123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172 |
- #!/bin/bash -ex
- # vim: set tabstop=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80:
- #
- # Copyright (c) 2019 Red Hat, Inc.
- # Author: Sergio Correia <scorreia@redhat.com>
- #
- # This program is free software: you can redistribute it and/or modify
- # it under the terms of the GNU General Public License as published by
- # the Free Software Foundation, either version 3 of the License, or
- # (at your option) any later version.
- #
- # This program is distributed in the hope that it will be useful,
- # but WITHOUT ANY WARRANTY; without even the implied warranty of
- # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
- # along with this program. If not, see <http://www.gnu.org/licenses/>.
- #
- TEST="${0}"
- . tests-common-functions
- on_exit() {
- [ -d "${TMP}" ] && rm -rf "${TMP}"
- }
- trap 'on_exit' EXIT
- trap 'exit' ERR
- TMP="$(mktemp -d)"
- ADV="${TMP}/adv.jws"
- tang_create_adv "${TMP}" "${ADV}"
- CFG="$(printf '{"url":"foobar","adv":"%s"}' "$ADV")"
- UUID="cb6e8904-81ff-40da-a84a-07ab9ab5715e"
- KEYFILE="${TMP}/key"
- PASS=$(new_passphrase)
- echo -n "${PASS}" > "${KEYFILE}"
- # LUKS1.
- DEV="${TMP}/luks1-device"
- new_device_keyfile "luks1" "${DEV}" "${KEYFILE}"
- verify_bind() {
- local TDEV=${1}
- local TSLT=${2}
- local state uuid
- if ! read -r _ state uuid < <(luksmeta show -d "${TDEV}" | grep "^${TSLT} *"); then
- error "${TEST}: Error reading LUKSmeta info for slot ${TSLT} of ${TDEV}." >&2
- fi
- if [ "${state}" != "active" ]; then
- error "${TEST}: state (${state}) is expected to be 'active'." >&2
- fi
- if [ "${uuid}" != "${UUID}" ]; then
- error "${TEST}: UUID ($uuid) is expected to be '${UUID}'." >&2
- fi
- }
- if ! clevis luks bind -f -k "${KEYFILE}" -d "${DEV}" tang "${CFG}"; then
- error "${TEST}: Binding is expected to succeed when given a correct keyfile (${KEYFILE})." >&2
- fi
- verify_bind "${DEV}" "1"
- # Now let's pass the keyfile via stdin, non-interactively.
- if ! echo -n "${PASS}" | clevis luks bind -f -k- -d "${DEV}" tang "${CFG}"; then
- error "${TEST}: Binding is expected to succeed when given a correct passphrase (${PASS})." >&2
- fi
- verify_bind "${DEV}" "2"
|