shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-01-26 14:04:03 +03:00
Code

repart: Run most repart integration tests without root privileges

Browse Source 
To make sure rootless mode keeps working, let's run all repart
integration tests that we can without root privileges. The only ones
we need to keep running with root privileges are the tests that operate
on a block/loop device and those that use --image=.
This commit is contained in:
Daan De Meyer 2022-11-10 15:40:00 +01:00
parent a64769d605
commit e2d057456d
2 changed files with 170 additions and 144 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
test/TEST-58-REPART/test.sh
View File

@ -12,14 +12,15 @@ TEST_FORCE_NEWIMAGE=1
test_append_files() { test_append_files() {
if ! get_bool "${TEST_NO_QEMU:=}"; then if ! get_bool "${TEST_NO_QEMU:=}"; then
install_dmevent install_dmevent
if command -v openssl >/dev/null 2>&1; then
inst_binary openssl
fi
inst_binary mcopy
instmods dm_verity =md instmods dm_verity =md
generate_module_dependencies generate_module_dependencies
image_install -o /sbin/mksquashfs image_install -o /sbin/mksquashfs
fi fi
inst_binary mcopy
if command -v openssl >/dev/null 2>&1; then
inst_binary openssl
fi
} }
do_test "$@" do_test "$@"

305
test/units/testsuite-58.sh
View File

@ -3,6 +3,13 @@
set -eux set -eux
set -o pipefail set -o pipefail
runas() {
declare userid=$1
shift
# shellcheck disable=SC2016
su "$userid" -s /bin/sh -c 'XDG_RUNTIME_DIR=/run/user/$UID exec "$@"' -- sh "$@"
}
if ! command -v systemd-repart &>/dev/null; then if ! command -v systemd-repart &>/dev/null; then
echo "no systemd-repart" >/skipped echo "no systemd-repart" >/skipped
exit 0 exit 0
@ -89,17 +96,17 @@ test_basic() {
local defs imgs output local defs imgs output
local loop volume local loop volume
defs="$(mktemp --directory "/tmp/test-repart.XXXXXXXXXX")" defs="$(runas testuser mktemp --directory "/tmp/test-repart.XXXXXXXXXX")"
imgs="$(mktemp --directory "/var/tmp/test-repart.XXXXXXXXXX")" imgs="$(runas testuser mktemp --directory "/var/tmp/test-repart.XXXXXXXXXX")"
# shellcheck disable=SC2064 # shellcheck disable=SC2064
trap "rm -rf '$defs' '$imgs'" RETURN trap "rm -rf '$defs' '$imgs'" RETURN
# 1. create an empty image # 1. create an empty image
systemd-repart --empty=create \ runas testuser systemd-repart --empty=create \
--size=1G \ --size=1G \
--seed="$seed" \ --seed="$seed" \
"$imgs/zzz" "$imgs/zzz"
output=$(sfdisk -d "$imgs/zzz" | grep -v -e 'sector-size' -e '^$') output=$(sfdisk -d "$imgs/zzz" | grep -v -e 'sector-size' -e '^$')
@ -133,11 +140,11 @@ SizeMaxBytes=64M
PaddingMinBytes=92M PaddingMinBytes=92M
EOF EOF
systemd-repart --definitions="$defs" \ runas testuser systemd-repart --definitions="$defs" \
--dry-run=no \ --dry-run=no \
--seed="$seed" \ --seed="$seed" \
--include-partitions=home,swap \ --include-partitions=home,swap \
"$imgs/zzz" "$imgs/zzz"
output=$(sfdisk -d "$imgs/zzz" | grep -v -e 'sector-size' -e '^$') output=$(sfdisk -d "$imgs/zzz" | grep -v -e 'sector-size' -e '^$')
@ -150,11 +157,11 @@ last-lba: 2097118
$imgs/zzz1 : start= 2048, size= 591856, type=933AC7E1-2EB4-4F13-B844-0E14E2AEF915, uuid=4980595D-D74A-483A-AA9E-9903879A0EE5, name=\"home-first\", attrs=\"GUID:59\" $imgs/zzz1 : start= 2048, size= 591856, type=933AC7E1-2EB4-4F13-B844-0E14E2AEF915, uuid=4980595D-D74A-483A-AA9E-9903879A0EE5, name=\"home-first\", attrs=\"GUID:59\"
