diff options
Diffstat (limited to '')
-rwxr-xr-x | debian/tests/utils/cryptroot-common | 537 | ||||
-rwxr-xr-x | debian/tests/utils/debootstrap | 125 | ||||
-rwxr-xr-x | debian/tests/utils/init | 273 | ||||
-rwxr-xr-x | debian/tests/utils/mkinitramfs | 159 | ||||
-rw-r--r-- | debian/tests/utils/mock.pm | 347 |
5 files changed, 1441 insertions, 0 deletions
diff --git a/debian/tests/utils/cryptroot-common b/debian/tests/utils/cryptroot-common new file mode 100755 index 0000000..a7df37f --- /dev/null +++ b/debian/tests/utils/cryptroot-common @@ -0,0 +1,537 @@ +#!/bin/bash + +# Base test file for cryptroot testing in KVM guests +# +# Copyright © 2021-2022 Guilhem Moulin <guilhem@debian.org> +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +set -eu + +TESTNAME="$(basename -- "$0")" +TESTDIR="$(dirname -- "$0")" +INTERACTIVE="n" # set to "y" to interact with the guest instead of mocking the session +export TESTNAME TESTDIR + +declare -a EXTRA_REPOS=( "$@" ) # blindly append any extra arguments to sources.list +START_TIME="$(printf "%(%s)T")" + +# Try to create /dev/kvm if missing, for instance in a chroot where /dev isn't managed by udev. +# Then we can drop root privileges and run the rest of the script as a normal user +if uid="$(id -u)" && [ $uid -eq 0 ]; then + if [ ! -c /dev/kvm ] && mknod -m0600 /dev/kvm c 10 232; then + echo "INFO: Created character special file /dev/kvm" >&2 + fi + if [ -z "${AUTOPKGTEST_NORMAL_USER-}" ]; then + echo "WARN: \$AUTOPKGTEST_NORMAL_USER is empty or unset, preserving root privileges!" >&2 + else + chown --from="root" -- "$AUTOPKGTEST_NORMAL_USER:" "$AUTOPKGTEST_TMP" + if [ -c /dev/kvm ]; then + if getent group kvm >/dev/null && chgrp -c kvm /dev/kvm; then + # kvm group is created by udev.postinst + chmod -c 0660 /dev/kvm + usermod -a -G kvm -- "$AUTOPKGTEST_NORMAL_USER" + else + chown -c -- "$AUTOPKGTEST_NORMAL_USER" "/dev/kvm" + fi + fi + echo "INFO: Dropping root privileges: re-executing as user '$AUTOPKGTEST_NORMAL_USER'" >&2 + exec runuser -u "$AUTOPKGTEST_NORMAL_USER" -- "$0" "$@" + exit 1 + fi +fi + +set -x +PATH="/usr/bin:/bin" +export PATH + +if [ -t 1 ]; then + # set VT100 autowrap mode (DECAWM) + printf '\033[?7h' +fi + +# get src:cryptsetup current version and distribution +DEB_VERSION="$(dpkg-parsechangelog -SVERSION)" +DEB_DISTRIBUTION="$(dpkg-parsechangelog -SDistribution)" +DEB_BUILD_ARCHITECTURE="$(dpkg-architecture -qDEB_BUILD_ARCH)" +DEB_BUILD_ARCH_BITS="$(dpkg-architecture -qDEB_BUILD_ARCH_BITS)" +if [ "$DEB_DISTRIBUTION" = "UNRELEASED" ]; then + # take Distribution from the previous entry instead + DEB_DISTRIBUTION="$(dpkg-parsechangelog -o1 -c1 -SDistribution)" || DEB_DISTRIBUTION="unstable" + echo "WARN: Using Distribution: $DEB_DISTRIBUTION instead of UNRELEASED" >&2 +fi + +# determine suitable values for the APT repository Origin (for +# autopkgtests) and URI (used outside autopkgtests) fields +load_os_release() { + local os_release # see os-release(5) + [ -e "/etc/os-release" ] && os_release="/etc/os-release" || os_release="/usr/lib/os-release" + . "$os_release" +} +case "${DISTRIBUTOR_ID:="$(load_os_release && printf "%s" "${ID,,[A-Z]}")"}" in + debian) APT_REPO_ORIGIN="Debian"; APT_REPO_URI="http://deb.debian.org/debian";; + # suitable values for derivative can be added here + *) echo "ERROR: Unknown distributor ID '$DISTRIBUTOR_ID', can't extract APT origin" >&2; + exit 1;; +esac + +# QEMU command and default options +unset QEMU_MACHINE_TYPE QEMU_ACCEL QEMU_CPU_MODEL QEMU_SMP QEMU_MEMORY BOOT +if [ -c /dev/kvm ] && dd if=/dev/kvm count=0 status=none; then + QEMU_ACCEL="kvm" +else + echo "WARN: KVM is not available, guests will be slow!" >&2 +fi +case "$DEB_BUILD_ARCHITECTURE" in + # see `kvm -machine help` and `kvm -cpu help` + amd64|i386) + BOOT="bios" + if [ "$DEB_BUILD_ARCHITECTURE" = "amd64" ]; then + QEMU_SYSTEM_CMD="qemu-system-x86_64" + else + QEMU_SYSTEM_CMD="qemu-system-$DEB_BUILD_ARCHITECTURE" + fi + QEMU_MACHINE_TYPE="q35" + if [ "${QEMU_ACCEL-}" = "kvm" ]; then + QEMU_CPU_MODEL="kvm$DEB_BUILD_ARCH_BITS,+aes,+sha-ni" + else + QEMU_CPU_MODEL="qemu$DEB_BUILD_ARCH_BITS,-svm,-vmx" + fi + ;; + arm64) + BOOT="efi" + QEMU_SYSTEM_CMD="qemu-system-aarch64" + QEMU_MACHINE_TYPE="virt" + QEMU_CPU_MODEL="cortex-a72" + ;; + armhf) + BOOT="efi" + QEMU_SYSTEM_CMD="qemu-system-arm" + QEMU_MACHINE_TYPE="virt" + QEMU_CPU_MODEL="cortex-a15" + ;; + *) echo "ERROR: Unknown architecture $DEB_BUILD_ARCHITECTURE" >&2; exit 1;; +esac + +if ! command -v "$QEMU_SYSTEM_CMD" >/dev/null; then + echo "ERROR: Couldn't find $QEMU_SYSTEM_CMD in PATH" >&2 + exit 1 +fi + +CPU_COUNT="$(getconf _NPROCESSORS_ONLN)" && [ -n "$CPU_COUNT" ] || CPU_COUNT=0 +if [ $CPU_COUNT -ge 8 ]; then + QEMU_SMP="cpus=4" +elif [ $CPU_COUNT -ge 4 ]; then + QEMU_SMP="cpus=2" +else + QEMU_SMP="cpus=1" +fi + +MEM_AVAIL="$(awk '/MemAvailable/ { printf "%.0f \n", $2/1024^2 }' </proc/meminfo)" && [ -n "$MEM_AVAIL" ] || MEM_AVAIL=0 +if [ $MEM_AVAIL -gt 2 ] && [ $DEB_BUILD_ARCH_BITS -gt 32 ]; then + QEMU_MEMORY="size=2G" +else + QEMU_MEMORY="size=1G" +fi + +# number of times to powercycle the guest +GUEST_POWERCYCLE=0 + +# kernel flavor +case "$DEB_BUILD_ARCHITECTURE" in + # see `ssh $porterbox.debian.org uname -r` + amd64) KERNEL_ARCH="amd64";; + arm64) KERNEL_ARCH="arm64";; + armhf) KERNEL_ARCH="armmp-lpae";; + i386) KERNEL_ARCH="686-pae";; + *) echo "ERROR: Unknown architecture $DEB_BUILD_ARCHITECTURE" >&2; exit 1;; +esac + +# at the very least we need a boot loader, a kernel, and an init system +case "$BOOT" in + bios) PKG_BOOTLOADER="grub-pc";; + efi) PKG_BOOTLOADER="grub-efi";; + *) echo "ERROR unknown boot method '$BOOT'" >&2; exit 1;; +esac +PKG_KERNEL="linux-image-$KERNEL_ARCH" +PKG_INIT="systemd-sysv" # default pid1 +MERGED_USR="" # use default layout for the target version +declare -a PKGS_EXTRA=() DRIVE_SIZES=( "2G" ) +PKGS_EXTRA+=( "zstd" ) # default initrd compression, see #976054 + +if [ -f "$TESTDIR/$TESTNAME.d/config" ]; then + . "$TESTDIR/$TESTNAME.d/config" || exit 1 +fi + +if [ -n "${AUTOPKGTEST_TMP+x}" ] || [ ! -t 0 ] || [ ! -t 1 ]; then + INTERACTIVE="n" +fi + +unset EFI_CODE EFI_VARS +if [ "$BOOT" = "efi" ]; then + case "$DEB_BUILD_ARCHITECTURE" in + amd64|i386) + efi_fw_pkg="ovmf" + EFI_CODE="/usr/share/OVMF/OVMF_CODE.fd" + EFI_VARS="/usr/share/OVMF/OVMF_VARS.fd" + ;; + arm64) + efi_fw_pkg="qemu-efi-aarch64" + EFI_CODE="/usr/share/AAVMF/AAVMF_CODE.fd" + EFI_VARS="/usr/share/AAVMF/AAVMF_VARS.fd" + ;; + armhf) + efi_fw_pkg="qemu-efi-arm" + EFI_CODE="/usr/share/AAVMF/AAVMF32_CODE.fd" + EFI_VARS="/usr/share/AAVMF/AAVMF32_VARS.fd" + ;; + *) echo "ERROR: Unknown architecture $DEB_BUILD_ARCHITECTURE for EFI boot" >&2; exit 1;; + esac + for p in "$EFI_CODE" "$EFI_VARS"; do + if [ ! -f "$p" ]; then + echo "Couldn't find $p, is the '$efi_fw_pkg' package installed?" >&2 + exit 1 + fi + done +fi + +case "${DEB_DISTRIBUTION%%-*}" in + etch|lenny|squeeze|wheezy|jessie|stretch|buster|bullseye) + if [ -z "$MERGED_USR" ]; then + MERGED_USR="no" + fi + ;; + *) if [ -z "$MERGED_USR" ]; then + MERGED_USR="yes" + elif [ "$MERGED_USR" = "no" ]; then + # #978636: Debian 12 (codename Bookworm) should only support merged-/usr layout + echo "WARN: this system is not supported! (unmerged-/usr)" >&2 + fi + ;; +esac + +# pin versions for all packages in PKGS_EXTRA that are part of this source package +declare -a MYPKGS +MYPKGS=( $(sed -nr 's/^Package:\s*//Ip' debian/control) ) +for i in "${!PKGS_EXTRA[@]}"; do + [ "${PKGS_EXTRA[i]%[=/]*}" = "${PKGS_EXTRA[i]}" ] || continue + for mypkg in "${MYPKGS[@]}"; do + if [ "${PKGS_EXTRA[i]}" = "$mypkg" ]; then + PKGS_EXTRA[i]="${PKGS_EXTRA[i]}=$DEB_VERSION" + fi + done +done + +unset QEMU_PID +TEMPDIR="$(mktemp --tmpdir="${AUTOPKGTEST_TMP:-"${TMPDIR:-/tmp}"}" --directory "$TESTNAME.XXXXXXXXXX")" +teardown() { + local rv=$? ts + if [ -n "${QEMU_PID+x}" ]; then + kill $QEMU_PID || true + fi + rm -rf -- "$TEMPDIR" + trap - EXIT + + # try to fix terminal + [ ! -t 1 ] || printf '\033[?7h' + + ts="$(printf "%(%s)T")" + rv=${1-$rv} + printf "Result for test '%s': exit status %s, runtime %d seconds\\n" "$TESTNAME" $rv $((ts - START_TIME)) + + exit $rv +} +trap "teardown" EXIT +trap "teardown 1" INT TERM + +# set up APT for the testbed +setup_apt() { + # we need a new cache to reliably determine essential and extra packages + APT_CACHE="$TEMPDIR/apt/cache" + APT_LISTS="$TEMPDIR/apt/lists" + mkdir -- "$TEMPDIR/apt" "$APT_CACHE" "$APT_LISTS" + ln -s "cache/archives" "$TEMPDIR/apt/pool" + touch "$TEMPDIR/apt/status" + + if [ -n "${AUTOPKGTEST_TMP-}" ]; then + # reuse existing sources.list + apt-get indextargets \ + --format "\$(TARGET_OF) \$(REPO_URI) \$(RELEASE) \$(COMPONENT)" \ + "Target-Of: deb" "Identifier: Packages" "Origin: $APT_REPO_ORIGIN" \ + >"$TEMPDIR/apt/sources.list" + # local autopkgtest repo has Repo-URI: file:/tmp/autopkgtest.XXXXXX/binaries/ , + # Release: (empty) and no Component: + apt-get indextargets \ + --format "\$(TARGET_OF) \$(REPO_URI) /" \ + "Target-Of: deb" "Identifier: Packages" "Trusted: Yes" "Release: " \ + >>"$TEMPDIR/apt/sources.list" + else + # generate new sources.list + case "$DEB_DISTRIBUTION" in + experimental) cat <<-EOF + deb $APT_REPO_URI unstable main + deb $APT_REPO_URI experimental main + EOF + ;; + *-security) cat <<-EOF + deb $APT_REPO_URI ${DEB_DISTRIBUTION%-security} main + deb $APT_REPO_URI-security $DEB_DISTRIBUTION main + EOF + ;; + *-*) cat <<-EOF + deb $APT_REPO_URI ${DEB_DISTRIBUTION%%-*} main + deb $APT_REPO_URI $DEB_DISTRIBUTION main + EOF + ;; + *) cat <<-EOF + deb $APT_REPO_URI $DEB_DISTRIBUTION main + EOF + ;; + esac >"$TEMPDIR/apt/sources.list" + fi + + local apt_repo + for apt_repo in "${EXTRA_REPOS[@]}"; do + printf "%s\\n" "$apt_repo" >>"$TEMPDIR/apt/sources.list" + done + + # replace file: URIs with copy: as we rely on --download-only copying .deb files to APT's cache + sed -ri 's/^(deb\S*)\s+\[([^]]+)\]\s+file:/\1 [\2,trusted=yes] copy:/; + s/^(deb\S*)\s+file:/\1 [trusted=yes] copy:/' \ + -- "$TEMPDIR/apt/sources.list" + + apt-update +} + +# wrapper arround `apt-get install --download-only` +# (we don't use `--print-uris` since it doesn't include what's been +# included already) +apt-download() { + _apt get install --download-only "$@" +} +apt-update() { + _apt get -o Acquire::Languages="none" update +} +apt-show() { + _apt cache show "$@" +} +_apt() { + local cmd="$1" + shift + env -i DEBIAN_FRONTEND="noninteractive" \ + "apt-$cmd" \ + -o APT::Architecture="$DEB_BUILD_ARCHITECTURE" \ + -o APT::Architectures="$DEB_BUILD_ARCHITECTURE" \ + -o APT::Get::Assume-Yes=true \ + -o APT::Install-Recommends=false \ + -o Dir::Cache="$APT_CACHE" \ + -o Dir::Etc::SourceList="$TEMPDIR/apt/sources.list" \ + -o Dir::Etc::SourceParts="" \ + -o Dir::State::Lists="$APT_LISTS" \ + -o Dir::State::Status="$TEMPDIR/apt/status" \ + ${AUTOPKGTEST_TMP+-o Dir::Etc::Preferences="/etc/apt/preferences" -o Dir::Etc::PreferencesParts="/etc/apt/preferences.d/"} \ + "$@" +} + + +# create a disk image with essential and extra packages +create_debian_img() { + local img="$1" dir size deb usr_is_merged + + dir="$(mktemp --tmpdir="$TEMPDIR" --directory debian.XXXXXXXXXX)" + mkdir -- "$dir/dists" "$dir/pool" + + # TODO