class TestLuksDevice(object):
def setup(self):
storage_device = mock.Mock()
storage_device.get_byte_size = mock.Mock(return_value=1048576)
storage_device.get_uuid = mock.Mock(return_value='0815')
storage_device.get_device = mock.Mock(return_value='/dev/some-device')
storage_device.is_loop = mock.Mock(return_value=True)
self.luks = LuksDevice(storage_device)
@raises(KiwiLuksSetupError)
def test_create_crypto_luks_empty_passphrase(self):
self.luks.create_crypto_luks('')
@raises(KiwiLuksSetupError)
def test_create_crypto_luks_unsupported_os_options(self):
self.luks.create_crypto_luks('passphrase', 'some-os')
@patch('os.path.exists')
def test_get_device(self, mock_path):
mock_path.return_value = True
self.luks.luks_device = '/dev/mapper/luksRoot'
assert self.luks.get_device().get_device() == '/dev/mapper/luksRoot'
self.luks.luks_device = None
@patch('kiwi.storage.luks_device.Command.run')
@patch('kiwi.storage.luks_device.NamedTemporaryFile')
@patch_open
def test_create_crypto_luks(self, mock_open, mock_tmpfile, mock_command):
tmpfile = mock.Mock()
tmpfile.name = 'tmpfile'
mock_tmpfile.return_value = tmpfile
self.luks.create_crypto_luks('passphrase', 'sle12')
assert mock_command.call_args_list == [
call([
'dd', 'if=/dev/urandom', 'bs=1M', 'count=1',
'of=/dev/some-device'
]),
call([
'cryptsetup', '-q', '--key-file', 'tmpfile', '--cipher',
'aes-xts-plain64', '--key-size', '256', '--hash', 'sha1',
'luksFormat', '/dev/some-device'
]),
call([
'cryptsetup', '--key-file', 'tmpfile', 'luksOpen',
'/dev/some-device', 'luksRoot'
])
]
self.luks.luks_device = None
@patch_open
def test_create_crypttab(self, mock_open):
self.luks.luks_device = '/dev/mapper/luksRoot'
context_manager_mock = mock.Mock()
mock_open.return_value = context_manager_mock
file_mock = mock.Mock()
enter_mock = mock.Mock()
exit_mock = mock.Mock()
enter_mock.return_value = file_mock
setattr(context_manager_mock, '__enter__', enter_mock)
setattr(context_manager_mock, '__exit__', exit_mock)
self.luks.create_crypttab('crypttab')
file_mock.write.assert_called_once_with('luks UUID=0815\n')
self.luks.luks_device = None
def test_is_loop(self):
assert self.luks.is_loop() is True
@patch('kiwi.storage.luks_device.Command.run')
@patch('kiwi.storage.luks_device.log.warning')
def test_destructor(self, mock_log_warn, mock_command):
self.luks.luks_device = '/dev/mapper/luksRoot'
mock_command.side_effect = Exception
self.luks.__del__()
mock_command.assert_called_once_with(
['cryptsetup', 'luksClose', 'luksRoot'])
assert mock_log_warn.called
self.luks.luks_device = None
class TestLuksDevice(object):
def setup(self):
storage_device = Mock()
storage_device.get_byte_size = Mock(return_value=1048576)
storage_device.get_uuid = Mock(return_value='0815')
storage_device.get_device = Mock(return_value='/dev/some-device')
storage_device.is_loop = Mock(return_value=True)
self.luks = LuksDevice(storage_device)
def test_create_crypto_luks_empty_passphrase(self):
with raises(KiwiLuksSetupError):
self.luks.create_crypto_luks('')
def test_create_crypto_luks_unsupported_os_options(self):
with raises(KiwiLuksSetupError):
self.luks.create_crypto_luks('passphrase', 'some-os')
@patch('os.path.exists')
def test_get_device(self, mock_path):
mock_path.return_value = True
self.luks.luks_device = '/dev/mapper/luksRoot'
assert self.luks.get_device().get_device() == '/dev/mapper/luksRoot'
self.luks.luks_device = None
@patch('kiwi.storage.luks_device.Command.run')
@patch('kiwi.storage.luks_device.NamedTemporaryFile')
def test_create_crypto_luks(self, mock_tmpfile, mock_command):
tmpfile = Mock()
tmpfile.name = 'tmpfile'
mock_tmpfile.return_value = tmpfile
with patch('builtins.open', create=True):
self.luks.create_crypto_luks(passphrase='passphrase',
os='sle12',
keyfile='some-keyfile')
assert mock_command.call_args_list == [
call([
'dd', 'if=/dev/urandom', 'bs=1M', 'count=1',
'of=/dev/some-device'
]),
call([
'cryptsetup', '-q', '--key-file', 'tmpfile', '--cipher',
'aes-xts-plain64', '--key-size', '256', '--hash', 'sha1',
'luksFormat', '/dev/some-device'
]),
call([
'cryptsetup', '--key-file', 'tmpfile', 'luksAddKey',
'/dev/some-device', 'some-keyfile'
]),
call([
'cryptsetup', '--key-file', 'tmpfile', 'luksOpen',
