mirror of
https://github.com/systemd/systemd.git
synced 2025-01-05 13:18:06 +03:00
test: drop whitespace after shell redirection operators
(The one case that is left unchanged is '< <(subcommand)'.) This way, the style with no gap was already dominant. This way, the reader immediately knows that ' < ' is a comparison operator and ' << ' is a shift. In a few cases, replace custom EOF replacement by just EOF. There is no point in using someting like "_EOL" unless "EOF" appears in the text.
This commit is contained in:
parent
ecf4be2952
commit
7a17e41dcf
2
.github/workflows/gather-pr-metadata.yml
vendored
2
.github/workflows/gather-pr-metadata.yml
vendored
@ -27,7 +27,7 @@ jobs:
|
|||||||
- name: Store PR number in file
|
- name: Store PR number in file
|
||||||
run: |
|
run: |
|
||||||
mkdir -p ./${{ env.PULL_REQUEST_METADATA_DIR }}
|
mkdir -p ./${{ env.PULL_REQUEST_METADATA_DIR }}
|
||||||
echo ${{ github.event.number }} > ./${{ env.PULL_REQUEST_METADATA_DIR }}/${{ env.PULL_REQUEST_METADATA_FILE }}
|
echo ${{ github.event.number }} >./${{ env.PULL_REQUEST_METADATA_DIR }}/${{ env.PULL_REQUEST_METADATA_FILE }}
|
||||||
|
|
||||||
- name: Upload Pull Request Metadata artifact
|
- name: Upload Pull Request Metadata artifact
|
||||||
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce
|
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce
|
||||||
|
@ -28,14 +28,14 @@ create_container() {
|
|||||||
|
|
||||||
# enable source repositories so that apt-get build-dep works
|
# enable source repositories so that apt-get build-dep works
|
||||||
sudo lxc-attach -n "$CONTAINER" -- sh -ex <<EOF
|
sudo lxc-attach -n "$CONTAINER" -- sh -ex <<EOF
|
||||||
sed 's/^deb/deb-src/' /etc/apt/sources.list >> /etc/apt/sources.list.d/sources.list
|
sed 's/^deb/deb-src/' /etc/apt/sources.list >>/etc/apt/sources.list.d/sources.list
|
||||||
# We might attach the console too soon
|
# We might attach the console too soon
|
||||||
while ! systemctl --quiet --wait is-system-running; do sleep 1; done
|
while ! systemctl --quiet --wait is-system-running; do sleep 1; done
|
||||||
# Manpages database trigger takes a lot of time and is not useful in a CI
|
# Manpages database trigger takes a lot of time and is not useful in a CI
|
||||||
echo 'man-db man-db/auto-update boolean false' | debconf-set-selections
|
echo 'man-db man-db/auto-update boolean false' | debconf-set-selections
|
||||||
# Speed up dpkg, image is thrown away after the test
|
# Speed up dpkg, image is thrown away after the test
|
||||||
mkdir -p /etc/dpkg/dpkg.cfg.d/
|
mkdir -p /etc/dpkg/dpkg.cfg.d/
|
||||||
echo 'force-unsafe-io' > /etc/dpkg/dpkg.cfg.d/unsafe_io
|
echo 'force-unsafe-io' >/etc/dpkg/dpkg.cfg.d/unsafe_io
|
||||||
# For some reason, it is necessary to run this manually or the interface won't be configured
|
# For some reason, it is necessary to run this manually or the interface won't be configured
|
||||||
# Note that we avoid networkd, as some of the tests will break it later on
|
# Note that we avoid networkd, as some of the tests will break it later on
|
||||||
dhclient
|
dhclient
|
||||||
@ -74,7 +74,7 @@ for phase in "${PHASES[@]}"; do
|
|||||||
|
|
||||||
# craft changelog
|
# craft changelog
|
||||||
UPSTREAM_VER="$(git describe | sed 's/^v//;s/-/./g')"
|
UPSTREAM_VER="$(git describe | sed 's/^v//;s/-/./g')"
|
||||||
cat << EOF > debian/changelog.new
|
cat <<EOF >debian/changelog.new
|
||||||
systemd (${UPSTREAM_VER}.0) UNRELEASED; urgency=low
|
systemd (${UPSTREAM_VER}.0) UNRELEASED; urgency=low
|
||||||
|
|
||||||
* Automatic build for upstream test
|
* Automatic build for upstream test
|
||||||
@ -92,7 +92,7 @@ EOF
|
|||||||
# enable more unit tests
|
# enable more unit tests
|
||||||
sed -i '/^CONFFLAGS =/ s/=/= --werror -Dtests=unsafe -Dsplit-usr=true -Dslow-tests=true -Dfuzz-tests=true -Dman=true /' debian/rules
|
sed -i '/^CONFFLAGS =/ s/=/= --werror -Dtests=unsafe -Dsplit-usr=true -Dslow-tests=true -Dfuzz-tests=true -Dman=true /' debian/rules
|
||||||
# no orig tarball
|
# no orig tarball
|
||||||
echo '1.0' > debian/source/format
|
echo '1.0' >debian/source/format
|
||||||
|
|
||||||
# build source package
|
# build source package
|
||||||
dpkg-buildpackage -S -I -I"$(basename "$CACHE_DIR")" -d -us -uc -nc
|
dpkg-buildpackage -S -I -I"$(basename "$CACHE_DIR")" -d -us -uc -nc
|
||||||
|
@ -206,7 +206,7 @@ achieve this, create a script with the following contents in systemd's project d
|
|||||||
|
|
||||||
```sh
|
```sh
|
||||||
#!/usr/bin/env sh
|
#!/usr/bin/env sh
|
||||||
tee mkosi-clangd.build > /dev/null << EOF
|
tee mkosi-clangd.build >/dev/null <<EOF
|
||||||
#!/usr/bin/env sh
|
#!/usr/bin/env sh
|
||||||
exec clangd \\
|
exec clangd \\
|
||||||
--compile-commands-dir=/root/build \\
|
--compile-commands-dir=/root/build \\
|
||||||
|
@ -9,4 +9,4 @@ sudo /usr/lib/systemd/systemd-cryptsetup attach mytest /dev/sdXn - fido2-device=
|
|||||||
|
|
||||||
# If that worked, let's now add the same line persistently to /etc/crypttab,
|
# If that worked, let's now add the same line persistently to /etc/crypttab,
|
||||||
# for the future.
|
# for the future.
|
||||||
sudo bash -c 'echo "mytest /dev/sdXn - fido2-device=auto" >> /etc/crypttab'
|
sudo bash -c 'echo "mytest /dev/sdXn - fido2-device=auto" >>/etc/crypttab'
|
||||||
|
@ -285,17 +285,17 @@ for key in MicWinProPCA2011_2011-10-19.crt MicCorUEFCA2011_2011-06-27.crt MicCor
