Laszlo Ersek
2022-Feb-23 16:22 UTC
[Libguestfs] [guestfs-tools PATCH 3/3] inspector: add LUKS-on-LVM test
Port libguestfs patch 'tests: add LUKS-on-LVM test' to virt-inspector. (This patch is best formatted with "--find-copies-harder".) Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1658126 Signed-off-by: Laszlo Ersek <lersek at redhat.com> --- inspector/Makefile.am | 5 +- test-data/phony-guests/Makefile.am | 7 +++ .gitignore | 1 + inspector/{expected-fedora.img.xml => expected-fedora-luks-on-lvm.img.xml} | 6 +-- inspector/{test-virt-inspector-lvm-on-luks.sh => test-virt-inspector-luks-on-lvm.sh} | 15 ++++-- test-data/phony-guests/guests.xml.in | 18 +++++++ test-data/phony-guests/make-fedora-img.pl | 54 ++++++++++++++++++++ 7 files changed, 97 insertions(+), 9 deletions(-) diff --git a/inspector/Makefile.am b/inspector/Makefile.am index 961498e81788..297887bae3a4 100644 --- a/inspector/Makefile.am +++ b/inspector/Makefile.am @@ -27,12 +27,14 @@ example_xml = \ EXTRA_DIST = \ expected-debian.img.xml \ expected-fedora.img.xml \ + expected-fedora-luks-on-lvm.img.xml \ expected-fedora-lvm-on-luks.img.xml \ expected-ubuntu.img.xml \ expected-archlinux.img.xml \ expected-coreos.img.xml \ expected-windows.img.xml \ test-virt-inspector.sh \ + test-virt-inspector-luks-on-lvm.sh \ test-virt-inspector-lvm-on-luks.sh \ test-virt-inspector-docs.sh \ test-xmllint.sh \ @@ -95,6 +97,7 @@ TESTS_ENVIRONMENT = $(top_builddir)/run --test TESTS = \ test-virt-inspector-docs.sh \ test-virt-inspector.sh \ + test-virt-inspector-luks-on-lvm.sh \ test-virt-inspector-lvm-on-luks.sh if HAVE_XMLLINT @@ -102,7 +105,7 @@ TESTS += test-xmllint.sh endif check-valgrind: - $(MAKE) TESTS="test-virt-inspector.sh test-virt-inspector-lvm-on-luks.sh" VG="@VG@" check + $(MAKE) TESTS="test-virt-inspector.sh test-virt-inspector-luks-on-lvm.sh test-virt-inspector-lvm-on-luks.sh" VG="@VG@" check check-valgrind-local-guests: for g in $(GUESTS); do \ diff --git a/test-data/phony-guests/Makefile.am b/test-data/phony-guests/Makefile.am index 0114d10bb170..0a41f168bdfc 100644 --- a/test-data/phony-guests/Makefile.am +++ b/test-data/phony-guests/Makefile.am @@ -49,6 +49,7 @@ disk_images = \ fedora-md1.img \ fedora-md2.img \ fedora-btrfs.img \ + fedora-luks-on-lvm.img \ fedora-lvm-on-luks.img \ ubuntu.img \ archlinux.img \ @@ -96,6 +97,12 @@ fedora-btrfs.img: make-fedora-img.pl \ fedora.db SRCDIR=$(srcdir) LAYOUT=btrfs $(top_builddir)/run --test ./$< +# Make a (dummy) Fedora image with LUKS-on-LVM. +fedora-luks-on-lvm.img: make-fedora-img.pl \ + fedora-journal.tar.xz \ + fedora.db + SRCDIR=$(srcdir) LAYOUT=luks-on-lvm $(top_builddir)/run --test ./$< + # Make a (dummy) Fedora image with LVM-on-LUKS. fedora-lvm-on-luks.img: make-fedora-img.pl \ fedora-journal.tar.xz \ diff --git a/.gitignore b/.gitignore index 5489c0cd2a5d..87040a727a7c 100644 --- a/.gitignore +++ b/.gitignore @@ -151,6 +151,7 @@ Makefile.in /test-data/phony-guests/debian.img /test-data/phony-guests/fedora.img /test-data/phony-guests/fedora-btrfs.img +/test-data/phony-guests/fedora-luks-on-lvm.img /test-data/phony-guests/fedora-lvm-on-luks.img /test-data/phony-guests/fedora-md1.img /test-data/phony-guests/fedora-md2.img diff --git a/inspector/expected-fedora.img.xml b/inspector/expected-fedora-luks-on-lvm.img.xml similarity index 98% copy from inspector/expected-fedora.img.xml copy to inspector/expected-fedora-luks-on-lvm.img.xml index 72cddaf8816d..6e21591d8066 100644 --- a/inspector/expected-fedora.img.xml +++ b/inspector/expected-fedora-luks-on-lvm.img.xml @@ -1,7 +1,7 @@ <?xml version="1.0"?> <operatingsystems> <operatingsystem> - <root>/dev/VG/Root</root> + <root>/dev/mapper/luks-ROOTUUID</root> <name>linux</name> <arch>x86_64</arch> <distro>fedora</distro> @@ -13,11 +13,11 @@ <hostname>fedora.invalid</hostname> <osinfo>fedora14</osinfo> <mountpoints> - <mountpoint dev="/dev/VG/Root">/</mountpoint> + <mountpoint dev="/dev/mapper/luks-ROOTUUID">/</mountpoint> <mountpoint dev="/dev/sda1">/boot</mountpoint> </mountpoints> <filesystems> - <filesystem dev="/dev/VG/Root"> + <filesystem dev="/dev/mapper/luks-ROOTUUID"> <type>ext2</type> <label>ROOT</label> <uuid>01234567-0123-0123-0123-012345678902</uuid> diff --git a/inspector/test-virt-inspector-lvm-on-luks.sh b/inspector/test-virt-inspector-luks-on-lvm.sh similarity index 73% copy from inspector/test-virt-inspector-lvm-on-luks.sh copy to inspector/test-virt-inspector-luks-on-lvm.sh index 955ac6316946..b2e10232c05d 100755 --- a/inspector/test-virt-inspector-lvm-on-luks.sh +++ b/inspector/test-virt-inspector-luks-on-lvm.sh @@ -19,7 +19,7 @@ # Test that virt-inspector can work on encrypted images when the # right password is supplied. # -# Regression test for https://bugzilla.redhat.com/show_bug.cgi?id=1602353 +# Regression test for https://bugzilla.redhat.com/show_bug.cgi?id=1658126 set -e set -x @@ -27,16 +27,21 @@ set -x $TEST_FUNCTIONS skip_if_skipped -f=../test-data/phony-guests/fedora-lvm-on-luks.img +f=../test-data/phony-guests/fedora-luks-on-lvm.img +keys=(--key /dev/VG/Root:key:FEDORA-Root + --key /dev/VG/LV1:key:FEDORA-LV1 + --key /dev/VG/LV2:key:FEDORA-LV2 + --key /dev/VG/LV3:key:FEDORA-LV3) # Ignore zero-sized file. if [ -s "$f" ]; then + uuid_root=$(guestfish --ro -i -a "$f" "${keys[@]}" luks-uuid /dev/VG/Root) b=$(basename "$f") - echo FEDORA | - $VG virt-inspector --keys-from-stdin --format=raw -a "$f" > "actual-$b.xml" + $VG virt-inspector "${keys[@]}" --format=raw -a "$f" > "actual-$b.xml" # Check the generated output validate the schema. $XMLLINT --noout --relaxng "$srcdir/virt-inspector.rng" "actual-$b.xml" # This 'diff' command will fail (because of -e option) if there # are any differences. - diff -ur $diff_ignore "$srcdir/expected-$b.xml" "actual-$b.xml" + sed -e "s/ROOTUUID/$uuid_root/" < "$srcdir/expected-$b.xml" \ + | diff -u - "actual-$b.xml" fi diff --git a/test-data/phony-guests/guests.xml.in b/test-data/phony-guests/guests.xml.in index 3af6b27af073..dfcccc3d4cff 100644 --- a/test-data/phony-guests/guests.xml.in +++ b/test-data/phony-guests/guests.xml.in @@ -183,6 +183,24 @@ </devices> </domain> + <!