Re: [PATCH 15/19] iotests: qemu-img tests for luks key management

2020-06-30 Thread Maxim Levitsky 
On Tue, 2020-06-30 at 10:56 +0200, Max Reitz wrote:
> On 29.06.20 14:05, Maxim Levitsky wrote:
> > On Thu, 2020-06-25 at 14:55 +0200, Max Reitz wrote:
> > > From: Maxim Levitsky 
> > > 
> > > This commit adds two tests, which test the new amend interface
> > > of both luks raw images and qcow2 luks encrypted images.
> > > 
> > > Signed-off-by: Maxim Levitsky 
> > > Reviewed-by: Daniel P. Berrangé 
> > > [mreitz: Let 293 verify that LUKS works; drop $(seq) usage from 293;
> > >  drop 293 and 294 from the auto group]
> > > Signed-off-by: Max Reitz 
> > > ---
> > >  tests/qemu-iotests/293 | 208 +
> > >  tests/qemu-iotests/293.out |  99 ++
> > >  tests/qemu-iotests/294 |  90 
> > >  tests/qemu-iotests/294.out |  30 ++
> > >  tests/qemu-iotests/group   |   2 +
> > >  5 files changed, 429 insertions(+)
> > >  create mode 100755 tests/qemu-iotests/293
> > >  create mode 100644 tests/qemu-iotests/293.out
> > >  create mode 100755 tests/qemu-iotests/294
> > >  create mode 100644 tests/qemu-iotests/294.out
> 
> [...]
> 
> > > diff --git a/tests/qemu-iotests/group b/tests/qemu-iotests/group
> > > index d886fa0cb3..b945dd4f20 100644
> > > --- a/tests/qemu-iotests/group
> > > +++ b/tests/qemu-iotests/group
> > > @@ -301,4 +301,6 @@
> > >  290 rw auto quick
> > >  291 rw quick
> > >  292 rw auto quick
> > > +293 rw
> > > +294 rw quick
> > >  297 meta
> > 
> > I guess now we can add these to 'auto' group?
> 
> Have you run them on all platforms?  I haven’t.
Me neither.
> 
> (I have run the openbsd build, but I’m not even sure I had these tests
> in auto at that point.  And that build takes a really long time.)
> 
> All in all, I don’t think I ever want to add a test to auto again,
> unless it’s done in a specific patch where the author guarantees they
> tested it everywhere.
If we look at this at this angle, it makes sense.
I fully agreee.

Best regards,
Maxim Levitsky

> 
> Max
>

Re: [PATCH 15/19] iotests: qemu-img tests for luks key management

2020-06-30 Thread Max Reitz 
On 29.06.20 14:05, Maxim Levitsky wrote:
> On Thu, 2020-06-25 at 14:55 +0200, Max Reitz wrote:
>> From: Maxim Levitsky 
>>
>> This commit adds two tests, which test the new amend interface
>> of both luks raw images and qcow2 luks encrypted images.
>>
>> Signed-off-by: Maxim Levitsky 
>> Reviewed-by: Daniel P. Berrangé 
>> [mreitz: Let 293 verify that LUKS works; drop $(seq) usage from 293;
>>  drop 293 and 294 from the auto group]
>> Signed-off-by: Max Reitz 
>> ---
>>  tests/qemu-iotests/293 | 208 +
>>  tests/qemu-iotests/293.out |  99 ++
>>  tests/qemu-iotests/294 |  90 
>>  tests/qemu-iotests/294.out |  30 ++
>>  tests/qemu-iotests/group   |   2 +
>>  5 files changed, 429 insertions(+)
>>  create mode 100755 tests/qemu-iotests/293
>>  create mode 100644 tests/qemu-iotests/293.out
>>  create mode 100755 tests/qemu-iotests/294
>>  create mode 100644 tests/qemu-iotests/294.out

[...]

>> diff --git a/tests/qemu-iotests/group b/tests/qemu-iotests/group
>> index d886fa0cb3..b945dd4f20 100644
>> --- a/tests/qemu-iotests/group
>> +++ b/tests/qemu-iotests/group
>> @@ -301,4 +301,6 @@
>>  290 rw auto quick
>>  291 rw quick
>>  292 rw auto quick
>> +293 rw
>> +294 rw quick
>>  297 meta
> 
> I guess now we can add these to 'auto' group?

Have you run them on all platforms?  I haven’t.

(I have run the openbsd build, but I’m not even sure I had these tests
in auto at that point.  And that build takes a really long time.)

All in all, I don’t think I ever want to add a test to auto again,
unless it’s done in a specific patch where the author guarantees they
tested it everywhere.

Max



signature.asc
Description: OpenPGP digital signature

Re: [PATCH 15/19] iotests: qemu-img tests for luks key management

2020-06-29 Thread Maxim Levitsky 
On Thu, 2020-06-25 at 14:55 +0200, Max Reitz wrote:
> From: Maxim Levitsky 
> 
> This commit adds two tests, which test the new amend interface
> of both luks raw images and qcow2 luks encrypted images.
> 
> Signed-off-by: Maxim Levitsky 
> Reviewed-by: Daniel P. Berrangé 
> [mreitz: Let 293 verify that LUKS works; drop $(seq) usage from 293;
>  drop 293 and 294 from the auto group]
> Signed-off-by: Max Reitz 
> ---
>  tests/qemu-iotests/293 | 208 +
>  tests/qemu-iotests/293.out |  99 ++
>  tests/qemu-iotests/294 |  90 
>  tests/qemu-iotests/294.out |  30 ++
>  tests/qemu-iotests/group   |   2 +
>  5 files changed, 429 insertions(+)
>  create mode 100755 tests/qemu-iotests/293
>  create mode 100644 tests/qemu-iotests/293.out
>  create mode 100755 tests/qemu-iotests/294
>  create mode 100644 tests/qemu-iotests/294.out
> 
> diff --git a/tests/qemu-iotests/293 b/tests/qemu-iotests/293
> new file mode 100755
> index 00..f86fe3b413
> --- /dev/null
> +++ b/tests/qemu-iotests/293
> @@ -0,0 +1,208 @@
> +#!/usr/bin/env bash
> +#
> +# Test encryption key management with luks
> +# Based on 134
> +#
> +# Copyright (C) 2019 Red Hat, Inc.
> +#
> +# This program is free software; you can redistribute it and/or modify
> +# it under the terms of the GNU General Public License as published by
> +# the Free Software Foundation; either version 2 of the License, or
> +# (at your option) any later version.
> +#
> +# This program is distributed in the hope that it will be useful,
> +# but WITHOUT ANY WARRANTY; without even the implied warranty of
> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> +# GNU General Public License for more details.
> +#
> +# You should have received a copy of the GNU General Public License
> +# along with this program.  If not, see ;.
> +#
> +
> +# creator
> +owner=mlevi...@redhat.com
> +
> +seq=`basename $0`
> +echo "QA output created by $seq"
> +
> +status=1 # failure is the default!
> +
> +_cleanup()
> +{
> + _cleanup_test_img
> +}
> +trap "_cleanup; exit \$status" 0 1 2 3 15
> +
> +# get standard environment, filters and checks
> +. ./common.rc
> +. ./common.filter
> +
> +_supported_fmt qcow2 luks
> +_supported_proto file #TODO