|
|||||||
done
|
done
|
||||||
|
|
||||||
# Optionally add Microsoft Windows Production CA 2011 (needed to boot into Windows).
|
# Optionally add Microsoft Windows Production CA 2011 (needed to boot into Windows).
|
||||||
cat MicWinProPCA2011_2011-10-19.esl >> db.esl
|
cat MicWinProPCA2011_2011-10-19.esl >>db.esl
|
||||||
|
|
||||||
# Optionally add Microsoft Corporation UEFI CA 2011 for firmware drivers / option ROMs
|
# Optionally add Microsoft Corporation UEFI CA 2011 for firmware drivers / option ROMs
|
||||||
# and third-party boot loaders (including shim). This is highly recommended on real
|
# and third-party boot loaders (including shim). This is highly recommended on real
|
||||||
# hardware as not including this may soft-brick your device (see next paragraph).
|
# hardware as not including this may soft-brick your device (see next paragraph).
|
||||||
cat MicCorUEFCA2011_2011-06-27.esl >> db.esl
|
cat MicCorUEFCA2011_2011-06-27.esl >>db.esl
|
||||||
|
|
||||||
# Optionally add Microsoft Corporation KEK CA 2011. Recommended if either of the
|
# Optionally add Microsoft Corporation KEK CA 2011. Recommended if either of the
|
||||||
# Microsoft keys is used as the official UEFI revocation database is signed with this
|
# Microsoft keys is used as the official UEFI revocation database is signed with this
|
||||||
# key. The revocation database can be updated with <citerefentry><refentrytitle>fwupdmgr</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
|
# key. The revocation database can be updated with <citerefentry><refentrytitle>fwupdmgr</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
|
||||||
cat MicCorKEKCA2011_2011-06-24.esl >> KEK.esl
|
cat MicCorKEKCA2011_2011-06-24.esl >>KEK.esl
|
||||||
|
|
||||||
attr=NON_VOLATILE,RUNTIME_ACCESS,BOOTSERVICE_ACCESS,TIME_BASED_AUTHENTICATED_WRITE_ACCESS
|
attr=NON_VOLATILE,RUNTIME_ACCESS,BOOTSERVICE_ACCESS,TIME_BASED_AUTHENTICATED_WRITE_ACCESS
|
||||||
sbvarsign --attr ${attr} --key PK.key --cert PK.crt --output PK.auth PK PK.esl
|
sbvarsign --attr ${attr} --key PK.key --cert PK.crt --output PK.auth PK PK.esl
|
||||||
|
@ -436,7 +436,7 @@ SetCredentialEncrypted=mysql-password: \
|
|||||||
<filename>xyz.service</filename>:</para>
|
<filename>xyz.service</filename>:</para>
|
||||||
|
|
||||||
<programlisting># mkdir -p /etc/systemd/system/xyz.service.d
|
<programlisting># mkdir -p /etc/systemd/system/xyz.service.d
|
||||||
# systemd-ask-password -n | systemd-creds encrypt --name=mysql-password -p - - > /etc/systemd/system/xyz.service.d/50-password.conf
|
# systemd-ask-password -n | systemd-creds encrypt --name=mysql-password -p - - >/etc/systemd/system/xyz.service.d/50-password.conf
|
||||||
# systemctl daemon-reload
|
# systemctl daemon-reload
|
||||||
# systemctl restart xyz.service</programlisting>
|
# systemctl restart xyz.service</programlisting>
|
||||||
</example>
|
</example>
|
||||||
|
@ -366,7 +366,7 @@
|
|||||||
<example>
|
<example>
|
||||||
<title>Generate a tarball from an OS disk image</title>
|
<title>Generate a tarball from an OS disk image</title>
|
||||||
|
|
||||||
<programlisting>$ systemd-dissect --with foo.raw tar cz . > foo.tar.gz</programlisting>
|
<programlisting>$ systemd-dissect --with foo.raw tar cz . >foo.tar.gz</programlisting>
|
||||||
</example>
|
</example>
|
||||||
</refsect1>
|
</refsect1>
|
||||||
|
|
||||||
|
@ -240,7 +240,7 @@
|
|||||||
--bank=sha1 \
|
--bank=sha1 \
|
||||||
--bank=sha256 \
|
--bank=sha256 \
|
||||||
--private-key=tpm2-pcr-private.pem \
|
--private-key=tpm2-pcr-private.pem \
|
||||||
--public-key=tpm2-pcr-public.pem > tpm2-pcr-signature.json
|
--public-key=tpm2-pcr-public.pem >tpm2-pcr-signature.json
|
||||||
# ukify --output foo.efi \
|
# ukify --output foo.efi \
|
||||||
--os-release @os-release.txt \
|
--os-release @os-release.txt \
|
||||||
--cmdline @cmdline.txt \
|
--cmdline @cmdline.txt \
|
||||||
|
@ -289,7 +289,7 @@
|
|||||||
to the service processes as-is. If the service runs with different privileges than
|
to the service processes as-is. If the service runs with different privileges than
|
||||||
<command>systemd-run</command>, this means the service might not be able to re-open the passed file
|
<command>systemd-run</command>, this means the service might not be able to re-open the passed file
|
||||||
descriptors, due to normal file descriptor access restrictions. If the invoked process is a shell script that
|
descriptors, due to normal file descriptor access restrictions. If the invoked process is a shell script that
|
||||||
uses the <command>echo "hello" > /dev/stderr</command> construct for writing messages to stderr, this might
|
uses the <command>echo "hello" >/dev/stderr</command> construct for writing messages to stderr, this might
|
||||||
cause problems, as this only works if stderr can be re-opened. To mitigate this use the construct <command>echo
|
cause problems, as this only works if stderr can be re-opened. To mitigate this use the construct <command>echo
|
||||||
"hello" >&2</command> instead, which is mostly equivalent and avoids this pitfall.</para></listitem>
|
"hello" >&2</command> instead, which is mostly equivalent and avoids this pitfall.</para></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
@ -9,4 +9,4 @@ sudo /usr/lib/systemd/systemd-cryptsetup attach mytest /dev/sdXn - tpm2-device=a
|
|||||||
|
|
||||||
# If that worked, let's now add the same line persistently to /etc/crypttab,
|
# If that worked, let's now add the same line persistently to /etc/crypttab,
|
||||||
# for the future.
|
# for the future.
|
||||||
sudo bash -c 'echo "mytest /dev/sdXn - tpm2-device=auto" >> /etc/crypttab'
|
sudo bash -c 'echo "mytest /dev/sdXn - tpm2-device=auto" >>/etc/crypttab'
|
||||||
|
@ -25,4 +25,4 @@ sudo /usr/lib/systemd/systemd-cryptsetup attach mytest /dev/sdXn - pkcs11-uri=au
