rpms/volume_key
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: rpms:rawhide
Branches Tags
rpms:rawhide
rpms:main
rpms:f43
rpms:f42
rpms:f41
rpms:f40
rpms:f39
rpms:f38
rpms:f37
rpms:f36
rpms:private-jkucera-test
rpms:f33
rpms:f34
rpms:f35
rpms:f32
rpms:f31
rpms:f30
rpms:f28
rpms:f29
rpms:f27
rpms:f26
rpms:f25
rpms:f24
rpms:f23
rpms:f21
rpms:f22
rpms:f20
rpms:f19
rpms:f18
rpms:f17
rpms:f16
rpms:f15
rpms:f14
rpms:f12
rpms:f13
rpms:volume_key-0.3.9-17.fc28
rpms:volume_key-0.3.9-13.fc27
rpms:volume_key-0.3.9-7.fc22
rpms:volume_key-0.3.9-7.fc21
rpms:volume_key-0.3.9-2.fc19
rpms:volume_key-0.3.9-2.fc18
rpms:volume_key-0.3.9-1.fc19
rpms:volume_key-0.3.9-1.fc18
rpms:volume_key-0.3.8-4.fc18
rpms:volume_key-0.3.8-3.fc18
rpms:volume_key-0.3.8-1.fc18
rpms:volume_key-0.3.8-1.fc17
rpms:volume_key-0.3.7-2.fc17
rpms:volume_key-0.3.7-1.fc17
rpms:volume_key-0.3.7-1.fc16
rpms:volume_key-0.3.6-2.fc16
rpms:volume_key-0.3.6-1.fc16
rpms:volume_key-0.3.6-1.fc15
rpms:volume_key-0.3.5-2.fc15
rpms:volume_key-0.3.5-1.fc15
rpms:volume_key-0.3.5-1.fc14
rpms:volume_key-0.3.4-4.fc15
rpms:volume_key-0.3.4-4.fc14
rpms:volume_key-0.3.4-3.fc15
rpms:volume_key-0.3.4-3.fc14
rpms:volume_key-0.3.4-2.fc15
rpms:volume_key-0.3.4-2.fc14
rpms:volume_key-0.3.4-1.fc15
rpms:volume_key-0.3.4-1.fc14
rpms:volume_key-0_3_3-4_fc14
rpms:volume_key-0_3_3-3_fc14
rpms:volume_key-0_3_3-2_fc14
rpms:volume_key-0_3_3-1_fc13
rpms:volume_key-0_3_3-1_fc14
rpms:volume_key-0_3_2-1_fc13
rpms:volume_key-0_3_2-1_fc14
rpms:volume_key-0_3_1-2_fc13
rpms:F-13-start
rpms:F-13-split
rpms:volume_key-0_3_1-1_fc12
rpms:volume_key-0_3_1-1_fc13
rpms:volume_key-0_3-1_fc12
rpms:volume_key-0_3-1_fc13
rpms:volume_key-0_2-3
rpms:F-12-start
rpms:F-12-split
rpms:volume_key-0_2-2
rpms:volume_key-0_2-1
..
compare: rpms:f31
Branches Tags
rpms:main
rpms:rawhide
rpms:f43
rpms:f42
rpms:f41
rpms:f40
rpms:f39
rpms:f38
rpms:f37
rpms:f36
rpms:private-jkucera-test
rpms:f33
rpms:f34
rpms:f35
rpms:f32
rpms:f31
rpms:f30
rpms:f28
rpms:f29
rpms:f27
rpms:f26
rpms:f25
rpms:f24
rpms:f23
rpms:f21
rpms:f22
rpms:f20
rpms:f19
rpms:f18
rpms:f17
rpms:f16
rpms:f15
rpms:f14
rpms:f12
rpms:f13
rpms:volume_key-0.3.9-17.fc28
rpms:volume_key-0.3.9-13.fc27
rpms:volume_key-0.3.9-7.fc22
rpms:volume_key-0.3.9-7.fc21
rpms:volume_key-0.3.9-2.fc19
rpms:volume_key-0.3.9-2.fc18
rpms:volume_key-0.3.9-1.fc19
rpms:volume_key-0.3.9-1.fc18
rpms:volume_key-0.3.8-4.fc18
rpms:volume_key-0.3.8-3.fc18
rpms:volume_key-0.3.8-1.fc18
rpms:volume_key-0.3.8-1.fc17
rpms:volume_key-0.3.7-2.fc17
rpms:volume_key-0.3.7-1.fc17
rpms:volume_key-0.3.7-1.fc16
rpms:volume_key-0.3.6-2.fc16
rpms:volume_key-0.3.6-1.fc16
rpms:volume_key-0.3.6-1.fc15
rpms:volume_key-0.3.5-2.fc15
rpms:volume_key-0.3.5-1.fc15
rpms:volume_key-0.3.5-1.fc14
rpms:volume_key-0.3.4-4.fc15
rpms:volume_key-0.3.4-4.fc14
rpms:volume_key-0.3.4-3.fc15
rpms:volume_key-0.3.4-3.fc14
rpms:volume_key-0.3.4-2.fc15
rpms:volume_key-0.3.4-2.fc14
rpms:volume_key-0.3.4-1.fc15
rpms:volume_key-0.3.4-1.fc14
rpms:volume_key-0_3_3-4_fc14
rpms:volume_key-0_3_3-3_fc14
rpms:volume_key-0_3_3-2_fc14
rpms:volume_key-0_3_3-1_fc13
rpms:volume_key-0_3_3-1_fc14
rpms:volume_key-0_3_2-1_fc13
rpms:volume_key-0_3_2-1_fc14
rpms:volume_key-0_3_1-2_fc13
rpms:F-13-start
rpms:F-13-split
rpms:volume_key-0_3_1-1_fc12
rpms:volume_key-0_3_1-1_fc13
rpms:volume_key-0_3-1_fc12
rpms:volume_key-0_3-1_fc13
rpms:volume_key-0_2-3
rpms:F-12-start
rpms:F-12-split
rpms:volume_key-0_2-2
rpms:volume_key-0_2-1

No commits in common. "rawhide" and "f31" have entirely different histories.
rawhide ... f31

12 changed files with 8 additions and 1505 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.fmf/version
View file

