123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746 |
- Subject: Tests: update src/luks/tests to use shared tang test functions
- Origin: v15-3-ga07e753 <https://github.com/latchset/clevis/commit/v15-3-ga07e753>
- Upstream-Author: Sergio Correia <scorreia@redhat.com>
- Date: Fri Nov 20 01:13:50 2020 -0300
- --- a/src/luks/tests/assume-yes
- +++ b/src/luks/tests/assume-yes
- @@ -33,11 +33,10 @@
-
- TMP="$(mktemp -d)"
-
- -port=$(get_random_port)
- -tang_run "${TMP}" "${port}" &
- -tang_wait_until_ready "${port}"
- +port=$(tang_new_random_port)
- +tang_run "${TMP}" "${port}"
-
- -url="http://${TANG_HOST}:${port}"
- +url="http://localhost:${port}"
- cfg=$(printf '{"url":"%s"}' "$url")
-
- test_tang() {
- --- a/src/luks/tests/assume-yes-luks2
- +++ b/src/luks/tests/assume-yes-luks2
- @@ -33,11 +33,10 @@
-
- TMP="$(mktemp -d)"
-
- -port=$(get_random_port)
- -tang_run "${TMP}" "${port}" &
- -tang_wait_until_ready "${port}"
- +port=$(tang_new_random_port)
- +tang_run "${TMP}" "${port}"
-
- -url="http://${TANG_HOST}:${port}"
- +url="http://localhost:${port}"
- cfg=$(printf '{"url":"%s"}' "$url")
-
- # LUKS2.
- --- a/src/luks/tests/backup-restore-luks1
- +++ b/src/luks/tests/backup-restore-luks1
- @@ -31,7 +31,7 @@
- TMP="$(mktemp -d)"
-
- ADV="${TMP}/adv.jws"
- -create_tang_adv "${ADV}"
- +tang_create_adv "${TMP}" "${ADV}"
- CFG="$(printf '{"url":"foobar","adv":"%s"}' "$ADV")"
-
- # LUKS1.
- --- a/src/luks/tests/backup-restore-luks2
- +++ b/src/luks/tests/backup-restore-luks2
- @@ -31,7 +31,7 @@
- TMP="$(mktemp -d)"
-
- ADV="${TMP}/adv.jws"
- -create_tang_adv "${ADV}"
- +tang_create_adv "${TMP}" "${ADV}"
- CFG="$(printf '{"url":"foobar","adv":"%s"}' "$ADV")"
-
- # LUKS1.
- --- a/src/luks/tests/bind-already-used-luksmeta-slot
- +++ b/src/luks/tests/bind-already-used-luksmeta-slot
- @@ -31,7 +31,7 @@
- TMP="$(mktemp -d)"
-
- ADV="${TMP}/adv.jws"
- -create_tang_adv "${ADV}"
- +tang_create_adv "${TMP}" "${ADV}"
- CFG="$(printf '{"url":"foobar","adv":"%s"}' "$ADV")"
-
- # LUKS1.
- --- a/src/luks/tests/bind-key-file-non-interactive-luks1
- +++ b/src/luks/tests/bind-key-file-non-interactive-luks1
- @@ -31,7 +31,7 @@
- TMP="$(mktemp -d)"
-
- ADV="${TMP}/adv.jws"
- -create_tang_adv "${ADV}"
- +tang_create_adv "${TMP}" "${ADV}"
- CFG="$(printf '{"url":"foobar","adv":"%s"}' "$ADV")"
- UUID="cb6e8904-81ff-40da-a84a-07ab9ab5715e"
- KEYFILE="${TMP}/key"
- --- a/src/luks/tests/bind-luks1
- +++ b/src/luks/tests/bind-luks1
- @@ -31,7 +31,7 @@
- TMP="$(mktemp -d)"
-
- ADV="${TMP}/adv.jws"
- -create_tang_adv "${ADV}"
- +tang_create_adv "${TMP}" "${ADV}"
- CFG="$(printf '{"url":"foobar","adv":"%s"}' "$ADV")"
-
- # LUKS1.
- --- a/src/luks/tests/bind-luks2
- +++ b/src/luks/tests/bind-luks2
- @@ -35,7 +35,7 @@
- TMP="$(mktemp -d)"
-
- ADV="${TMP}/adv.jws"
- -create_tang_adv "${ADV}"
- +tang_create_adv "${TMP}" "${ADV}"
- CFG="$(printf '{"url":"foobar","adv":"%s"}' "$ADV")"
-
- # LUKS2.
