Re: [PATCH v3] common/encrypt, ceph: add _require_not_encrypted test

Eric Biggers <ebiggers@xxxxxxxxxx> · Wed, 15 Dec 2021 16:45:34 -0800

On Wed, Dec 15, 2021 at 02:02:48PM -0500, Jeff Layton wrote:
> Some tests on ceph require changing the layout of new files, which is
> forbidden when the files are encrypted. Add a test that touches a file
> in $TEST_DIR and then tests it to see if it reports the
> STATX_ATTR_ENCRYPTED flag, and does a _notrun if it's present.
> 
> Also add this requirement to three ceph tests that change the layout.
> 
> Cc: Luis Henriques <lhenriques@xxxxxxx>
> Signed-off-by: Jeff Layton <jlayton@xxxxxxxxxx>
> ---
>  common/encrypt | 18 ++++++++++++++++++
>  tests/ceph/001 |  2 ++
>  tests/ceph/002 |  2 ++
>  tests/ceph/003 |  2 ++
>  4 files changed, 24 insertions(+)
> 
> v2: make ceph/001 also call _require_not_encrypted
> 
> v3: move test into common/encrypt
> 
> diff --git a/common/encrypt b/common/encrypt
> index f90c4ef05a3f..156425af40a8 100644
> --- a/common/encrypt
> +++ b/common/encrypt
> @@ -940,3 +940,21 @@ _filter_nokey_filenames()
>  	# of characters that have ever been used in such names.
>  	sed "s|${dir}${dir:+/}[A-Za-z0-9+,_-]\+|${dir}${dir:+/}NOKEY_NAME|g"
>  }
> +
> +# Some tests require that encryption not be enabled.
> +_require_not_encrypted()
> +{
> +	local target=$TEST_DIR/require_not_encrypted.$$
> +	local ret=0
> +
> +	#
> +	# The top-level directory mounted with test_dummy_encryption is not
> +	# itself encrypted. Only new files and directories created under it
> +	# are.
> +	touch $target
> +	local attrs=$($XFS_IO_PROG -c 'statx -r' $target | awk '/stat.attributes / { print $3 }')
> +	rm -f $target
> +
> +	# STATX_ATTR_ENCRYPTED == 0x800
> +	[ $(( attrs & 0x800 )) -eq 0 ] || _notrun "Filesystem is encrypted"
> +}

Did you consider instead skipping the test if the mount options contain
test_dummy_encryption?  That's the way that the encryption tests currently
detect that they shouldn't run (since the automatic encryption caused by
test_dummy_encryption would interfere with them); see
_require_scratch_encryption().  What you've done here will work too, but it
might make sense to check for test_dummy_encryption the same way in both places.

- Eric