@ -1 +0,0 @@
1

5
plans/ci.fmf
View file

@ -1,5 +0,0 @@
summary: Basic smoke test
discover:
how: fmf
execute:
how: tmt

16
tests/Sanity/basic-sanity/main.fmf
View file

@ -1,16 +0,0 @@
---
component: volume_key
summary: basic sanity test for volume_key utility
contact:
- Jan Blazek <jblazek@redhat.com>
- Jiri Kucera <jkucera@redhat.com>
description: basic sanity test for volume_key utility
require:
- volume_key
- cryptsetup
- nss-tools
- expect
- tcllib
framework: beakerlib
test: ./runtest.sh
duration: 10m

353
tests/Sanity/basic-sanity/runtest.sh
View file

@ -1,353 +0,0 @@
#!/bin/bash
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# File: ./tests/Sanity/basic-sanity/runtest.sh
# Author: Jan Blazek <jblazek@redhat.com>
# Jiri Kucera <jkucera@redhat.com>
# Brief: Basic sanity test for volume_key utility
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2017-2020 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
_TESTDIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)"
# Include Beaker environment
. /usr/share/beakerlib/beakerlib.sh || exit 1
# Include utils
. ${_TESTDIR}/../../utils/utils.sh || {
echo "${_TESTDIR}/../../utils/utils.sh cannot be included." >&2
exit 1
}
# Include test settings:
. ${_TESTDIR}/../../settings/environment.sh || {
errmsg "${_TESTDIR}/../../settings/environment.sh cannot be included."
exit 1
}
TEST="${TEST:-/CoreOS/volume_key/tests/Sanity/basic-sanity}"
TESTVERSION="${TESTVERSION:-1.0}"
PACKAGES="${PACKAGES:-volume_key}"
REQUIRES="${REQUIRES:-cryptsetup nss-tools expect tcllib}"
_GNUPG_DIR="${HOME}/.gnupg"
_IMAGE="${_IMAGE:-image}"
_IMAGE_IMG="${_IMAGE}.img"
_PACKET="${_PACKET:-packet}"
_NEW_PACKET="${_NEW_PACKET:-new-packet}"
_PACKET_ASYM="${_PACKET_ASYM:-packet-asym}"
_NEW_PACKET_ASYM="${_NEW_PACKET_ASYM:-new-packet-asym}"
_ESCROW="${_ESCROW:-escrow}"
_ESCROW_PEM="${_ESCROW}.pem"
_NSSDB="${_NSSDB:-nssdb}"
_LUKS_PASS="${_LUKS_PASS:-lukspass}"
_PACKET_PASS="${_PACKET_PASS:-packetpass}"
_NEW_PACKET_PASS="${_NEW_PACKET_PASS:-newpacketpass}"
_CERT_PASS="${_CERT_PASS:-certpass}"
_NEW_LUKS_PASS="${_NEW_LUKS_PASS:-newlukspass}"
_NEW_LUKS_PASS_ASYM="${_NEW_LUKS_PASS_ASYM:-newlukspass-asym}"
_TEMP_DIR=""
_VOLUME=""
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# ~~ Setup
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
function Setup() {
LANG=C
LC_ALL=C
export EXPECT_SCRIPTS_PATH="${SCRIPTDIR}"
rlAssertRpm --all || return $?
if [[ -d "${_GNUPG_DIR}" ]]; then
rlFileBackup "${_GNUPG_DIR}" || return $?
AtCleanup rlFileRestore
else
AtCleanup Cleanup_RemoveGnuPG
fi
rlRun CreateTemporaryDirectory || return $?
_TEMP_DIR="${Result}"
AtCleanup Cleanup_RemoveTemporaryDirectory
PushDir "${_TEMP_DIR}" || return $?
AtCleanup PopDir
CreateEncryptedVolume \
--image "${_IMAGE_IMG}" \
--password "${_LUKS_PASS}" \
${USE_LOSETUP:+--with-losetup} \
|| return $?
_VOLUME="${Result}"
AtCleanup Cleanup_DestroyVolume
CreateCertificate --name "${_ESCROW}" || return $?
SetupNSSDatabase --dest "${_TEMP_DIR}/${_NSSDB}" \
--cert-name "${_ESCROW}" --password "${_CERT_PASS}"
}
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# ~~ Cleanup
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
function Cleanup_RemoveGnuPG() {
RunCmd rm -rfv "${_GNUPG_DIR}"
}
function Cleanup_RemoveTemporaryDirectory() {
RunCmd rm -rfv "${_TEMP_DIR}"
}
function Cleanup_DestroyVolume() {
if [[ "${USE_LOSETUP:+yes}" == "yes" ]]; then
RunCmd losetup -d "${_VOLUME}"
fi
}
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# ~~ Tests
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
function TestVolumeKeySave() {
RunCmdViaExpect
Command volume_key
Command --save "${_VOLUME}" --output-format=passphrase -o "${_PACKET}"
Input --lukspass "${_LUKS_PASS}"
Input --packetpass "${_PACKET_PASS}"
Input ${USING_PINENTRY:+--pinentry}
FinishRun
}
AddTest TestVolumeKeySave "save"
function TestVolumeKeyRestore() {
rlAssertExists "${_PACKET}" || return $?
ClearGpgAgentsCache
RunCmdViaExpect
Command volume_key --restore "${_VOLUME}" "${_PACKET}"
Input --lukspass "${_NEW_LUKS_PASS}"
Input --packetpass "${_PACKET_PASS}"
Input ${USING_PINENTRY:+--pinentry}
FinishRun || return $?
RunCmdViaExpect
Command cryptsetup luksOpen "${_VOLUME}" "${_IMAGE}"
Input --password "${_NEW_LUKS_PASS}"
FinishRun || return $?
RunCmd ls -la /dev/mapper
rlAssertExists "/dev/mapper/${_IMAGE}"
RunCmd cryptsetup luksClose "${_IMAGE}"
}
AddTest TestVolumeKeyRestore "restore"
function TestVolumeKeySetupVolume() {
rlAssertExists "${_PACKET}" || return $?
ClearGpgAgentsCache
RunCmdViaExpect
Command volume_key --setup-volume "${_VOLUME}" "${_PACKET}" "${_IMAGE}"
Input --packetpass "${_PACKET_PASS}"
Input ${USING_PINENTRY:+--pinentry}
FinishRun || return $?
RunCmd ls -la /dev/mapper
rlAssertExists "/dev/mapper/${_IMAGE}"
RunCmd cryptsetup luksClose "${_IMAGE}"