- --- a/src/luks/tests/bind-pass-with-newline-keyfile-luks1
- +++ b/src/luks/tests/bind-pass-with-newline-keyfile-luks1
- @@ -31,7 +31,7 @@
- TMP="$(mktemp -d)"
-
- ADV="${TMP}/adv.jws"
- -create_tang_adv "${ADV}"
- +tang_create_adv "${TMP}" "${ADV}"
- CFG="$(printf '{"url":"foobar","adv":"%s"}' "$ADV")"
-
- # LUKS1.
- --- a/src/luks/tests/bind-pass-with-newline-luks1
- +++ b/src/luks/tests/bind-pass-with-newline-luks1
- @@ -31,7 +31,7 @@
- TMP="$(mktemp -d)"
-
- ADV="${TMP}/adv.jws"
- -create_tang_adv "${ADV}"
- +tang_create_adv "${TMP}" "${ADV}"
- CFG="$(printf '{"url":"foobar","adv":"%s"}' "$ADV")"
-
- # LUKS1.
- --- a/src/luks/tests/bind-wrong-pass-luks1
- +++ b/src/luks/tests/bind-wrong-pass-luks1
- @@ -31,7 +31,7 @@
- TMP="$(mktemp -d)"
-
- ADV="${TMP}/adv.jws"
- -create_tang_adv "${ADV}"
- +tang_create_adv "${TMP}" "${ADV}"
- CFG="$(printf '{"url":"foobar","adv":"%s"}' "$ADV")"
-
- # LUKS1.
- --- a/src/luks/tests/bind-wrong-pass-luks2
- +++ b/src/luks/tests/bind-wrong-pass-luks2
- @@ -35,7 +35,7 @@
- TMP="$(mktemp -d)"
-
- ADV="${TMP}/adv.jws"
- -create_tang_adv "${ADV}"
- +tang_create_adv "${TMP}" "${ADV}"
- CFG="$(printf '{"url":"foobar","adv":"%s"}' "$ADV")"
-
- # LUKS2.
- --- a/src/luks/tests/edit-tang-luks1
- +++ b/src/luks/tests/edit-tang-luks1
- @@ -36,11 +36,10 @@
-
- TMP="$(mktemp -d)"
-
- -port=$(get_random_port)
- -tang_run "${TMP}" "${port}" &
- -tang_wait_until_ready "${port}"
- +port=$(tang_new_random_port)
- +tang_run "${TMP}" "${port}"
-
- -url="http://${TANG_HOST}:${port}"
- +url="http://localhost:${port}"
-
- cfg=$(printf '{"url":"%s"}' "${url}")
-
- @@ -65,11 +64,10 @@
-
- # Now let's have another tang instance running and change the config to use
- # the new one.
- -port2=$(get_random_port)
- +port2=$(tang_new_random_port)
- TMP2="$(mktemp -d)"
- -tang_run "${TMP2}" "${port2}" &
- -tang_wait_until_ready "${port2}"
- -new_url="http://${TANG_HOST}:${port2}"
- +tang_run "${TMP2}" "${port2}"
- +new_url="http://localhost:${port2}"
- new_cfg=$(printf '{"url":"%s"}' "${new_url}")
-
- if ! clevis luks edit -d "${DEV}" -s 1 -c "${new_cfg}"; then
- --- a/src/luks/tests/edit-tang-luks2
- +++ b/src/luks/tests/edit-tang-luks2
- @@ -36,11 +36,10 @@
-
- TMP="$(mktemp -d)"
-
- -port=$(get_random_port)
- -tang_run "${TMP}" "${port}" &
- -tang_wait_until_ready "${port}"
- +port=$(tang_new_random_port)
- +tang_run "${TMP}" "${port}"
-
- -url="http://${TANG_HOST}:${port}"
- +url="http://localhost:${port}"
-
- cfg=$(printf '{"url":"%s"}' "${url}")
-
- @@ -65,11 +64,10 @@
-
- # Now let's have another tang instance running and change the config to use
- # the new one.
