|
@@ -0,0 +1,746 @@
|
|
|
+Subject: Tests: update src/luks/tests to use shared tang test functions
|
|
|
+Origin: v15-3-ga07e753 <https://github.com/latchset/clevis/commit/v15-3-ga07e753>
|
|
|
+Upstream-Author: Sergio Correia <scorreia@redhat.com>
|
|
|
+Date: Fri Nov 20 01:13:50 2020 -0300
|
|
|
+
|
|
|
+--- a/src/luks/tests/assume-yes
|
|
|
++++ b/src/luks/tests/assume-yes
|
|
|
+@@ -33,11 +33,10 @@
|
|
|
+
|
|
|
+ TMP="$(mktemp -d)"
|
|
|
+
|
|
|
+-port=$(get_random_port)
|
|
|
+-tang_run "${TMP}" "${port}" &
|
|
|
+-tang_wait_until_ready "${port}"
|
|
|
++port=$(tang_new_random_port)
|
|
|
++tang_run "${TMP}" "${port}"
|
|
|
+
|
|
|
+-url="http://${TANG_HOST}:${port}"
|
|
|
++url="http://localhost:${port}"
|
|
|
+ cfg=$(printf '{"url":"%s"}' "$url")
|
|
|
+
|
|
|
+ test_tang() {
|
|
|
+--- a/src/luks/tests/assume-yes-luks2
|
|
|
++++ b/src/luks/tests/assume-yes-luks2
|
|
|
+@@ -33,11 +33,10 @@
|
|
|
+
|
|
|
+ TMP="$(mktemp -d)"
|
|
|
+
|
|
|
+-port=$(get_random_port)
|
|
|
+-tang_run "${TMP}" "${port}" &
|
|
|
+-tang_wait_until_ready "${port}"
|
|
|
++port=$(tang_new_random_port)
|
|
|
++tang_run "${TMP}" "${port}"
|
|
|
+
|
|
|
+-url="http://${TANG_HOST}:${port}"
|
|
|
++url="http://localhost:${port}"
|
|
|
+ cfg=$(printf '{"url":"%s"}' "$url")
|
|
|
+
|
|
|
+ # LUKS2.
|
|
|
+--- a/src/luks/tests/backup-restore-luks1
|
|
|
++++ b/src/luks/tests/backup-restore-luks1
|
|
|
+@@ -31,7 +31,7 @@
|
|
|
+ TMP="$(mktemp -d)"
|
|
|
+
|
|
|
+ ADV="${TMP}/adv.jws"
|
|
|
+-create_tang_adv "${ADV}"
|
|
|
++tang_create_adv "${TMP}" "${ADV}"
|
|
|
+ CFG="$(printf '{"url":"foobar","adv":"%s"}' "$ADV")"
|
|
|
+
|
|
|
+ # LUKS1.
|
|
|
+--- a/src/luks/tests/backup-restore-luks2
|
|
|
++++ b/src/luks/tests/backup-restore-luks2
|
|
|
+@@ -31,7 +31,7 @@
|
|
|
+ TMP="$(mktemp -d)"
|
|
|
+
|
|
|
+ ADV="${TMP}/adv.jws"
|
|
|
+-create_tang_adv "${ADV}"
|
|
|
++tang_create_adv "${TMP}" "${ADV}"
|
|
|
+ CFG="$(printf '{"url":"foobar","adv":"%s"}' "$ADV")"
|
|
|
+
|
|
|
+ # LUKS1.
|
|
|
+--- a/src/luks/tests/bind-already-used-luksmeta-slot
|
|
|
++++ b/src/luks/tests/bind-already-used-luksmeta-slot
|
|
|
+@@ -31,7 +31,7 @@
|
|
|
+ TMP="$(mktemp -d)"
|
|
|
+
|
|
|
+ ADV="${TMP}/adv.jws"
|
|
|
+-create_tang_adv "${ADV}"
|
|
|
++tang_create_adv "${TMP}" "${ADV}"
|
|
|
+ CFG="$(printf '{"url":"foobar","adv":"%s"}' "$ADV")"
|
|
|
+
|
|
|
+ # LUKS1.
|
|
|
+--- a/src/luks/tests/bind-key-file-non-interactive-luks1
|
|
|
++++ b/src/luks/tests/bind-key-file-non-interactive-luks1
|
|
|
+@@ -31,7 +31,7 @@
|
|
|
+ TMP="$(mktemp -d)"
|
|
|
+
|
|
|
+ ADV="${TMP}/adv.jws"
|
|
|
+-create_tang_adv "${ADV}"
|
|
|
++tang_create_adv "${TMP}" "${ADV}"
|
|
|
+ CFG="$(printf '{"url":"foobar","adv":"%s"}' "$ADV")"
|
|
|
+ UUID="cb6e8904-81ff-40da-a84a-07ab9ab5715e"
|
|
|
+ KEYFILE="${TMP}/key"
|
|
|
+--- a/src/luks/tests/bind-luks1
|
|
|
++++ b/src/luks/tests/bind-luks1
|
|
|
+@@ -31,7 +31,7 @@
|
|
|
+ TMP="$(mktemp -d)"
|
|
|
+
|
|
|
+ ADV="${TMP}/adv.jws"
|
|
|
+-create_tang_adv "${ADV}"
|
|
|
++tang_create_adv "${TMP}" "${ADV}"
|
|
|
+ CFG="$(printf '{"url":"foobar","adv":"%s"}' "$ADV")"
|
|
|
+
|
|
|
+ # LUKS1.
