Index: head/tests/sys/geom/class/eli/attach_test.sh =================================================================== --- head/tests/sys/geom/class/eli/attach_test.sh (revision 341391) +++ head/tests/sys/geom/class/eli/attach_test.sh (revision 341392) @@ -1,100 +1,99 @@ # $FreeBSD$ +. $(atf_get_srcdir)/conf.sh + atf_test_case attach_d cleanup attach_d_head() { atf_set "descr" "geli attach -d will cause the provider to detach on last close" atf_set "require.user" "root" } attach_d_body() { - . $(atf_get_srcdir)/conf.sh + geli_test_setup sectors=100 md=$(attach_md -t malloc -s `expr $sectors + 1`) atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none atf_check geli init -B none -P -K keyfile ${md} atf_check geli attach -d -p -k keyfile ${md} # Be sure it doesn't detach on read. atf_check dd if=/dev/${md}.eli of=/dev/null status=none sleep 1 if [ ! -c /dev/${md}.eli ]; then atf_fail "Detached on last close of a reader" fi # It should detach on last close of a writer true > /dev/${md}.eli sleep 1 if [ -c /dev/${md}.eli ]; then atf_fail "Did not detach on last close of a writer" fi } attach_d_cleanup() { - . $(atf_get_srcdir)/conf.sh geli_test_cleanup } atf_test_case attach_r cleanup attach_r_head() { atf_set "descr" "geli attach -r will create a readonly provider" atf_set "require.user" "root" } attach_r_body() { - . $(atf_get_srcdir)/conf.sh + geli_test_setup sectors=100 md=$(attach_md -t malloc -s `expr $sectors + 1`) atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none atf_check geli init -B none -P -K keyfile ${md} atf_check geli attach -r -p -k keyfile ${md} atf_check -o match:"^Flags: .*READ-ONLY" geli list ${md}.eli # Verify that writes are verbotten atf_check -s not-exit:0 -e match:"Read-only" \ dd if=/dev/zero of=/dev/${md}.eli count=1 } attach_r_cleanup() { - . $(atf_get_srcdir)/conf.sh geli_test_cleanup } atf_test_case nokey cleanup nokey_head() { atf_set "descr" "geli attach fails if called with no key component" atf_set "require.user" "root" } nokey_body() { - . $(atf_get_srcdir)/conf.sh + geli_test_setup sectors=100 md=$(attach_md -t malloc -s `expr $sectors + 1`) atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none atf_check geli init -B none -P -K keyfile ${md} atf_check -s not-exit:0 -e match:"No key components given" \ geli attach -p ${md} 2>/dev/null } nokey_cleanup() { - . $(atf_get_srcdir)/conf.sh geli_test_cleanup } atf_init_test_cases() { atf_add_test_case attach_d atf_add_test_case attach_r atf_add_test_case nokey } Index: head/tests/sys/geom/class/eli/conf.sh =================================================================== --- head/tests/sys/geom/class/eli/conf.sh (revision 341391) +++ head/tests/sys/geom/class/eli/conf.sh (revision 341392) @@ -1,98 +1,103 @@ #!/bin/sh # $FreeBSD$ class="eli" base=$(atf_get ident) MAX_SECSIZE=8192 TEST_MDS_FILE=md.devs attach_md() { local test_md test_md=$(mdconfig -a "$@") || atf_fail "failed to allocate md(4)" echo $test_md >> $TEST_MDS_FILE || exit echo $test_md } # Execute `func` for each combination of cipher, sectorsize, and hmac algo # `func` usage should be: # func for_each_geli_config() { func=$1 backing_filename=$2 # Double the sector size to allow for the HMACs' storage space. osecsize=$(( $MAX_SECSIZE * 2 )) # geli needs 512B for the label. bytes=`expr $osecsize \* $sectors + 512`b if [ -n "$backing_filename" ]; then # Use a file-backed md(4) device, so we can deliberatly corrupt # it without detaching the geli device first. truncate -s $bytes backing_file md=$(attach_md -t vnode -f backing_file) else md=$(attach_md -t malloc -s $bytes) fi for cipher in aes-xts:128 aes-xts:256 \ aes-cbc:128 aes-cbc:192 aes-cbc:256 \ 3des-cbc:192 \ blowfish-cbc:128 blowfish-cbc:160 blowfish-cbc:192 \ blowfish-cbc:224 blowfish-cbc:256 blowfish-cbc:288 \ blowfish-cbc:320 blowfish-cbc:352 blowfish-cbc:384 \ blowfish-cbc:416 blowfish-cbc:448 \ camellia-cbc:128 camellia-cbc:192 camellia-cbc:256; do ealgo=${cipher%%:*} keylen=${cipher##*:} for aalgo in hmac/md5 hmac/sha1 hmac/ripemd160 hmac/sha256 \ hmac/sha384 hmac/sha512; do for secsize in 512 1024 2048 4096 $MAX_SECSIZE; do ${func} $cipher $aalgo $secsize geli detach ${md} 2>/dev/null done done done } # Execute `func` for each combination of cipher, and sectorsize, with no hmac # `func` usage should be: # func for_each_geli_config_nointegrity() { func=$1 # geli needs 512B for the label. bytes=`expr $MAX_SECSIZE \* $sectors + 512`b md=$(attach_md -t malloc -s $bytes) for cipher in aes-xts:128 aes-xts:256 \ aes-cbc:128 aes-cbc:192 aes-cbc:256 \ 3des-cbc:192 \ blowfish-cbc:128 blowfish-cbc:160 blowfish-cbc:192 \ blowfish-cbc:224 blowfish-cbc:256 blowfish-cbc:288 \ blowfish-cbc:320 blowfish-cbc:352 blowfish-cbc:384 \ blowfish-cbc:416 blowfish-cbc:448 \ camellia-cbc:128 camellia-cbc:192 camellia-cbc:256; do ealgo=${cipher%%:*} keylen=${cipher##*:} for secsize in 512 1024 2048 4096 $MAX_SECSIZE; do ${func} $cipher $secsize geli detach ${md} 2>/dev/null done done } - geli_test_cleanup() { if [ -f "$TEST_MDS_FILE" ]; then while read md; do [ -c /dev/${md}.eli ] && \ geli detach $md.eli 2>/dev/null mdconfig -d -u $md 2>/dev/null done < $TEST_MDS_FILE fi true } +geli_test_setup() +{ + geom_atf_test_setup +} + +ATF_TEST=true . `dirname $0`/../geom_subr.sh Index: head/tests/sys/geom/class/eli/configure_test.sh =================================================================== --- head/tests/sys/geom/class/eli/configure_test.sh (revision 341391) +++ head/tests/sys/geom/class/eli/configure_test.sh (revision 341392) @@ -1,59 +1,60 @@ # $FreeBSD$ +. $(atf_get_srcdir)/conf.sh + atf_test_case configure_b_B cleanup configure_b_B_head() { atf_set "descr" "geli configure -b will set the BOOT flag" atf_set "require.user" "root" } configure_b_B_body() { - . $(atf_get_srcdir)/conf.sh + geli_test_setup sectors=100 md=$(attach_md -t malloc -s `expr $sectors + 1`) atf_check geli init -B none -P -K /dev/null ${md} atf_check -s exit:0 -o match:'flags: 0x0$' geli dump ${md} atf_check geli init -B none -b -P -K /dev/null ${md} atf_check -s exit:0 -o match:'flags: 0x2$' geli dump ${md} atf_check geli configure -B ${md} atf_check -s exit:0 -o match:'flags: 0x0$' geli dump ${md} atf_check geli configure -b ${md} atf_check -s exit:0 -o match:'flags: 0x2$' geli dump ${md} atf_check geli attach -p -k /dev/null ${md} atf_check -s exit:0 -o match:'^Flags: .*BOOT' geli list ${md}.eli atf_check geli configure -B ${md} atf_check -o not-match:'^Flags: .*BOOT' geli list ${md}.eli atf_check -s exit:0 -o match:'flags: 0x0$' geli dump ${md} atf_check geli configure -b ${md} atf_check -s exit:0 -o match:'^Flags: .