- -port2=$(get_random_port)
- +port2=$(tang_new_random_port)
- TMP2="$(mktemp -d)"
- -tang_run "${TMP2}" "${port2}" &
- -tang_wait_until_ready "${port2}"
- -new_url="http://${TANG_HOST}:${port2}"
- +tang_run "${TMP2}" "${port2}"
- +new_url="http://localhost:${port2}"
- new_cfg=$(printf '{"url":"%s"}' "${new_url}")
-
- if ! clevis luks edit -d "${DEV}" -s 1 -c "${new_cfg}"; then
- --- a/src/luks/tests/list-recursive-luks1
- +++ b/src/luks/tests/list-recursive-luks1
- @@ -31,7 +31,7 @@
- TMP="$(mktemp -d)"
-
- ADV="${TMP}/adv.jws"
- -create_tang_adv "${ADV}"
- +tang_create_adv "${TMP}" "${ADV}"
- PIN="sss"
- CFG=$(printf '
- {
- --- a/src/luks/tests/list-recursive-luks2
- +++ b/src/luks/tests/list-recursive-luks2
- @@ -31,7 +31,7 @@
- TMP="$(mktemp -d)"
-
- ADV="${TMP}/adv.jws"
- -create_tang_adv "${ADV}"
- +tang_create_adv "${TMP}" "${ADV}"
- PIN="sss"
- CFG=$(printf '
- {
- --- a/src/luks/tests/list-sss-tang-luks1
- +++ b/src/luks/tests/list-sss-tang-luks1
- @@ -31,7 +31,7 @@
- TMP="$(mktemp -d)"
-
- ADV="${TMP}/adv.jws"
- -create_tang_adv "${ADV}"
- +tang_create_adv "${TMP}" "${ADV}"
- PIN="sss"
- CFG=$(printf '
- {
- --- a/src/luks/tests/list-sss-tang-luks2
- +++ b/src/luks/tests/list-sss-tang-luks2
- @@ -31,7 +31,7 @@
- TMP="$(mktemp -d)"
-
- ADV="${TMP}/adv.jws"
- -create_tang_adv "${ADV}"
- +tang_create_adv "${TMP}" "${ADV}"
- PIN="sss"
- CFG=$(printf '
- {
- --- a/src/luks/tests/list-tang-luks1
- +++ b/src/luks/tests/list-tang-luks1
- @@ -31,7 +31,7 @@
- TMP="$(mktemp -d)"
-
- ADV="${TMP}/adv.jws"
- -create_tang_adv "${ADV}"
- +tang_create_adv "${TMP}" "${ADV}"
- PIN="tang"
- CFG=$(printf '{"url": "ADDR","adv": "%s"}' "${ADV}")
-
- --- a/src/luks/tests/list-tang-luks2
- +++ b/src/luks/tests/list-tang-luks2
- @@ -31,7 +31,7 @@
- TMP="$(mktemp -d)"
-
- ADV="${TMP}/adv.jws"
- -create_tang_adv "${ADV}"
- +tang_create_adv "${TMP}" "${ADV}"
- PIN="tang"
- CFG=$(printf '{"url": "ADDR","adv": "%s"}' "${ADV}")
-
- --- a/src/luks/tests/meson.build
- +++ b/src/luks/tests/meson.build
- @@ -1,39 +1,6 @@
- # We use jq for comparing the pin config in the clevis luks list tests.
- jq = find_program('jq', required: false)
-
- -# We use systemd-socket-activate for running test tang servers.