|
|
|
+--- a/src/luks/tests/bind-luks2
|
|
|
++++ b/src/luks/tests/bind-luks2
|
|
|
+@@ -35,7 +35,7 @@
|
|
|
+ TMP="$(mktemp -d)"
|
|
|
+
|
|
|
+ ADV="${TMP}/adv.jws"
|
|
|
+-create_tang_adv "${ADV}"
|
|
|
++tang_create_adv "${TMP}" "${ADV}"
|
|
|
+ CFG="$(printf '{"url":"foobar","adv":"%s"}' "$ADV")"
|
|
|
+
|
|
|
+ # LUKS2.
|
|
|
+--- a/src/luks/tests/bind-pass-with-newline-keyfile-luks1
|
|
|
++++ b/src/luks/tests/bind-pass-with-newline-keyfile-luks1
|
|
|
+@@ -31,7 +31,7 @@
|
|
|
+ TMP="$(mktemp -d)"
|
|
|
+
|
|
|
+ ADV="${TMP}/adv.jws"
|
|
|
+-create_tang_adv "${ADV}"
|
|
|
++tang_create_adv "${TMP}" "${ADV}"
|
|
|
+ CFG="$(printf '{"url":"foobar","adv":"%s"}' "$ADV")"
|
|
|
+
|
|
|
+ # LUKS1.
|
|
|
+--- a/src/luks/tests/bind-pass-with-newline-luks1
|
|
|
++++ b/src/luks/tests/bind-pass-with-newline-luks1
|
|
|
+@@ -31,7 +31,7 @@
|
|
|
+ TMP="$(mktemp -d)"
|
|
|
+
|
|
|
+ ADV="${TMP}/adv.jws"
|
|
|
+-create_tang_adv "${ADV}"
|
|
|
++tang_create_adv "${TMP}" "${ADV}"
|
|
|
+ CFG="$(printf '{"url":"foobar","adv":"%s"}' "$ADV")"
|
|
|
+
|
|
|
+ # LUKS1.
|
|
|
+--- a/src/luks/tests/bind-wrong-pass-luks1
|
|
|
++++ b/src/luks/tests/bind-wrong-pass-luks1
|
|
|
+@@ -31,7 +31,7 @@
|
|
|
+ TMP="$(mktemp -d)"
|
|
|
+
|
|
|
+ ADV="${TMP}/adv.jws"
|
|
|
+-create_tang_adv "${ADV}"
|
|
|
++tang_create_adv "${TMP}" "${ADV}"
|
|
|
+ CFG="$(printf '{"url":"foobar","adv":"%s"}' "$ADV")"
|
|
|
+
|
|
|
+ # LUKS1.
|
|
|
+--- a/src/luks/tests/bind-wrong-pass-luks2
|
|
|
++++ b/src/luks/tests/bind-wrong-pass-luks2
|
|
|
+@@ -35,7 +35,7 @@
|
|
|
+ TMP="$(mktemp -d)"
|
|
|
+
|
|
|
+ ADV="${TMP}/adv.jws"
|
|
|
+-create_tang_adv "${ADV}"
|
|
|
++tang_create_adv "${TMP}" "${ADV}"
|
|
|
+ CFG="$(printf '{"url":"foobar","adv":"%s"}' "$ADV")"
|
|
|
+
|
|
|
+ # LUKS2.
|
|
|
+--- a/src/luks/tests/edit-tang-luks1
|
|
|
++++ b/src/luks/tests/edit-tang-luks1
|
|
|
+@@ -36,11 +36,10 @@
|
|
|
+
|
|
|
+ TMP="$(mktemp -d)"
|
|
|
+
|
|
|
+-port=$(get_random_port)
|
|
|
+-tang_run "${TMP}" "${port}" &
|
|
|
+-tang_wait_until_ready "${port}"
|
|
|
++port=$(tang_new_random_port)
|
|
|
++tang_run "${TMP}" "${port}"
|
|
|
+
|
|
|
+-url="http://${TANG_HOST}:${port}"
|
|
|
++url="http://localhost:${port}"
|
|
|
+
|
|
|
+ cfg=$(printf '{"url":"%s"}' "${url}")
|
|
|
+
|
|
|
+@@ -65,11 +64,10 @@
|
|
|
+
|
|
|
+ # Now let's have another tang instance running and change the config to use
|
|
|
+ # the new one.
