|
@@ -1,746 +0,0 @@
|
|
-Subject: Tests: update src/luks/tests to use shared tang test functions
|
|
|
|
-Origin: v15-3-ga07e753 <https://github.com/latchset/clevis/commit/v15-3-ga07e753>
|
|
|
|
-Upstream-Author: Sergio Correia <scorreia@redhat.com>
|
|
|
|
-Date: Fri Nov 20 01:13:50 2020 -0300
|
|
|
|
-
|
|
|
|
---- a/src/luks/tests/assume-yes
|
|
|
|
-+++ b/src/luks/tests/assume-yes
|
|
|
|
-@@ -33,11 +33,10 @@
|
|
|
|
-
|
|
|
|
- TMP="$(mktemp -d)"
|
|
|
|
-
|
|
|
|
--port=$(get_random_port)
|
|
|
|
--tang_run "${TMP}" "${port}" &
|
|
|
|
--tang_wait_until_ready "${port}"
|
|
|
|
-+port=$(tang_new_random_port)
|
|
|
|
-+tang_run "${TMP}" "${port}"
|
|
|
|
-
|
|
|
|
--url="http://${TANG_HOST}:${port}"
|
|
|
|
-+url="http://localhost:${port}"
|
|
|
|
- cfg=$(printf '{"url":"%s"}' "$url")
|
|
|
|
-
|
|
|
|
- test_tang() {
|
|
|
|
---- a/src/luks/tests/assume-yes-luks2
|
|
|
|
-+++ b/src/luks/tests/assume-yes-luks2
|
|
|
|
-@@ -33,11 +33,10 @@
|
|
|
|
-
|
|
|
|
- TMP="$(mktemp -d)"
|
|
|
|
-
|
|
|
|
--port=$(get_random_port)
|
|
|
|
--tang_run "${TMP}" "${port}" &
|
|
|
|
--tang_wait_until_ready "${port}"
|
|
|
|
-+port=$(tang_new_random_port)
|
|
|
|
-+tang_run "${TMP}" "${port}"
|
|
|
|
-
|
|
|
|
--url="http://${TANG_HOST}:${port}"
|
|
|
|
-+url="http://localhost:${port}"
|
|
|
|
- cfg=$(printf '{"url":"%s"}' "$url")
|
|
|
|
-
|
|
|
|
- # LUKS2.
|
|
|
|
---- a/src/luks/tests/backup-restore-luks1
|
|
|
|
-+++ b/src/luks/tests/backup-restore-luks1
|
|
|
|
-@@ -31,7 +31,7 @@
|
|
|
|
- TMP="$(mktemp -d)"
|
|
|
|
-
|
|
|
|
- ADV="${TMP}/adv.jws"
|
|
|
|
--create_tang_adv "${ADV}"
|
|
|
|
-+tang_create_adv "${TMP}" "${ADV}"
|
|
|
|
- CFG="$(printf '{"url":"foobar","adv":"%s"}' "$ADV")"
|
|
|
|
-
|
|
|
|
- # LUKS1.
|
|
|
|
---- a/src/luks/tests/backup-restore-luks2
|
|
|
|
-+++ b/src/luks/tests/backup-restore-luks2
|
|
|
|
-@@ -31,7 +31,7 @@
|
|
|
|
- TMP="$(mktemp -d)"
|
|
|
|
-
|
|
|
|
- ADV="${TMP}/adv.jws"
|
|
|
|
--create_tang_adv "${ADV}"
|
|
|
|
-+tang_create_adv "${TMP}" "${ADV}"
|
|
|
|
- CFG="$(printf '{"url":"foobar","adv":"%s"}' "$ADV")"
|
|
|
|
-
|
|
|
|
- # LUKS1.
|
|
|
|
---- a/src/luks/tests/bind-already-used-luksmeta-slot
|
|
|
|
-+++ b/src/luks/tests/bind-already-used-luksmeta-slot
|
|
|
|
-@@ -31,7 +31,7 @@
|
|
|
|
- TMP="$(mktemp -d)"
|
|
|
|
-
|
|
|
|
- ADV="${TMP}/adv.jws"
|
|
|
|
--create_tang_adv "${ADV}"
|
|
|
|
-+tang_create_adv "${TMP}" "${ADV}"
|
|
|
|
- CFG="$(printf '{"url":"foobar","adv":"%s"}' "$ADV")"
|
|
|
|
-
|
|
|
|
- # LUKS1.
|
|
|
|
---- a/src/luks/tests/bind-key-file-non-interactive-luks1
|
|
|
|
-+++ b/src/luks/tests/bind-key-file-non-interactive-luks1
|
|
|
|
-@@ -31,7 +31,7 @@
|
|
|
|
- TMP="$(mktemp -d)"
|
|
|
|
-
|
|
|
|
- ADV="${TMP}/adv.jws"
|
|
|
|
--create_tang_adv "${ADV}"
|
|
|
|
-+tang_create_adv "${TMP}" "${ADV}"
|
|
|
|
- CFG="$(printf '{"url":"foobar","adv":"%s"}' "$ADV")"
|
|
|
|
- UUID="cb6e8904-81ff-40da-a84a-07ab9ab5715e"
|
|
|
|
- KEYFILE="${TMP}/key"
|
|
|
|
---- a/src/luks/tests/bind-luks1
|
|
|
|
-+++ b/src/luks/tests/bind-luks1
|
|
|
|
-@@ -31,7 +31,7 @@
|
|
|
|
- TMP="$(mktemp -d)"
|
|
|
|
-
|
|
|
|
- ADV="${TMP}/adv.jws"
|
|
|
|
--create_tang_adv "${ADV}"
|
|
|
|
-+tang_create_adv "${TMP}" "${ADV}"
|
|
|
|
- CFG="$(printf '{"url":"foobar","adv":"%s"}' "$ADV")"
|
|
|
|
-
|
|
|
|
- # LUKS1.
