systemd/backport-test-store-the-key-on-a-separate-device.patch

From 6b70d3cf81088ee9226cd691bbccc4ebf4764065 Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Thu, 26 May 2022 14:52:52 +0200
Subject: [PATCH] test: store the key on a separate device

---
 test/TEST-24-CRYPTSETUP/test.sh | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/test/TEST-24-CRYPTSETUP/test.sh b/test/TEST-24-CRYPTSETUP/test.sh
index bdf630d912..b81b811654 100755
--- a/test/TEST-24-CRYPTSETUP/test.sh
+++ b/test/TEST-24-CRYPTSETUP/test.sh
@@ -12,10 +12,8 @@ TEST_FORCE_NEWIMAGE=1
 
 PART_UUID="deadbeef-dead-dead-beef-000000000000"
 DM_NAME="test24_varcrypt"
-# Mount the keyfile only in initrd (hence rd.luks.key), since it resides on
-# the rootfs and we would get a (harmless) error when trying to mount it after
-# switching root (since rootfs is already mounted)
-KERNEL_APPEND+=" rd.luks=1 luks.name=$PART_UUID=$DM_NAME rd.luks.key=$PART_UUID=/etc/varkey:LABEL=systemd_boot"
+KERNEL_APPEND+=" rd.luks=1 luks.name=$PART_UUID=$DM_NAME luks.key=$PART_UUID=/keyfile:LABEL=varcrypt_keydev"
+QEMU_OPTIONS+=" -drive format=raw,cache=unsafe,file=${STATEDIR:?}/keydev.img"
 
 check_result_qemu() {
     local ret=1
@@ -57,7 +55,13 @@ test_create_image() {
     install_dmevent
     generate_module_dependencies
 
-    echo -n test >"$initdir/etc/varkey"
+    # Create a keydev
+    dd if=/dev/zero of="${STATEDIR:?}/keydev.img" bs=1M count=16
+    mkfs.ext4 -L varcrypt_keydev "$STATEDIR/keydev.img"
+    mkdir -p "$STATEDIR/keydev"
+    mount "$STATEDIR/keydev.img" "$STATEDIR/keydev"
+    echo -n test >"$STATEDIR/keydev/keyfile"
+    umount "$STATEDIR/keydev"
 
     cat >>"$initdir/etc/fstab" <<EOF
 /dev/mapper/$DM_NAME    /var    ext4    defaults 0 1
-- 
2.33.0
sync patches from systemd community 2023-06-19 10:57:57 +08:00			`From 6b70d3cf81088ee9226cd691bbccc4ebf4764065 Mon Sep 17 00:00:00 2001`
			`From: Frantisek Sumsal <frantisek@sumsal.cz>`
			`Date: Thu, 26 May 2022 14:52:52 +0200`
			`Subject: [PATCH] test: store the key on a separate device`

			`---`
			`test/TEST-24-CRYPTSETUP/test.sh \| 14 +++++++++-----`
			`1 file changed, 9 insertions(+), 5 deletions(-)`

			`diff --git a/test/TEST-24-CRYPTSETUP/test.sh b/test/TEST-24-CRYPTSETUP/test.sh`
			`index bdf630d912..b81b811654 100755`
			`--- a/test/TEST-24-CRYPTSETUP/test.sh`
			`+++ b/test/TEST-24-CRYPTSETUP/test.sh`
			`@@ -12,10 +12,8 @@ TEST_FORCE_NEWIMAGE=1`

			`PART_UUID="deadbeef-dead-dead-beef-000000000000"`
			`DM_NAME="test24_varcrypt"`
			`-# Mount the keyfile only in initrd (hence rd.luks.key), since it resides on`
			`-# the rootfs and we would get a (harmless) error when trying to mount it after`
			`-# switching root (since rootfs is already mounted)`
			`-KERNEL_APPEND+=" rd.luks=1 luks.name=$PART_UUID=$DM_NAME rd.luks.key=$PART_UUID=/etc/varkey:LABEL=systemd_boot"`
			`+KERNEL_APPEND+=" rd.luks=1 luks.name=$PART_UUID=$DM_NAME luks.key=$PART_UUID=/keyfile:LABEL=varcrypt_keydev"`
			`+QEMU_OPTIONS+=" -drive format=raw,cache=unsafe,file=${STATEDIR:?}/keydev.img"`

			`check_result_qemu() {`
			`local ret=1`
			`@@ -57,7 +55,13 @@ test_create_image() {`
			`install_dmevent`
			`generate_module_dependencies`

			`- echo -n test >"$initdir/etc/varkey"`
			`+ # Create a keydev`
			`+ dd if=/dev/zero of="${STATEDIR:?}/keydev.img" bs=1M count=16`
			`+ mkfs.ext4 -L varcrypt_keydev "$STATEDIR/keydev.img"`
			`+ mkdir -p "$STATEDIR/keydev"`
			`+ mount "$STATEDIR/keydev.img" "$STATEDIR/keydev"`
			`+ echo -n test >"$STATEDIR/keydev/keyfile"`
			`+ umount "$STATEDIR/keydev"`

			`cat >>"$initdir/etc/fstab" <<EOF`
			`/dev/mapper/$DM_NAME /var ext4 defaults 0 1`
			`--`
			`2.33.0`