7 files changed, 145 insertions, 0 deletions

diff --git a/debian/tests/cryptroot-lvm b/debian/tests/cryptroot-lvm
new file mode 120000
index 0000000..2e34c2d
--- /dev/null
+++ b/debian/tests/cryptroot-lvm
@@ -0,0 +1 @@
+utils/cryptroot-common
\ No newline at end of file
diff --git a/debian/tests/cryptroot-lvm.d/bottom b/debian/tests/cryptroot-lvm.d/bottom
new file mode 100644
index 0000000..8bf492f
--- /dev/null
+++ b/debian/tests/cryptroot-lvm.d/bottom
@@ -0,0 +1,9 @@
+umount "$ROOT/boot"
+umount "$ROOT"
+
+swapoff /dev/cryptvg/swap
+lvm vgchange -an "cryptvg"
+
+cryptsetup close "vda3_crypt"
+
+# vim: set filetype=sh :
diff --git a/debian/tests/cryptroot-lvm.d/config b/debian/tests/cryptroot-lvm.d/config
new file mode 100644
index 0000000..ac595b0
--- /dev/null
+++ b/debian/tests/cryptroot-lvm.d/config
@@ -0,0 +1,10 @@
+PKGS_EXTRA+=( e2fsprogs ) # for fsck.ext4
+PKGS_EXTRA+=( dbus ) # for systemctl(1)
+PKGS_EXTRA+=( lvm2 )
+PKGS_EXTRA+=( cryptsetup-initramfs cryptsetup-suspend )
+
+QEMU_MEMORY="size=512M"
+GUEST_POWERCYCLE=1 # boot again after hibernation
+DRIVE_SIZES=( "3G" ) # need a big enough swap to accomodate the memory
+
+# vim: set filetype=bash :
diff --git a/debian/tests/cryptroot-lvm.d/mock b/debian/tests/cryptroot-lvm.d/mock
new file mode 100755
index 0000000..f57e42f
--- /dev/null
+++ b/debian/tests/cryptroot-lvm.d/mock
@@ -0,0 +1,49 @@
+#!/usr/bin/perl -T
+
+BEGIN {
+    require "./debian/tests/utils/mock.pm";
+    CryptrootTest::Mock::->import();
+}
+
+my $POWERCYCLE_COUNT = $ARGV[0];
+
+unlock_disk("topsecret");
+
+if ($POWERCYCLE_COUNT == 0) {
+    login("root");
+
+    # make sure the root FS and swap are help by dm-crypt devices
+    shell(q{cryptsetup luksOpen --test-passphrase /dev/vda3 <<<topsecret}, rv => 0);
+    my $out = shell(q{lsblk -in -oNAME,TYPE,MOUNTPOINT /dev/vda3});
+    die unless $out =~ m#^`-vda3_crypt\s+crypt\s*$#m;
+    die unless $out =~ m#^\s{2}[`|]-cryptvg-root\s+lvm\s+/\s*$#m;
+    die unless $out =~ m#^\s{2}[`|]-cryptvg-swap\s+lvm\s+\[SWAP\]\s*$#m;
+
+    # create a stamp in memory, hibernate (suspend on disk) and thaw
+    shell(q{echo hello >/dev/shm/foo.stamp});
+    hibernate();
+}
+else {
+    expect($SERIAL => qr/(?:^|\s)?PM: (?:hibernation: )?hibernation exit\r\n/m);
+    # no need to relogin, we get the shell as we left it
+    shell(q{grep -Fx hello </dev/shm/foo.stamp}, rv => 0);
+
+    # briefly suspend
+    suspend();
+
+    # make sure wakeup yields a cryptsetup prompt
+    wakeup();
+    expect($SERIAL => qr/(?:^|\s)?PM: suspend exit\r\n/m);
+    unlock_disk("topsecret");
+
+    # consume PS1 to make sure we're at a shell prompt
+    expect($CONSOLE => qr/\A $PS1 \z/aamsx);
+    my $out = shell(q{dmsetup info -c --noheadings -omangled_name,suspended --separator ' '});
+    die if grep !/[:[:blank:]]Active$/i, split(/\r?\n/, $out);
+
+    # test I/O on the root file system
+    shell(q{cp -vT /dev/shm/foo.stamp /cryptroot.stamp});
+    shell(q{grep -Fx hello </cryptroot.stamp}, rv => 0);