}
AddTest TestVolumeKeySetupVolume "setup-volume"
function TestVolumeKeyReencrypt() {
rlAssertExists "${_PACKET}" || return $?
ClearGpgAgentsCache
RunCmdViaExpect
Command volume_key --reencrypt "${_PACKET}" -o "${_NEW_PACKET}"
Input --packetpass "${_PACKET_PASS}"
Input --newpacketpass "${_NEW_PACKET_PASS}"
Input ${USING_PINENTRY:+--pinentry}
FinishRun || return $?
ClearGpgAgentsCache
RunCmdViaExpect
Command volume_key --setup-volume "${_VOLUME}" "${_NEW_PACKET}" "${_IMAGE}"
Input --packetpass "${_NEW_PACKET_PASS}"
Input ${USING_PINENTRY:+--pinentry}
FinishRun || return $?
RunCmd ls -la /dev/mapper
rlAssertExists "/dev/mapper/${_IMAGE}"
RunCmd cryptsetup luksClose "${_IMAGE}"
}
AddTest TestVolumeKeyReencrypt "reencrypt"
function TestVolumeKeyDump() {
local __uuid=""
rlAssertExists "${_PACKET}" || return $?
ClearGpgAgentsCache
RunCmdViaExpect
rlRunOptions -s
Command volume_key --dump "${_PACKET}"
Input --packetpass "${_PACKET_PASS}"
Input ${USING_PINENTRY:+--pinentry}
FinishRun || return $?
__uuid="$(blkid -o value -s UUID "${_VOLUME}")"
rlAssertGrep '^Packet format:\W+Passphrase-encrypted' "${rlRun_LOG}" -E
rlAssertGrep '^Volume format:\W+crypt_LUKS' "${rlRun_LOG}" -E
rlAssertGrep "^Volume UUID:\W+${__uuid}" "${rlRun_LOG}" -E
rlAssertGrep "^Volume path:\W+${_VOLUME}" "${rlRun_LOG}" -E
}
AddTest TestVolumeKeyDump "dump"
function TestVolumeKeySecrets() {
rlAssertExists "${_PACKET}" || return $?
ClearGpgAgentsCache
RunCmdViaExpect
rlRunOptions -s
Command volume_key --secrets "${_PACKET}"
Input --packetpass "${_PACKET_PASS}"
Input ${USING_PINENTRY:+--pinentry}
FinishRun || return $?
rlAssertGrep 'Data encryption key:\W+[0-9A-F]+' "${rlRun_LOG}" -E
}
AddTest TestVolumeKeySecrets "secrets"
function TestVolumeKeySaveAsymmetric() {
RunCmdViaExpect
Command volume_key
Command --save "${_VOLUME}" --output-format=asymmetric
Command -c "${_ESCROW_PEM}" -o "${_PACKET_ASYM}"
Input --lukspass "${_LUKS_PASS}"
FinishRun
}
AddTest TestVolumeKeySaveAsymmetric "save asymmetric"
function TestVolumeKeyRestoreAsymmetric() {
rlAssertExists "${_PACKET_ASYM}" || return $?
RunCmdViaExpect
Command volume_key --restore "${_VOLUME}" "${_PACKET_ASYM}" -d "${_NSSDB}"
Input --certpass "${_CERT_PASS}"
Input --lukspass "${_NEW_LUKS_PASS_ASYM}"
FinishRun || return $?
RunCmdViaExpect
Command cryptsetup luksOpen "${_VOLUME}" "${_IMAGE}"
Input --password "${_NEW_LUKS_PASS_ASYM}"
FinishRun || return $?
RunCmd ls -la /dev/mapper
rlAssertExists "/dev/mapper/${_IMAGE}"
RunCmd cryptsetup luksClose "${_IMAGE}"
}
AddTest TestVolumeKeyRestoreAsymmetric "restore asymmetric"
function TestVolumeKeySetupVolumeAsymmetric() {
rlAssertExists "${_PACKET_ASYM}" || return $?
RunCmdViaExpect
Command volume_key
Command --setup-volume "${_VOLUME}" "${_PACKET_ASYM}" "${_IMAGE}"
Command -d "${_NSSDB}"
Input --certpass "${_CERT_PASS}"
FinishRun || return $?
RunCmd ls -la /dev/mapper
rlAssertExists "/dev/mapper/${_IMAGE}"
RunCmd cryptsetup luksClose "${_IMAGE}"
}
AddTest TestVolumeKeySetupVolumeAsymmetric "setup-volume asymmetric"
function TestVolumeKeyReencryptAsymmetric() {
rlAssertExists "${_PACKET_ASYM}" || return $?
ClearGpgAgentsCache
RunCmdViaExpect
Command volume_key --reencrypt
Command -d "${_NSSDB}" "${_PACKET_ASYM}" -o "${_NEW_PACKET_ASYM}"
Input --certpass "${_CERT_PASS}"
Input --newpacketpass "${_NEW_PACKET_PASS}"
Input ${USING_PINENTRY:+--pinentry}
FinishRun || return $?
ClearGpgAgentsCache
RunCmdViaExpect
Command volume_key
Command --setup-volume "${_VOLUME}" "${_NEW_PACKET_ASYM}" "${_IMAGE}"
Input --packetpass "${_NEW_PACKET_PASS}"
Input ${USING_PINENTRY:+--pinentry}
FinishRun || return $?
RunCmd ls -la /dev/mapper
rlAssertExists "/dev/mapper/${_IMAGE}"
RunCmd cryptsetup luksClose "${_IMAGE}"
}
AddTest TestVolumeKeyReencryptAsymmetric "reencrypt asymmetric"
function TestVolumeKeyDumpAsymmetric() {
local __uuid=""
rlAssertExists "${_PACKET_ASYM}" || return $?
RunCmdViaExpect
rlRunOptions -s
Command volume_key --dump "${_PACKET_ASYM}" -d "${_NSSDB}"
Input --certpass "${_CERT_PASS}"
FinishRun || return $?
__uuid="$(blkid -o value -s UUID "${_VOLUME}")"
rlAssertGrep '^Packet format:\W+Public key-encrypted' "${rlRun_LOG}" -E
rlAssertGrep '^Volume format:\W+crypt_LUKS' "${rlRun_LOG}" -E
rlAssertGrep "^Volume UUID:\W+${__uuid}" "${rlRun_LOG}" -E
rlAssertGrep "^Volume path:\W+${_VOLUME}" "${rlRun_LOG}" -E
}
AddTest TestVolumeKeyDumpAsymmetric "dump asymmetric"
function TestVolumeKeySecretsAsymmetric() {
rlAssertExists "${_PACKET_ASYM}" || return $?
RunCmdViaExpect
rlRunOptions -s
Command volume_key --secrets "${_PACKET_ASYM}" -d "${_NSSDB}"
Input --certpass "${_CERT_PASS}"
FinishRun || return $?
rlAssertGrep 'Data encryption key:\W+[0-9A-F]+' "${rlRun_LOG}" -E
}
AddTest TestVolumeKeySecretsAsymmetric "secrets asymmetric"
RunTest

