Merge pull request #218 from ebiggers/cli-tests

Add tests for command-line interface

Add tests that directly test the fscrypt command-line tool.

See cli-tests/README.md for information about the test framework.

The following test scripts are included:

* t_change_passphrase
* t_encrypt_custom
* t_encrypt_login
* t_encrypt_raw_key
* t_encrypt
* t_lock
* t_not_enabled
* t_not_supported
* t_passphrase_hashing
* t_setup
* t_status
* t_unlock
* t_v1_policy_fs_keyring
* t_v1_policy

Unfortunately, we can't actually make Travis CI run these tests yet because they need kernel v5.4 or later, and Travis CI doesn't support an Ubuntu version that has that yet. But for now, they can be run manually using make cli-test.

3 files changed, 24 insertions, 8 deletions

diff --git a/cmd/fscrypt/commands.go b/cmd/fscrypt/commands.go
index f84102e..ec75584 100644
--- a/cmd/fscrypt/commands.go
+++ b/cmd/fscrypt/commands.go
@@ -73,12 +73,13 @@ func setupAction(c *cli.Context) error {
 		if err := createGlobalConfig(c.App.Writer, actions.ConfigFileLocation); err != nil {
 			return newExitError(c, err)
 		}
-		if err := setupFilesystem(c.App.Writer, "/"); err != nil {
+		if err := setupFilesystem(c.App.Writer, actions.LoginProtectorMountpoint); err != nil {
 			if errors.Cause(err) != filesystem.ErrAlreadySetup {
 				return newExitError(c, err)
 			}
 			fmt.Fprintf(c.App.Writer,
-				"Skipping creating /.fscrypt because it already exists.\n")
+				"Skipping creating %s because it already exists.\n",
+				filepath.Join(actions.LoginProtectorMountpoint, ".fscrypt"))
 		}
 	case 1:
 		// Case (2) - filesystem setup
diff --git a/cmd/fscrypt/fscrypt.go b/cmd/fscrypt/fscrypt.go
index e260f7f..aa5b6f4 100644
--- a/cmd/fscrypt/fscrypt.go
+++ b/cmd/fscrypt/fscrypt.go
@@ -31,6 +31,9 @@ import (
 	"os"
 
 	"github.com/urfave/cli"
+
+	"github.com/google/fscrypt/actions"
+	"github.com/google/fscrypt/filesystem"
 )
 
 // Current version of the program (set by Makefile)
@@ -41,6 +44,16 @@ func main() {
 	cli.CommandHelpTemplate = commandHelpTemplate
 	cli.SubcommandHelpTemplate = subcommandHelpTemplate
 
+	if conffile := os.Getenv("FSCRYPT_CONF"); conffile != "" {
+		actions.ConfigFileLocation = conffile
+	}
+	if rootmnt := os.Getenv("FSCRYPT_ROOT_MNT"); rootmnt != "" {
+		actions.LoginProtectorMountpoint = rootmnt
+	}
+	if consistent := os.Getenv("FSCRYPT_CONSISTENT_OUTPUT"); consistent == "1" {
+		filesystem.SortDescriptorsByLastMtime = true
+	}
+
 	// Create our command line application
 	app := cli.NewApp()
 	app.Usage = shortUsage
diff --git a/cmd/fscrypt/protector.go b/cmd/fscrypt/protector.go
index 25f1984..6d35d9e 100644
--- a/cmd/fscrypt/protector.go
+++ b/cmd/fscrypt/protector.go
@@ -51,8 +51,10 @@ func createProtectorFromContext(ctx *actions.Context) (*actions.Protector, error
 
 	// We only want to create new login protectors on the root filesystem.
 	// So we make a new context if necessary.
-	if ctx.Config.Source == metadata.SourceType_pam_passphrase && ctx.Mount.Path != "/" {
-		log.Printf("creating login protector on %q instead of %q", "/", ctx.Mount.Path)
+	if ctx.Config.Source == metadata.SourceType_pam_passphrase &&
+		ctx.Mount.Path != actions.LoginProtectorMountpoint {
+		log.Printf("creating login protector on %q instead of %q",
+			actions.LoginProtectorMountpoint, ctx.Mount.Path)
 		if ctx, err = modifiedContext(ctx); err != nil {
 			return nil, err
 		}
@@ -84,7 +86,7 @@ func expandedProtectorOptions(ctx *actions.Context) ([]*actions.ProtectorOption,
 	}
 
 	// Do nothing different if we are at the root, or cannot load the root.
-	if ctx.Mount.Path == "/" {
+	if ctx.Mount.Path == actions.LoginProtectorMountpoint {
 		return options, nil
 	}
 	if ctx, err = modifiedContext(ctx); err != nil {
@@ -117,10 +119,10 @@ func expandedProtectorOptions(ctx *actions.Context) ([]*actions.ProtectorOption,
 	return options, nil
 }
 
-// modifiedContext returns a copy of ctx with the mountpoint replaced by that of
-// the root filesystem.
+// modifiedContext returns a copy of ctx with the mountpoint replaced by
+// LoginProtectorMountpoint.
 func modifiedContext(ctx *actions.Context) (*actions.Context, error) {
-	mnt, err := filesystem.GetMount("/")
+	mnt, err := filesystem.GetMount(actions.LoginProtectorMountpoint)
 	if err != nil {
 		return nil, err
 	}