summaryrefslogtreecommitdiffstats
path: root/test (follow)
Commit message (Collapse)AuthorAgeFilesLines
* TEST-13-NSPAWN: add test case for /dev/net/tunYu Watanabe2024-11-142-0/+54
| | | | For issue #35116.
* test-network: update KeepConfiguration=dhcp -> dynamicYu Watanabe2024-11-143-7/+7
|
* test-network: several cleanupsYu Watanabe2024-11-121-46/+43
| | | | | | | | - fix verifiers in test_router_preference() to make them actually check if unnecessary routes are removed, - stop radv in test_ndisc_vs_static_route() before checking if the static route is preserved even when the router sends a RA with zero lifetime, - make verifiers in NetworkdIPv6PrefixTests stricter.
* network: forget IPv4 non-local routes when an interface went down (#35099)Yu Watanabe2024-11-114-3/+70
|\ | | | | Fixes #35047.
| * test-network: add test case for issue #35047Yu Watanabe2024-11-114-0/+60
| |
| * network/nexthop: do not remove depending nexthops when a nexthop is removedYu Watanabe2024-11-111-3/+10
| | | | | | | | | | Previously, when a nexthop is removed, depending nexthops were removed, but that's not necessary, as the kernel keeps them, at least with v6.11.
* | Introduce systemd-keyutil to do various key/certificate operations (#35095)Lennart Poettering2024-11-112-4/+50
|\ \ | |/ |/| | | | | | | | | Let's gather generic key/certificate operations in a new tool systemd-keyutil instead of spreading them across various special purpose tools. Fixes #35087
| * Introduce systemd-keyutil to do various key/certificate operationsDaan De Meyer2024-11-082-4/+50
| | | | | | | | | | | | | | | | Let's gather generic key/certificate operations in a new tool systemd-keyutil instead of spreading them across various special purpose tools. Fixes #35087
* | test-network: reconfigure interface cleanly to drop previous DHCP lease and ↵Yu Watanabe2024-11-111-6/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | friends Follow-up for 451c2baf30f50b95d73e648058c7c2348dbf0c31. With the commits, reloading .network files does not release previously acquired DHCP lease and friends if possible. On graceful reconfigure triggered by the reload, the interface may acquire a new DHCPv4 lease earlier than DHCPv6 lease. In that case, the check will fail as it is done with the new DHCPv4 lease and old DHCPv6 lease, which does not contain any IPv6 DNS servers or so. So, when switching from no -> yes, we need to wait a new lease with DNS servers or so. To achieve that, we need to clean reconfigure the interface.
* | network: reset 'configured' flags even if we keep DHCP lease and friends on ↵Yu Watanabe2024-11-111-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | reconfigure Follow-up for 451c2baf30f50b95d73e648058c7c2348dbf0c31. With the commits, reloading .network files does not release previously acquired DHCP lease and friends if possible. If previously a DHCP client was configured as not requesting DNS servers or so, then the previously acquired lease might not contain any DNS servers. In that case, if the new .network file enables UseDNS=, then the interface should enter the configured state after a new lease is acquired. To achieve that, we need to reset the flags. With this change, the workaround applied to the test by the commit 451c2baf30f50b95d73e648058c7c2348dbf0c31 can be dropped.
* | test: install integration-test-setup.sh in testdata/Franck Bui2024-11-082-7/+9
|/ | | | | | | integration-test-setup.sh is an auxiliary script that tests rely on at runtime. As such, install the script in testdata/. Follow-up for af153e36ae67c242251951c12d6d6b6ae4783845.
* Fix PrivatePIDs=yes integration test for kernels with no /proc/scsiRyan Wilson2024-11-081-5/+16
|
* Introduce systemd-sbsign to do secure boot signing (#35021)Daan De Meyer2024-11-061-0/+60
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently in mkosi and ukify we use sbsigntools to do secure boot signing. This has multiple issues: - sbsigntools is practically unmaintained, sbvarsign is completely broken with the latest gnu-efi when built without -fshort-wchar and upstream has completely ignored my bug report about this. - sbsigntools only supports openssl engines and not the new providers API. - sbsigntools doesn't allow us to cache hardware token pins in the kernel keyring like we do nowadays when we sign stuff ourselves in systemd-repart or systemd-measure There are alternative tools like sbctl and pesign but these do not support caching hardware token pins in the kernel keyring either. To get around the issues with sbsigntools, let's introduce our own tool systemd-sbsign to do secure boot signing. This allows us to take advantage of our own openssl infra so that hardware token pins are cached in the kernel keyring as expected and we get openssl provider support as well.
| * sbsign: Add validate-key verbDaan De Meyer2024-11-061-0/+4
| | | | | | | | This verb checks that we can load the specified private key.