|
|
|
+-port2=$(get_random_port)
|
|
|
++port2=$(tang_new_random_port)
|
|
|
+ TMP2="$(mktemp -d)"
|
|
|
+-tang_run "${TMP2}" "${port2}" &
|
|
|
+-tang_wait_until_ready "${port2}"
|
|
|
+-new_url="http://${TANG_HOST}:${port2}"
|
|
|
++tang_run "${TMP2}" "${port2}"
|
|
|
++new_url="http://localhost:${port2}"
|
|
|
+ new_cfg=$(printf '{"url":"%s"}' "${new_url}")
|
|
|
+
|
|
|
+ if ! clevis luks edit -d "${DEV}" -s 1 -c "${new_cfg}"; then
|
|
|
+--- a/src/luks/tests/edit-tang-luks2
|
|
|
++++ b/src/luks/tests/edit-tang-luks2
|
|
|
+@@ -36,11 +36,10 @@
|
|
|
+
|
|
|
+ TMP="$(mktemp -d)"
|
|
|
+
|
|
|
+-port=$(get_random_port)
|
|
|
+-tang_run "${TMP}" "${port}" &
|
|
|
+-tang_wait_until_ready "${port}"
|
|
|
++port=$(tang_new_random_port)
|
|
|
++tang_run "${TMP}" "${port}"
|
|
|
+
|
|
|
+-url="http://${TANG_HOST}:${port}"
|
|
|
++url="http://localhost:${port}"
|
|
|
+
|
|
|
+ cfg=$(printf '{"url":"%s"}' "${url}")
|
|
|
+
|
|
|
+@@ -65,11 +64,10 @@
|
|
|
+
|
|
|
+ # Now let's have another tang instance running and change the config to use
|
|
|
+ # the new one.
|
|
|
+-port2=$(get_random_port)
|
|
|
++port2=$(tang_new_random_port)
|
|
|
+ TMP2="$(mktemp -d)"
|
|
|
+-tang_run "${TMP2}" "${port2}" &
|
|
|
+-tang_wait_until_ready "${port2}"
|
|
|
+-new_url="http://${TANG_HOST}:${port2}"
|
|
|
++tang_run "${TMP2}" "${port2}"
|
|
|
++new_url="http://localhost:${port2}"
|
|
|
+ new_cfg=$(printf '{"url":"%s"}' "${new_url}")
|
|
|
+
|
|
|
+ if ! clevis luks edit -d "${DEV}" -s 1 -c "${new_cfg}"; then
|
|
|
+--- a/src/luks/tests/list-recursive-luks1
|
|
|
++++ b/src/luks/tests/list-recursive-luks1
|
|
|
+@@ -31,7 +31,7 @@
|
|
|
+ TMP="$(mktemp -d)"
|
|
|
+
|
|
|
+ ADV="${TMP}/adv.jws"
|
|
|
+-create_tang_adv "${ADV}"
|
|
|
++tang_create_adv "${TMP}" "${ADV}"
|
|
|
+ PIN="sss"
|
|
|
+ CFG=$(printf '
|
|
|
+ {
|
|
|
+--- a/src/luks/tests/list-recursive-luks2
|
|
|
++++ b/src/luks/tests/list-recursive-luks2
|
|
|
+@@ -31,7 +31,7 @@
|
|
|
+ TMP="$(mktemp -d)"
|
|
|
+
|
|
|
+ ADV="${TMP}/adv.jws"
|
|
|
+-create_tang_adv "${ADV}"
|
|
|
++tang_create_adv "${TMP}" "${ADV}"
|
|
|
+ PIN="sss"
|
|
|
+ CFG=$(printf '
|
|
|
+ {
|
|
|
+--- a/src/luks/tests/list-sss-tang-luks1
|
|
|
++++ b/src/luks/tests/list-sss-tang-luks1
|
|
|
+@@ -31,7 +31,7 @@
|
|
|
+ TMP="$(mktemp -d)"
|
|
|
+
|
|
|
+ ADV="${TMP}/adv.jws"
|
|
|
+-create_tang_adv "${ADV}"
|
|
|
++tang_create_adv "${TMP}" "${ADV}"
|
|
|
+ PIN="sss"
|
|
|
+ CFG=$(printf '
|
|
|
+ {
|
|
|
+--- a/src/luks/tests/list-sss-tang-luks2
|
|
|
++++ b/src/luks/tests/list-sss-tang-luks2
|
|
|
+@@ -31,7 +31,7 @@
|
|
|
+ TMP="$(mktemp -d)"
|
|
|
+
|
|
|
+ ADV="${TMP}/adv.jws"
|
|
|
+-create_tang_adv "${ADV}"
|
|
|
++tang_create_adv "${TMP}" "${ADV}"
|
|
|
+ PIN="sss"
|
|
|
+ CFG=$(printf '
|
|
|
+ {
|
|
|
+--- a/src/luks/tests/list-tang-luks1
|
|
|
++++ b/src/luks/tests/list-tang-luks1
|
|
|
+@@ -31,7 +31,7 @@
|
|
|
+ TMP="$(mktemp -d)"
|
|
|
+
|
|
|
+ ADV="${TMP}/adv.jws"
|
|
|
+-create_tang_adv "${ADV}"
|
|
|
++tang_create_adv "${TMP}" "${ADV}"
|
|
|
+ PIN="tang"
|
|
|
+ CFG=$(printf '{"url": "ADDR","adv": "%s"}' "${ADV}")
|
|
|
+
|
|
|
+--- a/src/luks/tests/list-tang-luks2
|
|
|
++++ b/src/luks/tests/list-tang-luks2
|
|
|
+@@ -31,7 +31,7 @@
|
|
|
+ TMP="$(mktemp -d)"
|
|
|
+
|
|
|
+ ADV="${TMP}/adv.jws"
|
|
|
+-create_tang_adv "${ADV}"
|
|
|
++tang_create_adv "${TMP}" "${ADV}"
|
|
|
+ PIN="tang"
|
|
|
+ CFG=$(printf '{"url": "ADDR","adv": "%s"}' "${ADV}")
|
|
|
+
|
|
|
+--- a/src/luks/tests/meson.build
|
|
|
++++ b/src/luks/tests/meson.build
|
|
|
+@@ -1,39 +1,6 @@
|
|
|
+ # We use jq for comparing the pin config in the clevis luks list tests.
