From f7458043ae6a2d2d54b911fac52e50341646bef2 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Wed, 17 Apr 2024 10:35:41 +0200 Subject: Adding upstream version 2:2.7.0. Signed-off-by: Daniel Baumann --- tests/systemd-test-plugin | 66 ++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 54 insertions(+), 12 deletions(-) (limited to 'tests/systemd-test-plugin') diff --git a/tests/systemd-test-plugin b/tests/systemd-test-plugin index 5f37324..7515f76 100755 --- a/tests/systemd-test-plugin +++ b/tests/systemd-test-plugin @@ -61,14 +61,51 @@ CRYPTENROLL_LD_PRELOAD="" # if CRYPTSETUP_PATH is defined, we run against installed binaries, # otherwise we compile systemd tokens from source +[ ! -z "$CRYPTSETUP_TESTS_RUN_IN_MESON" ] && { + bin_check git + bin_check meson + bin_check ninja + bin_check pkgconf + + INSTALL_PATH=$CRYPTSETUP_PATH/../external-tokens/install + mkdir -p $INSTALL_PATH + DESTDIR=$INSTALL_PATH meson install -C .. + PC_FILE="$(find $INSTALL_PATH -name 'libcryptsetup.pc')" + echo "INSTALL_PATH $INSTALL_PATH" + echo "PC_FILE $PC_FILE" + sed -i "s/^prefix=/prefix=${INSTALL_PATH//\//\\\/}/g" "$PC_FILE" + export PKG_CONFIG_PATH=$(dirname $PC_FILE) + + # systemd build system misses libcryptsetup.h if it is installed in non-default path + export CFLAGS="${CFLAGS:-} $(pkgconf --cflags libcryptsetup)" + + SYSTEMD_PATH=$CRYPTSETUP_PATH/../external-tokens/systemd + SYSTEMD_CRYPTENROLL=$SYSTEMD_PATH/build/systemd-cryptenroll + + mkdir -p $SYSTEMD_PATH + [ -d $SYSTEMD_PATH/.git ] || git clone --depth=1 https://github.com/systemd/systemd.git $SYSTEMD_PATH + cd $SYSTEMD_PATH + meson setup build/ -D tpm2=true -D libcryptsetup=true -D libcryptsetup-plugins=true || skip "Failed to configure systemd via meson, some dependencies are probably missing." + ninja -C build/ systemd-cryptenroll libcryptsetup-token-systemd-tpm2.so || skip "Failed to build systemd." + + CRYPTSETUP_TOKENS_PATH=$CRYPTSETUP_PATH/../tokens/ssh + + cd $CRYPTSETUP_PATH/../tests + cp $SYSTEMD_PATH/build/libcryptsetup-token-*.so $CRYPTSETUP_TOKENS_PATH + cp $SYSTEMD_PATH/build/src/shared/*.so $CRYPTSETUP_TOKENS_PATH + export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$CRYPTSETUP_PATH/../tests" + + CRYPTENROLL_LD_PRELOAD="$CRYPTSETUP_PATH/../lib/libcryptsetup.so" + + echo "CRYPTENROLL_LD_PRELOAD $CRYPTENROLL_LD_PRELOAD" +} + [ -z "$CRYPTSETUP_PATH" ] && { bin_check git bin_check meson bin_check ninja bin_check pkgconf - TOKEN_PATH=fake_token_path.so - [ -f $TOKEN_PATH ] || skip "Please compile $TOKEN_PATH." INSTALL_PATH=$(pwd)/external-tokens/install make -C .. install DESTDIR=$INSTALL_PATH PC_FILE="$(find $INSTALL_PATH -name 'libcryptsetup.pc')" @@ -83,16 +120,17 @@ CRYPTENROLL_LD_PRELOAD="" SYSTEMD_CRYPTENROLL=$SYSTEMD_PATH/build/systemd-cryptenroll mkdir -p $SYSTEMD_PATH - [ "$(ls -A $SYSTEMD_PATH)" ] || git clone --depth=1 https://github.com/systemd/systemd.git $SYSTEMD_PATH + [ -d $SYSTEMD_PATH/.git ] || git clone --depth=1 https://github.com/systemd/systemd.git $SYSTEMD_PATH cd $SYSTEMD_PATH - meson -D tpm2=true -D libcryptsetup=true -D libcryptsetup-plugins=true build/ || skip "Failed to configure systemd via meson, some dependencies are probably missing." + meson setup build/ -D tpm2=true -D libcryptsetup=true -D libcryptsetup-plugins=true || skip "Failed to configure systemd via meson, some dependencies are probably missing." ninja -C build/ systemd-cryptenroll libcryptsetup-token-systemd-tpm2.so || skip "Failed to build systemd." + CRYPTSETUP_TOKENS_PATH=$CRYPTSETUP_PATH/.libs + cd $CRYPTSETUP_PATH/tests - cp $SYSTEMD_PATH/build/libcryptsetup-token-*.so ../.libs/ - cp $SYSTEMD_PATH/build/src/shared/*.so ../.libs/ + cp $SYSTEMD_PATH/build/libcryptsetup-token-*.so $CRYPTSETUP_TOKENS_PATH + cp $SYSTEMD_PATH/build/src/shared/*.so $CRYPTSETUP_TOKENS_PATH - export LD_PRELOAD="${LD_PRELOAD-}:$CRYPTSETUP_PATH/tests/$TOKEN_PATH" CRYPTENROLL_LD_PRELOAD="$CRYPTSETUP_PATH/.libs/libcryptsetup.so" } CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup @@ -115,7 +153,11 @@ CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup echo "Virtual TPM set up at $TPM_PATH" } +if [ -n "$SSH_BUILD_DIR" ]; then + CUSTOM_TOKENS_PATH="--external-tokens-path $SSH_BUILD_DIR" +fi FAKE_TPM_PATH="$(pwd)/fake_systemd_tpm_path.so" +[ ! -z "$CRYPTSETUP_TESTS_RUN_IN_MESON" ] && FAKE_TPM_PATH="$CRYPTSETUP_PATH/../tests/fake_systemd_tpm_path.so" [ -f $FAKE_TPM_PATH ] || skip "Please compile $FAKE_TPM_PATH." export LD_PRELOAD="$LD_PRELOAD:$FAKE_TPM_PATH" @@ -128,23 +170,23 @@ echo $PASSWD | $CRYPTSETUP luksFormat --type luks2 $FAST_PBKDF_OPT $IMG --force- echo "Enrolling the device to TPM 2 using systemd-cryptenroll.." LD_PRELOAD="$LD_PRELOAD:$CRYPTENROLL_LD_PRELOAD" PASSWORD="$PASSWD" $SYSTEMD_CRYPTENROLL $IMG --tpm2-device=$TPM_PATH >/dev/null 2>&1 -$CRYPTSETUP luksDump $IMG | grep -q "tpm2-blob" || fail "Failed to dump $IMG using systemd_tpm2 token (no tpm2-blob in output)." +$CRYPTSETUP luksDump --external-tokens-path $CRYPTSETUP_TOKENS_PATH $IMG | grep -q "tpm2-blob" || fail "Failed to dump $IMG using systemd_tpm2 token (no tpm2-blob in output)." echo "Activating the device via TPM2 external token.." -$CRYPTSETUP open --token-only $IMG $MAP >/dev/null 2>&1 || fail "Failed to open $IMG using systemd_tpm2 token." +$CRYPTSETUP open --external-tokens-path $CRYPTSETUP_TOKENS_PATH --token-only $IMG $MAP >/dev/null 2>&1 || fail "Failed to open $IMG using systemd_tpm2 token." $CRYPTSETUP close $MAP >/dev/null 2>&1 || fail "Failed to close $MAP." echo "Adding passphrase via TPM2 token.." -echo $PASSWD2 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $IMG --force-password -q --token-only >/dev/null 2>&1 || fail "Failed to add passphrase by tpm2 token." +echo $PASSWD2 | $CRYPTSETUP luksAddKey --external-tokens-path $CRYPTSETUP_TOKENS_PATH $FAST_PBKDF_OPT $IMG --force-password -q --token-only >/dev/null 2>&1 || fail "Failed to add passphrase by tpm2 token." echo $PASSWD2 | $CRYPTSETUP open $IMG --test-passphrase --disable-external-tokens >/dev/null 2>&1 || fail "Failed to test passphrase added by tpm2 token." echo "Exporting and removing TPM2 token.." EXPORTED_TOKEN=$($CRYPTSETUP token export $IMG --token-id 0) $CRYPTSETUP token remove $IMG --token-id 0 -$CRYPTSETUP open $IMG --test-passphrase --token-only >/dev/null 2>&1 && fail "Activating without passphrase should fail after TPM2 token removal." +$CRYPTSETUP open --external-tokens-path $CRYPTSETUP_TOKENS_PATH $IMG --test-passphrase --token-only >/dev/null 2>&1 && fail "Activating without passphrase should fail after TPM2 token removal." echo "Re-importing TPM2 token.." echo $EXPORTED_TOKEN | $CRYPTSETUP token import $IMG --token-id 0 || fail "Failed to re-import deleted token." -$CRYPTSETUP open $IMG --test-passphrase --token-only >/dev/null 2>&1 || fail "Failed to activate after re-importing deleted token." +$CRYPTSETUP open --external-tokens-path $CRYPTSETUP_TOKENS_PATH $IMG --test-passphrase --token-only >/dev/null 2>&1 || fail "Failed to activate after re-importing deleted token." cleanup exit 0 -- cgit v1.2.3