File: t_unlock.sh

package info (click to toggle)
fscrypt 0.3.5-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 1,064 kB
  • sloc: sh: 970; makefile: 159; ansic: 84
file content (82 lines) | stat: -rwxr-xr-x 2,575 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
 
#!/bin/bash

# Test unlocking a directory.

cd "$(dirname "$0")"
. common.sh

dir="$MNT/dir"
mkdir "$dir"

_print_header "Encrypt directory with --skip-unlock"
echo hunter2 | fscrypt encrypt --quiet --name=prot --skip-unlock "$dir"
_print_header "=> Check dir status"
fscrypt status "$dir"
_expect_failure "touch '$dir/file'"
policy=$(fscrypt status "$dir" | awk '/Policy:/{print $2}')
_print_header "=> Get policy status via mount:"
fscrypt status "$MNT" | grep "^$policy"

_print_header "Unlock directory"
echo hunter2 | fscrypt unlock "$dir"
_print_header "=> Check dir status"
fscrypt status "$dir"
echo contents > "$dir/file"
_print_header "=> Get policy status via mount:"
fscrypt status "$MNT" | grep "^$policy"

_print_header "Lock by cycling mount"
umount "$MNT"
mount "$DEV" "$MNT"
_print_header "=> Check dir status"
fscrypt status "$dir"
_expect_failure "mkdir '$dir/subdir'"
_print_header "=> Get policy status via mount:"
fscrypt status "$MNT" | grep "^$policy"

_print_header "Try to unlock with wrong passphrase"
_expect_failure "echo bad | fscrypt unlock --quiet '$dir'"
fscrypt status "$dir"

_print_header "Unlock directory"
echo hunter2 | fscrypt unlock "$dir"
_print_header "=> Check dir status"
fscrypt status "$dir"
cat "$dir/file"
_print_header "=> Get policy status via mount:"
fscrypt status "$MNT" | grep "^$policy"

_print_header "Try to unlock with corrupt policy metadata"
umount "$MNT"
mount "$DEV" "$MNT"
echo bad > "$MNT/.fscrypt/policies/$policy"
_expect_failure "echo hunter2 | fscrypt unlock '$dir'"

_reset_filesystems

_print_header "Try to unlock with missing policy metadata"
mkdir "$dir"
echo hunter2 | fscrypt encrypt --quiet --name=prot --skip-unlock "$dir"
rm "$MNT"/.fscrypt/policies/*
_expect_failure "echo hunter2 | fscrypt unlock '$dir'"

_reset_filesystems

_print_header "Try to unlock with missing protector metadata"
mkdir "$dir"
echo hunter2 | fscrypt encrypt --quiet --name=prot --skip-unlock "$dir"
rm "$MNT"/.fscrypt/protectors/*
_expect_failure "echo hunter2 | fscrypt unlock '$dir'"

_print_header "Try to unlock with wrong policy metadata"
_reset_filesystems
mkdir "$MNT/dir1"
mkdir "$MNT/dir2"
echo hunter2 | fscrypt encrypt --quiet --name=dir1 --skip-unlock "$MNT/dir1"
echo hunter2 | fscrypt encrypt --quiet --name=dir2 --skip-unlock "$MNT/dir2"
policy1=$(find "$MNT/.fscrypt/policies/" -type f | head -1)
policy2=$(find "$MNT/.fscrypt/policies/" -type f | tail -1)
mv "$policy1" "$TMPDIR/policy"
mv "$policy2" "$policy1"
mv "$TMPDIR/policy" "$policy2"
_expect_failure "echo hunter2 | fscrypt unlock '$MNT/dir1'"