28
tests/settings/environment.sh
View file

@ -1,28 +0,0 @@
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# File: ./tests/settings/environment.sh
# Author: Jiri Kucera <jkucera@redhat.com>
# Brief: Environment variables with distribution specific values
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2020 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
export USE_LOSETUP="${USE_LOSETUP:-}"
export USING_PINENTRY="${USING_PINENTRY:-}"
export CLEAR_GPG_AGENTS_CACHE="${CLEAR_GPG_AGENTS_CACHE:-1}"

39
tests/utils/common.tcl
View file

@ -1,39 +0,0 @@
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# File: ./tests/utils/common.tcl
# Author: Jiri Kucera <jkucera@redhat.com>
# Brief: Common utilities for expect scripts
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2020 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
proc oneof {l1 l2} {
foreach x $l1 {
if {$x in $l2} {
return 1
}
}
return 0
}
proc verify_password {password} {
if {$password == ""} {
return -code error "password required!"
}
}

66
tests/utils/cryptsetup.exp
View file

@ -1,66 +0,0 @@
#!/usr/bin/expect -f
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# File: ./tests/utils/cryptsetup.exp
# Author: Jiri Kucera <jkucera@redhat.com>
# Brief: Expect wrapper around cryptsetup
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2020 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
package require cmdline
source [file join [file dirname [info script]] "common.tcl"]
set options {
{password.arg "" "Password required by some cryptsetup actions"}
}
set usage "\[options\] -- cryptsetup_options\noptions:"
if {[catch {
array set params [::cmdline::getoptions argv $options $usage]
} result]} {
if {$::errorCode eq {CMDLINE USAGE}} {
puts $result
exit 0
}
puts $::errorCode
puts $::errorInfo
exit 1
}
set password $params(password)
eval spawn cryptsetup $::argv
if {"luksFormat" in $::argv} {
verify_password $password
expect -re "^Are you sure.*:"
send -- "YES\r"
expect -re "Enter( LUKS)? passphrase.*"
send -- "$password\r"
expect -re "Verify passphrase.*"
send -- "$password\r"
expect eof
} elseif {"luksOpen" in $::argv} {
verify_password $password
expect -re "Enter passphrase for.*"
send -- "$password\r"
expect eof
}

