFI_CODE="/usr/share/AAVMF/AAVMF_CODE.fd"
+ EFI_VARS="/usr/share/AAVMF/AAVMF_VARS.fd"
+ ;;
+ armhf)
+ efi_fw_pkg="qemu-efi-arm"
+ EFI_CODE="/usr/share/AAVMF/AAVMF32_CODE.fd"
+ EFI_VARS="/usr/share/AAVMF/AAVMF32_VARS.fd"
+ ;;
+ *) echo "ERROR: Unknown architecture $DEB_BUILD_ARCHITECTURE for EFI boot" >&2; exit 1;;
+ esac
+ for p in "$EFI_CODE" "$EFI_VARS"; do
+ if [ ! -f "$p" ]; then
+ echo "Couldn't find $p, is the '$efi_fw_pkg' package installed?" >&2
+ exit 1
+ fi
+ done
+fi
+
+case "${DEB_DISTRIBUTION%%-*}" in
+ etch|lenny|squeeze|wheezy|jessie|stretch|buster|bullseye)
+ if [ -z "$MERGED_USR" ]; then
+ MERGED_USR="no"
+ fi
+ ;;
+ *) if [ -z "$MERGED_USR" ]; then
+ MERGED_USR="yes"
+ elif [ "$MERGED_USR" = "no" ]; then
+ # #978636: Debian 12 (codename Bookworm) should only support merged-/usr layout
+ echo "WARN: this system is not supported! (unmerged-/usr)" >&2
+ fi
+ ;;
+esac
+
+# pin versions for all packages in PKGS_EXTRA that are part of this source package
+declare -a MYPKGS
+MYPKGS=( $(sed -nr 's/^Package:\s*//Ip' debian/control) )
+for i in "${!PKGS_EXTRA[@]}"; do
+ [ "${PKGS_EXTRA[i]%[=/]*}" = "${PKGS_EXTRA[i]}" ] || continue
+ for mypkg in "${MYPKGS[@]}"; do
+ if [ "${PKGS_EXTRA[i]}" = "$mypkg" ]; then
+ PKGS_EXTRA[i]="${PKGS_EXTRA[i]}=$DEB_VERSION"
+ fi
+ done
+done
+
+unset QEMU_PID
+TEMPDIR="$(mktemp --tmpdir="${AUTOPKGTEST_TMP:-"${TMPDIR:-/tmp}"}" --directory "$TESTNAME.XXXXXXXXXX")"
+teardown() {
+ local rv=$? ts
+ if [ -n "${QEMU_PID+x}" ]; then
+ kill $QEMU_PID || true
+ fi
+ rm -rf -- "$TEMPDIR"
+ trap - EXIT
+
+ # try to fix terminal
+ [ ! -t 1 ] || printf '\033[?7h'
+
+ ts="$(printf "%(%s)T")"
+ rv=${1-$rv}
+ printf "Result for test '%s': exit status %s, runtime %d seconds\\n" "$TESTNAME" $rv $((ts - START_TIME))
+
+ exit $rv
+}
+trap "teardown" EXIT
+trap "teardown 1" INT TERM
+
+# set up APT for the testbed
+setup_apt() {
+ # we need a new cache to reliably determine essential and extra packages
+ APT_CACHE="$TEMPDIR/apt/cache"
+ APT_LISTS="$TEMPDIR/apt/lists"
+ mkdir -- "$TEMPDIR/apt" "$APT_CACHE" "$APT_LISTS"
+ ln -s "cache/archives" "$TEMPDIR/apt/pool"
+ touch "$TEMPDIR/apt/status"
+
+ if [ -n "${AUTOPKGTEST_TMP-}" ]; then
+ # reuse existing sources.list
+ apt-get indextargets \
+ --format "\$(TARGET_OF) \$(REPO_URI) \$(RELEASE) \$(COMPONENT)" \
+ "Target-Of: deb" "Identifier: Packages" "Origin: $APT_REPO_ORIGIN" \
+ >"$TEMPDIR/apt/sources.list"
+ # local autopkgtest repo has Repo-URI: file:/tmp/autopkgtest.XXXXXX/binaries/ ,
+ # Release: (empty) and no Component:
+ apt-get indextargets \
+ --format "\$(TARGET_OF) \$(REPO_URI) /" \
+ "Target-Of: deb" "Identifier: Packages" "Trusted: Yes" "Release: " \
+ >>"$TEMPDIR/apt/sources.list"
+ else
+ # generate new sources.list
+ case "$DEB_DISTRIBUTION" in
+ experimental) cat <<-EOF
+ deb $APT_REPO_URI unstable main
+ deb $APT_REPO_URI experimental main
+ EOF
+ ;;
+ *-security) cat <<-EOF
+ deb $APT_REPO_URI ${DEB_DISTRIBUTION%-security} main
+ deb $APT_REPO_URI-security $DEB_DISTRIBUTION main
+ EOF
+ ;;
+ *-*) cat <<-EOF
+ deb $APT_REPO_URI ${DEB_DISTRIBUTION%%-*} main
+ deb $APT_REPO_URI $DEB_DISTRIBUTION main
+ EOF
+ ;;
+ *) cat <<-EOF
+ deb $APT_REPO_URI $DEB_DISTRIBUTION main
+ EOF
+ ;;
+ esac >"$TEMPDIR/apt/sources.list"
+ fi
+
+ local apt_repo
+ for apt_repo in "${EXTRA_REPOS[@]}"; do
+ printf "%s\\n" "$apt_repo" >>"$TEMPDIR/apt/sources.list"
+ done
+
+ # replace file: URIs with copy: as we rely on --download-only copying .deb files to APT's cache
+ sed -ri 's/^(deb\S*)\s+\[([^]]+)\]\s+file:/\1 [\2,trusted=yes] copy:/;
+ s/^(deb\S*)\s+file:/\1 [trusted=yes] copy:/' \
+ -- "$TEMPDIR/apt/sources.list"
+
+ apt-update
+}
+
+# wrapper arround `apt-get install --download-only`
+# (we don't use `--print-uris` since it doesn't include what's been
+# included already)
+apt-download() {
+ _apt get install --download-only "$@"
+}
+apt-update() {
+ _apt get -o Acquire::Languages="none" update
+}
+apt-show() {
+ _apt cache show "$@"
+}
+_apt() {
+ local cmd="$1"
+ shift
+ env -i DEBIAN_FRONTEND="noninteractive" \
+ "apt-$cmd" \
+ -o APT::Architecture="$DEB_BUILD_ARCHITECTURE" \
+ -o APT::Architectures="$DEB_BUILD_ARCHITECTURE" \
+ -o APT::Get::Assume-Yes=true \
+ -o APT::Install-Recommends=false \
+ -o Dir::Cache="$APT_CACHE" \
+ -o Dir::Etc::SourceList="$TEMPDIR/apt/sources.list" \
+ -o Dir::Etc::SourceParts="" \
+ -o Dir::State::Lists="$APT_LISTS" \
+ -o Dir::State::Status="$TEMPDIR/apt/status" \
+ ${AUTOPKGTEST_TMP+-o Dir::Etc::Preferences="/etc/apt/preferences" -o Dir::Etc::PreferencesParts="/etc/apt/preferences.d/"} \
+ "$@"
+}
+
+
+# create a disk image with essential and extra packages
+create_debian_img() {
+ local img="$1" dir size deb usr_is_merged
+