*BOOT' geli list ${md}.eli atf_check -s exit:0 -o match:'flags: 0x2$' geli dump ${md} atf_check geli detach ${md} } configure_b_B_cleanup() { - . $(atf_get_srcdir)/conf.sh geli_test_cleanup } atf_init_test_cases() { atf_add_test_case configure_b_B } Index: head/tests/sys/geom/class/eli/delkey_test.sh =================================================================== --- head/tests/sys/geom/class/eli/delkey_test.sh (revision 341391) +++ head/tests/sys/geom/class/eli/delkey_test.sh (revision 341392) @@ -1,114 +1,114 @@ #!/bin/sh # $FreeBSD$ +. $(atf_get_srcdir)/conf.sh + atf_test_case delkey cleanup delkey_head() { atf_set "descr" "geli delkey can destroy the master key" atf_set "require.user" "root" } delkey_body() { - . $(atf_get_srcdir)/conf.sh + geli_test_setup sectors=100 md=$(attach_md -t malloc -s `expr $sectors + 1`) atf_check dd if=/dev/random of=keyfile1 bs=512 count=16 status=none atf_check dd if=/dev/random of=keyfile2 bs=512 count=16 status=none atf_check dd if=/dev/random of=keyfile3 bs=512 count=16 status=none atf_check dd if=/dev/random of=keyfile4 bs=512 count=16 status=none atf_check geli init -B none -P -K keyfile1 ${md} atf_check geli attach -p -k keyfile1 ${md} atf_check -s exit:0 -o ignore geli setkey -n 1 -P -K keyfile2 ${md} # Remove key 0 for attached provider. atf_check geli delkey -n 0 ${md} atf_check geli detach ${md} # We cannot use keyfile1 anymore. atf_check -s not-exit:0 -e match:"Wrong key" \ geli attach -p -k keyfile1 ${md} # Attach with key 1. atf_check geli attach -p -k keyfile2 ${md} # We cannot remove last key without -f option (for attached provider). atf_check -s not-exit:0 -e match:"This is the last Master Key" \ geli delkey -n 1 ${md} # Remove last key for attached provider. atf_check geli delkey -f -n 1 ${md} # If there are no valid keys, but provider is attached, we can save situation. atf_check -s exit:0 -o ignore geli setkey -n 0 -P -K keyfile3 ${md} atf_check geli detach ${md} # We cannot use keyfile2 anymore. atf_check -s not-exit:0 -e match:"Wrong key" \ geli attach -p -k keyfile2 ${md} # Attach with key 0. atf_check geli attach -p -k keyfile3 ${md} # Setup key 1. atf_check -s exit:0 -o ignore geli setkey -n 1 -P -K keyfile4 ${md} atf_check geli detach ${md} # Remove key 1 for detached provider. atf_check geli delkey -n 1 ${md} # We cannot use keyfile4 anymore. atf_check -s not-exit:0 -e match:"Wrong key" \ geli attach -p -k keyfile4 ${md} # We cannot remove last key without -f option (for detached provider). atf_check -s not-exit:0 -e match:"This is the last Master Key" \ geli delkey -n 0 ${md} # Remove last key for detached provider. atf_check geli delkey -f -n 0 ${md} # We cannot use keyfile3 anymore. atf_check -s not-exit:0 -e match:"No valid keys" \ geli attach -p -k keyfile3 ${md} } delkey_cleanup() { - . $(atf_get_srcdir)/conf.sh geli_test_cleanup } atf_test_case delkey_readonly cleanup delkey_readonly_head() { atf_set "descr" "geli delkey cannot work on a read-only provider" atf_set "require.user" "root" } delkey_readonly_body() { - . $(atf_get_srcdir)/conf.sh + geli_test_setup sectors=100 md=$(attach_md -t malloc -s `expr $sectors + 1`) atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none atf_check geli init -B none -P -K keyfile ${md} atf_check geli attach -r -p -k keyfile ${md} atf_check -s not-exit:0 -e match:"read-only" geli delkey -n 0 ${md} # Even with -f (force) it should still fail atf_check -s not-exit:0 -e match:"read-only" geli delkey -f -n 0 ${md} } delkey_readonly_cleanup() { - . $(atf_get_srcdir)/conf.sh geli_test_cleanup } atf_init_test_cases() { atf_add_test_case delkey atf_add_test_case delkey_readonly } Index: head/tests/sys/geom/class/eli/detach_test.sh =================================================================== --- head/tests/sys/geom/class/eli/detach_test.sh (revision 341391) +++ head/tests/sys/geom/class/eli/detach_test.sh (revision 341392) @@ -1,46 +1,47 @@ # $FreeBSD$ +. $(atf_get_srcdir)/conf.sh + atf_test_case detach_l cleanup detach_l_head() { atf_set "descr" "geli detach -l will cause a provider to detach on last close" atf_set "require.user" "root" } detach_l_body() { - . $(atf_get_srcdir)/conf.sh + geli_test_setup sectors=100 md=$(attach_md -t malloc -s `expr $sectors + 1`) atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none atf_check geli init -B none -P -K keyfile ${md} atf_check geli attach -p -k keyfile ${md} # Be sure it doesn't detach before 'detach -l'. atf_check dd if=/dev/${md}.eli of=/dev/null status=none sleep 1 if [ ! -c /dev/${md}.eli ]; then atf_fail "provider detached on last close without detach -l" fi atf_check geli detach -l ${md} if [ ! -c /dev/${md}.eli ]; then atf_fail "Provider detached before last close" fi atf_check dd if=/dev/${md}.eli of=/dev/null status=none sleep 1 if [ -c /dev/${md}.eli ]; then atf_fail "Provider did not detach on last close" fi } detach_l_cleanup() { - . $(atf_get_srcdir)/conf.sh geli_test_cleanup } atf_init_test_cases() { atf_add_test_case detach_l } Index: head/tests/sys/geom/class/eli/init_test.sh =================================================================== --- head/tests/sys/geom/class/eli/init_test.sh (revision 341391) +++ head/tests/sys/geom/class/eli/init_test.sh (revision 341392) @@ -1,392 +1,387 @@ #!/bin/sh # $FreeBSD$ +. $(atf_get_srcdir)/conf.sh + init_test() { cipher=$1 secsize=$2 ealgo=${cipher%%:*} keylen=${cipher##*:} atf_check -s exit:0 -e ignore \ geli init -B none -e $ealgo -l $keylen -P -K keyfile \ -s $secsize ${md} atf_check geli attach -p -k keyfile ${md} atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=${sectors} \ status=none md_rnd=`dd if=rnd bs=${secsize} count=${sectors} status=none | md5` atf_check_equal 0 $? md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${sectors} status=none | md5` atf_check_equal 0 $? md_edev=`dd if=/dev/${md} bs=${secsize} count=${sectors} status=none | md5` atf_check_equal 0 $? if [ ${md_rnd} != ${md_ddev} ]; then atf_fail "Miscompare for ealgo=${ealgo} keylen=${keylen} sec=${secsize}" fi if [ ${md_rnd} == ${md_edev} ]; then atf_fail "Data was not encrypted for ealgo=${ealgo} keylen=${keylen} sec=${secsize}" fi } atf_test_case init cleanup init_head() { atf_set "descr" "Basic I/O with geli" atf_set "require.user" "root" atf_set "timeout" 600 } init_body() { - . $(atf_get_srcdir)/conf.sh + geli_test_setup sectors=32 atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none atf_check dd if=/dev/random of=rnd bs=$MAX_SECSIZE