remove this once Bookworm is released, assuming + # init-system-helpers no longer has "Depends: usrmerge | usr-is-merged" + [ "$MERGED_USR" = "yes" ] && usr_is_merged="usr-is-merged" || usr_is_merged="" + + # apt considers itself essential so we explicitely exclude it for stage1 + mkdir -- "$dir/__stage1__" + apt-download -- "?and(?essential, ?not(?exact-name(apt)))" ${usr_is_merged:+"$usr_is_merged"} + for deb in "$APT_CACHE"/archives/*.deb; do + ln -sT "../pool/${deb##*/}" "$dir/__stage1__/${deb##*/}" + done + + # useless for stage1 + rm -f "$dir"/__stage1__/usr-is-merged_*.deb "$dir"/__stage1__/usrmerge_*.deb + + mkdir -- "$dir/__essential__" + apt-download -- "?essential" "apt" ${usr_is_merged:+"$usr_is_merged"} + for deb in "$APT_CACHE"/archives/*.deb; do + ln -sT "../pool/${deb##*/}" "$dir/__essential__/${deb##*/}" + done + + makedist "$dir" + extract_kernel "$TEMPDIR/linux-image" + + # for `dpkg --update-avail` + ( cd "$dir/__essential__" && dpkg-scanpackages . >./Packages ) + + size="$(du -sb -- "$dir")" + size=$(( ${size%%[!0-9]*} / 1000 )) # approx 97% (1000/1024) full + genext2fs -qm0 -B 1024 -b "$size" -d "$dir" -L "debian_dist" "$img" + rm -rf -- "$dir" +} +makedist() { + local basedir="$1" + local distdir="$basedir/dists" + apt-download -- "?essential" "apt" ${usr_is_merged:+"$usr_is_merged"} \ + "$PKG_BOOTLOADER" "$PKG_KERNEL" "$PKG_INIT" \ + "${PKGS_EXTRA[@]}" + rm -f -- "$APT_CACHE/archives/$PKG_KERNEL"_*.deb # remove the generic .deb (only keep its dependency with versioned ABI) + for deb in "$APT_CACHE"/archives/*.deb; do + # assume no file conflicts and override existing .debs + ln -ft "$basedir/pool" -- "$deb" + done + ( cd "$APT_CACHE" && dpkg-scanpackages ../pool >"$distdir/Packages" ) +} + +# extract kernel to $TEMPDIR/linux-image and sets KERNEL_VERSION +extract_kernel() { + local destdir="$1" deb_version_regex kernel_deb_regex + deb_version_regex="[0-9][A-Za-z0-9.+:~-]*" # per deb-version(7) + # we use may a kernel version other than what we're running, however the arch much be the same + kernel_deb_regex="linux-image-[0-9][a-z0-9.+-]*-${KERNEL_ARCH}_${deb_version_regex}_${DEB_BUILD_ARCHITECTURE}.deb" + KERNEL_DEB="$(find -P "$APT_CACHE/archives" -mindepth 1 -maxdepth 1 \ + -regextype egrep -regex ".*/$kernel_deb_regex" -type f -printf "%P\\n" | \ + sort -Vt_ -k2 | tail -n1)" + KERNEL_VERSION="${KERNEL_DEB#linux-image-*}" + KERNEL_VERSION="${KERNEL_VERSION%%_*}" + + # extract the kernel of the .deb we downloaded + if [ ! -f "$APT_CACHE/archives/$KERNEL_DEB" ]; then + echo "ERROR: Couldn't find .deb for target kernel $KERNEL_VERSION" >&2 + exit 1 + fi + + mkdir "$destdir" + dpkg-deb --fsys-tarfile "$APT_CACHE/archives/$KERNEL_DEB" | tar -C "$destdir" -xf- \ + "./boot/vmlinuz-$KERNEL_VERSION" \ + "./lib/modules/$KERNEL_VERSION" + ln -T -- "$destdir/boot/vmlinuz-$KERNEL_VERSION" "$TEMPDIR/vmlinuz-$KERNEL_VERSION" +} + +# make sure the desired version of the package is available in the testbed +setup_apt +if ! apt-show "cryptsetup-bin=$DEB_VERSION" >"$TEMPDIR/out" || [ ! -s "$TEMPDIR/out" ]; then + apt-show -a "cryptsetup-bin" || true + echo "ERROR: Cannot find version $DEB_VERSION of package cryptsetup-bin" >&2 + exit 1 +fi + +DEBIAN_IMG="$TEMPDIR/$DEB_DISTRIBUTION-$DEB_BUILD_ARCHITECTURE.img" +create_debian_img "$DEBIAN_IMG" + +case "$DEB_BUILD_ARCHITECTURE" in + arm64|armhf) CONSOLE="ttyAMA0";; + *) CONSOLE="ttyS0";; +esac + +env PACKAGES="$PKG_BOOTLOADER linux-image-$KERNEL_VERSION $PKG_INIT ${PKGS_EXTRA[*]}" \ + BOOT="$BOOT" \ + CONSOLE="$CONSOLE" \ + ARCH="$DEB_BUILD_ARCHITECTURE" \ + MERGED_USR="$MERGED_USR" \ + "$TESTDIR/utils/mkinitramfs" "$TEMPDIR/linux-image" "$KERNEL_VERSION" "$TEMPDIR/initrd.img-$KERNEL_VERSION" +rm -rf -- "$TEMPDIR/apt" "$TEMPDIR/linux-image" # don't need that anymore + +declare -a QEMU_COMMON_ARGS=( + -no-user-config + -nodefaults + -name "autopkgtest-cryptsetup-$TESTNAME" + -machine "${QEMU_MACHINE_TYPE:+"type=$QEMU_MACHINE_TYPE,"}${QEMU_ACCEL:+"accel=$QEMU_ACCEL,"}graphics=off" + ${QEMU_CPU_MODEL:+-cpu "$QEMU_CPU_MODEL"} + ${QEMU_SMP:+-smp "$QEMU_SMP"} + ${QEMU_MEMORY:+-m "$QEMU_MEMORY"} + -vga none + -display none + -object "rng-random,id=rng0,filename=/dev/urandom" -device "virtio-rng-pci,rng=rng0" + -boot "order=c,strict=on" +) + +for ((i=0; i < ${#DRIVE_SIZES[@]}; i++)); do + drive_img="$TEMPDIR/drive$i.img" + fallocate -l "${DRIVE_SIZES[i]}" "$drive_img" + QEMU_COMMON_ARGS+=( + -drive "file=$drive_img,format=raw,cache=unsafe,if=virtio,index=$i,media=disk" + ) +done + +if [ "$BOOT" = "efi" ]; then + # $EFI_VARS needs to be writable so guests can update their variables + install -Tm0644 -- "$EFI_VARS" "$TEMPDIR/efivars.fd" + QEMU_COMMON_ARGS+=( + -drive "file=$EFI_CODE,format=raw,if=pflash,unit=0,read-only=on" + -drive "file=$TEMPDIR/efivars.fd,format=raw,if=pflash,unit=1" + ) +fi + +LOGDIR="$TEMPDIR" +SOCKETDIR="$TEMPDIR" +if [ "$INTERACTIVE" != "y" ]; then + QEMU_COMMON_ARGS+=( + -device "virtio-serial" + -chardev "socket,id=hvc0,path=$SOCKETDIR/hvc0,server=on,wait=off,logfile=$LOGDIR/hvc0.log,logappend=on" + -device "virtconsole,chardev=hvc0" + ) +fi + +declare QEMU_STDIO_ARGS=( + # setup is always fully unattended + -chardev "stdio,id=char0,mux=on,logfile=$LOGDIR/qemu.log,logappend=on" + -serial "chardev:char0" + -mon "chardev=char0,mode=readline" +) +if [ "$INTERACTIVE" != "y" ] || [ -n "${AUTOPKGTEST_TMP+x}" ]; then + # XXX if KVM is detected we could reduce the timeout to 300s or so + QEMU_TIMEOUT="y" + exec </dev/null +else + QEMU_TIMEOUT="" +fi + +QEMU_DEBIANIMG_DRIVE="file=$DEBIAN_IMG,format=raw,if=virtio,readonly=on,media=cdrom" +${QEMU_TIMEOUT:+timeout 3600s} "$QEMU_SYSTEM_CMD" \ + "${QEMU_COMMON_ARGS[@]}" "${QEMU_STDIO_ARGS[@]}" \ + -drive "$QEMU_DEBIANIMG_DRIVE" \ + -kernel "$TEMPDIR/vmlinuz-$KERNEL_VERSION" \ + -append "console=$CONSOLE,115200n8" \ + -initrd "$TEMPDIR/initrd.img-$KERNEL_VERSION" \ + || exit $? + +if [ "$INTERACTIVE" = "y" ]; then + for ((i=0; i <= GUEST_POWERCYCLE; i++)); do + "$QEMU_SYSTEM_CMD" \ + "${QEMU_COMMON_ARGS[@]}" "${QEMU_STDIO_ARGS[@]}" \ + -netdev "user,id=net0" -device "virtio-net-pci,netdev=net0" + done +else + for ((i=0; i <= GUEST_POWERCYCLE; i++)); do + ${QEMU_TIMEOUT:+timeout 900s} "$QEMU_SYSTEM_CMD" \ + "${QEMU_COMMON_ARGS[@]}" \ + -chardev "socket,id=mon0,path=$SOCKETDIR/mon0,server=on,wait=off,logfile=$LOGDIR/mon0.log,logappend=on" \ + -mon "chardev=mon0,mode=control" \ + -chardev "socket,id=ttyS0,path=$SOCKETDIR/ttyS0,server=on,wait=on,logfile=$LOGDIR/ttyS0.log,logappend=on" \ + -serial "chardev:ttyS0" \ + & + QEMU_PID=$! + "$TESTDIR/$TESTNAME.d/mock" "$i" "$SOCKETDIR" || exit 1 + wait $QEMU_PID && rv=0 || rv=$? + unset QEMU_PID + [ $rv -eq 0 ] || exit $rv + done +fi + +echo "PASSED" +exit 0 diff --git a/debian/tests/utils/debootstrap b/debian/tests/utils/debootstrap new file mode 100755 index 0000000..258be5a --- /dev/null +++ b/debian/tests/utils/debootstrap @@ -0,0 +1,125 @@ +#!/bin/sh + +# Debootstrap a target system +# +# Copyright © 2021-2022 Guilhem Moulin <guilhem@debian.org> +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +set -eu +PATH="/usr/sbin:/usr/bin:/sbin:/bin" +export PATH + +ESSENTIAL="/media/__essential__" +TEMPDIR="$(mktemp --tmpdir --directory "debootstrap.XXXXXXXXXX")" +trap "rm -rf -- \"$TEMPDIR\"" EXIT INT TERM + +sed -rn "/^Package:\\s*/I {s///;s/$/ install/p}" "$ESSENTIAL/Packages" >"$TEMPDIR/Packages.sel" + +install -m0644 /dev/null "/var/lib/dpkg/status" +dpkg --update-avail "$ESSENTIAL/Packages" +dpkg --set-selections <"$TEMPDIR/Packages.sel" + +mkdir -- "$TEMPDIR/dpkg" +mkdir -- "$TEMPDIR/dpkg/files" "$TEMPDIR/dpkg/depends" "$TEMPDIR/dpkg/pre-depends" + +# extract metadata (package names, file names, Depends and Pre-Depends +# for easier processing) +for deb in "$ESSENTIAL"/*.deb; do + pkg=$(dpkg-deb --show --showformat="\${Package}" "$deb") + case "$pkg" in + # special case: base-files Pre-Depends on awk but we only have mawk (or gawk) + mawk|gawk) pkg="awk";; + esac + printf "%s\\n" "$pkg" >>"$TEMPDIR/dpkg/avail" + printf "%s\\n" "$deb" >"$TEMPDIR/dpkg/files/$pkg" + dpkg-deb --show --showformat="\${Pre-Depends}\\n" "$deb" >"$TEMPDIR/predeps" + dpkg-deb --show --showformat="\${Depends}\\n" "$deb" >"$TEMPDIR/deps" + sed -ri "s/,\\s*/\\n/g" -- "$TEMPDIR/predeps" "$TEMPDIR/deps" + sed -i "s/[[:blank:]:].*//; /^[[:blank:]]*$/d" -- "$TEMPDIR/predeps" "$TEMPDIR/deps" + mv -T -- "$TEMPDIR/predeps" "$TEMPDIR/dpkg/pre-depends/$pkg" + mv -T -- "$TEMPDIR/deps" "$TEMPDIR/dpkg/depends/$pkg" +done + +if [ -L /bin ] && [ -L /sbin ] && [ -L /lib ]; then + # TODO remove this once Bookworm is released, assuming + # init-system-helpers no longer has "Depends: usrmerge | usr-is-merged" + sed -i "s/^usrmerge$/usr-is-merged/" -- "$TEMPDIR/dpkg/depends/init-system-helpers" +fi + +# recursively append dependencies to $OUT; abort and return 1 if one of +# the (recursive) dependency has an unsatisfied Pre-Depends +resolve_deps() { + local pkg="$1" dep + while read -r dep; do + if grep -Fxq -e "$dep" <"$TEMPDIR/dpkg/avail"; then + # $pkg has an unsatisfied Pre-Depends, can't proceed further + return 1 + fi + done <"$TEMPDIR/dpkg/pre-depends/$pkg" + while read -r dep; do + if grep -Fxq -e "$dep" <"$TEMPDIR/dpkg/avail" && ! grep -Fxq -e "$dep" <"$OUT"; then # break cycles + printf "%s\\n" "$dep" >>"$OUT" + resolve_deps "$dep" || return $? + fi + done <"$TEMPDIR/dpkg/depends/$pkg" + return 0 +} + +# dump to $OUT a list of packages that can be installed (only packages +# without unsatisfied pre-dependencies, and typically packages that are +# pre-dependencies of other packages) -- using `dpkg --predep-package` +# would be convenient but it doesn't work with recursive dependencies, +# cf. #539133 +can_install_next() { + local pkg + while read -r pkg; do + printf "%s\\n" "$pkg" >"$OUT" + if resolve_deps "$pkg"; then + return 0 + fi + done <"$TEMPDIR/dpkg/avail" + + echo "PANIC: No remaining dependencies are satisfiable!" >&2 + cat <"$TEMPDIR/dpkg/avail" >&2 + exit 1 +} + +# keep going until all available packages are installed +OUT="$TEMPDIR/pkg.list" +XARGS_IN="$TEMPDIR/deb.list" +while [ -s "$TEMPDIR/dpkg/avail" ]; do + can_install_next || exit 1 + + echo -n ">>> Installing: " >&2 + paste -sd" " <"$OUT" >&2 + + while read -r pkg; do + cat "$TEMPDIR/dpkg/files/$pkg" + done <"$OUT" >"$XARGS_IN" + xargs -a"$XARGS_IN" -d"\\n" dpkg -i + + grep -Fx -vf "$OUT" <"$TEMPDIR/dpkg/avail" >"$TEMPDIR/dpkg/avail.new" || true + mv -T -- "$TEMPDIR/dpkg/avail.new" "$TEMPDIR/dpkg/avail" +done + +echo apt apt >/var/lib/dpkg/cmethopt +echo "deb [trusted=yes] file:/media/dists /" >/etc/apt/sources.list +cat >/etc/apt/apt.conf.d/99debootstrap <<-EOF + Acquire::Languages "none"; + APT::Install-Recommends "false"; + APT::Install-Suggests "false"; +EOF + +apt-get -oAcquire::Languages="none" -oAPT::Sandbox::User="root" -qq update diff --git a/debian/tests/utils/init b/debian/tests/utils/init new file mode 100755 index 0000000..331cd6f --- /dev/null +++ b/debian/tests/utils/init @@ -0,0 +1,273 @@ +#!/bin/sh + +# PID1 at initramfs stage +# +# Copyright © 2021-2022 Guilhem Moulin <guilhem@debian.org> +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +set -eux +PATH="/usr/sbin:/usr/bin:/sbin:/bin" +export PATH + +trap "echo \"ALERT! Couldn't setup system, dropping to a shell.