forked from rhinstaller/kickstart-tests
-
Notifications
You must be signed in to change notification settings - Fork 0
/
autopart-luks-5.ks.in
58 lines (42 loc) · 1.42 KB
/
autopart-luks-5.ks.in
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
#test name: autopart-luks-5
%ksappend repos/default.ks
network --bootproto=dhcp
bootloader --timeout=1
zerombr
clearpart --all --initlabel
# Test LUKS 2 with argon2id and limited time.
autopart --type=lvm --encrypted --passphrase="passphrase" --luks-version=luks2 --pbkdf=argon2id --pbkdf-iterations=4 --pbkdf-memory=64
keyboard us
lang en
timezone America/New_York
rootpw qweqwe
shutdown
%packages
%end
%post
# Find the LUKS device.
crypted="$(blkid --match-token TYPE="crypto_LUKS" --output device)"
if [[ $? != 0 ]] ; then
echo "*** couldn't find a LUKS device" > /root/RESULT
exit 1
fi
# Check the PBKDF of the LUKS device.
result="$(cryptsetup luksDump ${crypted} | awk '{ if ($1 == "PBKDF:") print $2; }' )"
if [[ "$result" != "argon2id" ]] ; then
echo "*** unexpected PBKDF for ${crypted}: ${result}" >> /root/RESULT
fi
# Check the iterations of the LUKS device.
result="$(cryptsetup luksDump ${crypted} | awk '{ if ($1 == "Time" && $2 == "cost:") print $3; }' )"
if [[ "$result" != "4" ]] ; then
echo "*** unexpected iterations for ${crypted}: ${result}" >> /root/RESULT
fi
# Check the memory of the LUKS device.
result="$(cryptsetup luksDump ${crypted} | awk '{ if ($1 == "Memory:") print $2; }' )"
if [[ "$result" != "64" ]] ; then
echo "*** unexpected memory for ${crypted}: ${result}" >> /root/RESULT
fi
# The test was successful.
if [ ! -e /root/RESULT ]; then
echo SUCCESS > /root/RESULT
fi
%end