systemd/test/units/TEST-29-PORTABLE.sh

#!/usr/bin/env bash
# SPDX-License-Identifier: LGPL-2.1-or-later
# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
# ex: ts=8 sw=4 sts=4 et filetype=sh
set -eux
set -o pipefail

# shellcheck source=test/units/test-control.sh
. "$(dirname "$0")"/test-control.sh

# shellcheck source=test/units/util.sh
. "$(dirname "$0")"/util.sh

install_extension_images

# Set longer timeout for slower machines, e.g. non-KVM vm.
mkdir -p /run/systemd/system.conf.d
cat >/run/systemd/system.conf.d/10-timeout.conf <<EOF
[Manager]
DefaultEnvironment=SYSTEMD_DISSECT_VERITY_TIMEOUT_SEC=30
ManagerEnvironment=SYSTEMD_DISSECT_VERITY_TIMEOUT_SEC=30
EOF

mkdir -p /run/systemd/system/systemd-portabled.service.d/
cat <<EOF >/run/systemd/system/systemd-portabled.service.d/override.conf
[Service]
Environment=SYSTEMD_LOG_LEVEL=debug
EOF

systemctl daemon-reexec


udevadm control --log-level debug

ARGS=()
STATE_DIRECTORY=/var/lib/private/
if [[ -v ASAN_OPTIONS || -v UBSAN_OPTIONS ]]; then
    # If we're running under sanitizers, we need to use a less restrictive
    # profile, otherwise LSan syscall would get blocked by seccomp
    ARGS+=(--profile=trusted)
    # With the trusted profile DynamicUser is disabled, so the storage is not in private/
    STATE_DIRECTORY=/var/lib/
fi
export STATE_DIRECTORY
export SYSTEMD_LOG_LEVEL=debug
export SYSTEMD_DISSECT_VERITY_TIMEOUT_SEC=30

# Quick smoke tests

systemd-dissect --no-pager /usr/share/minimal_0.raw | grep -q '✓ portable service'
systemd-dissect --no-pager /usr/share/minimal_1.raw | grep -q '✓ portable service'
systemd-dissect --no-pager /tmp/app0.raw | grep -q '✓ sysext for portable service'
systemd-dissect --no-pager /tmp/app1.raw | grep -q '✓ sysext for portable service'
systemd-dissect --no-pager /tmp/conf0.raw | grep -q '✓ confext for portable service'

# Lack of ID field in os-release should be rejected, but it caused a crash in the past instead
mkdir -p /tmp/emptyroot/usr/lib
mkdir -p /tmp/emptyext/usr/lib/extension-release.d
touch /tmp/emptyroot/usr/lib/os-release
touch /tmp/emptyext/usr/lib/extension-release.d/extension-release.emptyext

# Remote peer disconnected -> portabled crashed
res="$(! portablectl attach --extension /tmp/emptyext /tmp/emptyroot 2> >(grep "Remote peer disconnected"))"
test -z "${res}"

: "Run subtests"

run_subtests

touch /testok
treewide: more portable bash shebangs As in 2a5fcfae024ffc370bb780572279f45a1da3f946 and in 3e67e5c9928f8b1e1c5a63def88d53ed1fed12eb using /usr/bin/env allows bash to be looked up in PATH rather than being hard-coded. As with the previous changes the same arguments apply - distributions have scripts to rewrite shebangs on installation and they know what locations to rely on. - For tests/compilation we should rather rely on the user to have setup there PATH correctly. In particular this makes testing from git easier on NixOS where do not provide /bin/bash to improve compose-ability. 2020-03-04 09:35:06 +00:00			`#!/usr/bin/env bash`
tests: add spdx headers to scripts and Makefiles 2021-10-17 18:13:06 +02:00			`# SPDX-License-Identifier: LGPL-2.1-or-later`
test: merge udev tests 2021-03-05 18:36:04 +09:00			`# -- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; --`
			`# ex: ts=8 sw=4 sts=4 et filetype=sh`
test: use set -eux and set -o pipefail everywhere This should make the scripts more robust. 2021-04-09 19:39:41 +02:00			`set -eux`
test: add test for ID_RENAMING= udev property handling by pid1 2019-03-07 14:47:43 +09:00			`set -o pipefail`