- -actv = find_program(
- - 'systemd-socket-activate',
- - 'systemd-activate',
- - join_paths('/', 'usr', 'lib', 'systemd', 'systemd-activate'),
- - required: false
- -)
- -
- -kgen = find_program(
- - join_paths(libexecdir, 'tangd-keygen'),
- - join_paths(get_option('prefix'), get_option('libdir'), 'tangd-keygen'),
- - join_paths(get_option('prefix'), get_option('libexecdir'), 'tangd-keygen'),
- - join_paths('/', 'usr', get_option('libdir'), 'tangd-keygen'),
- - join_paths('/', 'usr', get_option('libexecdir'), 'tangd-keygen'),
- - required: false
- -)
- -updt = find_program(
- - join_paths(libexecdir, 'tangd-update'),
- - join_paths(get_option('prefix'), get_option('libdir'), 'tangd-update'),
- - join_paths(get_option('prefix'), get_option('libexecdir'), 'tangd-update'),
- - join_paths('/', 'usr', get_option('libdir'), 'tangd-update'),
- - join_paths('/', 'usr', get_option('libexecdir'), 'tangd-update'),
- - required: false
- -)
- -tang = find_program(
- - join_paths(libexecdir, 'tangd'),
- - join_paths(get_option('prefix'), get_option('libdir'), 'tangd'),
- - join_paths(get_option('prefix'), get_option('libexecdir'), 'tangd'),
- - join_paths('/', 'usr', get_option('libdir'), 'tangd'),
- - join_paths('/', 'usr', get_option('libexecdir'), 'tangd'),
- - required: false
- -)
- -
- common_functions = configure_file(input: 'tests-common-functions.in',
- output: 'tests-common-functions',
- configuration: luksmeta_data,
- @@ -53,19 +20,11 @@
- join_paths(meson.build_root(), 'src', 'luks'),
- join_paths(meson.build_root(), 'src', 'pins', 'sss'),
- join_paths(meson.build_root(), 'src', 'pins', 'tang'),
- + join_paths(meson.build_root(), 'src', 'pins', 'tang', 'tests'),
- join_paths(meson.build_root(), 'src', 'pins', 'tpm2'),
- separator: ':'
- )
-
- -has_tang = false
- -if actv.found() and kgen.found() and updt.found() and tang.found()
- - has_tang = true
- - env.set('SD_ACTIVATE', actv.path())
- - env.set('TANGD_KEYGEN', kgen.path())
- - env.set('TANGD_UPDATE', updt.path())
- - env.set('TANGD', tang.path())
- -endif
- -
- test('bind-wrong-pass-luks1', find_program('bind-wrong-pass-luks1'), env: env)
- test('bind-luks1', find_program('bind-luks1'), env: env)
- test('unbind-unbound-slot-luks1', find_program('unbind-unbound-slot-luks1'), env: env)
- @@ -85,15 +44,13 @@
- warning('Will not run "clevis luks list" tests due to missing jq dependency')
- endif
-
- -if has_tang
- - test('unlock-tang-luks1', find_program('unlock-tang-luks1'), env: env, timeout: 90)
- - test('assume-yes', find_program('assume-yes'), env: env, timeout: 60)
- - test('regen-inplace-luks1', find_program('regen-inplace-luks1'), env: env, timeout: 90)
- - test('regen-not-inplace-luks1', find_program('regen-not-inplace-luks1'), env: env, timeout: 90)
- - test('report-tang-luks1', find_program('report-tang-luks1'), env: env, timeout: 90)
- - test('report-sss-luks1', find_program('report-sss-luks1'), env: env, timeout: 90)
- - test('edit-tang-luks1', find_program('edit-tang-luks1'), env: env, timeout: 150)
- -endif
- +test('unlock-tang-luks1', find_program('unlock-tang-luks1'), env: env, timeout: 90)
- +test('assume-yes', find_program('assume-yes'), env: env, timeout: 60)
- +test('regen-inplace-luks1', find_program('regen-inplace-luks1'), env: env, timeout: 90)
- +test('regen-not-inplace-luks1', find_program('regen-not-inplace-luks1'), env: env, timeout: 90)
- +test('report-tang-luks1', find_program('report-tang-luks1'), env: env, timeout: 90)
- +test('report-sss-luks1', find_program('report-sss-luks1'), env: env, timeout: 90)
- +test('edit-tang-luks1', find_program('edit-tang-luks1'), env: env, timeout: 150)
-
- test('backup-restore-luks1', find_program('backup-restore-luks1'), env: env, timeout: 60)
