From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.90_1) id 1o3Hdd-0003mt-8A for mharc-grub-devel@gnu.org; Mon, 20 Jun 2022 09:40:22 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:36882) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1o3HdY-0003mI-N2 for grub-devel@gnu.org; Mon, 20 Jun 2022 09:40:16 -0400 Received: from smtp-out2.suse.de ([195.135.220.29]:35574) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1o3HdO-0002mS-RS for grub-devel@gnu.org; Mon, 20 Jun 2022 09:40:08 -0400 Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 0CD361FD96; Mon, 20 Jun 2022 13:40:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1655732404; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=LQlefE5fHEu2P84Tsl9MEk3JOHTTmIsofzWfvb5Njio=; b=ig1pEEjFk3va4xJ10XQGXkhmOkeK5+jY7QIoHjR45F2RMJC5sxDORcDeSH2QGyKjvrLxJT 48v+q+uOKnBZCYr8FGadLXMdAT5UKwLp3nH+XbMwMlM9M392zCJ+oJ0vFoQSMflwoqg0mP koxYTu1o89IiIi3Z0z1rvcyrOX3omno= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1655732404; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=LQlefE5fHEu2P84Tsl9MEk3JOHTTmIsofzWfvb5Njio=; b=KxB/AigECaBRkKoksYrYU2H5CHaZxvgVkJHaqRrrdW/NPpYg7hM4NNR1DuzDnlf4RB2XZN CqdoxNiM/dzkfKDA== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id EA7DE134CA; Mon, 20 Jun 2022 13:40:03 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id BMN8OLN4sGLlRgAAMHmgww (envelope-from ); Mon, 20 Jun 2022 13:40:03 +0000 From: Fabian Vogt To: grub-devel@gnu.org Cc: development@efficientek.com, Daniel Kiper , Pierre-Louis Bonicoli Subject: Re: [PATCH v3] grub-fs-tester: Add luks1 and luks2 support Date: Mon, 20 Jun 2022 15:40:03 +0200 Message-ID: <1967389.iY1ToOOz4B@linux-e202.suse.de> In-Reply-To: <20220615130357.368f427f@crass-HP-ZBook-15-G2> References: <20220615024303.59354-1-development@efficientek.com> <11998985.O9o76ZdvQC@linux-e202.suse.de> <20220615130357.368f427f@crass-HP-ZBook-15-G2> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="UTF-8" Received-SPF: pass client-ip=195.135.220.29; envelope-from=fvogt@suse.de; helo=smtp-out2.suse.de X-Spam_score_int: -43 X-Spam_score: -4.4 X-Spam_bar: ---- X-Spam_report: (-4.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Jun 2022 13:40:17 -0000 Hi, Am Mittwoch, 15. Juni 2022, 20:03:57 CEST schrieb Glenn Washburn: > On Wed, 15 Jun 2022 11:43:25 +0200 > Fabian Vogt wrote: >=20 > > Hi, > >=20 > > Am Mittwoch, 15. Juni 2022, 04:43:03 CEST schrieb Glenn Washburn: > > > From: Pierre-Louis Bonicoli > > >=20 > > > The logical sector size used by LUKS1 is 512 bytes and LUKS2 uses 512= to > > > 4069 bytes. The deafualt password used is "pass", but can be overridd= en > > > by setting the PASS environment variable. The device mapper name is s= et > > > to the name of the temp directory so that its easy to corrolate device > > > mapper name with a particular test run. Also since this name is unique > > > per test run, multiple simultaneous test runs are allowed. > > >=20 > > > Note that cryptsetup is passing the --disable-locks parameter to allow > > > cryptsetup run successfully when /run/lock/cryptsetup is not accessib= le. > > > Since the device mapper name is unique per test run, there is no need= to > > > worry about locking the device to serialize access. > > >=20 > > > Signed-off-by: Pierre-Louis Bonicoli > > > Signed-off-by: Glenn Washburn > > > --- > > > This is a heavily modified version