+
+    QMP::quit();
+}
diff --git a/debian/tests/cryptroot-lvm.d/postinst b/debian/tests/cryptroot-lvm.d/postinst
new file mode 100644
index 0000000..b9ffe35
--- /dev/null
+++ b/debian/tests/cryptroot-lvm.d/postinst
@@ -0,0 +1,17 @@
+mkdir /etc/systemd/system/systemd-suspend.service.d
+cat >/etc/systemd/system/systemd-suspend.service.d/zz-cryptsetup-suspend-mock.conf <<-EOF
+	# override the command and don't call openvt(1) here since VT8 isn't
+	# available from the mocking logic -- we use /dev/console instead
+
+	[Service]
+	StandardInput=tty
+	StandardOutput=inherit
+	StandardError=inherit
+	TTYPath=/dev/console
+	TTYReset=yes
+
+	ExecStart=
+	ExecStart=/lib/cryptsetup/scripts/suspend/cryptsetup-suspend-wrapper
+EOF
+
+# vim: set filetype=sh :
diff --git a/debian/tests/cryptroot-lvm.d/preinst b/debian/tests/cryptroot-lvm.d/preinst
new file mode 100644
index 0000000..650b9b6
--- /dev/null
+++ b/debian/tests/cryptroot-lvm.d/preinst
@@ -0,0 +1,14 @@
+cat >/etc/crypttab <<-EOF
+	vda3_crypt PARTUUID=$(blkid -s PARTUUID -o value /dev/vda3) none luks,discard
+EOF
+
+cat >/etc/fstab <<-EOF
+	/dev/cryptvg/root /    auto errors=remount-ro 0 1
+	/dev/cryptvg/swap none swap sw                0 0
+	UUID=$(blkid -s UUID -o value /dev/vda2) /boot auto defaults 0 2
+EOF
+
+mkdir -p /etc/initramfs-tools/conf.d
+echo "RESUME=/dev/cryptvg/swap" >/etc/initramfs-tools/conf.d/resume
+
+# vim: set filetype=sh :
diff --git a/debian/tests/cryptroot-lvm.d/setup b/debian/tests/cryptroot-lvm.d/setup
new file mode 100644
index 0000000..890bbb6
--- /dev/null
+++ b/debian/tests/cryptroot-lvm.d/setup
@@ -0,0 +1,45 @@
+# Simple LVM-on-LUKS2 layout -- more or less emulates what one gets out
+# of d-i with the "encrypted LVM" partioning method.
+
+# create two new partitions for /boot and LUKS respectively (the first
+# one is always used for BIOS/EFI and never exceeds sector 64*1024*2)
+sfdisk --append /dev/vda <<-EOF
+	unit: sectors
+
+	start=$((64*1024*2)), size=$((128*1024*2)), type=${GUID_TYPE_Linux_FS}
+	start=$(((64+128)*1024*2)), type=${GUID_TYPE_LUKS}
+EOF
+udevadm settle
+
+# initialize a new LUKS partition and open it
+echo -n "topsecret" >/rootfs.key
+cryptsetup luksFormat --batch-mode \
+    --key-file=/rootfs.key \
+    --type=luks2 \
+    --pbkdf=argon2id \
+    --pbkdf-force-iterations=4 \
+    --pbkdf-memory=32 \
+    -- /dev/vda3
+cryptsetup luksOpen --key-file=/rootfs.key --allow-discards \
+    -- /dev/vda3 "vda3_crypt"
+udevadm settle
+
+lvm pvcreate /dev/mapper/vda3_crypt
+lvm vgcreate "cryptvg" /dev/mapper/vda3_crypt
+lvm lvcreate -Zn --size 1024m --name "swap" "cryptvg"
+lvm lvcreate -Zn -l100%FREE --name "root" "cryptvg"
+lvm vgchange -ay "cryptvg"
+lvm vgmknodes
+udevadm settle
+
+mke2fs -Ft ext4 /dev/cryptvg/root
+mount -t ext4 /dev/cryptvg/root "$ROOT"
+
+mkdir "$ROOT/boot"
+mke2fs -Ft ext2 -m0 /dev/vda2
+mount -t ext2 /dev/vda2 "$ROOT/boot"
+
+mkswap /dev/cryptvg/swap
+swapon /dev/cryptvg/swap
+
+# vim: set filetype=sh :