-
- @@ -112,15 +69,13 @@
- test('list-sss-tang-luks2', find_program('list-sss-tang-luks2'), env: env, timeout: 60)
- endif
-
- - if has_tang
- - test('unlock-tang-luks2', find_program('unlock-tang-luks2'), env: env, timeout: 120)
- - test('assume-yes-luks2', find_program('assume-yes-luks2'), env: env, timeout: 90)
- - test('regen-inplace-luks2', find_program('regen-inplace-luks2'), env: env, timeout: 120)
- - test('regen-not-inplace-luks2', find_program('regen-not-inplace-luks2'), env: env, timeout: 120)
- - test('report-tang-luks2', find_program('report-tang-luks2'), env: env, timeout: 120)
- - test('report-sss-luks2', find_program('report-sss-luks2'), env: env, timeout: 120)
- - test('edit-tang-luks2', find_program('edit-tang-luks2'), env: env, timeout: 210)
- - endif
- + test('unlock-tang-luks2', find_program('unlock-tang-luks2'), env: env, timeout: 120)
- + test('assume-yes-luks2', find_program('assume-yes-luks2'), env: env, timeout: 90)
- + test('regen-inplace-luks2', find_program('regen-inplace-luks2'), env: env, timeout: 120)
- + test('regen-not-inplace-luks2', find_program('regen-not-inplace-luks2'), env: env, timeout: 120)
- + test('report-tang-luks2', find_program('report-tang-luks2'), env: env, timeout: 120)
- + test('report-sss-luks2', find_program('report-sss-luks2'), env: env, timeout: 120)
- + test('edit-tang-luks2', find_program('edit-tang-luks2'), env: env, timeout: 210)
-
- -test('backup-restore-luks2', find_program('backup-restore-luks2'), env: env, timeout: 120)
- + test('backup-restore-luks2', find_program('backup-restore-luks2'), env: env, timeout: 120)
- endif
- --- a/src/luks/tests/regen-inplace-luks1
- +++ b/src/luks/tests/regen-inplace-luks1
- @@ -32,11 +32,10 @@
-
- TMP=$(mktemp -d)
-
- -port=$(get_random_port)
- -tang_run "${TMP}" "${port}" &
- -tang_wait_until_ready "${port}"
- +port=$(tang_new_random_port)
- +tang_run "${TMP}" "${port}"
-
- -url="http://${TANG_HOST}:${port}"
- +url="http://localhost:${port}"
- adv="${TMP}/adv"
- tang_get_adv "${port}" "${adv}"
-
- --- a/src/luks/tests/regen-inplace-luks2
- +++ b/src/luks/tests/regen-inplace-luks2
- @@ -32,11 +32,10 @@
-
- TMP=$(mktemp -d)
-
- -port=$(get_random_port)
- -tang_run "${TMP}" "${port}" &
- -tang_wait_until_ready "${port}"
- +port=$(tang_new_random_port)
- +tang_run "${TMP}" "${port}"
-
- -url="http://${TANG_HOST}:${port}"
- +url="http://localhost:${port}"
- adv="${TMP}/adv"
- tang_get_adv "${port}" "${adv}"
-
- --- a/src/luks/tests/regen-not-inplace-luks1
- +++ b/src/luks/tests/regen-not-inplace-luks1
- @@ -32,11 +32,10 @@
-
- export TMP=$(mktemp -d)
-
- -port=$(get_random_port)
- -tang_run "${TMP}" "${port}" &
- -tang_wait_until_ready "${port}"
- +port=$(tang_new_random_port)
- +tang_run "${TMP}" "${port}"
-
- -url="http://${TANG_HOST}:${port}"
- +url="http://localhost:${port}"
- adv="${TMP}/adv"
- tang_get_adv "${port}" "${adv}"
-
- --- a/src/luks/tests/regen-not-inplace-luks2
- +++ b/src/luks/tests/regen-not-inplace-luks2
- @@ -32,11 +32,10 @@
-
- export TMP=$(mktemp -d)
-
- -port=$(get_random_port)
- -tang_run "${TMP}" "${port}" &
- -tang_wait_until_ready "${port}"
- +port=$(tang_new_random_port)
- +tang_run "${TMP}" "${port}"
-
- -url="http://${TANG_HOST}:${port}"
- +url="http://localhost:${port}"
- adv="${TMP}/adv"
- tang_get_adv "${port}" "${adv}"
-
- --- a/src/luks/tests/report-sss-luks1
- +++ b/src/luks/tests/report-sss-luks1
- @@ -32,11 +32,10 @@
-
- TMP=$(mktemp -d)
-
- -port=$(get_random_port)
- -tang_run "${TMP}" "${port}" &
- -tang_wait_until_ready "${port}"
- +port=$(tang_new_random_port)
- +tang_run "${TMP}" "${port}"
-
- -url="http://${TANG_HOST}:${port}"
- +url="http://localhost:${port}"
