mirror of
https://gitlab.com/cryptsetup/cryptsetup.git
synced 2025-12-05 16:00:05 +01:00
Fix tests if compiled with --disable-blkid.
Note that htere are some systems with blkid but without blkid support for secondary LUKS2 header (CentOS6 for example).
This commit is contained in:
Milan Broz
@@ -4568,6 +4568,15 @@ static void Luks2Reencryption(void)
|
||||
}
|
||||
#endif
|
||||
|
||||
static int _crypt_load_check(struct crypt_device *cd)
|
||||
{
|
||||
#ifdef HAVE_BLKID
|
||||
return crypt_load(cd, CRYPT_LUKS, NULL);
|
||||
#else
|
||||
return -ENOTSUP;
|
||||
#endif
|
||||
}
|
||||
|
||||
static void Luks2Repair(void)
|
||||
{
|
||||
char rollback[256];
|
||||
@@ -4577,7 +4586,7 @@ static void Luks2Repair(void)
|
||||
|
||||
OK_(crypt_init(&cd, DEVICE_6));
|
||||
|
||||
FAIL_(crypt_load(cd, CRYPT_LUKS, NULL), "Ambiguous signature detected");
|
||||
FAIL_(_crypt_load_check(cd), "Ambiguous signature detected");
|
||||
FAIL_(crypt_repair(cd, CRYPT_LUKS1, NULL), "Not a LUKS2 device");
|
||||
|
||||
/* check explicit LUKS2 repair works */
|
||||
@@ -4588,7 +4597,7 @@ static void Luks2Repair(void)
|
||||
|
||||
/* rollback */
|
||||
OK_(_system(rollback, 1));
|
||||
FAIL_(crypt_load(cd, CRYPT_LUKS, NULL), "Ambiguous signature detected");
|
||||
FAIL_(_crypt_load_check(cd), "Ambiguous signature detected");
|
||||
|
||||
/* check repair with type detection works */
|
||||
OK_(crypt_repair(cd, CRYPT_LUKS, NULL));
|
||||
@@ -4600,7 +4609,7 @@ static void Luks2Repair(void)
|
||||
OK_(crypt_init(&cd, DEVICE_6));
|
||||
OK_(crypt_metadata_locking(cd, 0));
|
||||
|
||||
FAIL_(crypt_load(cd, CRYPT_LUKS, NULL), "Ambiguous signature detected");
|
||||
FAIL_(_crypt_load_check(cd), "Ambiguous signature detected");
|
||||
FAIL_(crypt_repair(cd, CRYPT_LUKS1, NULL), "Not a LUKS2 device");
|
||||
|
||||
/* check explicit LUKS2 repair works */
|
||||
@@ -4611,7 +4620,7 @@ static void Luks2Repair(void)
|
||||
|
||||
/* rollback */
|
||||
OK_(_system(rollback, 1));
|
||||
FAIL_(crypt_load(cd, CRYPT_LUKS, NULL), "Ambiguous signature detected");
|
||||
FAIL_(_crypt_load_check(cd), "Ambiguous signature detected");
|
||||
|
||||
/* check repair with type detection works */
|
||||
OK_(crypt_repair(cd, CRYPT_LUKS, NULL));
|
||||
|
||||
@@ -244,6 +244,11 @@ function setup_luks2_env() {
|
||||
else
|
||||
HAVE_KEYRING=0
|
||||
fi
|
||||
if $($CRYPTSETUP --version | grep -q "BLKID"); then
|
||||
HAVE_BLKID=1
|
||||
else
|
||||
HAVE_BLKID=0
|
||||
fi
|
||||
$CRYPTSETUP close $DEV_NAME || fail
|
||||
}
|
||||
|
||||
@@ -747,10 +752,12 @@ $CRYPTSETUP -q luksDump $HEADER_IMG | grep -q "offset: $((512 * 131072)) \[byte
|
||||
|
||||
prepare "[29] Repair metadata" wipe
|
||||
xz -dk $HEADER_LUKS2_PV.xz
|
||||
if [ "$HAVE_BLKID" -gt 0 ]; then
|
||||
$CRYPTSETUP isLuks --disable-locks $HEADER_LUKS2_PV && fail
|
||||
$CRYPTSETUP isLuks $HEADER_LUKS2_PV && fail
|
||||
$CRYPTSETUP isLuks --disable-locks --type luks2 $HEADER_LUKS2_PV && fail
|
||||
$CRYPTSETUP isLuks --type luks2 $HEADER_LUKS2_PV && fail
|
||||
fi
|
||||
$CRYPTSETUP -q repair $HEADER_LUKS2_PV || fail
|
||||
$CRYPTSETUP isLuks $HEADER_LUKS2_PV || fail
|
||||
$CRYPTSETUP isLuks --type luks2 $HEADER_LUKS2_PV || fail
|
||||
|
||||
@@ -706,6 +706,20 @@ function setup_luks2_env() {
|
||||
$CRYPTSETUP close $DEV_NAME || fail
|
||||
}
|
||||
|
||||
function check_blkid() {
|
||||
bin_check blkid
|
||||
xz -dkf $HEADER_LUKS2_PV.xz
|
||||
if ! $($CRYPTSETUP --version | grep -q "BLKID"); then
|
||||
HAVE_BLKID=0
|
||||
elif $(blkid -p -n crypto_LUKS $HEADER_LUKS2_PV >/dev/null 2>&1); then
|
||||
HAVE_BLKID=1
|
||||
xz -dkf $IMG_FS.xz
|
||||
blkid $IMG_FS | grep -q BLOCK_SIZE && BLKID_BLOCK_SIZE_SUPPORT=1
|
||||
else
|
||||
HAVE_BLKID=0
|
||||
fi
|
||||
}
|
||||
|
||||
function valgrind_setup()
|
||||
{
|
||||
command -v valgrind >/dev/null || fail "Cannot find valgrind."