test: split TEST-29-PORTABLE in subtests The test script is quite long and hard to read. Split it. Start with one image-based and one directory-based subtest. 2024-09-14 21:46:38 +02:00			`# shellcheck source=test/units/test-control.sh`
			`. "$(dirname "$0")"/test-control.sh`

mkosi: Build minimal images and enable related integration tests This commit adds definitions to build the minimal_0 and minimal_1 images with mkosi and includes them into the system image. We also move the building of the various app-xxx and similar images that are extremely minimal into the tests itself by moving the related logic from install_verity_minimal() into a new function install_extension_images() in util.sh. Because the mkosi /usr is read-only, we now place the extension images in /tmp instead of /usr/share. Co-authored-by: Richard Maw <richard.maw@codethink.co.uk> Co-authored-by: sam-leonard-ct <sam.leonard@codethink.co.uk> 2024-04-24 21:21:34 +02:00			`# shellcheck source=test/units/util.sh`
			`. "$(dirname "$0")"/util.sh`

			`install_extension_images`

test-29-portable: extend timeout for slower environment 2022-08-31 23:10:43 +09:00			`# Set longer timeout for slower machines, e.g. non-KVM vm.`
			`mkdir -p /run/systemd/system.conf.d`
			`cat >/run/systemd/system.conf.d/10-timeout.conf <<EOF`
test: actually set SYSTEMD_DISSECT_VERITY_TIMEOUT_SEC=30 Without the section header the assignments were effectively ignored. Follow-up to 9fff8e1fdd222f8f05b9ecf170814a9059acfc78. 2022-09-03 18:51:56 +02:00			`[Manager]`
test-29-portable: extend timeout for slower environment 2022-08-31 23:10:43 +09:00			`DefaultEnvironment=SYSTEMD_DISSECT_VERITY_TIMEOUT_SEC=30`
			`ManagerEnvironment=SYSTEMD_DISSECT_VERITY_TIMEOUT_SEC=30`
			`EOF`

test: split TEST-29-PORTABLE in subtests The test script is quite long and hard to read. Split it. Start with one image-based and one directory-based subtest. 2024-09-14 21:46:38 +02:00			`mkdir -p /run/systemd/system/systemd-portabled.service.d/`
			`cat <<EOF >/run/systemd/system/systemd-portabled.service.d/override.conf`
			`[Service]`
			`Environment=SYSTEMD_LOG_LEVEL=debug`
			`EOF`

test-29-portable: extend timeout for slower environment 2022-08-31 23:10:43 +09:00			`systemctl daemon-reexec`


test-29-portable: enable debugging logs of udevd 2022-08-31 23:12:26 +09:00			`udevadm control --log-level debug`

