diff options
| author | Daan De Meyer <daan.j.demeyer@gmail.com> | 2024-04-25 21:59:23 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-04-25 21:59:23 +0200 |
| commit | 536b5c0748693a344695c93b983604068390db80 (patch) | |
| tree | 008c3c9dbdedf80ed620a099e5e323dea22638da /test | |
| parent | sd-daemon: Set SO_LINGER on AF_VSOCK notify socket fds (diff) | |
| parent | mkosi: Build minimal images and enable related integration tests (diff) | |
| download | systemd-536b5c0748693a344695c93b983604068390db80.tar.xz systemd-536b5c0748693a344695c93b983604068390db80.zip | |
Merge pull request #32445 from DaanDeMeyer/mkosi-images
mkosi: Build minimal images and enable related integration tests
Diffstat (limited to 'test')
| -rwxr-xr-x | test/TEST-43-PRIVATEUSER-UNPRIV/test.sh | 1 | ||||
| -rw-r--r-- | test/meson.build | 3 | ||||
| -rw-r--r-- | test/test-functions | 103 | ||||
| -rwxr-xr-x | test/units/testsuite-29.sh | 59 | ||||
| -rwxr-xr-x | test/units/testsuite-43.sh | 4 | ||||
| -rwxr-xr-x | test/units/testsuite-50.dissect.sh | 99 | ||||
| -rwxr-xr-x | test/units/testsuite-50.sh | 5 | ||||
| -rwxr-xr-x | test/units/util.sh | 120 |
8 files changed, 239 insertions, 155 deletions
diff --git a/test/TEST-43-PRIVATEUSER-UNPRIV/test.sh b/test/TEST-43-PRIVATEUSER-UNPRIV/test.sh index 1d1dab43c3..c05573595b 100755 --- a/test/TEST-43-PRIVATEUSER-UNPRIV/test.sh +++ b/test/TEST-43-PRIVATEUSER-UNPRIV/test.sh @@ -12,6 +12,7 @@ has_user_dbus_socket || exit 0 test_require_bin mksquashfs test_append_files() { + inst_binary mksquashfs inst_binary unsquashfs install_verity_minimal } diff --git a/test/meson.build b/test/meson.build index bd25e94276..f8e40fa006 100644 --- a/test/meson.build +++ b/test/meson.build @@ -338,6 +338,9 @@ integration_test_wrapper = find_program('integration-test-wrapper.py') integration_tests = { '01': 'TEST-01-BASIC', '02': 'TEST-02-UNITTESTS', + '29': 'TEST-29-PORTABLE', + '43': 'TEST-43-PRIVATEUSER-UNPRIV', + '50': 'TEST-50-DISSECT', } foreach test_number, dirname : integration_tests test_params = { diff --git a/test/test-functions b/test/test-functions index 67896fb30f..c5a7216c06 100644 --- a/test/test-functions +++ b/test/test-functions @@ -783,109 +783,6 @@ EOF mksquashfs "$initdir" "$oldinitdir/usr/share/minimal_1.raw" -noappend veritysetup format "$oldinitdir/usr/share/minimal_1.raw" "$oldinitdir/usr/share/minimal_1.verity" | \ grep '^Root hash:' | cut -f2 | tr -d '\n' >"$oldinitdir/usr/share/minimal_1.roothash" - - # Rolling distros like Arch do not set VERSION_ID - local version_id="" - if grep -q "^VERSION_ID=" "$os_release"; then - version_id="$(grep "^VERSION_ID=" "$os_release")" - fi - - export initdir="$TESTDIR/app0" - mkdir -p "$initdir/usr/lib/extension-release.d" "$initdir/usr/lib/systemd/system" "$initdir/opt" - grep "^ID=" "$os_release" >"$initdir/usr/lib/extension-release.d/extension-release.app0" - echo "${version_id}" >>"$initdir/usr/lib/extension-release.d/extension-release.app0" - ( echo "${version_id}" - echo "SYSEXT_IMAGE_ID=app" ) >>"$initdir/usr/lib/extension-release.d/extension-release.app0" - cat >"$initdir/usr/lib/systemd/system/app0.service" <<EOF -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=/opt/script0.sh -TemporaryFileSystem=/var/lib -StateDirectory=app0 -RuntimeDirectory=app0 -EOF - cat >"$initdir/opt/script0.sh" <<EOF -#!/bin/bash -set -e -test -e /usr/lib/os-release -echo bar >\${STATE_DIRECTORY}/foo -cat /usr/lib/extension-release.d/extension-release.app0 -EOF - chmod +x "$initdir/opt/script0.sh" - echo MARKER=1 >"$initdir/usr/lib/systemd/system/some_file" - mksquashfs "$initdir" "$oldinitdir/usr/share/app0.raw" -noappend - - export initdir="$TESTDIR/conf0" - mkdir -p "$initdir/etc/extension-release.d" "$initdir/etc/systemd/system" "$initdir/opt" - grep "^ID=" "$os_release" >"$initdir/etc/extension-release.d/extension-release.conf0" - echo "${version_id}" >>"$initdir/etc/extension-release.d/extension-release.conf0" - ( echo "${version_id}" - echo "CONFEXT_IMAGE_ID=app" ) >>"$initdir/etc/extension-release.d/extension-release.conf0" - echo MARKER_1 >"$initdir/etc/systemd/system/some_file" - mksquashfs "$initdir" "$oldinitdir/usr/share/conf0.raw" -noappend - - export initdir="$TESTDIR/app1" - mkdir -p "$initdir/usr/lib/extension-release.d" "$initdir/usr/lib/systemd/system" "$initdir/opt" - grep "^ID=" "$os_release" >"$initdir/usr/lib/extension-release.d/extension-release.app2" - ( echo "${version_id}" - echo "SYSEXT_SCOPE=portable" - echo "SYSEXT_IMAGE_ID=app" - echo "SYSEXT_IMAGE_VERSION=1" - echo "PORTABLE_PREFIXES=app1" ) >>"$initdir/usr/lib/extension-release.d/extension-release.app2" - setfattr -n user.extension-release.strict -v false "$initdir/usr/lib/extension-release.d/extension-release.app2" - cat >"$initdir/usr/lib/systemd/system/app1.service" <<EOF -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=/opt/script1.sh -StateDirectory=app1 -RuntimeDirectory=app1 -EOF - cat >"$initdir/opt/script1.sh" <<EOF -#!