|
|
|
|
---- a/src/luks/tests/bind-luks2
|
|
|
|
-+++ b/src/luks/tests/bind-luks2
|
|
|
|
-@@ -35,7 +35,7 @@
|
|
|
|
- TMP="$(mktemp -d)"
|
|
|
|
-
|
|
|
|
- ADV="${TMP}/adv.jws"
|
|
|
|
--create_tang_adv "${ADV}"
|
|
|
|
-+tang_create_adv "${TMP}" "${ADV}"
|
|
|
|
- CFG="$(printf '{"url":"foobar","adv":"%s"}' "$ADV")"
|
|
|
|
-
|
|
|
|
- # LUKS2.
|
|
|
|
---- a/src/luks/tests/bind-pass-with-newline-keyfile-luks1
|
|
|
|
-+++ b/src/luks/tests/bind-pass-with-newline-keyfile-luks1
|
|
|
|
-@@ -31,7 +31,7 @@
|
|
|
|
- TMP="$(mktemp -d)"
|
|
|
|
-
|
|
|
|
- ADV="${TMP}/adv.jws"
|
|
|
|
--create_tang_adv "${ADV}"
|
|
|
|
-+tang_create_adv "${TMP}" "${ADV}"
|
|
|
|
- CFG="$(printf '{"url":"foobar","adv":"%s"}' "$ADV")"
|
|
|
|
-
|
|
|
|
- # LUKS1.
|
|
|
|
---- a/src/luks/tests/bind-pass-with-newline-luks1
|
|
|
|
-+++ b/src/luks/tests/bind-pass-with-newline-luks1
|
|
|
|
-@@ -31,7 +31,7 @@
|
|
|
|
- TMP="$(mktemp -d)"
|
|
|
|
-
|
|
|
|
- ADV="${TMP}/adv.jws"
|
|
|
|
--create_tang_adv "${ADV}"
|
|
|
|
-+tang_create_adv "${TMP}" "${ADV}"
|
|
|
|
- CFG="$(printf '{"url":"foobar","adv":"%s"}' "$ADV")"
|
|
|
|
-
|
|
|
|
- # LUKS1.
|
|
|
|
---- a/src/luks/tests/bind-wrong-pass-luks1
|
|
|
|
-+++ b/src/luks/tests/bind-wrong-pass-luks1
|
|
|
|
-@@ -31,7 +31,7 @@
|
|
|
|
- TMP="$(mktemp -d)"
|
|
|
|
-
|
|
|
|
- ADV="${TMP}/adv.jws"
|
|
|
|
--create_tang_adv "${ADV}"
|
|
|
|
-+tang_create_adv "${TMP}" "${ADV}"
|
|
|
|
- CFG="$(printf '{"url":"foobar","adv":"%s"}' "$ADV")"
|
|
|
|
-
|
|
|
|
- # LUKS1.
|
|
|
|
---- a/src/luks/tests/bind-wrong-pass-luks2
|
|
|
|
-+++ b/src/luks/tests/bind-wrong-pass-luks2
|
|
|
|
-@@ -35,7 +35,7 @@
|
|
|
|
- TMP="$(mktemp -d)"
|
|
|
|
-
|
|
|
|
- ADV="${TMP}/adv.jws"
|
|
|
|
--create_tang_adv "${ADV}"
|
|
|
|
-+tang_create_adv "${TMP}" "${ADV}"
|
|
|
|
- CFG="$(printf '{"url":"foobar","adv":"%s"}' "$ADV")"
|
|
|
|
-
|
|
|
|
- # LUKS2.
|
|
|
|
---- a/src/luks/tests/edit-tang-luks1
|
|
|
|
-+++ b/src/luks/tests/edit-tang-luks1
|
|
|
|
-@@ -36,11 +36,10 @@
|
|
|
|
-
|
|
|
|
- TMP="$(mktemp -d)"
|
|
|
|
-
|
|
|
|
--port=$(get_random_port)
|
|
|
|
--tang_run "${TMP}" "${port}" &
|
|
|
|
--tang_wait_until_ready "${port}"
|
|
|
|
-+port=$(tang_new_random_port)
|
|
|
|
-+tang_run "${TMP}" "${port}"
|
|
|
|
-
|
|
|
|
--url="http://${TANG_HOST}:${port}"
|
|
|
|
-+url="http://localhost:${port}"
|
|
|
|
-
|
|
|
|
- cfg=$(printf '{"url":"%s"}' "${url}")
|
|
|
|
-
|
|
|
|
-@@ -65,11 +64,10 @@
|
|
|
|
-
|
|
|
|
- # Now let's have another tang instance running and change the config to use
|
|
|
|
- # the new one.