|
|||||||
|
|
||||||
# If that worked, let's now add the same line persistently to /etc/crypttab,
|
# If that worked, let's now add the same line persistently to /etc/crypttab,
|
||||||
# for the future.
|
# for the future.
|
||||||
sudo bash -c 'echo "mytest /dev/sdXn - pkcs11-uri=auto" >> /etc/crypttab'
|
sudo bash -c 'echo "mytest /dev/sdXn - pkcs11-uri=auto" >>/etc/crypttab'
|
||||||
|
@ -17,4 +17,4 @@ _Pragma(\"GCC diagnostic ignored \\\"-Wimplicit-fallthrough\\\"\")\n\
|
|||||||
|
|
||||||
/^KEY_/ { print tolower(substr($1 ,5)) ", " $1 }
|
/^KEY_/ { print tolower(substr($1 ,5)) ", " $1 }
|
||||||
{ print tolower($1) ", " $1 }
|
{ print tolower($1) ", " $1 }
|
||||||
' < "${1:?}"
|
' <"${1:?}"
|
||||||
|
@ -69,7 +69,7 @@ EOF
|
|||||||
|
|
||||||
# Forward journal messages to the console, so we have something
|
# Forward journal messages to the console, so we have something
|
||||||
# to investigate even if we fail to mount the encrypted /var
|
# to investigate even if we fail to mount the encrypted /var
|
||||||
echo ForwardToConsole=yes >> "$initdir/etc/systemd/journald.conf"
|
echo ForwardToConsole=yes >>"$initdir/etc/systemd/journald.conf"
|
||||||
|
|
||||||
# If $INITRD wasn't provided explicitly, generate a custom one with dm-crypt
|
# If $INITRD wasn't provided explicitly, generate a custom one with dm-crypt
|
||||||
# support
|
# support
|
||||||
|
@ -9,8 +9,8 @@ TEST_DESCRIPTION="Openfile tests"
|
|||||||
|
|
||||||
test_append_files() {
|
test_append_files() {
|
||||||
local workspace="${1:?}"
|
local workspace="${1:?}"
|
||||||
echo "Open" > "$workspace/test-77-open.dat"
|
echo "Open" >"$workspace/test-77-open.dat"
|
||||||
echo "File" > "$workspace/test-77-file.dat"
|
echo "File" >"$workspace/test-77-file.dat"
|
||||||
}
|
}
|
||||||
|
|
||||||
do_test "$@"
|
do_test "$@"
|
||||||
|
@ -9,7 +9,7 @@ mkdir -p "$DESTDIR"/usr/local/bin
|
|||||||
cp "$SRCDIR"/test/networkd-test.py "$DESTDIR"/usr/local/bin/networkd-test.py
|
cp "$SRCDIR"/test/networkd-test.py "$DESTDIR"/usr/local/bin/networkd-test.py
|
||||||
|
|
||||||
mkdir -p "$DESTDIR"/etc/systemd/system
|
mkdir -p "$DESTDIR"/etc/systemd/system
|
||||||
cat > "$DESTDIR"/etc/systemd/system/networkd-test.service <<EOF
|
cat >"$DESTDIR"/etc/systemd/system/networkd-test.service <<EOF
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=networkd test service
|
Description=networkd test service
|
||||||
SuccessAction=exit
|
SuccessAction=exit
|
||||||
|
@ -36,14 +36,14 @@ class ExecutionResumeTest(unittest.TestCase):
|
|||||||
[Service]
|
[Service]
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
ExecStart=/bin/sleep 3
|
ExecStart=/bin/sleep 3
|
||||||
ExecStart=/bin/bash -c "echo foo >> {self.output_file}"
|
ExecStart=/bin/bash -c "echo foo >>{self.output_file}"
|
||||||
'''
|
'''
|
||||||
self.unit_files[InstallChange.NO_CHANGE] = unit_file_content
|
self.unit_files[InstallChange.NO_CHANGE] = unit_file_content
|
||||||
|
|
||||||
unit_file_content = f'''
|
unit_file_content = f'''
|
||||||
[Service]
|
[Service]
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
ExecStart=/bin/bash -c "echo foo >> {self.output_file}"
|
ExecStart=/bin/bash -c "echo foo >>{self.output_file}"
|
||||||
ExecStart=/bin/sleep 3
|
ExecStart=/bin/sleep 3
|
||||||
'''
|
'''
|
||||||
self.unit_files[InstallChange.LINES_SWAPPED] = unit_file_content
|
self.unit_files[InstallChange.LINES_SWAPPED] = unit_file_content
|
||||||
@ -51,9 +51,9 @@ class ExecutionResumeTest(unittest.TestCase):
|
|||||||
unit_file_content = f'''
|
unit_file_content = f'''
|
||||||
[Service]
|
[Service]
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
ExecStart=/bin/bash -c "echo bar >> {self.output_file}"
|
ExecStart=/bin/bash -c "echo bar >>{self.output_file}"
|
||||||
ExecStart=/bin/sleep 3
|
ExecStart=/bin/sleep 3
|
||||||
ExecStart=/bin/bash -c "echo foo >> {self.output_file}"
|
ExecStart=/bin/bash -c "echo foo >>{self.output_file}"
|
||||||
'''
|
'''
|
||||||
self.unit_files[InstallChange.COMMAND_ADDED_BEFORE] = unit_file_content
|
self.unit_files[InstallChange.COMMAND_ADDED_BEFORE] = unit_file_content
|
||||||
|
|
||||||
@ -61,26 +61,26 @@ class ExecutionResumeTest(unittest.TestCase):
|
|||||||
[Service]
|
[Service]
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
ExecStart=/bin/sleep 3
|
ExecStart=/bin/sleep 3
|
||||||
ExecStart=/bin/bash -c "echo foo >> {self.output_file}"
|
ExecStart=/bin/bash -c "echo foo >>{self.output_file}"
|
||||||
ExecStart=/bin/bash -c "echo bar >> {self.output_file}"
|
ExecStart=/bin/bash -c "echo bar >>{self.output_file}"
|
||||||
'''
|
'''
|
||||||
self.unit_files[InstallChange.COMMAND_ADDED_AFTER] = unit_file_content
|
self.unit_files[InstallChange.COMMAND_ADDED_AFTER] = unit_file_content
|
||||||
|
|
||||||
unit_file_content = f'''
|
unit_file_content = f'''
|
||||||
[Service]
|
[Service]
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
ExecStart=/bin/bash -c "echo baz >> {self.output_file}"
|
ExecStart=/bin/bash -c "echo baz >>{self.output_file}"
|
||||||
ExecStart=/bin/sleep 3
|
ExecStart=/bin/sleep 3
|
||||||
ExecStart=/bin/bash -c "echo foo >> {self.output_file}"
|
ExecStart=/bin/bash -c "echo foo >>{self.output_file}"
|
||||||
ExecStart=/bin/bash -c "echo bar >> {self.output_file}"
|
ExecStart=/bin/bash -c "echo bar >>{self.output_file}"
|
||||||
'''
|
'''
|
||||||
self.unit_files[InstallChange.COMMAND_INTERLEAVED] = unit_file_content
|
self.unit_files[InstallChange.COMMAND_INTERLEAVED] = unit_file_content
|
||||||
|
|
||||||
unit_file_content = f'''
|
unit_file_content = f'''
|
||||||
[Service]
|
[Service]
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
ExecStart=/bin/bash -c "echo bar >> {self.output_file}"
|
ExecStart=/bin/bash -c "echo bar >>{self.output_file}"
|
||||||
ExecStart=/bin/bash -c "echo baz >> {self.output_file}"
|
ExecStart=/bin/bash -c "echo baz >>{self.output_file}"
|
||||||
'''
|
'''
|
||||||
self.unit_files[InstallChange.REMOVAL] = unit_file_content
|
self.unit_files[InstallChange.REMOVAL] = unit_file_content
|
||||||
|
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
Description=Test for StandardInputText= and StandardInputData=
|