|
|
|
+ jq = find_program('jq', required: false)
|
|
|
+
|
|
|
+-# We use systemd-socket-activate for running test tang servers.
|
|
|
+-actv = find_program(
|
|
|
+- 'systemd-socket-activate',
|
|
|
+- 'systemd-activate',
|
|
|
+- join_paths('/', 'usr', 'lib', 'systemd', 'systemd-activate'),
|
|
|
+- required: false
|
|
|
+-)
|
|
|
+-
|
|
|
+-kgen = find_program(
|
|
|
+- join_paths(libexecdir, 'tangd-keygen'),
|
|
|
+- join_paths(get_option('prefix'), get_option('libdir'), 'tangd-keygen'),
|
|
|
+- join_paths(get_option('prefix'), get_option('libexecdir'), 'tangd-keygen'),
|
|
|
+- join_paths('/', 'usr', get_option('libdir'), 'tangd-keygen'),
|
|
|
+- join_paths('/', 'usr', get_option('libexecdir'), 'tangd-keygen'),
|
|
|
+- required: false
|
|
|
+-)
|
|
|
+-updt = find_program(
|
|
|
+- join_paths(libexecdir, 'tangd-update'),
|
|
|
+- join_paths(get_option('prefix'), get_option('libdir'), 'tangd-update'),
|
|
|
+- join_paths(get_option('prefix'), get_option('libexecdir'), 'tangd-update'),
|
|
|
+- join_paths('/', 'usr', get_option('libdir'), 'tangd-update'),
|
|
|
+- join_paths('/', 'usr', get_option('libexecdir'), 'tangd-update'),
|
|
|
+- required: false
|
|
|
+-)
|
|
|
+-tang = find_program(
|
|
|
+- join_paths(libexecdir, 'tangd'),
|
|
|
+- join_paths(get_option('prefix'), get_option('libdir'), 'tangd'),
|
|
|
+- join_paths(get_option('prefix'), get_option('libexecdir'), 'tangd'),
|
|
|
+- join_paths('/', 'usr', get_option('libdir'), 'tangd'),
|
|
|
+- join_paths('/', 'usr', get_option('libexecdir'), 'tangd'),
|
|
|
+- required: false
|
|
|
+-)
|
|
|
+-
|
|
|
+ common_functions = configure_file(input: 'tests-common-functions.in',
|
|
|
+ output: 'tests-common-functions',
|
|
|
+ configuration: luksmeta_data,
|
|
|
+@@ -53,19 +20,11 @@
|
|
|
+ join_paths(meson.build_root(), 'src', 'luks'),
|
|
|
+ join_paths(meson.build_root(), 'src', 'pins', 'sss'),
|
|
|
+ join_paths(meson.build_root(), 'src', 'pins', 'tang'),
|
|
|
++ join_paths(meson.build_root(), 'src', 'pins', 'tang', 'tests'),
|
|
|
+ join_paths(meson.build_root(), 'src', 'pins', 'tpm2'),
|
|
|
+ separator: ':'
|
|
|
+ )
|
|
|
+
|
|
|
+-has_tang = false
|
|
|
+-if actv.found() and kgen.found() and updt.found() and tang.found()
|
|
|
+- has_tang = true
|
|
|
+- env.set('SD_ACTIVATE', actv.path())
|
|
|
+- env.set('TANGD_KEYGEN', kgen.path())
|
|
|
+- env.set('TANGD_UPDATE', updt.path())
|
|
|
+- env.set('TANGD', tang.path())
|
|
|
+-endif
|
|
|
+-
|
|
|
+ test('bind-wrong-pass-luks1', find_program('bind-wrong-pass-luks1'), env: env)
|
|
|
+ test('bind-luks1', find_program('bind-luks1'), env: env)
|
|
|
+ test('unbind-unbound-slot-luks1', find_program('unbind-unbound-slot-luks1'), env: env)
|
|
|
+@@ -85,15 +44,13 @@
|
|
|
+ warning('Will not run "clevis luks list" tests due to missing jq dependency')
|
|
|
+ endif
|
|
|
+
|
|
|
+-if has_tang
|
|
|
+- test('unlock-tang-luks1', find_program('unlock-tang-luks1'), env: env, timeout: 90)
|
|
|
+- test('assume-yes', find_program('assume-yes'), env: env, timeout: 60)
|
|
|
+- test('regen-inplace-luks1', find_program('regen-inplace-luks1'), env: env, timeout: 90)
|
|
|
+- test('regen-not-inplace-luks1', find_program('regen-not-inplace-luks1'), env: env, timeout: 90)
|
|
|
+- test('report-tang-luks1', find_program('report-tang-luks1'), env: env, timeout: 90)
|
|
|
+- test('report-sss-luks1', find_program('report-sss-luks1'), env: env, timeout: 90)
|
|
|
+- test('edit-tang-luks1', find_program('edit-tang-luks1'), env: env, timeout: 150)
|
|
|