> +_require_working_luks
> +
> +QEMU_IO_OPTIONS=$QEMU_IO_OPTIONS_NO_FMT
> +
> +if [ "$IMGFMT" = "qcow2" ] ; then
> + PR="encrypt."
> + EXTRA_IMG_ARGS="-o encrypt.format=luks"
> +fi
> +
> +
> +# secrets: you are supposed to see the password as ***, see :-)
> +S0="--object secret,id=sec0,data=hunter0"
> +S1="--object secret,id=sec1,data=hunter1"
> +S2="--object secret,id=sec2,data=hunter2"
> +S3="--object secret,id=sec3,data=hunter3"
> +S4="--object secret,id=sec4,data=hunter4"
> +SECRETS="$S0 $S1 $S2 $S3 $S4"
> +
> +# image with given secret
> +IMGS0="--image-opts 
> driver=$IMGFMT,file.filename=$TEST_IMG,${PR}key-secret=sec0"
> +IMGS1="--image-opts 
> driver=$IMGFMT,file.filename=$TEST_IMG,${PR}key-secret=sec1"
> +IMGS2="--image-opts 
> driver=$IMGFMT,file.filename=$TEST_IMG,${PR}key-secret=sec2"
> +IMGS3="--image-opts 
> driver=$IMGFMT,file.filename=$TEST_IMG,${PR}key-secret=sec3"
> +IMGS4="--image-opts 
> driver=$IMGFMT,file.filename=$TEST_IMG,${PR}key-secret=sec4"
> +
> +
> +echo "== creating a test image =="
> +_make_test_img $S0 $EXTRA_IMG_ARGS -o ${PR}key-secret=sec0,${PR}iter-time=10 
> 32M
> +
> +echo
> +echo "== test that key 0 opens the image =="
> +$QEMU_IO $S0 -c "read 0 4096" $IMGS0 | _filter_qemu_io | _filter_testdir
> +
> +echo
> +echo "== adding a password to slot 4 =="
> +$QEMU_IMG amend $SECRETS $IMGS0 -o 
> ${PR}state=active,${PR}new-secret=sec4,${PR}iter-time=10,${PR}keyslot=4
> +echo "== adding a password to slot 1 =="
> +$QEMU_IMG amend $SECRETS $IMGS0 -o 
> ${PR}state=active,${PR}new-secret=sec1,${PR}iter-time=10
> +echo "== adding a password to slot 3 =="
> +$QEMU_IMG amend $SECRETS $IMGS1 -o 
> ${PR}state=active,${PR}new-secret=sec3,${PR}iter-time=10,${PR}keyslot=3
> +
> +echo "== adding a password to slot 2 =="
> +$QEMU_IMG amend $SECRETS $IMGS3 -o 
> ${PR}state=active,${PR}new-secret=sec2,${PR}iter-time=10
> +
> +
> +echo "== erase slot 4 =="
> +$QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}state=inactive,${PR}keyslot=4 | 
> _filter_img_create
> +
> +
> +echo
> +echo "== all secrets should work =="
> +for IMG in "$IMGS0" "$IMGS1" "$IMGS2" "$IMGS3"; do
> + $QEMU_IO $SECRETS -c "read 0 4096" $IMG | _filter_qemu_io | 
> _filter_testdir
> +done
> +
> +echo
> +echo "== erase slot 0 and try it =="
> +$QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}state=inactive,${PR}old-secret=sec0 
> | _filter_img_create
> +$QEMU_IO $SECRETS -c "read 0 4096" $IMGS0 | _filter_qemu_io | _filter_testdir
> +
> +echo
> +echo "== erase slot 2 and try it =="
> +$QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}state=inactive,${PR}keyslot=2 | 
> _filter_img_create
> +$QEMU_IO $SECRETS -c "read 0 4096" $IMGS2 | _filter_qemu_io | _filt