+ dir="$(mktemp --tmpdir="$TEMPDIR" --directory debian.XXXXXXXXXX)"
+ mkdir -- "$dir/dists" "$dir/pool"
+
+ # TODO remove this once Bookworm is released, assuming
+ # init-system-helpers no longer has "Depends: usrmerge | usr-is-merged"
+ [ "$MERGED_USR" = "yes" ] && usr_is_merged="usr-is-merged" || usr_is_merged=""
+
+ # apt considers itself essential so we explicitely exclude it for stage1
+ mkdir -- "$dir/__stage1__"
+ apt-download -- "?and(?essential, ?not(?exact-name(apt)))" ${usr_is_merged:+"$usr_is_merged"}
+ for deb in "$APT_CACHE"/archives/*.deb; do
+ ln -sT "../pool/${deb##*/}" "$dir/__stage1__/${deb##*/}"
+ done
+
+ # useless for stage1
+ rm -f "$dir"/__stage1__/usr-is-merged_*.deb "$dir"/__stage1__/usrmerge_*.deb
+
+ mkdir -- "$dir/__essential__"
+ apt-download -- "?essential" "apt" ${usr_is_merged:+"$usr_is_merged"}
+ for deb in "$APT_CACHE"/archives/*.deb; do
+ ln -sT "../pool/${deb##*/}" "$dir/__essential__/${deb##*/}"
+ done
+
+ makedist "$dir"
+ extract_kernel "$TEMPDIR/linux-image"
+
+ # for `dpkg --update-avail`
+ ( cd "$dir/__essential__" && dpkg-scanpackages . >./Packages )
+
+ size="$(du -sb -- "$dir")"
+ size=$(( ${size%%[!0-9]*} / 1000 )) # approx 97% (1000/1024) full
+ genext2fs -qm0 -B 1024 -b "$size" -d "$dir" -L "debian_dist" "$img"
+ rm -rf -- "$dir"
+}
+makedist() {
+ local basedir="$1"
+ local distdir="$basedir/dists"
+ apt-download -- "?essential" "apt" ${usr_is_merged:+"$usr_is_merged"} \
+ "$PKG_BOOTLOADER" "$PKG_KERNEL" "$PKG_INIT" \
+ "${PKGS_EXTRA[@]}"
+ rm -f -- "$APT_CACHE/archives/$PKG_KERNEL"_*.deb # remove the generic .deb (only keep its dependency with versioned ABI)
+ for deb in "$APT_CACHE"/archives/*.deb; do
+ # assume no file conflicts and override existing .debs
+ ln -ft "$basedir/pool" -- "$deb"
+ done
+ ( cd "$APT_CACHE" && dpkg-scanpackages ../pool >"$distdir/Packages" )
+}
+
+# extract kernel to $TEMPDIR/linux-image and sets KERNEL_VERSION
+extract_kernel() {
+ local destdir="$1" deb_version_regex kernel_deb_regex
+ deb_version_regex="[0-9][A-Za-z0-9.+:~-]*" # per deb-version(7)
+ # we use may a kernel version other than what we're running, however the arch much be the same
+ kernel_deb_regex="linux-image-[0-9][a-z0-9.+-]*-${KERNEL_ARCH}_${deb_version_regex}_${DEB_BUILD_ARCHITECTURE}.deb"
+ KERNEL_DEB="$(find -P "$APT_CACHE/archives" -mindepth 1 -maxdepth 1 \
+ -regextype egrep -regex ".*/$kernel_deb_regex" -type f -printf "%P\\n" | \
+ sort -Vt_ -k2 | tail -n1)"
+ KERNEL_VERSION="${KERNEL_DEB#linux-image-*}"
+ KERNEL_VERSION="${KERNEL_VERSION%%_*}"
+
+ # extract the kernel of the .deb we downloaded
+ if [ ! -f "$APT_CACHE/archives/$KERNEL_DEB" ]; then
+ echo "ERROR: Couldn't find .deb for target kernel $KERNEL_VERSION" >&2
+ exit 1
+ fi
+
+ mkdir "$destdir"
+ dpkg-deb --fsys-tarfile "$APT_CACHE/archives/$KERNEL_DEB" | tar -C "$destdir" -xf- \
+ "./boot/vmlinuz-$KERNEL_VERSION" \
+ "./lib/modules/$KERNEL_VERSION"
+ ln -T -- "$destdir/boot/vmlinuz-$KERNEL_VERSION" "$TEMPDIR/vmlinuz-$KERNEL_VERSION"
+}
+
+# make sure the desired version of the package is available in the testbed
+setup_apt
+if ! apt-show "cryptsetup-bin=$DEB_VERSION" >"$TEMPDIR/out" || [ ! -s "$TEMPDIR/out" ]; then
+ apt-show -a "cryptsetup-bin" || true
+ echo "ERROR: Cannot find version $DEB_VERSION of package cryptsetup-bin" >&2
+ exit 1
+fi
+
+DEBIAN_IMG="$TEMPDIR/$DEB_DISTRIBUTION-$DEB_BUILD_ARCHITECTURE.img"
+create_debian_img "$DEBIAN_IMG"
+
+case "$DEB_BUILD_ARCHITECTURE" in
+ arm64|armhf) CONSOLE="ttyAMA0";;
+ *) CONSOLE="ttyS0";;
+esac
+
+env PACKAGES="$PKG_BOOTLOADER linux-image-$KERNEL_VERSION $PKG_INIT ${PKGS_EXTRA[*]}" \
+ BOOT="$BOOT" \
+ CONSOLE="$CONSOLE" \
+ ARCH="$DEB_BUILD_ARCHITECTURE" \
+ MERGED_USR="$MERGED_USR" \
+ "$TESTDIR/utils/mkinitramfs" "$TEMPDIR/linux-image" "$KERNEL_VERSION" "$TEMPDIR/initrd.img-$KERNEL_VERSION"
+rm -rf -- "$TEMPDIR/apt" "$TEMPDIR/linux-image" # don't need that anymore
+
+declare -a QEMU_COMMON_ARGS=(
+ -no-user-config
+ -nodefaults
+ -name "autopkgtest-cryptsetup-$TESTNAME"
+ -machine "${QEMU_MACHINE_TYPE:+"type=$QEMU_MACHINE_TYPE,"}${QEMU_ACCEL:+"accel=$QEMU_ACCEL,"}graphics=off"
+ ${QEMU_CPU_MODEL:+-cpu "$QEMU_CPU_MODEL"}
+ ${QEMU_SMP:+-smp "$QEMU_SMP"}
+ ${QEMU_MEMORY:+-m "$QEMU_MEMORY"}
+ -vga none
+ -display none
+ -object "rng-random,id=rng0,filename=/dev/urandom" -device "virtio-rng-pci,rng=rng0"
+ -boot "order=c,strict=on"
+)
+
+for ((i=0; i < ${#DRIVE_SIZES[@]}; i++)); do
+ drive_img="$TEMPDIR/drive$i.img"
+ fallocate -l "${DRIVE_SIZES[i]}" "$drive_img"
+ QEMU_COMMON_ARGS+=(
+ -drive "file=$drive_img,format=raw,cache=unsafe,if=virtio,index=$i,media=disk"
+ )
+done
+
+if [ "$BOOT" = "efi" ]; then
+ # $EFI_VARS needs to be writable so guests can update their variables