\" >&2; sh -i" 0 + +# set VT100 autowrap mode again (QEMU might mess the terminal up) +printf '\033[?7h' + +mount -t devtmpfs -o noexec,nosuid,mode=0755 udev /dev + +mkdir /dev/pts /proc /run /sys +mount -t devpts -o noexec,nosuid,gid=5,mode=0620 devpts /dev/pts +mount -t proc -o nodev,noexec,nosuid proc /proc +mount -t tmpfs -o nodev,noexec,nosuid,size=5%,mode=0755 tmpfs /run +mount -t sysfs -o nodev,noexec,nosuid sysfs /sys + +modprobe virtio_rng # /dev/hwrng (avoid entropy starvation) +modprobe virtio_pci +modprobe virtio_blk # /dev/vd[a-z] +modprobe virtio_console # /dev/hvc[0-7] + +# start udevd +/lib/systemd/systemd-udevd --daemon +udevadm trigger --type=subsystems --action=add +udevadm trigger --type=devices --action=add +udevadm settle + +. /init.conf + +# https://en.wikipedia.org/wiki/GUID_Partition_Table#Partition_type_GUIDs +GUID_TYPE_MBR="024DEE41-33E7-11D3-9D69-0008C781F39F" # MBR partition scheme +GUID_TYPE_EFI="C12A7328-F81F-11D2-BA4B-00A0C93EC93B" # EFI boot partition +GUID_TYPE_BIOS_boot="21686148-6449-6E6F-744E-656564454649" # BIOS boot partition +GUID_TYPE_Linux_FS="0FC63DAF-8483-4772-8E79-3D69D8477DE4" # Linux filesystem data +GUID_TYPE_LUKS="CA7D7CCB-63ED-4C53-861C-1742536059CC" # LUKS partition +GUID_TYPE_DMCRYPT="7FFEC5C9-2D00-49B7-8941-3EA10A5586B7" # Plain dm-crypt partition +GUID_TYPE_LVM="E6D6D379-F507-44C2-A23C-238F2A3DF928" # Logical Volume Manager partition +GUID_TYPE_RAID="A19D880F-05FC-4D3B-A006-743F0F84911E" # RAID partition + +if [ "$BOOT" = "bios" ]; then + BOOT_PARTITION_SIZE=2 + BOOT_PARTITION_TYPE="$GUID_TYPE_BIOS_boot" +elif [ "$BOOT" = "efi" ]; then + BOOT_PARTITION_SIZE=63 + BOOT_PARTITION_TYPE="$GUID_TYPE_EFI" +else + echo "ERROR unknown boot method '$BOOT'" >&2 + exit 1 +fi + +# format the target disk and create a BIOS/EFI partition +sfdisk /dev/vda <<-EOF + label: gpt + unit: sectors + + start=$((1024*2)), size=$((BOOT_PARTITION_SIZE*1024*2)), type=$BOOT_PARTITION_TYPE +EOF +udevadm settle + +ROOT="/target" +mkdir -m0755 "$ROOT" +# /init.setup is expected to create the root filesystem of the target +# system and mount it (alongside other filesystems) on $ROOT +. /init.setup +udevadm settle + +# inspired by debootstrap's /usr/share/debootstrap/functions +if [ "$MERGED_USR" = "yes" ]; then + case "$ARCH" in + amd64) libdir="lib32 lib64 libx32";; + i386) libdir="lib64 libx32";; + mips|mipsel) libdir="lib32 lib64";; + mips64*|mipsn32*) libdir="lib32 lib64 libo32";; + loongarch64*) libdir="lib32 lib64";; + powerpc) libdir="lib64";; + ppc64) libdir="lib32 lib64";; + ppc64el) libdir="lib64";; + s390x) libdir="lib32";; + sparc) libdir="lib64";; + sparc64) libdir="lib32 lib64";; + x32) libdir="lib32 lib64 libx32";; + *) libdir="";; + esac + for dir in bin sbin lib $libdir; do + ln -s "usr/$dir" "$ROOT/$dir" + mkdir -p "$ROOT/usr/$dir" + done +fi + +mkdir /media +DEBIAN_DIST="$(blkid -l -t LABEL="debian_dist" -o device)" +mount -t ext2 -o ro "$DEBIAN_DIST" /media +for pkg in /media/__stage1__/*.deb; do + dpkg-deb --fsys-tarfile "$pkg" | tar -C "$ROOT" -xf - --keep-directory-symlink +done + +# setup hosts(5) and hostname(5) +echo "$HOSTNAME" >"$ROOT/etc/hostname" +echo "127.0.0.1 localhost $HOSTNAME" >"$ROOT/etc/hosts" + +# EFI +if [ "$BOOT" = "efi" ]; then + modprobe efivarfs + mount -t efivarfs efivarfs /sys/firmware/efi/efivars + + mkfs.vfat -F 32 /dev/vda1 + mkdir "$ROOT/boot/efi" + mount -t vfat /dev/vda1 "$ROOT/boot/efi" + + cat >>"$ROOT/etc/fstab" <<-EOF + UUID=$(blkid -s UUID -o value /dev/vda1) /boot/efi auto defaults 0 2 + EOF +fi + +# bind mount pseudo and temporary filesystems to "$ROOT" +mount -no bind /dev "$ROOT/dev" +mount -no bind /proc "$ROOT/proc" +mount -no bind /sys "$ROOT/sys" +mount -t tmpfs -o nodev,noexec,nosuid,size=5%,mode=0755 tmpfs "$ROOT/run" + +# prevent any services from starting during package installation, taken +# from debootstrap(8) +cat >"$ROOT/usr/sbin/policy-rc.d" <<-EOF + #!/bin/sh + exit 101 +EOF +chmod +x "$ROOT/usr/sbin/policy-rc.d" + +mv "$ROOT/sbin/start-stop-daemon" "$ROOT/sbin/start-stop-daemon.REAL" +cat >"$ROOT/sbin/start-stop-daemon" <<-EOF + #!/bin/sh + echo + echo "Warning: Fake start-stop-daemon called, doing nothing" +EOF +chmod +x "$ROOT/usr/sbin/policy-rc.d" "$ROOT/sbin/start-stop-daemon" + +DEBIAN_FRONTEND="noninteractive" +DEBCONF_NONINTERACTIVE_SEEN="true" +export DEBIAN_FRONTEND DEBCONF_NONINTERACTIVE_SEEN + +# debootstrap the target system +mkdir "$ROOT/media" +mount -no move /media "$ROOT/media" +cp -p /debootstrap "$ROOT/debootstrap" +chroot "$ROOT" /debootstrap +rm -f "$ROOT/debootstrap" + +# use MODULES=dep (if it works with fewer modules then it also works +# with the default MODULES=most) +mkdir -p "$ROOT/etc/initramfs-tools/conf.d" +echo "MODULES=dep" >"$ROOT/etc/initramfs-tools/conf.d/modules" + +cp /init.preinst "$ROOT/init.preinst" +chroot "$ROOT" /bin/sh -eux /init.preinst +rm -f "$ROOT/init.preinst" +udevadm settle + +# install extra packages +chroot "$ROOT" apt-get -oAPT::Sandbox::User="root" install --yes $PACKAGES +rm -f "$ROOT/etc/apt/sources.list" + +# configure and install GRUB +cat >"$ROOT/etc/default/grub" <<-EOF + GRUB_DEFAULT=0 + GRUB_TIMEOUT=0 + GRUB_CMDLINE_LINUX_DEFAULT="" + GRUB_CMDLINE_LINUX="console=$CONSOLE,115200n8" + GRUB_DISABLE_RECOVERY=true + GRUB_TERMINAL="console serial" + GRUB_SERIAL_COMMAND="serial --speed=115200" +EOF +chroot "$ROOT" grub-install --no-floppy --modules=part_gpt /dev/vda +chroot "$ROOT" update-grub + +chroot "$ROOT" passwd --delete root # make root account passwordless + +# show some system info right after login to ease troubleshooting +cat >"$ROOT/root/.profile" <<-EOF + run_verbose() { + printf "\\\`%s\\\` output:\\\\n" "\$*" + "\$@" + } + stty cols 150 + run_verbose dmsetup table + run_verbose lsblk + run_verbose df -h +EOF + +cat >"$ROOT/root/.inputrc" <<-EOF + # disabled bracketed paste mode + set enable-bracketed-paste off +EOF + +if [ -d "$ROOT/etc/systemd/system" ]; then + # systemd + if [ -c "$ROOT/dev/hvc0" ]; then + # serial-getty@ttyS0.service is automatically enabled due to the console= kernel parameter + ln -s "/dev/null" "$ROOT/etc/systemd/system/serial-getty@ttyS0.service" + ln -s "/lib/systemd/system/serial-getty@.service" \ + "$ROOT/etc/systemd/system/getty.target.wants/serial-getty@hvc0.service" + fi + + # mask all timer units + for t in "$ROOT"/lib/systemd/system/*.timer; do + test -f "$t" || continue + ln -s "/dev/null" "$ROOT/etc/systemd/system/${t##*/}" + done + + # mask systemd-firstboot.service + ln -s "/dev/null" "/root/etc/systemd/system/systemd-firstboot.service" +fi + +if [ -f "$ROOT/etc/inittab" ]; then + # sysvinit + if [ -c "$ROOT/dev/hvc0" ]; then + echo "h0:2345:respawn:/sbin/agetty -8 -L 115200 hvc0 linux" + else + echo "S0:23:respawn:/sbin/getty -8 -L 115200 $CONSOLE linux" + fi >>"$ROOT/etc/inittab" +fi + +if [ -f /init.postinst ]; then + cp /init.postinst "$ROOT/init.postinst" + chroot "$ROOT" /bin/sh -eux /init.postinst + rm -f "$ROOT/init.postinst" +fi + +# allow service startup again +mv "$ROOT/sbin/start-stop-daemon.REAL" "$ROOT/sbin/start-stop-daemon" +rm "$ROOT/usr/sbin/policy-rc.d" + +# unmount pseudo filesystems from the target system +umount "$ROOT/dev" +umount "$ROOT/proc" +umount "$ROOT/sys" + +if [ "$BOOT" = "efi" ]; then + umount "$ROOT/boot/efi" +fi +umount "$ROOT/media" +umount "$ROOT/run" + +# /init.bottom is expected to umount $ROOT and its submounts +ROOT="$ROOT" sh -eux /init.bottom + +# stop udevd +udevadm control --exit + +# exiting this script yields "Kernel panic - not syncing: Attempted to +# kill init!", so give the asyncronous SysRq trigger a chance to power +# off (sending a racy C-d would still trigger a panic but we don't care) +echo o >/proc/sysrq-trigger +exec cat >/dev/null diff --git a/debian/tests/utils/mkinitramfs b/debian/tests/utils/mkinitramfs new file mode 100755 index 0000000..6bc70f4 --- /dev/null +++ b/debian/tests/utils/mkinitramfs @@ -0,0 +1,159 @@ +#!/bin/sh + +# Generate an initramfs image, much like mkinitramfs(8) but simpler +# +# Copyright © 2021-2022 Guilhem Moulin <guilhem@debian.org> +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +set -eu +PATH="/usr/sbin:/usr/bin:/sbin:/bin" +export PATH + +unset DEBUG +EXTRACT_DIR="$1" +KERNEL_VERSION="$2" +INITRD="$3" + +UTILS="$(dirname -- "$0")" +DESTDIR="$(mktemp --directory -- "$INITRD.XXXXXXXXXX")" +trap "rm -r${DEBUG:+v}f -- \"$DESTDIR\"" EXIT INT TERM + +# from /usr/sbin/mkinitramfs: create usr-merged filesystem layout, to +# avoid duplicates if the host filesystem is usr-merged +for d in /bin /lib* /sbin; do + [ -d "$d" ] || continue + mkdir -p "$DESTDIR/usr$d" + ln -sT "usr$d" "$DESTDIR$d" +done + +install -m0755 "$UTILS/init" "$DESTDIR/init" +install -m0755 "$UTILS/debootstrap" "$DESTDIR/debootstrap" +cat >"$DESTDIR/init.conf" <<- EOF + HOSTNAME="$TESTNAME" + export HOSTNAME + PACKAGES="$PACKAGES" + BOOT="$BOOT" + CONSOLE="$CONSOLE" + ARCH="$ARCH" + MERGED_USR="$MERGED_USR" +EOF + +for p in setup preinst postinst bottom; do + # setup: sourced after creating the BIOS or EFI boot partition + # preinst: run in chroot after debootstrap, but before installing extra packages + # postinst: optionally run in chroot after installing extra packages + # bottom: last thing to run before shutdown + if [ -f "$TESTDIR/$TESTNAME.d/$p" ]; then + install -m0755 "$TESTDIR/$TESTNAME.d/$p" "$DESTDIR/init.$p" + fi +done + +MODULES="dm_crypt ext4 btrfs raid0 raid1" +if [ "$BOOT" = "efi" ]; then + MODULES="$MODULES efivarfs nls_ascii nls_cp437 vfat" +fi + +depmod -ab "$EXTRACT_DIR" "$KERNEL_VERSION" +for kmod in virtio_console virtio_blk virtio_pci virtio_rng \ + "$EXTRACT_DIR/lib/modules/$KERNEL_VERSION"/kernel/arch/*/crypto/*.ko* \ + "$EXTRACT_DIR/lib/modules/$KERNEL_VERSION"/kernel/crypto/*.ko* \ + $MODULES; do + kmod="${kmod##*/}" + modprobe -aid "$EXTRACT_DIR" -S "$KERNEL_VERSION" --show-depends "${kmod%%.*}" +done | while read -r insmod kmod _; do + [ "$insmod" = "insmod" ] || continue + kmod_rel="${kmod#"$EXTRACT_DIR/lib/modules/$KERNEL_VERSION/"}" + if [ ! -f "$kmod" ] || [ "${kmod_rel#kernel/}" = "$kmod_rel" ]; then + echo "Error: Unexpected modprobe output: $insmod $kmod" >&2 + exit 1 + fi + mkdir -p "$DESTDIR/lib/modules/$KERNEL_VERSION/${kmod_rel%/*}" + ln -f${DEBUG:+v}T -- "$kmod" "$DESTDIR/lib/modules/$KERNEL_VERSION/$kmod_rel" +done + +ln -t "$DESTDIR/lib/modules/$KERNEL_VERSION" -- \ + "$EXTRACT_DIR/lib/modules/$KERNEL_VERSION/modules.order" \ + "$EXTRACT_DIR/lib/modules/$KERNEL_VERSION/modules.builtin" +depmod -wab "$DESTDIR" "$KERNEL_VERSION" + +verbose="${DEBUG-}" +. /usr/share/initramfs-tools/hook-functions # for copy_exec() +if [ -f "$TESTDIR/$TESTNAME.d/mkinitramfs" ]; then + . "$TESTDIR/$TESTNAME.d/mkinitramfs" +fi + +copy_exec /bin/cp +copy_exec /bin/rm +copy_exec /bin/chmod + +copy_exec /sbin/modprobe +copy_exec /sbin/blkid +copy_exec /sbin/sfdisk +copy_exec /sbin/mkswap +copy_exec /sbin/swapon +copy_exec /sbin/swapoff +copy_exec /sbin/cryptsetup +copy_exec /sbin/dmsetup +copy_exec /usr/bin/dpkg-deb +copy_exec /bin/tar + +# assume ossl-modules/legacy.so and libgcc_s.so are relative to the linked libcryptsetup.so +libdir="$(env --unset=LD_PRELOAD ldd /sbin/cryptsetup | sed -nr '/.