test-execute: Fix systemd escaping and shell issues

In most cases, systemd requires escaping $ (for systemd variable
substitution) and % (for specifiers) by doubling them. This was somewhat
of an issue in tests like exec-environment*.service where systemd was
doing the substitutions and we were not really checking that those were
available in the actual environment of the command. Fix that.

Expressions such as `exit $(test ...)` are incorrect. They only work
because $(test ...) will produce no output, so the command will become a
bare "exit" which will exit with the status of the latest executed
command which turns out to be the test... The direct approach is simply
calling "test" as the last command, for which the shell will propagate
the exit status.

One situation where this was breaking tests was on `exit $(test ...) &&
$(test ...) && $(test ...)` where the second and third tests were not
really executing, since the first command is actually `exit` so && was
doing nothing there. Fixed it by just using `test ... && test ... &&
test ...` as it was initially intended.

Pass -x to all shell executions for them to produce useful debugging
output to stderr. Consequently, removed most of the explicit `echo`s
that are no longer needed.

Mark all units as Type=oneshot explicitly.

Also made sure all shell variables are properly quoted.

v2: Added an explicit LC_ALL=C to ionice invocations since some locales
(such as French) will add a space before the colon in the output.

Tested by running `sudo ./test-execute` and confirming all tests enabled
on my system (essentially all of them except for the s390 one) passed.
Tweaked the variables or options or expected values and confirmed the
tests do indeed fail when the values are not exactly the expected ones.

v2: Also tested with `LANG=fr_FR.UTF-8 sudo ./test-execute` to confirm
it still works in a different locale.

test/test-execute/exec-capabilityboundingset-invert.service

@@ -2,5 +2,6 @@
 Description=Test for CapabilityBoundingSet
 
 [Service]
-ExecStart=/bin/sh -c 'c=$(capsh --print | grep "Bounding set " | grep "cap_chown"); echo $c; exit $(test -z $c)'
+ExecStart=/bin/sh -x -c 'c=$$(capsh --print | grep "^Bounding set .*cap_chown"); test -z "$$c"'
+Type=oneshot
 CapabilityBoundingSet=~CAP_CHOWN

test/test-execute/exec-capabilityboundingset-merge.service

@@ -2,6 +2,7 @@
 Description=Test for CapabilityBoundingSet
 
 [Service]
-ExecStart=/bin/sh -c 'c=$(capsh --print | grep "Bounding set " | cut -f 2 -d "="); echo $c; exit $(test $c = "cap_chown,cap_fowner,cap_kill")'
+ExecStart=/bin/sh -x -c 'c=$$(capsh --print | grep "Bounding set "); test "$$c" = "Bounding set =cap_chown,cap_fowner,cap_kill"'
+Type=oneshot
 CapabilityBoundingSet=CAP_FOWNER
 CapabilityBoundingSet=CAP_KILL CAP_CHOWN

test/test-execute/exec-capabilityboundingset-reset.service

@@ -2,6 +2,7 @@
 Description=Test for CapabilityBoundingSet
 
 [Service]
-ExecStart=/bin/sh -c 'c=$(capsh --print | grep "Bounding set " | cut -f 2 -d "="); echo $c; exit $(test -z $c)'
+ExecStart=/bin/sh -x -c 'c=$$(capsh --print | grep "Bounding set "); test "$$c" = "Bounding set ="'
+Type=oneshot
 CapabilityBoundingSet=CAP_FOWNER CAP_KILL
 CapabilityBoundingSet=

test/test-execute/exec-capabilityboundingset-simple.service

@@ -2,5 +2,6 @@
 Description=Test for CapabilityBoundingSet
 
 [Service]
-ExecStart=/bin/sh -c 'c=$(capsh --print | grep "Bounding set " | cut -f 2 -d "="); echo $c; exit $(test $c = "cap_fowner,cap_kill")'
+ExecStart=/bin/sh -x -c 'c=$$(capsh --print | grep "Bounding set "); test "$$c" = "Bounding set =cap_fowner,cap_kill"'
+Type=oneshot
 CapabilityBoundingSet=CAP_FOWNER CAP_KILL

