From 81a63aca2245f1e0816d73c8bcd0ec92eeb4aa83 Mon Sep 17 00:00:00 2001
From: Milan Broz <gmazyland@gmail.com>
Date: Thu, 14 Apr 2022 16:22:09 +0200
Subject: [PATCH] Fix tests if compiled with --disable-blkid.

Note that htere are some systems with blkid but without
blkid support for secondary LUKS2 header (CentOS6 for example).
---
 tests/api-test-2.c             | 17 +++++++++---
 tests/compat-test2             | 15 +++++++---
 tests/luks2-reencryption-test  | 51 ++++++++++++++++++++++------------
 tests/reencryption-compat-test | 41 +++++++++++++++++----------
 4 files changed, 84 insertions(+), 40 deletions(-)

diff --git a/tests/api-test-2.c b/tests/api-test-2.c
index de94fe87..12474fe2 100644
--- a/tests/api-test-2.c
+++ b/tests/api-test-2.c
@@ -4568,6 +4568,15 @@ static void Luks2Reencryption(void)
 }
 #endif
 
+static int _crypt_load_check(struct crypt_device *cd)
+{
+#ifdef HAVE_BLKID
+	return crypt_load(cd, CRYPT_LUKS, NULL);
+#else
+	return -ENOTSUP;
+#endif
+}
+
 static void Luks2Repair(void)
 {
 	char rollback[256];
@@ -4577,7 +4586,7 @@ static void Luks2Repair(void)
 
 	OK_(crypt_init(&cd, DEVICE_6));
 
-	FAIL_(crypt_load(cd, CRYPT_LUKS, NULL), "Ambiguous signature detected");
+	FAIL_(_crypt_load_check(cd), "Ambiguous signature detected");
 	FAIL_(crypt_repair(cd, CRYPT_LUKS1, NULL), "Not a LUKS2 device");
 
 	/* check explicit LUKS2 repair works */
@@ -4588,7 +4597,7 @@ static void Luks2Repair(void)
 
 	/* rollback */
 	OK_(_system(rollback, 1));
-	FAIL_(crypt_load(cd, CRYPT_LUKS, NULL), "Ambiguous signature detected");
+	FAIL_(_crypt_load_check(cd), "Ambiguous signature detected");
 
 	/* check repair with type detection works */
 	OK_(crypt_repair(cd, CRYPT_LUKS, NULL));
@@ -4600,7 +4609,7 @@ static void Luks2Repair(void)
 	OK_(crypt_init(&cd, DEVICE_6));
 	OK_(crypt_metadata_locking(cd, 0));
 
-	FAIL_(crypt_load(cd, CRYPT_LUKS, NULL), "Ambiguous signature detected");
+	FAIL_(_crypt_load_check(cd), "Ambiguous signature detected");
 	FAIL_(crypt_repair(cd, CRYPT_LUKS1, NULL), "Not a LUKS2 device");
 
 	/* check explicit LUKS2 repair works */
@@ -4611,7 +4620,7 @@ static void Luks2Repair(void)
 
 	/* rollback */
 	OK_(_system(rollback, 1));
-	FAIL_(crypt_load(cd, CRYPT_LUKS, NULL), "Ambiguous signature detected");
+	FAIL_(_crypt_load_check(cd), "Ambiguous signature detected");
 
 	/* check repair with type detection works */
 	OK_(crypt_repair(cd, CRYPT_LUKS, NULL));
diff --git a/tests/compat-test2 b/tests/compat-test2
index 0686d757..d70eac76 100755
--- a/tests/compat-test2
+++ b/tests/compat-test2
@@ -244,6 +244,11 @@ function setup_luks2_env() {
 	else
 		HAVE_KEYRING=0
 	fi
+	if $($CRYPTSETUP --version | grep -q "BLKID"); then
+		HAVE_BLKID=1
+	else
+		HAVE_BLKID=0
+	fi
 	$CRYPTSETUP close $DEV_NAME || fail
 }
 