test: use a less restrictive portable profile when running w/ sanitizers Since f833df3 we now actually use the seccomp rules defined in portable profiles. However, the default one is too restrictive for sanitizers, as it blocks certain syscall required by LSan. Mitigate this by using the 'trusted' profile when running TEST-29-PORTABLE under sanitizers. 2021-09-30 14:14:19 +02:00			`ARGS=()`
test: bump the `reattach` timeout when running w/ plain QEMU As it might sometimes take slightly longer without the acceleration: ``` [ 176.805681] testsuite-29.sh[534]: + cp /usr/share/app1.raw /tmp/app1_2.raw [ 176.885365] testsuite-29.sh[534]: + timeout 30 portablectl reattach --now --runtime --extension /tmp/app1_2.raw /usr/share/minimal_1.raw app1 [ 177.053358] portablectl[993]: (Matching unit files with prefixes 'app1'.) [ 177.138770] kernel: loop0: detected capacity change from 0 to 2965504 [ 177.343137] kernel: loop1: detected capacity change from 0 to 4096 ... [ 201.932062] systemd[1]: app1.service: Deactivated successfully. [ 202.009310] systemd[1]: Stopped app1.service. [ 202.053776] systemd[1]: app1.service: Consumed 2.183s CPU time. [ 202.125061] systemd[1]: Stopping app1.service... [ 202.611760] systemd[1]: Starting modprobe@dm_mod.service... [ 202.851031] systemd[1]: Starting modprobe@dm_verity.service... [ 202.909352] systemd[1]: Starting modprobe@loop.service... [ 203.198918] systemd[1]: Starting app1.service... [ 207.145494] kernel: audit: type=1130 audit(1663770336.105:428): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=testsuite-29 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed' [ 207.652545] systemd[1]: testsuite-29.service: Main process exited, code=exited, status=124/n/a [ 207.665088] systemd[1]: testsuite-29.service: Failed with result 'exit-code'. [ 207.830522] systemd[1]: Failed to start testsuite-29.service. ... [ 208.889449] script1.sh[1035]: ID="centos" [ 208.889449] script1.sh[1035]: VERSION_ID="8" [ 208.889449] script1.sh[1035]: SYSEXT_SCOPE=portable [ 208.889449] script1.sh[1035]: PORTABLE_PREFIXES=app1 ... [ 214.155097] systemd[1]: app1.service: Deactivated successfully. ``` Spotted in Ubuntu CI and CentOS CI. Follow-up to 706c9a30ac. 2022-09-29 14:23:11 +02:00			`STATE_DIRECTORY=/var/lib/private/`
test: use a less restrictive portable profile when running w/ sanitizers Since f833df3 we now actually use the seccomp rules defined in portable profiles. However, the default one is too restrictive for sanitizers, as it blocks certain syscall required by LSan. Mitigate this by using the 'trusted' profile when running TEST-29-PORTABLE under sanitizers. 2021-09-30 14:14:19 +02:00			`if [[ -v ASAN_OPTIONS \|\| -v UBSAN_OPTIONS ]]; then`
			`# If we're running under sanitizers, we need to use a less restrictive`
			`# profile, otherwise LSan syscall would get blocked by seccomp`
			`ARGS+=(--profile=trusted)`
core: do not attempt to add 'private' symlinks when RootImage/RootDirectory are used A bind mount is added directly from private on the host to the actual destination directory, no need for the symlinks (which cannot be created as the bind mount happens first and creates the target as an actual directory) Fixes https://github.com/systemd/systemd/issues/22264 2022-01-27 14:10:34 +00:00			`# With the trusted profile DynamicUser is disabled, so the storage is not in private/`
test: bump the `reattach` timeout when running w/ plain QEMU As it might sometimes take slightly longer without the acceleration: ``` [ 176.805681] testsuite-29.sh[534]: + cp /usr/share/app1.raw /tmp/app1_2.raw [ 176.885365] testsuite-29.sh[534]: + timeout 30 portablectl reattach --now --runtime --extension /tmp/app1_2.raw /usr/share/minimal_1.raw app1 [ 177.053358] portablectl[993]: (Matching unit files with prefixes 'app1'.) [ 177.138770] kernel: loop0: detected capacity change from 0 to 2965504 [ 177.343137] kernel: loop1: detected capacity change from 0 to 4096 ... [ 201.932062] systemd[1]: app1.service: Deactivated successfully. [ 202.009310] systemd[1]: Stopped app1.service. [ 202.053776] systemd[1]: app1.service: Consumed 2.183s CPU time. [ 202.125061] systemd[1]: Stopping app1.service... [ 202.611760] systemd[1]: Starting modprobe@dm_mod.service... [ 202.851031] systemd[1]: Starting modprobe@dm_verity.service... [ 202.909352] systemd[1]: Starting modprobe@loop.service... [ 203.198918] systemd[1]: Starting app1.service... [ 207.145494] kernel: audit: type=1130 audit(1663770336.105:428): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=testsuite-29 