test/test-execute/exec-environment-empty.service

@@ -2,6 +2,7 @@
 Description=Test for Environment
 
 [Service]
-ExecStart=/bin/sh -c 'exit $(test ! "$VAR1" = "word1 word2") && $(test ! "$VAR2" = word3) && $(test ! "$VAR3" = \'$word 5 6\')'
+ExecStart=/bin/sh -x -c 'test "$${VAR1-unset}" = "unset" && test "$${VAR2-unset}" = "unset" && test "$${VAR3-unset}" = "unset"'
+Type=oneshot
 Environment="VAR1=word1 word2" VAR2=word3 "VAR3=$word 5 6"
 Environment=

test/test-execute/exec-environment-multiple.service

@@ -2,6 +2,7 @@
 Description=Test for Environment
 
 [Service]
-ExecStart=/bin/sh -c 'exit $(test "$VAR1" = "word1 word2") && $(test "$VAR2" = word3) && $(test "$VAR3" = foobar)'
+ExecStart=/bin/sh -x -c 'test "$$VAR1" = "word1 word2" && test "$$VAR2" = word3 && test "$$VAR3" = foobar'
+Type=oneshot
 Environment="VAR1=word1 word2" VAR2=word3 "VAR3=$word 5 6"
 Environment="VAR3=foobar"

test/test-execute/exec-environment.service

@@ -2,5 +2,6 @@
 Description=Test for Environment
 
 [Service]
-ExecStart=/bin/sh -c 'exit $(test "$VAR1" = "word1 word2") && $(test "$VAR2" = word3) && $(test "$VAR3" = \'$word 5 6\')'
+ExecStart=/bin/sh -x -c 'test "$$VAR1" = "word1 word2" && test "$$VAR2" = word3 && test "$$VAR3" = "\\$$word 5 6"'
+Type=oneshot
 Environment="VAR1=word1 word2" VAR2=word3 "VAR3=$word 5 6"

test/test-execute/exec-environmentfile.service

@@ -2,6 +2,6 @@
 Description=Test for EnvironmentFile
 
 [Service]
-ExecStart=/bin/sh -c 'exit $(test "$VAR1" = "word1 word2") && $(test "$VAR2" = word3) && $(test "$VAR3" = \'$word 5 6\')'
+ExecStart=/bin/sh -x -c 'test "$$VAR1" = "word1 word2" && test "$$VAR2" = word3 && test "$$VAR3" = "\\$$word 5 6"'
 Type=oneshot
 EnvironmentFile=/tmp/test-exec_environmentfile.conf

test/test-execute/exec-group.service

@@ -2,5 +2,6 @@
 Description=Test for Group
 
 [Service]
-ExecStart=/bin/sh -c 'exit $(test $(id -n -g) = nobody)'
+ExecStart=/bin/sh -x -c 'test "$$(id -n -g)" = "nobody"'
+Type=oneshot
 Group=nobody

test/test-execute/exec-ignoresigpipe-no.service

@@ -2,6 +2,6 @@
 Description=Test for IgnoreSIGPIPE=no
 
 [Service]
-ExecStart=/bin/sh -c 'kill -PIPE 0'
+ExecStart=/bin/sh -x -c 'kill -PIPE 0'
 Type=oneshot
 IgnoreSIGPIPE=no

test/test-execute/exec-ignoresigpipe-yes.service

@@ -2,6 +2,6 @@
 Description=Test for IgnoreSIGPIPE=yes
 
 [Service]
-ExecStart=/bin/sh -c 'kill -PIPE 0'
+ExecStart=/bin/sh -x -c 'kill -PIPE 0'
 Type=oneshot
 IgnoreSIGPIPE=yes

