| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It turns out OverlayFS doesn't handle gracefully when the same source is
specified multiple times in lowerdir= and it fails with ELOOP:
Failed to mount overlay (type overlay) on /run/systemd/mount-rootfs/opt (MS_RDONLY "lowerdir=/run/systemd/unit-extensions/1/opt:/run/systemd/unit-extensions/0/opt:/run/systemd/mount-rootfs/opt"): Too many levels of symbolic links
This happens even if we mount each image in a different internal mount
path, as OverlayFS will resolve it and look for the backing device, which
will be the same device mapper entity, and return a hard error.
This error does not appear if dm-verity is not used, so it is very
confusing for users, and unnecessary.
When mounting ExtensionImages, check if an image is dm-veritied,
and drop duplicates if the root hashes match, to avoid this user-unfriendly
hard error.
|
|
|
|
|
| |
If we're not running the test as root, stick to using a virtual
machine, as mkosi can't do rootless nspawn yet.
|
|
|
|
|
|
|
| |
Let's make this behave more like all the rest of the meson stuff.
This also is the first step to making it a bit more flexible so we
can define integration tests in different ways as will be seen in
the next commits.
|
|
|
|
|
| |
Need full support of pidfd to work, so skip the test if it's not
available
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
No functional change.
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
CIs set QEMU and nspawn timeouts by themselves which reflect their needs
and possibilities, so let's respect that value, instead of using one
pre-set value which might or might not work for all of them.
Both Ubuntu CI and CentOS CI set these values themselves.
|
|
|
|
|
|
|
|
|
| |
It times out on slow CIs near the end of the test, eg:
[ 553.539368] kernel: loop_reread_partitions: partition scan of loop3 () failed (rc=-5)
TEST-50-DISSECT: (timeout)
https://autopkgtest.ubuntu.com/results/autopkgtest-focal-upstream-systemd-ci-systemd-ci/focal/ppc64el/s/systemd-upstream/20220518_172659_bf20f@/log.gz
|
|
|
|
| |
Preparation for the next commit.
|
|
|
|
|
|
|
|
|
| |
TEST-67-INTEGRITY times out quite often, and when it passes
it does so a few seconds short of the timeout. It's a slow
qemu test, so bump the timeout.
TEST-50-DISSECT has been reported to fail in the same way
on Debian's infrastructure, again narrowly failing or passing
just short of the timeout.
|
| |
|
|
|
|
|
|
|
| |
When they work they finish quickly in under two minutes on slow machines, when
soft lock ups happen in the nested virt machine each test can run for like 5
hours clogging up CI infrastructure. It's best to fail quicker than that when
qemu or kernel are broken.
|
|
|
|
|
|
|
|
|
|
|
| |
If the packages are built without libssl simply skip the signature
checks.
Oct 06 21:21:32 H systemd[1]: systemd 249.1249.gcc4df1f787.0 running in system mode (+PAM +AUDIT +SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT +GNUTLS -OPENSSL
...
Oct 06 21:22:21 H systemd[459]: Activation of signed Verity volume worked neither via the kernel nor in userspace, can't activate.
Follow-up for #20691
|
| |
|
|
|
|
|
|
| |
Specifying the test number manually is tedious and prone to errors (as
recently proven). Since we have all the necessary data to work out the
test number, let's do it automagically.
|
|
|
|
| |
Let's see if this makes the test stable on the CI.
|
| |
|
|
|
|
| |
to avoid possible word splitting.
|
|
|
|
|
|
|
| |
This test is flaky, and requires updates to the kernel to fix, so
disable it for now.
https://github.com/systemd/systemd/issues/17469
|
|
|
|
|
| |
Add support for overlaying images for services on top of their
root fs, using a read-only overlay.
|
|
|
|
|
|
| |
So that it can be re-used for other tests by simply setting
TEST_INSTALL_VERITY_MINIMAL=1 in test.sh, without having to
replicate the setup commands.
|
|
|
|
|
|
| |
Building custom images for each test takes a lot of time.
Build the default one, and if the test needs incompatible changes
just copy it and extend it instead.
|
|
|
|
|
|
|
|
| |
Ubuntu CI's just got the dependencies require dto run this test added,
and it seems the build is different enough from other platforms
that it fails to create the required directories:
cp: cannot create regular file '/var/tmp/systemd-test.JJMOBY/minimal/usr/lib/os-release': No such file or directory
|
|
|
|
| |
This reverts commit 329315b29f63adb05054c26f739f68780fadfa0a.
|
|
|
|
|
|
| |
It looks like we need to do some whack-a-mole before it will fully pass,
so disable for now. It was skipped until today anyway due to missing
dependencies.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We have four legal cases:
1. /usr/lib/os-release exists and /etc/os-release is a symlink to it
2. both exist but /etc/os-release is not a symlink to /usr/lib/os-release
3. only /usr/lib/os-release exists
4. only /etc/os-release exists
The generic setup code in test-functions and create-busybox-image didn't handle
case 3.
The test-specific code in TEST-50 didn't handle 2 (because the general setup
code would only install /etc/os-release in the image and
grep -f /usr/lib/os-release would not work) and 4 (same reason) and would fail
in case 3 in generic setup.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Allows to specify mount options for RootImage.
In case of multi-partition images, the partition number can be prefixed
followed by colon. Eg:
RootImageOptions=1:ro,dev 2:nosuid nodev
In absence of a partition number, 0 is assumed.
|
|
|
|
| |
Easier than in the limited VM environment
|
| |
|
| |
|
|
dm-verity support in dissect-image at the moment is restricted to GPT
volumes.
If the image a single-filesystem type without a partition table (eg: squashfs)
and a roothash/verity file are passed, set the verity flag and mark as
read-only.
|