def cryptdisks_start_helper(self, emulated):
"""
Test cryptdisks_start integration and emulation.
This test requires the following line to be present in ``/etc/crypttab``::
linux-utils /tmp/linux-utils.img /tmp/linux-utils.key discard,luks,noauto,readonly,tries=1
"""
if not any(entry.target == TEST_TARGET_NAME and entry.source ==
TEST_IMAGE_FILE and entry.key_file == TEST_KEY_FILE
and 'luks' in entry.options for entry in parse_crypttab()):
return self.skipTest(
"/etc/crypttab isn't set up to test cryptdisks_start!")
context = LocalContext()
if emulated:
# Disable the use of the `cryptdisks_start' program.
context.find_program = MagicMock(return_value=[])
# Generate the key file.
with TemporaryKeyFile(filename=TEST_KEY_FILE):
# Create the image file and the encrypted filesystem.
create_image_file(filename=TEST_IMAGE_FILE,
size=coerce_size('10 MiB'))
create_encrypted_filesystem(device_file=TEST_IMAGE_FILE,
key_file=TEST_KEY_FILE)
# Make sure the mapped device file doesn't exist yet.
assert not os.path.exists(TEST_TARGET_DEVICE)
# Unlock the encrypted filesystem using `cryptdisks_start'.
if emulated:
cryptdisks_start(context=context, target=TEST_TARGET_NAME)
else:
returncode, output = run_cli(cryptdisks_start_cli,
TEST_TARGET_NAME)
assert returncode == 0
# Make sure the mapped device file has appeared.
assert os.path.exists(TEST_TARGET_DEVICE)
# Unlock the encrypted filesystem again (this should be a no-op).
cryptdisks_start(context=context, target=TEST_TARGET_NAME)
# Make sure the mapped device file still exists.
assert os.path.exists(TEST_TARGET_DEVICE)
# Lock the filesystem before we finish.
if emulated:
cryptdisks_stop(context=context, target=TEST_TARGET_NAME)
else:
returncode, output = run_cli(cryptdisks_stop_cli,
TEST_TARGET_NAME)
assert returncode == 0
# Make sure the mapped device file has disappeared.
assert not os.path.exists(TEST_TARGET_DEVICE)
# Lock the filesystem again (this should be a no-op).
cryptdisks_stop(context=context, target=TEST_TARGET_NAME)
# Make sure the mapped device file is still gone.
assert not os.path.exists(TEST_TARGET_DEVICE)
# Test the error handling.
for function in cryptdisks_start, cryptdisks_stop:
self.assertRaises(
ValueError if emulated else ExternalCommandFailed,
function,
context=context,
target=TEST_UNKNOWN_TARGET,
)
def test_create_encrypted_filesystem(self):
"""Test creation of encrypted filesystems."""
with TemporaryKeyFile(filename=TEST_KEY_FILE):
create_image_file(filename=TEST_IMAGE_FILE,
size=coerce_size('10 MiB'))
create_encrypted_filesystem(device_file=TEST_IMAGE_FILE,
key_file=TEST_KEY_FILE)
assert 'LUKS' in execute('file', TEST_IMAGE_FILE, capture=True)
def test_create_image_file(self):
"""Test image file creation."""
size = coerce_size('1 MiB')
create_image_file(TEST_IMAGE_FILE, size)
# Make sure the image file was created with the correct size.
assert os.path.getsize(TEST_IMAGE_FILE) == size
# Make sure the contents of the image file are zero bytes.
with open(TEST_IMAGE_FILE, 'rb') as handle:
for byte in iter(functools.partial(handle.read, 1), b''):
assert byte == b'\x00'
def prepared_image_file(create_filesystem=True):
"""Prepare an image file containing an encrypted filesystem (ext4 on top of LUKS)."""
with TemporaryKeyFile(filename=KEY_FILE):
create_image_file(filename=IMAGE_FILE, size='10M')
create_encrypted_filesystem(device_file=IMAGE_FILE, key_file=KEY_FILE)
# Create a filesystem on the encrypted image file?
if create_filesystem:
with unlocked_device(CRYPTO_NAME):
execute('mkfs.ext4', FILESYSTEM_DEVICE, sudo=True)
yield
os.unlink(IMAGE_FILE)
def test_unlock_encrypted_filesystem(self):
"""Test unlocking of encrypted filesystems."""
with TemporaryKeyFile(filename=TEST_KEY_FILE):
create_image_file(filename=TEST_IMAGE_FILE,
size=coerce_size('10 MiB'))
create_encrypted_filesystem(device_file=TEST_IMAGE_FILE,
key_file=TEST_KEY_FILE)
unlock_filesystem(device_file=TEST_IMAGE_FILE,
target=TEST_TARGET_NAME,
key_file=TEST_KEY_FILE)
assert os.path.exists(os.path.join('/dev/mapper',
TEST_TARGET_NAME))
lock_filesystem(target=TEST_TARGET_NAME)
assert not os.path.exists(
os.path.join('/dev/mapper', TEST_TARGET_NAME))