@@ -747,10 +752,12 @@ $CRYPTSETUP -q luksDump  $HEADER_IMG | grep -q "offset: $((512 * 131072)) \[byte
 
 prepare "[29] Repair metadata" wipe
 xz -dk $HEADER_LUKS2_PV.xz
-$CRYPTSETUP isLuks --disable-locks $HEADER_LUKS2_PV && fail
-$CRYPTSETUP isLuks $HEADER_LUKS2_PV && fail
-$CRYPTSETUP isLuks --disable-locks --type luks2 $HEADER_LUKS2_PV && fail
-$CRYPTSETUP isLuks --type luks2 $HEADER_LUKS2_PV && fail
+if [ "$HAVE_BLKID" -gt 0 ]; then
+	$CRYPTSETUP isLuks --disable-locks $HEADER_LUKS2_PV && fail
+	$CRYPTSETUP isLuks $HEADER_LUKS2_PV && fail
+	$CRYPTSETUP isLuks --disable-locks --type luks2 $HEADER_LUKS2_PV && fail
+	$CRYPTSETUP isLuks --type luks2 $HEADER_LUKS2_PV && fail
+fi
 $CRYPTSETUP -q repair $HEADER_LUKS2_PV || fail
 $CRYPTSETUP isLuks $HEADER_LUKS2_PV || fail
 $CRYPTSETUP isLuks --type luks2 $HEADER_LUKS2_PV || fail
diff --git a/tests/luks2-reencryption-test b/tests/luks2-reencryption-test
index 4cd42b82..154cefb0 100755
--- a/tests/luks2-reencryption-test
+++ b/tests/luks2-reencryption-test
@@ -706,6 +706,20 @@ function setup_luks2_env() {
 	$CRYPTSETUP close $DEV_NAME || fail
 }
 
+function check_blkid() {
+	bin_check blkid
+	xz -dkf $HEADER_LUKS2_PV.xz
+	if ! $($CRYPTSETUP --version | grep -q "BLKID"); then
+		HAVE_BLKID=0
+	elif $(blkid -p -n crypto_LUKS $HEADER_LUKS2_PV >/dev/null 2>&1); then
+		HAVE_BLKID=1
+		xz -dkf $IMG_FS.xz
+		blkid $IMG_FS | grep -q BLOCK_SIZE && BLKID_BLOCK_SIZE_SUPPORT=1
+	else
+		HAVE_BLKID=0
+	fi
+}
+
 function valgrind_setup()
 {
 	command -v valgrind >/dev/null || fail "Cannot find valgrind."
@@ -1715,27 +1729,28 @@ echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --header $IMG_HDR $FAST_PBKD
 echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q --decrypt --header $IMG_HDR --init-only $FAST_PBKDF_ARGON || fail
 echo $PWD1 | $CRYPTSETUP reencrypt --encrypt --header $IMG_HDR $DEV -q $FAST_PBKDF_ARGON 2> /dev/null && fail
 
-echo "[30] Prevent nested encryption of broken LUKS device"
-rm -f $IMG_HDR
-xz -dk $HEADER_LUKS2_PV.xz
-wipe_dev $DEV
+check_blkid
+if [ "$HAVE_BLKID" -gt 0 ]; then
+	echo "[30] Prevent nested encryption of broken LUKS device"
+	rm -f $IMG_HDR
+	xz -dkf $HEADER_LUKS2_PV.xz
+	wipe_dev $DEV
 
-# broken header
-echo $PWD1 | $CRYPTSETUP reencrypt -q --header $HEADER_LUKS2_PV $DEV $FAST_PBKDF_ARGON --encrypt --type luks2 2>/dev/null && fail
-$CRYPTSETUP isLuks $HEADER_LUKS2_PV && fail
-# broken device
-echo $PWD1 | $CRYPTSETUP reencrypt -q $HEADER_LUKS2_PV $FAST_PBKDF_ARGON --encrypt --force-offline-reencrypt --type luks2 --reduce-device-size 8m 2>/dev/null && fail
-$CRYPTSETUP isLuks $HEADER_LUKS2_PV && fail
-# broken data device only
-echo $PWD1 | $CRYPTSETUP reencrypt -q --header $IMG_HDR $HEADER_LUKS2_PV $FAST_PBKDF_ARGON --encrypt --force-offline-reencrypt --type luks2 2>/dev/null && fail
-test -f $IMG_HDR && fail
+	# broken header
+	echo $PWD1 | $CRYPTSETUP reencrypt -q --header $HEADER_LUKS2_PV $DEV $FAST_PBKDF_ARGON --encrypt --type luks2 2>/dev/null && fail
+	$CRYPTSETUP isLuks $HEADER_LUKS2_PV && fail
+	# broken device
+	echo $PWD1 | $CRYPTSETUP reencrypt -q $HEADER_LUKS2_PV $FAST_PBKDF_ARGON --encrypt --force-offline-reencrypt --type luks2 --reduce-device-size 8m 2>/dev/null && fail
+	$CRYPTSETUP isLuks $HEADER_LUKS2_PV && fail
+	# broken data device only
+	echo $PWD1 | $CRYPTSETUP reencrypt -q --header $IMG_HDR $HEADER_LUKS2_PV $FAST_PBKDF_ARGON --encrypt --force-offline-reencrypt --type luks2 2>/dev/null && fail
+	test -f $IMG_HDR && fail
+fi
 
