#!/usr/bin/env bats # Unit tests for encryption-validation.sh hook # Reference: PRD.md FR-001 (Full Disk Encryption) @test "encryption-validation.sh exists and is executable" { [ -f "/workspace/config/hooks/installed/encryption-validation.sh" ] [ -x "/workspace/config/hooks/installed/encryption-validation.sh" ] } @test "Validation checks for LUKS2 format" { grep -q "LUKS\|luks" /workspace/config/hooks/installed/encryption-validation.sh } @test "Validation checks for encryption status" { grep -q "crypt\|Crypt" /workspace/config/hooks/installed/encryption-validation.sh } @test "Validation script uses set -e for error handling" { grep -q "set -e" /workspace/config/hooks/installed/encryption-validation.sh } # ============================================================================= # USERNAME CONSISTENCY (FINDING-008) # ============================================================================= @test "Username 'football' is consistent across all hook files" { # preseed.cfg creates user 'football', hooks should reference same username run grep -r "kneluser" /workspace/config/hooks/ [ "$status" -ne 0 ] } @test "Username in preseed.cfg is 'football'" { grep -q "passwd/username string football" /workspace/config/includes.installer/preseed.cfg } @test "encryption-validation.sh uses correct username 'football'" { # Should NOT reference 'kneluser' ! grep -q "kneluser" /workspace/config/hooks/installed/encryption-validation.sh } @test "usb-automount.sh uses correct username 'football'" { # Should NOT reference 'kneluser' ! grep -q "kneluser" /workspace/config/hooks/live/usb-automount.sh } @test "install-scripts.sh uses correct username 'football'" { # Should NOT reference 'kneluser' ! grep -q "kneluser" /workspace/config/hooks/installed/install-scripts.sh } # ============================================================================= # ENCRYPTION PARAMETER VALIDATION (FINDING-007) # ============================================================================= # Tests for preseed.cfg encryption configuration @test "preseed.cfg configures AES-XTS-PLAIN64 cipher" { grep -q "partman-crypto/cipher aes-xts-plain64" /workspace/config/includes.installer/preseed.cfg || \ grep -q "partman-crypto/cipher string aes-xts-plain64" /workspace/config/includes.installer/preseed.cfg } @test "preseed.cfg configures 512-bit keysize" { grep -q "partman-crypto/keysize 512" /workspace/config/includes.installer/preseed.cfg || \ grep -q "partman-crypto/keysize string 512" /workspace/config/includes.installer/preseed.cfg } @test "preseed.cfg enables LUKS2 format" { grep -q "partman-crypto/use-luks2 boolean true" /workspace/config/includes.installer/preseed.cfg } @test "preseed.cfg enables crypto method for full disk encryption" { grep -q "partman-auto/method string crypto" /workspace/config/includes.installer/preseed.cfg } @test "preseed.cfg enables secure disk erasure" { grep -q "partman-crypto/erase_disks_secure boolean true" /workspace/config/includes.installer/preseed.cfg } # Tests for encryption-setup.sh proper configuration @test "encryption-setup.sh configures cipher in crypttab" { grep -q "cipher=aes-xts-plain64" /workspace/config/hooks/installed/encryption-setup.sh } @test "encryption-setup.sh configures key-size in crypttab" { grep -q "key-size=512" /workspace/config/hooks/installed/encryption-setup.sh } @test "encryption-setup.sh includes dm_crypt module" { grep -q "dm_crypt" /workspace/config/hooks/installed/encryption-setup.sh } @test "encryption-setup.sh includes aes_xts module" { grep -q "aes_xts" /workspace/config/hooks/installed/encryption-setup.sh } @test "encryption-setup.sh configures LUKS2 type" { grep -q "luks2\|--type luks2" /workspace/config/hooks/installed/encryption-setup.sh } # Tests for encryption documentation accuracy @test "README documents AES-256-XTS cipher" { grep -q "AES-256-XTS" /workspace/config/hooks/installed/encryption-setup.sh } @test "README documents 512-bit key size" { grep -q "512 bits\|Key Size: 512" /workspace/config/hooks/installed/encryption-setup.sh } @test "README documents LUKS2 format" { grep -q "Format: LUKS2\|LUKS2" /workspace/config/hooks/installed/encryption-setup.sh } @test "README documents SHA-512 hash" { grep -q "SHA-512\|Hash: SHA-512" /workspace/config/hooks/installed/encryption-setup.sh } # Integration tests - consistency checks @test "Cipher configuration is consistent between preseed and encryption-setup" { # Both should reference aes-xts grep -q "aes-xts" /workspace/config/includes.installer/preseed.cfg grep -q "aes-xts" /workspace/config/hooks/installed/encryption-setup.sh } @test "Keysize configuration is consistent between preseed and encryption-setup" { # Both should reference 512-bit key grep -q "512" /workspace/config/includes.installer/preseed.cfg grep -q "512" /workspace/config/hooks/installed/encryption-setup.sh }