+ install -Tm0644 -- "$EFI_VARS" "$TEMPDIR/efivars.fd"
+ QEMU_COMMON_ARGS+=(
+ -drive "file=$EFI_CODE,format=raw,if=pflash,unit=0,read-only=on"
+ -drive "file=$TEMPDIR/efivars.fd,format=raw,if=pflash,unit=1"
+ )
+fi
+
+LOGDIR="$TEMPDIR"
+SOCKETDIR="$TEMPDIR"
+if [ "$INTERACTIVE" != "y" ]; then
+ QEMU_COMMON_ARGS+=(
+ -device "virtio-serial"
+ -chardev "socket,id=hvc0,path=$SOCKETDIR/hvc0,server=on,wait=off,logfile=$LOGDIR/hvc0.log,logappend=on"
+ -device "virtconsole,chardev=hvc0"
+ )
+fi
+
+declare QEMU_STDIO_ARGS=(
+ # setup is always fully unattended
+ -chardev "stdio,id=char0,mux=on,logfile=$LOGDIR/qemu.log,logappend=on"
+ -serial "chardev:char0"
+ -mon "chardev=char0,mode=readline"
+)
+if [ "$INTERACTIVE" != "y" ] || [ -n "${AUTOPKGTEST_TMP+x}" ]; then
+ # XXX if KVM is detected we could reduce the timeout to 300s or so
+ QEMU_TIMEOUT="y"
+ exec </dev/null
+else
+ QEMU_TIMEOUT=""
+fi
+
+QEMU_DEBIANIMG_DRIVE="file=$DEBIAN_IMG,format=raw,if=virtio,readonly=on,media=cdrom"
+${QEMU_TIMEOUT:+timeout 3600s} "$QEMU_SYSTEM_CMD" \
+ "${QEMU_COMMON_ARGS[@]}" "${QEMU_STDIO_ARGS[@]}" \
+ -drive "$QEMU_DEBIANIMG_DRIVE" \
+ -kernel "$TEMPDIR/vmlinuz-$KERNEL_VERSION" \
+ -append "console=$CONSOLE,115200n8" \
+ -initrd "$TEMPDIR/initrd.img-$KERNEL_VERSION" \
+ || exit $?
+
+if [ "$INTERACTIVE" = "y" ]; then
+ for ((i=0; i <= GUEST_POWERCYCLE; i++)); do
+ "$QEMU_SYSTEM_CMD" \
+ "${QEMU_COMMON_ARGS[@]}" "${QEMU_STDIO_ARGS[@]}" \
+ -netdev "user,id=net0" -device "virtio-net-pci,netdev=net0"
+ done
+else
+ for ((i=0; i <= GUEST_POWERCYCLE; i++)); do
+ ${QEMU_TIMEOUT:+timeout 900s} "$QEMU_SYSTEM_CMD" \
+ "${QEMU_COMMON_ARGS[@]}" \
+ -chardev "socket,id=mon0,path=$SOCKETDIR/mon0,server=on,wait=off,logfile=$LOGDIR/mon0.log,logappend=on" \
+ -mon "chardev=mon0,mode=control" \
+ -chardev "socket,id=ttyS0,path=$SOCKETDIR/ttyS0,server=on,wait=on,logfile=$LOGDIR/ttyS0.log,logappend=on" \
+ -serial "chardev:ttyS0" \
+ &
+ QEMU_PID=$!
+ "$TESTDIR/$TESTNAME.d/mock" "$i" "$SOCKETDIR" || exit 1
+ wait $QEMU_PID && rv=0 || rv=$?
+ unset QEMU_PID
+ [ $rv -eq 0 ] || exit $rv
+ done
+fi
+
+echo "PASSED"
+exit 0
diff --git a/debian/tests/utils/debootstrap b/debian/tests/utils/debootstrap
new file mode 100755
index 0000000..258be5a
--- /dev/null
+++ b/debian/tests/utils/debootstrap
@@ -0,0 +1,125 @@
+#!/bin/sh
+
+# Debootstrap a target system
+#
+# Copyright © 2021-2022 Guilhem Moulin <guilhem@debian.org>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+set -eu
+PATH="/usr/sbin:/usr/bin:/sbin:/bin"
+export PATH
+
+ESSENTIAL="/media/__essential__"
+TEMPDIR="$(mktemp --tmpdir --directory "debootstrap.XXXXXXXXXX")"
+trap "rm -rf -- \"$TEMPDIR\"" EXIT INT TERM
+
+sed -rn "/^Package:\\s*/I {s///;s/$/ install/p}" "$ESSENTIAL/Packages" >"$TEMPDIR/Packages.sel"
+
+install -m0644 /dev/null "/var/lib/dpkg/status"
+dpkg --update-avail "$ESSENTIAL/Packages"
+dpkg --set-selections <"$TEMPDIR/Packages.sel"
+
+mkdir -- "$TEMPDIR/dpkg"
+mkdir -- "$TEMPDIR/dpkg/files" "$TEMPDIR/dpkg/depends" "$TEMPDIR/dpkg/pre-depends"
+
+# extract metadata (package names, file names, Depends and Pre-Depends
+# for easier processing)
+for deb in "$ESSENTIAL"/*.deb; do
+ pkg=$(dpkg-deb --show --showformat="\${Package}" "$deb")
+ case "$pkg" in
+ # special case: base-files Pre-Depends on awk but we only have mawk (or gawk)
+ mawk|gawk) pkg="awk";;
+ esac
+ printf "%s\\n" "$pkg" >>"$TEMPDIR/dpkg/avail"
+ printf "%s\\n" "$deb" >"$TEMPDIR/dpkg/files/$pkg"
+ dpkg-deb --show --showformat="\${Pre-Depends}\\n" "$deb" >"$TEMPDIR/predeps"
+ dpkg-deb --show --showformat="\${Depends}\\n" "$deb" >"$TEMPDIR/deps"
+ sed -ri "s/,\\s*/\\n/g" -- "$TEMPDIR/predeps" "$TEMPDIR/deps"
+ sed -i "s/[[:blank:]:].*//; /^[[:blank:]]*$/d" -- "$TEMPDIR/predeps" "$TEMPDIR/deps"
+ mv -T -- "$TEMPDIR/predeps" "$TEMPDIR/dpkg/pre-depends/$pkg"
+ mv -T -- "$TEMPDIR/deps" "$TEMPDIR/dpkg/depends/$pkg"
+done
+
+if [ -L /bin ] && [ -L /sbin ] && [ -L /lib ]; then
+ # TODO remove this once Bookworm is released, assuming
+ # init-system-helpers no longer has "Depends: usrmerge | usr-is-merged"
+ sed -i "s/^usrmerge$/usr-is-merged/" -- "$TEMPDIR/dpkg/depends/init-system-helpers"
+fi
+
+# recursively append dependencies to $OUT; abort and return 1 if one of
+# the (recursive) dependency has an unsatisfied Pre-Depends
+resolve_deps() {
+ local pkg="$1" dep
+ while read -r dep; do
+ if grep -Fxq -e "$dep" <"$TEMPDIR/dpkg/avail"; then
+ # $pkg has an unsatisfied Pre-Depends, can't proceed further
+ return 1
+ fi
+ done <"$TEMPDIR/dpkg/pre-depends/$pkg"
+ while read -r dep; do
+ if grep -Fxq -e "$dep" <"$TEMPDIR/dpkg/avail" && ! grep -Fxq -e "$dep" <"$OUT"; then # break cycles
+ printf "%s\\n" "$dep" >>"$OUT"
+ resolve_deps "$dep" || return $?