Description=Test for StandardInputText= and StandardInputData=
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
ExecStart=/bin/sh -x -c 'd=$$(mktemp -d -p /tmp); echo -e "this is a test\nand this is more\nsomething encoded!\nsomething in multiple lines\nand some more\nand a more bas64 data\nsomething with strange\nembedded\tcharacters\nand something with a exec-stdin-data.service specifier" > $d/text ; cmp $d/text ; rm -rf $d'
|
ExecStart=/bin/sh -x -c 'd=$$(mktemp -d -p /tmp); echo -e "this is a test\nand this is more\nsomething encoded!\nsomething in multiple lines\nand some more\nand a more bas64 data\nsomething with strange\nembedded\tcharacters\nand something with a exec-stdin-data.service specifier" >$d/text ; cmp $d/text ; rm -rf $d'
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
StandardInput=data
|
StandardInput=data
|
||||||
StandardInputText=this is a test
|
StandardInputText=this is a test
|
||||||
|
@ -691,7 +691,7 @@ EOF
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
set -e
|
set -e
|
||||||
test -e /usr/lib/os-release
|
test -e /usr/lib/os-release
|
||||||
echo bar > \${STATE_DIRECTORY}/foo
|
echo bar >\${STATE_DIRECTORY}/foo
|
||||||
cat /usr/lib/extension-release.d/extension-release.app0
|
cat /usr/lib/extension-release.d/extension-release.app0
|
||||||
EOF
|
EOF
|
||||||
chmod +x "$initdir/opt/script0.sh"
|
chmod +x "$initdir/opt/script0.sh"
|
||||||
@ -717,7 +717,7 @@ EOF
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
set -e
|
set -e
|
||||||
test -e /usr/lib/os-release
|
test -e /usr/lib/os-release
|
||||||
echo baz > \${STATE_DIRECTORY}/foo
|
echo baz >\${STATE_DIRECTORY}/foo
|
||||||
cat /usr/lib/extension-release.d/extension-release.app2
|
cat /usr/lib/extension-release.d/extension-release.app2
|
||||||
EOF
|
EOF
|
||||||
chmod +x "$initdir/opt/script1.sh"
|
chmod +x "$initdir/opt/script1.sh"
|
||||||
|
@ -53,11 +53,11 @@ echo "disable $UNIT_NAME" >/run/systemd/system-preset/99-systemd-test.preset
|
|||||||
EDITOR='true' script -ec 'systemctl edit "$UNIT_NAME"' /dev/null
|
EDITOR='true' script -ec 'systemctl edit "$UNIT_NAME"' /dev/null
|
||||||
[ ! -e "/etc/systemd/system/$UNIT_NAME.d/override.conf" ]
|
[ ! -e "/etc/systemd/system/$UNIT_NAME.d/override.conf" ]
|
||||||
|
|
||||||
printf '%s\n' '[Service]' 'ExecStart=' 'ExecStart=sleep 10d' > "+4"
|
printf '%s\n' '[Service]' 'ExecStart=' 'ExecStart=sleep 10d' >"+4"
|
||||||
EDITOR='mv' script -ec 'systemctl edit "$UNIT_NAME"' /dev/null
|
EDITOR='mv' script -ec 'systemctl edit "$UNIT_NAME"' /dev/null
|
||||||
printf '%s\n' '[Service]' 'ExecStart=' 'ExecStart=sleep 10d' | cmp - "/etc/systemd/system/$UNIT_NAME.d/override.conf"
|
printf '%s\n' '[Service]' 'ExecStart=' 'ExecStart=sleep 10d' | cmp - "/etc/systemd/system/$UNIT_NAME.d/override.conf"
|
||||||
|
|
||||||
printf '%b' '[Service]\n' 'ExecStart=\n' 'ExecStart=sleep 10d' > "+4"
|
printf '%b' '[Service]\n' 'ExecStart=\n' 'ExecStart=sleep 10d' >"+4"
|
||||||
EDITOR='mv' script -ec 'systemctl edit "$UNIT_NAME"' /dev/null
|
EDITOR='mv' script -ec 'systemctl edit "$UNIT_NAME"' /dev/null
|
||||||
printf '%s\n' '[Service]' 'ExecStart=' 'ExecStart=sleep 10d' | cmp - "/etc/systemd/system/$UNIT_NAME.d/override.conf"
|
printf '%s\n' '[Service]' 'ExecStart=' 'ExecStart=sleep 10d' | cmp - "/etc/systemd/system/$UNIT_NAME.d/override.conf"
|
||||||
|
|
||||||
|
@ -163,7 +163,7 @@ mount /usr/share/minimal_0.raw /tmp/rootdir
|
|||||||
# Fix up os-release to drop the valid PORTABLE_SERVICES field (because we are
|
# Fix up os-release to drop the valid PORTABLE_SERVICES field (because we are
|
||||||
# bypassing the sysext logic in portabled here it will otherwise not see the
|
# bypassing the sysext logic in portabled here it will otherwise not see the
|
||||||
# extensions additional valid prefix)
|
# extensions additional valid prefix)
|
||||||
grep -v "^PORTABLE_PREFIXES=" /tmp/rootdir/etc/os-release > /tmp/os-release-fix/etc/os-release
|
grep -v "^PORTABLE_PREFIXES=" /tmp/rootdir/etc/os-release >/tmp/os-release-fix/etc/os-release
|
||||||
|
|
||||||
mount -t overlay overlay -o lowerdir=/tmp/os-release-fix:/tmp/app1:/tmp/rootdir /tmp/overlay
|
mount -t overlay overlay -o lowerdir=/tmp/os-release-fix:/tmp/app1:/tmp/rootdir /tmp/overlay
|
||||||
|
|
||||||
|
@ -31,7 +31,7 @@ systemd-run --unit=two \
|
|||||||
-p StartLimitBurst=3 \
|
-p StartLimitBurst=3 \
|
||||||
-p Type=oneshot \
|
-p Type=oneshot \
|
||||||
-p Restart=on-failure \
|
-p Restart=on-failure \
|
||||||
-p ExecStart="/bin/bash -c \"printf a >> $TMP_FILE\"" /bin/bash -c "exit 1" \
|
-p ExecStart="/bin/bash -c \"printf a >>$TMP_FILE\"" /bin/bash -c "exit 1" \
|
||||||
&& { echo 'unexpected success'; exit 1; }
|
&& { echo 'unexpected success'; exit 1; }
|
||||||
|
|
||||||
# wait for at least 3 restarts
|
# wait for at least 3 restarts
|
||||||
|
@ -106,7 +106,7 @@ runas testuser systemd-run --wait --user --unit=test-clock \
|
|||||||
|
|
||||||
runas testuser systemd-run --wait --user --unit=test-kernel-tunable \
|
runas testuser systemd-run --wait --user --unit=test-kernel-tunable \
|
||||||
-p PrivateUsers=yes -p ProtectKernelTunables=yes \
|
-p PrivateUsers=yes -p ProtectKernelTunables=yes \
|
||||||
sh -c "echo 0 > /proc/sys/user/max_user_namespaces" \
|
sh -c "echo 0 >/proc/sys/user/max_user_namespaces" \
|
||||||
&& { echo 'unexpected success'; exit 1; }
|
&& { echo 'unexpected success'; exit 1; }
|
||||||
|
|
||||||
runas testuser systemd-run --wait --user --unit=test-kernel-mod \
|
runas testuser systemd-run --wait --user --unit=test-kernel-mod \
|
||||||
|
@ -86,7 +86,7 @@ LOCAL"
|
|||||||
check_adjtime_not_exist
|
check_adjtime_not_exist
|
||||||
|
|
||||||
echo 'UTC set in adjtime file'
|
echo 'UTC set in adjtime file'
|
||||||
printf '0.0 0 0\n0\nUTC\n' > /etc/adjtime
|
printf '0.0 0 0\n0\nUTC\n' >/etc/adjtime
|
||||||
timedatectl set-local-rtc 0
|
timedatectl set-local-rtc 0
|
||||||
assert_eq "$(cat /etc/adjtime)" "0.0 0 0
|
assert_eq "$(cat /etc/adjtime)" "0.0 0 0
|
||||||
0
|
0
|
||||||
@ -97,7 +97,7 @@ UTC"
|
|||||||
LOCAL"
|
LOCAL"
|
||||||
|
|
||||||
echo 'non-zero values in adjtime file'
|
echo 'non-zero values in adjtime file'
|
||||||