'/dev/some-device', 'luksRoot'
])
]
self.luks.luks_device = None
def test_create_crypttab(self):
self.luks.luks_device = '/dev/mapper/luksRoot'
self.luks.luks_keyfile = None
with patch('builtins.open', create=True) as mock_open:
mock_open.return_value = MagicMock(spec=io.IOBase)
file_handle = mock_open.return_value.__enter__.return_value
self.luks.create_crypttab('crypttab')
file_handle.write.assert_called_once_with('luks UUID=0815\n')
self.luks.luks_device = None
self.luks.luks_keyfile = 'some-keyfile'
with patch('builtins.open', create=True) as mock_open:
mock_open.return_value = MagicMock(spec=io.IOBase)
file_handle = mock_open.return_value.__enter__.return_value
self.luks.create_crypttab('crypttab')
file_handle.write.assert_called_once_with(
'luks UUID=0815 /some-keyfile\n')
self.luks.luks_device = None
@patch('os.urandom')
def test_create_random_keyfile(self, mock_os_urandom):
secret = b'secret'
mock_os_urandom.return_value = secret
with patch('builtins.open', create=True) as mock_open:
mock_open.return_value = MagicMock(spec=io.IOBase)
file_handle = mock_open.return_value.__enter__.return_value
LuksDevice.create_random_keyfile('some-file')
file_handle.write.assert_called_once_with(secret)
def test_is_loop(self):
assert self.luks.is_loop() is True
@patch('kiwi.storage.luks_device.Command.run')
@patch('kiwi.storage.luks_device.log.warning')
def test_destructor(self, mock_log_warn, mock_command):
self.luks.luks_device = '/dev/mapper/luksRoot'
mock_command.side_effect = Exception
self.luks.__del__()
mock_command.assert_called_once_with(
['cryptsetup', 'luksClose', 'luksRoot'])
assert mock_log_warn.called
self.luks.luks_device = None
class TestLuksDevice(object):
def setup(self):
storage_device = mock.Mock()
storage_device.get_byte_size = mock.Mock(
return_value=1048576
)
storage_device.get_uuid = mock.Mock(
return_value='0815'
)
storage_device.get_device = mock.Mock(
return_value='/dev/some-device'
)
storage_device.is_loop = mock.Mock(
return_value=True
)
self.luks = LuksDevice(storage_device)
@raises(KiwiLuksSetupError)
def test_create_crypto_luks_empty_passphrase(self):
self.luks.create_crypto_luks('')
@raises(KiwiLuksSetupError)
def test_create_crypto_luks_unsupported_os_options(self):
self.luks.create_crypto_luks('passphrase', 'some-os')
@patch('os.path.exists')
def test_get_device(self, mock_path):
mock_path.return_value = True
self.luks.luks_device = '/dev/mapper/luksRoot'
assert self.luks.get_device().get_device() == '/dev/mapper/luksRoot'
self.luks.luks_device = None
@patch('kiwi.storage.luks_device.Command.run')
@patch('kiwi.storage.luks_device.NamedTemporaryFile')
@patch_open
def test_create_crypto_luks(self, mock_open, mock_tmpfile, mock_command):
tmpfile = mock.Mock()
tmpfile.name = 'tmpfile'
mock_tmpfile.return_value = tmpfile
self.luks.create_crypto_luks('passphrase', 'sle12')
assert mock_command.call_args_list == [
call([
'dd', 'if=/dev/urandom', 'bs=1M', 'count=1',
'of=/dev/some-device'
]),
call([
'cryptsetup', '-q', '--key-file', 'tmpfile',
'--cipher', 'aes-xts-plain64',
'--key-size', '256', '--hash', 'sha1',
'luksFormat', '/dev/some-device'
]),
call([
'cryptsetup', '--key-file', 'tmpfile', 'luksOpen',
'/dev/some-device', 'luksRoot'
])
]
self.luks.luks_device = None
@patch_open
def test_create_crypttab(self, mock_open):
self.luks.luks_device = '/dev/mapper/luksRoot'
context_manager_mock = mock.Mock()
mock_open.return_value = context_manager_mock
file_mock = mock.Mock()
enter_mock = mock.Mock()
exit_mock = mock.Mock()
enter_mock.return_value = file_mock
setattr(context_manager_mock, '__enter__', enter_mock)
setattr(context_manager_mock, '__exit__', exit_mock)
self.luks.create_crypttab('crypttab')
file_mock.write.assert_called_once_with('luks UUID=0815\n')
self.luks.luks_device = None
def test_is_loop(self):
assert self.luks.is_loop() is True
@patch('kiwi.storage.luks_device.Command.run')
@patch('kiwi.storage.luks_device.log.warning')
def test_destructor(self, mock_log_warn, mock_command):
self.luks.luks_device = '/dev/mapper/luksRoot'
mock_command.side_effect = Exception
self.luks.__del__()
mock_command.assert_called_once_with(
['cryptsetup', 'luksClose', 'luksRoot']
)
assert mock_log_warn.called
self.luks.luks_device = None