+-endif
|
|
|
++test('unlock-tang-luks1', find_program('unlock-tang-luks1'), env: env, timeout: 90)
|
|
|
++test('assume-yes', find_program('assume-yes'), env: env, timeout: 60)
|
|
|
++test('regen-inplace-luks1', find_program('regen-inplace-luks1'), env: env, timeout: 90)
|
|
|
++test('regen-not-inplace-luks1', find_program('regen-not-inplace-luks1'), env: env, timeout: 90)
|
|
|
++test('report-tang-luks1', find_program('report-tang-luks1'), env: env, timeout: 90)
|
|
|
++test('report-sss-luks1', find_program('report-sss-luks1'), env: env, timeout: 90)
|
|
|
++test('edit-tang-luks1', find_program('edit-tang-luks1'), env: env, timeout: 150)
|
|
|
+
|
|
|
+ test('backup-restore-luks1', find_program('backup-restore-luks1'), env: env, timeout: 60)
|
|
|
+
|
|
|
+@@ -112,15 +69,13 @@
|
|
|
+ test('list-sss-tang-luks2', find_program('list-sss-tang-luks2'), env: env, timeout: 60)
|
|
|
+ endif
|
|
|
+
|
|
|
+- if has_tang
|
|
|
+- test('unlock-tang-luks2', find_program('unlock-tang-luks2'), env: env, timeout: 120)
|
|
|
+- test('assume-yes-luks2', find_program('assume-yes-luks2'), env: env, timeout: 90)
|
|
|
+- test('regen-inplace-luks2', find_program('regen-inplace-luks2'), env: env, timeout: 120)
|
|
|
+- test('regen-not-inplace-luks2', find_program('regen-not-inplace-luks2'), env: env, timeout: 120)
|
|
|
+- test('report-tang-luks2', find_program('report-tang-luks2'), env: env, timeout: 120)
|
|
|
+- test('report-sss-luks2', find_program('report-sss-luks2'), env: env, timeout: 120)
|
|
|
+- test('edit-tang-luks2', find_program('edit-tang-luks2'), env: env, timeout: 210)
|
|
|
+- endif
|
|
|
++ test('unlock-tang-luks2', find_program('unlock-tang-luks2'), env: env, timeout: 120)
|
|
|
++ test('assume-yes-luks2', find_program('assume-yes-luks2'), env: env, timeout: 90)
|
|
|
++ test('regen-inplace-luks2', find_program('regen-inplace-luks2'), env: env, timeout: 120)
|
|
|
++ test('regen-not-inplace-luks2', find_program('regen-not-inplace-luks2'), env: env, timeout: 120)
|
|
|
++ test('report-tang-luks2', find_program('report-tang-luks2'), env: env, timeout: 120)
|
|
|
++ test('report-sss-luks2', find_program('report-sss-luks2'), env: env, timeout: 120)
|
|
|
++ test('edit-tang-luks2', find_program('edit-tang-luks2'), env: env, timeout: 210)
|
|
|
+
|
|
|
+-test('backup-restore-luks2', find_program('backup-restore-luks2'), env: env, timeout: 120)
|
|
|
++ test('backup-restore-luks2', find_program('backup-restore-luks2'), env: env, timeout: 120)
|
|
|
+ endif
|
|
|
+--- a/src/luks/tests/regen-inplace-luks1
|
|
|
++++ b/src/luks/tests/regen-inplace-luks1
|
|
|
+@@ -32,11 +32,10 @@
|
|
|
+
|
|
|
+ TMP=$(mktemp -d)
|
|
|
+
|
|
|
+-port=$(get_random_port)
|
|
|
+-tang_run "${TMP}" "${port}" &
|
|
|
+-tang_wait_until_ready "${port}"
|
|
|
++port=$(tang_new_random_port)
|
|
|
++tang_run "${TMP}" "${port}"
|
|
|
+
|
|
|
+-url="http://${TANG_HOST}:${port}"
|
|
|
++url="http://localhost:${port}"
|
|
|
+ adv="${TMP}/adv"
|
|
|
+ tang_get_adv "${port}" "${adv}"
|
|
|
+
|
|
|
+--- a/src/luks/tests/regen-inplace-luks2
|
|
|
++++ b/src/luks/tests/regen-inplace-luks2
|
|
|
+@@ -32,11 +32,10 @@
|
|
|
+
|
|
|
+ TMP=$(mktemp -d)
|
|
|
+
|
|
|
+-port=$(get_random_port)
|
|
|
+-tang_run "${TMP}" "${port}" &
|
|
|
+-tang_wait_until_ready "${port}"
|
|
|
++port=$(tang_new_random_port)
|
|
|
++tang_run "${TMP}" "${port}"
|
|
|
+
|
|
|
+-url="http://${TANG_HOST}:${port}"
|
|
|
++url="http://localhost:${port}"
|
|
|
+ adv="${TMP}/adv"
|
|
|
+ tang_get_adv "${port}" "${adv}"
|
|
|