printf '0.1 123 0\n0\nLOCAL\n' > /etc/adjtime
|
printf '0.1 123 0\n0\nLOCAL\n' >/etc/adjtime
|
||||||
timedatectl set-local-rtc 0
|
timedatectl set-local-rtc 0
|
||||||
assert_eq "$(cat /etc/adjtime)" "0.1 123 0
|
assert_eq "$(cat /etc/adjtime)" "0.1 123 0
|
||||||
0
|
0
|
||||||
@ -108,7 +108,7 @@ UTC"
|
|||||||
LOCAL"
|
LOCAL"
|
||||||
|
|
||||||
echo 'fourth line adjtime file'
|
echo 'fourth line adjtime file'
|
||||||
printf '0.0 0 0\n0\nLOCAL\nsomethingelse\n' > /etc/adjtime
|
printf '0.0 0 0\n0\nLOCAL\nsomethingelse\n' >/etc/adjtime
|
||||||
timedatectl set-local-rtc 0
|
timedatectl set-local-rtc 0
|
||||||
assert_eq "$(cat /etc/adjtime)" "0.0 0 0
|
assert_eq "$(cat /etc/adjtime)" "0.0 0 0
|
||||||
0
|
0
|
||||||
@ -121,60 +121,60 @@ LOCAL
|
|||||||
somethingelse"
|
somethingelse"
|
||||||
|
|
||||||
echo 'no final newline in adjtime file'
|
echo 'no final newline in adjtime file'
|
||||||
printf '0.0 0 0\n0\nUTC' > /etc/adjtime
|
printf '0.0 0 0\n0\nUTC' >/etc/adjtime
|
||||||
timedatectl set-local-rtc 0
|
timedatectl set-local-rtc 0
|
||||||
check_adjtime_not_exist
|
check_adjtime_not_exist
|
||||||
printf '0.0 0 0\n0\nUTC' > /etc/adjtime
|
printf '0.0 0 0\n0\nUTC' >/etc/adjtime
|
||||||
timedatectl set-local-rtc 1
|
timedatectl set-local-rtc 1
|
||||||
assert_eq "$(cat /etc/adjtime)" "0.0 0 0
|
assert_eq "$(cat /etc/adjtime)" "0.0 0 0
|
||||||
0
|
0
|
||||||
LOCAL"
|
LOCAL"
|
||||||
|
|
||||||
echo 'only one line in adjtime file'
|
echo 'only one line in adjtime file'
|
||||||
printf '0.0 0 0\n' > /etc/adjtime
|
printf '0.0 0 0\n' >/etc/adjtime
|
||||||
timedatectl set-local-rtc 0
|
timedatectl set-local-rtc 0
|
||||||
check_adjtime_not_exist
|
check_adjtime_not_exist
|
||||||
printf '0.0 0 0\n' > /etc/adjtime
|
printf '0.0 0 0\n' >/etc/adjtime
|
||||||
timedatectl set-local-rtc 1
|
timedatectl set-local-rtc 1
|
||||||
assert_eq "$(cat /etc/adjtime)" "0.0 0 0
|
assert_eq "$(cat /etc/adjtime)" "0.0 0 0
|
||||||
0
|
0
|
||||||
LOCAL"
|
LOCAL"
|
||||||
|
|
||||||
echo 'only one line in adjtime file, no final newline'
|
echo 'only one line in adjtime file, no final newline'
|
||||||
printf '0.0 0 0' > /etc/adjtime
|
printf '0.0 0 0' >/etc/adjtime
|
||||||
timedatectl set-local-rtc 0
|
timedatectl set-local-rtc 0
|
||||||
check_adjtime_not_exist
|
check_adjtime_not_exist
|
||||||
printf '0.0 0 0' > /etc/adjtime
|
printf '0.0 0 0' >/etc/adjtime
|
||||||
timedatectl set-local-rtc 1
|
timedatectl set-local-rtc 1
|
||||||
assert_eq "$(cat /etc/adjtime)" "0.0 0 0
|
assert_eq "$(cat /etc/adjtime)" "0.0 0 0
|
||||||
0
|
0
|
||||||
LOCAL"
|
LOCAL"
|
||||||
|
|
||||||
echo 'only two lines in adjtime file'
|
echo 'only two lines in adjtime file'
|
||||||
printf '0.0 0 0\n0\n' > /etc/adjtime
|
printf '0.0 0 0\n0\n' >/etc/adjtime
|
||||||
timedatectl set-local-rtc 0
|
timedatectl set-local-rtc 0
|
||||||
check_adjtime_not_exist
|
check_adjtime_not_exist
|
||||||
printf '0.0 0 0\n0\n' > /etc/adjtime
|
printf '0.0 0 0\n0\n' >/etc/adjtime
|
||||||
timedatectl set-local-rtc 1
|
timedatectl set-local-rtc 1
|
||||||
assert_eq "$(cat /etc/adjtime)" "0.0 0 0
|
assert_eq "$(cat /etc/adjtime)" "0.0 0 0
|
||||||
0
|
0
|
||||||
LOCAL"
|
LOCAL"
|
||||||
|
|
||||||
echo 'only two lines in adjtime file, no final newline'
|
echo 'only two lines in adjtime file, no final newline'
|
||||||
printf '0.0 0 0\n0' > /etc/adjtime
|
printf '0.0 0 0\n0' >/etc/adjtime
|
||||||
timedatectl set-local-rtc 0
|
timedatectl set-local-rtc 0
|
||||||
check_adjtime_not_exist
|
check_adjtime_not_exist
|
||||||
printf '0.0 0 0\n0' > /etc/adjtime
|
printf '0.0 0 0\n0' >/etc/adjtime
|
||||||
timedatectl set-local-rtc 1
|
timedatectl set-local-rtc 1
|
||||||
assert_eq "$(cat /etc/adjtime)" "0.0 0 0
|
assert_eq "$(cat /etc/adjtime)" "0.0 0 0
|
||||||
0
|
0
|
||||||
LOCAL"
|
LOCAL"
|
||||||
|
|
||||||
echo 'unknown value in 3rd line of adjtime file'
|
echo 'unknown value in 3rd line of adjtime file'
|
||||||
printf '0.0 0 0\n0\nFOO\n' > /etc/adjtime
|
printf '0.0 0 0\n0\nFOO\n' >/etc/adjtime
|
||||||
timedatectl set-local-rtc 0
|
timedatectl set-local-rtc 0
|
||||||
check_adjtime_not_exist
|
check_adjtime_not_exist
|
||||||
printf '0.0 0 0\n0\nFOO\n' > /etc/adjtime
|
printf '0.0 0 0\n0\nFOO\n' >/etc/adjtime
|
||||||
timedatectl set-local-rtc 1
|
timedatectl set-local-rtc 1
|
||||||
assert_eq "$(cat /etc/adjtime)" "0.0 0 0
|
assert_eq "$(cat /etc/adjtime)" "0.0 0 0
|
||||||
0
|
0
|
||||||
|
@ -158,7 +158,7 @@ if systemctl --version | grep -q -- +OPENSSL ; then
|
|||||||
fi
|
fi
|
||||||
HAVE_OPENSSL=1
|
HAVE_OPENSSL=1
|
||||||
# Unfortunately OpenSSL insists on reading some config file, hence provide one with mostly placeholder contents
|
# Unfortunately OpenSSL insists on reading some config file, hence provide one with mostly placeholder contents
|
||||||
cat >> "${image}.openssl.cnf" <<EOF
|
cat >>"${image}.openssl.cnf" <<EOF
|
||||||
[ req ]
|
[ req ]
|
||||||
prompt = no
|
prompt = no
|
||||||
distinguished_name = req_distinguished_name
|
distinguished_name = req_distinguished_name
|
||||||
@ -178,7 +178,7 @@ EOF
|
|||||||
# Sign Verity root hash with it
|
# Sign Verity root hash with it
|
||||||
openssl smime -sign -nocerts -noattr -binary -in "${image}.roothash" -inkey "${image}.key" -signer "${image}.crt" -outform der -out "${image}.roothash.p7s"
|
openssl smime -sign -nocerts -noattr -binary -in "${image}.roothash" -inkey "${image}.key" -signer "${image}.crt" -outform der -out "${image}.roothash.p7s"
|
||||||
# Generate signature partition JSON data
|
# Generate signature partition JSON data
|
||||||
echo '{"rootHash":"'"${roothash}"'","signature":"'"$(base64 -w 0 < "${image}.roothash.p7s")"'"}' > "${image}.verity-sig"
|
echo '{"rootHash":"'"${roothash}"'","signature":"'"$(base64 -w 0 <"${image}.roothash.p7s")"'"}' >"${image}.verity-sig"
|
||||||
# Pad it
|
# Pad it
|
||||||
truncate -s "${signature_size}" "${image}.verity-sig"
|
truncate -s "${signature_size}" "${image}.verity-sig"
|
||||||
# Register certificate in the (userspace) verity key ring
|
# Register certificate in the (userspace) verity key ring
|
||||||
@ -418,7 +418,7 @@ rm /var/lib/extensions/app-nodistro.raw
|
|||||||
mkdir -p /run/machines /run/portables /run/extensions