$imgs/zzz4 : start= 1777624, size= 131072, type=0657FD6D-A4AB-43C4-84E5-0933C84B4F4F, uuid=78C92DB8-3D2B-4823-B0DC-792B78F66F1E, name=\"swap\"" $imgs/zzz4 : start= 1777624, size= 131072, type=0657FD6D-A4AB-43C4-84E5-0933C84B4F4F, uuid=78C92DB8-3D2B-4823-B0DC-792B78F66F1E, name=\"swap\""
systemd-repart --definitions="$defs" \ runas testuser systemd-repart --definitions="$defs" \
--dry-run=no \ --dry-run=no \
--seed="$seed" \ --seed="$seed" \
--exclude-partitions=root \ --exclude-partitions=root \
"$imgs/zzz" "$imgs/zzz"
output=$(sfdisk -d "$imgs/zzz" | grep -v -e 'sector-size' -e '^$') output=$(sfdisk -d "$imgs/zzz" | grep -v -e 'sector-size' -e '^$')
@ -167,10 +174,10 @@ last-lba: 2097118
$imgs/zzz1 : start= 2048, size= 591856, type=933AC7E1-2EB4-4F13-B844-0E14E2AEF915, uuid=4980595D-D74A-483A-AA9E-9903879A0EE5, name=\"home-first\", attrs=\"GUID:59\" $imgs/zzz1 : start= 2048, size= 591856, type=933AC7E1-2EB4-4F13-B844-0E14E2AEF915, uuid=4980595D-D74A-483A-AA9E-9903879A0EE5, name=\"home-first\", attrs=\"GUID:59\"
$imgs/zzz4 : start= 1777624, size= 131072, type=0657FD6D-A4AB-43C4-84E5-0933C84B4F4F, uuid=78C92DB8-3D2B-4823-B0DC-792B78F66F1E, name=\"swap\"" $imgs/zzz4 : start= 1777624, size= 131072, type=0657FD6D-A4AB-43C4-84E5-0933C84B4F4F, uuid=78C92DB8-3D2B-4823-B0DC-792B78F66F1E, name=\"swap\""
systemd-repart --definitions="$defs" \ runas testuser systemd-repart --definitions="$defs" \
--dry-run=no \ --dry-run=no \
--seed="$seed" \ --seed="$seed" \
"$imgs/zzz" "$imgs/zzz"
output=$(sfdisk -d "$imgs/zzz" | grep -v -e 'sector-size' -e '^$') output=$(sfdisk -d "$imgs/zzz" | grep -v -e 'sector-size' -e '^$')
@ -203,10 +210,10 @@ EOF
echo "Label=ignored_label" >>"$defs/home.conf" echo "Label=ignored_label" >>"$defs/home.conf"
echo "UUID=b0b1b2b3b4b5b6b7b8b9babbbcbdbebf" >>"$defs/home.conf" echo "UUID=b0b1b2b3b4b5b6b7b8b9babbbcbdbebf" >>"$defs/home.conf"
systemd-repart --definitions="$defs" \ runas testuser systemd-repart --definitions="$defs" \
--dry-run=no \ --dry-run=no \
--seed="$seed" \ --seed="$seed" \
"$imgs/zzz" "$imgs/zzz"
output=$(sfdisk -d "$imgs/zzz" | grep -v -e 'sector-size' -e '^$') output=$(sfdisk -d "$imgs/zzz" | grep -v -e 'sector-size' -e '^$')
@ -224,11 +231,11 @@ $imgs/zzz5 : start= 1908696, size= 188416, type=0FC63DAF-8483-4772-8E79
# 4. Resizing to 2G # 4. Resizing to 2G
systemd-repart --definitions="$defs" \ runas testuser systemd-repart --definitions="$defs" \
--size=2G \ --size=2G \
--dry-run=no \ --dry-run=no \
--seed="$seed" \ --seed="$seed" \
"$imgs/zzz" "$imgs/zzz"
output=$(sfdisk -d "$imgs/zzz" | grep -v -e 'sector-size' -e '^$') output=$(sfdisk -d "$imgs/zzz" | grep -v -e 'sector-size' -e '^$')
@ -256,11 +263,11 @@ UUID=2a1d97e1d0a346cca26eadc643926617
CopyBlocks=$imgs/block-copy CopyBlocks=$imgs/block-copy
EOF EOF
systemd-repart --definitions="$defs" \ runas testuser systemd-repart --definitions="$defs" \
--size=3G \ --size=3G \
--dry-run=no \ --dry-run=no \
--seed="$seed" \ --seed="$seed" \
"$imgs/zzz" "$imgs/zzz"
output=$(sfdisk -d "$imgs/zzz" | grep -v -e 'sector-size' -e '^$') output=$(sfdisk -d "$imgs/zzz" | grep -v -e 'sector-size' -e '^$')
@ -279,11 +286,6 @@ $imgs/zzz6 : start= 4194264, size= 2097152, type=0FC63DAF-8483-4772-8E79
cmp --bytes=$((4096*10240)) --ignore-initial=0:$((512*4194264)) "$imgs/block-copy" "$imgs/zzz" cmp --bytes=$((4096*10240)) --ignore-initial=0:$((512*4194264)) "$imgs/block-copy" "$imgs/zzz"
if systemd-detect-virt --quiet --container; then
echo "Skipping encrypt tests in container."