508
tests/utils/rlwrap.sh
View file

@ -1,508 +0,0 @@
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# File: ./tests/utils/rlwrap.sh
# Author: Jiri Kucera <jkucera@redhat.com>
# Brief: Wrapper around beakerlib (rlX) functions
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2020 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
##
# Result, ResultA, ResultB
#
# If a function has an output, it is stored inside these variables.
Result=""
ResultA=""
ResultB=""
# Internal variables used by RunCmdViaExpect family of functions.
_rlwrap_expect_script_path=""
declare -ag _rlwrap_rlRun_options=()
declare -ag _rlwrap_expect_options=()
_rlwrap_expect_script=""
_rlwrap_expect_script_scommand=""
declare -ag _rlwrap_expect_script_command_args=()
declare -ag _rlwrap_expect_script_input_args=()
_rlwrap_rlRun_status="0"
_rlwrap_rlRun_comment=""
# Internal variables used by RunTest family of functions.
declare -ag _CleanupActions=()
declare -ag _Tests=()
##
# errmsg ERRMSG
#
# ERRMSG
# error message
#
# Print ERRMSG to standard error output.
function errmsg() {
echo "$1" >&2
}
##
# required_options OPTION_LIST
#
# OPTION_LIST
# a list of option names (without --)
#
# For every X from OPTION_LIST, test if --$X was specified by checking that
# __${X//-/_} is not empty.
function required_options() {
local __optvar=""
while [[ $# -gt 0 ]]; do
__optvar="__${1//-/_}"
if [[ -z "${!__optvar}" ]]; then
errmsg "${FUNCTION[1]}: Missing required option: --$1"
return 1
fi
shift
done
}
##
# invalid_argument ARG_NAME
#
# ARG_NAME
# argument name
#
# Report to standard error output that ARG_NAME is not a valid argument and
# return 1.
function invalid_argument() {
errmsg "${FUNCTION[1]}: Invalid argument '$1'."
return 1
}
##
# Concat ARGS
#
# ARGS
# list of arguments
#
# Make a string by concatenating all arguments from ARGS. Useful for creating
# long comments for rlRun.
function Concat() {
echo "$*"
}
##
# RunCmd COMMAND [COMMAND_ARGS]
#
# COMMAND
# command that should be run
# COMMAND_ARGS
# command arguments
#
# Shorthand for RunCmdX -- COMMAND COMMAND_ARGS.
function RunCmd() {
RunCmdX -- "$@"
}
##
# RunCmdX [-t] [-l] [-c] [-s] [STATUS] [COMMENT] [--] COMMAND [COMMAND_ARGS]
#
# -t, -l, -c, -s
# see rlRun
# STATUS
# see rlRun
# COMMENT
# see rlRun
# --
# options-command delimiter
# COMMAND
# command that should be run
# COMMAND_ARGS
# command arguments
#
# Wrapper around beakerlib's rlRun that allows COMMAND and its arguments to be
# passed separately and not as one long string.
function RunCmdX() {
local __tflag=""
local __lflag=""
local __cflag=""
local __sflag=""
local __command=""
local __status="0"
local __comment=""
# Handle short options:
while [[ $# -gt 0 ]]; do
case "$1" in
-t) __tflag="$1" ;;
-l) __lflag="$1" ;;
-c) __cflag="$1" ;;
-s) __sflag="$1" ;;
*) break ;;
esac
shift
done
# First positional argument before -- is expected status code:
if [[ -n "${1:-}" ]] && [[ "$1" != "--" ]]; then
__status="$1"
shift
fi
# Second positional argument before -- is comment:
if [[ -n "${1:-}" ]] && [[ "$1" != "--" ]]; then
__comment="$1"
shift
fi
# Consume options-command delimiter:
if [[ "${1:-}" == "--" ]]; then
shift
fi
# Command name is required:
if [[ -z "${1:-}" ]]; then
errmsg "Expected command."
return 1
fi
__command="$1"; shift
# The rest of options are command arguments:
while [[ $# -gt 0 ]]; do
__command="${__command} $1"
shift
done
# Let the game begin:
rlRun ${__tflag} ${__lflag} ${__cflag} ${__sflag} \
"${__command}" "${__status}" "${__comment}"
}
##
# RunCmdViaExpect
#
# Starts a specification of command that should be run via expect. This is
# handy for interactive commands. General usage is
#
# RunCmdViaExpect
# Path ${ScriptsDir}
# rlRunOptions -s
# ExpectOptions -f
# Command cryptsetup luksFormat ${VOLUME}
# Input --password ${PASSWD}
# Status 0
# Comment "Format ${VOLUME}"
# FinishRun || return $?
#
# In the example above, Path specifies the directory where the expect script
# is located. If it is omitted, EXPECT_SCRIPTS_PATH environment variable is
# read. If EXPECT_SCRIPTS_PATH is not set, `.` is used.
#
# rlRunOptions are options for rlRun, like -s and -t (see beakerlib manual).
#
# ExpectOptions are options for expect tool or Tcl interpreter, not for the
# script.
#
# Command is a command together with its arguments that will be run via expect.
# The first command argument, the command itself, is used as a name of expect
# script so in the example above the name of expect script will be
# cryptsetup.exp. This script must exist in directory specified by Path. The
# rest of Command arguments will be passed to the end of this script's command
# line and it is up to script's implementation what happen to them.
#
# Input gather arguments that specify input data that are feed to command by
# expect tool when they are asked for.
#
# Input, Command, ExpectOptions, and rlRunOptions work in accumulative way.
# That is, you can write `Command cryptsetup luksFormat ${VOLUME}` as a two
# Command calls, e.g. `Command cryptsetup` and `luksFormat ${VOLUME}`. This
# allow to split long commands accross multiple lines without using backslash
# character, which has the benefit of writing comments for particular command
# options.
#
# Status is the expected status/return code (default is 0).
#
# Comment is the comment as described in rlRun documentation. The default
# comment is a string made from arguments of Command separated by spaces.
#
# FinishRun makes a final arguments for rlRun and execute it. In our case, the
# rlRun call will look like this
#
# rlRun -s "${ScriptsDir}/cryptsetup.exp -f -- --password ${PASSWD} --
# luksFormat ${VOLUME}" 0 "Format ${VOLUME}"
#
# The return code of rlRun is the return code of FinishRun. To parse its
# command line, cryptsetup.exp uses cmdline package from tcllib.
function RunCmdViaExpect() {
_rlwrap_expect_script_path="${EXPECT_SCRIPTS_PATH:-.}"
_rlwrap_rlRun_options=()
_rlwrap_expect_options=()
_rlwrap_expect_script=""
_rlwrap_expect_script_scommand=""
_rlwrap_expect_script_command_args=()
_rlwrap_expect_script_input_args=()
_rlwrap_rlRun_status="0"
_rlwrap_rlRun_comment=""
alias Path=_rlwrap_Path
alias rlRunOptions=_rlwrap_rlRunOptions
alias ExpectOptions=_rlwrap_ExpectOptions
alias Command=_rlwrap_Command
alias Input=_rlwrap_Input
alias Status=_rlwrap_Status
alias Comment=_rlwrap_Comment
}
##
# _rlwrap_Path [PATH]
#
# PATH
# PATH to script directory
#
# See Path in RunCmdViaExpect.
function _rlwrap_Path() {
if [[ $# -gt 0 ]]; then
_rlwrap_expect_script_path="${1}"
fi
}
##
# _rlwrap_rlRunOptions [OPTIONS]
#
# OPTIONS
# options for rlRun
#
# See rlRunOptions in RunCmdViaExpect.
function _rlwrap_rlRunOptions() {
_rlwrap_rlRun_options+=( "$@" )
}
##
# _rlwrap_ExpectOptions [OPTIONS]
#
# OPTIONS
# options for expect tool
#
# See ExpectOptions in RunCmdViaExpect.
function _rlwrap_ExpectOptions() {
_rlwrap_expect_options+=( "$@" )
}
##
# _rlwrap_Command [COMMAND_OR_OPTION] [COMMAND_OPTIONS]
#
# COMMAND_OR_OPTION
# command name or option (depending on a number of Command invocations)
# COMMAND_OPTIONS
# command options
#
# See Command in RunCmdViaExpect.
function _rlwrap_Command() {
if [[ -z "${_rlwrap_expect_script}" ]]; then
if [[ -n "${1:-}" ]]; then
_rlwrap_expect_script="${1}.exp"
_rlwrap_expect_script_scommand="${1}"
shift
fi
fi
if [[ $# -gt 0 ]]; then
_rlwrap_expect_script_command_args+=( "$@" )
_rlwrap_expect_script_scommand="${_rlwrap_expect_script_scommand} $*"
fi
}
##
# _rlwrap_Input [OPTIONS]
#
# OPTIONS
# options for expect script that are used for passing input values to
# commands that are run from within the script
#
# See Input in RunCmdViaExpect.
function _rlwrap_Input() {
_rlwrap_expect_script_input_args+=( "$@" )
}
##
# _rlwrap_Status [STATUS_CODE]
#
# STATUS_CODE
# expected status/return code of expect script
#
# See Status in RunCmdViaExpect.
function _rlwrap_Status() {
if [[ $# -gt 0 ]]; then
_rlwrap_rlRun_status="${1}"
fi
}
##
# _rlwrap_Comment [COMMENT]
#
# COMMENT
# comment to be passed to rlRun
#
# See Comment in RunCmdViaExpect.
function _rlwrap_Comment() {
if [[ $# -gt 0 ]]; then
_rlwrap_rlRun_comment="${1}"
fi
}
##
# FinishRun
#
# See RunCmdViaExpect.
function FinishRun() {
local __command=""
unalias Path
unalias rlRunOptions
unalias ExpectOptions
unalias Command
unalias Input
unalias Status
unalias Comment
if [[ -z "${_rlwrap_expect_script}" ]]; then
errmsg "RunCmdViaExpect: Missing name of expect script!"
errmsg "| The name of expect script is deduced from the first"
errmsg "| argument given to Command."
return 1
fi
if [[ -z "${_rlwrap_rlRun_comment}" ]]; then
_rlwrap_rlRun_comment="${_rlwrap_expect_script_scommand}"
fi
__command="${_rlwrap_expect_script_path}/${_rlwrap_expect_script}"
__command="${__command} ${_rlwrap_expect_options[*]} --"
__command="${__command} ${_rlwrap_expect_script_input_args[*]} --"
__command="${__command} ${_rlwrap_expect_script_command_args[*]}"
rlRun "${_rlwrap_rlRun_options[@]}" "${__command}" \
"${_rlwrap_rlRun_status}" "${_rlwrap_rlRun_comment}"
}
##
# CreateTemporaryDirectory
#
# Create a temporary directory and store its path to Result.
function CreateTemporaryDirectory() {
Result="$(mktemp -d)"
}
##
# PushDir DIRECTORY
#
# DIRECTORY
# path to directory
#
# Perform `rlRun pushd DIRECTORY`.
function PushDir() {
RunCmd pushd "\"$1\""
}
##
# PopDir
#
# Perform `rlRun popd`.
function PopDir() {
RunCmd popd
}
##
# AtCleanup COMMAND
#
# COMMAND
# cleanup action as a command
#
# Insert COMMAND to the beginning of the list of cleanup actions.
function AtCleanup() {
_CleanupActions=( "$1" "${_CleanupActions[@]}" )
}
##
# AddTest TESTFUNC [DESCRIPTION]
#
# TESTFUNC
# function that performs the test
# DESCRIPTION
# test description
#
# Add test to the list of tests.
function AddTest() {
_Tests+=( "$1=${2:-}" )
}
##
# DoSetup
#
# Invoke Setup function and return its status code. Setup must be defined
# before.
function DoSetup() {
local __status=0
rlPhaseStartSetup
if [[ "$(LC_ALL=C type -t Setup)" != "function" ]]; then
rlFail "Function 'Setup' is not defined. Please, define it."
else
Setup
fi
__status=$?
rlPhaseEnd
return ${__status}
}
##
# DoTests
#
# Run all tests from the tests list.
function DoTests() {
for __testspec in "${_Tests[@]}"; do
# __testspec has the format 'testfunc=test description':
rlPhaseStartTest "${__testspec#*=}"
"${__testspec%%=*}" || :
rlPhaseEnd
done
}
##
# DoCleanup
#
# Run all registered cleanup actions in the reverse order than they were
# registered by AtCleanup.
function DoCleanup() {
rlPhaseStartCleanup
for __action in "${_CleanupActions[@]}"; do
"${__action}" || :
done
rlPhaseEnd
}
##
# RunTest
#
# Test runner entry point. Perform setup, run all tests, and perform cleanup.
function RunTest() {
rlJournalStart
DoSetup && DoTests
DoCleanup
rlJournalPrintText
rlJournalEnd
}