count=${sectors} \ status=none for_each_geli_config_nointegrity init_test } init_cleanup() { - . $(atf_get_srcdir)/conf.sh geli_test_cleanup } atf_test_case init_B cleanup init_B_head() { atf_set "descr" "init -B can select an alternate backup metadata file" atf_set "require.user" "root" } init_B_body() { - . $(atf_get_srcdir)/conf.sh + geli_test_setup sectors=100 atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none md=$(attach_md -t malloc -s $sectors) # -B none rm -f /var/backups/${md}.eli atf_check -s exit:0 -o ignore geli init -B none -P -K keyfile ${md} if [ -f /var/backups/${md}.eli ]; then atf_fail "geli created a backup file even with -B none" fi # no -B rm -f /var/backups/${md}.eli atf_check -s exit:0 -o ignore geli init -P -K keyfile ${md} if [ ! -f /var/backups/${md}.eli ]; then atf_fail "geli did not create a backup file" fi atf_check geli clear ${md} atf_check -s not-exit:0 -e ignore geli attach -p -k keyfile ${md} atf_check -s exit:0 -o ignore geli restore /var/backups/${md}.eli ${md} atf_check -s exit:0 -o ignore geli attach -p -k keyfile ${md} atf_check geli detach ${md} rm -f /var/backups/${md}.eli # -B file rm -f backupfile atf_check -s exit:0 -o ignore \ geli init -B backupfile -P -K keyfile ${md} if [ ! -f backupfile ]; then atf_fail "geli init -B did not create a backup file" fi atf_check geli clear ${md} atf_check -s not-exit:0 -e ignore geli attach -p -k keyfile ${md} atf_check geli restore backupfile ${md} atf_check geli attach -p -k keyfile ${md} } init_B_cleanup() { - . $(atf_get_srcdir)/conf.sh geli_test_cleanup } atf_test_case init_J cleanup init_J_head() { atf_set "descr" "init -J accepts a passfile" atf_set "require.user" "root" } init_J_body() { - . $(atf_get_srcdir)/conf.sh + geli_test_setup sectors=100 md=$(attach_md -t malloc -s `expr $sectors + 1`) atf_check dd if=/dev/random of=keyfile0 bs=512 count=16 status=none atf_check dd if=/dev/random of=keyfile1 bs=512 count=16 status=none dd if=/dev/random bs=512 count=16 status=none | sha1 > passfile0 atf_check_equal 0 $? dd if=/dev/random bs=512 count=16 status=none | sha1 > passfile1 atf_check_equal 0 $? for iter in -1 0 64; do atf_check -s not-exit:0 -e ignore \ geli init -i ${iter} -B none -J passfile0 -P ${md} atf_check -s not-exit:0 -e ignore \ geli init -i ${iter} -B none -J passfile0 -P -K keyfile0 ${md} atf_check geli init -i ${iter} -B none -J passfile0 -K keyfile0 ${md} atf_check -s not-exit:0 -e ignore \ geli attach -k keyfile0 -p ${md} atf_check -s not-exit:0 -e ignore \ geli attach -j passfile0 ${md} atf_check -s not-exit:0 -e ignore \ geli attach -j keyfile0 ${md} atf_check -s not-exit:0 -e ignore \ geli attach -k passfile0 -p ${md} atf_check -s not-exit:0 -e ignore \ geli attach -j keyfile0 -k passfile0 ${md} atf_check -s not-exit:0 -e ignore \ geli attach -j keyfile0 -k keyfile0 ${md} atf_check -s not-exit:0 -e ignore \ geli attach -j passfile0 -k passfile0 ${md} atf_check -s exit:0 -e ignore \ geli attach -j passfile0 -k keyfile0 ${md} atf_check -s exit:0 -e ignore geli detach ${md} atf_check -s exit:0 -e ignore -x \ "cat keyfile0 | geli attach -j passfile0 -k - ${md}" atf_check -s exit:0 -e ignore geli detach ${md} atf_check -s exit:0 -e ignore -x \ "cat passfile0 | geli attach -j - -k keyfile0 ${md}" atf_check -s exit:0 -e ignore geli detach ${md} atf_check -s not-exit:0 -e ignore \ geli init -i ${iter} -B none -J passfile0 -J passfile1 -P ${md} atf_check -s not-exit:0 -e ignore \ geli init -i ${iter} -B none -J passfile0 -J passfile1 -P -K keyfile0 -K keyfile1 ${md} atf_check -s exit:0 -e ignore \ geli init -i ${iter} -B none -J passfile0 -J passfile1 -K keyfile0 -K keyfile1 ${md} atf_check -s not-exit:0 -e ignore \ geli attach -k keyfile0 -p ${md} atf_check -s not-exit:0 -e ignore \ geli attach -k keyfile1 -p ${md} atf_check -s not-exit:0 -e ignore \ geli attach -j passfile0 ${md} atf_check -s not-exit:0 -e ignore \ geli attach -j passfile1 ${md} atf_check -s not-exit:0 -e ignore \ geli attach -k keyfile0 -k keyfile1 -p ${md} atf_check -s not-exit:0 -e ignore \ geli attach -j passfile0 -j passfile1 ${md} atf_check -s not-exit:0 -e ignore \ geli attach -k keyfile0 -j passfile0 ${md} atf_check -s not-exit:0 -e ignore \ geli attach -k keyfile0 -j passfile1 ${md} atf_check -s not-exit:0 -e ignore \ geli attach -k keyfile1 -j passfile0 ${md} atf_check -s not-exit:0 -e ignore \ geli attach -k keyfile1 -j passfile1 ${md} atf_check -s not-exit:0 -e ignore \ geli attach -k keyfile0 -j passfile0 -j passfile1 ${md} atf_check -s not-exit:0 -e ignore \ geli attach -k keyfile1 -j passfile0 -j passfile1 ${md} atf_check -s not-exit:0 -e ignore \ geli attach -k keyfile0 -k keyfile1 -j passfile0 ${md} atf_check -s not-exit:0 -e ignore \ geli attach -k keyfile0 -k keyfile1 -j passfile1 ${md} atf_check -s not-exit:0 -e ignore \ geli attach -k keyfile1 -k keyfile0 -j passfile0 -j passfile1 ${md} atf_check -s not-exit:0 -e ignore \ geli attach -k keyfile0 -k keyfile1 -j passfile1 -j passfile0 ${md} atf_check -s not-exit:0 -e ignore \ geli attach -k keyfile1 -k keyfile0 -j passfile1 -j passfile0 ${md} atf_check -s exit:0 -e ignore \ geli attach -j passfile0 -j passfile1 -k keyfile0 -k keyfile1 ${md} atf_check -s exit:0 -e ignore geli detach ${md} atf_check -s exit:0 -e ignore -x \ "cat passfile0 | geli attach -j - -j passfile1 -k keyfile0 -k keyfile1 ${md}" atf_check -s exit:0 -e ignore geli detach ${md} atf_check -s exit:0 -e ignore -x \ "cat passfile1 | geli attach -j passfile0 -j - -k keyfile0 -k keyfile1 ${md}" atf_check -s exit:0 -e ignore geli detach ${md} atf_check -s exit:0 -e ignore -x \ "cat keyfile0 | geli attach -j passfile0 -j passfile1 -k - -k keyfile1 ${md}" atf_check -s exit:0 -e ignore geli detach ${md} atf_check -s exit:0 -e ignore -x \ "cat keyfile1 | geli attach -j passfile0 -j passfile1 -k keyfile0 -k - ${md}" atf_check -s exit:0 -e ignore geli detach ${md} atf_check -s exit:0 -e ignore -x \ "cat keyfile0 keyfile1 | geli attach -j passfile0 -j passfile1 -k - ${md}" atf_check -s exit:0 -e ignore geli detach ${md} atf_check -s exit:0 -e ignore -x \ "cat passfile0 passfile1 | awk '{printf \"%s\", \$0}' | geli attach -j - -k keyfile0 -k keyfile1 ${md}" atf_check -s exit:0 -e ignore geli detach ${md} done } init_J_cleanup() { - . $(atf_get_srcdir)/conf.sh geli_test_cleanup } init_a_test() { cipher=$1 aalgo=$2 secsize=$3 ealgo=${cipher%%:*} keylen=${cipher##*:} atf_check -s exit:0 -e ignore \ geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K keyfile \ -s $secsize ${md} atf_check geli attach -p -k keyfile ${md} atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=${sectors} status=none md_rnd=`dd if=rnd bs=${secsize} count=${sectors} status=none | md5` atf_check_equal 0 $? md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${sectors} status=none | md5` atf_check_equal 0 $? if [ ${md_rnd} != ${md_ddev} ]; then atf_fail "Miscompare for aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" fi } atf_test_case init_a cleanup init_a_head() { atf_set "descr" "I/O with geli and HMACs" atf_set "require.user" "root" atf_set "timeout" 3600 } init_a_body() { - . $(atf_get_srcdir)/conf.sh + geli_test_setup sectors=100 atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none atf_check dd if=/dev/random of=rnd bs=$MAX_SECSIZE count=${sectors} \ status=none for_each_geli_config init_a_test true } init_a_cleanup() { - . $(atf_get_srcdir)/conf.sh geli_test_cleanup } init_alias_test() { ealgo=$1 keylen=$2 expected_ealgo=$3 expected_keylen=$4 atf_check geli init -B none -e $ealgo -l $keylen -P -K keyfile ${md} atf_check geli attach -p -k keyfile ${md} real_ealgo=`geli list ${md}.eli | awk '/EncryptionAlgorithm/ {print $2}'` real_keylen=`geli list ${md}.eli | awk '/KeyLength/ {print $2}'` if [ "${real_ealgo}" != "${expected_ealgo}" ]; then atf_fail "expected ${expected_ealgo} but got ${real_ealgo}" fi if [ "${real_keylen}" != "${expected_keylen}" ]; then atf_fail "expected ${expected_keylen} but got ${real_keylen}" fi atf_check geli detach ${md} } atf_test_case init_alias cleanup init_alias_head() { atf_set "descr" "geli init accepts cipher aliases" atf_set "require.user" "root" } init_alias_body() { - . $(atf_get_srcdir)/conf.sh + geli_test_setup md=$(attach_md -t malloc -s 1024k) atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none for spec in aes:0:AES-XTS:128 aes:128:AES-XTS:128 aes:256:AES-XTS:256 \ 3des:0:3DES-CBC:192 3des:192:3DES-CBC:192 \ blowfish:0:Blowfish-CBC:128 blowfish:128:Blowfish-CBC:128 \ blowfish:160:Blowfish-CBC:160 blowfish:192:Blowfish-CBC:192 \ blowfish:224:Blowfish-CBC:224 blowfish:256:Blowfish-CBC:256 \ blowfish:288:Blowfish-CBC:288 blowfish:352:Blowfish-CBC:352 \ blowfish:384:Blowfish-CBC:384 blowfish:416:Blowfish-CBC:416 \ blowfish:448:Blowfish-CBC:448 \ camellia:0:CAMELLIA-CBC:128 camellia:128:CAMELLIA-CBC:128 \ camellia:256:CAMELLIA-CBC:256 ; do ealgo=`echo $spec | cut -d : -f 1` keylen=`echo $spec | cut -d : -f 2` expected_ealgo=`echo $spec | cut -d : -f 3` expected_keylen=`echo $spec | cut -d : -f 4` init_alias_test $ealgo $keylen $expected_ealgo $expected_keylen done } init_alias_cleanup() { - . $(atf_get_srcdir)/conf.sh geli_test_cleanup } atf_test_case init_i_P cleanup init_i_P_head() { atf_set "descr" "geli: Options -i and -P are mutually exclusive" atf_set "require.user" "root" } init_i_P_body() { - . $(atf_get_srcdir)/conf.sh + geli_test_setup sectors=100 md=$(attach_md -t malloc -s `expr $sectors + 1`) atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none atf_check -s not-exit:0 -e "match:Options -i and -P are mutually exclusive"\ geli init -B none -i 64 -P -K keyfile $md } init_i_P_cleanup() { - . $(atf_get_srcdir)/conf.sh geli_test_cleanup } atf_test_case nokey cleanup nokey_head() { atf_set "descr" "geli init fails if called with no key component" atf_set "require.user" "root" } nokey_body() { - . $(atf_get_srcdir)/conf.sh + geli_test_setup sectors=100 md=$(attach_md -t malloc -s `expr $sectors + 1`) atf_check -s not-exit:0 -e match:"No key components given" \ geli init -B none -P ${md} } nokey_cleanup() { - . $(atf_get_srcdir)/conf.sh geli_test_cleanup } atf_init_test_cases() { atf_add_test_case init atf_add_test_case init_B atf_add_test_case init_J atf_add_test_case init_a atf_add_test_case init_alias atf_add_test_case init_i_P atf_add_test_case nokey } Index: head/tests/sys/geom/class/eli/integrity_test.sh =================================================================== --- head/tests/sys/geom/class/eli/integrity_test.sh (revision 341391) +++ head/tests/sys/geom/class/eli/integrity_test.sh (revision 341392) @@ -1,165 +1,164 @@ # $FreeBSD$ +. $(atf_get_srcdir)/conf.sh + copy_test() { cipher=$1 aalgo=$2 secsize=$3 ealgo=${cipher%%:*} keylen=${cipher##*:} atf_check -s exit:0 -e ignore \ geli init -B none -a $aalgo -e $ealgo -l $keylen -P \ -K keyfile -s $secsize ${md} atf_check geli attach -p -k keyfile ${md} atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=1 status=none # Copy first small sector to the second small sector. # This should be detected as corruption. atf_check dd if=backing_file of=sector bs=512 count=1 \ conv=notrunc status=none atf_check dd if=sector of=backing_file bs=512 count=1 seek=1 \ conv=notrunc status=none atf_check -s not-exit:0 -e ignore \ dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=1 # Fix the corruption atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=2 status=none atf_check dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=2 \ status=none # Copy first big sector to the second big sector. # This should be detected as corruption. ms=`diskinfo /dev/${md} | awk '{print $3 - 512}'` ns=`diskinfo /dev/${md}.eli | awk '{print $4}'` usecsize=`echo "($ms / $ns) - (($ms / $ns) % 512)" | bc` atf_check dd if=backing_file bs=512 count=$(( ${usecsize} / 512 )) \ seek=$(( $secsize / 512 )) of=sector conv=notrunc status=none atf_check dd of=backing_file bs=512 count=$(( ${usecsize} / 512 )) \ seek=$(( $secsize / 256 )) if=sector conv=notrunc status=none atf_check -s not-exit:0 -e ignore \ dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=$ns } atf_test_case copy cleanup copy_head() { atf_set "descr" "geli will detect misdirected writes as corruption" atf_set "require.user" "root" atf_set "timeout" 3600 } copy_body() { - . $(atf_get_srcdir)/conf.sh + geli_test_setup sectors=2 atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none dd if=/dev/random of=rnd bs=${MAX_SECSIZE} count=${sectors} status=none - + for_each_geli_config copy_test backing_file } copy_cleanup() { - . $(atf_get_srcdir)/conf.sh geli_test_cleanup } data_test() { cipher=$1 aalgo=$2 secsize=$3 ealgo=${cipher%%:*} keylen=${cipher##*:} atf_check -s exit:0 -e ignore \ geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K keyfile \ -s $secsize ${md} # Corrupt 8 bytes of data. atf_check dd if=/dev/${md} of=sector bs=512 count=1 status=none atf_check dd if=rnd of=sector bs=1 count=8 seek=64 conv=notrunc status=none atf_check dd if=sector of=/dev/${md} bs=512 count=1 status=none atf_check geli attach -p -k keyfile ${md} # Try to read from the corrupt sector atf_check -s