| * Introduce systemd-sbsign to do secure boot signingDaan De Meyer2024-11-061-0/+56
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently in mkosi and ukify we use sbsigntools to do secure boot signing. This has multiple issues: - sbsigntools is practically unmaintained, sbvarsign is completely broken with the latest gnu-efi when built without -fshort-wchar and upstream has completely ignored my bug report about this. - sbsigntools only supports openssl engines and not the new providers API. - sbsigntools doesn't allow us to cache hardware token pins in the kernel keyring like we do nowadays when we sign stuff ourselves in systemd-repart or systemd-measure There are alternative tools like sbctl and pesign but these do not support caching hardware token pins in the kernel keyring either. To get around the issues with sbsigntools, let's introduce our own tool systemd-sbsign to do secure boot signing. This allows us to take advantage of our own openssl infra so that hardware token pins are cached in the kernel keyring as expected and we get openssl provider support as well.
* | networkd: add possibility to specify MulticastIGMPVersionMichele Dionisio2024-11-062-0/+2
| |
* | machine: tests for io.systemd.Machine.OpenIvan Kruglov2024-11-061-0/+19
| |
* | network: reconfigure interface more gracefully (#35035)Yu Watanabe2024-11-061-0/+1
|\ \ | | | | | | split-out of #34989.
| * | network: keep dynamic configurations as possible as we can on reconfigureYu Watanabe2024-11-051-0/+1
| |/ | | | | | | | | | | | | | | | | | | E.g. when a .network file is updated, but DHCP setting is unchanged, it is not necessary to drop acquired DHCP lease. So, let's not stop DHCP client and friends in link_reconfigure_impl(), but stop them later when we know they are not necessary anymore. Still DHCP clients and friends are stopped and leases are dropped when the explicit reconfiguration is requested
* | test: delete /swapfile after swapoffLuca Boccassi2024-11-051-0/+1
| | | | | | | | | | [ 23.608342] TEST-55-OOMD.sh[689]: + btrfs filesystem mkswapfile -s 64M /swapfile [ 23.651930] TEST-55-OOMD.sh[704]: ERROR: cannot create new swapfile: File exists
* | Add PrivatePIDs= (continued) (#34940)Luca Boccassi2024-11-052-0/+166
|\ \ | |/ |/|
| * core: Introduce PrivatePIDs=Daan De Meyer2024-11-052-0/+166
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This new setting allows unsharing the pid namespace in a unit. Because you have to fork to get a process into a pid namespace, we fork in systemd-executor to get into the new pid namespace. The parent then sends the pid of the child process back to the manager and exits while the child process continues on with the rest of exec_invoke() and then executes the actual payload. Communicating the child pid is done via a new pidref socket pair that is set up on manager startup. We unshare the PID namespace right before the mount namespace so we mount procfs correctly. Note PrivatePIDs=yes always implies MountAPIVFS=yes to mount procfs. When running unprivileged in a user session, user namespace is set up first to allow for PID namespace to be unshared. However, when running in privileged mode, we unshare the user namespace last to ensure the user namespace does not own the PID namespace and cannot break out of the sandbox. Note we disallow Type=forking services from using PrivatePIDs=yes since the init proess inside the PID namespace must not exit for other processes in the namespace to exist. Note Daan De Meyer did the original work for this commit with Ryan Wilson addressing follow-ups. Co-authored-by: Daan De Meyer <daan.j.demeyer@gmail.com>
* | tmpfiles: Implement L? to only create symlinks if source existsDaan De Meyer2024-11-041-0/+20
|/ | | | | | This allows a single tmpfiles snippet with lines to symlink directories from /usr/share/factory to be shared across many different configurations while making sure symlinks only get created if the source actually exists.
* bootctl: Add --secure-boot-auto-enrollDaan De Meyer2024-11-032-0/+28
| | | | | | When specified, bootctl install will also set up secure boot auto-enrollment. For now, We sign all variables using the same certificate and key pair.
* TEST-64-UDEV-STORAGE: Don't hardcode device name in long-sysfs-path testDaan De Meyer2024-11-023-13/+15
| | | | | There's no guarantee our device will be named /dev/vda, so give it a serial so we can query for its devname inside the test.
* TEST-17-UDEV: Don't hardcode root device nameDaan De Meyer2024-11-022-28/+32
| | | | | There's no guarantee the root device will be /dev/sda, so let's use bootctl to get the actual path instead of harcoding it.