|
|
|
|
--port2=$(get_random_port)
|
|
|
|
-+port2=$(tang_new_random_port)
|
|
|
|
- TMP2="$(mktemp -d)"
|
|
|
|
--tang_run "${TMP2}" "${port2}" &
|
|
|
|
--tang_wait_until_ready "${port2}"
|
|
|
|
--new_url="http://${TANG_HOST}:${port2}"
|
|
|
|
-+tang_run "${TMP2}" "${port2}"
|
|
|
|
-+new_url="http://localhost:${port2}"
|
|
|
|
- new_cfg=$(printf '{"url":"%s"}' "${new_url}")
|
|
|
|
-
|
|
|
|
- if ! clevis luks edit -d "${DEV}" -s 1 -c "${new_cfg}"; then
|
|
|
|
---- a/src/luks/tests/edit-tang-luks2
|
|
|
|
-+++ b/src/luks/tests/edit-tang-luks2
|
|
|
|
-@@ -36,11 +36,10 @@
|
|
|
|
-
|
|
|
|
- TMP="$(mktemp -d)"
|
|
|
|
-
|
|
|
|
--port=$(get_random_port)
|
|
|
|
--tang_run "${TMP}" "${port}" &
|
|
|
|
--tang_wait_until_ready "${port}"
|
|
|
|
-+port=$(tang_new_random_port)
|
|
|
|
-+tang_run "${TMP}" "${port}"
|
|
|
|
-
|
|
|
|
--url="http://${TANG_HOST}:${port}"
|
|
|
|
-+url="http://localhost:${port}"
|
|
|
|
-
|
|
|
|
- cfg=$(printf '{"url":"%s"}' "${url}")
|
|
|
|
-
|
|
|
|
-@@ -65,11 +64,10 @@
|
|
|
|
-
|
|
|
|
- # Now let's have another tang instance running and change the config to use
|
|
|
|
- # the new one.
|
|
|
|
--port2=$(get_random_port)
|
|
|
|
-+port2=$(tang_new_random_port)
|
|
|
|
- TMP2="$(mktemp -d)"
|
|
|
|
--tang_run "${TMP2}" "${port2}" &
|
|
|
|
--tang_wait_until_ready "${port2}"
|
|
|
|
--new_url="http://${TANG_HOST}:${port2}"
|
|
|
|
-+tang_run "${TMP2}" "${port2}"
|
|
|
|
-+new_url="http://localhost:${port2}"
|
|
|
|
- new_cfg=$(printf '{"url":"%s"}' "${new_url}")
|
|
|
|
-
|
|
|
|
- if ! clevis luks edit -d "${DEV}" -s 1 -c "${new_cfg}"; then
|
|
|
|
---- a/src/luks/tests/list-recursive-luks1
|
|
|
|
-+++ b/src/luks/tests/list-recursive-luks1
|
|
|
|
-@@ -31,7 +31,7 @@
|
|
|
|
- TMP="$(mktemp -d)"
|
|
|
|
-
|
|
|
|
- ADV="${TMP}/adv.jws"
|
|
|
|
--create_tang_adv "${ADV}"
|
|
|
|
-+tang_create_adv "${TMP}" "${ADV}"
|
|
|
|
- PIN="sss"
|
|
|
|
- CFG=$(printf '
|
|
|
|
- {
|
|
|
|
---- a/src/luks/tests/list-recursive-luks2
|
|
|
|
-+++ b/src/luks/tests/list-recursive-luks2
|
|
|
|
-@@ -31,7 +31,7 @@
|
|
|
|
- TMP="$(mktemp -d)"
|
|
|
|
-
|
|
|
|
- ADV="${TMP}/adv.jws"
|
|
|
|
--create_tang_adv "${ADV}"
|
|
|
|
-+tang_create_adv "${TMP}" "${ADV}"
|
|
|
|
- PIN="sss"
|
|
|
|
- CFG=$(printf '
|
|
|
|
- {
|
|
|
|
---- a/src/luks/tests/list-sss-tang-luks1
|
|
|
|
-+++ b/src/luks/tests/list-sss-tang-luks1
|
|
|
|
-@@ -31,7 +31,7 @@
|
|
|
|
- TMP="$(mktemp -d)"
|
|
|
|
-
|
|
|
|
- ADV="${TMP}/adv.jws"
|
|
|
|
--create_tang_adv "${ADV}"
|
|
|
|
-+tang_create_adv "${TMP}" "${ADV}"
|
|
|
|
- PIN="sss"
|
|
|
|
- CFG=$(printf '
|
|
|
|
- {
|
|
|
|
---- a/src/luks/tests/list-sss-tang-luks2
|
|
|
|
-+++ b/src/luks/tests/list-sss-tang-luks2
|
|
|
|
-@@ -31,7 +31,7 @@
|
|
|
|
- TMP="$(mktemp -d)"
|
|
|
|
-
|
|
|
|
- ADV="${TMP}/adv.jws"
|
|
|
|
--create_tang_adv "${ADV}"
|
|
|
|
-+tang_create_adv "${TMP}" "${ADV}"
|
|
|
|
- PIN="sss"
|
|
|
|
- CFG=$(printf '
|
|
|
|
- {
|
|
|
|
---- a/src/luks/tests/list-tang-luks1
|
|
|
|
-+++ b/src/luks/tests/list-tang-luks1
|
|
|
|
-@@ -31,7 +31,7 @@
|
|
|
|
- TMP="$(mktemp -d)"
|
|
|
|
-
|
|
|
|
- ADV="${TMP}/adv.jws"
|
|
|
|
--create_tang_adv "${ADV}"
|
|
|
|
-+tang_create_adv "${TMP}" "${ADV}"
|
|
|
|
- PIN="tang"
|
|
|
|
- CFG=$(printf '{"url": "ADDR","adv": "%s"}' "${ADV}")
|
|
|
|
-
|
|
|
|
---- a/src/luks/tests/list-tang-luks2
|
|
|
|
-+++ b/src/luks/tests/list-tang-luks2
|
|
|
|
-@@ -31,7 +31,7 @@
|
|
|
|
- TMP="$(mktemp -d)"
|
|
|
|
-
|
|
|
|
- ADV="${TMP}/adv.jws"
|
|
|
|
--create_tang_adv "${ADV}"
|
|
|
|
-+tang_create_adv "${TMP}" "${ADV}"
|
|
|
|
- PIN="tang"
|
|
|
|
- CFG=$(printf '{"url": "ADDR","adv": "%s"}' "${ADV}")
|
|
|
|
-
|
|
|
|
---- a/src/luks/tests/meson.build
|
|
|
|
-+++ b/src/luks/tests/meson.build
|
|
|
|
-@@ -1,39 +1,6 @@
|
|
|
|
- # We use jq for comparing the pin config in the clevis luks list tests.