*=>\s*(\S+)\/libcryptsetup\.so\..*/ {s//\1/p;q}')" +copy_exec "$libdir/ossl-modules/legacy.so" || true +copy_libgcc "$libdir" + +for p in /sbin/cryptsetup /sbin/lvm /sbin/mdadm /sbin/mke2fs /sbin/mkfs.btrfs /bin/btrfs; do + if [ -x "$p" ]; then + copy_exec "$p" + fi +done + +if [ "$BOOT" = "efi" ]; then + if [ ! -x "/sbin/mkfs.vfat" ]; then + echo "Couldn't find mkfs.vfat, is the 'dosfstools' package installed?" >&2 + exit 1 + fi + copy_exec /sbin/mkfs.vfat +fi + +cp -pLt "$DESTDIR/lib" /lib/klibc-*.so +for cmd in cat chroot ln ls mkdir mount mv sh umount uname; do + exe="/usr/lib/klibc/bin/$cmd" + if [ ! -f "$exe" ] || [ ! -x "$exe" ]; then + echo "No such executable: $exe" >&2 + exit 1 + fi + copy_exec "$exe" /bin +done + +# copy udevd and (some of) its rules +copy_exec /lib/systemd/systemd-udevd +copy_exec /bin/udevadm + +mkdir -p -- "$DESTDIR/etc/udev" "$DESTDIR/lib/udev/rules.d" +cat >"$DESTDIR/etc/udev/udev.conf" <<-EOF + udev_log=info + resolve_names=never +EOF +for rules in 50-udev-default.rules 55-dm.rules 60-block.rules \ + 60-persistent-storage.rules 60-persistent-storage-dm.rules \ + 63-md-raid-arrays.rules 95-dm-notify.rules; do + if [ -e "/lib/udev/rules.d/$rules" ]; then + cp -T "/lib/udev/rules.d/$rules" "$DESTDIR/lib/udev/rules.d/$rules" + fi +done + +cd "$DESTDIR" +find . -print0 | cpio -o0 -R 0:0 -H newc --quiet ${DEBUG:+--verbose} >"$INITRD" diff --git a/debian/tests/utils/mock.pm b/debian/tests/utils/mock.pm new file mode 100644 index 0000000..10db3e6 --- /dev/null +++ b/debian/tests/utils/mock.pm @@ -0,0 +1,347 @@ +# Mock terminal interaction on a guest system +# +# Copyright © 2021-2022 Guilhem Moulin <guilhem@debian.org> +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +use v5.14.2; +use warnings; +use strict; + +our ($SERIAL, $CONSOLE, $MONITOR); +our $PS1 = qr/root\@[\-\.0-9A-Z_a-z]+ : [~\/][\-\.\/0-9A-Z_a-z]* [\#\$]\ /aax; + +package CryptrootTest::Utils; + +use Socket qw/PF_UNIX SOCK_STREAM SOCK_CLOEXEC SOCK_NONBLOCK SHUT_RD SHUT_WR/; +use Errno qw/EINTR ENOENT ECONNREFUSED/; +use Time::HiRes (); + +my (%SOCKET, %BUFFER, $WBITS, $RBITS); + +BEGIN { + ($SERIAL, $CONSOLE, $MONITOR) = qw/ttyS0 hvc0 mon0/; + my $dir = $ARGV[1] =~ m#\A(/\p{Print}+)\z# ? $1 : die "Invalid base directory\n"; # untaint + my $epoch = Time::HiRes::time(); + foreach my $id ($SERIAL, $CONSOLE, $MONITOR) { + my $path = $dir . "/" . $id; + my $sockaddr = Socket::pack_sockaddr_un($path) // die; + socket(my $socket, PF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) or die "socket: $!"; + + until (connect($socket, $sockaddr)) { + if ($! == EINTR) { + # try again immediatly if connect(2) was interrupted by a signal + } elsif (($! == ENOENT or $! == ECONNREFUSED) and Time::HiRes::time() - $epoch < 30) { + # wait a bit to give QEMU time to create the socket and mark it at listening + Time::HiRes::usleep(100_000); + } else { + die "connect($path): $!"; + } + } + + my $fd = fileno($socket) // die; + vec($WBITS, $fd, 1) = 1; + vec($RBITS, $fd, 1) = 1; + $SOCKET{$id} = $socket; + $BUFFER{$id} = ""; + } +} + +sub read_data($) { + my $bits = shift; + while (my ($chan, $fh) = each %SOCKET) { + next unless vec($bits, fileno($fh), 1); # nothing to read here + my $n = sysread($fh, my $buf, 4096) // die "read: $!"; + if ($n > 0) { + STDOUT->printflush($buf); + $BUFFER{$chan} .= $buf; + } else { + #print STDERR "INFO done reading from $chan\n"; + shutdown($fh, SHUT_RD) or die "shutdown: $!"; + vec($RBITS, fileno($fh), 1) = 0; + } + } +} + +sub expect(;$$) { + my ($chan, $prompt) = @_; + + my $buffer = defined $chan ? \$BUFFER{$chan} : undef; + if (defined $buffer and $$buffer =~ $prompt) { + $$buffer = $' // die; + return %+; + } + + while(unpack("b*", $RBITS) != 0) { + my $rout = $RBITS; + while (select($rout, undef, undef, undef) == -1) { + die "select: $!" unless $! == EINTR; # try again immediately if select(2) was interrupted + } + read_data($rout); + if (defined $buffer and $$buffer =~ $prompt) { + $$buffer = $' // die; + return %+; + } + } + #print STDERR "INFO done reading\n"; +} + +sub write_data($$%) { + my $chan = shift; + my $data = shift; + + my %options = @_; + $options{echo} //= 1; + $options{eol} //= "\r"; + $options{reol} //= "\r\n"; + my $wdata = $data . $options{eol}; + + my $wfh = $SOCKET{$chan} // die; + my $wfd = fileno($wfh) // die; + vec(my $win, $wfd, 1) = 1; + + for (my $offset = 0, my $length = length($wdata); $offset < $length;) { + my $wout = $win; + while (select(undef, $wout, undef, undef) == -1) { + die "select: $!" unless $! == EINTR; # try again immediately if select(2) was interrupted + } + if (vec($wout, $wfd, 1)) { + my $n = syswrite($wfh, $wdata, $length - $offset, $offset) // die "write: $!"; + $offset += $n; + } + } + + my $rdata = $options{echo} ? $data : ""; + $rdata .= $options{reol}; + + if ($rdata ne "") { + my $buf = \$BUFFER{$chan}; + my $rfh = $SOCKET{$chan} // die; + my $rfd = fileno($rfh) // die; + vec(my $rin, $rfd, 1) = 1; + + my $rlen = length($rdata); + while($rlen > 0) { + my $rout = $rin; + while (select($rout, undef, undef, undef) == -1) { + die "select: $!" unless $! == EINTR; # try again immediately if select(2) was interrupted + } + read_data($rout); + + my $got = substr($$buf, 0, $rlen); + my $n = length($got); + if ($got eq substr($rdata, -$rlen, $n)) { + $$buf = substr($$buf, $n); # consume the command + $rlen -= $n; + } else { + my $a = substr($rdata, 0, -$rlen) . substr($rdata, -$rlen, $n); + my $b = substr($rdata, 0, -$rlen) . $got; + s/[^\p{Graph} ]/"\\x".unpack("H*",$&)/ge foreach ($a, $b); + die "Wanted \"$a\", got \"$b\""; + } + } + } +} + +package CryptrootTest::Mock; + +use Exporter qw/import/; +BEGIN { + our @EXPORT = qw/ + unlock_disk + login + shell + suspend + wakeup + hibernate + poweroff + expect + /; +} + +*expect = \&CryptrootTest::Utils::expect; +*write_data = \&CryptrootTest::Utils::write_data; + +sub unlock_disk($) { + my $passphrase = shift; + my %r = expect($SERIAL => qr/\A(?:.