summaryrefslogtreecommitdiff
path: root/tests/unittests/test_commands_block_meta.py
diff options
context:
space:
mode:
Diffstat (limited to 'tests/unittests/test_commands_block_meta.py')
-rw-r--r--tests/unittests/test_commands_block_meta.py64
1 files changed, 64 insertions, 0 deletions
diff --git a/tests/unittests/test_commands_block_meta.py b/tests/unittests/test_commands_block_meta.py
index 1a1f65d6..9d7d0f3d 100644
--- a/tests/unittests/test_commands_block_meta.py
+++ b/tests/unittests/test_commands_block_meta.py
@@ -2198,6 +2198,70 @@ class TestDmCryptHandler(CiTestCase):
self.m_subp.assert_has_calls(expected_calls)
self.assertEqual(len(util.load_file(self.crypttab).splitlines()), 1)
+ def test_dm_crypt_zkey_cryptsetup_with_recovery_key(self):
+ """ verify dm_crypt zkey calls generates and run before crypt open."""
+
+ # zkey binary is present
+ self.m_block.zkey_supported.return_value = True
+ self.m_which.return_value = "/my/path/to/zkey"
+ volume_path = self.random_string()
+ self.m_getpath.return_value = volume_path
+ volume_byid = "/dev/disk/by-id/ccw-%s" % volume_path
+ self.m_block.disk_to_byid_path.return_value = volume_byid
+
+ recovery_keyfile = self.random_string()
+
+ config = {
+ 'storage': {
+ 'version': 1,
+ 'config': [
+ {'grub_device': True,
+ 'id': 'sda',
+ 'name': 'sda',
+ 'path': '/wark/xxx',
+ 'ptable': 'msdos',
+ 'type': 'disk',
+ 'wipe': 'superblock'},
+ {'device': 'sda',
+ 'id': 'sda-part1',
+ 'name': 'sda-part1',
+ 'number': 1,
+ 'size': '511705088B',
+ 'type': 'partition'},
+ {'id': 'dmcrypt0',
+ 'type': 'dm_crypt',
+ 'dm_name': 'cryptroot',
+ 'volume': 'sda-part1',
+ 'cipher': self.cipher,
+ 'keysize': self.keysize,
+ 'keyfile': self.keyfile,
+ 'recovery_keyfile': recovery_keyfile},
+ ],
+ }
+ }
+ storage_config = block_meta.extract_storage_ordered_dict(config)
+
+ info = storage_config['dmcrypt0']
+
+ volume_name = "%s:%s" % (volume_byid, info['dm_name'])
+ block_meta.dm_crypt_handler(info, storage_config, empty_context)
+ expected_calls = [
+ call(['zkey', 'generate', '--xts', '--volume-type', 'luks2',
+ '--sector-size', '4096', '--name', info['dm_name'],
+ '--description',
+ 'curtin generated zkey for %s' % volume_name,
+ '--volumes', volume_name], capture=True),
+ call(['zkey', 'cryptsetup', '--run', '--volumes', volume_byid,
+ '--batch-mode', '--key-file', self.keyfile], capture=True),
+ call(['cryptsetup', 'luksAddKey',
+ '--key-file', self.keyfile,
+ volume_path, recovery_keyfile]),
+ call(['cryptsetup', 'open', '--type', 'luks2', volume_path,
+ info['dm_name'], '--key-file', self.keyfile]),
+ ]
+ self.m_subp.assert_has_calls(expected_calls)
+ self.assertEqual(len(util.load_file(self.crypttab).splitlines()), 1)
+
def test_dm_crypt_zkey_gen_failure_fallback_to_cryptsetup(self):
""" verify dm_cyrpt zkey generate err falls back cryptsetup format. """