|
|
|
|
- jq = find_program('jq', required: false)
|
|
|
|
-
|
|
|
|
--# We use systemd-socket-activate for running test tang servers.
|
|
|
|
--actv = find_program(
|
|
|
|
-- 'systemd-socket-activate',
|
|
|
|
-- 'systemd-activate',
|
|
|
|
-- join_paths('/', 'usr', 'lib', 'systemd', 'systemd-activate'),
|
|
|
|
-- required: false
|
|
|
|
--)
|
|
|
|
--
|
|
|
|
--kgen = find_program(
|
|
|
|
-- join_paths(libexecdir, 'tangd-keygen'),
|
|
|
|
-- join_paths(get_option('prefix'), get_option('libdir'), 'tangd-keygen'),
|
|
|
|
-- join_paths(get_option('prefix'), get_option('libexecdir'), 'tangd-keygen'),
|
|
|
|
-- join_paths('/', 'usr', get_option('libdir'), 'tangd-keygen'),
|
|
|
|
-- join_paths('/', 'usr', get_option('libexecdir'), 'tangd-keygen'),
|
|
|
|
-- required: false
|
|
|
|
--)
|
|
|
|
--updt = find_program(
|
|
|
|
-- join_paths(libexecdir, 'tangd-update'),
|
|
|
|
-- join_paths(get_option('prefix'), get_option('libdir'), 'tangd-update'),
|
|
|
|
-- join_paths(get_option('prefix'), get_option('libexecdir'), 'tangd-update'),
|
|
|
|
-- join_paths('/', 'usr', get_option('libdir'), 'tangd-update'),
|
|
|
|
-- join_paths('/', 'usr', get_option('libexecdir'), 'tangd-update'),
|
|
|
|
-- required: false
|
|
|
|
--)
|
|
|
|
--tang = find_program(
|
|
|
|
-- join_paths(libexecdir, 'tangd'),
|
|
|
|
-- join_paths(get_option('prefix'), get_option('libdir'), 'tangd'),
|
|
|
|
-- join_paths(get_option('prefix'), get_option('libexecdir'), 'tangd'),
|
|
|
|
-- join_paths('/', 'usr', get_option('libdir'), 'tangd'),
|
|
|
|
-- join_paths('/', 'usr', get_option('libexecdir'), 'tangd'),
|
|
|
|
-- required: false
|
|
|
|
--)
|
|
|
|
--
|
|
|
|
- common_functions = configure_file(input: 'tests-common-functions.in',
|
|
|
|
- output: 'tests-common-functions',
|
|
|
|
- configuration: luksmeta_data,
|
|
|
|
-@@ -53,19 +20,11 @@
|
|
|
|
- join_paths(meson.build_root(), 'src', 'luks'),
|
|
|
|
- join_paths(meson.build_root(), 'src', 'pins', 'sss'),
|
|
|
|
- join_paths(meson.build_root(), 'src', 'pins', 'tang'),
|
|
|
|
-+ join_paths(meson.build_root(), 'src', 'pins', 'tang', 'tests'),
|
|
|
|
- join_paths(meson.build_root(), 'src', 'pins', 'tpm2'),
|
|
|
|
- separator: ':'
|
|
|
|
- )
|
|
|
|
-
|
|
|
|
--has_tang = false
|
|
|
|
--if actv.found() and kgen.found() and updt.found() and tang.found()
|
|
|
|
-- has_tang = true
|
|
|
|
-- env.set('SD_ACTIVATE', actv.path())
|
|
|
|
-- env.set('TANGD_KEYGEN', kgen.path())
|
|
|
|
-- env.set('TANGD_UPDATE', updt.path())
|
|
|
|
-- env.set('TANGD', tang.path())
|
|
|
|
--endif
|
|
|
|
--
|
|
|
|
- test('bind-wrong-pass-luks1', find_program('bind-wrong-pass-luks1'), env: env)
|
|
|
|
- test('bind-luks1', find_program('bind-luks1'), env: env)
|
|
|
|
- test('unbind-unbound-slot-luks1', find_program('unbind-unbound-slot-luks1'), env: env)
|
|
|
|
-@@ -85,15 +44,13 @@
|
|
|
|
- warning('Will not run "clevis luks list" tests due to missing jq dependency')
|
|
|
|
- endif
|
|
|
|
-
|
|
|
|
--if has_tang
|
|
|
|
-- test('unlock-tang-luks1', find_program('unlock-tang-luks1'), env: env, timeout: 90)
|
|
|
|
-- test('assume-yes', find_program('assume-yes'), env: env, timeout: 60)
|
|
|
|
-- test('regen-inplace-luks1', find_program('regen-inplace-luks1'), env: env, timeout: 90)
|
|
|
|
-- test('regen-not-inplace-luks1', find_program('regen-not-inplace-luks1'), env: env, timeout: 90)
|
|
|
|
-- test('report-tang-luks1', find_program('report-tang-luks1'), env: env, timeout: 90)
|
|
|
|
-- test('report-sss-luks1', find_program('report-sss-luks1'), env: env, timeout: 90)
|
|
|
|
-- test('edit-tang-luks1', find_program('edit-tang-luks1'), env: env, timeout: 150)
|
|
|
|
--endif
|
|
|
|