|
mkdir -p /run/machines /run/portables /run/extensions
|
||||||
touch /run/machines/a.raw /run/portables/b.raw /run/extensions/c.raw
|
touch /run/machines/a.raw /run/portables/b.raw /run/extensions/c.raw
|
||||||
|
|
||||||
systemd-dissect --discover --json=short > /tmp/discover.json
|
systemd-dissect --discover --json=short >/tmp/discover.json
|
||||||
grep -q -F '{"name":"a","type":"raw","class":"machine","ro":false,"path":"/run/machines/a.raw"' /tmp/discover.json
|
grep -q -F '{"name":"a","type":"raw","class":"machine","ro":false,"path":"/run/machines/a.raw"' /tmp/discover.json
|
||||||
grep -q -F '{"name":"b","type":"raw","class":"portable","ro":false,"path":"/run/portables/b.raw"' /tmp/discover.json
|
grep -q -F '{"name":"b","type":"raw","class":"portable","ro":false,"path":"/run/portables/b.raw"' /tmp/discover.json
|
||||||
grep -q -F '{"name":"c","type":"raw","class":"extension","ro":false,"path":"/run/extensions/c.raw"' /tmp/discover.json
|
grep -q -F '{"name":"c","type":"raw","class":"extension","ro":false,"path":"/run/extensions/c.raw"' /tmp/discover.json
|
||||||
|
@ -17,7 +17,7 @@ systemd-run -p LoadCredential=passwd:/etc/passwd \
|
|||||||
rm /tmp/ts54-concat
|
rm /tmp/ts54-concat
|
||||||
|
|
||||||
# Test that SetCredential= acts as fallback for LoadCredential=
|
# Test that SetCredential= acts as fallback for LoadCredential=
|
||||||
echo piff > /tmp/ts54-fallback
|
echo piff >/tmp/ts54-fallback
|
||||||
[ "$(systemd-run -p LoadCredential=paff:/tmp/ts54-fallback -p SetCredential=paff:poff --pipe --wait systemd-creds cat paff)" = "piff" ]
|
[ "$(systemd-run -p LoadCredential=paff:/tmp/ts54-fallback -p SetCredential=paff:poff --pipe --wait systemd-creds cat paff)" = "piff" ]
|
||||||
rm /tmp/ts54-fallback
|
rm /tmp/ts54-fallback
|
||||||
[ "$(systemd-run -p LoadCredential=paff:/tmp/ts54-fallback -p SetCredential=paff:poff --pipe --wait systemd-creds cat paff)" = "poff" ]
|
[ "$(systemd-run -p LoadCredential=paff:/tmp/ts54-fallback -p SetCredential=paff:poff --pipe --wait systemd-creds cat paff)" = "poff" ]
|
||||||
|
@ -9,7 +9,7 @@ else
|
|||||||
counter=0
|
counter=0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo "$counter" > /tmp/testsuite-57.counter
|
echo "$counter" >/tmp/testsuite-57.counter
|
||||||
|
|
||||||
if [ "$counter" -eq 5 ] ; then
|
if [ "$counter" -eq 5 ] ; then
|
||||||
systemctl kill --kill-whom=main -sUSR1 testsuite-57.service
|
systemctl kill --kill-whom=main -sUSR1 testsuite-57.service
|
||||||
|
@ -783,7 +783,7 @@ VerityMatchKey=root
|
|||||||
EOF
|
EOF
|
||||||
|
|
||||||
# Unfortunately OpenSSL insists on reading some config file, hence provide one with mostly placeholder contents
|
# Unfortunately OpenSSL insists on reading some config file, hence provide one with mostly placeholder contents
|
||||||
runas testuser tee > "$defs/verity.openssl.cnf" <<EOF
|
runas testuser tee >"$defs/verity.openssl.cnf" <<EOF
|
||||||
[ req ]
|
[ req ]
|
||||||
prompt = no
|
prompt = no
|
||||||
distinguished_name = req_distinguished_name
|
distinguished_name = req_distinguished_name
|
||||||
|
@ -158,7 +158,7 @@ test_issue_20329() {
|
|||||||
unit=$(systemd-escape --suffix mount --path "$tmpdir")
|
unit=$(systemd-escape --suffix mount --path "$tmpdir")
|
||||||
|
|
||||||
# Set up test mount unit
|
# Set up test mount unit
|
||||||
cat > /run/systemd/system/"$unit" <<EOF
|
cat >/run/systemd/system/"$unit" <<EOF
|
||||||
[Mount]
|
[Mount]
|
||||||
What=tmpfs
|
What=tmpfs
|
||||||
Where=$tmpdir
|
Where=$tmpdir
|
||||||
|
@ -60,6 +60,6 @@ systemctl start --wait testsuite-62-3.service
|
|||||||
systemctl start --wait testsuite-62-4.service
|
systemctl start --wait testsuite-62-4.service
|
||||||
systemctl start --wait testsuite-62-5.service
|
systemctl start --wait testsuite-62-5.service
|
||||||
|
|
||||||
echo OK > /testok
|
echo OK >/testok
|
||||||
|
|
||||||
exit 0
|
exit 0
|
||||||
|
@ -7,4 +7,4 @@ DevicePolicy=strict
|
|||||||
DeviceAllow=/dev/null r
|
DeviceAllow=/dev/null r
|
||||||
StandardOutput=file:/tmp/testsuite66serviceresults
|
StandardOutput=file:/tmp/testsuite66serviceresults
|
||||||
ExecStartPre=rm -f /tmp/testsuite66serviceresults
|
ExecStartPre=rm -f /tmp/testsuite66serviceresults
|
||||||
ExecStart=/bin/bash -c "while true; do sleep 0.01 && echo meow > /dev/null && echo thisshouldnotbehere; done"
|
ExecStart=/bin/bash -c "while true; do sleep 0.01 && echo meow >/dev/null && echo thisshouldnotbehere; done"
|
||||||
|
@ -29,9 +29,9 @@ trap cleanup EXIT
|
|||||||
|
|
||||||
build_integrity_tab()
|
build_integrity_tab()
|
||||||
{
|
{
|
||||||
cat << _EOL > "/etc/integritytab"
|
cat <<EOF >"/etc/integritytab"
|
||||||
${DM_NAME} ${loop} - integrity-algorithm=$1
|
${DM_NAME} ${loop} - integrity-algorithm=$1
|
||||||
_EOL
|
EOF
|
||||||
}
|
}
|
||||||
|
|
||||||
image_dir="$(mktemp -d -t -p / integrity.tmp.XXXXXX)"
|
image_dir="$(mktemp -d -t -p / integrity.tmp.XXXXXX)"
|
||||||
|
@ -61,8 +61,8 @@ tpm2_pcrextend 0:sha256=00000000000000000000000000000000000000000000000000000000
|
|||||||
rm $img
|
rm $img
|
||||||
|
|
||||||
if [[ -e /usr/lib/systemd/systemd-measure ]]; then
|
if [[ -e /usr/lib/systemd/systemd-measure ]]; then
|
||||||
echo HALLO > /tmp/tpmdata1
|
echo HALLO >/tmp/tpmdata1
|
||||||
echo foobar > /tmp/tpmdata2
|
echo foobar >/tmp/tpmdata2
|
||||||
|
|
||||||
cat >/tmp/result <<EOF
|
cat >/tmp/result <<EOF
|
||||||
11:sha1=5177e4ad69db92192c10e5f80402bf81bfec8a81
|
11:sha1=5177e4ad69db92192c10e5f80402bf81bfec8a81
|
||||||
@ -119,10 +119,10 @@ if [ -e /usr/lib/systemd/systemd-measure ] && \
|
|||||||
|
|
||||||
# Invalidate PCR, decrypting should fail now
|
# Invalidate PCR, decrypting should fail now
|
||||||
tpm2_pcrextend 11:sha256=0000000000000000000000000000000000000000000000000000000000000000
|
tpm2_pcrextend 11:sha256=0000000000000000000000000000000000000000000000000000000000000000
|
||||||
systemd-creds decrypt /tmp/pcrtestdata.encrypted - --tpm2-signature="/tmp/pcrsign.sig" > /dev/null && { echo 'unexpected success'; exit 1; }
|
systemd-creds decrypt /tmp/pcrtestdata.encrypted - --tpm2-signature="/tmp/pcrsign.sig" >/dev/null && { echo 'unexpected success'; exit 1; }
