tinyramfs/test/luks.test

131 lines
2.4 KiB
Bash
Executable File

#!/bin/sh
. ../lib/common.sh
cleanup()
{
umount "${tmpdir}/root" || :
cryptsetup close "$name" || :
qemu-nbd -d "$nbd" || :
rm -rf "$tmpdir"
}
command -v cryptsetup > /dev/null || exit 222
set -ef
trap cleanup EXIT INT
nbd=${NBD:-/dev/nbd2}
devmgr=${DEVMGR:-proc}
arch=${ARCH:-$(uname -m)}
kernel=${KERNEL:-$(uname -r)}
vmlinuz=${VMLINUZ:-"/boot/vmlinuz-${kernel}"}
mkdir -p "${tmpdir:=${TMPDIR:-/tmp}/${0##*/}.$$}"
name="luks$$"
root="${tmpdir}/root"
config="${tmpdir}/config"
image="${tmpdir}/root.qcow2"
initrd="${tmpdir}/initramfs-$(uname -r)"
qemu-img create -f qcow2 "$image" 1G
qemu-nbd -c "$nbd" "$image"
sleep 1
# o: Create MBR table.
# n: Add new partition to table.
# p: Primary partition.
# 1: Partition number.
# newline: Use default value for first sector.
# newline: Use default value for last sector.
# w: Write changes and re-read partition table.
fdisk "$nbd" << EOF
o
n
p
1
w
EOF
dd bs=512 count=1 if=/dev/urandom of="${tmpdir}/key"
cryptsetup -qd "${tmpdir}/key" --pbkdf=pbkdf2 luksFormat "${nbd}p1"
cryptsetup -d "${tmpdir}/key" open "${nbd}p1" "$name"
cat > "$config" << EOF
hooks=$devmgr,luks
root=LABEL=root
luks_root=UUID=$(cryptsetup luksUUID "${nbd}p1")
luks_key=${tmpdir}/key
EOF
mkdir -p "$root"
mkfs.ext4 -L root "/dev/mapper/${name}"
mount "/dev/mapper/${name}" "$root"
(
tmpdir=$root; cd "$tmpdir"
mkdir -p \
dev sys tmp run proc \
root usr/lib usr/bin
ln -s usr/lib lib
ln -s usr/bin bin
ln -s usr/bin sbin
ln -s bin usr/sbin
copy_exec sh
copy_exec e2label
cat > sbin/init << EOF
#!/bin/sh
exec e2label /dev/disk/by-label/root success
EOF
chmod +x sbin/init
)
umount "$root"
cryptsetup close "$name"
qemu-nbd -d "$nbd"
(cd .. && ./tinyramfs -lk "$kernel" -c "$config" "$initrd")
set -- \
-no-reboot \
-initrd "$initrd" \
-kernel "$vmlinuz" \
-device virtio-scsi \
-drive file="$image",if=virtio
if [ -c /dev/kvm ]; then
set -- -enable-kvm -cpu host "$@"
fi
if [ "$DEBUG" ]; then
set -- -append 'panic=-1 rdpanic debug rddebug console=ttyS0' -nographic "$@"
else
set -- -append 'panic=-1 rdpanic' -display none "$@"
fi
"qemu-system-${arch}" "$@"
qemu-nbd -c "$nbd" "$image"
sleep 1
# Re-read partition table.
fdisk "$nbd" << EOF
w
EOF
cryptsetup -d "${tmpdir}/key" open "${nbd}p1" "$name"
[ "$(e2label "/dev/mapper/${name}")" = success ]