test/test-execute/exec-ioschedulingclass-best-effort.service

@@ -2,6 +2,6 @@
 Description=Test for IOSchedulingClass=best-effort
 
 [Service]
-ExecStart=/bin/bash -c 'c=$(ionice); echo $c; [[ "$c" == best-effort* ]]'
+ExecStart=/bin/sh -x -c 'c=$$(LC_ALL=C ionice); test "$${c%%:*}" = "best-effort"'
 Type=oneshot
 IOSchedulingClass=best-effort

test/test-execute/exec-ioschedulingclass-idle.service

@@ -2,6 +2,6 @@
 Description=Test for IOSchedulingClass=idle
 
 [Service]
-ExecStart=/bin/bash -c 'c=$(ionice); echo $c; [[ "$c" == idle* ]]'
+ExecStart=/bin/sh -x -c 'c=$$(LC_ALL=C ionice); test "$${c%%:*}" = "idle"'
 Type=oneshot
 IOSchedulingClass=idle

test/test-execute/exec-ioschedulingclass-none.service

@@ -2,6 +2,6 @@
 Description=Test for IOSchedulingClass=none
 
 [Service]
-ExecStart=/bin/bash -c 'c=$(ionice); echo $c; [[ "$c" == none* ]]'
+ExecStart=/bin/sh -x -c 'c=$$(LC_ALL=C ionice); test "$${c%%:*}" = "none"'
 Type=oneshot
 IOSchedulingClass=none

test/test-execute/exec-ioschedulingclass-realtime.service

@@ -2,6 +2,6 @@
 Description=Test for IOSchedulingClass=realtime
 
 [Service]
-ExecStart=/bin/bash -c 'c=$(ionice); echo $c; [[ "$c" == realtime* ]]'
+ExecStart=/bin/sh -x -c 'c=$$(LC_ALL=C ionice); test "$${c%%:*}" = "realtime"'
 Type=oneshot
 IOSchedulingClass=realtime

test/test-execute/exec-oomscoreadjust-negative.service

@@ -2,6 +2,6 @@
 Description=Test for OOMScoreAdjust
 
 [Service]
-ExecStart=/bin/bash -c 'c=$(cat /proc/self/oom_score_adj); echo $c; exit $(test $c -eq -100)'
-OOMScoreAdjust=-100
+ExecStart=/bin/sh -x -c 'c=$$(cat /proc/self/oom_score_adj); test "$$c" -eq -100'
 Type=oneshot
+OOMScoreAdjust=-100

test/test-execute/exec-oomscoreadjust-positive.service

@@ -2,6 +2,6 @@
 Description=Test for OOMScoreAdjust
 
 [Service]
-ExecStart=/bin/bash -c 'c=$(cat /proc/self/oom_score_adj); echo $c; exit $(test $c -eq 100)'
-OOMScoreAdjust=100
+ExecStart=/bin/sh -x -c 'c=$$(cat /proc/self/oom_score_adj); test "$$c" -eq 100'
 Type=oneshot
+OOMScoreAdjust=100

test/test-execute/exec-personality-s390.service

@@ -2,6 +2,6 @@
 Description=Test for Personality=s390
 
 [Service]
-ExecStart=/bin/sh -c 'echo $(uname -m); exit $(test $(uname -m) = "s390")'
+ExecStart=/bin/sh -x -c 'c=$$(uname -m); test "$$c" = "s390"'
 Type=oneshot
 Personality=s390

test/test-execute/exec-personality-x86-64.service

@@ -2,6 +2,6 @@
 Description=Test for Personality=x86-64
 
 [Service]
-ExecStart=/bin/sh -c 'echo $(uname -m); exit $(test $(uname -m) = "x86_64")'
+ExecStart=/bin/sh -x -c 'c=$$(uname -m); test "$$c" = "x86_64"'
 Type=oneshot
 Personality=x86-64

