Skip to content

Commit

Permalink
Test that the -o digest=XXX mount option work correctly
Browse files Browse the repository at this point in the history
Signed-off-by: Alexander Larsson <[email protected]>
  • Loading branch information
alexlarsson committed Sep 21, 2023
1 parent 07a1a09 commit e0b8e76
Show file tree
Hide file tree
Showing 2 changed files with 59 additions and 2 deletions.
34 changes: 33 additions & 1 deletion tests/test-lib.sh
Original file line number Diff line number Diff line change
@@ -1,5 +1,28 @@
#!/usr/bin/bash

fatal() {
echo $@ 1>&2; exit 1
}

# Dump ls -al + file contents to stderr, then fatal()
_fatal_print_file() {
file="$1"
shift
ls -al "$file" >&2
sed -e 's/^/# /' < "$file" >&2
fatal "$@"
}

assert_file_has_content () {
fpath=$1
shift
for re in "$@"; do
if ! grep -q -e "$re" "$fpath"; then
_fatal_print_file "$fpath" "File '$fpath' doesn't match regexp '$re'"
fi
done
}

check_whiteout () {
tmpfile=$(mktemp /tmp/lcfs-whiteout.XXXXXX)
rm -f $tmpfile
Expand Down Expand Up @@ -31,8 +54,17 @@ check_erofs_fsck () {
fi
}

check_fsverity () {
fsverity --version >/dev/null 2>&1 || return 1
tmpfile=$(mktemp /var/tmp/lcfs-fsverity.XXXXXX)
echo foo > $tmpfile
fsverity enable $tmpfile fsverity --version >/dev/null 2>&1 || return 1
return 0
}

[[ -v can_whiteout ]] || can_whiteout=$(check_whiteout)
[[ -v has_fuse ]] || has_fuse=$(if check_fuse; then echo y; else echo n; fi)
[[ -v has_fsck ]] || has_fsck=$(check_erofs_fsck)
[[ -v has_fsverity ]] || has_fsverity=$(if check_fsverity; then echo y; else echo n; fi)

echo Test options: can_whiteout=$can_whiteout has_fuse=$has_fuse has_fsck=$has_fsck
echo Test options: can_whiteout=$can_whiteout has_fuse=$has_fuse has_fsck=$has_fsck has_fsverity=$has_fsverity
27 changes: 26 additions & 1 deletion tests/test-units.sh
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@ set -e
workdir=$(mktemp -d /var/tmp/lcfs-test.XXXXXX)
trap 'rm -rf -- "$workdir"' EXIT

. test-lib.sh

function makeimage () {
local dir=$1
${VALGRIND_PREFIX} $BINDIR/mkcomposefs --digest-store=$dir/objects $dir/root $dir/test.cfs
Expand Down Expand Up @@ -44,7 +46,30 @@ function test_objects () {
fi
}

TESTS="test_inline test_objects"
function test_mount_digest () {
local dir=$1
echo foo > $dir/root/a-file
makeimage $dir

$BINDIR/mount.composefs -o basedir=$dir/objects,digest=3d248ca542a24fc62d1c43b916eae5016878e2533c88238480b26128a1f1af95 $dir/test.cfs $dir/mnt 2> $dir/stderr && fatal "non-fsverity mount should not succeed"
assert_file_has_content $dir/stderr "Image has no fs-verity"

if [ has_fsverity = y ]; then
fsverity enable $dir/test.cfs

local DIGEST=$(fsverity measure a | awk "{ print \$1 }" | sed s/sha256://)
echo "DIGEST=$DIGEST"

$BINDIR/mount.composefs -o basedir=$dir/objects,digest=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa $dir/test.cfs $dir/mnt 2> $dir/stderr && fatal "wrong fsverity mount should not succeed"
assert_file_has_content $dir/stderr "Image has wrong fs-verity"

$BINDIR/mount.composefs -o basedir=$dir/objects,digest=$DIGEST $dir/test.cfs $dir/mnt 2> $dir/stderr && fatal "Should not have been able to mount unprivileged"
cat $dir/stderr
return 1
fi
}

TESTS="test_inline test_objects test_mount_digest"
res=0
for i in $TESTS; do
testdir=$(mktemp -d $workdir/$i.XXXXXX)
Expand Down

0 comments on commit e0b8e76

Please sign in to comment.