+ fi
+ done <"$TEMPDIR/dpkg/depends/$pkg"
+ return 0
+}
+
+# dump to $OUT a list of packages that can be installed (only packages
+# without unsatisfied pre-dependencies, and typically packages that are
+# pre-dependencies of other packages) -- using `dpkg --predep-package`
+# would be convenient but it doesn't work with recursive dependencies,
+# cf. #539133
+can_install_next() {
+ local pkg
+ while read -r pkg; do
+ printf "%s\\n" "$pkg" >"$OUT"
+ if resolve_deps "$pkg"; then
+ return 0
+ fi
+ done <"$TEMPDIR/dpkg/avail"
+
+ echo "PANIC: No remaining dependencies are satisfiable!" >&2
+ cat <"$TEMPDIR/dpkg/avail" >&2
+ exit 1
+}
+
+# keep going until all available packages are installed
+OUT="$TEMPDIR/pkg.list"
+XARGS_IN="$TEMPDIR/deb.list"
+while [ -s "$TEMPDIR/dpkg/avail" ]; do
+ can_install_next || exit 1
+
+ echo -n ">>> Installing: " >&2
+ paste -sd" " <"$OUT" >&2
+
+ while read -r pkg; do
+ cat "$TEMPDIR/dpkg/files/$pkg"
+ done <"$OUT" >"$XARGS_IN"
+ xargs -a"$XARGS_IN" -d"\\n" dpkg -i
+
+ grep -Fx -vf "$OUT" <"$TEMPDIR/dpkg/avail" >"$TEMPDIR/dpkg/avail.new" || true
+ mv -T -- "$TEMPDIR/dpkg/avail.new" "$TEMPDIR/dpkg/avail"
+done
+
+echo apt apt >/var/lib/dpkg/cmethopt
+echo "deb [trusted=yes] file:/media/dists /" >/etc/apt/sources.list
+cat >/etc/apt/apt.conf.d/99debootstrap <<-EOF
+ Acquire::Languages "none";
+ APT::Install-Recommends "false";
+ APT::Install-Suggests "false";
+EOF
+
+apt-get -oAcquire::Languages="none" -oAPT::Sandbox::User="root" -qq update
diff --git a/debian/tests/utils/init b/debian/tests/utils/init
new file mode 100755
index 0000000..331cd6f
--- /dev/null
+++ b/debian/tests/utils/init
@@ -0,0 +1,273 @@
+#!/bin/sh
+
+# PID1 at initramfs stage
+#
+# Copyright © 2021-2022 Guilhem Moulin <guilhem@debian.org>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+set -eux
+PATH="/usr/sbin:/usr/bin:/sbin:/bin"
+export PATH
+
+trap "echo \"ALERT! Couldn't setup system, dropping to a shell.\" >&2; sh -i" 0
+
+# set VT100 autowrap mode again (QEMU might mess the terminal up)
+printf '\033[?7h'
+
+mount -t devtmpfs -o noexec,nosuid,mode=0755 udev /dev
+
+mkdir /dev/pts /proc /run /sys
+mount -t devpts -o noexec,nosuid,gid=5,mode=0620 devpts /dev/pts
+mount -t proc -o nodev,noexec,nosuid proc /proc
+mount -t tmpfs -o nodev,noexec,nosuid,size=5%,mode=0755 tmpfs /run
+mount -t sysfs -o nodev,noexec,nosuid sysfs /sys
+
+modprobe virtio_rng # /dev/hwrng (avoid entropy starvation)
+modprobe virtio_pci
+modprobe virtio_blk # /dev/vd[a-z]
+modprobe virtio_console # /dev/hvc[0-7]
+
+# start udevd
+/lib/systemd/systemd-udevd --daemon
+udevadm trigger --type=subsystems --action=add
+udevadm trigger --type=devices --action=add
+udevadm settle
+
+. /init.conf
+
+# https://en.wikipedia.org/wiki/GUID_Partition_Table#Partition_type_GUIDs
+GUID_TYPE_MBR="024DEE41-33E7-11D3-9D69-0008C781F39F" # MBR partition scheme
+GUID_TYPE_EFI="C12A7328-F81F-11D2-BA4B-00A0C93EC93B" # EFI boot partition
+GUID_TYPE_BIOS_boot="21686148-6449-6E6F-744E-656564454649" # BIOS boot partition
+GUID_TYPE_Linux_FS="0FC63DAF-8483-4772-8E79-3D69D8477DE4" # Linux filesystem data
+GUID_TYPE_LUKS="CA7D7CCB-63ED-4C53-861C-1742536059CC" # LUKS partition
+GUID_TYPE_DMCRYPT="7FFEC5C9-2D00-49B7-8941-3EA10A5586B7" # Plain dm-crypt partition
+GUID_TYPE_LVM="E6D6D379-F507-44C2-A23C-238F2A3DF928" # Logical Volume Manager partition
+GUID_TYPE_RAID="A19D880F-05FC-4D3B-A006-743F0F84911E" # RAID partition
+
+if [ "$BOOT" = "bios" ]; then
+ BOOT_PARTITION_SIZE=2
+ BOOT_PARTITION_TYPE="$GUID_TYPE_BIOS_boot"
+elif [ "$BOOT" = "efi" ]; then
+ BOOT_PARTITION_SIZE=63
+ BOOT_PARTITION_TYPE="$GUID_TYPE_EFI"
+else
+ echo "ERROR unknown boot method '$BOOT'" >&2
+ exit 1
+fi
+
+# format the target disk and create a BIOS/EFI partition
+sfdisk /dev/vda <<-EOF
+ label: gpt
+ unit: sectors
+
+ start=$((1024*2)), size=$((BOOT_PARTITION_SIZE*1024*2)), type=$BOOT_PARTITION_TYPE
+EOF
+udevadm settle
+
+ROOT="/target"
+mkdir -m0755 "$ROOT"
+# /init.setup is expected to create the root filesystem of the target
+# system and mount it (alongside other filesystems) on $ROOT
+. /init.setup
+udevadm settle
+
+# inspired by debootstrap's /usr/share/debootstrap/functions
+if [ "$MERGED_USR" = "yes" ]; then
+ case "$ARCH" in
+ amd64) libdir="lib32 lib64 libx32";;
+ i386) libdir="lib64 libx32";;
+ mips|mipsel) libdir="lib32 lib64";;
+ mips64*|mipsn32*) libdir="lib32 lib64 libo32";;
+ loongarch64*) libdir="lib32 lib64";;
+ powerpc) libdir="lib64";;
+ ppc64) libdir="lib32 lib64";;
+ ppc64el) libdir="lib64";;
+ s390x) libdir="lib32";;
+ sparc) libdir="lib64";;
+ sparc64) libdir="lib32 lib64";;
+ x32) libdir="lib32 lib64 libx32";;
+ *) libdir="";;
+ esac
+ for dir in bin sbin lib $libdir; do
+ ln -s "usr/$dir" "$ROOT/$dir"
+ mkdir -p "$ROOT/usr/$dir"
+ done
+fi
+
+mkdir /media
+DEBIAN_DIST="$(blkid -l -t LABEL="debian_dist" -o device)"