-+test('unlock-tang-luks1', find_program('unlock-tang-luks1'), env: env, timeout: 90)
|
|
|
|
-+test('assume-yes', find_program('assume-yes'), env: env, timeout: 60)
|
|
|
|
-+test('regen-inplace-luks1', find_program('regen-inplace-luks1'), env: env, timeout: 90)
|
|
|
|
-+test('regen-not-inplace-luks1', find_program('regen-not-inplace-luks1'), env: env, timeout: 90)
|
|
|
|
-+test('report-tang-luks1', find_program('report-tang-luks1'), env: env, timeout: 90)
|
|
|
|
-+test('report-sss-luks1', find_program('report-sss-luks1'), env: env, timeout: 90)
|
|
|
|
-+test('edit-tang-luks1', find_program('edit-tang-luks1'), env: env, timeout: 150)
|
|
|
|
-
|
|
|
|
- test('backup-restore-luks1', find_program('backup-restore-luks1'), env: env, timeout: 60)
|
|
|
|
-
|
|
|
|
-@@ -112,15 +69,13 @@
|
|
|
|
- test('list-sss-tang-luks2', find_program('list-sss-tang-luks2'), env: env, timeout: 60)
|
|
|
|
- endif
|
|
|
|
-
|
|
|
|
-- if has_tang
|
|
|
|
-- test('unlock-tang-luks2', find_program('unlock-tang-luks2'), env: env, timeout: 120)
|
|
|
|
-- test('assume-yes-luks2', find_program('assume-yes-luks2'), env: env, timeout: 90)
|
|
|
|
-- test('regen-inplace-luks2', find_program('regen-inplace-luks2'), env: env, timeout: 120)
|
|
|
|
-- test('regen-not-inplace-luks2', find_program('regen-not-inplace-luks2'), env: env, timeout: 120)
|
|
|
|
-- test('report-tang-luks2', find_program('report-tang-luks2'), env: env, timeout: 120)
|
|
|
|
-- test('report-sss-luks2', find_program('report-sss-luks2'), env: env, timeout: 120)
|
|
|
|
-- test('edit-tang-luks2', find_program('edit-tang-luks2'), env: env, timeout: 210)
|
|
|
|
-- endif
|
|
|
|
-+ test('unlock-tang-luks2', find_program('unlock-tang-luks2'), env: env, timeout: 120)
|
|
|
|
-+ test('assume-yes-luks2', find_program('assume-yes-luks2'), env: env, timeout: 90)
|
|
|
|
-+ test('regen-inplace-luks2', find_program('regen-inplace-luks2'), env: env, timeout: 120)
|
|
|
|
-+ test('regen-not-inplace-luks2', find_program('regen-not-inplace-luks2'), env: env, timeout: 120)
|
|
|
|
-+ test('report-tang-luks2', find_program('report-tang-luks2'), env: env, timeout: 120)
|
|
|
|
-+ test('report-sss-luks2', find_program('report-sss-luks2'), env: env, timeout: 120)
|
|
|
|
-+ test('edit-tang-luks2', find_program('edit-tang-luks2'), env: env, timeout: 210)
|
|
|
|
-
|
|
|
|
--test('backup-restore-luks2', find_program('backup-restore-luks2'), env: env, timeout: 120)
|
|
|
|
-+ test('backup-restore-luks2', find_program('backup-restore-luks2'), env: env, timeout: 120)
|
|
|
|
- endif
|
|
|
|
---- a/src/luks/tests/regen-inplace-luks1
|
|
|
|
-+++ b/src/luks/tests/regen-inplace-luks1
|
|
|
|
-@@ -32,11 +32,10 @@
|
|
|
|
-
|
|
|
|
- TMP=$(mktemp -d)
|
|
|
|
-
|
|
|
|
--port=$(get_random_port)
|
|
|
|
--tang_run "${TMP}" "${port}" &
|
|
|
|
--tang_wait_until_ready "${port}"
|
|
|
|
-+port=$(tang_new_random_port)
|
|
|
|
-+tang_run "${TMP}" "${port}"
|
|
|
|
-
|
|
|
|
--url="http://${TANG_HOST}:${port}"
|
|
|
|
-+url="http://localhost:${port}"
|
|
|
|
- adv="${TMP}/adv"
|
|
|
|
- tang_get_adv "${port}" "${adv}"
|
|
|
|
-
|
|
|
|
---- a/src/luks/tests/regen-inplace-luks2
|
|
|
|
-+++ b/src/luks/tests/regen-inplace-luks2
|
|
|
|
-@@ -32,11 +32,10 @@
|
|
|
|
-
|
|
|
|
- TMP=$(mktemp -d)
|
|
|
|
-
|
|
|
|
--port=$(get_random_port)
|
|
|
|
--tang_run "${TMP}" "${port}" &
|
|
|
|
--tang_wait_until_ready "${port}"
|
|
|
|
-+port=$(tang_new_random_port)
|
|
|
|
-+tang_run "${TMP}" "${port}"
|
|
|
|
-
|
|
|
|
--url="http://${TANG_HOST}:${port}"
|
|
|
|
-+url="http://localhost:${port}"
|
|
|
|
- adv="${TMP}/adv"
|
|
|
|
- tang_get_adv "${port}" "${adv}"
|
|
|
|
-
|
|
|
|
---- a/src/luks/tests/regen-not-inplace-luks1
|
|
|
|