|
||||||
|
|
||||||
# Sign new PCR state, decrypting should work now.
|
# Sign new PCR state, decrypting should work now.
|
||||||
/usr/lib/systemd/systemd-measure sign --current "${MEASURE_BANKS[@]}" --private-key="/tmp/pcrsign-private.pem" --public-key="/tmp/pcrsign-public.pem" --phase=: > "/tmp/pcrsign.sig2"
|
/usr/lib/systemd/systemd-measure sign --current "${MEASURE_BANKS[@]}" --private-key="/tmp/pcrsign-private.pem" --public-key="/tmp/pcrsign-public.pem" --phase=: >"/tmp/pcrsign.sig2"
|
||||||
systemd-creds decrypt /tmp/pcrtestdata.encrypted - --tpm2-signature="/tmp/pcrsign.sig2" | cmp - /tmp/pcrtestdata
|
systemd-creds decrypt /tmp/pcrtestdata.encrypted - --tpm2-signature="/tmp/pcrsign.sig2" | cmp - /tmp/pcrtestdata
|
||||||
|
|
||||||
# Now, do the same, but with a cryptsetup binding
|
# Now, do the same, but with a cryptsetup binding
|
||||||
@ -144,18 +144,18 @@ if [ -e /usr/lib/systemd/systemd-measure ] && \
|
|||||||
SYSTEMD_CRYPTSETUP_USE_TOKEN_MODULE=1 /usr/lib/systemd/systemd-cryptsetup attach test-volume2 $img - tpm2-device=auto,tpm2-signature="/tmp/pcrsign.sig2",headless=1 && { echo 'unexpected success'; exit 1; }
|
SYSTEMD_CRYPTSETUP_USE_TOKEN_MODULE=1 /usr/lib/systemd/systemd-cryptsetup attach test-volume2 $img - tpm2-device=auto,tpm2-signature="/tmp/pcrsign.sig2",headless=1 && { echo 'unexpected success'; exit 1; }
|
||||||
|
|
||||||
# But once we sign the current PCRs, we should be able to unlock again
|
# But once we sign the current PCRs, we should be able to unlock again
|
||||||
/usr/lib/systemd/systemd-measure sign --current "${MEASURE_BANKS[@]}" --private-key="/tmp/pcrsign-private.pem" --public-key="/tmp/pcrsign-public.pem" --phase=: > "/tmp/pcrsign.sig3"
|
/usr/lib/systemd/systemd-measure sign --current "${MEASURE_BANKS[@]}" --private-key="/tmp/pcrsign-private.pem" --public-key="/tmp/pcrsign-public.pem" --phase=: >"/tmp/pcrsign.sig3"
|
||||||
SYSTEMD_CRYPTSETUP_USE_TOKEN_MODULE=0 /usr/lib/systemd/systemd-cryptsetup attach test-volume2 $img - tpm2-device=auto,tpm2-signature="/tmp/pcrsign.sig3",headless=1
|
SYSTEMD_CRYPTSETUP_USE_TOKEN_MODULE=0 /usr/lib/systemd/systemd-cryptsetup attach test-volume2 $img - tpm2-device=auto,tpm2-signature="/tmp/pcrsign.sig3",headless=1
|
||||||
/usr/lib/systemd/systemd-cryptsetup detach test-volume2
|
/usr/lib/systemd/systemd-cryptsetup detach test-volume2
|
||||||
SYSTEMD_CRYPTSETUP_USE_TOKEN_MODULE=1 /usr/lib/systemd/systemd-cryptsetup attach test-volume2 $img - tpm2-device=auto,tpm2-signature="/tmp/pcrsign.sig3",headless=1
|
SYSTEMD_CRYPTSETUP_USE_TOKEN_MODULE=1 /usr/lib/systemd/systemd-cryptsetup attach test-volume2 $img - tpm2-device=auto,tpm2-signature="/tmp/pcrsign.sig3",headless=1
|
||||||
/usr/lib/systemd/systemd-cryptsetup detach test-volume2
|
/usr/lib/systemd/systemd-cryptsetup detach test-volume2
|
||||||
|
|
||||||
# Test --append mode and de-duplication. With the same parameters signing should not add a new entry
|
# Test --append mode and de-duplication. With the same parameters signing should not add a new entry
|
||||||
/usr/lib/systemd/systemd-measure sign --current "${MEASURE_BANKS[@]}" --private-key="/tmp/pcrsign-private.pem" --public-key="/tmp/pcrsign-public.pem" --phase=: --append="/tmp/pcrsign.sig3" > "/tmp/pcrsign.sig4"
|
/usr/lib/systemd/systemd-measure sign --current "${MEASURE_BANKS[@]}" --private-key="/tmp/pcrsign-private.pem" --public-key="/tmp/pcrsign-public.pem" --phase=: --append="/tmp/pcrsign.sig3" >"/tmp/pcrsign.sig4"
|
||||||
cmp "/tmp/pcrsign.sig3" "/tmp/pcrsign.sig4"
|
cmp "/tmp/pcrsign.sig3" "/tmp/pcrsign.sig4"
|
||||||
|
|
||||||
# Sign one more phase, this should
|
# Sign one more phase, this should
|
||||||
/usr/lib/systemd/systemd-measure sign --current "${MEASURE_BANKS[@]}" --private-key="/tmp/pcrsign-private.pem" --public-key="/tmp/pcrsign-public.pem" --phase=quux:waldo --append="/tmp/pcrsign.sig4" > "/tmp/pcrsign.sig5"
|
/usr/lib/systemd/systemd-measure sign --current "${MEASURE_BANKS[@]}" --private-key="/tmp/pcrsign-private.pem" --public-key="/tmp/pcrsign-public.pem" --phase=quux:waldo --append="/tmp/pcrsign.sig4" >"/tmp/pcrsign.sig5"
|
||||||
( ! cmp "/tmp/pcrsign.sig4" "/tmp/pcrsign.sig5" )
|
( ! cmp "/tmp/pcrsign.sig4" "/tmp/pcrsign.sig5" )
|
||||||
|
|
||||||
# Should still be good to unlock, given the old entry still exists
|
# Should still be good to unlock, given the old entry still exists
|
||||||
@ -163,8 +163,8 @@ if [ -e /usr/lib/systemd/systemd-measure ] && \
|
|||||||
/usr/lib/systemd/systemd-cryptsetup detach test-volume2
|
/usr/lib/systemd/systemd-cryptsetup detach test-volume2
|
||||||
|
|
||||||
# Adding both signatures once more should not change anything, due to the deduplication
|
# Adding both signatures once more should not change anything, due to the deduplication
|
||||||
/usr/lib/systemd/systemd-measure sign --current "${MEASURE_BANKS[@]}" --private-key="/tmp/pcrsign-private.pem" --public-key="/tmp/pcrsign-public.pem" --phase=: --append="/tmp/pcrsign.sig5" > "/tmp/pcrsign.sig6"
|
/usr/lib/systemd/systemd-measure sign --current "${MEASURE_BANKS[@]}" --private-key="/tmp/pcrsign-private.pem" --public-key="/tmp/pcrsign-public.pem" --phase=: --append="/tmp/pcrsign.sig5" >"/tmp/pcrsign.sig6"
|
||||||
/usr/lib/systemd/systemd-measure sign --current "${MEASURE_BANKS[@]}" --private-key="/tmp/pcrsign-private.pem" --public-key="/tmp/pcrsign-public.pem" --phase=quux:waldo --append="/tmp/pcrsign.sig6" > "/tmp/pcrsign.sig7"
|
/usr/lib/systemd/systemd-measure sign --current "${MEASURE_BANKS[@]}" --private-key="/tmp/pcrsign-private.pem" --public-key="/tmp/pcrsign-public.pem" --phase=quux:waldo --append="/tmp/pcrsign.sig6" >"/tmp/pcrsign.sig7"
|
||||||
cmp "/tmp/pcrsign.sig5" "/tmp/pcrsign.sig7"
|
cmp "/tmp/pcrsign.sig5" "/tmp/pcrsign.sig7"
|
||||||
|
|
||||||
rm $img
|
rm $img
|
||||||
|
@ -114,17 +114,17 @@ EOF
|
|||||||
systemctl daemon-reload
|
systemctl daemon-reload
|
||||||
|
|
||||||