not-exit:0 -e ignore \ dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=1 } atf_test_case data cleanup data_head() { atf_set "descr" "With HMACs, geli will detect data corruption" atf_set "require.user" "root" atf_set "timeout" 1800 } data_body() { - . $(atf_get_srcdir)/conf.sh + geli_test_setup sectors=2 atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none dd if=/dev/random of=rnd bs=${MAX_SECSIZE} count=${sectors} status=none for_each_geli_config data_test } data_cleanup() { - . $(atf_get_srcdir)/conf.sh geli_test_cleanup } hmac_test() { cipher=$1 aalgo=$2 secsize=$3 ealgo=${cipher%%:*} keylen=${cipher##*:} atf_check -s exit:0 -e ignore \ geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K keyfile \ -s $secsize ${md} # Corrupt 8 bytes of HMAC. atf_check dd if=/dev/${md} of=sector bs=512 count=1 status=none atf_check dd if=rnd of=sector bs=1 count=16 conv=notrunc status=none atf_check dd if=sector of=/dev/${md} bs=512 count=1 status=none atf_check geli attach -p -k keyfile ${md} # Try to read from the corrupt sector atf_check -s not-exit:0 -e ignore \ dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=1 } atf_test_case hmac cleanup hmac_head() { atf_set "descr" "geli will detect corruption of HMACs" atf_set "require.user" "root" atf_set "timeout" 1800 } hmac_body() { - . $(atf_get_srcdir)/conf.sh + geli_test_setup sectors=2 atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none dd if=/dev/random of=rnd bs=${MAX_SECSIZE} count=${sectors} status=none for_each_geli_config hmac_test } hmac_cleanup() { - . $(atf_get_srcdir)/conf.sh geli_test_cleanup } atf_init_test_cases() { atf_add_test_case copy atf_add_test_case data atf_add_test_case hmac } Index: head/tests/sys/geom/class/eli/kill_test.sh =================================================================== --- head/tests/sys/geom/class/eli/kill_test.sh (revision 341391) +++ head/tests/sys/geom/class/eli/kill_test.sh (revision 341392) @@ -1,102 +1,102 @@ # $FreeBSD$ +. $(atf_get_srcdir)/conf.sh + atf_test_case kill cleanup kill_head() { atf_set "descr" "geli kill will wipe a provider's metadata" atf_set "require.user" "root" } kill_body() { - . $(atf_get_srcdir)/conf.sh + geli_test_setup sectors=100 md=$(attach_md -t malloc -s `expr $sectors + 1`) atf_check dd if=/dev/random of=keyfile1 bs=512 count=16 status=none atf_check dd if=/dev/random of=keyfile2 bs=512 count=16 status=none atf_check geli init -B none -P -K keyfile1 ${md} atf_check geli attach -p -k keyfile1 ${md} atf_check -s exit:0 -o ignore geli setkey -n 1 -P -K keyfile2 ${md} # Kill attached provider. atf_check geli kill ${md} sleep 1 # Provider should be automatically detached. if [ -c /dev/${md}.eli ]; then atf_fail "Provider did not detach when killed" fi # We cannot use keyfile1 anymore. atf_check -s not-exit:0 -e match:"Cannot read metadata" \ geli attach -p -k keyfile1 ${md} # We cannot use keyfile2 anymore. atf_check -s not-exit:0 -e match:"Cannot read metadata" \ geli attach -p -k keyfile2 ${md} atf_check geli init -B none -P -K keyfile1 ${md} atf_check -s exit:0 -o ignore \ geli setkey -n 1 -p -k keyfile1 -P -K keyfile2 ${md} # Should be possible to attach with keyfile1. atf_check geli attach -p -k keyfile1 ${md} atf_check geli detach ${md} # Should be possible to attach with keyfile2. atf_check geli attach -p -k keyfile2 ${md} atf_check geli detach ${md} # Kill detached provider. atf_check geli kill ${md} # We cannot use keyfile1 anymore. atf_check -s not-exit:0 -e match:"Cannot read metadata" \ geli attach -p -k keyfile1 ${md} # We cannot use keyfile2 anymore. atf_check -s not-exit:0 -e match:"Cannot read metadata" \ geli attach -p -k keyfile2 ${md} } kill_cleanup() { - . $(atf_get_srcdir)/conf.sh geli_test_cleanup } atf_test_case kill_readonly cleanup kill_readonly_head() { atf_set "descr" "geli kill will not destroy the keys of a readonly provider" atf_set "require.user" "root" } kill_readonly_body() { - . $(atf_get_srcdir)/conf.sh + geli_test_setup sectors=100 md=$(attach_md -t malloc -s `expr $sectors + 1`) atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none atf_check geli init -B none -P -K keyfile ${md} # Attach read-only atf_check geli attach -r -p -k keyfile ${md} atf_check geli kill ${md} # The provider will be detached atf_check [ ! -c /dev/${md}.eli ] # But its keys should not be destroyed atf_check geli attach -p -k keyfile ${md} } kill_readonly_cleanup() { - . $(atf_get_srcdir)/conf.sh geli_test_cleanup } atf_init_test_cases() { atf_add_test_case kill atf_add_test_case kill_readonly } Index: head/tests/sys/geom/class/eli/misc_test.sh =================================================================== --- head/tests/sys/geom/class/eli/misc_test.sh (revision 341391) +++ head/tests/sys/geom/class/eli/misc_test.sh (revision 341392) @@ -1,177 +1,172 @@ # Copyright (c) 2018 Alan Somers # All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # $FreeBSD$ +. $(atf_get_srcdir)/conf.sh + atf_test_case preserve_props cleanup preserve_props_head() { atf_set "descr" "geli should preserve basic GEOM properties" atf_set "require.user" "root" atf_set "timeout" 15 } preserve_props_body() { - . $(atf_get_srcdir)/conf.sh + geli_test_setup + md=$(attach_md -s1m) atf_check geli onetime /dev/${md} md_secsize=$(diskinfo ${md} | cut -wf 2) md_stripesize=$(diskinfo ${md} | cut -wf 5) eli_secsize=$(diskinfo ${md}.eli | cut -wf 2) eli_stripesize=$(diskinfo ${md}.eli | cut -wf 5) atf_check_equal "$md_secsize" "$eli_secsize" atf_check_equal "$md_stripesize" "$eli_stripesize" } preserve_props_cleanup() { - . $(atf_get_srcdir)/conf.sh geli_test_cleanup } atf_test_case preserve_disk_props cleanup preserve_disk_props_head() { atf_set "descr" "geli should preserve properties for disks" atf_set "require.user" "root" atf_set "require.config" "disks" atf_set "timeout" 15 } preserve_disk_props_body() { - . $(atf_get_srcdir)/conf.sh + geli_test_setup + disks=`atf_config_get disks` disk=${disks%% *} if [ -z "$disk" ]; then atf_skip "Must define disks (see tests(7))" fi atf_check geli onetime ${disk} disk_ident=$(diskinfo -s ${disk}) disk_descr=$(diskinfo -v ${disk} | awk '/Disk descr/ {print $1}') disk_rotrate=$(diskinfo -v ${disk} | awk '/Rotation rate/ {print $1}') disk_zonemode=$(diskinfo -v ${disk} | awk '/Zone Mode/ {print $1}') eli_ident=$(diskinfo -s ${disk}.eli) eli_descr=$(diskinfo -v ${disk}.eli | awk '/Disk descr/ {print $1}') eli_rotrate=$(diskinfo -v ${disk}.eli | awk '/Rotation/ {print $1}') eli_zonemode=$(diskinfo -v ${disk}.eli | awk '/Zone Mode/ {print $1}') atf_check_equal "$disk_ident" "$eli_ident" atf_check_equal "$disk_descr" "$eli_descr" atf_check_equal "$disk_rotrate" "$eli_rotrate" atf_check_equal "$disk_zonemode" "$eli_zonemode" } preserve_disk_props_cleanup() { - . $(atf_get_srcdir)/conf.sh disk_cleanup geli_test_cleanup } atf_test_case physpath cleanup physpath_head() { atf_set "descr" "geli should append /eli to the underlying device's physical path" atf_set "require.user" "root" atf_set "timeout" 15 } physpath_body() { - . $(atf_get_srcdir)/conf.sh - load_gnop + geli_test_setup + if ! error_message=$(geom_load_class_if_needed nop); then + atf_skip "$error_message" + fi md=$(attach_md -s1m) # If the underlying device has no physical path, then geli should not # create one. atf_check -o empty -e ignore diskinfo -p $md atf_check -s exit:0 geli onetime $md atf_check -o empty -e ignore diskinfo -p $md.eli atf_check -s exit:0 geli kill $md # If the underlying device does have a physical path, then geli should # append "/eli" physpath="some/physical/path" atf_check gnop create -z $physpath ${md} atf_check -s exit:0 geli onetime $md.nop atf_check -o match:"^${physpath}/eli$" diskinfo -p $md.nop.eli } physpath_cleanup() { - . $(atf_get_srcdir)/conf.sh - if [ -f "$TEST_MDS_FILE" ]; then while read md; do [ -c /dev/${md}.nop.eli ] && \ geli detach $md.nop.eli 2>/dev/null [ -c /dev/${md}.nop ] && \ gnop destroy -f $md.nop 2>/dev/null [ -c /dev/${md}.eli ] && \ geli detach $md.eli 2>/dev/null mdconfig -d -u $md 2>/dev/null done < $TEST_MDS_FILE fi true } atf_init_test_cases() { atf_add_test_case physpath atf_add_test_case preserve_props atf_add_test_case preserve_disk_props } common_cleanup() { if [ -f "$MD_DEVS" ]; then while read test_md; do gnop destroy -f ${test_md}.nop 2>/dev/null mdconfig -d -u $test_md 2>/dev/null done < $MD_DEVS rm $MD_DEVS fi if [ -f "$PLAINFILES" ]; then while read f; do rm -f ${f} done < ${PLAINFILES} rm ${PLAINFILES} fi true } disk_cleanup() { disks=`atf_config_get disks` disk=${disks%% *} if [ -n "$disk" ]; then geli kill ${disk} 2>/dev/null - fi -} - -load_gnop() -{ - if ! kldstat -q -m g_nop; then - geom nop load || atf_skip "could not load module for geom nop" fi } Index: head/tests/sys/geom/class/eli/onetime_test.sh =================================================================== --- head/tests/sys/geom/class/eli/onetime_test.sh (revision 341391) +++ head/tests/sys/geom/class/eli/onetime_test.sh (revision 341392) @@ -1,137 +1,138 @@ # $FreeBSD$ +. $(atf_get_srcdir)/conf.sh + onetime_test() { cipher=$1 secsize=$2 ealgo=${cipher%%:*} keylen=${cipher##*:} atf_check -s exit:0 -o ignore -e ignore \ geli onetime -e $ealgo -l $keylen -s $secsize ${md} atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=${sectors} status=none md_rnd=`dd if=rnd bs=${secsize} count=${sectors} status=none | md5` atf_check_equal 0 $? md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${sectors} status=none | md5` atf_check_equal 0 $? md_edev=`dd if=/dev/${md} bs=${secsize} count=${sectors} status=none | md5` atf_check_equal 0 $? if [ ${md_rnd} != ${md_ddev} ]; then atf_fail "geli did not return the original data" fi if [ ${md_rnd} == ${md_edev} ]; then atf_fail "geli did not encrypt the data" fi } atf_test_case onetime cleanup onetime_head() { atf_set "descr" "geli onetime can create temporary providers" atf_set "require.user" "root" atf_set "timeout" 1800 } onetime_body() { - . $(atf_get_srcdir)/conf.sh + geli_test_setup + sectors=100 dd if=/dev/random of=rnd bs=${MAX_SECSIZE} count=${sectors} status=none for_each_geli_config_nointegrity onetime_test } onetime_cleanup() { - . $(atf_get_srcdir)/conf.sh geli_test_cleanup } onetime_a_test() { cipher=$1 aalgo=$2 secsize=$3 ealgo=${cipher%%:*} keylen=${cipher##*:} atf_check -s exit:0 -o ignore -e ignore \ geli onetime -a $aalgo -e $ealgo -l $keylen -s $secsize ${md} atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=${sectors} status=none md_rnd=`dd if=rnd bs=${secsize} count=${sectors} status=none | md5` atf_check_equal 0 $? md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${sectors} status=none | md5` atf_check_equal 0 $? if [ ${md_rnd} != ${md_ddev} ]; then atf_fail "Miscompare for aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" fi } atf_test_case onetime_a cleanup onetime_a_head() { atf_set "descr" "geli onetime with HMACs" atf_set "require.user" "root" atf_set "timeout" 1800 } onetime_a_body() { - . $(atf_get_srcdir)/conf.sh + geli_test_setup + sectors=8 atf_check dd if=/dev/random of=rnd bs=$MAX_SECSIZE count=$sectors \ status=none for_each_geli_config onetime_a_test } onetime_a_cleanup() { - . $(atf_get_srcdir)/conf.sh geli_test_cleanup } atf_test_case onetime_d cleanup onetime_d_head() { atf_set "descr" "geli onetime -d will create providers that detach on last close" atf_set "require.user" "root" } onetime_d_body() { - . $(atf_get_srcdir)/conf.sh + geli_test_setup sectors=100 md=$(attach_md -t malloc -s $sectors) atf_check geli onetime -d ${md} if [ ! -c /dev/${md}.eli ]; then atf_fail "Provider not created, or immediately detached" fi # Be sure it doesn't detach on read. atf_check dd if=/dev/${md}.eli of=/dev/null status=none sleep 1 if [ ! -c /dev/${md}.eli ]; then atf_fail "Provider detached when a reader closed" fi # It should detach when a writer closes true > /dev/${md}.eli sleep 1 if [ -c /dev/${md}.eli ]; then atf_fail "Provider didn't detach on last close of a writer" fi } onetime_d_cleanup() { - . $(atf_get_srcdir)/conf.sh geli_test_cleanup } atf_init_test_cases() { atf_add_test_case onetime atf_add_test_case onetime_a atf_add_test_case onetime_d } Index: head/tests/sys/geom/class/eli/resize_test.sh =================================================================== --- head/tests/sys/geom/class/eli/resize_test.sh (revision 341391) +++ head/tests/sys/geom/class/eli/resize_test.sh (revision 341392) @@ -1,88 +1,89 @@ #!