-+++ b/src/luks/tests/regen-not-inplace-luks1
|
|
|
|
-@@ -32,11 +32,10 @@
|
|
|
|
-
|
|
|
|
- export TMP=$(mktemp -d)
|
|
|
|
-
|
|
|
|
--port=$(get_random_port)
|
|
|
|
--tang_run "${TMP}" "${port}" &
|
|
|
|
--tang_wait_until_ready "${port}"
|
|
|
|
-+port=$(tang_new_random_port)
|
|
|
|
-+tang_run "${TMP}" "${port}"
|
|
|
|
-
|
|
|
|
--url="http://${TANG_HOST}:${port}"
|
|
|
|
-+url="http://localhost:${port}"
|
|
|
|
- adv="${TMP}/adv"
|
|
|
|
- tang_get_adv "${port}" "${adv}"
|
|
|
|
-
|
|
|
|
---- a/src/luks/tests/regen-not-inplace-luks2
|
|
|
|
-+++ b/src/luks/tests/regen-not-inplace-luks2
|
|
|
|
-@@ -32,11 +32,10 @@
|
|
|
|
-
|
|
|
|
- export TMP=$(mktemp -d)
|
|
|
|
-
|
|
|
|
--port=$(get_random_port)
|
|
|
|
--tang_run "${TMP}" "${port}" &
|
|
|
|
--tang_wait_until_ready "${port}"
|
|
|
|
-+port=$(tang_new_random_port)
|
|
|
|
-+tang_run "${TMP}" "${port}"
|
|
|
|
-
|
|
|
|
--url="http://${TANG_HOST}:${port}"
|
|
|
|
-+url="http://localhost:${port}"
|
|
|
|
- adv="${TMP}/adv"
|
|
|
|
- tang_get_adv "${port}" "${adv}"
|
|
|
|
-
|
|
|
|
---- a/src/luks/tests/report-sss-luks1
|
|
|
|
-+++ b/src/luks/tests/report-sss-luks1
|
|
|
|
-@@ -32,11 +32,10 @@
|
|
|
|
-
|
|
|
|
- TMP=$(mktemp -d)
|
|
|
|
-
|
|
|
|
--port=$(get_random_port)
|
|
|
|
--tang_run "${TMP}" "${port}" &
|
|
|
|
--tang_wait_until_ready "${port}"
|
|
|
|
-+port=$(tang_new_random_port)
|
|
|
|
-+tang_run "${TMP}" "${port}"
|
|
|
|
-
|
|
|
|
--url="http://${TANG_HOST}:${port}"
|
|
|
|
-+url="http://localhost:${port}"
|
|
|
|
- adv="${TMP}/adv"
|
|
|
|
- tang_get_adv "${port}" "${adv}"
|
|
|
|
-
|
|
|
|
---- a/src/luks/tests/report-sss-luks2
|
|
|
|
-+++ b/src/luks/tests/report-sss-luks2
|
|
|
|
-@@ -32,11 +32,10 @@
|
|
|
|
-
|
|
|
|
- TMP=$(mktemp -d)
|
|
|
|
-
|
|
|
|
--port=$(get_random_port)
|
|
|
|
--tang_run "${TMP}" "${port}" &
|
|
|
|
--tang_wait_until_ready "${port}"
|
|
|
|
-+port=$(tang_new_random_port)
|
|
|
|
-+tang_run "${TMP}" "${port}"
|
|
|
|
-
|
|
|
|
--url="http://${TANG_HOST}:${port}"
|
|
|
|
-+url="http://localhost:${port}"
|
|
|
|
- adv="${TMP}/adv"
|
|
|
|
- tang_get_adv "${port}" "${adv}"
|
|
|
|
-
|
|
|
|
---- a/src/luks/tests/report-tang-luks1
|
|
|
|
-+++ b/src/luks/tests/report-tang-luks1
|
|
|
|
-@@ -32,11 +32,10 @@
|
|
|
|
-
|
|
|
|
- TMP=$(mktemp -d)
|
|
|
|
-
|
|
|
|
--port=$(get_random_port)
|
|
|
|
--tang_run "${TMP}" "${port}" &
|
|
|
|
--tang_wait_until_ready "${port}"
|
|
|
|
-+port=$(tang_new_random_port)
|
|
|
|
-+tang_run "${TMP}" "${port}"
|
|
|
|
-
|
|
|
|
--url="http://${TANG_HOST}:${port}"
|
|
|
|
-+url="http://localhost:${port}"
|
|
|
|
- adv="${TMP}/adv"
|
|
|
|
- tang_get_adv "${port}" "${adv}"
|
|
|
|
-
|
|
|
|
---- a/src/luks/tests/report-tang-luks2
|
|
|
|
-+++ b/src/luks/tests/report-tang-luks2
|
|
|
|
-@@ -32,11 +32,10 @@
|
|
|
|
-
|
|
|
|
- TMP=$(mktemp -d)
|
|
|
|
-
|
|
|
|
--port=$(get_random_port)
|
|
|
|
--tang_run "${TMP}" "${port}" &
|
|
|
|
--tang_wait_until_ready "${port}"
|
|
|
|
-+port=$(tang_new_random_port)
|
|
|
|
-+tang_run "${TMP}" "${port}"
|
|
|
|
-
|
|
|
|
--url="http://${TANG_HOST}:${port}"
|
|
|
|
-+url="http://localhost:${port}"
|
|
|
|
- adv="${TMP}/adv"
|
|
|
|
- tang_get_adv "${port}" "${adv}"
|
|
|
|
-
|
|
|
|
---- a/src/luks/tests/tests-common-functions.in
|
|
|
|
-+++ b/src/luks/tests/tests-common-functions.in
|
|
|
|
-@@ -18,6 +18,8 @@
|
|
|
|
- # along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
- #
|
|
|
|
-
|
|
|
|
-+. tang-common-test-functions
|
|
|
|
-+
|
|
|
|
- error() {
|
|
|
|
- echo "${1}" >&2
|
|
|
|
- exit 1
|
|
|
|
-@@ -34,20 +36,6 @@
|
|
|
|
- return @OLD_CRYPTSETUP@
|
|
|
|
- }
|
|
|
|
-
|
|
|
|
--# Creates a tang adv to be used in the test.