+
|
|
|
+--- a/src/luks/tests/regen-not-inplace-luks1
|
|
|
++++ b/src/luks/tests/regen-not-inplace-luks1
|
|
|
+@@ -32,11 +32,10 @@
|
|
|
+
|
|
|
+ export TMP=$(mktemp -d)
|
|
|
+
|
|
|
+-port=$(get_random_port)
|
|
|
+-tang_run "${TMP}" "${port}" &
|
|
|
+-tang_wait_until_ready "${port}"
|
|
|
++port=$(tang_new_random_port)
|
|
|
++tang_run "${TMP}" "${port}"
|
|
|
+
|
|
|
+-url="http://${TANG_HOST}:${port}"
|
|
|
++url="http://localhost:${port}"
|
|
|
+ adv="${TMP}/adv"
|
|
|
+ tang_get_adv "${port}" "${adv}"
|
|
|
+
|
|
|
+--- a/src/luks/tests/regen-not-inplace-luks2
|
|
|
++++ b/src/luks/tests/regen-not-inplace-luks2
|
|
|
+@@ -32,11 +32,10 @@
|
|
|
+
|
|
|
+ export TMP=$(mktemp -d)
|
|
|
+
|
|
|
+-port=$(get_random_port)
|
|
|
+-tang_run "${TMP}" "${port}" &
|
|
|
+-tang_wait_until_ready "${port}"
|
|
|
++port=$(tang_new_random_port)
|
|
|
++tang_run "${TMP}" "${port}"
|
|
|
+
|
|
|
+-url="http://${TANG_HOST}:${port}"
|
|
|
++url="http://localhost:${port}"
|
|
|
+ adv="${TMP}/adv"
|
|
|
+ tang_get_adv "${port}" "${adv}"
|
|
|
+
|
|
|
+--- a/src/luks/tests/report-sss-luks1
|
|
|
++++ b/src/luks/tests/report-sss-luks1
|
|
|
+@@ -32,11 +32,10 @@
|
|
|
+
|
|
|
+ TMP=$(mktemp -d)
|
|
|
+
|
|
|
+-port=$(get_random_port)
|
|
|
+-tang_run "${TMP}" "${port}" &
|
|
|
+-tang_wait_until_ready "${port}"
|
|
|
++port=$(tang_new_random_port)
|
|
|
++tang_run "${TMP}" "${port}"
|
|
|
+
|
|
|
+-url="http://${TANG_HOST}:${port}"
|
|
|
++url="http://localhost:${port}"
|
|
|
+ adv="${TMP}/adv"
|
|
|
+ tang_get_adv "${port}" "${adv}"
|
|
|
+
|
|
|
+--- a/src/luks/tests/report-sss-luks2
|
|
|
++++ b/src/luks/tests/report-sss-luks2
|
|
|
+@@ -32,11 +32,10 @@
|
|
|
+
|
|
|
+ TMP=$(mktemp -d)
|
|
|
+
|
|
|
+-port=$(get_random_port)
|
|
|
+-tang_run "${TMP}" "${port}" &
|
|
|
+-tang_wait_until_ready "${port}"
|
|
|
++port=$(tang_new_random_port)
|
|
|
++tang_run "${TMP}" "${port}"
|
|
|
+
|
|
|
+-url="http://${TANG_HOST}:${port}"
|
|
|
++url="http://localhost:${port}"
|
|
|
+ adv="${TMP}/adv"
|
|
|
+ tang_get_adv "${port}" "${adv}"
|
|
|
+
|
|
|
+--- a/src/luks/tests/report-tang-luks1
|
|
|
++++ b/src/luks/tests/report-tang-luks1
|
|
|
+@@ -32,11 +32,10 @@
|
|
|
+
|
|
|
+ TMP=$(mktemp -d)
|
|
|
+
|
|
|
+-port=$(get_random_port)
|
|
|
+-tang_run "${TMP}" "${port}" &
|
|
|
+-tang_wait_until_ready "${port}"
|
|
|
++port=$(tang_new_random_port)
|
|
|
++tang_run "${TMP}" "${port}"
|
|
|
+
|
|
|
+-url="http://${TANG_HOST}:${port}"
|
|
|
++url="http://localhost:${port}"
|
|
|
+ adv="${TMP}/adv"
|
|
|
+ tang_get_adv "${port}" "${adv}"
|
|
|
+
|
|
|
+--- a/src/luks/tests/report-tang-luks2
|
|
|
++++ b/src/luks/tests/report-tang-luks2
|
|
|
+@@ -32,11 +32,10 @@
|
|
|
+
|
|
|
+ TMP=$(mktemp -d)
|
|
|
+
|
|
|
+-port=$(get_random_port)
|
|
|
+-tang_run "${TMP}" "${port}" &
|
|
|
+-tang_wait_until_ready "${port}"
|
|
|
++port=$(tang_new_random_port)
|
|
|
++tang_run "${TMP}" "${port}"
|
|
|
+
|
|
|
+-url="http://${TANG_HOST}:${port}"
|
|
|
++url="http://localhost:${port}"
|
|
|
+ adv="${TMP}/adv"
|
|
|
+ tang_get_adv "${port}" "${adv}"
|
|
|
+
|
|
|
+--- a/src/luks/tests/tests-common-functions.in
|
|
|
++++ b/src/luks/tests/tests-common-functions.in
|
|
|
+@@ -18,6 +18,8 @@
|
|
|
+ # along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
+ #
|
|
|
+
|
|
|
++. tang-common-test-functions
|
|
|
++
|
|
|
+ error() {
|
|
|
+ echo "${1}" >&2
|
|
|
+ exit 1
|
|
|
+@@ -34,20 +36,6 @@
|
|
|
+ return @OLD_CRYPTSETUP@
|
|
|
+ }
|
|
|
+
|
|
|
+-# Creates a tang adv to be used in the test.