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed' [ 207.652545] systemd[1]: testsuite-29.service: Main process exited, code=exited, status=124/n/a [ 207.665088] systemd[1]: testsuite-29.service: Failed with result 'exit-code'. [ 207.830522] systemd[1]: Failed to start testsuite-29.service. ... [ 208.889449] script1.sh[1035]: ID="centos" [ 208.889449] script1.sh[1035]: VERSION_ID="8" [ 208.889449] script1.sh[1035]: SYSEXT_SCOPE=portable [ 208.889449] script1.sh[1035]: PORTABLE_PREFIXES=app1 ... [ 214.155097] systemd[1]: app1.service: Deactivated successfully. ``` Spotted in Ubuntu CI and CentOS CI. Follow-up to 706c9a30ac. 2022-09-29 14:23:11 +02:00			`STATE_DIRECTORY=/var/lib/`
test: use a less restrictive portable profile when running w/ sanitizers Since f833df3 we now actually use the seccomp rules defined in portable profiles. However, the default one is too restrictive for sanitizers, as it blocks certain syscall required by LSan. Mitigate this by using the 'trusted' profile when running TEST-29-PORTABLE under sanitizers. 2021-09-30 14:14:19 +02:00			`fi`
test: split TEST-29-PORTABLE in subtests The test script is quite long and hard to read. Split it. Start with one image-based and one directory-based subtest. 2024-09-14 21:46:38 +02:00			`export STATE_DIRECTORY`
			`export SYSTEMD_LOG_LEVEL=debug`
test: fix ASAN options in TEST-29-PORTABLE Bash arrays cannot be exported, so we need to redefine it in each subtest Follow-up for 680dec33f27d408c94afe654113ba87e3bb8208b 2024-09-15 16:19:57 +02:00			`export SYSTEMD_DISSECT_VERITY_TIMEOUT_SEC=30`
test: split TEST-29-PORTABLE in subtests The test script is quite long and hard to read. Split it. Start with one image-based and one directory-based subtest. 2024-09-14 21:46:38 +02:00
			`# Quick smoke tests`
test: use a less restrictive portable profile when running w/ sanitizers Since f833df3 we now actually use the seccomp rules defined in portable profiles. However, the default one is too restrictive for sanitizers, as it blocks certain syscall required by LSan. Mitigate this by using the 'trusted' profile when running TEST-29-PORTABLE under sanitizers. 2021-09-30 14:14:19 +02:00
test: test new SYSEXT_SCOPE=/PORTABLE_PREFIXES= fields in TEST-29 2021-11-23 16:34:40 +01:00			`systemd-dissect --no-pager /usr/share/minimal_0.raw \| grep -q '✓ portable service'`
			`systemd-dissect --no-pager /usr/share/minimal_1.raw \| grep -q '✓ portable service'`
mkosi: Build minimal images and enable related integration tests This commit adds definitions to build the minimal_0 and minimal_1 images with mkosi and includes them into the system image. We also move the building of the various app-xxx and similar images that are extremely minimal into the tests itself by moving the related logic from install_verity_minimal() into a new function install_extension_images() in util.sh. Because the mkosi /usr is read-only, we now place the extension images in /tmp instead of /usr/share. Co-authored-by: Richard Maw <richard.maw@codethink.co.uk> Co-authored-by: sam-leonard-ct <sam.leonard@codethink.co.uk> 2024-04-24 21:21:34 +02:00			`systemd-dissect --no-pager /tmp/app0.raw \| grep -q '✓ sysext for portable service'`
			`systemd-dissect --no-pager /tmp/app1.raw \| grep -q '✓ sysext for portable service'`
			`systemd-dissect --no-pager /tmp/conf0.raw \| grep -q '✓ confext for portable service'`
test: test new SYSEXT_SCOPE=/PORTABLE_PREFIXES= fields in TEST-29 2021-11-23 16:34:40 +01:00
portable: reject root directories without an ID field in os-release We always require at least ID to be set in os-release, reject and propagate error to the caller instead of asserting later 2022-05-20 12:24:45 +01:00			`# Lack of ID field in os-release should be rejected, but it caused a crash in the past instead`
			`mkdir -p /tmp/emptyroot/usr/lib`
			`mkdir -p /tmp/emptyext/usr/lib/extension-release.d`
			`touch /tmp/emptyroot/usr/lib/os-release`
			`touch /tmp/emptyext/usr/lib/extension-release.d/extension-release.emptyext`

			`# Remote peer disconnected -> portabled crashed`
			`res="$(! portablectl attach --extension /tmp/emptyext /tmp/emptyroot 2> >(grep "Remote peer disconnected"))"`
			`test -z "${res}"`

test: split TEST-29-PORTABLE in subtests The test script is quite long and hard to read. Split it. Start with one image-based and one directory-based subtest. 2024-09-14 21:46:38 +02:00			`: "Run subtests"`

			`run_subtests`

test: unify /testok & /failed handling And drop it where not necessary. 2023-07-12 15:49:55 +02:00			`touch /testok`