114 lines
4.3 KiB
Diff
114 lines
4.3 KiB
Diff
From 1fb7f8e15e19fbe61230b70203b0c35fca54f0a0 Mon Sep 17 00:00:00 2001
|
|
From: Frantisek Sumsal <frantisek@sumsal.cz>
|
|
Date: Wed, 25 May 2022 17:39:14 +0200
|
|
Subject: [PATCH] test: cover initrd->sysroot transition in TEST-24
|
|
|
|
This should cover cases regarding devices with `OPTIONS+="db_persist"`
|
|
during initrd->sysroot transition.
|
|
|
|
See:
|
|
* https://github.com/systemd/systemd/issues/23429
|
|
* https://github.com/systemd/systemd/pull/23218
|
|
* https://github.com/systemd/systemd/pull/23489
|
|
* https://bugzilla.redhat.com/show_bug.cgi?id=2087225
|
|
---
|
|
test/TEST-24-CRYPTSETUP/test.sh | 61 ++++++++++++++++-----------------
|
|
1 file changed, 29 insertions(+), 32 deletions(-)
|
|
|
|
diff --git a/test/TEST-24-CRYPTSETUP/test.sh b/test/TEST-24-CRYPTSETUP/test.sh
|
|
index 2c13126..a52848b 100755
|
|
--- a/test/TEST-24-CRYPTSETUP/test.sh
|
|
+++ b/test/TEST-24-CRYPTSETUP/test.sh
|
|
@@ -9,6 +9,13 @@ TEST_FORCE_NEWIMAGE=1
|
|
# shellcheck source=test/test-functions
|
|
. "${TEST_BASE_DIR:?}/test-functions"
|
|
|
|
+PART_UUID="deadbeef-dead-dead-beef-000000000000"
|
|
+DM_NAME="test24_varcrypt"
|
|
+# Mount the keyfile only in initrd (hence rd.luks.key), since it resides on
|
|
+# the rootfs and we would get a (harmless) error when trying to mount it after
|
|
+# switching root (since rootfs is already mounted)
|
|
+KERNEL_APPEND+=" rd.luks=1 luks.name=$PART_UUID=$DM_NAME rd.luks.key=$PART_UUID=/etc/varkey:LABEL=systemd_boot"
|
|
+
|
|
check_result_qemu() {
|
|
local ret=1
|
|
|
|
@@ -16,12 +23,12 @@ check_result_qemu() {
|
|
[[ -e "${initdir:?}/testok" ]] && ret=0
|
|
[[ -f "$initdir/failed" ]] && cp -a "$initdir/failed" "${TESTDIR:?}"
|
|
|
|
- cryptsetup luksOpen "${LOOPDEV:?}p2" varcrypt <"$TESTDIR/keyfile"
|
|
- mount /dev/mapper/varcrypt "$initdir/var"
|
|
+ cryptsetup luksOpen "${LOOPDEV:?}p2" "${DM_NAME:?}" <"$TESTDIR/keyfile"
|
|
+ mount "/dev/mapper/$DM_NAME" "$initdir/var"
|
|
save_journal "$initdir/var/log/journal"
|
|
_umount_dir "$initdir/var"
|
|
_umount_dir "$initdir"
|
|
- cryptsetup luksClose /dev/mapper/varcrypt
|
|
+ cryptsetup luksClose "/dev/mapper/$DM_NAME"
|
|
|
|
[[ -f "$TESTDIR/failed" ]] && cat "$TESTDIR/failed"
|
|
echo "${JOURNAL_LIST:-No journals were saved}"
|
|
@@ -34,39 +41,29 @@ test_create_image() {
|
|
create_empty_image_rootdir
|
|
|
|
echo -n test >"${TESTDIR:?}/keyfile"
|
|
- cryptsetup -q luksFormat --pbkdf pbkdf2 --pbkdf-force-iterations 1000 "${LOOPDEV:?}p2" "$TESTDIR/keyfile"
|
|
- cryptsetup luksOpen "${LOOPDEV}p2" varcrypt <"$TESTDIR/keyfile"
|
|
- mkfs.ext4 -L var /dev/mapper/varcrypt
|
|
+ cryptsetup -q luksFormat --uuid="$PART_UUID" --pbkdf pbkdf2 --pbkdf-force-iterations 1000 "${LOOPDEV:?}p2" "$TESTDIR/keyfile"
|
|
+ cryptsetup luksOpen "${LOOPDEV}p2" "${DM_NAME:?}" <"$TESTDIR/keyfile"
|
|
+ mkfs.ext4 -L var "/dev/mapper/$DM_NAME"
|
|
mkdir -p "${initdir:?}/var"
|
|
- mount /dev/mapper/varcrypt "$initdir/var"
|
|
-
|
|
- # Create what will eventually be our root filesystem onto an overlay
|
|
- (
|
|
- LOG_LEVEL=5
|
|
- # shellcheck source=/dev/null
|
|
- source <(udevadm info --export --query=env --name=/dev/mapper/varcrypt)
|
|
- # shellcheck source=/dev/null
|
|
- source <(udevadm info --export --query=env --name="${LOOPDEV}p2")
|
|
-
|
|
- setup_basic_environment
|
|
- mask_supporting_services
|
|
-
|
|
- install_dmevent
|
|
- generate_module_dependencies
|
|
- cat >"$initdir/etc/crypttab" <<EOF
|
|
-$DM_NAME UUID=$ID_FS_UUID /etc/varkey
|
|
-EOF
|
|
- echo -n test >"$initdir/etc/varkey"
|
|
- ddebug <"$initdir/etc/crypttab"
|
|
+ mount "/dev/mapper/$DM_NAME" "$initdir/var"
|
|
+
|
|
+ LOG_LEVEL=5
|
|
+
|
|
+ setup_basic_environment
|
|
+ mask_supporting_services
|
|
+
|
|
+ install_dmevent
|
|
+ generate_module_dependencies
|
|
+
|
|
+ echo -n test >"$initdir/etc/varkey"
|
|
|
|
- cat >>"$initdir/etc/fstab" <<EOF
|
|
-/dev/mapper/varcrypt /var ext4 defaults 0 1
|
|
+ cat >>"$initdir/etc/fstab" <<EOF
|
|
+/dev/mapper/$DM_NAME /var ext4 defaults 0 1
|
|
EOF
|
|
|
|
- # Forward journal messages to the console, so we have something
|
|
- # to investigate even if we fail to mount the encrypted /var
|
|
- echo ForwardToConsole=yes >> "$initdir/etc/systemd/journald.conf"
|
|
- )
|
|
+ # Forward journal messages to the console, so we have something
|
|
+ # to investigate even if we fail to mount the encrypted /var
|
|
+ echo ForwardToConsole=yes >> "$initdir/etc/systemd/journald.conf"
|
|
}
|
|
|
|
cleanup_root_var() {
|
|
--
|
|
2.33.0
|
|
|