rpms / dracut

Clone
Source Code
GIT

Blame tests/add-luks-keys/runtest.sh

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   fbb2532e93d103ab9248f765081a35a37e631130
  2.   tests
  3.   add-luks-keys
  4.   runtest.sh
Blob History Raw
Mike Gahagan ec1f1e 
#!/bin/bash
Mike Gahagan ec1f1e 
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
Mike Gahagan ec1f1e 
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Mike Gahagan ec1f1e 
#
Mike Gahagan ec1f1e 
#   runtest.sh of /dracut/add-luks-keys
Mike Gahagan ec1f1e 
#   Description: Create and add a luks key to all luks devices to allow booting of a system without entering a passphrase
Mike Gahagan ec1f1e 
#   Author: Jan Stodola <jstodola@redhat.com>
Mike Gahagan ec1f1e 
#
Mike Gahagan ec1f1e 
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Mike Gahagan ec1f1e 
#
Mike Gahagan ec1f1e 
#   Copyright (c) 2016 Red Hat, Inc. All rights reserved.
Mike Gahagan ec1f1e 
#   Red Hat Internal
Mike Gahagan ec1f1e 
#
Mike Gahagan ec1f1e 
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Mike Gahagan ec1f1e
Mike Gahagan ec1f1e 
# Include Beaker environment
Mike Gahagan ec1f1e 
. /usr/bin/rhts-environment.sh || exit 1
Mike Gahagan ec1f1e 
. /usr/share/beakerlib/beakerlib.sh || exit 1
Mike Gahagan ec1f1e
Mike Gahagan ec1f1e 
PACKAGE="dracut"
Mike Gahagan ec1f1e
Mike Gahagan ec1f1e 
keyfile="/root/keyfile"
Mike Gahagan ec1f1e 
kernel_file=`grubby --default-kernel`
Mike Gahagan ec1f1e 
initrd_file=`grubby --info=$kernel_file | grep ^initrd= | sed 's/^initrd=//' | head -n1`
Mike Gahagan ec1f1e 
kernel_version=`rpm -qf $kernel_file --qf '%{VERSION}-%{RELEASE}.%{ARCH}\n'`
Mike Gahagan ec1f1e
Mike Gahagan ec1f1e 
rlJournalStart
Mike Gahagan ec1f1e 
  rlPhaseStartTest "Add luks keys to initramfs"
Mike Gahagan ec1f1e
Mike Gahagan ec1f1e 
    if [ ! -e "$keyfile" ]; then
Mike Gahagan ec1f1e 
      rlLog "Creating new key file: $keyfile"
Mike Gahagan ec1f1e 
      rlRun "dd if=/dev/urandom bs=1 count=32 of=$keyfile"
Mike Gahagan ec1f1e 
      rlRun "chmod 0400 $keyfile"
Mike Gahagan ec1f1e 
    else
Mike Gahagan ec1f1e 
      rlLog "Using existing key file: $keyfile"
Mike Gahagan ec1f1e 
    fi
Mike Gahagan ec1f1e
Mike Gahagan ec1f1e 
    rlAssertExists "/etc/crypttab"
Mike Gahagan ec1f1e 
    rlFileSubmit "/etc/crypttab"
Mike Gahagan ec1f1e 
    UUIDS=`cat /etc/crypttab | cut -d' ' -f2 | cut -d'=' -f2`
Mike Gahagan ec1f1e 
    for UUID in $UUIDS; do
Mike Gahagan ec1f1e 
      rlRun "echo 'redhat' | /sbin/cryptsetup luksAddKey /dev/disk/by-uuid/$UUID $keyfile"
Mike Gahagan ec1f1e 
    done;
Mike Gahagan ec1f1e
Mike Gahagan ec1f1e 
    # modify /etc/crypttab, set key file in the thirth column of the file
Mike Gahagan ec1f1e 
    rlRun "awk -v \"KEY_FILE=$keyfile\" '{\$3=KEY_FILE; print \$0}' /etc/crypttab > crypttab_mod"
Mike Gahagan ec1f1e 
    rlRun "mv -Z crypttab_mod /etc/crypttab"
Mike Gahagan ec1f1e 
    rlRun "chmod 0600 /etc/crypttab"
Mike Gahagan ec1f1e
Mike Gahagan ec1f1e 
    rlRun "dracut -f -I $keyfile $initrd_file $kernel_version"
Mike Gahagan ec1f1e
Mike Gahagan ec1f1e 
    # zipl has to be executed on s390x
Mike Gahagan ec1f1e 
    if [ -x /sbin/zipl ]; then
Mike Gahagan ec1f1e 
      rlRun "/sbin/zipl"
Mike Gahagan ec1f1e 
    fi
Mike Gahagan ec1f1e
Mike Gahagan ec1f1e 
  rlPhaseEnd
Mike Gahagan ec1f1e 
rlJournalEnd
Mike Gahagan ec1f1e

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation