3 # Copyright (C) 2017 Red Hat Inc.
5 # Redistribution and use in source and binary forms, with or without
6 # modification, are permitted provided that the following conditions are
9 # * Redistributions of source code must retain the above copyright
10 # notice, this list of conditions and the following disclaimer.
12 # * Redistributions in binary form must reproduce the above copyright
13 # notice, this list of conditions and the following disclaimer in the
14 # documentation and/or other materials provided with the distribution.
16 # * Neither the name of Red Hat nor the names of its contributors may be
17 # used to endorse or promote products derived from this software without
18 # specific prior written permission.
20 # THIS SOFTWARE IS PROVIDED BY RED HAT AND CONTRIBUTORS ''AS IS'' AND
21 # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
22 # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
23 # PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RED HAT OR
24 # CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
25 # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
26 # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
27 # USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
28 # ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
29 # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
30 # OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
38 requires qemu-img
--version
40 if ! qemu-img
--help |
grep -- --object; then
41 echo "$0: 'qemu-img' command does not have the --object option"
45 # Does the nbdkit binary support TLS?
46 if ! nbdkit
--dump-config |
grep -sq tls
=yes; then
47 echo "$0: nbdkit built without TLS support"
51 # Did we create the PKI files?
52 # Probably 'certtool' is missing.
54 if [ ! -f "$pkidir/ca-cert.pem" ]; then
55 echo "$0: PKI files were not created by the test harness"
59 # Unfortunately qemu cannot do TLS over a Unix domain socket (nbdkit
60 # probably can, although it is not tested). Find an unused port to
62 for port
in {50000.
.65535}; do
63 if ! ss
-ltn |
grep -sqE ":$port\b"; then break; fi
65 echo picked unused port
$port
67 cleanup_fn
rm -f tls.pid tls.out
68 start_nbdkit
-P tls.pid
-p $port -n --tls=require \
69 --tls-certificates="$pkidir" example1
71 # Run qemu-img against the server.
74 --object "tls-creds-x509,id=tls0,endpoint=client,dir=$pkidir" \
75 --image-opts "file.driver=nbd,file.host=localhost,file.port=$port,file.tls-creds=tls0" > tls.out
79 grep -sq "^file format: raw" tls.out
80 grep -sq "^virtual size: 100M" tls.out