of Pierre-Louis's v2 patch. It has= been > > > tested with Fabian's v3 and Josselin's v4 series. Some notable differ= ences > > > from the previous version: > > > * Rebase on to master accounting for cleanup() changes > > > * Allow multple tests runs to run simultaneously > > > * Allow specifying alternate password with environment variable > > > * Fixed bug in previous version where LC_ALL=3DC was being set for e= cho and > > > not run_it > > > * Make output on UUID fail consistent with other filesystems > > > * Allow tests to work with older cryptsetups > > > * Fixed bug where luks1 tests were actually testing luks2 > > > * Address my review comments > > >=20 > > > Note: The luks2 test will fail without some form of working grub-probe > > > support for luks2. This patch is independent of the above mentioned > > > patch series, will apply without them just fine, and can be reviewed > > > independently. > > >=20 > > > Glenn > > > --- > > > .gitignore | 2 ++ > > > Makefile.util.def | 12 ++++++++ > > > tests/luks1_test.in | 23 +++++++++++++++ > > > tests/luks2_test.in | 23 +++++++++++++++ > > > tests/util/grub-fs-tester.in | 57 ++++++++++++++++++++++++++++++++++= =2D- > > > 5 files changed, 115 insertions(+), 2 deletions(-) > > > create mode 100644 tests/luks1_test.in > > > create mode 100644 tests/luks2_test.in > > >=20 > > > diff --git a/.gitignore b/.gitignore > > > index f6a1bd051..4064d3d1e 100644 > > > --- a/.gitignore > > > +++ b/.gitignore > > > @@ -230,6 +230,8 @@ widthspec.bin > > > /lib/libgcrypt-grub > > > /libgrub_a_init.c > > > /lzocompress_test > > > +/luks1_test > > > +/luks2_test > > > /m4/ > > > /minixfs_test > > > /missing > > > diff --git a/Makefile.util.def b/Makefile.util.def > > > index d919c562c..3f1162b76 100644 > > > --- a/Makefile.util.def > > > +++ b/Makefile.util.def > > > @@ -1213,6 +1213,18 @@ script =3D { > > > common =3D tests/syslinux_test.in; > > > }; > > > =20 > > > +script =3D { > > > + testcase =3D native; > > > + name =3D luks1_test; > > > + common =3D tests/luks1_test.in; > > > +}; > > > + > > > +script =3D { > > > + testcase =3D native; > > > + name =3D luks2_test; > > > + common =3D tests/luks2_test.in; > > > +}; > > > + > > > program =3D { > > > testcase =3D native; > > > name =3D example_unit_test; > > > diff --git a/tests/luks1_test.in b/tests/luks1_test.in > > > new file mode 100644 > > > index 000000000..cd28fd714 > > > --- /dev/null > > > +++ b/tests/luks1_test.in > > > @@ -0,0 +1,23 @@ > > > +#!@BUILD_SHEBANG@ > > > + > > > +set -e > > > + > > > +if [ "x$EUID" =3D "x" ] ; then > > > + EUID=3D`id -u` > > > +fi > > > + > > > +if [ "$EUID" !=3D 0 ] ; then > > > + exit 99 > > > +fi > > > + > > > +if ! which mkfs.ext2 >/dev/null 2>&1; then > > > + echo "mkfs.ext2 not installed; cannot test luks." > > > + exit 99 > > > +fi > > > + > > > +if ! which cryptsetup >/dev/null 2>&1; then > > > + echo "cryptsetup not installed; cannot test luks." > > > + exit 99 > > > +fi > > > + > > > +"@builddir@/grub-fs-tester" luks1 > > > diff --git a/tests/luks2_test.in b/tests/luks2_test.in > > > new file mode 100644 > > > index 000000000..6a26ba626 > > > --- /dev/null > > > +++ b/tests/luks2_test.in > > > @@ -0,0 +1,23 @@ > > > +#!@BUILD_SHEBANG@ > > > + > > > +set -e > > > + > > > +if [ "x$EUID" =3D "x" ] ; then > > > + EUID=3D`id -u` > > > +fi > > > + > > > +if [ "$EUID" !