+mount -t ext2 -o ro "$DEBIAN_DIST" /media
+for pkg in /media/__stage1__/*.deb; do
+ dpkg-deb --fsys-tarfile "$pkg" | tar -C "$ROOT" -xf - --keep-directory-symlink
+done
+
+# setup hosts(5) and hostname(5)
+echo "$HOSTNAME" >"$ROOT/etc/hostname"
+echo "127.0.0.1 localhost $HOSTNAME" >"$ROOT/etc/hosts"
+
+# EFI
+if [ "$BOOT" = "efi" ]; then
+ modprobe efivarfs
+ mount -t efivarfs efivarfs /sys/firmware/efi/efivars
+
+ mkfs.vfat -F 32 /dev/vda1
+ mkdir "$ROOT/boot/efi"
+ mount -t vfat /dev/vda1 "$ROOT/boot/efi"
+
+ cat >>"$ROOT/etc/fstab" <<-EOF
+ UUID=$(blkid -s UUID -o value /dev/vda1) /boot/efi auto defaults 0 2
+ EOF
+fi
+
+# bind mount pseudo and temporary filesystems to "$ROOT"
+mount -no bind /dev "$ROOT/dev"
+mount -no bind /proc "$ROOT/proc"
+mount -no bind /sys "$ROOT/sys"
+mount -t tmpfs -o nodev,noexec,nosuid,size=5%,mode=0755 tmpfs "$ROOT/run"
+
+# prevent any services from starting during package installation, taken
+# from debootstrap(8)
+cat >"$ROOT/usr/sbin/policy-rc.d" <<-EOF
+ #!/bin/sh
+ exit 101
+EOF
+chmod +x "$ROOT/usr/sbin/policy-rc.d"
+
+mv "$ROOT/sbin/start-stop-daemon" "$ROOT/sbin/start-stop-daemon.REAL"
+cat >"$ROOT/sbin/start-stop-daemon" <<-EOF
+ #!/bin/sh
+ echo
+ echo "Warning: Fake start-stop-daemon called, doing nothing"
+EOF
+chmod +x "$ROOT/usr/sbin/policy-rc.d" "$ROOT/sbin/start-stop-daemon"
+
+DEBIAN_FRONTEND="noninteractive"
+DEBCONF_NONINTERACTIVE_SEEN="true"
+export DEBIAN_FRONTEND DEBCONF_NONINTERACTIVE_SEEN
+
+# debootstrap the target system
+mkdir "$ROOT/media"
+mount -no move /media "$ROOT/media"
+cp -p /debootstrap "$ROOT/debootstrap"
+chroot "$ROOT" /debootstrap
+rm -f "$ROOT/debootstrap"
+
+# use MODULES=dep (if it works with fewer modules then it also works
+# with the default MODULES=most)
+mkdir -p "$ROOT/etc/initramfs-tools/conf.d"
+echo "MODULES=dep" >"$ROOT/etc/initramfs-tools/conf.d/modules"
+
+cp /init.preinst "$ROOT/init.preinst"
+chroot "$ROOT" /bin/sh -eux /init.preinst
+rm -f "$ROOT/init.preinst"
+udevadm settle
+
+# install extra packages
+chroot "$ROOT" apt-get -oAPT::Sandbox::User="root" install --yes $PACKAGES
+rm -f "$ROOT/etc/apt/sources.list"
+
+# configure and install GRUB
+cat >"$ROOT/etc/default/grub" <<-EOF
+ GRUB_DEFAULT=0
+ GRUB_TIMEOUT=0
+ GRUB_CMDLINE_LINUX_DEFAULT=""
+ GRUB_CMDLINE_LINUX="console=$CONSOLE,115200n8"
+ GRUB_DISABLE_RECOVERY=true
+ GRUB_TERMINAL="console serial"
+ GRUB_SERIAL_COMMAND="serial --speed=115200"
+EOF
+chroot "$ROOT" grub-install --no-floppy --modules=part_gpt /dev/vda
+chroot "$ROOT" update-grub
+
+chroot "$ROOT" passwd --delete root # make root account passwordless
+
+# show some system info right after login to ease troubleshooting
+cat >"$ROOT/root/.profile" <<-EOF
+ run_verbose() {
+ printf "\\\`%s\\\` output:\\\\n" "\$*"
+ "\$@"
+ }
+ stty cols 150
+ run_verbose dmsetup table
+ run_verbose lsblk
+ run_verbose df -h
+EOF
+
+cat >"$ROOT/root/.inputrc" <<-EOF
+ # disabled bracketed paste mode
+ set enable-bracketed-paste off
+EOF
+
+if [ -d "$ROOT/etc/systemd/system" ]; then
+ # systemd
+ if [ -c "$ROOT/dev/hvc0" ]; then
+ # serial-getty@ttyS0.service is automatically enabled due to the console= kernel parameter
+ ln -s "/dev/null" "$ROOT/etc/systemd/system/serial-getty@ttyS0.service"
+ ln -s "/lib/systemd/system/serial-getty@.service" \
+ "$ROOT/etc/systemd/system/getty.target.wants/serial-getty@hvc0.service"
+ fi
+
+ # mask all timer units
+ for t in "$ROOT"/lib/systemd/system/*.timer; do
+ test -f "$t" || continue
+ ln -s "/dev/null" "$ROOT/etc/systemd/system/${t##*/}"
+ done
+
+ # mask systemd-firstboot.service
+ ln -s "/dev/null" "/root/etc/systemd/system/systemd-firstboot.service"
+fi
+
+if [ -f "$ROOT/etc/inittab" ]; then
+ # sysvinit
+ if [ -c "$ROOT/dev/hvc0" ]; then
+ echo "h0:2345:respawn:/sbin/agetty -8 -L 115200 hvc0 linux"
+ else
+ echo "S0:23:respawn:/sbin/getty -8 -L 115200 $CONSOLE linux"
+ fi >>"$ROOT/etc/inittab"
+fi
+
+if [ -f /init.postinst ]; then
+ cp /init.postinst "$ROOT/init.postinst"
+ chroot "$ROOT" /bin/sh -eux /init.postinst
+ rm -f "$ROOT/init.postinst"
+fi
+
+# allow service startup again
+mv "$ROOT/sbin/start-stop-daemon.REAL" "$ROOT/sbin/start-stop-daemon"
+rm "$ROOT/usr/sbin/policy-rc.d"
+
+# unmount pseudo filesystems from the target system
+umount "$ROOT/dev"
+umount "$ROOT/proc"
+umount "$ROOT/sys"
+
+if [ "$BOOT" = "efi" ]; then
+ umount "$ROOT/boot/efi"
+fi
+umount "$ROOT/media"
+umount "$ROOT/run"
+
+# /init.bottom is expected to umount $ROOT and its submounts
+ROOT="$ROOT" sh -eux /init.bottom
+
+# stop udevd
+udevadm control --exit
+
+# exiting this script yields "Kernel panic - not syncing: Attempted to
+# kill init!", so give the asyncronous SysRq trigger a chance to power
+# off (sending a racy C-d would still trigger a panic but we don't care)
+echo o >/proc/sysrq-trigger
+exec cat >/dev/null