-echo "[31] Prevent dangerous sector size increase"
-bin_check blkid
-preparebig 64
-xz -dk $IMG_FS.xz
-blkid $IMG_FS | grep -q BLOCK_SIZE && BLKID_BLOCK_SIZE_SUPPORT=1
 if [ -n "$DM_SECTOR_SIZE" -a -n "$BLKID_BLOCK_SIZE_SUPPORT" ]; then
+	echo "[31] Prevent dangerous sector size increase"
+	preparebig 64
+	xz -dkf $IMG_FS.xz
 	# encryption checks must work in offline mode
 	echo $PWD1 | $CRYPTSETUP reencrypt --encrypt --force-offline-reencrypt --sector-size 1024 -q --header $IMG_HDR $IMG_FS $FAST_PBKDF_ARGON --init-only --type luks2 2>/dev/null && fail
 	test -f $IMG_HDR && fail
diff --git a/tests/reencryption-compat-test b/tests/reencryption-compat-test
index f21d5c8f..819e5f62 100755
--- a/tests/reencryption-compat-test
+++ b/tests/reencryption-compat-test
@@ -217,6 +217,17 @@ function test_logging() {
 	echo
 }
 
+function check_blkid() {
+	xz -dkf $HEADER_LUKS2_PV.xz
+	if ! $($CRYPTSETUP --version | grep -q "BLKID"); then
+		HAVE_BLKID=0
+	elif $(blkid -p -n crypto_LUKS $HEADER_LUKS2_PV >/dev/null 2>&1); then
+		HAVE_BLKID=1
+	else
+		HAVE_BLKID=0
+	fi
+}
+
 [ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped."
 [ ! -x "$REENC_BIN" ] && skip "Cannot find $REENC_BIN, test skipped."
 command -v wipefs >/dev/null ||  skip "Cannot find wipefs, test skipped."
@@ -417,20 +428,22 @@ echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 --header $IMG_HDR $FAST_PBKD
 echo $PWD1 | $REENC $LOOPDEV1 -q $FAST_PBKDF --new --type luks1 --header $IMG_HDR  2>/dev/null && fail
 echo $PWD1 | $REENC $LOOPDEV1 -q $FAST_PBKDF --new --type luks2 --header $IMG_HDR  2>/dev/null && fail
 
-echo "[13] Prevent nested encryption of broken LUKS device"
-rm -f $IMG_HDR
-wipe_dev $LOOPDEV1
-xz -dk $HEADER_LUKS2_PV.xz
-
-# broken header
-echo $PWD1 | $REENC --header $HEADER_LUKS2_PV $LOOPDEV1 -q $FAST_PBKDF --new --type luks1 2>/dev/null && fail
-$CRYPTSETUP isLuks $HEADER_LUKS2_PV && fail
-# broken device
-echo $PWD1 | $REENC $HEADER_LUKS2_PV -q $FAST_PBKDF --new --type luks1 --reduce-device-size 1024S 2>/dev/null && fail
-$CRYPTSETUP isLuks $HEADER_LUKS2_PV && fail
-# broken data device only
-echo $PWD1 | $REENC --header $IMG_HDR $HEADER_LUKS2_PV -q $FAST_PBKDF --new --type luks1 2>/dev/null && fail
-test -f $IMG_HDR && fail
+check_blkid
+if [ "$HAVE_BLKID" -gt 0 ]; then
+	echo "[13] Prevent nested encryption of broken LUKS device"
+	rm -f $IMG_HDR
+	wipe_dev $LOOPDEV1
+	xz -dkf $HEADER_LUKS2_PV.xz
+	# broken header
+	echo $PWD1 | $REENC --header $HEADER_LUKS2_PV $LOOPDEV1 -q $FAST_PBKDF --new --type luks1 2>/dev/null && fail
+	$CRYPTSETUP isLuks $HEADER_LUKS2_PV && fail
+	# broken device
+	echo $PWD1 | $REENC $HEADER_LUKS2_PV -q $FAST_PBKDF --new --type luks1 --reduce-device-size 1024S 2>/dev/null && fail
+	$CRYPTSETUP isLuks $HEADER_LUKS2_PV && fail
+	# broken data device only
+	echo $PWD1 | $REENC --header $IMG_HDR $HEADER_LUKS2_PV -q $FAST_PBKDF --new --type luks1 2>/dev/null && fail
+	test -f $IMG_HDR && fail
+fi
 
 remove_mapping
 exit 0