195
tests/utils/utils.sh
View file

@ -1,195 +0,0 @@
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# File: ./tests/utils/utils.sh
# Author: Jiri Kucera <jkucera@redhat.com>
# Brief: Common shell utilities that helps test volume_key
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2020 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
##
# SCRIPTDIR
#
# Path to the directory with auxiliary scripts.
SCRIPTDIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)"
# Include beakerlib wrapper:
. "${SCRIPTDIR}/rlwrap.sh" || {
echo "${SCRIPTDIR}/rlwrap.sh cannot be included." >&2
exit 1
}
##
# ClearGpgAgentsCache
#
# If CLEAR_GPG_AGENTS_CACHE is set, clear gpg-agent's password cache.
function ClearGpgAgentsCache() {
local __pid=""
if [[ "${CLEAR_GPG_AGENTS_CACHE:-}" == "1" ]] \
&& __pid="$(pidof -s gpg-agent)"
then
kill -s SIGHUP ${__pid} || :
fi
}
##
# CreateEncryptedVolume --image IMAGE --password PASS [--with-losetup]
#
# --image IMAGE
# path to image file from which volume is created; IMAGE is created by
# dd so it should not to point to an existing file
# --password PASS
# password needed to encrypt the volume
# --with-losetup
# create a volume as loop device
#
# Create encrypted volume from IMAGE (use PASS for the encryption). The name of
# created volume is stored to Result.
function CreateEncryptedVolume() {
local __image=""
local __volume=""
local __password=""
local __with_losetup=""
while [[ $# -gt 0 ]]; do
case "$1" in
--image) shift; __image="$1" ;;
--password) shift; __password="$1" ;;
--with-losetup) __with_losetup="yes" ;;
*) invalid_argument "$1"; return $? ;;
esac
shift
done
required_options image password || return $?
RunCmd dd if=/dev/zero of="${__image}" bs=1M count=256 || return $?
__volume="${__image}"
if [[ "${__with_losetup}" == "yes" ]]; then
RunCmd losetup -v -f "${__image}" || return $?
__volume="$(
set -o pipefail
losetup -a | grep "${__image}" | cut -d: -f1
)" || return $?
fi
RunCmdViaExpect
Command cryptsetup luksFormat "${__volume}"
Input --password "${__password}"
FinishRun || return $?
Result="${__volume}"
}
##
# CreateCertificate --name NAME [--rsa-bits BITS]
#
# --name NAME
# certificate name
# --rsa-bits BITS
# RSA bits (default: 1024)
#
# Create NAME.key, NAME.cert, and NAME.pem inside current working directory.
function CreateCertificate() {
local __name=""
local __rsa_bits=1024
local __key=""
local __cert=""
local __pem=""
local __subject=""
while [[ $# -gt 0 ]]; do
case "$1" in
--name) shift; __name="$1" ;;
--rsa-bits) shift; __rsa_bits="$1" ;;
*) invalid_argument "$1"; return $? ;;
esac
shift
done
required_options name || return $?
__key="${__name}.key"
__cert="${__name}.cert"
__pem="${__name}.pem"
RunCmd openssl genrsa ${__rsa_bits} \> "${__key}" || return $?
__subject="/C=XX/ST=FooState/L=FooLocality/O=FooOrg/OU=FooOrgUnit"
__subject="${__subject}/CN=John/SN=Doe/emailAddress=jdoe@foo.bar"
RunCmd openssl req -new -x509 -nodes -sha1 -days 365 \
-key "${__key}" -subj "'${__subject}'" \> "${__cert}" \
|| return $?
RunCmd cat "${__cert}" "${__key}" \> "${__pem}"
}
##
# SetupNSSDatabase --dest DEST --cert-name NAME --password PASS
#
# --dest DEST
# path to directory that become NSS database
# --cert-name NAME
# the name of the certificate
# --password PASS
# a password (common for certificate and for NSS database)
#
# Create and initialize NSS database DEST with certificate NAME and secure it
# with password PASS.
function SetupNSSDatabase() {
local __dest=""
local __cert_name=""
local __password=""
local __pwdfile=""
local __pem=""
local __p12=""
while [[ $# -gt 0 ]]; do
case "$1" in
--dest) shift; __dest="$1" ;;
--cert-name) shift; __cert_name="$1" ;;
--password) shift; __password="$1" ;;
*) invalid_argument "$1"; return $? ;;
esac
shift
done
required_options dest cert-name password || return $?
RunCmd mkdir -p "${__dest}" || return $?
__pwdfile="$(mktemp "./pwdfileXXXXX")" || return $?
__pem="${__cert_name}.pem"
__p12="${__cert_name}.p12"
RunCmd echo "${__password}" \> "${__pwdfile}" || return $?
RunCmd certutil -N -d "${__dest}" -f "${__pwdfile}" || return $?
RunCmd openssl pkcs12 -export -in "${__pem}" -out "${__p12}" \
-name "${__cert-name}" -password "pass:${__password}" \
|| return $?
RunCmd pk12util -i "${__p12}" -d "${__dest}" \
-K "${__password}" -W "${__password}"
}