diff --git a/debian/tests/utils/mkinitramfs b/debian/tests/utils/mkinitramfs
new file mode 100755
index 0000000..6bc70f4
--- /dev/null
+++ b/debian/tests/utils/mkinitramfs
@@ -0,0 +1,159 @@
+#!/bin/sh
+
+# Generate an initramfs image, much like mkinitramfs(8) but simpler
+#
+# Copyright © 2021-2022 Guilhem Moulin <guilhem@debian.org>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+set -eu
+PATH="/usr/sbin:/usr/bin:/sbin:/bin"
+export PATH
+
+unset DEBUG
+EXTRACT_DIR="$1"
+KERNEL_VERSION="$2"
+INITRD="$3"
+
+UTILS="$(dirname -- "$0")"
+DESTDIR="$(mktemp --directory -- "$INITRD.XXXXXXXXXX")"
+trap "rm -r${DEBUG:+v}f -- \"$DESTDIR\"" EXIT INT TERM
+
+# from /usr/sbin/mkinitramfs: create usr-merged filesystem layout, to
+# avoid duplicates if the host filesystem is usr-merged
+for d in /bin /lib* /sbin; do
+ [ -d "$d" ] || continue
+ mkdir -p "$DESTDIR/usr$d"
+ ln -sT "usr$d" "$DESTDIR$d"
+done
+
+install -m0755 "$UTILS/init" "$DESTDIR/init"
+install -m0755 "$UTILS/debootstrap" "$DESTDIR/debootstrap"
+cat >"$DESTDIR/init.conf" <<- EOF
+ HOSTNAME="$TESTNAME"
+ export HOSTNAME
+ PACKAGES="$PACKAGES"
+ BOOT="$BOOT"
+ CONSOLE="$CONSOLE"
+ ARCH="$ARCH"
+ MERGED_USR="$MERGED_USR"
+EOF
+
+for p in setup preinst postinst bottom; do
+ # setup: sourced after creating the BIOS or EFI boot partition
+ # preinst: run in chroot after debootstrap, but before installing extra packages
+ # postinst: optionally run in chroot after installing extra packages
+ # bottom: last thing to run before shutdown
+ if [ -f "$TESTDIR/$TESTNAME.d/$p" ]; then
+ install -m0755 "$TESTDIR/$TESTNAME.d/$p" "$DESTDIR/init.$p"
+ fi
+done
+
+MODULES="dm_crypt ext4 btrfs raid0 raid1"
+if [ "$BOOT" = "efi" ]; then
+ MODULES="$MODULES efivarfs nls_ascii nls_cp437 vfat"
+fi
+
+depmod -ab "$EXTRACT_DIR" "$KERNEL_VERSION"
+for kmod in virtio_console virtio_blk virtio_pci virtio_rng \
+ "$EXTRACT_DIR/lib/modules/$KERNEL_VERSION"/kernel/arch/*/crypto/*.ko* \
+ "$EXTRACT_DIR/lib/modules/$KERNEL_VERSION"/kernel/crypto/*.ko* \
+ $MODULES; do
+ kmod="${kmod##*/}"
+ modprobe -aid "$EXTRACT_DIR" -S "$KERNEL_VERSION" --show-depends "${kmod%%.*}"
+done | while read -r insmod kmod _; do
+ [ "$insmod" = "insmod" ] || continue
+ kmod_rel="${kmod#"$EXTRACT_DIR/lib/modules/$KERNEL_VERSION/"}"
+ if [ ! -f "$kmod" ] || [ "${kmod_rel#kernel/}" = "$kmod_rel" ]; then
+ echo "Error: Unexpected modprobe output: $insmod $kmod" >&2
+ exit 1
+ fi
+ mkdir -p "$DESTDIR/lib/modules/$KERNEL_VERSION/${kmod_rel%/*}"
+ ln -f${DEBUG:+v}T -- "$kmod" "$DESTDIR/lib/modules/$KERNEL_VERSION/$kmod_rel"
+done
+
+ln -t "$DESTDIR/lib/modules/$KERNEL_VERSION" -- \
+ "$EXTRACT_DIR/lib/modules/$KERNEL_VERSION/modules.order" \
+ "$EXTRACT_DIR/lib/modules/$KERNEL_VERSION/modules.builtin"
+depmod -wab "$DESTDIR" "$KERNEL_VERSION"
+
+verbose="${DEBUG-}"
+. /usr/share/initramfs-tools/hook-functions # for copy_exec()
+if [ -f "$TESTDIR/$TESTNAME.d/mkinitramfs" ]; then
+ . "$TESTDIR/$TESTNAME.d/mkinitramfs"
+fi
+
+copy_exec /bin/cp
+copy_exec /bin/rm
+copy_exec /bin/chmod
+
+copy_exec /sbin/modprobe
+copy_exec /sbin/blkid
+copy_exec /sbin/sfdisk
+copy_exec /sbin/mkswap
+copy_exec /sbin/swapon
+copy_exec /sbin/swapoff
+copy_exec /sbin/cryptsetup
+copy_exec /sbin/dmsetup
+copy_exec /usr/bin/dpkg-deb
+copy_exec /bin/tar
+
+# assume ossl-modules/legacy.so and libgcc_s.so are relative to the linked libcryptsetup.so
+libdir="$(env --unset=LD_PRELOAD ldd /sbin/cryptsetup | sed -nr '/.*=>\s*(\S+)\/libcryptsetup\.so\..*/ {s//\1/p;q}')"
+copy_exec "$libdir/ossl-modules/legacy.so" || true
+copy_libgcc "$libdir"
+
+for p in /sbin/cryptsetup /sbin/lvm /sbin/mdadm /sbin/mke2fs /sbin/mkfs.btrfs /bin/btrfs; do
+ if [ -x "$p" ]; then
+ copy_exec "$p"
+ fi
+done
+
+if [ "$BOOT" = "efi" ]; then
+ if [ ! -x "/sbin/mkfs.vfat" ]; then
+ echo "Couldn't find mkfs.vfat, is the 'dosfstools' package installed?" >&2
+ exit 1
+ fi
+ copy_exec /sbin/mkfs.vfat
+fi
+
+cp -pLt "$DESTDIR/lib" /lib/klibc-*.so
+for cmd in cat chroot ln ls mkdir mount mv sh umount uname; do
+ exe="/usr/lib/klibc/bin/$cmd"
+ if [ ! -f "$exe" ] || [ ! -x "$exe" ]; then
+ echo "No such executable: $exe" >&2
+ exit 1
+ fi
+ copy_exec "$exe" /bin
+done
+
+# copy udevd and (some of) its rules
+copy_exec /lib/systemd/systemd-udevd
+copy_exec /bin/udevadm
+
+mkdir -p -- "$DESTDIR/etc/udev" "$DESTDIR/lib/udev/rules.d"
+cat >"$DESTDIR/etc/udev/udev.conf" <<-EOF
+ udev_log=info
+ resolve_names=never
+EOF
+for rules in 50-udev-default.rules 55-dm.rules 60-block.rules \
+ 60-persistent-storage.rules 60-persistent-storage-dm.rules \
+ 63-md-raid-arrays.rules 95-dm-notify.rules; do
+ if [ -e "/lib/udev/rules.d/$rules" ]; then
+ cp -T "/lib/udev/rules.d/$rules" "$DESTDIR/lib/udev/rules.d/$rules"
+ fi
+done
+
+cd "$DESTDIR"
+find . -print0 | cpio -o0 -R 0:0 -H newc --quiet ${DEBUG:+--verbose} >"$INITRD"
diff --git a/debian/tests/utils/mock.pm b/debian/tests/utils/mock.pm