return
fi
# 6. Testing Format=/Encrypt=/CopyFiles= # 6. Testing Format=/Encrypt=/CopyFiles=
cat >"$defs/extra3.conf" <<EOF cat >"$defs/extra3.conf" <<EOF
@ -297,11 +299,11 @@ CopyFiles=$defs:/def
SizeMinBytes=48M SizeMinBytes=48M
EOF EOF
systemd-repart --definitions="$defs" \ runas testuser systemd-repart --definitions="$defs" \
--size=auto \ --size=auto \
--dry-run=no \ --dry-run=no \
--seed="$seed" \ --seed="$seed" \
"$imgs/zzz" "$imgs/zzz"
output=$(sfdisk -d "$imgs/zzz" | grep -v -e 'sector-size' -e '^$') output=$(sfdisk -d "$imgs/zzz" | grep -v -e 'sector-size' -e '^$')
@ -319,6 +321,11 @@ $imgs/zzz5 : start= 1908696, size= 2285568, type=0FC63DAF-8483-4772-8E79
$imgs/zzz6 : start= 4194264, size= 2097152, type=0FC63DAF-8483-4772-8E79-3D69D8477DE4, uuid=2A1D97E1-D0A3-46CC-A26E-ADC643926617, name=\"block-copy\" $imgs/zzz6 : start= 4194264, size= 2097152, type=0FC63DAF-8483-4772-8E79-3D69D8477DE4, uuid=2A1D97E1-D0A3-46CC-A26E-ADC643926617, name=\"block-copy\"
$imgs/zzz7 : start= 6291416, size= 98304, type=0FC63DAF-8483-4772-8E79-3D69D8477DE4, uuid=7B93D1F2-595D-4CE3-B0B9-837FBD9E63B0, name=\"luks-format-copy\"" $imgs/zzz7 : start= 6291416, size= 98304, type=0FC63DAF-8483-4772-8E79-3D69D8477DE4, uuid=7B93D1F2-595D-4CE3-B0B9-837FBD9E63B0, name=\"luks-format-copy\""
if systemd-detect-virt --quiet --container; then
echo "Skipping encrypt mount tests in container."
return
fi
loop="$(losetup -P --show --find "$imgs/zzz")" loop="$(losetup -P --show --find "$imgs/zzz")"
udevadm wait --timeout 60 --settle "${loop:?}" udevadm wait --timeout 60 --settle "${loop:?}"
@ -338,8 +345,8 @@ $imgs/zzz7 : start= 6291416, size= 98304, type=0FC63DAF-8483-4772-8E79
test_dropin() { test_dropin() {
local defs imgs output local defs imgs output
defs="$(mktemp --directory "/tmp/test-repart.XXXXXXXXXX")" defs="$(runas testuser mktemp --directory "/tmp/test-repart.XXXXXXXXXX")"
imgs="$(mktemp --directory "/var/tmp/test-repart.XXXXXXXXXX")" imgs="$(runas testuser mktemp --directory "/var/tmp/test-repart.XXXXXXXXXX")"
# shellcheck disable=SC2064 # shellcheck disable=SC2064
trap "rm -rf '$defs' '$imgs'" RETURN trap "rm -rf '$defs' '$imgs'" RETURN
@ -362,7 +369,11 @@ EOF
Label=label2 Label=label2
EOF EOF
output=$(systemd-repart --definitions="$defs" --empty=create --size=100M --json=pretty "$imgs/zzz") output=$(runas testuser systemd-repart --definitions="$defs" \
--empty=create \
--size=100M \
--json=pretty \
"$imgs/zzz")
diff -u <(echo "$output") - <<EOF diff -u <(echo "$output") - <<EOF
[ [
@ -392,8 +403,8 @@ EOF
test_multiple_definitions() { test_multiple_definitions() {