143
tests/utils/volume_key.exp
View file

@ -1,143 +0,0 @@
#!/usr/bin/expect -f
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# File: ./tests/utils/volume_key.exp
# Author: Jiri Kucera <jkucera@redhat.com>
# Brief: Expect wrapper around volume_key
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2020 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
package require cmdline
source [file join [file dirname [info script]] "common.tcl"]
set options {
{certpass.arg "" "Password for certificate"}
{lukspass.arg "" "Password for LUKS encryption/decryption"}
{packetpass.arg "" "Password for escrow packet encryption/decryption"}
{newpacketpass.arg "" "New password for escrow packet reencryption"}
{pinentry "gpg-agent may ask for password via pinentry"}
}
set usage "\[options\] -- volume_key_options\noptions:"
if {[catch {
array set params [::cmdline::getoptions argv $options $usage]
} result]} {
if {$::errorCode eq {CMDLINE USAGE}} {
puts $result
exit 0
}
puts $::errorCode
puts $::errorInfo
exit 1
}
set certpass $params(certpass)
set lukspass $params(lukspass)
set packetpass $params(packetpass)
set newpacketpass $params(newpacketpass)
set pinentry $params(pinentry)
proc prompt_cert_password {password} {
verify_password $password
expect -re "Enter password for.*"
sleep 1
send -- "$password\r"
}
proc prompt_luks_password {password} {
verify_password $password
expect -re "Passphrase for.*"
sleep 1
send -- "$password\r"
}
proc prompt_new_luks_password {password} {
verify_password $password
expect -re "New passphrase for.*"
sleep 1
send -- "$password\r"
expect -re "Repeat new passphrase for.*"
sleep 1
send -- "$password\r"
}
proc prompt_packet_password {password pinentry} {
verify_password $password
expect -re "Escrow packet passphrase.*"
sleep 1
send -- "$password\r"
if {$pinentry} {
expect -re ".*Passphrase.*"
sleep 1
send -- "$password\r"
}
}
proc prompt_new_packet_password {password pinentry} {
verify_password $password
expect -re "New packet passphrase.*"
sleep 1
send -- "$password\r"
expect -re "Repeat new packet passphrase.*"
sleep 1
send -- "$password\r"
if {$pinentry} {
expect -re ".*Passphrase.*"
sleep 1
send -- "$password\r"
expect -re ".*Passphrase.*"
sleep 1
send -- "$password\r"
}
}
eval spawn volume_key $::argv
if {"--reencrypt" in $::argv} {
if {"-d" in $::argv} {
prompt_cert_password $certpass
} else {
prompt_packet_password $packetpass $pinentry
}
prompt_new_packet_password $newpacketpass $pinentry
expect eof
} elseif {"--restore" in $::argv} {
if {"-d" in $::argv} {
prompt_cert_password $certpass
} else {
prompt_packet_password $packetpass $pinentry
}
prompt_new_luks_password $lukspass
expect eof
} elseif {"--save" in $::argv} {
prompt_luks_password $lukspass
if {"-c" ni $::argv} {
prompt_new_packet_password $packetpass $pinentry
}
expect eof
} elseif {[oneof {"--dump" "--secrets" "--setup-volume"} $::argv]} {
if {"-d" in $::argv} {
prompt_cert_password $certpass
} else {
prompt_packet_password $packetpass $pinentry
}
expect eof
}