new file mode 100644
index 0000000..10db3e6
--- /dev/null
+++ b/debian/tests/utils/mock.pm
@@ -0,0 +1,347 @@
+# Mock terminal interaction on a guest system
+#
+# Copyright © 2021-2022 Guilhem Moulin <guilhem@debian.org>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+use v5.14.2;
+use warnings;
+use strict;
+
+our ($SERIAL, $CONSOLE, $MONITOR);
+our $PS1 = qr/root\@[\-\.0-9A-Z_a-z]+ : [~\/][\-\.\/0-9A-Z_a-z]* [\#\$]\ /aax;
+
+package CryptrootTest::Utils;
+
+use Socket qw/PF_UNIX SOCK_STREAM SOCK_CLOEXEC SOCK_NONBLOCK SHUT_RD SHUT_WR/;
+use Errno qw/EINTR ENOENT ECONNREFUSED/;
+use Time::HiRes ();
+
+my (%SOCKET, %BUFFER, $WBITS, $RBITS);
+
+BEGIN {
+ ($SERIAL, $CONSOLE, $MONITOR) = qw/ttyS0 hvc0 mon0/;
+ my $dir = $ARGV[1] =~ m#\A(/\p{Print}+)\z# ? $1 : die "Invalid base directory\n"; # untaint
+ my $epoch = Time::HiRes::time();
+ foreach my $id ($SERIAL, $CONSOLE, $MONITOR) {
+ my $path = $dir . "/" . $id;
+ my $sockaddr = Socket::pack_sockaddr_un($path) // die;
+ socket(my $socket, PF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) or die "socket: $!";
+
+ until (connect($socket, $sockaddr)) {
+ if ($! == EINTR) {
+ # try again immediatly if connect(2) was interrupted by a signal
+ } elsif (($! == ENOENT or $! == ECONNREFUSED) and Time::HiRes::time() - $epoch < 30) {
+ # wait a bit to give QEMU time to create the socket and mark it at listening
+ Time::HiRes::usleep(100_000);
+ } else {
+ die "connect($path): $!";
+ }
+ }
+
+ my $fd = fileno($socket) // die;
+ vec($WBITS, $fd, 1) = 1;
+ vec($RBITS, $fd, 1) = 1;
+ $SOCKET{$id} = $socket;
+ $BUFFER{$id} = "";
+ }
+}
+
+sub read_data($) {
+ my $bits = shift;
+ while (my ($chan, $fh) = each %SOCKET) {
+ next unless vec($bits, fileno($fh), 1); # nothing to read here
+ my $n = sysread($fh, my $buf, 4096) // die "read: $!";
+ if ($n > 0) {
+ STDOUT->printflush($buf);
+ $BUFFER{$chan} .= $buf;
+ } else {
+ #print STDERR "INFO done reading from $chan\n";
+ shutdown($fh, SHUT_RD) or die "shutdown: $!";
+ vec($RBITS, fileno($fh), 1) = 0;
+ }
+ }
+}
+
+sub expect(;$$) {
+ my ($chan, $prompt) = @_;
+
+ my $buffer = defined $chan ? \$BUFFER{$chan} : undef;
+ if (defined $buffer and $$buffer =~ $prompt) {
+ $$buffer = $' // die;
+ return %+;
+ }
+
+ while(unpack("b*", $RBITS) != 0) {
+ my $rout = $RBITS;
+ while (select($rout, undef, undef, undef) == -1) {
+ die "select: $!" unless $! == EINTR; # try again immediately if select(2) was interrupted
+ }
+ read_data($rout);
+ if (defined $buffer and $$buffer =~ $prompt) {
+ $$buffer = $' // die;
+ return %+;
+ }
+ }
+ #print STDERR "INFO done reading\n";
+}
+
+sub write_data($$%) {
+ my $chan = shift;
+ my $data = shift;
+
+ my %options = @_;
+ $options{echo} //= 1;
+ $options{eol} //= "\r";
+ $options{reol} //= "\r\n";
+ my $wdata = $data . $options{eol};
+
+ my $wfh = $SOCKET{$chan} // die;
+ my $wfd = fileno($wfh) // die;
+ vec(my $win, $wfd, 1) = 1;
+
+ for (my $offset = 0, my $length = length($wdata); $offset < $length;) {
+ my $wout = $win;
+ while (select(undef, $wout, undef, undef) == -1) {
+ die "select: $!" unless $! == EINTR; # try again immediately if select(2) was interrupted
+ }
+ if (vec($wout, $wfd, 1)) {
+ my $n = syswrite($wfh, $wdata, $length - $offset, $offset) // die "write: $!";
+ $offset += $n;
+ }
+ }
+
+ my $rdata = $options{echo} ? $data : "";
+ $rdata .= $options{reol};
+
+ if ($rdata ne "") {
+ my $buf = \$BUFFER{$chan};
+ my $rfh = $SOCKET{$chan} // die;
+ my $rfd = fileno($rfh) // die;
+ vec(my $rin, $rfd, 1) = 1;
+
+ my $rlen = length($rdata);
+ while($rlen > 0) {
+ my $rout = $rin;
+ while (select($rout, undef, undef, undef) == -1) {
+ die "select: $!" unless $! == EINTR; # try again immediately if select(2) was interrupted
+ }
+ read_data($rout);
+
+ my $got = substr($$buf, 0, $rlen);
+ my $n = length($got);
+ if ($got eq substr($rdata, -$rlen, $n)) {
+ $$buf = substr($$buf, $n); # consume the command
+ $rlen -= $n;
+ } else {
+ my $a = substr($rdata, 0, -$rlen) . substr($rdata, -$rlen, $n);
+ my $b = substr($rdata, 0, -$rlen) . $got;
+ s/[^\p{Graph} ]/"\\x".unpack("H*",$&)/ge foreach ($a, $b);
+ die "Wanted \"$a\", got \"$b\"";
+ }
+ }
+ }
+}
+
+package CryptrootTest::Mock;
+
+use Exporter qw/import/;
+BEGIN {
+ our @EXPORT = qw/
+ unlock_disk
+ login
+ shell
+ suspend
+ wakeup
+ hibernate
+ poweroff
+ expect
+ /;
+}
+
+*expect = \&CryptrootTest::Utils::expect;
+*write_data = \&CryptrootTest::Utils::write_data;
+
+sub unlock_disk($) {
+ my $passphrase = shift;
+ my %r = expect($SERIAL => qr/\A(?:.*(?:\r\n|\.\.\. ))?Please unlock disk (?<name>\p{Graph}+): \z/aams);
+ if ((my $ref = ref($passphrase)) ne "") {
+ my $name = $r{name};
+ unless (defined $name) {
+ undef $passphrase;
+ } elsif ($ref eq "CODE") {
+ $passphrase = $passphrase->($name);
+ } elsif ($ref eq "HASH") {
+ $passphrase = $passphrase->{$name};