|
||||
@@ -1715,9 +1729,11 @@ echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --header $IMG_HDR $FAST_PBKD
|
||||
echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q --decrypt --header $IMG_HDR --init-only $FAST_PBKDF_ARGON || fail
|
||||
echo $PWD1 | $CRYPTSETUP reencrypt --encrypt --header $IMG_HDR $DEV -q $FAST_PBKDF_ARGON 2> /dev/null && fail
|
||||
|
||||
check_blkid
|
||||
if [ "$HAVE_BLKID" -gt 0 ]; then
|
||||
echo "[30] Prevent nested encryption of broken LUKS device"
|
||||
rm -f $IMG_HDR
|
||||
xz -dk $HEADER_LUKS2_PV.xz
|
||||
xz -dkf $HEADER_LUKS2_PV.xz
|
||||
wipe_dev $DEV
|
||||
|
||||
# broken header
|
||||
@@ -1729,13 +1745,12 @@ $CRYPTSETUP isLuks $HEADER_LUKS2_PV && fail
|
||||
# broken data device only
|
||||
echo $PWD1 | $CRYPTSETUP reencrypt -q --header $IMG_HDR $HEADER_LUKS2_PV $FAST_PBKDF_ARGON --encrypt --force-offline-reencrypt --type luks2 2>/dev/null && fail
|
||||
test -f $IMG_HDR && fail
|
||||
fi
|
||||
|
||||
echo "[31] Prevent dangerous sector size increase"
|
||||
bin_check blkid
|
||||
preparebig 64
|
||||
xz -dk $IMG_FS.xz
|
||||
blkid $IMG_FS | grep -q BLOCK_SIZE && BLKID_BLOCK_SIZE_SUPPORT=1
|
||||
if [ -n "$DM_SECTOR_SIZE" -a -n "$BLKID_BLOCK_SIZE_SUPPORT" ]; then
|
||||
echo "[31] Prevent dangerous sector size increase"
|
||||
preparebig 64
|
||||
xz -dkf $IMG_FS.xz
|
||||
# encryption checks must work in offline mode
|
||||
echo $PWD1 | $CRYPTSETUP reencrypt --encrypt --force-offline-reencrypt --sector-size 1024 -q --header $IMG_HDR $IMG_FS $FAST_PBKDF_ARGON --init-only --type luks2 2>/dev/null && fail
|
||||
test -f $IMG_HDR && fail
|
||||
|
||||
@@ -217,6 +217,17 @@ function test_logging() {
|
||||
echo
|
||||
}
|
||||
|
||||
function check_blkid() {
|
||||
xz -dkf $HEADER_LUKS2_PV.xz
|
||||
if ! $($CRYPTSETUP --version | grep -q "BLKID"); then
|
||||
HAVE_BLKID=0
|
||||
elif $(blkid -p -n crypto_LUKS $HEADER_LUKS2_PV >/dev/null 2>&1); then
|
||||
HAVE_BLKID=1
|
||||
else
|
||||
HAVE_BLKID=0
|
||||
fi
|
||||
}
|
||||
|
||||
[ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped."
|
||||
[ ! -x "$REENC_BIN" ] && skip "Cannot find $REENC_BIN, test skipped."
|
||||
command -v wipefs >/dev/null || skip "Cannot find wipefs, test skipped."
|
||||
@@ -417,11 +428,12 @@ echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 --header $IMG_HDR $FAST_PBKD
|
||||
echo $PWD1 | $REENC $LOOPDEV1 -q $FAST_PBKDF --new --type luks1 --header $IMG_HDR 2>/dev/null && fail
|
||||
echo $PWD1 | $REENC $LOOPDEV1 -q $FAST_PBKDF --new --type luks2 --header $IMG_HDR 2>/dev/null && fail
|
||||
|
||||
check_blkid
|
||||
if [ "$HAVE_BLKID" -gt 0 ]; then
|
||||
echo "[13] Prevent nested encryption of broken LUKS device"
|
||||
rm -f $IMG_HDR
|
||||
wipe_dev $LOOPDEV1
|
||||
xz -dk $HEADER_LUKS2_PV.xz
|
||||
|
||||
xz -dkf $HEADER_LUKS2_PV.xz
|
||||
# broken header
|
||||
echo $PWD1 | $REENC --header $HEADER_LUKS2_PV $LOOPDEV1 -q $FAST_PBKDF --new --type luks1 2>/dev/null && fail
|
||||
$CRYPTSETUP isLuks $HEADER_LUKS2_PV && fail
|
||||
@@ -431,6 +443,7 @@ $CRYPTSETUP isLuks $HEADER_LUKS2_PV && fail
|
||||
# broken data device only
|
||||
echo $PWD1 | $REENC --header $IMG_HDR $HEADER_LUKS2_PV -q $FAST_PBKDF --new --type luks1 2>/dev/null && fail
|
||||
test -f $IMG_HDR && fail
|
||||
fi
|
||||
|
||||
remove_mapping
|
||||
exit 0
|
||||
|
||||
Reference in New Issue
Block a user