local defs imgs output local defs imgs output
defs="$(mktemp --directory "/tmp/test-repart.XXXXXXXXXX")" defs="$(runas testuser mktemp --directory "/tmp/test-repart.XXXXXXXXXX")"
imgs="$(mktemp --directory "/var/tmp/test-repart.XXXXXXXXXX")" imgs="$(runas testuser mktemp --directory "/var/tmp/test-repart.XXXXXXXXXX")"
# shellcheck disable=SC2064 # shellcheck disable=SC2064
trap "rm -rf '$defs' '$imgs'" RETURN trap "rm -rf '$defs' '$imgs'" RETURN
@ -417,7 +428,12 @@ UUID=837c3d67-21b3-478e-be82-7e7f83bf96d3
Label=label2 Label=label2
EOF EOF
output=$(systemd-repart --definitions="$defs/1" --definitions="$defs/2" --empty=create --size=100M --json=pretty "$imgs/zzz") output=$(runas testuser systemd-repart --definitions="$defs/1" \
--definitions="$defs/2" \
--empty=create \
--size=100M \
--json=pretty \
"$imgs/zzz")
diff -u <(echo "$output") - <<EOF diff -u <(echo "$output") - <<EOF
[ [
@ -458,13 +474,8 @@ EOF
test_copy_blocks() { test_copy_blocks() {
local defs imgs output local defs imgs output
if systemd-detect-virt --quiet --container; then defs="$(runas testuser mktemp --directory "/tmp/test-repart.XXXXXXXXXX")"
echo "Skipping copy blocks tests in container." imgs="$(runas testuser mktemp --directory "/var/tmp/test-repart.XXXXXXXXXX")"
return
fi
defs="$(mktemp --directory "/tmp/test-repart.XXXXXXXXXX")"
imgs="$(mktemp --directory "/var/tmp/test-repart.XXXXXXXXXX")"
# shellcheck disable=SC2064 # shellcheck disable=SC2064
trap "rm -rf '$defs' '$imgs'" RETURN trap "rm -rf '$defs' '$imgs'" RETURN
@ -493,11 +504,11 @@ Format=ext4
MakeDirectories=/usr /efi MakeDirectories=/usr /efi
EOF EOF
systemd-repart --definitions="$defs" \ runas testuser systemd-repart --definitions="$defs" \
--empty=create \ --empty=create \
--size=auto \ --size=auto \
--seed="$seed" \ --seed="$seed" \
"$imgs/zzz" "$imgs/zzz"
output=$(sfdisk --dump "$imgs/zzz") output=$(sfdisk --dump "$imgs/zzz")
@ -505,6 +516,11 @@ EOF
assert_in "$imgs/zzz2 : start= 22528, size= 20480, type=${root_guid}, uuid=${root_uuid}, name=\"root-${architecture}\", attrs=\"GUID:59\"" "$output" assert_in "$imgs/zzz2 : start= 22528, size= 20480, type=${root_guid}, uuid=${root_uuid}, name=\"root-${architecture}\", attrs=\"GUID:59\"" "$output"
assert_in "$imgs/zzz3 : start= 43008, size= 20480, type=${usr_guid}, uuid=${usr_uuid}, name=\"usr-${architecture}\", attrs=\"GUID:60\"" "$output" assert_in "$imgs/zzz3 : start= 43008, size= 20480, type=${usr_guid}, uuid=${usr_uuid}, name=\"usr-${architecture}\", attrs=\"GUID:60\"" "$output"
if systemd-detect-virt --quiet --container; then
echo "Skipping second part of copy blocks tests in container."