- adv="${TMP}/adv"
- tang_get_adv "${port}" "${adv}"
-
- --- a/src/luks/tests/report-sss-luks2
- +++ b/src/luks/tests/report-sss-luks2
- @@ -32,11 +32,10 @@
-
- TMP=$(mktemp -d)
-
- -port=$(get_random_port)
- -tang_run "${TMP}" "${port}" &
- -tang_wait_until_ready "${port}"
- +port=$(tang_new_random_port)
- +tang_run "${TMP}" "${port}"
-
- -url="http://${TANG_HOST}:${port}"
- +url="http://localhost:${port}"
- adv="${TMP}/adv"
- tang_get_adv "${port}" "${adv}"
-
- --- a/src/luks/tests/report-tang-luks1
- +++ b/src/luks/tests/report-tang-luks1
- @@ -32,11 +32,10 @@
-
- TMP=$(mktemp -d)
-
- -port=$(get_random_port)
- -tang_run "${TMP}" "${port}" &
- -tang_wait_until_ready "${port}"
- +port=$(tang_new_random_port)
- +tang_run "${TMP}" "${port}"
-
- -url="http://${TANG_HOST}:${port}"
- +url="http://localhost:${port}"
- adv="${TMP}/adv"
- tang_get_adv "${port}" "${adv}"
-
- --- a/src/luks/tests/report-tang-luks2
- +++ b/src/luks/tests/report-tang-luks2
- @@ -32,11 +32,10 @@
-
- TMP=$(mktemp -d)
-
- -port=$(get_random_port)
- -tang_run "${TMP}" "${port}" &
- -tang_wait_until_ready "${port}"
- +port=$(tang_new_random_port)
- +tang_run "${TMP}" "${port}"
-
- -url="http://${TANG_HOST}:${port}"
- +url="http://localhost:${port}"
- adv="${TMP}/adv"
- tang_get_adv "${port}" "${adv}"
-
- --- a/src/luks/tests/tests-common-functions.in
- +++ b/src/luks/tests/tests-common-functions.in
- @@ -18,6 +18,8 @@
- # along with this program. If not, see <http://www.gnu.org/licenses/>.
- #
-
- +. tang-common-test-functions
- +
- error() {
- echo "${1}" >&2
- exit 1
- @@ -34,20 +36,6 @@
- return @OLD_CRYPTSETUP@
- }
-
- -# Creates a tang adv to be used in the test.
- -create_tang_adv() {
- - local adv="${1}"
- - local SIG="${TMP}/sig.jwk"
- - jose jwk gen -i '{"alg":"ES512"}' > "${SIG}"
- -
- - local EXC="${TMP}/exc.jwk"
- - jose jwk gen -i '{"alg":"ECMR"}' > "${EXC}"
- -
- - local TEMPLATE='{"protected":{"cty":"jwk-set+json"}}'
- - jose jwk pub -s -i "${SIG}" -i "${EXC}" \
- - | jose jws sig -I- -s "${TEMPLATE}" -k "${SIG}" -o "${adv}"
- -}
- -
- # Creates a new LUKS1 or LUKS2 device to be used.
- new_device() {
- local LUKS="${1}"
- @@ -236,132 +224,4 @@
- return 0
- }
-
- -
- -# Get a random port to be used with a test tang server.
- -get_random_port() {
- - shuf -i 1024-65535 -n 1
- -}
- -
- -# Removes tang rotated keys from the test server.
- -tang_remove_rotated_keys() {
- - local basedir="${1}"
- -
- - if [ -z "${basedir}" ]; then
- - echo "Please pass a valid base directory for tang"
- - return 1
- - fi
- -
- - [ -z "${TANGD_UPDATE}" ] && skip_test "WARNING: TANGD_UPDATE is not defined."
- -
- - local db="${basedir}/db"
- - local cache="${basedir}/cache"
- - mkdir -p "${db}"
- - mkdir -p "${cache}"
- -
- - pushd "${db}"
- - find . -name ".*.jwk" -exec rm -f {} \;
- - popd
- -
- - "${TANGD_UPDATE}" "${db}" "${cache}"
- - return 0
- -}
- -
- -# Creates new keys for the test tang server.
- -tang_new_keys() {
- - local basedir="${1}"
- - local rotate="${2}"
- -
- - if [ -z "${basedir}" ]; then
- - echo "Please pass a valid base directory for tang"
- - return 1
- - fi
- -
- - [ -z "${TANGD_KEYGEN}" ] && skip_test "WARNING: TANGD_KEYGEN is not defined."
- - [ -z "${TANGD_UPDATE}" ] && skip_test "WARNING: TANGD_UPDATE is not defined."
- -
- - local db="${basedir}/db"
- - local cache="${basedir}/cache"
- - mkdir -p "${db}"
- -
- - if [ -n "${rotate}" ]; then
- - pushd "${db}"
- - local k
- - k=$(find . -name "*.jwk" | wc -l)
- - if [ "${k}" -gt 0 ]; then
- - for k in *.jwk; do
- - mv -f -- "${k}" ".${k}"
- - done
- - fi
- - popd
- - fi
- -
- - "${TANGD_KEYGEN}" "${db}"
- - "${TANGD_UPDATE}" "${db}" "${cache}"
- -
- - return 0
- -}
- -
- -# Start a test tang server.