*(?:\r\n|\.\.\. ))?Please unlock disk (?<name>\p{Graph}+): \z/aams); + if ((my $ref = ref($passphrase)) ne "") { + my $name = $r{name}; + unless (defined $name) { + undef $passphrase; + } elsif ($ref eq "CODE") { + $passphrase = $passphrase->($name); + } elsif ($ref eq "HASH") { + $passphrase = $passphrase->{$name}; + } else { + die "Unsupported reference $ref"; + } + } + die "Unable to unlock, aborting.\n" unless defined $passphrase; + write_data($SERIAL => $passphrase, echo => 0, reol => "\r"); +} + +sub login($;$) { + my ($username, $password) = @_; + expect($CONSOLE => qr/\r\ncryptroot-[[:alnum:]._-]+ login: \z/aams); + write_data($CONSOLE => $username, reol => "\r"); + + if (defined $password) { + expect($CONSOLE => qr/\A[\r\n]*Password: \z/aams); + write_data($CONSOLE => $username, echo => 0, reol => "\r"); + } + + # consume motd(5) or similar + expect($CONSOLE => qr/\r\n $PS1 \z/aamsx); +} + +sub shell($%); +sub shell($%) { + my $command = shift; + my %options = @_; + + write_data($CONSOLE => $command); + my %r = expect($CONSOLE => qr/\A (?<out>.*) $PS1 \z/aamsx); + my $out = $r{out}; + + if (exists $options{rv}) { + my $rv = shell(q{echo $?}); + unless ($rv =~ s/\r?\n\z// and $rv =~ /\A[0-9]+\z/ and $rv == $options{rv}) { + my @loc = caller; + die "ERROR: Command \`$command\` exited with status $rv != $options{rv}", + " at line $loc[2] in $loc[1]\n"; + } + } + return $out; +} + +# enter S3 sleep state (suspend to ram aka standby) +sub suspend() { + write_data($CONSOLE => q{systemctl suspend}); + # while the command is asynchronous the system might suspend before + # we have a chance to read the next $PS1 + + # wait for the SUSPEND event + QMP::wait_for_event("SUSPEND"); + + # double check that the guest is indeed suspended + my $resp = QMP::command(q{query-status}); + die unless defined $resp->{status} and $resp->{status} eq "suspended" and + defined $resp->{running} and $resp->{running} == JSON::false(); +} + +sub wakeup() { + my $r = QMP::command(q{system_wakeup}); + die if %$r; + + # wait for the WAKEUP event + QMP::wait_for_event("WAKEUP"); + + # double check that the guest is indeed running + my $resp = QMP::command(q{query-status}); + die unless defined $resp->{status} and $resp->{status} eq "running" and + defined $resp->{running} and $resp->{running} == JSON::true(); +} + +# enter S4 sleep state (suspend to disk aka hibernate) +sub hibernate() { + # an alternative is to send {"execute":"guest-suspend-disk"} on the + # guest agent socket, but we don't want to require qemu-guest-agent + # on the guest so this will have to do + write_data($CONSOLE => q{systemctl hibernate}); + # while the command is asynchronous the system might hibernate + # before we have a chance to read the next $PS1 + QMP::wait_for_event("SUSPEND_DISK"); + expect();# wait for QEMU to terminate +} + +sub poweroff() { + # XXX would be nice to use the QEMU monitor here but the guest + # doesn't seem to respond to system_powerdown QMP commands + write_data($CONSOLE => q{poweroff}); + # while the command is asynchronous the system might shutdown + # before we have a chance to read the next $PS1 + QMP::wait_for_event("SHUTDOWN"); + expect(); # wait for QEMU to terminate +} + + +package QMP; + +# QMP protocol +# https://qemu.readthedocs.io/en/latest/interop/qemu-qmp-ref.html + +use JSON (); + +# read and decode a QMP server line +sub getline() { + my %r = CryptrootTest::Utils::expect($MONITOR => qr/\A(?<str>.+?)\r\n/m); + my $str = $r{str} // die; + return JSON::->new->decode($str); +} + +# send a QMP command and optional arguments +sub command($;$) { + my ($command, $arguments) = @_; + my $cmd = { execute => $command }; + $cmd->{arguments} = $arguments if defined $arguments; + + $cmd = JSON::->new->encode($cmd); + STDOUT->printflush($cmd . "\n"); + CryptrootTest::Utils::write_data($MONITOR => $cmd, eol => "\r\n", echo => 0, reol => ""); + + while(1) { + my $resp = QMP::getline() // next; + # ignore unsolicited server responses (such as events) + return $resp->{return} if exists $resp->{return}; + } +} + +# wait for the QMP greeting line +my @CAPABILITIES; +sub greeting() { + my $greeting = QMP::getline() // die; + $greeting = $greeting->{QMP} // die; + @CAPABILITIES = @{$greeting->{capabilities}} if defined $greeting->{capabilities}; +} + +# negotiate QMP capabilities +sub capabilities(@) { + my $r = QMP::command(qmp_capabilities => {enable => \@_}); + die if %$r; +} + +BEGIN { + # https://gitlab.com/qemu-project/qemu/-/blob/master/docs/interop/qmp-spec.txt sec 4 + QMP::greeting(); + QMP::capabilities(); +} + +sub wait_for_event($) { + my $event_name = shift; + while(1) { + my $resp = QMP::getline() // next; + return if exists $resp->{event} and $resp->{event} eq $event_name; + } +} + +sub quit() { + # don't use QMP::command() here since we might never receive a response + my $cmd = JSON::->new->encode({ execute => "quit" }); + STDOUT->printflush($cmd . "\n"); + CryptrootTest::Utils::write_data($MONITOR => $cmd, eol => "\r\n", echo => 0, reol => ""); + CryptrootTest::Utils::expect(); # wait for QEMU to terminate +} + +1; |