return
fi
# Then, create another image with CopyBlocks=auto # Then, create another image with CopyBlocks=auto
cat >"$defs/esp.conf" <<EOF cat >"$defs/esp.conf" <<EOF
@ -526,6 +542,7 @@ Type=root-${architecture}
CopyBlocks=auto CopyBlocks=auto
EOF EOF
# --image needs root privileges so skip runas testuser here.
systemd-repart --definitions="$defs" \ systemd-repart --definitions="$defs" \
--empty=create \ --empty=create \
--size=auto \ --size=auto \
@ -539,8 +556,8 @@ EOF
test_unaligned_partition() { test_unaligned_partition() {
local defs imgs output local defs imgs output
defs="$(mktemp --directory "/tmp/test-repart.XXXXXXXXXX")" defs="$(runas testuser mktemp --directory "/tmp/test-repart.XXXXXXXXXX")"
imgs="$(mktemp --directory "/var/tmp/test-repart.XXXXXXXXXX")" imgs="$(runas testuser mktemp --directory "/var/tmp/test-repart.XXXXXXXXXX")"
# shellcheck disable=SC2064 # shellcheck disable=SC2064
trap "rm -rf '$defs' '$imgs'" RETURN trap "rm -rf '$defs' '$imgs'" RETURN
@ -551,7 +568,7 @@ test_unaligned_partition() {
Type=root-${architecture} Type=root-${architecture}
EOF EOF
truncate -s 10g "$imgs/unaligned" runas testuser truncate -s 10g "$imgs/unaligned"
sfdisk "$imgs/unaligned" <<EOF sfdisk "$imgs/unaligned" <<EOF
label: gpt label: gpt
@ -559,10 +576,10 @@ start=2048, size=69044
start=71092, size=3591848 start=71092, size=3591848
EOF EOF
systemd-repart --definitions="$defs" \ runas testuser systemd-repart --definitions="$defs" \
--seed="$seed" \ --seed="$seed" \
--dry-run=no \ --dry-run=no \
"$imgs/unaligned" "$imgs/unaligned"
output=$(sfdisk --dump "$imgs/unaligned") output=$(sfdisk --dump "$imgs/unaligned")
@ -576,8 +593,8 @@ test_issue_21817() {
# testcase for #21817 # testcase for #21817
defs="$(mktemp --directory "/tmp/test-repart.XXXXXXXXXX")" defs="$(runas testuser mktemp --directory "/tmp/test-repart.XXXXXXXXXX")"
imgs="$(mktemp --directory "/var/tmp/test-repart.XXXXXXXXXX")" imgs="$(runas testuser mktemp --directory "/var/tmp/test-repart.XXXXXXXXXX")"
# shellcheck disable=SC2064 # shellcheck disable=SC2064
trap "rm -rf '$defs' '$imgs'" RETURN trap "rm -rf '$defs' '$imgs'" RETURN
@ -586,7 +603,7 @@ test_issue_21817() {
Type=root Type=root
EOF EOF
truncate -s 100m "$imgs/21817.img" runas testuser truncate -s 100m "$imgs/21817.img"
sfdisk "$imgs/21817.img" <<EOF sfdisk "$imgs/21817.img" <<EOF
label: gpt label: gpt
@ -594,11 +611,11 @@ size=50M, type=${root_guid}
, ,
EOF EOF
systemd-repart --pretty=yes \ runas testuser systemd-repart --pretty=yes \
--definitions "$imgs" \ --definitions "$imgs" \
--seed="$seed" \ --seed="$seed" \
--dry-run=no \ --dry-run=no \
"$imgs/21817.img" "$imgs/21817.img"
output=$(sfdisk --dump "$imgs/21817.img") output=$(sfdisk --dump "$imgs/21817.img")
@ -612,8 +629,8 @@ test_issue_24553() {
# testcase for #24553 # testcase for #24553
defs="$(mktemp --directory "/tmp/test-repart.XXXXXXXXXX")" defs="$(runas testuser mktemp --directory "/tmp/test-repart.XXXXXXXXXX")"
imgs="$(mktemp --directory "/var/tmp/test-repart.XXXXXXXXXX")" imgs="$(runas testuser mktemp --directory "/var/tmp/test-repart.XXXXXXXXXX")"
# shellcheck disable=SC2064 # shellcheck disable=SC2064
trap "rm -rf '$defs' '$imgs'" RETURN trap "rm -rf '$defs' '$imgs'" RETURN
@ -635,28 +652,28 @@ start=524328, size=14848000, type=${root_guid}, uuid=${root_uuid}, name="root-${
EOF EOF
# 1. Operate on a small image compared with SizeMinBytes=. # 1. Operate on a small image compared with SizeMinBytes=.
truncate -s 8g "$imgs/zzz" runas testuser truncate -s 8g "$imgs/zzz"
sfdisk "$imgs/zzz" <"$imgs/partscript" sfdisk "$imgs/zzz" <"$imgs/partscript"