/bin/sh # $FreeBSD$ +. $(atf_get_srcdir)/conf.sh + atf_test_case resize cleanup resize_head() { atf_set "descr" "geli resize will resize a geli provider" atf_set "require.user" "root" } resize_body() { - . $(atf_get_srcdir)/conf.sh + geli_test_setup + BLK=512 BLKS_PER_MB=2048 md=$(attach_md -t malloc -s40m) # Initialise atf_check -s exit:0 -o ignore gpart create -s BSD ${md} atf_check -s exit:0 -o ignore gpart add -t freebsd-ufs -s 10m ${md} echo secret >tmp.key atf_check geli init -Bnone -PKtmp.key ${md}a atf_check geli attach -pk tmp.key ${md}a atf_check -s exit:0 -o ignore newfs -U ${md}a.eli atf_check -s exit:7 -o ignore fsck_ffs -Ffy ${md}a.eli # Doing a backup, resize & restore must be forced (with -f) as geli # verifies that the provider size in the metadata matches the consumer. atf_check geli backup ${md}a tmp.meta atf_check geli detach ${md}a.eli atf_check -s exit:0 -o match:resized gpart resize -i1 -s 20m ${md} atf_check -s not-exit:0 -e ignore geli attach -pktmp.key ${md}a atf_check -s not-exit:0 -e ignore geli restore tmp.meta ${md}a atf_check geli restore -f tmp.meta ${md}a atf_check geli attach -pktmp.key ${md}a atf_check -s exit:0 -o ignore growfs -y ${md}a.eli atf_check -s exit:7 -o ignore fsck_ffs -Ffy ${md}a.eli # Now do the resize properly atf_check geli detach ${md}a.eli atf_check -s exit:0 -o match:resized gpart resize -i1 -s 30m ${md} atf_check geli resize -s20m ${md}a atf_check -s not-exit:0 -e match:"Inconsistent provider.*metadata" \ geli resize -s20m ${md}a atf_check geli attach -pktmp.key ${md}a atf_check -s exit:0 -o ignore growfs -y ${md}a.eli atf_check -s exit:7 -o ignore fsck_ffs -Ffy ${md}a.eli atf_check geli detach ${md}a.eli atf_check -s exit:0 -o ignore gpart destroy -F $md # Verify that the man page example works, changing ada0 to $md, # 1g to 20m, 2g to 30m and keyfile to tmp.key, and adding -B none # to geli init. atf_check -s exit:0 -o ignore gpart create -s GPT $md atf_check -s exit:0 -o ignore gpart add -s 20m -t freebsd-ufs -i 1 $md atf_check geli init -B none -K tmp.key -P ${md}p1 atf_check -s exit:0 -o match:resized gpart resize -s 30m -i 1 $md atf_check geli resize -s 20m ${md}p1 atf_check geli attach -k tmp.key -p ${md}p1 } resize_cleanup() { - . $(atf_get_srcdir)/conf.sh - if [ -f "$TEST_MDS_FILE" ]; then while read md; do [ -c /dev/${md}a.eli ] && \ geli detach ${md}a.eli 2>/dev/null [ -c /dev/${md}p1.eli ] && \ geli detach ${md}p1.eli [ -c /dev/${md}.eli ] && \ geli detach ${md}.eli 2>/dev/null mdconfig -d -u $md 2>/dev/null done < $TEST_MDS_FILE fi } atf_init_test_cases() { atf_add_test_case resize } Index: head/tests/sys/geom/class/eli/setkey_test.sh =================================================================== --- head/tests/sys/geom/class/eli/setkey_test.sh (revision 341391) +++ head/tests/sys/geom/class/eli/setkey_test.sh (revision 341392) @@ -1,164 +1,163 @@ #!/bin/sh # $FreeBSD$ +. $(atf_get_srcdir)/conf.sh + atf_test_case setkey cleanup setkey_head() { atf_set "descr" "geli setkey can change the key for an existing provider" atf_set "require.user" "root" } setkey_body() { - . $(atf_get_srcdir)/conf.sh + geli_test_setup sectors=100 md=$(attach_md -t malloc -s `expr $sectors + 1`) atf_check dd if=/dev/random of=rnd bs=512 count=${sectors} status=none hash1=`dd if=rnd bs=512 count=${sectors} status=none | md5` atf_check_equal 0 $? atf_check dd if=/dev/random of=keyfile1 bs=512 count=16 status=none atf_check dd if=/dev/random of=keyfile2 bs=512 count=16 status=none atf_check dd if=/dev/random of=keyfile3 bs=512 count=16 status=none atf_check dd if=/dev/random of=keyfile4 bs=512 count=16 status=none atf_check dd if=/dev/random of=keyfile5 bs=512 count=16 status=none atf_check geli init -B none -P -K keyfile1 ${md} atf_check geli attach -p -k keyfile1 ${md} atf_check \ dd if=rnd of=/dev/${md}.eli bs=512 count=${sectors} status=none hash2=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5` atf_check_equal 0 $? # Change current key (0) for attached provider. atf_check -s exit:0 -o ignore geli setkey -P -K keyfile2 ${md} atf_check geli detach ${md} # We cannot use keyfile1 anymore. atf_check -s not-exit:0 -e match:"Wrong key" \ geli attach -p -k keyfile1 ${md} # Attach with new key. atf_check geli attach -p -k keyfile2 ${md} hash3=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5` atf_check_equal 0 $? # Change key 1 for attached provider. atf_check -s exit:0 -o ignore geli setkey -n 1 -P -K keyfile3 ${md} atf_check geli detach ${md} # Attach with key 1. atf_check geli attach -p -k keyfile3 ${md} hash4=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5` atf_check_equal 0 $? atf_check geli detach ${md} # Change current (1) key for detached provider. atf_check -s exit:0 -o ignore geli setkey -p -k keyfile3 -P -K keyfile4 ${md} # We cannot use keyfile3 anymore. atf_check -s not-exit:0 -e match:"Wrong key" \ geli attach -p -k keyfile3 ${md} # Attach with key 1. atf_check geli attach -p -k keyfile4 ${md} hash5=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5` atf_check_equal 0 $? atf_check geli detach ${md} # Change key 0 for detached provider. atf_check -s exit:0 -o ignore geli setkey -n 0 -p -k keyfile4 -P -K keyfile5 ${md} # We cannot use keyfile2 anymore. atf_check -s not-exit:0 -e match:"Wrong key" \ geli attach -p -k keyfile2 ${md} 2>/dev/null # Attach with key 0. atf_check geli attach -p -k keyfile5 ${md} hash6=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5` atf_check_equal 0 $? atf_check geli detach ${md} atf_check_equal ${hash1} ${hash2} atf_check_equal ${hash1} ${hash3} atf_check_equal ${hash1} ${hash4} atf_check_equal ${hash1} ${hash5} atf_check_equal ${hash1} ${hash6} } setkey_cleanup() { - . $(atf_get_srcdir)/conf.sh geli_test_cleanup } atf_test_case setkey_readonly cleanup setkey_readonly_head() { atf_set "descr" "geli setkey cannot change the keys of a readonly provider" atf_set "require.user" "root" } setkey_readonly_body() { - . $(atf_get_srcdir)/conf.sh + geli_test_setup sectors=100 md=$(attach_md -t malloc -s `expr $sectors + 1`) atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none atf_check geli init -B none -P -K keyfile ${md} atf_check geli attach -r -p -k keyfile ${md} atf_check -s not-exit:0 -e match:"read-only" \ geli setkey -n 1 -P -K /dev/null ${md} } setkey_readonly_cleanup() { - . $(atf_get_srcdir)/conf.sh geli_test_cleanup } atf_test_case nokey cleanup nokey_head() { atf_set "descr" "geli setkey can change the key for an existing provider" atf_set "require.user" "root" } nokey_body() { - . $(atf_get_srcdir)/conf.sh + geli_test_setup sectors=100 md=$(attach_md -t malloc -s `expr $sectors + 1`) atf_check dd if=/dev/random of=keyfile1 bs=512 count=16 status=none atf_check dd if=/dev/random of=keyfile2 bs=512 count=16 status=none atf_check geli init -B none -P -K keyfile1 ${md} # Try to set the key for a detached device without providing any # components for the old key. atf_check -s not-exit:0 -e match:"No key components given" \ geli setkey -n 0 -p -P -K keyfile2 ${md} # Try to set the key for a detached device without providing any # components for the new key atf_check -s not-exit:0 -e match:"No key components given" \ geli setkey -n 0 -p -k keyfile1 -P ${md} # Try to set a new key for an attached device with no components atf_check geli attach -p -k keyfile1 ${md} atf_check -s not-exit:0 -e match:"No key components given" \ geli setkey -n 0 -P ${md} } nokey_cleanup() { - . $(atf_get_srcdir)/conf.sh geli_test_cleanup } atf_init_test_cases() { atf_add_test_case setkey atf_add_test_case setkey_readonly atf_add_test_case nokey } Index: head/tests/sys/geom/class/geom_subr.sh =================================================================== --- head/tests/sys/geom/class/geom_subr.sh (revision 341391) +++ head/tests/sys/geom/class/geom_subr.sh (revision 341392) @@ -1,69 +1,97 @@ #!