59
volume_key-0.3.12-fix_resource_leaks.patch
View file

@ -1,59 +0,0 @@
diff --git a/lib/kmip.c b/lib/kmip.c
index dda819a..333603c 100644
--- a/lib/kmip.c
+++ b/lib/kmip.c
@@ -1152,6 +1152,7 @@ kmip_decode_key_value (struct kmip_decoding_state *kmip,
break;
default:
+ kmip_key_value_free (res);
g_return_val_if_reached (-1);
}
res->attributes = g_ptr_array_new ();
@@ -1348,6 +1349,7 @@ kmip_decode_object_symmetric_key (struct kmip_decoding_state *kmip,
g_snprintf (num, sizeof (num), "%" G_GUINT32_FORMAT, res->block->type);
g_set_error (error, LIBVK_ERROR, LIBVK_ERROR_KMIP_UNSUPPORTED_VALUE,
_("Unsupported symmetric key format %s"), num);
+ kmip_object_symmetric_key_free (res);
return -1;
}
*obj = res;
@@ -1384,6 +1386,7 @@ kmip_decode_object_secret_data (struct kmip_decoding_state *kmip,
g_snprintf (num, sizeof (num), "%" G_GUINT32_FORMAT, res->block->type);
g_set_error (error, LIBVK_ERROR, LIBVK_ERROR_KMIP_UNSUPPORTED_VALUE,
_("Unsupported symmetric key format %s"), num);
+ kmip_object_secret_data_free (res);
return -1;
}
*obj = res;
diff --git a/lib/volume_luks.c b/lib/volume_luks.c
index d1c5d47..4d32d9b 100644
--- a/lib/volume_luks.c
+++ b/lib/volume_luks.c
@@ -547,8 +547,8 @@ luks_apply_secret (struct libvk_volume *vol, const struct libvk_volume *packet,
}
g_free (last_log_entry);
- g_return_val_if_fail (vol->v.luks->key_bytes == packet->v.luks->key_bytes,
- -1);
+ if (vol->v.luks->key_bytes != packet->v.luks->key_bytes)
+ goto err_passphrase;
luks_replace_key (vol, packet->v.luks->key);
luks_replace_passphrase (vol, passphrase);
vol->v.luks->passphrase_slot = res;
diff --git a/src/volume_key.c b/src/volume_key.c
index 074b187..24b70d6 100644
--- a/src/volume_key.c
+++ b/src/volume_key.c
@@ -735,6 +735,11 @@ write_packet (struct packet_output_state *pos, const char *filename,
|| g_file_set_contents (filename, packet, size, error) == FALSE)
{
g_prefix_error (error, _("Error creating `%s': "), filename);
+ if (packet != NULL) {
+ if (output_format_cleartext != 0)
+ memset (packet, 0, size);
+ g_free (packet);
+ }
return -1;
}
if (output_format_cleartext != 0)

100
volume_key.spec
View file

@ -32,8 +32,9 @@
Summary: An utility for manipulating storage encryption keys and passphrases
Name: volume_key
Version: 0.3.12
Release: 29%{?dist}
License: GPL-2.0-only AND (MPL-1.1 OR GPL-2.0-or-later OR LGPL-2.1-or-later)
Release: 4%{?dist}
# lib/{SECerrs,SSLerrs}.h are both licensed under MPLv1.1, GPLv2 and LGPLv2
License: GPLv2 and (MPLv1.1 or GPLv2 or LGPLv2)
URL: https://pagure.io/%{name}/
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
@ -41,15 +42,9 @@ Source0: https://releases.pagure.org/%{name}/%{name}-%{version}.tar.xz
# Support all LUKS devices
# - backport of 26c09768662d8958debe8c9410dae9fda02292c3
Patch0: volume_key-0.3.12-support_LUKS2_and_more.patch
# Fix resource leaks
# - backport of bf6618ec0b09b4e51fc97fa021e687fbd87599ba
Patch1: volume_key-0.3.12-fix_resource_leaks.patch
BuildRequires: autoconf, automake, libtool
BuildRequires: make
BuildRequires: gcc
BuildRequires: cryptsetup-devel, gettext-devel, glib2-devel, /usr/bin/gpg2
BuildRequires: gpgme-devel, libblkid-devel, nss-devel
BuildRequires: python3-devel, python3-setuptools
BuildRequires: cryptsetup-luks-devel, gettext-devel, glib2-devel, /usr/bin/gpg2
BuildRequires: gpgme-devel, libblkid-devel, nss-devel, python3-devel
%if 0%{?drop_python2} < 1
BuildRequires: python2-devel
%endif
@ -120,16 +115,14 @@ Requires: %{name}-libs%{?_isa} = %{version}-%{release}
%prep
%setup -q
%patch -P0 -p1
%patch -P1 -p1
autoreconf -fiv
%patch0 -p1
%build
%configure %{?with_pythons}
%make_build
make %{?_smp_mflags}
%install
%make_install
make install DESTDIR=$RPM_BUILD_ROOT INSTALL='install -p'
# Remove libtool archive
find %{buildroot} -type f -name "*.la" -delete
@ -173,83 +166,6 @@ exit 1; \
%endif
%changelog
* Tue Nov 11 2025 Michal Hlavinka <mhlavink@redhat.com> - 0.3.12-29
- rebuild for gpgme 2.0
* Fri Sep 19 2025 Python Maint <python-maint@redhat.com> - 0.3.12-28
- Rebuilt for Python 3.14.0rc3 bytecode
* Fri Aug 15 2025 Python Maint <python-maint@redhat.com> - 0.3.12-27
- Rebuilt for Python 3.14.0rc2 bytecode
* Fri Jul 25 2025 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.12-26
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Mon Jun 02 2025 Python Maint <python-maint@redhat.com> - 0.3.12-25
- Rebuilt for Python 3.14
* Sun Jan 19 2025 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.12-24
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Sat Jul 20 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.12-23
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Fri Jun 07 2024 Python Maint <python-maint@redhat.com> - 0.3.12-22
- Rebuilt for Python 3.13
* Sat Jan 27 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.12-21
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sat Jul 22 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.12-20
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Tue Jun 13 2023 Python Maint <python-maint@redhat.com> - 0.3.12-19
- Rebuilt for Python 3.12
* Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.12-18
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.12-17
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Mon Jun 13 2022 Python Maint <python-maint@redhat.com> - 0.3.12-16
- Rebuilt for Python 3.11
* Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.12-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Wed Aug 04 2021 Jiri Kucera <jkucera@redhat.com> - 0.3.12-14
- Fix FTBFS
- Move License tag back to GPLv2 (this is the effective license)
- Use make macros
* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.12-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Fri Jun 04 2021 Python Maint <python-maint@redhat.com> - 0.3.12-12
- Rebuilt for Python 3.10
* Wed Mar 31 2021 Jiri Kucera <jkucera@redhat.com> - 0.3.12-11
- Fix resource leaks
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.12-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.12-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 0.3.12-8
- Rebuilt for Python 3.9
* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.12-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Oct 03 2019 Miro Hrončok <mhroncok@redhat.com> - 0.3.12-6
- Rebuilt for Python 3.8.0rc1 (#1748018)
* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 0.3.12-5
- Rebuilt for Python 3.8
* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.12-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild