[Libguestfs] [PATCH] tests: test --key for a real guest (with inspection)

Richard W.M. Jones rjones at redhat.com
Fri Nov 29 11:47:17 UTC 2019


On Fri, Nov 29, 2019 at 12:21:57PM +0100, Pino Toscano wrote:
> Test both the decryption by device name, and UUID.
> ---
>  tests/luks/Makefile.am                |  3 +-
>  tests/luks/test-key-option-inspect.sh | 48 +++++++++++++++++++++++++++
>  2 files changed, 50 insertions(+), 1 deletion(-)
>  create mode 100755 tests/luks/test-key-option-inspect.sh
> 
> diff --git a/tests/luks/Makefile.am b/tests/luks/Makefile.am
> index 30c817f87..2330ed72f 100644
> --- a/tests/luks/Makefile.am
> +++ b/tests/luks/Makefile.am
> @@ -20,7 +20,8 @@ include $(top_srcdir)/subdir-rules.mk
>  TESTS = \
>  	test-luks.sh \
>  	test-luks-list.sh \
> -	test-key-option.sh
> +	test-key-option.sh \
> +	test-key-option-inspect.sh
>  
>  TESTS_ENVIRONMENT = $(top_builddir)/run --test
>  
> diff --git a/tests/luks/test-key-option-inspect.sh b/tests/luks/test-key-option-inspect.sh
> new file mode 100755
> index 000000000..d6abe2531
> --- /dev/null
> +++ b/tests/luks/test-key-option-inspect.sh
> @@ -0,0 +1,48 @@
> +#!/bin/bash -
> +# libguestfs
> +# Copyright (C) 2019 Red Hat Inc.
> +#
> +# This program is free software; you can redistribute it and/or modify
> +# it under the terms of the GNU General Public License as published by
> +# the Free Software Foundation; either version 2 of the License, or
> +# (at your option) any later version.
> +#
> +# This program is distributed in the hope that it will be useful,
> +# but WITHOUT ANY WARRANTY; without even the implied warranty of
> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> +# GNU General Public License for more details.
> +#
> +# You should have received a copy of the GNU General Public License
> +# along with this program; if not, write to the Free Software
> +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
> +
> +# Test the --key option.  It is handled by common code so we only need
> +# to test one tool (guestfish).
> +
> +set -e
> +
> +$TEST_FUNCTIONS
> +skip_if_skipped
> +skip_unless_feature_available luks
> +skip_unless_phony_guest fedora-luks.img
> +
> +disk=../../test-data/phony-guests/fedora-luks.img
> +device=/dev/sda2
> +
> +# Get the UUID of the LUKS device.
> +uuid="$(guestfish --ro -a $disk run : luks-uuid $device)"
> +
> +# Try to decrypt the disk in different ways:
> +# - pass a wrong key via stdin to check the --key value is actually used only
> +# - check for /etc/fedora-release as a way to know the LUKS device was
> +#   decrypted correctly
> +
> +# Specify the libguestfs device name of the LUKS device.
> +echo wrongkey | guestfish --ro -a $disk -i --keys-from-stdin \
> +          --key "$device:key:FEDORA" \
> +          exists /etc/fedora-release
> +
> +# Specify the UUID of the LUKS device.
> +echo wrongkey | guestfish --ro -a $disk -i --keys-from-stdin \
> +          --key "$uuid:key:FEDORA" \
> +          exists /etc/fedora-release
> -- 
> 2.21.0

ACK series.

In the cover letter you said:

> A test for this (patch #4) can be applied only when the patches for
> common are applied, and the submodule updated.

What I have done in similar situations is to combine the patch which
depends on the update to common/ (which I guess is this one) with the
submodule updated commit hash.  Example:

https://github.com/libguestfs/virt-v2v/commit/51c839c77f83fae87c38ee1883ddc52c3dc1e4ad

This means that pulling in the patch automatically updates the
submodule (at least, sort of, submodules are still a pain).

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-df lists disk usage of guests without needing to install any
software inside the virtual machine.  Supports Linux and Windows.
http://people.redhat.com/~rjones/virt-df/




More information about the Libguestfs mailing list