/bin/bash -set -e -test -e /usr/lib/os-release -echo baz >\${STATE_DIRECTORY}/foo -cat /usr/lib/extension-release.d/extension-release.app2 -EOF - chmod +x "$initdir/opt/script1.sh" - echo MARKER=1 >"$initdir/usr/lib/systemd/system/other_file" - mksquashfs "$initdir" "$oldinitdir/usr/share/app1.raw" -noappend - - export initdir="$TESTDIR/app-nodistro" - mkdir -p "$initdir/usr/lib/extension-release.d" "$initdir/usr/lib/systemd/system" - ( echo "ID=_any" - echo "ARCHITECTURE=_any" ) >"$initdir/usr/lib/extension-release.d/extension-release.app-nodistro" - echo MARKER=1 >"$initdir/usr/lib/systemd/system/some_file" - mksquashfs "$initdir" "$oldinitdir/usr/share/app-nodistro.raw" -noappend - - export initdir="$TESTDIR/service-scoped-test" - mkdir -p "$initdir/etc/extension-release.d" "$initdir/etc/systemd/system" - ( echo "ID=_any" - echo "ARCHITECTURE=_any" ) >"$initdir/etc/extension-release.d/extension-release.service-scoped-test" - echo MARKER_CONFEXT_123 >"$initdir/etc/systemd/system/some_file" - mksquashfs "$initdir" "$oldinitdir/etc/service-scoped-test.raw" -noappend - - # We need to create a dedicated sysext image to test the reload mechanism. If we share an image to install the - # 'foo.service' it will be loaded from another test run, which will impact the targeted test. - export initdir="$TESTDIR/app-reload" - mkdir -p "$initdir/usr/lib/extension-release.d" "$initdir/usr/lib/systemd/system" - ( echo "ID=_any" - echo "ARCHITECTURE=_any" - echo "EXTENSION_RELOAD_MANAGER=1" ) >"$initdir/usr/lib/extension-release.d/extension-release.app-reload" - mkdir -p "$initdir/usr/lib/systemd/system/multi-user.target.d" - cat >"${initdir}/usr/lib/systemd/system/foo.service" <<EOF -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=echo foo - -[Install] -WantedBy=multi-user.target -EOF - { echo "[Unit]"; echo "Upholds=foo.service"; } > "$initdir/usr/lib/systemd/system/multi-user.target.d/10-foo-service.conf" - mksquashfs "$initdir" "$oldinitdir/usr/share/app-reload.raw" -noappend ) } diff --git a/test/units/testsuite-29.sh b/test/units/testsuite-29.sh index 4c0f1ba329..27c24a0e6c 100755 --- a/test/units/testsuite-29.sh +++ b/test/units/testsuite-29.sh @@ -5,6 +5,11 @@ set -eux set -o pipefail +# shellcheck source=test/units/util.sh +. "$(dirname "$0")"/util.sh + +install_extension_images + # Set longer timeout for slower machines, e.g. non-KVM vm. mkdir -p /run/systemd/system.conf.d cat >/run/systemd/system.conf.d/10-timeout.conf <<EOF @@ -31,9 +36,9 @@ fi systemd-dissect --no-pager /usr/share/minimal_0.raw | grep -q '✓ portable service' systemd-dissect --no-pager /usr/share/minimal_1.raw | grep -q '✓ portable service' -systemd-dissect --no-pager /usr/share/app0.raw | grep -q '✓ sysext for portable service' -systemd-dissect --no-pager /usr/share/app1.raw | grep -q '✓ sysext for portable service' -systemd-dissect --no-pager /usr/share/conf0.raw | grep -q '✓ confext for portable service' +systemd-dissect --no-pager /tmp/app0.raw | grep -q '✓ sysext for portable service' +systemd-dissect --no-pager /tmp/app1.raw | grep -q '✓ sysext for portable service' +systemd-dissect --no-pager /tmp/conf0.raw | grep -q '✓ confext for portable service' export SYSTEMD_LOG_LEVEL=debug mkdir -p /run/systemd/system/systemd-portabled.service.d/ @@ -117,7 +122,7 @@ portablectl detach --now --enable --runtime /tmp/minimal_1 minimal-app0 portablectl list | grep -q -F "No images." busctl tree org.freedesktop.portable1 --no-pager | grep -q -F '/org/freedesktop/portable1/image/minimal_5f1' && exit 1 -portablectl "${ARGS[@]}" attach --now --runtime --extension /usr/share/app0.raw /usr/share/minimal_0.raw app0 +portablectl "${ARGS[@]}" attach --now --runtime --extension /tmp/app0.raw /usr/share/minimal_0.raw app0 systemctl is-active app0.service status="$(portablectl is-attached --extension app0 minimal_0)" @@ -127,7 +132,7 @@ grep -q -F "LogExtraFields=PORTABLE_ROOT=minimal_0.raw" /run/systemd/system.atta grep -q -F "LogExtraFields=PORTABLE_EXTENSION=app0.raw" /run/systemd/system.attached/app0.service.d/20-portable.conf grep -q -F "LogExtraFields=PORTABLE_EXTENSION_NAME_AND_VERSION=app" /run/systemd/system.attached/app0.service.d/20-portable.conf -portablectl "${ARGS[@]}" reattach --now --runtime --extension /usr/share/app0.raw /usr/share/minimal_1.raw app0 +portablectl "${ARGS[@]}" reattach --now --runtime --extension /tmp/app0.raw /usr/share/minimal_1.raw app0 systemctl is-active app0.service status="$(portablectl is-attached --extension app0 minimal_1)" @@ -137,12 +142,12 @@ grep -q -F "LogExtraFields=PORTABLE_ROOT=minimal_1.raw" /run/systemd/system.atta grep -q -F "LogExtraFields=PORTABLE_EXTENSION=app0.raw" /run/systemd/system.attached/app0.service.d/20-portable.conf grep -q -F "LogExtraFields=PORTABLE_EXTENSION_NAME_AND_VERSION=app" /run/systemd/system.attached/app0.service.d/20-portable.conf -portablectl detach --now --runtime --extension /usr/share/app0.raw /usr/share/minimal_1.raw app0 +portablectl detach --now --runtime --extension /tmp/app0.raw /usr/share/minimal_1.raw app0 # Ensure versioned images are accepted without needing to use --force to override the extension-release # matching -cp /usr/share/app0.raw /tmp/app0_1.0.raw +cp /tmp/app0.raw /tmp/app0_1.0.raw portablectl "${ARGS[@]}" attach --now --runtime --extension /tmp/app0_1.0.raw /usr/share/minimal_0.raw app0 systemctl is-active app0.service @@ -152,28 +157,28 @@ status="$(portablectl is-attached --extension app0_1 minimal_0)" portablectl detach --now --runtime --extension /tmp/app0_1.0.raw /usr/share/minimal_1.raw app0 rm -f /tmp/app0_1.0.raw -portablectl "${ARGS[@]}" attach --now --runtime --extension /usr/share/app1.raw /usr/share/minimal_0.raw app1 +portablectl "${ARGS[@]}" attach --now --runtime --extension /tmp/app1.raw /usr/share/minimal_0.raw app1 systemctl is-active app1.service status="$(portablectl is-attached --extension app1 minimal_0)" [[ "${status}" == "running-runtime" ]] # Ensure that adding or removing a version to the image doesn't break reattaching -cp /usr/share/app1.raw /tmp/app1_2.raw +cp /tmp/app1.raw /tmp/app1_2.raw portablectl "${ARGS[@]}" reattach --now --runtime --extension /tmp/app1_2.raw /usr/share/minimal_1.raw app1 systemctl is-active app1.service status="$(portablectl is-attached --extension app1_2 minimal_1)" [[ "${status}" == "running-runtime" ]] -portablectl "${ARGS[@]}" reattach --now --runtime --extension /usr/share/app1.raw /usr/share/minimal_1.raw app1 +portablectl "${ARGS[@]}" reattach --now --runtime --extension /tmp/app1.raw /usr/share/minimal_1.raw app1 systemctl is-active app1.service status="$(portablectl is-attached --extension app1 minimal_1)" [[ "${status}" == "running-runtime" ]] -portablectl detach --force --no-reload --runtime --extension /usr/share/app1.raw /usr/share/minimal_1.raw app1 -portablectl "${ARGS[@]}" attach --force --no-reload --runtime --extension /usr/share/app1.raw /usr/share/minimal_0.raw app1 +portablectl detach --force --no-reload --runtime --extension /tmp/app1.raw /usr/share/minimal_1.raw app1 +portablectl "${ARGS[@]}" attach --force --no-reload --runtime --extension /tmp/app1.raw /usr/share/minimal_0.raw app1 systemctl daemon-reload systemctl restart app1.service @@ -181,11 +186,11 @@ systemctl is-active app1.service status="$(portablectl is-attached --extension app1 minimal_0)" [[ "${status}" == "running-runtime" ]] -portablectl detach --now --runtime --extension /usr/share/app1.raw /usr/share/minimal_0.raw app1 +portablectl detach --now --runtime --extension /tmp/app1.raw /usr/share/minimal_0.raw app1 # Ensure vpick works, including reattaching to a new image mkdir -p /tmp/app1.v/ -cp /usr/share/app1.raw /tmp/app1.v/app1_1.0.raw +cp /tmp/app1.raw /tmp/app1.v/app1_1.0.raw cp /tmp/app1_2.raw /tmp/app1.v/app1_2.0.raw portablectl "${ARGS[@]}" attach --now --runtime --extension /tmp/app1.v/ /usr/share/minimal_1.raw app1 @@ -210,7 +215,7 @@ grep -q -F bar "${STATE_DIRECTORY}/app0/foo" grep -q -F baz "${STATE_DIRECTORY}/app1/foo" # Ensure that we can override the check on extension-release.NAME -cp /usr/share/app0.raw /tmp/app10.raw +cp /tmp/app0.raw /tmp/app10.raw portablectl "${ARGS[@]}" attach --force --now --runtime --extension /tmp/app10.raw /usr/share/minimal_0.raw app0 systemctl is-active app0.service @@ -226,28 +231,28 @@ systemctl stop app0.service portablectl detach --force --runtime --extension /tmp/app10.raw /usr/share/minimal_0.raw app0 # portablectl also accepts confexts -portablectl "${ARGS[@]}" attach --now --runtime --extension /usr/share/app0.raw --extension /usr/share/conf0.raw /usr/share/minimal_0.raw app0 +portablectl "${ARGS[@]}" attach --now --runtime --extension /tmp/app0.raw --extension /tmp/conf0.raw /usr/share/minimal_0.raw app0 systemctl is-active app0.service -status="$(portablectl is-attached --extension /usr/share/app0.raw --extension /usr/share/conf0.raw /usr/share/minimal_0.raw)" +status="$(portablectl is-attached --extension /tmp/app0.raw --extension /tmp/conf0.raw /usr/share/minimal_0.raw)" [[ "${status}" == "running-runtime" ]] -portablectl inspect --force --cat --extension /usr/share/app0.raw --extension /usr/share/conf0.raw /usr/share/minimal_0.raw app0 | grep -q -F "Extension Release: /usr/share/conf0.raw" +portablectl inspect --force --cat --extension /tmp/app0.raw --extension /tmp/conf0.raw /usr/share/minimal_0.raw app0 | grep -q -F "Extension Release: /tmp/conf0.raw" -portablectl detach --now --runtime --extension /usr/share/app0.raw --extension /usr/share/conf0.raw /usr/share/minimal_0.raw app0 +portablectl detach --now --runtime --extension /tmp/app0.raw --extension /tmp/conf0.raw /usr/share/minimal_0.raw app0 # Ensure that mixed mode copies the images and units (client-owned) but symlinks the profile (OS owned) -portablectl "${ARGS[@]}" attach --copy=mixed --runtime --extension /usr/share/app0.raw /usr/share/minimal_0.raw app0 +portablectl "${ARGS[@]}" attach --copy=mixed --runtime --extension /tmp/app0.raw /usr/share/minimal_0.raw app0 test -f /run/portables/app0.raw test -f /run/portables/minimal_0.raw test -f /run/systemd/system.attached/app0.service test -L /run/systemd/system.attached/app0.service.d/10-profile.conf -portablectl detach --runtime --extension /usr/share/app0.raw /usr/share/minimal_0.raw app0 +portablectl detach --runtime --extension /tmp/app0.raw /usr/share/minimal_0.raw app0 # Ensure that when two portables share the same base image, removing one doesn't remove the other too -portablectl "${ARGS[@]}" attach --runtime --extension /usr/share/app0.raw /usr/share/minimal_0.raw app0 -portablectl "${ARGS[@]}" attach --runtime --extension /usr/share/app1.raw /usr/share/minimal_0.raw app1 +portablectl "${ARGS[@]}" attach --runtime --extension /tmp/app0.raw /usr/share/minimal_0.raw app0 +portablectl "${ARGS[@]}" attach --runtime --extension /tmp/app1.raw /usr/share/minimal_0.raw app1 status="$(portablectl is-attached --extension app0 minimal_0)" [[ "${status}" == "attached-runtime" ]] @@ -267,18 +272,18 @@ portablectl list | grep -F "minimal_0" | grep -q -F "attached-runtime" portablectl list | grep -F "app0" | grep -q -F "attached-runtime" portablectl list | grep -F "app1" | grep -q -F "attached-runtime" -portablectl detach --runtime --extension /usr/share/app0.raw /usr/share/minimal_0.raw app +portablectl detach --runtime --extension /tmp/app0.raw /usr/share/minimal_0.raw app status="$(portablectl is-attached --extension app1 minimal_0)" [[ "${status}" == "attached-runtime" ]] -portablectl detach --runtime --extension /usr/share/app1.raw /usr/share/minimal_0.raw app +portablectl detach --runtime --extension /tmp/app1.raw /usr/share/minimal_0.raw app # portablectl also works with directory paths rather than images mkdir /tmp/rootdir /tmp/app0 /tmp/app1 /tmp/overlay /tmp/os-release-fix /tmp/os-release-fix/etc -mount /usr/share/app0.raw /tmp/app0 -mount /usr/share/app1.raw /tmp/app1 +mount /tmp/app0.raw /tmp/app0 +mount /tmp/app1.raw /tmp/app1 mount /usr/share/minimal_0.raw /tmp/rootdir # Fix up os-release to drop the valid PORTABLE_SERVICES field (because we are diff --git a/test/units/testsuite-43.sh b/test/units/testsuite-43.sh index c120468593..165af47f15 100755 --- a/test/units/testsuite-43.sh +++ b/test/units/testsuite-43.sh @@ -6,6 +6,8 @@ set -o pipefail # shellcheck source=test/units/util.sh . "$(dirname "$0")"/util.sh +install_extension_images + if [[ "$(sysctl -ne kernel.apparmor_restrict_unprivileged_userns)" -eq 1 ]]; then echo "Cannot create unprivileged user namespaces" >/skipped exit 77 @@ -130,7 +132,7 @@ umount /tmp/img_bind # Unprivileged overlayfs was added to Linux 5.11, so try to detect it first mkdir -p /tmp/a /tmp/b /tmp/c if unshare --mount --user --map-root-user mount -t overlay overlay /tmp/c -o lowerdir=/tmp/a:/tmp/b; then - unsquashfs -no-xattrs -d /tmp/app2 /usr/share/app1.raw + unsquashfs -no-xattrs -d /tmp/app2 /tmp/app1.raw runas testuser systemd-run --wait --user --unit=test-extension-dir \ -p ExtensionDirectories=/tmp/app2 \ -p TemporaryFileSystem=/run -p RootDirectory=/tmp/img \ diff --git a/test/units/testsuite-50.dissect.sh b/test/units/testsuite-50.dissect.sh index 34e60aa76f..de69b72ef1 100755 --- a/test/units/testsuite-50.dissect.sh +++ b/test/units/testsuite-50.dissect.sh @@ -9,9 +9,16 @@ set -o pipefail # shellcheck source=test/units/util.sh . "$(dirname "$0")"/util.sh +BIND_LOG_SOCKETS=( + --property BindReadOnlyPaths=/dev/log + --property BindReadOnlyPaths=/run/systemd/journal/socket + --property BindReadOnlyPaths=/run/systemd/journal/stdout +) + systemd-dissect --json=short "$MINIMAL_IMAGE.raw" | \ grep -q -F '{"rw":"ro","designator":"root","partition_uuid":null,"partition_label":null,"fstype":"squashfs","architecture":null,"verity":"external"' systemd-dissect "$MINIMAL_IMAGE.raw" | grep -q -F "MARKER=1" +# shellcheck disable=SC2153 systemd-dissect "$MINIMAL_IMAGE.raw" | grep -q -F -f <(sed 's/"//g' "$OS_RELEASE") systemd-dissect --list "$MINIMAL_IMAGE.raw" | grep -q '^etc/os-release$' @@ -73,19 +80,21 @@ fi systemd-dissect --umount "$IMAGE_DIR/mount" systemd-dissect --umount "$IMAGE_DIR/mount2" -systemd-run -P -p RootImage="$MINIMAL_IMAGE.raw" cat /usr/lib/os-release | grep -q -F "MARKER=1" +systemd-run -P -p RootImage="$MINIMAL_IMAGE.raw" "${BIND_LOG_SOCKETS[@]}" cat /usr/lib/os-release | grep -q -F "MARKER=1" mv "$MINIMAL_IMAGE.verity" "$MINIMAL_IMAGE.fooverity" mv "$MINIMAL_IMAGE.roothash" "$MINIMAL_IMAGE.foohash" systemd-run -P \ -p RootImage="$MINIMAL_IMAGE.raw" \ -p RootHash="$MINIMAL_IMAGE.foohash" \ -p RootVerity="$MINIMAL_IMAGE.fooverity" \ + "${BIND_LOG_SOCKETS[@]}" \ cat /usr/lib/os-release | grep -q -F "MARKER=1" # Let's use the long option name just here as a test systemd-run -P \ --property RootImage="$MINIMAL_IMAGE.raw" \ --property RootHash="$MINIMAL_IMAGE_ROOTHASH" \ --property RootVerity="$MINIMAL_IMAGE.fooverity" \ + "${BIND_LOG_SOCKETS[@]}" \ cat /usr/lib/os-release | grep -q -F "MARKER=1" mv "$MINIMAL_IMAGE.fooverity" "$MINIMAL_IMAGE.verity" mv "$MINIMAL_IMAGE.foohash" "$MINIMAL_IMAGE.roothash" @@ -133,48 +142,56 @@ systemd-run --wait -P \ -p RootImage="$MINIMAL_IMAGE.gpt" \ -p RootHash="$MINIMAL_IMAGE_ROOTHASH" \ -p MountAPIVFS=yes \ + "${BIND_LOG_SOCKETS[@]}" \ cat /usr/lib/os-release | grep -q -F "MARKER=1" systemd-run --wait -P \ -p RootImage="$MINIMAL_IMAGE.gpt" \ -p RootHash="$MINIMAL_IMAGE_ROOTHASH" \ -p RootImagePolicy='*' \ -p MountAPIVFS=yes \ + "${BIND_LOG_SOCKETS[@]}" \ cat /usr/lib/os-release | grep -q -F "MARKER=1" (! systemd-run --wait -P \ -p RootImage="$MINIMAL_IMAGE.gpt" \ -p RootHash="$MINIMAL_IMAGE_ROOTHASH" \ -p RootImagePolicy='~' \ -p MountAPIVFS=yes \ + "${BIND_LOG_SOCKETS[@]}" \ cat /usr/lib/os-release | grep -q -F "MARKER=1") (! systemd-run --wait -P \ -p RootImage="$MINIMAL_IMAGE.gpt" \ -p RootHash="$MINIMAL_IMAGE_ROOTHASH" \ -p RootImagePolicy='-' \ -p MountAPIVFS=yes \ + "${BIND_LOG_SOCKETS[@]}" \ cat /usr/lib/os-release | grep -q -F "MARKER=1") (! systemd-run --wait -P \ -p RootImage="$MINIMAL_IMAGE.gpt" \ -p RootHash="$MINIMAL_IMAGE_ROOTHASH" \ -p RootImagePolicy='root=absent' \ -p MountAPIVFS=yes \ + "${BIND_LOG_SOCKETS[@]}" \ cat /usr/lib/os-release | grep -q -F "MARKER=1") systemd-run --wait -P \ -p RootImage="$MINIMAL_IMAGE.gpt" \ -p RootHash="$MINIMAL_IMAGE_ROOTHASH" \ -p RootImagePolicy='root=verity' \ -p MountAPIVFS=yes \ + "${BIND_LOG_SOCKETS[@]}" \ cat /usr/lib/os-release | grep -q -F "MARKER=1" systemd-run --wait -P \ -p RootImage="$MINIMAL_IMAGE.gpt" \ -p RootHash="$MINIMAL_IMAGE_ROOTHASH" \ -p RootImagePolicy='root=signed' \ -p MountAPIVFS=yes \ + "${BIND_LOG_SOCKETS[@]}" \ cat /usr/lib/os-release | grep -q -F "MARKER=1" (! systemd-run --wait -P \ -p RootImage="$MINIMAL_IMAGE.gpt" \ -p RootHash="$MINIMAL_IMAGE_ROOTHASH" \ -p RootImagePolicy='root=encrypted' \ -p MountAPIVFS=yes \ + "${BIND_LOG_SOCKETS[@]}" \ cat /usr/lib/os-release | grep -q -F "MARKER=1") systemd-dissect --root-hash "$MINIMAL_IMAGE_ROOTHASH" --mount "$MINIMAL_IMAGE.gpt" "$IMAGE_DIR/mount" @@ -194,14 +211,17 @@ systemd-run -P \ -p RootImage="$MINIMAL_IMAGE.gpt" \ -p RootHash="$MINIMAL_IMAGE_ROOTHASH" \ -p MountAPIVFS=yes \ + "${BIND_LOG_SOCKETS[@]}" \ cat /usr/lib/os-release | grep -q -F "MARKER=1" systemd-run -P \ -p RootImage="$MINIMAL_IMAGE.raw" \ -p RootImageOptions="root:nosuid,dev home:ro,dev ro,noatime" \ + "${BIND_LOG_SOCKETS[@]}" \ mount | grep -F "squashfs" | grep -q -F "nosuid" systemd-run -P \ -p RootImage="$MINIMAL_IMAGE.gpt" \ -p RootImageOptions="root:ro,noatime root:ro,dev" \ + "${BIND_LOG_SOCKETS[@]}" \ mount | grep -F "squashfs" | grep -q -F "noatime" mkdir -p "$IMAGE_DIR/result" @@ -214,6 +234,7 @@ TemporaryFileSystem=/run RootImage=$MINIMAL_IMAGE.raw RootImageOptions=root:ro,noatime home:ro,dev relatime,dev RootImageOptions=nosuid,dev +BindReadOnlyPaths=/dev/log /run/systemd/journal/socket /run/systemd/journal/stdout EOF systemctl start testservice-50a.service grep -F "squashfs" "$IMAGE_DIR/result/a" | grep -q -F "noatime" @@ -230,6 +251,7 @@ RootImageOptions=root:ro,noatime,nosuid home:ro,dev nosuid,dev RootImageOptions=home:ro,dev nosuid,dev,%%foo # this is the default, but let's specify once to test the parser MountAPIVFS=yes +BindReadOnlyPaths=/dev/log /run/systemd/journal/socket /run/systemd/journal/stdout EOF systemctl start testservice-50b.service grep -F "squashfs" "$IMAGE_DIR/result/b" | grep -q -F "noatime" @@ -262,23 +284,27 @@ systemd-run -P \ -p TemporaryFileSystem=/run \ -p RootImage="$MINIMAL_IMAGE.raw" \ -p MountImages="$MINIMAL_IMAGE.gpt:/run/img1 $MINIMAL_IMAGE.raw:/run/img2" \ + "${BIND_LOG_SOCKETS[@]}" \ cat /usr/lib/os-release | grep -q -F "MARKER=1" systemd-run -P \ -p TemporaryFileSystem=/run \ -p RootImage="$MINIMAL_IMAGE.raw" \ -p MountImages="$MINIMAL_IMAGE.gpt:/run/img1 $MINIMAL_IMAGE.raw:/run/img2" \ + "${BIND_LOG_SOCKETS[@]}" \ cat /run/img1/usr/lib/os-release | grep -q -F "MARKER=1" systemd-run -P \ -p TemporaryFileSystem=/run \ -p RootImage="$MINIMAL_IMAGE.gpt" \ -p RootHash="$MINIMAL_IMAGE_ROOTHASH" \ -p MountImages="$MINIMAL_IMAGE.gpt:/run/img1 $MINIMAL_IMAGE.raw:/run/img2" \ + "${BIND_LOG_SOCKETS[@]}" \ cat /run/img2/usr/lib/os-release | grep -q -F "MARKER=1" cat >/run/systemd/system/testservice-50c.service <<EOF [Service] MountAPIVFS=yes TemporaryFileSystem=/run RootImage=$MINIMAL_IMAGE.raw +BindReadOnlyPaths=/dev/log /run/systemd/journal/socket /run/systemd/journal/stdout MountImages=$MINIMAL_IMAGE.gpt:/run/img1:root:noatime:home:relatime MountImages=$MINIMAL_IMAGE.raw:/run/img2\:3:nosuid ExecStart=bash -c "cat /run/img1/usr/lib/os-release >/run/result/c" @@ -324,44 +350,53 @@ systemctl is-active testservice-50d.service # ExtensionImages will set up an overlay systemd-run -P \ - --property ExtensionImages=/usr/share/app0.raw \ + --property ExtensionImages=/tmp/app0.raw \ --property RootImage="$MINIMAL_IMAGE.raw" \ + "${BIND_LOG_SOCKETS[@]}" \ cat /opt/script0.sh | grep -q -F "extension-release.app0" systemd-run -P \ - --property ExtensionImages=/usr/share/app0.raw \ + --property ExtensionImages=/tmp/app0.raw \ --property RootImage="$MINIMAL_IMAGE.raw" \ + "${BIND_LOG_SOCKETS[@]}" \ cat /usr/lib/systemd/system/some_file | grep -q -F "MARKER=1" systemd-run -P \ - --property ExtensionImages="/usr/share/app0.raw /usr/share/app1.raw" \ + --property ExtensionImages="/tmp/app0.raw /tmp/app1.raw" \ --property RootImage="$MINIMAL_IMAGE.raw" \ + "${BIND_LOG_SOCKETS[@]}" \ cat /opt/script0.sh | grep -q -F "extension-release.app0" systemd-run -P \ - --property ExtensionImages="/usr/share/app0.raw /usr/share/app1.raw" \ + --property ExtensionImages="/tmp/app0.raw /tmp/app1.raw" \ --property RootImage="$MINIMAL_IMAGE.raw" \ + "${BIND_LOG_SOCKETS[@]}" \ cat /usr/lib/systemd/system/some_file | grep -q -F "MARKER=1" systemd-run -P \ - --property ExtensionImages="/usr/share/app0.raw /usr/share/app1.raw" \ + --property ExtensionImages="/tmp/app0.raw /tmp/app1.raw" \ --property RootImage="$MINIMAL_IMAGE.raw" \ + "${BIND_LOG_SOCKETS[@]}" \ cat /opt/script1.sh | grep -q -F "extension-release.app2" systemd-run -P \ - --property ExtensionImages="/usr/share/app0.raw /usr/share/app1.raw" \ + --property ExtensionImages="/tmp/app0.raw /tmp/app1.raw" \ --property RootImage="$MINIMAL_IMAGE.raw" \ + "${BIND_LOG_SOCKETS[@]}" \ cat /usr/lib/systemd/system/other_file | grep -q -F "MARKER=1" systemd-run -P \ - --property ExtensionImages=/usr/share/app-nodistro.raw \ + --property ExtensionImages=/tmp/app-nodistro.raw \ --property RootImage="$MINIMAL_IMAGE.raw" \ + "${BIND_LOG_SOCKETS[@]}" \ cat /usr/lib/systemd/system/some_file | grep -q -F "MARKER=1" systemd-run -P \ --property ExtensionImages=/etc/service-scoped-test.raw \ --property RootImage="$MINIMAL_IMAGE.raw" \ + "${BIND_LOG_SOCKETS[@]}" \ cat /etc/systemd/system/some_file | grep -q -F "MARKER_CONFEXT_123" # Check that using a symlink to NAME-VERSION.raw works as long as the symlink has the correct name NAME.raw -mkdir -p /usr/share/symlink-test/ -cp /usr/share/app-nodistro.raw /usr/share/symlink-test/app-nodistro-v1.raw -ln -fs /usr/share/symlink-test/app-nodistro-v1.raw /usr/share/symlink-test/app-nodistro.raw +mkdir -p /tmp/symlink-test/ +cp /tmp/app-nodistro.raw /tmp/symlink-test/app-nodistro-v1.raw +ln -fs /tmp/symlink-test/app-nodistro-v1.raw /tmp/symlink-test/app-nodistro.raw systemd-run -P \ - --property ExtensionImages=/usr/share/symlink-test/app-nodistro.raw \ + --property ExtensionImages=/tmp/symlink-test/app-nodistro.raw \ --property RootImage="$MINIMAL_IMAGE.raw" \ + "${BIND_LOG_SOCKETS[@]}" \ cat /usr/lib/systemd/system/some_file | grep -q -F "MARKER=1" # Symlink check again but for confext @@ -371,17 +406,20 @@ ln -fs /etc/symlink-test/service-scoped-test-v1.raw /etc/symlink-test/service-sc systemd-run -P \ --property ExtensionImages=/etc/symlink-test/service-scoped-test.raw \ --property RootImage="$MINIMAL_IMAGE.raw" \ + "${BIND_LOG_SOCKETS[@]}" \ cat /etc/systemd/system/some_file | grep -q -F "MARKER_CONFEXT_123" # And again mixing sysext and confext systemd-run -P \ - --property ExtensionImages=/usr/share/symlink-test/app-nodistro.raw \ + --property ExtensionImages=/tmp/symlink-test/app-nodistro.raw \ --property ExtensionImages=/etc/symlink-test/service-scoped-test.raw \ --property RootImage="$MINIMAL_IMAGE.raw" \ + "${BIND_LOG_SOCKETS[@]}" \ cat /etc/systemd/system/some_file | grep -q -F "MARKER_CONFEXT_123" systemd-run -P \ - --property ExtensionImages=/usr/share/symlink-test/app-nodistro.raw \ + --property ExtensionImages=/tmp/symlink-test/app-nodistro.raw \ --property ExtensionImages=/etc/symlink-test/service-scoped-test.raw \ --property RootImage="$MINIMAL_IMAGE.raw" \ + "${BIND_LOG_SOCKETS[@]}" \ cat /usr/lib/systemd/system/some_file | grep -q -F "MARKER=1" cat >/run/systemd/system/testservice-50e.service <<EOF @@ -390,7 +428,8 @@ MountAPIVFS=yes TemporaryFileSystem=/run /var/lib StateDirectory=app0 RootImage=$MINIMAL_IMAGE.raw -ExtensionImages=/usr/share/app0.raw /usr/share/app1.raw:nosuid +ExtensionImages=/tmp/app0.raw /tmp/app1.raw:nosuid +BindReadOnlyPaths=/dev/log /run/systemd/journal/socket /run/systemd/journal/stdout # Relevant only for sanitizer runs UnsetEnvironment=LD_PRELOAD ExecStart=bash -c '/opt/script0.sh | grep ID' @@ -406,8 +445,8 @@ VBASE="vtest$RANDOM" VDIR="/tmp/$VBASE.v" mkdir "$VDIR" -ln -s /usr/share/app0.raw "$VDIR/${VBASE}_0.raw" -ln -s /usr/share/app1.raw "$VDIR/${VBASE}_1.raw" +ln -s /tmp/app0.raw "$VDIR/${VBASE}_0.raw" +ln -s /tmp/app1.raw "$VDIR/${VBASE}_1.raw" systemd-run -P -p ExtensionImages="$VDIR" bash -c '/opt/script1.sh | grep ID' @@ -418,46 +457,56 @@ mkdir -p "$IMAGE_DIR/app0" "$IMAGE_DIR/app1" "$IMAGE_DIR/app-nodistro" "$IMAGE_D (! systemd-run -P \ --property ExtensionDirectories="$IMAGE_DIR/nonexistent" \ --property RootImage="$MINIMAL_IMAGE.raw" \ + "${BIND_LOG_SOCKETS[@]}" \ cat /opt/script0.sh) (! systemd-run -P \ --property ExtensionDirectories="$IMAGE_DIR/app0" \ --property