|
|
|
+-create_tang_adv() {
|
|
|
+- local adv="${1}"
|
|
|
+- local SIG="${TMP}/sig.jwk"
|
|
|
+- jose jwk gen -i '{"alg":"ES512"}' > "${SIG}"
|
|
|
+-
|
|
|
+- local EXC="${TMP}/exc.jwk"
|
|
|
+- jose jwk gen -i '{"alg":"ECMR"}' > "${EXC}"
|
|
|
+-
|
|
|
+- local TEMPLATE='{"protected":{"cty":"jwk-set+json"}}'
|
|
|
+- jose jwk pub -s -i "${SIG}" -i "${EXC}" \
|
|
|
+- | jose jws sig -I- -s "${TEMPLATE}" -k "${SIG}" -o "${adv}"
|
|
|
+-}
|
|
|
+-
|
|
|
+ # Creates a new LUKS1 or LUKS2 device to be used.
|
|
|
+ new_device() {
|
|
|
+ local LUKS="${1}"
|
|
|
+@@ -236,132 +224,4 @@
|
|
|
+ return 0
|
|
|
+ }
|
|
|
+
|
|
|
+-
|
|
|
+-# Get a random port to be used with a test tang server.
|
|
|
+-get_random_port() {
|
|
|
+- shuf -i 1024-65535 -n 1
|
|
|
+-}
|
|
|
+-
|
|
|
+-# Removes tang rotated keys from the test server.
|
|
|
+-tang_remove_rotated_keys() {
|
|
|
+- local basedir="${1}"
|
|
|
+-
|
|
|
+- if [ -z "${basedir}" ]; then
|
|
|
+- echo "Please pass a valid base directory for tang"
|
|
|
+- return 1
|
|
|
+- fi
|
|
|
+-
|
|
|
+- [ -z "${TANGD_UPDATE}" ] && skip_test "WARNING: TANGD_UPDATE is not defined."
|
|
|
+-
|
|
|
+- local db="${basedir}/db"
|
|
|
+- local cache="${basedir}/cache"
|
|
|
+- mkdir -p "${db}"
|
|
|
+- mkdir -p "${cache}"
|
|
|
+-
|
|
|
+- pushd "${db}"
|
|
|
+- find . -name ".*.jwk" -exec rm -f {} \;
|
|
|
+- popd
|
|
|
+-
|
|
|
+- "${TANGD_UPDATE}" "${db}" "${cache}"
|
|
|
+- return 0
|
|
|
+-}
|
|
|
+-
|
|
|
+-# Creates new keys for the test tang server.
|
|
|
+-tang_new_keys() {
|
|
|
+- local basedir="${1}"
|
|
|
+- local rotate="${2}"
|
|
|
+-
|
|
|
+- if [ -z "${basedir}" ]; then
|
|
|
+- echo "Please pass a valid base directory for tang"
|
|
|
+- return 1
|
|
|
+- fi
|
|
|
+-
|
|
|
+- [ -z "${TANGD_KEYGEN}" ] && skip_test "WARNING: TANGD_KEYGEN is not defined."
|
|
|
+- [ -z "${TANGD_UPDATE}" ] && skip_test "WARNING: TANGD_UPDATE is not defined."
|
|
|
+-
|
|
|
+- local db="${basedir}/db"
|
|
|
+- local cache="${basedir}/cache"
|
|
|
+- mkdir -p "${db}"
|
|
|
+-
|
|
|
+- if [ -n "${rotate}" ]; then
|
|
|
+- pushd "${db}"
|
|
|
+- local k
|
|
|
+- k=$(find . -name "*.jwk" | wc -l)
|
|
|
+- if [ "${k}" -gt 0 ]; then
|
|
|
+- for k in *.jwk; do
|
|
|
+- mv -f -- "${k}" ".${k}"
|
|
|
+- done
|
|
|
+- fi
|
|
|
+- popd
|
|
|
+- fi
|
|
|
+-
|
|
|
+- "${TANGD_KEYGEN}" "${db}"
|
|
|
+- "${TANGD_UPDATE}" "${db}" "${cache}"
|
|
|
+-
|
|
|
+- return 0
|
|
|
+-}
|
|
|
+-
|
|
|
+-# Start a test tang server.