# This should fail, but not trigger assertions. # This should fail, but not trigger assertions.
assert_rc 1 systemd-repart --definitions="$defs" \ assert_rc 1 runas testuser systemd-repart --definitions="$defs" \
--seed="$seed" \ --seed="$seed" \
--dry-run=no \ --dry-run=no \
"$imgs/zzz" "$imgs/zzz"
output=$(sfdisk --dump "$imgs/zzz") output=$(sfdisk --dump "$imgs/zzz")
assert_in "$imgs/zzz2 : start= 524328, size= 14848000, type=${root_guid}, uuid=${root_uuid}, name=\"root-${architecture}\"" "$output" assert_in "$imgs/zzz2 : start= 524328, size= 14848000, type=${root_guid}, uuid=${root_uuid}, name=\"root-${architecture}\"" "$output"
# 2. Operate on an larger image compared with SizeMinBytes=. # 2. Operate on an larger image compared with SizeMinBytes=.
rm -f "$imgs/zzz" rm -f "$imgs/zzz"
truncate -s 12g "$imgs/zzz" runas testuser truncate -s 12g "$imgs/zzz"
sfdisk "$imgs/zzz" <"$imgs/partscript" sfdisk "$imgs/zzz" <"$imgs/partscript"
# This should succeed. # This should succeed.
systemd-repart --definitions="$defs" \ runas testuser systemd-repart --definitions="$defs" \
--seed="$seed" \ --seed="$seed" \
--dry-run=no \ --dry-run=no \
"$imgs/zzz" "$imgs/zzz"
output=$(sfdisk --dump "$imgs/zzz") output=$(sfdisk --dump "$imgs/zzz")
assert_in "$imgs/zzz2 : start= 524328, size= 24641456, type=${root_guid}, uuid=${root_uuid}, name=\"root-${architecture}\"" "$output" assert_in "$imgs/zzz2 : start= 524328, size= 24641456, type=${root_guid}, uuid=${root_uuid}, name=\"root-${architecture}\"" "$output"
@ -678,14 +695,14 @@ Priority=10
EOF EOF
rm -f "$imgs/zzz" rm -f "$imgs/zzz"
truncate -s 8g "$imgs/zzz" runas testuser truncate -s 8g "$imgs/zzz"
sfdisk "$imgs/zzz" <"$imgs/partscript" sfdisk "$imgs/zzz" <"$imgs/partscript"
# This should also succeed, but root is not extended. # This should also succeed, but root is not extended.
systemd-repart --definitions="$defs" \ runas testuser systemd-repart --definitions="$defs" \
--seed="$seed" \ --seed="$seed" \
--dry-run=no \ --dry-run=no \
"$imgs/zzz" "$imgs/zzz"
output=$(sfdisk --dump "$imgs/zzz") output=$(sfdisk --dump "$imgs/zzz")
assert_in "$imgs/zzz2 : start= 524328, size= 14848000, type=${root_guid}, uuid=${root_uuid}, name=\"root-${architecture}\"" "$output" assert_in "$imgs/zzz2 : start= 524328, size= 14848000, type=${root_guid}, uuid=${root_uuid}, name=\"root-${architecture}\"" "$output"
@ -693,14 +710,14 @@ EOF
# 4. Multiple partitions with Priority= (large disk) # 4. Multiple partitions with Priority= (large disk)
rm -f "$imgs/zzz" rm -f "$imgs/zzz"
truncate -s 12g "$imgs/zzz" runas testuser truncate -s 12g "$imgs/zzz"
sfdisk "$imgs/zzz" <"$imgs/partscript" sfdisk "$imgs/zzz" <"$imgs/partscript"
