diff options
| author | Eric Biggers <ebiggers@google.com> | 2020-05-09 15:15:12 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-05-09 15:15:12 -0700 |
| commit | 338347ac4766f899fdc471d57f293798ff0e6c29 (patch) | |
| tree | 8f5c0969a49a396d60c33a324834d92d9911a240 /cli-tests/README.md | |
| parent | 1aef2541a434bd9e88ebd52be72f13d56c5ef748 (diff) | |
| parent | e68d65c440125ff1e47627abf1fc5a97f700d38d (diff) | |
Merge pull request #218 from ebiggers/cli-tests
Add tests for command-line interface
Add tests that directly test the fscrypt command-line tool.
See cli-tests/README.md for information about the test framework.
The following test scripts are included:
* t_change_passphrase
* t_encrypt_custom
* t_encrypt_login
* t_encrypt_raw_key
* t_encrypt
* t_lock
* t_not_enabled
* t_not_supported
* t_passphrase_hashing
* t_setup
* t_status
* t_unlock
* t_v1_policy_fs_keyring
* t_v1_policy
Unfortunately, we can't actually make Travis CI run these tests yet because they need kernel v5.4 or later, and Travis CI doesn't support an Ubuntu version that has that yet. But for now, they can be run manually using make cli-test.
Diffstat (limited to 'cli-tests/README.md')
| -rw-r--r-- | cli-tests/README.md | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/cli-tests/README.md b/cli-tests/README.md new file mode 100644 index 0000000..dfcc1d0 --- /dev/null +++ b/cli-tests/README.md @@ -0,0 +1,67 @@ +# fscrypt command-line interface tests + +## Usage + +To run the command-line interface (CLI) tests for `fscrypt`, ensure +that your kernel is v5.4 or later and has `CONFIG_FS_ENCRYPTION=y`. +Also ensure that you have the following packages installed: + +* e2fsprogs +* expect +* keyutils + +Then, run: + +```shell +make cli-test +``` + +You'll need to enter your `sudo` password, as the tests require root. + +If you only want to run specific tests, run a command like: + +```shell +make && sudo cli-tests/run.sh t_encrypt t_unlock +``` + +## Updating the expected output + +When the output of `fscrypt` has intentionally changed, the test +`.out` files need to be updated. This can be done automatically by +the following command, but be sure to review the changes: + +```shell +make cli-test-update +``` + +## Writing CLI tests + +The fscrypt CLI tests are `bash` scripts named like `t_*.sh`. + +The test scripts must be executable and begin by sourcing `common.sh`. +They all run in bash "extra-strict mode" (`-e -u -o pipefail`). They +run as root and have access to the following environment: + +* `$DEV`, `$DEV_ROOT`: ext4 filesystem images with encryption enabled + +* `$MNT`, `$MNT_ROOT`: the mountpoints of the above filesystems. + Initially all filesystems are mounted and are setup for fscrypt. + Login protectors will be stored on `$MNT_ROOT`. + +* `$TMPDIR`: a temporary directory that the test may use + +* `$FSCRYPT_CONF`: location of the fscrypt.conf file. Initially this + file exists and specifies to use v2 policies with the default + settings, except password hashing is configured to be extra fast. + +* `$TEST_USER`: a non-root user that the test may use. Their password + is `TEST_USER_PASS`. + +Any output (stdout and stderr) the test prints is compared to the +corresponding `.out` file. If a difference is detected then the test +is considered to have failed. The output is first sent through some +standard filters; see `run.sh`. + +The test is also failed if it exits with nonzero status. + +See `common.sh` for utility functions the tests may use. |