|
|
|
+-tang_run() {
|
|
|
+- local basedir="${1}"
|
|
|
+- local port="${2}"
|
|
|
+-
|
|
|
+- if [ -z "${basedir}" ]; then
|
|
|
+- echo "Please pass a valid base directory for tang" >&2
|
|
|
+- return 1
|
|
|
+- fi
|
|
|
+-
|
|
|
+- if [ -z "${port}" ]; then
|
|
|
+- echo "Please pass a valid port for tang" >&2
|
|
|
+- return 1
|
|
|
+- fi
|
|
|
+-
|
|
|
+- if ! tang_new_keys "${basedir}"; then
|
|
|
+- echo "Error creating new keys for tang server" >&2
|
|
|
+- return 1
|
|
|
+- fi
|
|
|
+-
|
|
|
+- local KEYS="${basedir}/cache"
|
|
|
+- local inetd='--inetd'
|
|
|
+- [ "${SD_ACTIVATE##*/}" = "systemd-activate" ] && inetd=
|
|
|
+-
|
|
|
+- local pid pidfile
|
|
|
+- pidfile="${basedir}/tang.pid"
|
|
|
+-
|
|
|
+- "${SD_ACTIVATE}" ${inetd} -l "${TANG_HOST}":"${port}" \
|
|
|
+- -a "${TANGD}" "${KEYS}" &
|
|
|
+- pid=$!
|
|
|
+- echo "${pid}" > "${pidfile}"
|
|
|
+-}
|
|
|
+-
|
|
|
+-# Stop tang server.
|
|
|
+-tang_stop() {
|
|
|
+- local basedir="${1}"
|
|
|
+- local pidfile="${basedir}/tang.pid"
|
|
|
+- [ -f "${pidfile}" ] || return 0
|
|
|
+-
|
|
|
+- local pid
|
|
|
+- pid=$(<"${pidfile}")
|
|
|
+- kill "${pid}"
|
|
|
+-}
|
|
|
+-
|
|
|
+-# Wait for the tang server to be operational.
|
|
|
+-tang_wait_until_ready() {
|
|
|
+- local port="${1}"
|
|
|
+- while ! curl --output /dev/null --silent --fail \
|
|
|
+- http://"${TANG_HOST}":"${port}"/adv; do
|
|
|
+- sleep 0.1
|
|
|
+- echo -n . >&2
|
|
|
+- done
|
|
|
+-}
|
|
|
+-
|
|
|
+-# Get tang advertisement.
|
|
|
+-tang_get_adv() {
|
|
|
+- local port="${1}"
|
|
|
+- local adv="${2}"
|
|
|
+-
|
|
|
+- curl -o "${adv}" http://"${TANG_HOST}":"${port}"/adv
|
|
|
+-}
|
|
|
+-
|
|
|
+-export TANG_HOST=127.0.0.1
|
|
|
+ export DEFAULT_PASS='just-some-test-password-here'
|
|
|
+--- a/src/luks/tests/unbind-luks1
|
|
|
++++ b/src/luks/tests/unbind-luks1
|
|
|
+@@ -30,7 +30,7 @@
|
|
|
+
|
|
|
+ TMP="$(mktemp -d)"
|
|
|
+ ADV="${TMP}/adv.jws"
|
|
|
+-create_tang_adv "${ADV}"
|
|
|
++tang_create_adv "${TMP}" "${ADV}"
|
|
|
+ CFG="$(printf '{"url":"foobar","adv":"%s"}' "$ADV")"
|
|
|
+
|
|
|
+ # LUKS1.
|
|
|
+--- a/src/luks/tests/unbind-luks2
|
|
|
++++ b/src/luks/tests/unbind-luks2
|
|
|
+@@ -34,7 +34,7 @@
|
|
|
+
|
|
|
+ TMP="$(mktemp -d)"
|
|
|
+ ADV="${TMP}/adv.jws"
|
|
|
+-create_tang_adv "${ADV}"
|
|
|
++tang_create_adv "${TMP}" "${ADV}"
|
|
|
+ CFG="$(printf '{"url":"foobar","adv":"%s"}' "$ADV")"
|
|
|
+
|
|
|
+ # LUKS2.
|
|
|
+--- a/src/luks/tests/unlock-tang-luks1
|
|
|
++++ b/src/luks/tests/unlock-tang-luks1
|
|
|
+@@ -33,11 +33,10 @@
|
|
|
+
|
|
|
+ TMP="$(mktemp -d)"
|
|
|
+
|
|
|
+-port=$(get_random_port)
|
|
|
+-tang_run "${TMP}" "${port}" &
|
|
|
+-tang_wait_until_ready "${port}"
|
|
|
++port=$(tang_new_random_port)
|
|
|
++tang_run "${TMP}" "${port}"
|
|
|
+
|
|
|
+-url="http://${TANG_HOST}:${port}"
|
|
|
++url="http://localhost:${port}"
|
|
|
+ adv="${TMP}/adv"
|
|
|
+ tang_get_adv "${port}" "${adv}"
|
|
|
+
|
|
|
+--- a/src/luks/tests/unlock-tang-luks2
|
|
|
++++ b/src/luks/tests/unlock-tang-luks2
|
|
|
+@@ -33,11 +33,10 @@
|
|
|
+
|
|
|
+ TMP="$(mktemp -d)"
|
|
|
+
|
|
|
+-port=$(get_random_port)
|
|
|
+-tang_run "${TMP}" "${port}" &
|
|
|
+-tang_wait_until_ready "${port}"
|
|
|
++port=$(tang_new_random_port)
|
|
|
++tang_run "${TMP}" "${port}"
|
|
|
+
|
|
|
+-url="http://${TANG_HOST}:${port}"
|
|
|
++url="http://localhost:${port}"
|
|
|
+ adv="${TMP}/adv"
|
|
|
+ tang_get_adv "${port}" "${adv}"
|
|
|
+
|