test/test-execute/exec-personality-x86.service

@@ -2,6 +2,6 @@
 Description=Test for Personality=x86
 
 [Service]
-ExecStart=/bin/sh -c 'echo $(uname -m); exit $(test $(uname -m) = "i686")'
+ExecStart=/bin/sh -x -c 'c=$$(uname -m); test "$$c" = "i686"'
 Type=oneshot
 Personality=x86

test/test-execute/exec-privatedevices-no.service

@@ -2,6 +2,6 @@
 Description=Test for PrivateDev=no
 
 [Service]
-ExecStart=/bin/sh -c 'exit $(test -c /dev/mem)'
+ExecStart=/bin/sh -x -c 'test -c /dev/mem'
 Type=oneshot
 PrivateDevices=no

test/test-execute/exec-privatedevices-yes.service

@@ -2,6 +2,6 @@
 Description=Test for PrivateDev=yes
 
 [Service]
-ExecStart=/bin/sh -c 'exit $(test ! -c /dev/mem)'
+ExecStart=/bin/sh -c 'test ! -c /dev/mem'
 Type=oneshot
 PrivateDevices=yes

test/test-execute/exec-privatenetwork-yes.service

@@ -2,5 +2,6 @@
 Description=Test for PrivateNetwork
 
 [Service]
-ExecStart=/bin/sh -c 'i=$(ip link | grep ": " | grep -v lo); echo $i; exit $(test -z $i)'
+ExecStart=/bin/sh -x -c 'i=$$(ip link | grep ": " | grep -v ": lo:"); test -z "$$i"'
+Type=oneshot
 PrivateNetwork=yes

test/test-execute/exec-privatetmp-no.service

@@ -2,6 +2,6 @@
 Description=Test for PrivateTmp=no
 
 [Service]
-ExecStart=/bin/sh -c 'exit $(test -f /tmp/test-exec_privatetmp)'
+ExecStart=/bin/sh -x -c 'test -f /tmp/test-exec_privatetmp'
 Type=oneshot
 PrivateTmp=no

test/test-execute/exec-privatetmp-yes.service

@@ -2,6 +2,6 @@
 Description=Test for PrivateTmp=yes
 
 [Service]
-ExecStart=/bin/sh -c 'exit $(test ! -f /tmp/test-exec_privatetmp)'
+ExecStart=/bin/sh -x -c 'test ! -f /tmp/test-exec_privatetmp'
 Type=oneshot
 PrivateTmp=yes

test/test-execute/exec-runtimedirectory-mode.service

@@ -2,7 +2,7 @@
 Description=Test for RuntimeDirectoryMode
 
 [Service]
-ExecStart=/bin/sh -c 's=$(stat -c %a /tmp/test-exec_runtimedirectory-mode); echo $s; exit $(test $s = "750")'
+ExecStart=/bin/sh -x -c 'mode=$$(stat -c %%a /tmp/test-exec_runtimedirectory-mode); test "$$mode" = "750"'
 Type=oneshot
 RuntimeDirectory=test-exec_runtimedirectory-mode
 RuntimeDirectoryMode=0750

test/test-execute/exec-runtimedirectory-owner.service

@@ -2,7 +2,7 @@
 Description=Test for RuntimeDirectory owner (must not be the default group of the user if Group is set)
 
 [Service]
-ExecStart=/bin/sh -c 'f=/tmp/test-exec_runtimedirectory-owner;g=$(stat -c %G $f); echo "$g"; exit $(test $g = "nobody")'
+ExecStart=/bin/sh -x -c 'group=$$(stat -c %%G /tmp/test-exec_runtimedirectory-owner); test "$$group" = "nobody"'
 Type=oneshot
 Group=nobody
 User=root