* machine: introduce io.systemd.MachineImage.{Clone, Remove} methods (#34853)Luca Boccassi2024-11-021-6/+15
|\ | | | | | | This PR introduces io.systemd.MachineImage.Clone and Remove methods. They are 1:1 mapping to DBus alternatives.
| * machine: remove redundant --more in TEST-13-NSPAWN.machinedIvan Kruglov2024-11-011-6/+6
| |
| * machine: tests for io.systemd.MachineImage.{Clone, Remove} methodsIvan Kruglov2024-11-011-0/+9
| |
* | core: add id-mapped mount support for Exec directoriesAndres Beltran2024-11-011-0/+70
| |
* | core/service: don't propagate stop jobs if RestartMode=direct (#34768)Lennart Poettering2024-11-016-0/+66
|\ \ | |/ |/| Fixes https://github.com/systemd/systemd/issues/34758
| * TEST-03-JOBS: add test case for #34758Mike Yuan2024-10-276-0/+66
| |
* | network: update tunnel or vxlan with Local=dhcp4 and friends (#34957)Luca Boccassi2024-11-014-2/+26
|\ \ | | | | | | Fixes #24854.
| * | test-network: add test case for tunnel Local=dhcp4Yu Watanabe2024-10-314-2/+26
| | | | | | | | | | | | For issue #24854.
* | | core: add read-only flag for exec directoriesLuca Boccassi2024-11-012-1/+20
| | | | | | | | | | | | | | | | | | | | | | | | When an exec directory is shared between services, this allows one of the service to be the producer of files, and the other the consumer, without letting the consumer modify the shared files. This will be especially useful in conjunction with id-mapped exec directories so that fully sandboxed services can share directories in one direction, safely.
* | | TEST-13-NSPAWN: add test cases for listing multiple machinesYu Watanabe2024-10-311-1/+17
| | |
* | | TEST-13-NSPAWN: trivially kill all processes in the container on terminationYu Watanabe2024-10-311-4/+4
| | | | | | | | | | | | | | | | | | Follow-up for 841988f80d2440501a3baddba712cdb955225ab7. No functional change, as $PID is 0 when the trap is inserted.
* | | TEST-13-NSPAWN: check returned machine listYu Watanabe2024-10-311-1/+15
| | |
* | | TEST-13-NSPAWN: fix race between container exit and varlink callYu Watanabe2024-10-311-0/+19
|/ / | | | | | | | | | | | | | | | | Follow-up for 3cb72c7862d8950bc2a963aaa3ca3255eea374b6. The test container exits shortly, hence when varlinkctl is called, the container may be already terminated. Let's make the container live infinitely. Also, this makes the os-release files removed after the container is started.
* | test-network: test for reload of .netdev file of stacked netdevYu Watanabe2024-10-301-10/+214
| | | | | | | | For issue #9627, #27177, and #34907.
* | network/tunnel: reuse existing 6rd sit tunnel (#34938)Yu Watanabe2024-10-301-9/+15
|\ \ | | | | | | split-out of #34909.
| * | test-network: add test case for reuse of existing 6rd SIT tunnelYu Watanabe2024-10-301-9/+15
| | |
* | | network: process queued remove requests on stop (#34871)Yu Watanabe2024-10-301-0/+19
|\ \ \ | | | | | | | | | | | | | | | | Fixes a regression caused by 85a6f300c14d75d161cbfdb3eaf5af9594400ecd and its later commits. Fixes #34837.
| * | | test-network: add test for DHCPv4 address removal on stopYu Watanabe2024-10-301-0/+19
| | | | | | | | | | | | | | | | For issue #34837.
* | | | Fix display of qrcodes by bsod and other related cleanups (#34914)Lennart Poettering2024-10-301-1/+1
|\ \ \ \ | |/ / / |/| | |
| * | | bsod: make message for qrcode more usefulZbigniew Jędrzejewski-Szmek2024-10-301-1/+1
| | |/ | |/| | | | | | | | | | | | | | | | People know what a qrcode is. We don't need to tell them to scan it. Instead, we should say what the code contains. While at it, rename "stream" to "f" in line with the usual style.
* | | coredump: AccessContainer= bunch of followups (#34333)Luca Boccassi2024-10-302-1/+33
|\ \ \ | | | | | | | | Fixes #34130
| * | | test: add test coverage for EnterNamespace=Michal Sekletar2024-10-302-1/+33
| | | |
* | | | core/service: support sd_notify() MAINPIDFD=1 and MAINPIDFDID= (#34932)Lennart Poettering2024-10-301-1/+1
|\ \ \ \
| * | | | TEST-80-NOTIFYACCESS: don't specify --pid= if MAINPID= is provided explicitlyMike Yuan2024-10-291-1/+1
| | |_|/ | |/| | | | | | | | | | | | | | Otherwise, with recent additions, the MAINPIDFDID= generated by systemd-notify would mismatch with overridden MAINPID=.
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-02 00:23:12 +0100