tests/nested/manual/muinstaller-core: add passphrase smoke test variant

Signed-off-by: Zeyad Gouda <[email protected]>
canonical · Dec 17, 2024 · 106541a · 106541a
1 parent 3efd518
commit 106541a
Showing 1 changed file with 28 additions and 1 deletion.
diff --git a/tests/nested/manual/muinstaller-core/task.yaml b/tests/nested/manual/muinstaller-core/task.yaml
@@ -14,6 +14,11 @@ environment:
   NESTED_ENABLE_TPM: true
   NESTED_ENABLE_SECURE_BOOT: true
 
+  # encrypted + passphrase auth smoke test
+  # TODO: extract a more comprehensive core24 test similar
+  # to tests/nested/manual/passphrase-support-on-hybrid.
+  PASSPHRASE/passphrase_auth: "ubuntu"
+
   # unencrypted case
   NESTED_ENABLE_TPM/plain: false
   NESTED_ENABLE_SECURE_BOOT/plain: false
@@ -60,6 +65,16 @@ execute: |
   #shellcheck source=tests/lib/nested.sh
   . "$TESTSLIB"/nested.sh
 
+  # TODO: remove this condition when passphrase support lands.
+  if [ -n "$PASSPHRASE" ]; then
+    echo "SKIPPING: passphrase support has not landed yet"
+    exit 0
+  fi
+  # if ! os.query is-noble && [ -n "$PASSPHRASE" ]; then
+  #   echo "SKIPPING: only run passphrase support variant for core24"
+  #   exit 0
+  # fi
+
   version="$(nested_get_version)"
 
   # Retrieve the gadget
@@ -109,6 +124,9 @@ execute: |
   snap pack ./snap-with-comps --filename=snap-with-comps.snap
   snap pack ./comp1 --filename=snap-with-comps+comp1.comp
 
+  # TODO: refactor preparation/hacks in a reusable script
+  # similar to setup_nested_hybrid_system.sh
+
   # prepare a core seed
   SEED_DIR="core-seed"
   wget -q https://raw.githubusercontent.com/snapcore/models/master/ubuntu-core-"$version"-amd64-dangerous.model -O my.model
@@ -231,6 +249,11 @@ execute: |
     remote.push optional-install.json
     muinstaller_args="$muinstaller_args -optional ./optional-install.json"
   fi
+  if [ -n "$PASSPHRASE" ]; then
+    # pbkdf2 is used because it is less memory intensive than in
+    # process argon2i* variants.
+    muinstaller_args="$muinstaller_args -passphrase $PASSPHRASE --kdf-type pbkdf2"
+  fi
 
   remote.exec "sudo muinstaller $muinstaller_args"
 
@@ -246,7 +269,11 @@ execute: |
   mv fake-disk.img "$NESTED_IMAGES_DIR/$IMAGE_NAME"
 
   # Start installed image
-  tests.nested create-vm core --keep-firmware-state
+  if [ -n "$PASSPHRASE" ]; then
+    tests.nested create-vm core --keep-firmware-state --expect-passphrase "$PASSPHRASE"
+  else
+    tests.nested create-vm core --keep-firmware-state
+  fi
 
   # things look fine
   remote.exec "cat /etc/os-release" | MATCH 'NAME="Ubuntu Core"'