test/test-execute/exec-runtimedirectory.service

@@ -2,6 +2,6 @@
 Description=Test for RuntimeDirectory
 
 [Service]
-ExecStart=/bin/sh -c 'exit $(test -d /tmp/test-exec_runtimedirectory)'
+ExecStart=/bin/sh -x -c 'test -d /tmp/test-exec_runtimedirectory'
 Type=oneshot
 RuntimeDirectory=test-exec_runtimedirectory

test/test-execute/exec-systemcallerrornumber.service

@@ -2,6 +2,7 @@
 Description=Test for SystemCallErrorNumber
 
 [Service]
-ExecStart=/bin/sh -c 'uname -a'
+ExecStart=/bin/sh -x -c 'uname -a'
+Type=oneshot
 SystemCallFilter=~uname
 SystemCallErrorNumber=EACCES

test/test-execute/exec-systemcallfilter-failing.service

@@ -3,6 +3,7 @@ Description=Test for SystemCallFilter
 
 [Service]
 ExecStart=/bin/echo "This should not be seen"
+Type=oneshot
 SystemCallFilter=ioperm
 SystemCallFilter=~ioperm
 SystemCallFilter=ioperm

test/test-execute/exec-systemcallfilter-failing2.service

@@ -3,4 +3,5 @@ Description=Test for SystemCallFilter
 
 [Service]
 ExecStart=/bin/echo "This should not be seen"
+Type=oneshot
 SystemCallFilter=~write open execve exit_group close mmap munmap fstat DONOTEXIST

test/test-execute/exec-systemcallfilter-not-failing.service

@@ -3,6 +3,7 @@ Description=Test for SystemCallFilter
 
 [Service]
 ExecStart=/bin/echo "Foo bar"
+Type=oneshot
 SystemCallFilter=~read write open execve ioperm
 SystemCallFilter=ioctl
 SystemCallFilter=read write open execve

test/test-execute/exec-systemcallfilter-not-failing2.service

@@ -3,4 +3,5 @@ Description=Test for SystemCallFilter
 
 [Service]
 ExecStart=/bin/echo "Foo bar"
+Type=oneshot
 SystemCallFilter=

test/test-execute/exec-umask-0177.service

@@ -2,6 +2,7 @@
 Description=Test for UMask
 
 [Service]
-ExecStart=/bin/sh -c 'touch /tmp/test-exec-umask; s=$(stat -c %a /tmp/test-exec-umask); echo $s; exit $(test $s = "600")'
+ExecStart=/bin/sh -x -c 'touch /tmp/test-exec-umask; mode=$$(stat -c %%a /tmp/test-exec-umask); test "$$mode" = "600"'
+Type=oneshot
 UMask=0177
 PrivateTmp=yes

test/test-execute/exec-umask-default.service

@@ -2,5 +2,6 @@
 Description=Test for UMask default
 
 [Service]
-ExecStart=/bin/sh -c 'touch /tmp/test-exec-umask; s=$(stat -c %a /tmp/test-exec-umask); echo $s; exit $(test $s = "644")'
+ExecStart=/bin/sh -x -c 'touch /tmp/test-exec-umask; mode=$$(stat -c %%a /tmp/test-exec-umask); test "$$mode" = "644"'
+Type=oneshot
 PrivateTmp=yes

test/test-execute/exec-user.service

@@ -2,5 +2,6 @@
 Description=Test for User
 
 [Service]
-ExecStart=/bin/sh -c 'exit $(test "$USER" = nobody)'
+ExecStart=/bin/sh -x -c 'test "$$USER" = "nobody"'
+Type=oneshot
 User=nobody

test/test-execute/exec-workingdirectory.service

@@ -2,6 +2,6 @@
 Description=Test for WorkingDirectory
 
 [Service]
-ExecStart=/bin/sh -c 'echo $PWD; exit $(test $PWD = "/tmp/test-exec_workingdirectory")'
+ExecStart=/bin/sh -x -c 'test "$$PWD" = "/tmp/test-exec_workingdirectory"'
 Type=oneshot
 WorkingDirectory=/tmp/test-exec_workingdirectory