-- LUKS passwords are 'FEDORA-Root', 'FEDORA-LV1', 'FEDORA-LV2', + 'FEDORA-LV3' --> + <domain type='test'> + <name>fedora-luks-on-lvm</name> + <memory>1048576</memory> + <os> + <type>hvm</type> + <boot dev='hd'/> + </os> + <devices> + <disk type='file' device='disk'> + <driver name='qemu' type='raw'/> + <source file='@abs_builddir@/fedora-luks-on-lvm.img'/> + <target dev='vda' bus='virtio'/> + </disk> + </devices> + </domain> + <!-- LUKS password is 'FEDORA' --> <domain type='test'> <name>fedora-lvm-on-luks</name> diff --git a/test-data/phony-guests/make-fedora-img.pl b/test-data/phony-guests/make-fedora-img.pl index 4cd6ef9575eb..84d4742e9000 100755 --- a/test-data/phony-guests/make-fedora-img.pl +++ b/test-data/phony-guests/make-fedora-img.pl @@ -200,6 +200,60 @@ EOF init_lvm_root ('/dev/mapper/luks'); } +elsif ($ENV{LAYOUT} eq 'luks-on-lvm') { + push (@images, "fedora-luks-on-lvm.img-t"); + + open (my $fstab, '>', "fedora.fstab") or die; + print $fstab <<EOF; +LABEL=BOOT /boot ext2 default 0 0 +LABEL=ROOT / ext2 default 0 0 +EOF + close ($fstab) or die; + + $bootdev = '/dev/sda1'; + + $g->disk_create ("fedora-luks-on-lvm.img-t", "raw", $IMAGE_SIZE); + + $g->add_drive ("fedora-luks-on-lvm.img-t", format => "raw"); + $g->launch (); + + $g->part_init ('/dev/sda', 'mbr'); + foreach my $p (@PARTITIONS) { + $g->part_add('/dev/sda', @$p); + } + + # Create the Volume Group on /dev/sda2. + $g->pvcreate ('/dev/sda2'); + $g->vgcreate ('VG', ['/dev/sda2']); + $g->lvcreate ('Root', 'VG', 32); + $g->lvcreate ('LV1', 'VG', 32); + $g->lvcreate ('LV2', 'VG', 32); + $g->lvcreate ('LV3', 'VG', 64); + + # Format each Logical Group as a LUKS device, with a different password. + $g->luks_format ('/dev/VG/Root', 'FEDORA-Root', 0); + $g->luks_format ('/dev/VG/LV1', 'FEDORA-LV1', 0); + $g->luks_format ('/dev/VG/LV2', 'FEDORA-LV2', 0); + $g->luks_format ('/dev/VG/LV3', 'FEDORA-LV3', 0); + + # Open the LUKS devices. This creates nodes like /dev/mapper/*-luks. + $g->cryptsetup_open ('/dev/VG/Root', 'FEDORA-Root', 'Root-luks'); + $g->cryptsetup_open ('/dev/VG/LV1', 'FEDORA-LV1', 'LV1-luks'); + $g->cryptsetup_open ('/dev/VG/LV2', 'FEDORA-LV2', 'LV2-luks'); + $g->cryptsetup_open ('/dev/VG/LV3', 'FEDORA-LV3', 'LV3-luks'); + + # Phony root filesystem. + $g->mkfs ('ext2', '/dev/mapper/Root-luks', blocksize => 4096, label => 'ROOT'); + $g->set_uuid ('/dev/mapper/Root-luks', '01234567-0123-0123-0123-012345678902'); + + # Other filesystems, just for testing findfs-label. + $g->mkfs ('ext2', '/dev/mapper/LV1-luks', blocksize => 4096, label => 'LV1'); + $g->mkfs ('ext2', '/dev/mapper/LV2-luks', blocksize => 1024, label => 'LV2'); + $g->mkfs ('ext2', '/dev/mapper/LV3-luks', blocksize => 2048, label => 'LV3'); + + $g->mount ('/dev/mapper/Root-luks', '/'); +} + else { print STDERR "$0: Unknown LAYOUT: ",$ENV{LAYOUT},"\n"; exit 1; -- 2.19.1.3.g30247aa5d201
Richard W.M. Jones
2022-Feb-24 10:47 UTC
[Libguestfs] [guestfs-tools PATCH 3/3] inspector: add LUKS-on-LVM test
Also this series looks good, ACK Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com Fedora Windows cross-compiler. Compile Windows programs, test, and build Windows installers. Over 100 libraries supported. http://fedoraproject.org/wiki/MinGW