- -tang_run() {
- - local basedir="${1}"
- - local port="${2}"
- -
- - if [ -z "${basedir}" ]; then
- - echo "Please pass a valid base directory for tang" >&2
- - return 1
- - fi
- -
- - if [ -z "${port}" ]; then
- - echo "Please pass a valid port for tang" >&2
- - return 1
- - fi
- -
- - if ! tang_new_keys "${basedir}"; then
- - echo "Error creating new keys for tang server" >&2
- - return 1
- - fi
- -
- - local KEYS="${basedir}/cache"
- - local inetd='--inetd'
- - [ "${SD_ACTIVATE##*/}" = "systemd-activate" ] && inetd=
- -
- - local pid pidfile
- - pidfile="${basedir}/tang.pid"
- -
- - "${SD_ACTIVATE}" ${inetd} -l "${TANG_HOST}":"${port}" \
- - -a "${TANGD}" "${KEYS}" &
- - pid=$!
- - echo "${pid}" > "${pidfile}"
- -}
- -
- -# Stop tang server.
- -tang_stop() {
- - local basedir="${1}"
- - local pidfile="${basedir}/tang.pid"
- - [ -f "${pidfile}" ] || return 0
- -
- - local pid
- - pid=$(<"${pidfile}")
- - kill "${pid}"
- -}
- -
- -# Wait for the tang server to be operational.
- -tang_wait_until_ready() {
- - local port="${1}"
- - while ! curl --output /dev/null --silent --fail \
- - http://"${TANG_HOST}":"${port}"/adv; do
- - sleep 0.1
- - echo -n . >&2
- - done
- -}
- -
- -# Get tang advertisement.
- -tang_get_adv() {
- - local port="${1}"
- - local adv="${2}"
- -
- - curl -o "${adv}" http://"${TANG_HOST}":"${port}"/adv
- -}
- -
- -export TANG_HOST=127.0.0.1
- export DEFAULT_PASS='just-some-test-password-here'
- --- a/src/luks/tests/unbind-luks1
- +++ b/src/luks/tests/unbind-luks1
- @@ -30,7 +30,7 @@
-
- TMP="$(mktemp -d)"
- ADV="${TMP}/adv.jws"
- -create_tang_adv "${ADV}"
- +tang_create_adv "${TMP}" "${ADV}"
- CFG="$(printf '{"url":"foobar","adv":"%s"}' "$ADV")"
-
- # LUKS1.
- --- a/src/luks/tests/unbind-luks2
- +++ b/src/luks/tests/unbind-luks2
- @@ -34,7 +34,7 @@
-
- TMP="$(mktemp -d)"
- ADV="${TMP}/adv.jws"
- -create_tang_adv "${ADV}"
- +tang_create_adv "${TMP}" "${ADV}"
- CFG="$(printf '{"url":"foobar","adv":"%s"}' "$ADV")"
-
- # LUKS2.
- --- a/src/luks/tests/unlock-tang-luks1
- +++ b/src/luks/tests/unlock-tang-luks1
- @@ -33,11 +33,10 @@
-
- TMP="$(mktemp -d)"
-
- -port=$(get_random_port)
- -tang_run "${TMP}" "${port}" &
- -tang_wait_until_ready "${port}"
- +port=$(tang_new_random_port)
- +tang_run "${TMP}" "${port}"
-
- -url="http://${TANG_HOST}:${port}"
- +url="http://localhost:${port}"
- adv="${TMP}/adv"
- tang_get_adv "${port}" "${adv}"
-
- --- a/src/luks/tests/unlock-tang-luks2
- +++ b/src/luks/tests/unlock-tang-luks2
- @@ -33,11 +33,10 @@
-
- TMP="$(mktemp -d)"
-
- -port=$(get_random_port)
- -tang_run "${TMP}" "${port}" &
- -tang_wait_until_ready "${port}"
- +port=$(tang_new_random_port)
- +tang_run "${TMP}" "${port}"
-
- -url="http://${TANG_HOST}:${port}"
- +url="http://localhost:${port}"
- adv="${TMP}/adv"
- tang_get_adv "${port}" "${adv}"
-
|