[PATCH 15/19] iotests: qemu-img tests for luks key management

2020-06-25 Thread Max Reitz 
From: Maxim Levitsky 

This commit adds two tests, which test the new amend interface
of both luks raw images and qcow2 luks encrypted images.

Signed-off-by: Maxim Levitsky 
Reviewed-by: Daniel P. Berrangé 
[mreitz: Let 293 verify that LUKS works; drop $(seq) usage from 293;
 drop 293 and 294 from the auto group]
Signed-off-by: Max Reitz 
---
 tests/qemu-iotests/293 | 208 +
 tests/qemu-iotests/293.out |  99 ++
 tests/qemu-iotests/294 |  90 
 tests/qemu-iotests/294.out |  30 ++
 tests/qemu-iotests/group   |   2 +
 5 files changed, 429 insertions(+)
 create mode 100755 tests/qemu-iotests/293
 create mode 100644 tests/qemu-iotests/293.out
 create mode 100755 tests/qemu-iotests/294
 create mode 100644 tests/qemu-iotests/294.out

diff --git a/tests/qemu-iotests/293 b/tests/qemu-iotests/293
new file mode 100755
index 00..f86fe3b413
--- /dev/null
+++ b/tests/qemu-iotests/293
@@ -0,0 +1,208 @@
+#!/usr/bin/env bash
+#
+# Test encryption key management with luks
+# Based on 134
+#
+# Copyright (C) 2019 Red Hat, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+#
+
+# creator
+owner=mlevi...@redhat.com
+
+seq=`basename $0`
+echo "QA output created by $seq"
+
+status=1   # failure is the default!
+
+_cleanup()
+{
+   _cleanup_test_img
+}
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+# get standard environment, filters and checks
+. ./common.rc
+. ./common.filter
+
+_supported_fmt qcow2 luks
+_supported_proto file #TODO
+_require_working_luks
+
+QEMU_IO_OPTIONS=$QEMU_IO_OPTIONS_NO_FMT
+
+if [ "$IMGFMT" = "qcow2" ] ; then
+   PR="encrypt."
+   EXTRA_IMG_ARGS="-o encrypt.format=luks"
+fi
+
+
+# secrets: you are supposed to see the password as ***, see :-)
+S0="--object secret,id=sec0,data=hunter0"
+S1="--object secret,id=sec1,data=hunter1"
+S2="--object secret,id=sec2,data=hunter2"
+S3="--object secret,id=sec3,data=hunter3"
+S4="--object secret,id=sec4,data=hunter4"
+SECRETS="$S0 $S1 $S2 $S3 $S4"
+
+# image with given secret
+IMGS0="--image-opts 
driver=$IMGFMT,file.filename=$TEST_IMG,${PR}key-secret=sec0"
+IMGS1="--image-opts 
driver=$IMGFMT,file.filename=$TEST_IMG,${PR}key-secret=sec1"
+IMGS2="--image-opts 
driver=$IMGFMT,file.filename=$TEST_IMG,${PR}key-secret=sec2"
+IMGS3="--image-opts 
driver=$IMGFMT,file.filename=$TEST_IMG,${PR}key-secret=sec3"
+IMGS4="--image-opts 
driver=$IMGFMT,file.filename=$TEST_IMG,${PR}key-secret=sec4"
+
+
+echo "== creating a test image =="
+_make_test_img $S0 $EXTRA_IMG_ARGS -o ${PR}key-secret=sec0,${PR}iter-time=10 
32M
+
+echo
+echo "== test that key 0 opens the image =="
+$QEMU_IO $S0 -c "read 0 4096" $IMGS0 | _filter_qemu_io | _filter_testdir
+
+echo
+echo "== adding a password to slot 4 =="
+$QEMU_IMG amend $SECRETS $IMGS0 -o 
${PR}state=active,${PR}new-secret=sec4,${PR}iter-time=10,${PR}keyslot=4
+echo "== adding a password to slot 1 =="
+$QEMU_IMG amend $SECRETS $IMGS0 -o 
${PR}state=active,${PR}new-secret=sec1,${PR}iter-time=10
+echo "== adding a password to slot 3 =="
+$QEMU_IMG amend $SECRETS $IMGS1 -o 
${PR}state=active,${PR}new-secret=sec3,${PR}iter-time=10,${PR}keyslot=3
+
+echo "== adding a password to slot 2 =="
+$QEMU_IMG amend $SECRETS $IMGS3 -o 
${PR}state=active,${PR}new-secret=sec2,${PR}iter-time=10
+
+
+echo "== erase slot 4 =="
+$QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}state=inactive,${PR}keyslot=4 | 
_filter_img_create
+
+
+echo
+echo "== all secrets should work =="
+for IMG in "$IMGS0" "$IMGS1" "$IMGS2" "$IMGS3"; do
+   $QEMU_IO $SECRETS -c "read 0 4096" $IMG | _filter_qemu_io | 
_filter_testdir
+done
+
+echo
+echo "== erase slot 0 and try it =="
+$QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}state=inactive,${PR}old-secret=sec0 | 
_filter_img_create
+$QEMU_IO $SECRETS -c "read 0 4096" $IMGS0 | _filter_qemu_io | _filter_testdir
+
+echo
+echo "== erase slot 2 and try it =="
+$QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}state=inactive,${PR}keyslot=2 | 
_filter_img_create
+$QEMU_IO $SECRETS -c "read 0 4096" $IMGS2 | _filter_qemu_io | _filter_testdir
+
+
+# at this point slots 1 and 3 should be active
+
+echo
+echo "== filling  4 slots with secret 2 =="
+for ((i = 0; i < 4; i++)); do
+   $QEMU_IMG amend $SECRETS $IMGS3 -o 
${PR}state=active,${PR}new-secret=sec2,${PR}iter-time=10
+done
+
+echo
+echo "== adding secret 0 =="
+   $QEMU_IMG amend $SECRETS $IMGS3 -o 
$