From: Eric Biggers <ebiggers@google.com>
Date: Mon, 1 Jul 2019 17:12:55 +0000 (-0700)
Subject: common/encrypt: check that contents encryption is usable
X-Git-Tag: v2022.05.01~1108
X-Git-Url: http://git.apps.os.sepia.ceph.com/?p=xfstests-dev.git;a=commitdiff_plain;h=3eb73bbda3b596b000eddafceddcea8416b9ed27

common/encrypt: check that contents encryption is usable

In _require_encryption_policy_support(), when checking whether the
encryption policy is usable, try creating a nonempty file rather
than an empty one.  This ensures that both the contents and
filenames encryption modes are available, rather than just the
filenames mode.

On f2fs this makes generic/549 be correctly skipped, rather than
failed, when run on a kernel built from the latest fscrypt.git tree
with CONFIG_CRYPTO_SHA256=n.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Eryu Guan <guaneryu@gmail.com>
Signed-off-by: Eryu Guan <guaneryu@gmail.com>
---

diff --git a/common/encrypt b/common/encrypt
index 13098d7f..06a56ed9 100644
--- a/common/encrypt
+++ b/common/encrypt
@@ -98,7 +98,9 @@ _require_encryption_policy_support()
 	# without kernel crypto API support.  E.g. a policy using Adiantum
 	# encryption can be set on a kernel without CONFIG_CRYPTO_ADIANTUM.
 	# But actually trying to use such an encrypted directory will fail.
-	if ! touch $dir/file; then
+	# To reliably check for availability of both the contents and filenames
+	# encryption modes, try creating a nonempty file.
+	if ! echo foo > $dir/file; then
 		_notrun "encryption policy '$set_encpolicy_args' is unusable; probably missing kernel crypto API support"
 	fi
 	$KEYCTL_PROG clear @s