/bin/sh # $FreeBSD$ +# NOTE: existence is sanity-checked in `geom_verify_temp_mds_file_existence(..)` +TEST_MDS_FILE="$(mktemp test_mds.${0##*/}.XXXXXXXX)" + devwait() { while :; do if [ -c /dev/${class}/${name} ]; then return fi sleep 0.2 done } attach_md() { local test_md test_md=$(mdconfig -a "$@") || exit echo $test_md >> $TEST_MDS_FILE || exit echo $test_md } detach_md() { local test_md unit test_md=$1 unit=${test_md#md} mdconfig -d -u $unit || exit sed -i '' "/^${test_md}$/d" $TEST_MDS_FILE || exit } geom_test_cleanup() { local test_md if [ -f "$TEST_MDS_FILE" ]; then while read test_md; do # The "#" tells the TAP parser this is a comment echo "# Removing test memory disk: $test_md" mdconfig -d -u $test_md done < $TEST_MDS_FILE + rm -f "$TEST_MDS_FILE" fi - rm -f "$TEST_MDS_FILE" } -if [ $(id -u) -ne 0 ]; then - echo '1..0 # SKIP tests must be run as root' - exit 0 -fi +geom_verify_temp_mds_file_existence() +{ + if [ ! -f $TEST_MDS_FILE ]; then + echo "test md(4) devices file creation unsuccessful" + return 1 + fi +} -# If the geom class isn't already loaded, try loading it. -if ! kldstat -q -m g_${class}; then - if ! geom ${class} load; then - echo "1..0 # SKIP could not load module for geom class=${class}" +geom_load_class_if_needed() +{ + local class=$1 + + # If the geom class isn't already loaded, try loading it. + if ! kldstat -q -m g_${class}; then + if ! geom ${class} load; then + echo "could not load module for geom class=${class}" + return 1 + fi + fi + return 0 +} + +geom_atf_test_setup() +{ + if ! error_message=$(geom_verify_temp_mds_file_existence); then + atf_skip "$error_message" + fi + if ! error_message=$(geom_load_class_if_needed $class); then + atf_skip "$error_message" + fi +} + +geom_tap_test_setup() +{ + if ! error_message=$(geom_verify_temp_mds_file_existence); then + echo "1..0 # SKIP $error_message" + exit 1 + fi + if ! error_message=$(geom_load_class_if_needed $class); then + echo "1..0 # SKIP $error_message" exit 0 fi -fi +} -# Need to keep track of the test md devices to avoid the scenario where a test -# failing will cause the other tests to bomb out, or a test failing will leave -# a large number of md(4) devices lingering around -: ${TMPDIR=/tmp} -export TMPDIR -if ! TEST_MDS_FILE=$(mktemp ${TMPDIR}/test_mds.XXXXXX); then - echo 'Failed to create temporary file for tracking the test md(4) devices' - echo 'Bail out!' - exit 1 +: ${ATF_TEST=false} +if ! $ATF_TEST; then + geom_tap_test_setup fi Index: head/tests/sys/geom/class/mirror/sync_error.sh =================================================================== --- head/tests/sys/geom/class/mirror/sync_error.sh (revision 341391) +++ head/tests/sys/geom/class/mirror/sync_error.sh (revision 341392) @@ -1,110 +1,109 @@ # $FreeBSD$ +ATF_TEST=true +. $(atf_get_srcdir)/conf.sh + REG_READ_FP=debug.fail_point.g_mirror_regular_request_read atf_test_case sync_read_error_2_disks cleanup sync_read_error_2_disks_head() { atf_set "descr" \ "Ensure that we properly handle read errors during synchronization." atf_set "require.user" "root" } sync_read_error_2_disks_body() { - . $(atf_get_srcdir)/conf.sh + geom_atf_test_setup f1=$(mktemp ${base}.XXXXXX) f2=$(mktemp ${base}.XXXXXX) atf_check dd if=/dev/zero bs=1M count=32 of=$f1 status=none atf_check truncate -s 32M $f2 md1=$(attach_md -t vnode -f ${f1}) md2=$(attach_md -t vnode -f ${f2}) atf_check gmirror label $name $md1 devwait - atf_check -s exit:0 -e empty -o not-empty sysctl ${REG_READ_FP}='1*return(5)' + atf_check -s ignore -e empty -o not-empty sysctl ${REG_READ_FP}='1*return(5)' # If a read error occurs while synchronizing and the mirror contains # a single active disk, gmirror has no choice but to fail the # synchronization and kick the new disk out of the mirror. atf_check gmirror insert $name $md2 sleep 0.1 syncwait atf_check [ $(gmirror status -s $name | wc -l) -eq 1 ] atf_check -s exit:0 -o match:"DEGRADED $md1 \(ACTIVE\)" \ gmirror status -s $name } sync_read_error_2_disks_cleanup() { - . $(atf_get_srcdir)/conf.sh - - atf_check -s exit:0 -e empty -o not-empty sysctl ${REG_READ_FP}='off' + atf_check -s ignore -e ignore -o ignore sysctl ${REG_READ_FP}='off' gmirror_test_cleanup } atf_test_case sync_read_error_3_disks cleanup sync_read_error_3_disks_head() { atf_set "descr" \ "Ensure that we properly handle read errors during synchronization." atf_set "require.user" "root" } sync_read_error_3_disks_body() { - . $(atf_get_srcdir)/conf.sh + geom_atf_test_setup f1=$(mktemp ${base}.XXXXXX) f2=$(mktemp ${base}.XXXXXX) f3=$(mktemp ${base}.XXXXXX) atf_check dd if=/dev/random bs=1M count=32 of=$f1 status=none atf_check truncate -s 32M $f2 atf_check truncate -s 32M $f3 md1=$(attach_md -t vnode -f ${f1}) md2=$(attach_md -t vnode -f ${f2}) md3=$(attach_md -t vnode -f ${f3}) atf_check gmirror label $name $md1 devwait atf_check gmirror insert $name $md2 syncwait atf_check -s exit:0 -e empty -o not-empty sysctl ${REG_READ_FP}='1*return(5)' # If a read error occurs while synchronizing a new disk, and we have # multiple active disks, we retry the read after an error. The disk # which returned the read error is kicked out of the mirror. atf_check gmirror insert $name $md3 syncwait atf_check [ $(gmirror status -s $name | wc -l) -eq 2 ] atf_check -s exit:0 -o match:"DEGRADED $md3 \(ACTIVE\)" \ gmirror status -s $name # Make sure that the two active disks are identical. Destroy the # mirror first so that the metadata sectors are wiped. if $(gmirror status -s $name | grep -q $md1); then active=$md1 else active=$md2 fi atf_check gmirror destroy $name atf_check cmp /dev/$active /dev/$md3 } sync_read_error_3_disks_cleanup() { - . $(atf_get_srcdir)/conf.sh - - atf_check -s exit:0 -e empty -o not-empty sysctl ${REG_READ_FP}='off' + atf_check -s ignore -e ignore -o ignore sysctl ${REG_READ_FP}='off' gmirror_test_cleanup } atf_init_test_cases() { atf_add_test_case sync_read_error_2_disks atf_add_test_case sync_read_error_3_disks }