|
|
|
|
--create_tang_adv() {
|
|
|
|
-- local adv="${1}"
|
|
|
|
-- local SIG="${TMP}/sig.jwk"
|
|
|
|
-- jose jwk gen -i '{"alg":"ES512"}' > "${SIG}"
|
|
|
|
--
|
|
|
|
-- local EXC="${TMP}/exc.jwk"
|
|
|
|
-- jose jwk gen -i '{"alg":"ECMR"}' > "${EXC}"
|
|
|
|
--
|
|
|
|
-- local TEMPLATE='{"protected":{"cty":"jwk-set+json"}}'
|
|
|
|
-- jose jwk pub -s -i "${SIG}" -i "${EXC}" \
|
|
|
|
-- | jose jws sig -I- -s "${TEMPLATE}" -k "${SIG}" -o "${adv}"
|
|
|
|
--}
|
|
|
|
--
|
|
|
|
- # Creates a new LUKS1 or LUKS2 device to be used.
|
|
|
|
- new_device() {
|
|
|
|
- local LUKS="${1}"
|
|
|
|
-@@ -236,132 +224,4 @@
|
|
|
|
- return 0
|
|
|
|
- }
|
|
|
|
-
|
|
|
|
--
|
|
|
|
--# Get a random port to be used with a test tang server.
|
|
|
|
--get_random_port() {
|
|
|
|
-- shuf -i 1024-65535 -n 1
|
|
|
|
--}
|
|
|
|
--
|
|
|
|
--# Removes tang rotated keys from the test server.
|
|
|
|
--tang_remove_rotated_keys() {
|
|
|
|
-- local basedir="${1}"
|
|
|
|
--
|
|
|
|
-- if [ -z "${basedir}" ]; then
|
|
|
|
-- echo "Please pass a valid base directory for tang"
|
|
|
|
-- return 1
|
|
|
|
-- fi
|
|
|
|
--
|
|
|
|
-- [ -z "${TANGD_UPDATE}" ] && skip_test "WARNING: TANGD_UPDATE is not defined."
|
|
|
|
--
|
|
|
|
-- local db="${basedir}/db"
|
|
|
|
-- local cache="${basedir}/cache"
|
|
|
|
-- mkdir -p "${db}"
|
|
|
|
-- mkdir -p "${cache}"
|
|
|
|
--
|
|
|
|
-- pushd "${db}"
|
|
|
|
-- find . -name ".*.jwk" -exec rm -f {} \;
|
|
|
|
-- popd
|
|
|
|
--
|
|
|
|
-- "${TANGD_UPDATE}" "${db}" "${cache}"
|
|
|
|
-- return 0
|
|
|
|
--}
|
|
|
|
--
|
|
|
|
--# Creates new keys for the test tang server.
|
|
|
|
--tang_new_keys() {
|
|
|
|
-- local basedir="${1}"
|
|
|
|
-- local rotate="${2}"
|
|
|
|
--
|
|
|
|
-- if [ -z "${basedir}" ]; then
|
|
|
|
-- echo "Please pass a valid base directory for tang"
|
|
|
|
-- return 1
|
|
|
|
-- fi
|
|
|
|
--
|
|
|
|
-- [ -z "${TANGD_KEYGEN}" ] && skip_test "WARNING: TANGD_KEYGEN is not defined."
|
|
|
|
-- [ -z "${TANGD_UPDATE}" ] && skip_test "WARNING: TANGD_UPDATE is not defined."
|
|
|
|
--
|
|
|
|
-- local db="${basedir}/db"
|
|
|
|
-- local cache="${basedir}/cache"
|
|
|
|
-- mkdir -p "${db}"
|
|
|
|
--
|
|
|
|
-- if [ -n "${rotate}" ]; then
|
|
|
|
-- pushd "${db}"
|
|
|
|
-- local k
|
|
|
|
-- k=$(find . -name "*.jwk" | wc -l)
|
|
|
|
-- if [ "${k}" -gt 0 ]; then
|
|
|
|
-- for k in *.jwk; do
|
|
|
|
-- mv -f -- "${k}" ".${k}"
|
|
|
|
-- done
|
|
|
|
-- fi
|
|
|
|
-- popd
|
|
|
|
-- fi
|
|
|
|
--
|
|
|
|
-- "${TANGD_KEYGEN}" "${db}"
|
|
|
|
-- "${TANGD_UPDATE}" "${db}" "${cache}"
|
|
|
|
--
|
|
|
|
-- return 0
|
|
|
|
--}
|
|
|
|
--
|
|
|
|
--# Start a test tang server.
