mirrors/libguestfs
1
0
Fork 0
mirror of https://github.com/libguestfs/libguestfs.git synced 2026-03-21 22:53:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
322113314055af6078b30d81d9e0457e616fa38c
libguestfs/tests/luks/test-key-option-inspect-luks-on-lvm.sh
Laszlo Ersek 3221133140 tests: add LUKS-on-LVM test 
Create a new (fake) Fedora disk image with two partitions. /dev/sda1 is
the boot partition as usual, /dev/sda2 is used as an LVM PV. The VG has
four LVs, Root and LV1 through LV3.

Each LV holds a LUKS device (with a different key). Each decrypted LUKS
device holds an ext2 filesystem, with "/dev/mapper/Root-luks" holding the
root filesystem.

Each filesystem has a dedicated label (ROOT, LV1, LV2, LV3).

In the test case, run guestfish in inspector mode, twice.

In the first invocation, provide the LUKS passphrases by LV name. Also
specific to the first invocation, fetch the LUKS UUIDs by LV name.

In the second invocation, provide the LUKS passphrases by UUID.

In both invocations, after decryption, check the filesystem labels, the
/dev/mapper/* names generated for the decrypted LUKS block devices, and
the existence of "/etc/fedora-release" on the root filesystem.

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1658126
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20220223162120.16729-3-lersek@redhat.com>
Acked-by: Richard W.M. Jones <rjones@redhat.com>
2022-02-28 13:12:21 +01:00

104 lines
3.7 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash -
# libguestfs
# Copyright (C) 2019-2022 Red Hat Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# Test the --key option. It is handled by common code so we only need
# to test one tool (guestfish).
set -e
$TEST_FUNCTIONS
skip_if_skipped
skip_unless_feature_available luks
skip_unless_phony_guest fedora-luks-on-lvm.img
# Start a background guestfish instance to check key specification by Logical
# Volume names.
guestfish=(guestfish --listen --ro --inspector
--add ../test-data/phony-guests/fedora-luks-on-lvm.img)
keys_by_lvname=(--key /dev/VG/Root:key:FEDORA-Root
--key /dev/VG/LV1:key:FEDORA-LV1
--key /dev/VG/LV2:key:FEDORA-LV2
--key /dev/VG/LV3:key:FEDORA-LV3)
# The variable assignment below will fail, and abort the script, if guestfish
# refuses to start up.
fish_ref=$("${guestfish[@]}" "${keys_by_lvname[@]}")
# Set GUESTFISH_PID as necessary for the remote access.
eval "$fish_ref"
# From this point on, if any remote guestfish command fails, that will cause
# *both* the guestfish server *and* this script to exit, with an error.
# However, we also want the background guestfish process to exit if (a) this
# script exits cleanly, or (b) this script exits with a failure due to a reason
# that's different from a failed remote command.
function cleanup_guestfish
{
if [ -n "$GUESTFISH_PID" ]; then
guestfish --remote -- exit >/dev/null 2>&1 || :
fi
}
trap cleanup_guestfish EXIT
# Get the UUIDs of the LUKS devices.
uuid_root=$(guestfish --remote -- luks-uuid /dev/VG/Root)
uuid_lv1=$( guestfish --remote -- luks-uuid /dev/VG/LV1)
uuid_lv2=$( guestfish --remote -- luks-uuid /dev/VG/LV2)
uuid_lv3=$( guestfish --remote -- luks-uuid /dev/VG/LV3)
# The actual test.
function check_filesystems
{
local decrypted_root decrypted_lv1 decrypted_lv2 decrypted_lv3 exists
# Get the names of the decrypted LUKS block devices that host the filesystems
# with the labels listed below.
decrypted_root=$(guestfish --remote -- findfs-label ROOT)
decrypted_lv1=$( guestfish --remote -- findfs-label LV1)
decrypted_lv2=$( guestfish --remote -- findfs-label LV2)
decrypted_lv3=$( guestfish --remote -- findfs-label LV3)
# Verify the device names. These come from decrypt_mountables() in
# "common/options/decrypt.c".
test /dev/mapper/luks-"$uuid_root" = "$decrypted_root"
test /dev/mapper/luks-"$uuid_lv1" = "$decrypted_lv1"
test /dev/mapper/luks-"$uuid_lv2" = "$decrypted_lv2"
test /dev/mapper/luks-"$uuid_lv3" = "$decrypted_lv3"
# Check "/etc/fedora-release" on the root fs.
exists=$(guestfish --remote -- exists /etc/fedora-release)
test true = "$exists"
}
check_filesystems
# Exit the current guestfish background process.
guestfish --remote -- exit
GUESTFISH_PID=
# Start up a similar guestfish background process, but specify the keys by
# UUID.
keys_by_uuid=(--key "$uuid_root":key:FEDORA-Root
--key "$uuid_lv1":key:FEDORA-LV1
--key "$uuid_lv2":key:FEDORA-LV2
--key "$uuid_lv3":key:FEDORA-LV3)
fish_ref=$("${guestfish[@]}" "${keys_by_uuid[@]}")
eval "$fish_ref"
# Repeat the test.
check_filesystems
Reference in New Issue View Git Blame Copy Permalink