=3D 0 ] ; then > > > + exit 99 > > > +fi > > > + > > > +if ! which mkfs.ext2 >/dev/null 2>&1; then > > > + echo "mkfs.ext2 not installed; cannot test luks2." > > > + exit 99 > > > +fi > > > + > > > +if ! which cryptsetup >/dev/null 2>&1; then > > > + echo "cryptsetup not installed; cannot test luks2." > > > + exit 99 > > > +fi > > > + > > > +"@builddir@/grub-fs-tester" luks2 > > > diff --git a/tests/util/grub-fs-tester.in b/tests/util/grub-fs-tester= =2Ein > > > index 43f6175c3..e488c0e41 100644 > > > --- a/tests/util/grub-fs-tester.in > > > +++ b/tests/util/grub-fs-tester.in > > > @@ -6,6 +6,7 @@ export BLKID_FILE=3D/dev/null > > > fs=3D"$1" > > > =20 > > > GRUBFSTEST=3D"@builddir@/grub-fstest" > > > +GRUBPROBE=3D"@builddir@/grub-probe" > > > =20 > > > tempdir=3D`mktemp -d "${TMPDIR:-/tmp}/${0##*/}.$(date '+%Y%m%d%H%M%S= %N').${fs}.XXX"` || > > > { echo "Failed to make temporary directory"; exit 99; } > > > @@ -13,6 +14,8 @@ tempdir=3D`mktemp -d "${TMPDIR:-/tmp}/${0##*/}.$(da= te '+%Y%m%d%H%M%S%N').${fs}.XXX > > > # xorriso -as mkisofs options to ignore locale when processing file = names and > > > # FSLABEL. This is especially needed for the conversion to Joliet UC= S-2. > > > XORRISOFS_CHARSET=3D"-input-charset UTF-8 -output-charset UTF-8" > > > +DMNAME=3D"${tempdir##*/}" > > > +PASS=3D"${PASS:-pass}" > > > =20 > > > MOUNTS=3D > > > LODEVICES=3D > > > @@ -28,6 +31,10 @@ cleanup() { > > > umount "$i" || : > > > done > > > =20 > > > + if [ -e /dev/mapper/"$DMNAME" ]; then > > > + cryptsetup close --disable-locks "$DMNAME" > > > + fi > > > + > > > for lodev in $LODEVICES; do > > > local i=3D600 > > > while losetup -l -O NAME | grep -q "^$lodev\$"; do > > > @@ -68,7 +75,12 @@ run_grubfstest () { > > > need_images=3D"$need_images $FSIMAGEP${i}.img"; > > > done > > > =20 > > > - run_it -c $NEED_IMAGES_N $need_images "$@" > > > + case x"$fs" in > > > + xluks*) > > > + echo -n "$PASS" | run_it -C -c $NEED_IMAGES_N $need_images "$@= ";; > > > + *) > > > + run_it -c $NEED_IMAGES_N $need_images "$@";; > > > + esac > > > } > > > =20 > > > # OS LIMITATION: GNU/Linux has no AFS support, so we use a premade i= mage and a reference tar file. I.a. no multiblocksize test > > > @@ -76,6 +88,8 @@ run_grubfstest () { > > > MINLOGSECSIZE=3D9 > > > MAXLOGSECSIZE=3D9 > > > case x"$fs" in > > > + xluks2) > > > + MAXLOGSECSIZE=3D12;; > > > xntfs*) > > > MINLOGSECSIZE=3D8 > > > MAXLOGSECSIZE=3D12;; > > > @@ -363,7 +377,7 @@ for LOGSECSIZE in $(range "$MINLOGSECSIZE" "$MAXL= OGSECSIZE" 1); do > > > #FSLABEL=3D"g;/_=C3=A9=F0=AF=A6=9B=F0=AF=A6=9D=F0=9F=98=81=D0= =BA=D0=B8=D1=82 u" > > > ;; > > > # FS LIMITATION: reiserfs, extN and jfs label is at most 16 UTF-8 = characters > > > - x"reiserfs_old" | x"reiserfs" | x"ext"* | x"lvm"* | x"mdraid"* | x= "jfs" | x"jfs_caseins") > > > + x"reiserfs_old" | x"reiserfs" | x"ext"* | x"lvm"* | x"luks"* | x"m= draid"* | x"jfs" | x"jfs_caseins") > > > FSLABEL=3D"g;/=C3=A9=D1=82 =F0=AF=A6=9B=F0=9F=98=81";; > > > # FS LIMITATION: No underscore, space, semicolon, slash or interna= tional characters in UFS* in label. Limited to 32 UTF-8 characters > > > x"ufs1" | x"ufs1_sun" | x"ufs2") > > > @@ -832,6 +846,12 @@ for LOGSECSIZE in $(range "$MINLOGSECSIZE" "$MAX= LOGSECSIZE" 1); do > > > MOUNTDEVICE=3D"/dev/mapper/grub_test-testvol" > > > MOUNTFS=3Dext2 > > > "mkfs.ext2" -L "$FSLABEL" -q "${MOUNTDEVICE}" ;; > > > + x"luks"*) > > > + echo -n "$PASS" | cryptsetup luksFormat --type "$fs" --sector-= size $SECSIZE --pbkdf pbkdf2 --disable-locks $LODEVICE > >=20 > > With the default "pass" password this fails here due to pwquality check= s. > > Can you add "--force-password"? With that it works fine here, both LUKS= 1 and > > with the required patches also LUKS2. >=20 > Yes, I can, but I'm curious why I'm not seeing this. What version of > cryptsetup are you using and for what distro? openSUSE Tumbleweed, cryptsetup 2.4.3 built with --enable-pwquality. Cheers, =46abian > Glenn >=20 > >=20 > > Thanks, > > Fabian > >=20 > > > + echo -n "$PASS" | cryptsetup open --disable-locks $LODEVICE "$= DMNAME" > > > + MOUNTDEVICE=3D"/dev/mapper/${DMNAME}" > > > + MOUNTFS=3Dext2 > > > + "mkfs.ext2" -L "$FSLABEL" -q "${MOUNTDEVICE}" ;; > > > xf2fs) > > > "mkfs.f2fs" -l "$FSLABEL" -q "${MOUNTDEVICE}" ;; > > > xnilfs2) > > > @@ -944,6 +964,22 @@ for LOGSECSIZE in $(range "$MINLOGSECSIZE" "$MAX= LOGSECSIZE" 1); do > > > GRUBDEVICE=3D"mduuid/`mdadm --detail --export $MOUNTDEVICE | g= rep MD_UUID=3D|sed 's,MD_UUID=3D,,g;s,:,,g'`";; > > > xlvm*) > > > GRUBDEVICE=3D"lvm/grub_test-testvol";; > > > + xluks*) > > > + if test x"$fs" =3D xluks2 && ! (cryptsetup luksDump --debug-js= on --disable-locks $LODEVICE | grep -q "\"sector_size\":$SECSIZE"); then > > > + echo "Unexpected sector size for $LODEVICE (expected: $SECSIZ= E)" > > > + exit 1 > > > + fi > > > + > > > + UUID=3D$(cryptsetup luksUUID --disable-locks $LODEVICE | tr -d= '-') > > > + PROBE_UUID=3D$("$GRUBPROBE" --device $MOUNTDEVICE --target=3Dc= ryptodisk_uuid) > > > + if [ x"$UUID" !=3D x"$PROBE_UUID" ]; then > > > + echo "UUID FAIL" > > > + echo "$UUID" > > > + echo "$PROBE_UUID" > > > + exit 1 > > > + fi > > > + GRUBDEVICE=3D"cryptouuid/${UUID}" > > > + ;; > > > esac > > > GRUBDIR=3D"($GRUBDEVICE)" > > > case x"$fs" in > > > @@ -1102,6 +1138,15 @@ for LOGSECSIZE in $(range "$MINLOGSECSIZE" "$M= AXLOGSECSIZE" 1); do > > > sleep 1 > > > vgchange -a n grub_test > > > ;; > > > + xluks*) > > > + for try in $(range 0 20 1); do > > > + if umount "$MNTPOINTRW" ; then > > > + break; > > > + fi > > > + done > > > + UMOUNT_TIME=3D$(date -u "+%Y-%m-%d %H:%M:%S") > > > + cryptsetup close --disable-locks "$DMNAME" > > > + ;; > > > xmdraid*) > > > sleep 1 > > > for try in $(range 0 20 1); do > > > @@ -1152,6 +1197,11 @@ for LOGSECSIZE in $(range "$MINLOGSECSIZE" "$M= AXLOGSECSIZE" 1); do > > > mount -t "$MOUNTFS" "${MOUNTDEVICE}" "$MNTPOINTRO" -o ${MOUNTO= PTS}${SELINUXOPTS}ro > > > MOUNTS=3D"$MOUNTS $MNTPOINTRO" > > > ;; > > > + xluks*) > > > + echo -n "$PASS" | cryptsetup open --disable-locks $LODEVICE "$= DMNAME" > > > + mount -t "$MOUNTFS" "${MOUNTDEVICE}" "$MNTPOINTRO" -o ${MOUNTO= PTS}${SELINUXOPTS}ro > > > + MOUNTS=3D"$MOUNTS $MNTPOINTRO" > > > + ;; > > > xmdraid*) > > > mdadm --assemble /dev/md/"${fs}_$NDEVICES" $LODEVICES > > > sleep 1 > > > @@ -1600,6 +1650,9 @@ for LOGSECSIZE in $(range "$MINLOGSECSIZE" "$MA= XLOGSECSIZE" 1); do > > > vgchange -a n grub_test > > > sleep 1 > > > ;; > > > + xluks*) > > > + cryptsetup close --disable-locks "$DMNAME" > > > + ;; > > > esac > > > case x"$fs" in > > > x"tarfs" | x"cpio_"* | x"iso9660" | xrockridge | xjoliet | xrockri= dge_joliet | x"ziso9660" | x"romfs" | x"squash4_"* | x"iso9660_1999" | xroc= kridge_1999 | xjoliet_1999 | xrockridge_joliet_1999) ;; > > >=20