From 78368a0e859a2a48d95f0a5e534bfb04308ce2ca Mon Sep 17 00:00:00 2001 From: Frantisek Sumsal Date: Wed, 25 May 2022 17:39:14 +0200 Subject: [PATCH] test: cover initrd->sysroot transition in TEST-24 This should cover cases regarding devices with `OPTIONS+="db_persist"` during initrd->sysroot transition. See: * https://github.com/systemd/systemd/issues/23429 * https://github.com/systemd/systemd/pull/23218 * https://github.com/systemd/systemd/pull/23489 * https://bugzilla.redhat.com/show_bug.cgi?id=2087225 --- test/TEST-24-CRYPTSETUP/test.sh | 63 ++++++++++++++++----------------- 1 file changed, 30 insertions(+), 33 deletions(-) diff --git a/test/TEST-24-CRYPTSETUP/test.sh b/test/TEST-24-CRYPTSETUP/test.sh index 96d255dd96ba9..83f4d65b1daf5 100755 --- a/test/TEST-24-CRYPTSETUP/test.sh +++ b/test/TEST-24-CRYPTSETUP/test.sh @@ -10,6 +10,13 @@ TEST_FORCE_NEWIMAGE=1 # shellcheck source=test/test-functions . "${TEST_BASE_DIR:?}/test-functions" +PART_UUID="deadbeef-dead-dead-beef-000000000000" +DM_NAME="test24_varcrypt" +# Mount the keyfile only in initrd (hence rd.luks.key), since it resides on +# the rootfs and we would get a (harmless) error when trying to mount it after +# switching root (since rootfs is already mounted) +KERNEL_APPEND+=" rd.luks=1 luks.name=$PART_UUID=$DM_NAME rd.luks.key=$PART_UUID=/etc/varkey:LABEL=systemd_boot" + check_result_qemu() { local ret=1 @@ -17,13 +24,13 @@ check_result_qemu() { [[ -e "${initdir:?}/testok" ]] && ret=0 [[ -f "$initdir/failed" ]] && cp -a "$initdir/failed" "${TESTDIR:?}" - cryptsetup luksOpen "${LOOPDEV:?}p2" varcrypt <"$TESTDIR/keyfile" - mount /dev/mapper/varcrypt "$initdir/var" + cryptsetup luksOpen "${LOOPDEV:?}p2" "${DM_NAME:?}" <"$TESTDIR/keyfile" + mount "/dev/mapper/$DM_NAME" "$initdir/var" save_journal "$initdir/var/log/journal" check_coverage_reports "${initdir:?}" || ret=5 _umount_dir "$initdir/var" _umount_dir "$initdir" - cryptsetup luksClose /dev/mapper/varcrypt + cryptsetup luksClose "/dev/mapper/$DM_NAME" [[ -f "$TESTDIR/failed" ]] && cat "$TESTDIR/failed" echo "${JOURNAL_LIST:-No journals were saved}" @@ -36,45 +43,35 @@ test_create_image() { create_empty_image_rootdir echo -n test >"${TESTDIR:?}/keyfile" - cryptsetup -q luksFormat --pbkdf pbkdf2 --pbkdf-force-iterations 1000 "${LOOPDEV:?}p2" "$TESTDIR/keyfile" - cryptsetup luksOpen "${LOOPDEV}p2" varcrypt <"$TESTDIR/keyfile" - mkfs.ext4 -L var /dev/mapper/varcrypt + cryptsetup -q luksFormat --uuid="$PART_UUID" --pbkdf pbkdf2 --pbkdf-force-iterations 1000 "${LOOPDEV:?}p2" "$TESTDIR/keyfile" + cryptsetup luksOpen "${LOOPDEV}p2" "${DM_NAME:?}" <"$TESTDIR/keyfile" + mkfs.ext4 -L var "/dev/mapper/$DM_NAME" mkdir -p "${initdir:?}/var" - mount /dev/mapper/varcrypt "$initdir/var" - - # Create what will eventually be our root filesystem onto an overlay - ( - LOG_LEVEL=5 - # shellcheck source=/dev/null - source <(udevadm info --export --query=env --name=/dev/mapper/varcrypt) - # shellcheck source=/dev/null - source <(udevadm info --export --query=env --name="${LOOPDEV}p2") - - setup_basic_environment - mask_supporting_services - - install_dmevent - generate_module_dependencies - cat >"$initdir/etc/crypttab" <"$initdir/etc/varkey" - ddebug <"$initdir/etc/crypttab" + mount "/dev/mapper/$DM_NAME" "$initdir/var" + + LOG_LEVEL=5 + + setup_basic_environment + mask_supporting_services + + install_dmevent + generate_module_dependencies + + echo -n test >"$initdir/etc/varkey" - cat >>"$initdir/etc/fstab" <>"$initdir/etc/fstab" <> "$initdir/etc/systemd/journald.conf" - ) + # Forward journal messages to the console, so we have something + # to investigate even if we fail to mount the encrypted /var + echo ForwardToConsole=yes >> "$initdir/etc/systemd/journald.conf" } cleanup_root_var() { ddebug "umount ${initdir:?}/var" mountpoint "$initdir/var" && umount "$initdir/var" - [[ -b /dev/mapper/varcrypt ]] && cryptsetup luksClose /dev/mapper/varcrypt + [[ -b "/dev/mapper/${DM_NAME:?}" ]] && cryptsetup luksClose "/dev/mapper/$DM_NAME" } test_cleanup() {