+ } else {
+ die "Unsupported reference $ref";
+ }
+ }
+ die "Unable to unlock, aborting.\n" unless defined $passphrase;
+ write_data($SERIAL => $passphrase, echo => 0, reol => "\r");
+}
+
+sub login($;$) {
+ my ($username, $password) = @_;
+ expect($CONSOLE => qr/\r\ncryptroot-[[:alnum:]._-]+ login: \z/aams);
+ write_data($CONSOLE => $username, reol => "\r");
+
+ if (defined $password) {
+ expect($CONSOLE => qr/\A[\r\n]*Password: \z/aams);
+ write_data($CONSOLE => $username, echo => 0, reol => "\r");
+ }
+
+ # consume motd(5) or similar
+ expect($CONSOLE => qr/\r\n $PS1 \z/aamsx);
+}
+
+sub shell($%);
+sub shell($%) {
+ my $command = shift;
+ my %options = @_;
+
+ write_data($CONSOLE => $command);
+ my %r = expect($CONSOLE => qr/\A (?<out>.*) $PS1 \z/aamsx);
+ my $out = $r{out};
+
+ if (exists $options{rv}) {
+ my $rv = shell(q{echo $?});
+ unless ($rv =~ s/\r?\n\z// and $rv =~ /\A[0-9]+\z/ and $rv == $options{rv}) {
+ my @loc = caller;
+ die "ERROR: Command \`$command\` exited with status $rv != $options{rv}",
+ " at line $loc[2] in $loc[1]\n";
+ }
+ }
+ return $out;
+}
+
+# enter S3 sleep state (suspend to ram aka standby)
+sub suspend() {
+ write_data($CONSOLE => q{systemctl suspend});
+ # while the command is asynchronous the system might suspend before
+ # we have a chance to read the next $PS1
+
+ # wait for the SUSPEND event
+ QMP::wait_for_event("SUSPEND");
+
+ # double check that the guest is indeed suspended
+ my $resp = QMP::command(q{query-status});
+ die unless defined $resp->{status} and $resp->{status} eq "suspended" and
+ defined $resp->{running} and $resp->{running} == JSON::false();
+}
+
+sub wakeup() {
+ my $r = QMP::command(q{system_wakeup});
+ die if %$r;
+
+ # wait for the WAKEUP event
+ QMP::wait_for_event("WAKEUP");
+
+ # double check that the guest is indeed running
+ my $resp = QMP::command(q{query-status});
+ die unless defined $resp->{status} and $resp->{status} eq "running" and
+ defined $resp->{running} and $resp->{running} == JSON::true();
+}
+
+# enter S4 sleep state (suspend to disk aka hibernate)
+sub hibernate() {
+ # an alternative is to send {"execute":"guest-suspend-disk"} on the
+ # guest agent socket, but we don't want to require qemu-guest-agent
+ # on the guest so this will have to do
+ write_data($CONSOLE => q{systemctl hibernate});
+ # while the command is asynchronous the system might hibernate
+ # before we have a chance to read the next $PS1
+ QMP::wait_for_event("SUSPEND_DISK");
+ expect();# wait for QEMU to terminate
+}
+
+sub poweroff() {
+ # XXX would be nice to use the QEMU monitor here but the guest
+ # doesn't seem to respond to system_powerdown QMP commands
+ write_data($CONSOLE => q{poweroff});
+ # while the command is asynchronous the system might shutdown
+ # before we have a chance to read the next $PS1
+ QMP::wait_for_event("SHUTDOWN");
+ expect(); # wait for QEMU to terminate
+}
+
+
+package QMP;
+
+# QMP protocol
+# https://qemu.readthedocs.io/en/latest/interop/qemu-qmp-ref.html
+
+use JSON ();
+
+# read and decode a QMP server line
+sub getline() {
+ my %r = CryptrootTest::Utils::expect($MONITOR => qr/\A(?<str>.+?)\r\n/m);
+ my $str = $r{str} // die;
+ return JSON::->new->decode($str);
+}
+
+# send a QMP command and optional arguments
+sub command($;$) {
+ my ($command, $arguments) = @_;
+ my $cmd = { execute => $command };
+ $cmd->{arguments} = $arguments if defined $arguments;
+
+ $cmd = JSON::->new->encode($cmd);
+ STDOUT->printflush($cmd . "\n");
+ CryptrootTest::Utils::write_data($MONITOR => $cmd, eol => "\r\n", echo => 0, reol => "");
+
+ while(1) {
+ my $resp = QMP::getline() // next;
+ # ignore unsolicited server responses (such as events)
+ return $resp->{return} if exists $resp->{return};
+ }
+}
+
+# wait for the QMP greeting line
+my @CAPABILITIES;
+sub greeting() {
+ my $greeting = QMP::getline() // die;
+ $greeting = $greeting->{QMP} // die;
+ @CAPABILITIES = @{$greeting->{capabilities}} if defined $greeting->{capabilities};
+}
+
+# negotiate QMP capabilities
+sub capabilities(@) {
+ my $r = QMP::command(qmp_capabilities => {enable => \@_});
+ die if %$r;
+}
+
+BEGIN {
+ # https://gitlab.com/qemu-project/qemu/-/blob/master/docs/interop/qmp-spec.txt sec 4
+ QMP::greeting();
+ QMP::capabilities();
+}
+
+sub wait_for_event($) {
+ my $event_name = shift;
+ while(1) {
+ my $resp = QMP::getline() // next;
+ return if exists $resp->{event} and $resp->{event} eq $event_name;
+ }
+}
+
+sub quit() {
+ # don't use QMP::command() here since we might never receive a response
+ my $cmd = JSON::->new->encode({ execute => "quit" });
+ STDOUT->printflush($cmd . "\n");
+ CryptrootTest::Utils::write_data($MONITOR => $cmd, eol => "\r\n", echo => 0, reol => "");
+ CryptrootTest::Utils::expect(); # wait for QEMU to terminate
+}
+
+1;
generated by cgit v1.2.3 (git 2.39.1) at 2024-10-23 17:53:33 +0000