summaryrefslogtreecommitdiffstats
path: root/test/TEST-24-CRYPTSETUP/test.sh
diff options
context:
space:
mode:
Diffstat (limited to 'test/TEST-24-CRYPTSETUP/test.sh')
-rwxr-xr-xtest/TEST-24-CRYPTSETUP/test.sh79
1 files changed, 79 insertions, 0 deletions
diff --git a/test/TEST-24-CRYPTSETUP/test.sh b/test/TEST-24-CRYPTSETUP/test.sh
new file mode 100755
index 0000000..2a6ad31
--- /dev/null
+++ b/test/TEST-24-CRYPTSETUP/test.sh
@@ -0,0 +1,79 @@
+#!/usr/bin/env bash
+set -e
+TEST_DESCRIPTION="cryptsetup systemd setup"
+IMAGE_NAME="cryptsetup"
+TEST_NO_NSPAWN=1
+
+. $TEST_BASE_DIR/test-functions
+
+check_result_qemu() {
+ ret=1
+ mount_initdir
+ [[ -e $initdir/testok ]] && ret=0
+ [[ -f $initdir/failed ]] && cp -a $initdir/failed $TESTDIR
+ cryptsetup luksOpen ${LOOPDEV}p2 varcrypt <$TESTDIR/keyfile
+ mount /dev/mapper/varcrypt $initdir/var
+ save_journal $initdir/var/log/journal
+ _umount_dir $initdir/var
+ _umount_dir $initdir
+ cryptsetup luksClose /dev/mapper/varcrypt
+ [[ -f $TESTDIR/failed ]] && cat $TESTDIR/failed
+ echo $JOURNAL_LIST
+ test -s $TESTDIR/failed && ret=$(($ret+1))
+ return $ret
+}
+
+test_create_image() {
+ create_empty_image_rootdir
+ echo -n test >$TESTDIR/keyfile
+ cryptsetup -q luksFormat --pbkdf pbkdf2 --pbkdf-force-iterations 1000 ${LOOPDEV}p2 $TESTDIR/keyfile
+ cryptsetup luksOpen ${LOOPDEV}p2 varcrypt <$TESTDIR/keyfile
+ mkfs.ext4 -L var /dev/mapper/varcrypt
+ mkdir -p $initdir/var
+ mount /dev/mapper/varcrypt $initdir/var
+
+ # Create what will eventually be our root filesystem onto an overlay
+ (
+ LOG_LEVEL=5
+ eval $(udevadm info --export --query=env --name=/dev/mapper/varcrypt)
+ eval $(udevadm info --export --query=env --name=${LOOPDEV}p2)
+
+ setup_basic_environment
+ mask_supporting_services
+
+ install_dmevent
+ generate_module_dependencies
+ cat >$initdir/etc/crypttab <<EOF
+$DM_NAME UUID=$ID_FS_UUID /etc/varkey
+EOF
+ echo -n test >$initdir/etc/varkey
+ cat $initdir/etc/crypttab | ddebug
+
+ cat >>$initdir/etc/fstab <<EOF
+/dev/mapper/varcrypt /var ext4 defaults 0 1
+EOF
+
+ # Forward journal messages to the console, so we have something
+ # to investigate even if we fail to mount the encrypted /var
+ echo ForwardToConsole=yes >> $initdir/etc/systemd/journald.conf
+ )
+}
+
+cleanup_root_var() {
+ ddebug "umount $initdir/var"
+ mountpoint $initdir/var && umount $initdir/var
+ [[ -b /dev/mapper/varcrypt ]] && cryptsetup luksClose /dev/mapper/varcrypt
+}
+
+test_cleanup() {
+ # ignore errors, so cleanup can continue
+ cleanup_root_var || :
+ _test_cleanup
+}
+
+test_setup_cleanup() {
+ cleanup_root_var || :
+ cleanup_initdir
+}
+
+do_test "$@" 24
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-27 00:51:23 +0000