|
|
|
|
--tang_run() {
|
|
|
|
-- local basedir="${1}"
|
|
|
|
-- local port="${2}"
|
|
|
|
--
|
|
|
|
-- if [ -z "${basedir}" ]; then
|
|
|
|
-- echo "Please pass a valid base directory for tang" >&2
|
|
|
|
-- return 1
|
|
|
|
-- fi
|
|
|
|
--
|
|
|
|
-- if [ -z "${port}" ]; then
|
|
|
|
-- echo "Please pass a valid port for tang" >&2
|
|
|
|
-- return 1
|
|
|
|
-- fi
|
|
|
|
--
|
|
|
|
-- if ! tang_new_keys "${basedir}"; then
|
|
|
|
-- echo "Error creating new keys for tang server" >&2
|
|
|
|
-- return 1
|
|
|
|
-- fi
|
|
|
|
--
|
|
|
|
-- local KEYS="${basedir}/cache"
|
|
|
|
-- local inetd='--inetd'
|
|
|
|
-- [ "${SD_ACTIVATE##*/}" = "systemd-activate" ] && inetd=
|
|
|
|
--
|
|
|
|
-- local pid pidfile
|
|
|
|
-- pidfile="${basedir}/tang.pid"
|
|
|
|
--
|
|
|
|
-- "${SD_ACTIVATE}" ${inetd} -l "${TANG_HOST}":"${port}" \
|
|
|
|
-- -a "${TANGD}" "${KEYS}" &
|
|
|
|
-- pid=$!
|
|
|
|
-- echo "${pid}" > "${pidfile}"
|
|
|
|
--}
|
|
|
|
--
|
|
|
|
--# Stop tang server.
|
|
|
|
--tang_stop() {
|
|
|
|
-- local basedir="${1}"
|
|
|
|
-- local pidfile="${basedir}/tang.pid"
|
|
|
|
-- [ -f "${pidfile}" ] || return 0
|
|
|
|
--
|
|
|
|
-- local pid
|
|
|
|
-- pid=$(<"${pidfile}")
|
|
|
|
-- kill "${pid}"
|
|
|
|
--}
|
|
|
|
--
|
|
|
|
--# Wait for the tang server to be operational.
|
|
|
|
--tang_wait_until_ready() {
|
|
|
|
-- local port="${1}"
|
|
|
|
-- while ! curl --output /dev/null --silent --fail \
|
|
|
|
-- http://"${TANG_HOST}":"${port}"/adv; do
|
|
|
|
-- sleep 0.1
|
|
|
|
-- echo -n . >&2
|
|
|
|
-- done
|
|
|
|
--}
|
|
|
|
--
|
|
|
|
--# Get tang advertisement.
|
|
|
|
--tang_get_adv() {
|
|
|
|
-- local port="${1}"
|
|
|
|
-- local adv="${2}"
|
|
|
|
--
|
|
|
|
-- curl -o "${adv}" http://"${TANG_HOST}":"${port}"/adv
|
|
|
|
--}
|
|
|
|
--
|
|
|
|
--export TANG_HOST=127.0.0.1
|
|
|
|
- export DEFAULT_PASS='just-some-test-password-here'
|
|
|
|
---- a/src/luks/tests/unbind-luks1
|
|
|
|
-+++ b/src/luks/tests/unbind-luks1
|
|
|
|
-@@ -30,7 +30,7 @@
|
|
|
|
-
|
|
|
|
- TMP="$(mktemp -d)"
|
|
|
|
- ADV="${TMP}/adv.jws"
|
|
|
|
--create_tang_adv "${ADV}"
|
|
|
|
-+tang_create_adv "${TMP}" "${ADV}"
|
|
|
|
- CFG="$(printf '{"url":"foobar","adv":"%s"}' "$ADV")"
|
|
|
|
-
|
|
|
|
- # LUKS1.
|
|
|
|
---- a/src/luks/tests/unbind-luks2
|
|
|
|
-+++ b/src/luks/tests/unbind-luks2
|
|
|
|
-@@ -34,7 +34,7 @@
|
|
|
|
-
|
|
|
|
- TMP="$(mktemp -d)"
|
|
|
|
- ADV="${TMP}/adv.jws"
|
|
|
|
--create_tang_adv "${ADV}"
|
|
|
|
-+tang_create_adv "${TMP}" "${ADV}"
|
|
|
|
- CFG="$(printf '{"url":"foobar","adv":"%s"}' "$ADV")"
|
|
|
|
-
|
|
|
|
- # LUKS2.
|
|
|
|
---- a/src/luks/tests/unlock-tang-luks1
|
|
|
|
-+++ b/src/luks/tests/unlock-tang-luks1
|
|
|
|
-@@ -33,11 +33,10 @@
|
|
|
|
-
|
|
|
|
- TMP="$(mktemp -d)"
|
|
|
|
-
|
|
|
|
--port=$(get_random_port)
|
|
|
|
--tang_run "${TMP}" "${port}" &
|
|
|
|
--tang_wait_until_ready "${port}"
|
|
|
|
-+port=$(tang_new_random_port)
|
|
|
|
-+tang_run "${TMP}" "${port}"
|
|
|
|
-
|
|
|
|
--url="http://${TANG_HOST}:${port}"
|
|
|
|
-+url="http://localhost:${port}"
|
|
|
|
- adv="${TMP}/adv"
|
|
|
|
- tang_get_adv "${port}" "${adv}"
|
|
|
|
-
|
|
|
|
---- a/src/luks/tests/unlock-tang-luks2
|
|
|
|
-+++ b/src/luks/tests/unlock-tang-luks2
|
|
|
|
-@@ -33,11 +33,10 @@
|
|
|
|
-
|
|
|
|
- TMP="$(mktemp -d)"
|
|
|
|
-
|
|
|
|
--port=$(get_random_port)
|
|
|
|
--tang_run "${TMP}" "${port}" &
|
|
|
|
--tang_wait_until_ready "${port}"
|
|
|
|
-+port=$(tang_new_random_port)
|
|
|
|
-+tang_run "${TMP}" "${port}"
|
|
|
|
-
|
|
|
|
--url="http://${TANG_HOST}:${port}"
|
|
|
|
-+url="http://localhost:${port}"
|
|
|
|
- adv="${TMP}/adv"
|
|
|
|
- tang_get_adv "${port}" "${adv}"
|
|
|
|
-
|
|
|