RootImage="$MINIMAL_IMAGE.raw" \ + "${BIND_LOG_SOCKETS[@]}" \ cat /opt/script0.sh) -systemd-dissect --mount /usr/share/app0.raw "$IMAGE_DIR/app0" -systemd-dissect --mount /usr/share/app1.raw "$IMAGE_DIR/app1" -systemd-dissect --mount /usr/share/app-nodistro.raw "$IMAGE_DIR/app-nodistro" +systemd-dissect --mount /tmp/app0.raw "$IMAGE_DIR/app0" +systemd-dissect --mount /tmp/app1.raw "$IMAGE_DIR/app1" +systemd-dissect --mount /tmp/app-nodistro.raw "$IMAGE_DIR/app-nodistro" systemd-dissect --mount /etc/service-scoped-test.raw "$IMAGE_DIR/service-scoped-test" systemd-run -P \ --property ExtensionDirectories="$IMAGE_DIR/app0" \ --property RootImage="$MINIMAL_IMAGE.raw" \ + "${BIND_LOG_SOCKETS[@]}" \ cat /opt/script0.sh | grep -q -F "extension-release.app0" systemd-run -P \ --property ExtensionDirectories="$IMAGE_DIR/app0" \ --property RootImage="$MINIMAL_IMAGE.raw" \ + "${BIND_LOG_SOCKETS[@]}" \ cat /usr/lib/systemd/system/some_file | grep -q -F "MARKER=1" systemd-run -P \ --property ExtensionDirectories="$IMAGE_DIR/app0 $IMAGE_DIR/app1" \ --property RootImage="$MINIMAL_IMAGE.raw" \ + "${BIND_LOG_SOCKETS[@]}" \ cat /opt/script0.sh | grep -q -F "extension-release.app0" systemd-run -P \ --property ExtensionDirectories="$IMAGE_DIR/app0 $IMAGE_DIR/app1" \ --property RootImage="$MINIMAL_IMAGE.raw" \ + "${BIND_LOG_SOCKETS[@]}" \ cat /usr/lib/systemd/system/some_file | grep -q -F "MARKER=1" systemd-run -P \ --property ExtensionDirectories="$IMAGE_DIR/app0 $IMAGE_DIR/app1" \ --property RootImage="$MINIMAL_IMAGE.raw" \ + "${BIND_LOG_SOCKETS[@]}" \ cat /opt/script1.sh | grep -q -F "extension-release.app2" systemd-run -P \ --property ExtensionDirectories="$IMAGE_DIR/app0 $IMAGE_DIR/app1" \ --property RootImage="$MINIMAL_IMAGE.raw" \ + "${BIND_LOG_SOCKETS[@]}" \ cat /usr/lib/systemd/system/other_file | grep -q -F "MARKER=1" systemd-run -P \ --property ExtensionDirectories="$IMAGE_DIR/app-nodistro" \ --property RootImage="$MINIMAL_IMAGE.raw" \ + "${BIND_LOG_SOCKETS[@]}" \ cat /usr/lib/systemd/system/some_file | grep -q -F "MARKER=1" systemd-run -P \ --property ExtensionDirectories="$IMAGE_DIR/service-scoped-test" \ --property RootImage="$MINIMAL_IMAGE.raw" \ + "${BIND_LOG_SOCKETS[@]}" \ cat /etc/systemd/system/some_file | grep -q -F "MARKER_CONFEXT_123" cat >/run/systemd/system/testservice-50f.service <<EOF [Service] @@ -465,6 +514,7 @@ MountAPIVFS=yes TemporaryFileSystem=/run /var/lib StateDirectory=app0 RootImage=$MINIMAL_IMAGE.raw +BindReadOnlyPaths=/dev/log /run/systemd/journal/socket /run/systemd/journal/stdout ExtensionDirectories=$IMAGE_DIR/app0 $IMAGE_DIR/app1 # Relevant only for sanitizer runs UnsetEnvironment=LD_PRELOAD @@ -493,7 +543,7 @@ systemd-dissect --umount "$IMAGE_DIR/app1" # Test that an extension consisting of an empty directory under /etc/extensions/ takes precedence mkdir -p /var/lib/extensions/ -ln -s /usr/share/app-nodistro.raw /var/lib/extensions/app-nodistro.raw +ln -s /tmp/app-nodistro.raw /var/lib/extensions/app-nodistro.raw systemd-sysext merge grep -q -F "MARKER=1" /usr/lib/systemd/system/some_file systemd-sysext unmerge @@ -534,7 +584,7 @@ ln -s "$MINIMAL_IMAGE.raw" "$VDIR/${VBASE}_33.raw" ln -s "$MINIMAL_IMAGE.raw" "$VDIR/${VBASE}_34.raw" ln -s "$MINIMAL_IMAGE.raw" "$VDIR/${VBASE}_35.raw" -systemd-run -P -p RootImage="$VDIR" cat /usr/lib/os-release | grep -q -F "MARKER=1" +systemd-run -P -p RootImage="$VDIR" "${BIND_LOG_SOCKETS[@]}" cat /usr/lib/os-release | grep -q -F "MARKER=1" rm "$VDIR/${VBASE}_33.raw" "$VDIR/${VBASE}_34.raw" "$VDIR/${VBASE}_35.raw" rmdir "$VDIR" @@ -612,6 +662,7 @@ systemd-run --unit=test-root-ephemeral \ -p RootDirectory=/tmp/img \ -p RootEphemeral=yes \ -p Type=exec \ + "${BIND_LOG_SOCKETS[@]}" \ bash -c "touch /abc && sleep infinity" test -n "$(ls -A /var/lib/systemd/ephemeral-trees)" systemctl stop test-root-ephemeral @@ -661,11 +712,11 @@ grep -q -F "MARKER_CONFEXT_123" /etc/testfile systemd-confext unmerge rm -rf /run/confexts/ testjob/ -systemd-run -P -p RootImage="$MINIMAL_IMAGE.raw" cat /run/host/os-release | cmp "$OS_RELEASE" +systemd-run -P -p RootImage="$MINIMAL_IMAGE.raw" "${BIND_LOG_SOCKETS[@]}" cat /run/host/os-release | cmp "$OS_RELEASE" # Test that systemd-sysext reloads the daemon. mkdir -p /var/lib/extensions/ -ln -s /usr/share/app-reload.raw /var/lib/extensions/app-reload.raw +ln -s /tmp/app-reload.raw /var/lib/extensions/app-reload.raw systemd-sysext merge --no-reload # the service should not be running (! systemctl --quiet is-active foo.service) diff --git a/test/units/testsuite-50.sh b/test/units/testsuite-50.sh index 8c4d2bfc3f..d014e824fc 100755 --- a/test/units/testsuite-50.sh +++ b/test/units/testsuite-50.sh @@ -6,6 +6,9 @@ set -o pipefail # shellcheck source=test/units/test-control.sh . "$(dirname "$0")"/test-control.sh +# shellcheck source=test/units/util.sh +. "$(dirname "$0")"/util.sh + # Setup shared stuff & run all subtests at_exit() { @@ -103,6 +106,8 @@ cp -v /usr/share/minimal* "$IMAGE_DIR/" MINIMAL_IMAGE="$IMAGE_DIR/minimal_0" MINIMAL_IMAGE_ROOTHASH="$(<"$MINIMAL_IMAGE.roothash")" +install_extension_images + OS_RELEASE="$(test -e /etc/os-release && echo /etc/os-release || echo /usr/lib/os-release)" if systemctl --version | grep -q -- +OPENSSL ; then diff --git a/test/units/util.sh b/test/units/util.sh index dc5dd1e1ec..8eea263135 100755 --- a/test/units/util.sh +++ b/test/units/util.sh @@ -241,3 +241,123 @@ maybe_umount_usr_overlay() { umount -l /usr fi } + +install_extension_images() { + local os_release + os_release="$(test -e /etc/os-release && echo /etc/os-release || echo /usr/lib/os-release)" + + # Rolling distros like Arch do not set VERSION_ID + local version_id="" + if grep -q "^VERSION_ID=" "$os_release"; then + version_id="$(grep "^VERSION_ID=" "$os_release")" + fi + + local initdir="/var/tmp/app0" + mkdir -p "$initdir/usr/lib/extension-release.d" "$initdir/usr/lib/systemd/system" "$initdir/opt" + grep "^ID=" "$os_release" >"$initdir/usr/lib/extension-release.d/extension-release.app0" + echo "$version_id" >>"$initdir/usr/lib/extension-release.d/extension-release.app0" + ( + echo "$version_id" + echo "SYSEXT_IMAGE_ID=app" + ) >>"$initdir/usr/lib/extension-release.d/extension-release.app0" + cat >"$initdir/usr/lib/systemd/system/app0.service" <<EOF +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/opt/script0.sh +TemporaryFileSystem=/var/lib +StateDirectory=app0 +RuntimeDirectory=app0 +EOF + cat >"$initdir/opt/script0.sh" <<EOF +#!/bin/bash +set -e +test -e /usr/lib/os-release +echo bar >\${STATE_DIRECTORY}/foo +cat /usr/lib/extension-release.d/extension-release.app0 +EOF + chmod +x "$initdir/opt/script0.sh" + echo MARKER=1 >"$initdir/usr/lib/systemd/system/some_file" + mksquashfs "$initdir" /tmp/app0.raw -noappend + + initdir="/var/tmp/conf0" + mkdir -p "$initdir/etc/extension-release.d" "$initdir/etc/systemd/system" "$initdir/opt" + grep "^ID=" "$os_release" >"$initdir/etc/extension-release.d/extension-release.conf0" + echo "$version_id" >>"$initdir/etc/extension-release.d/extension-release.conf0" + ( + echo "$version_id" + echo "CONFEXT_IMAGE_ID=app" + ) >>"$initdir/etc/extension-release.d/extension-release.conf0" + echo MARKER_1 >"$initdir/etc/systemd/system/some_file" + mksquashfs "$initdir" /tmp/conf0.raw -noappend + + initdir="/var/tmp/app1" + mkdir -p "$initdir/usr/lib/extension-release.d" "$initdir/usr/lib/systemd/system" "$initdir/opt" + grep "^ID=" "$os_release" >"$initdir/usr/lib/extension-release.d/extension-release.app2" + ( + echo "$version_id" + echo "SYSEXT_SCOPE=portable" + echo "SYSEXT_IMAGE_ID=app" + echo "SYSEXT_IMAGE_VERSION=1" + echo "PORTABLE_PREFIXES=app1" + ) >>"$initdir/usr/lib/extension-release.d/extension-release.app2" + setfattr -n user.extension-release.strict -v false "$initdir/usr/lib/extension-release.d/extension-release.app2" + cat >"$initdir/usr/lib/systemd/system/app1.service" <<EOF +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/opt/script1.sh +StateDirectory=app1 +RuntimeDirectory=app1 +EOF + cat >"$initdir/opt/script1.sh" <<EOF +#!/bin/bash +set -e +test -e /usr/lib/os-release +echo baz >\${STATE_DIRECTORY}/foo +cat /usr/lib/extension-release.d/extension-release.app2 +EOF + chmod +x "$initdir/opt/script1.sh" + echo MARKER=1 >"$initdir/usr/lib/systemd/system/other_file" + mksquashfs "$initdir" /tmp/app1.raw -noappend + + initdir="/var/tmp/app-nodistro" + mkdir -p "$initdir/usr/lib/extension-release.d" "$initdir/usr/lib/systemd/system" + ( + echo "ID=_any" + echo "ARCHITECTURE=_any" + ) >"$initdir/usr/lib/extension-release.d/extension-release.app-nodistro" + echo MARKER=1 >"$initdir/usr/lib/systemd/system/some_file" + mksquashfs "$initdir" /tmp/app-nodistro.raw -noappend + + initdir="/var/tmp/service-scoped-test" + mkdir -p "$initdir/etc/extension-release.d" "$initdir/etc/systemd/system" + ( + echo "ID=_any" + echo "ARCHITECTURE=_any" + ) >"$initdir/etc/extension-release.d/extension-release.service-scoped-test" + echo MARKER_CONFEXT_123 >"$initdir/etc/systemd/system/some_file" + mksquashfs "$initdir" /etc/service-scoped-test.raw -noappend + + # We need to create a dedicated sysext image to test the reload mechanism. If we share an image to install the + # 'foo.service' it will be loaded from another test run, which will impact the targeted test. + initdir="/var/tmp/app-reload" + mkdir -p "$initdir/usr/lib/extension-release.d" "$initdir/usr/lib/systemd/system" + ( + echo "ID=_any" + echo "ARCHITECTURE=_any" + echo "EXTENSION_RELOAD_MANAGER=1" + ) >"$initdir/usr/lib/extension-release.d/extension-release.app-reload" + mkdir -p "$initdir/usr/lib/systemd/system/multi-user.target.d" + cat >"$initdir/usr/lib/systemd/system/foo.service" <<EOF +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=echo foo + +[Install] +WantedBy=multi-user.target +EOF + echo -e "[Unit]\nUpholds=foo.service" >"$initdir/usr/lib/systemd/system/multi-user.target.d/10-foo-service.conf" + mksquashfs "$initdir" /tmp/app-reload.raw -noappend +} |