mount -t tmpfs none /sys/class/dmi/id
|
mount -t tmpfs none /sys/class/dmi/id
|
||||||
echo '1' > /sys/class/dmi/id/uevent
|
echo '1' >/sys/class/dmi/id/uevent
|
||||||
|
|
||||||
echo '01/01/2000' > /sys/class/dmi/id/bios_date
|
echo '01/01/2000' >/sys/class/dmi/id/bios_date
|
||||||
systemctl stop systemd-hostnamed
|
systemctl stop systemd-hostnamed
|
||||||
assert_in '2000-01-01' "$(hostnamectl)"
|
assert_in '2000-01-01' "$(hostnamectl)"
|
||||||
|
|
||||||
echo '2022' > /sys/class/dmi/id/bios_date
|
echo '2022' >/sys/class/dmi/id/bios_date
|
||||||
systemctl stop systemd-hostnamed
|
systemctl stop systemd-hostnamed
|
||||||
assert_not_in 'Firmware Date' "$(hostnamectl)"
|
assert_not_in 'Firmware Date' "$(hostnamectl)"
|
||||||
|
|
||||||
echo 'garbage' > /sys/class/dmi/id/bios_date
|
echo 'garbage' >/sys/class/dmi/id/bios_date
|
||||||
systemctl stop systemd-hostnamed
|
systemctl stop systemd-hostnamed
|
||||||
assert_not_in 'Firmware Date' "$(hostnamectl)"
|
assert_not_in 'Firmware Date' "$(hostnamectl)"
|
||||||
}
|
}
|
||||||
|
@ -79,7 +79,7 @@ test_locale() {
|
|||||||
if command -v locale-gen >/dev/null 2>&1 &&
|
if command -v locale-gen >/dev/null 2>&1 &&
|
||||||
! localectl list-locales | grep -F "en_US.UTF-8"; then
|
! localectl list-locales | grep -F "en_US.UTF-8"; then
|
||||||
# ensure at least one utf8 locale exist
|
# ensure at least one utf8 locale exist
|
||||||
echo "en_US.UTF-8 UTF-8" > /etc/locale.gen
|
echo "en_US.UTF-8 UTF-8" >/etc/locale.gen
|
||||||
locale-gen en_US.UTF-8
|
locale-gen en_US.UTF-8
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -8,11 +8,11 @@ set -o pipefail
|
|||||||
|
|
||||||
export SYSTEMD_LOG_LEVEL=debug
|
export SYSTEMD_LOG_LEVEL=debug
|
||||||
|
|
||||||
echo "foo.bar=42" > /tmp/foo.conf
|
echo "foo.bar=42" >/tmp/foo.conf
|
||||||
assert_rc 0 /usr/lib/systemd/systemd-sysctl /tmp/foo.conf
|
assert_rc 0 /usr/lib/systemd/systemd-sysctl /tmp/foo.conf
|
||||||
assert_rc 1 /usr/lib/systemd/systemd-sysctl --strict /tmp/foo.conf
|
assert_rc 1 /usr/lib/systemd/systemd-sysctl --strict /tmp/foo.conf
|
||||||
|
|
||||||
echo "-foo.foo=42" > /tmp/foo.conf
|
echo "-foo.foo=42" >/tmp/foo.conf
|
||||||
assert_rc 0 /usr/lib/systemd/systemd-sysctl /tmp/foo.conf
|
assert_rc 0 /usr/lib/systemd/systemd-sysctl /tmp/foo.conf
|
||||||
assert_rc 0 /usr/lib/systemd/systemd-sysctl --strict /tmp/foo.conf
|
assert_rc 0 /usr/lib/systemd/systemd-sysctl --strict /tmp/foo.conf
|
||||||
|
|
||||||
@ -26,9 +26,9 @@ net.ipv4.*.*.bootp_relay=1
|
|||||||
net.ipv4.aaa.*.disable_policy=1
|
net.ipv4.aaa.*.disable_policy=1
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
echo 0 > /proc/sys/net/ipv4/conf/hoge/drop_gratuitous_arp
|
echo 0 >/proc/sys/net/ipv4/conf/hoge/drop_gratuitous_arp
|
||||||
echo 0 > /proc/sys/net/ipv4/conf/hoge/bootp_relay
|
echo 0 >/proc/sys/net/ipv4/conf/hoge/bootp_relay
|
||||||
echo 0 > /proc/sys/net/ipv4/conf/hoge/disable_policy
|
echo 0 >/proc/sys/net/ipv4/conf/hoge/disable_policy
|
||||||
|
|
||||||
assert_rc 0 /usr/lib/systemd/systemd-sysctl --prefix=/net/ipv4/conf/hoge /tmp/foo.conf
|
assert_rc 0 /usr/lib/systemd/systemd-sysctl --prefix=/net/ipv4/conf/hoge /tmp/foo.conf
|
||||||
assert_eq "$(cat /proc/sys/net/ipv4/conf/hoge/drop_gratuitous_arp)" "1"
|
assert_eq "$(cat /proc/sys/net/ipv4/conf/hoge/drop_gratuitous_arp)" "1"
|
||||||
|
@ -27,7 +27,7 @@ diff <(systemctl show -p OpenFile testsuite-77) - <<EOF
|
|||||||
OpenFile=/test-77-open.dat:open:read-only
|
OpenFile=/test-77-open.dat:open:read-only
|
||||||
OpenFile=/test-77-file.dat
|
OpenFile=/test-77-file.dat
|
||||||
EOF
|
EOF
|
||||||
echo "New" > /test-77-new-file.dat
|
echo "New" >/test-77-new-file.dat
|
||||||
systemd-run --wait -p OpenFile=/test-77-new-file.dat:new-file:read-only "$(dirname "$0")"/testsuite-77-run.sh
|
systemd-run --wait -p OpenFile=/test-77-new-file.dat:new-file:read-only "$(dirname "$0")"/testsuite-77-run.sh
|
||||||
|
|
||||||
assert_rc 202 systemd-run --wait -p OpenFile=/test-77-new-file.dat:new-file:read-only -p OpenFile=/test-77-mssing-file.dat:missing-file:read-only "$(dirname "$0")"/testsuite-77-run.sh
|
assert_rc 202 systemd-run --wait -p OpenFile=/test-77-new-file.dat:new-file:read-only -p OpenFile=/test-77-mssing-file.dat:missing-file:read-only "$(dirname "$0")"/testsuite-77-run.sh
|
||||||
|
@ -60,7 +60,7 @@ while read -r line; do
|
|||||||
data="${BASH_REMATCH[2]}"
|
data="${BASH_REMATCH[2]}"
|
||||||
break
|
break
|
||||||
fi
|
fi
|
||||||
done < "${2}"
|
done <"${2}"
|
||||||
|
|
||||||
if [[ -z "${text}" || -z "${data}" ]]; then
|
if [[ -z "${text}" || -z "${data}" ]]; then
|
||||||
echo "Could not determine text and data location."
|
echo "Could not determine text and data location."
|
||||||
|
@ -5,13 +5,13 @@ set -eu
|
|||||||
cd "${1:?}"
|
cd "${1:?}"
|
||||||
|
|
||||||
(curl --fail -L 'https://chromium.googlesource.com/chromiumos/platform2/+/master/power_manager/udev/gen_autosuspend_rules.py?format=TEXT'; echo) \
|
(curl --fail -L 'https://chromium.googlesource.com/chromiumos/platform2/+/master/power_manager/udev/gen_autosuspend_rules.py?format=TEXT'; echo) \
|
||||||
| base64 -d > tools/chromiumos/gen_autosuspend_rules.py
|
| base64 -d >tools/chromiumos/gen_autosuspend_rules.py
|
||||||
|
|
||||||
(cat <<%EOF
|
(cat <<EOF
|
||||||
# This file is part of systemd.
|
# This file is part of systemd.
|
||||||
#
|
#
|
||||||
# Rules to autosuspend known fingerprint readers (pulled from libfprint).
|
# Rules to autosuspend known fingerprint readers (pulled from libfprint).
|
||||||
#
|
#
|
||||||
%EOF
|
EOF
|
||||||
curl --fail -L 'https://gitlab.freedesktop.org/libfprint/libfprint/-/raw/master/data/autosuspend.hwdb') \
|
curl --fail -L 'https://gitlab.freedesktop.org/libfprint/libfprint/-/raw/master/data/autosuspend.hwdb') \
|
||||||
> hwdb.d/60-autosuspend-fingerprint-reader.hwdb
|
>hwdb.d/60-autosuspend-fingerprint-reader.hwdb
|
||||||
|
Loading…
Reference in New Issue
Block a user