# This should also succeed, and root is extended. # This should also succeed, and root is extended.
systemd-repart --definitions="$defs" \ runas testuser systemd-repart --definitions="$defs" \
--seed="$seed" \ --seed="$seed" \
--dry-run=no \ --dry-run=no \
"$imgs/zzz" "$imgs/zzz"
output=$(sfdisk --dump "$imgs/zzz") output=$(sfdisk --dump "$imgs/zzz")
assert_in "$imgs/zzz2 : start= 524328, size= 20971520, type=${root_guid}, uuid=${root_uuid}, name=\"root-${architecture}\"" "$output" assert_in "$imgs/zzz2 : start= 524328, size= 20971520, type=${root_guid}, uuid=${root_uuid}, name=\"root-${architecture}\"" "$output"
@ -710,8 +727,8 @@ EOF
test_zero_uuid() { test_zero_uuid() {
local defs imgs output local defs imgs output
defs="$(mktemp --directory "/tmp/test-repart.XXXXXXXXXX")" defs="$(runas testuser mktemp --directory "/tmp/test-repart.XXXXXXXXXX")"
imgs="$(mktemp --directory "/var/tmp/test-repart.XXXXXXXXXX")" imgs="$(runas testuser mktemp --directory "/var/tmp/test-repart.XXXXXXXXXX")"
# shellcheck disable=SC2064 # shellcheck disable=SC2064
trap "rm -rf '$defs' '$imgs'" RETURN trap "rm -rf '$defs' '$imgs'" RETURN
@ -723,12 +740,12 @@ Type=root-${architecture}
UUID=null UUID=null
EOF EOF
systemd-repart --definitions="$defs" \ runas testuser systemd-repart --definitions="$defs" \
--seed="$seed" \ --seed="$seed" \
--dry-run=no \ --dry-run=no \
--empty=create \ --empty=create \
--size=auto \ --size=auto \
"$imgs/zero" "$imgs/zero"
output=$(sfdisk --dump "$imgs/zero") output=$(sfdisk --dump "$imgs/zero")
@ -738,13 +755,8 @@ EOF
test_verity() { test_verity() {
local defs imgs output local defs imgs output
if systemd-detect-virt --quiet --container; then defs="$(runas testuser mktemp --directory "/tmp/test-repart.XXXXXXXXXX")"
echo "Skipping verity test in container." imgs="$(runas testuser mktemp --directory "/var/tmp/test-repart.XXXXXXXXXX")"
return
fi
defs="$(mktemp --directory "/tmp/test-repart.XXXXXXXXXX")"
imgs="$(mktemp --directory "/var/tmp/test-repart.XXXXXXXXXX")"
# shellcheck disable=SC2064 # shellcheck disable=SC2064
trap "rm -rf '$defs' '$imgs'" RETURN trap "rm -rf '$defs' '$imgs'" RETURN
@ -786,25 +798,36 @@ CN = Common Name
emailAddress = test@email.com emailAddress = test@email.com
EOF EOF
openssl req -config "$defs/verity.openssl.cnf" -new -x509 -newkey rsa:1024 -keyout "$defs/verity.key" -out "$defs/verity.crt" -days 365 -nodes runas testuser openssl req -config "$defs/verity.openssl.cnf" \
-new -x509 \
-newkey rsa:1024 \
-keyout "$defs/verity.key" \
-out "$defs/verity.crt" \
-days 365 \
-nodes
mkdir -p /run/verity.d mkdir -p /run/verity.d
ln -s "$defs/verity.crt" /run/verity.d/ok.crt ln -s "$defs/verity.crt" /run/verity.d/ok.crt
output=$(systemd-repart --definitions="$defs" \ output=$(runas testuser systemd-repart --definitions="$defs" \
--seed="$seed" \ --seed="$seed" \
--dry-run=no \ --dry-run=no \
--empty=create \ --empty=create \
--size=auto \ --size=auto \
--json=pretty \ --json=pretty \
--private-key="$defs/verity.key" \ --private-key="$defs/verity.key" \
--certificate="$defs/verity.crt" \ --certificate="$defs/verity.crt" \
"$imgs/verity") "$imgs/verity")
roothash=$(jq -r ".[] | select(.type == \"root-${architecture}-verity\") | .roothash" <<< "$output") roothash=$(jq -r ".[] | select(.type == \"root-${architecture}-verity\") | .roothash" <<< "$output")
# Check that we can dissect, mount and unmount a repart verity image. (and that the image UUID is deterministic) # Check that we can dissect, mount and unmount a repart verity image. (and that the image UUID is deterministic)
if systemd-detect-virt --quiet --container; then
echo "Skipping verity test dissect part in container."
return
fi
systemd-dissect "$imgs/verity" --root-hash "$roothash" systemd-dissect "$imgs/verity" --root-hash "$roothash"
systemd-dissect "$imgs/verity" --root-hash "$roothash" --json=short | grep -q '"imageUuid":"1d2ce291-7cce-4f7d-bc83-fdb49ad74ebd"' systemd-dissect "$imgs/verity" --root-hash "$roothash" --json=short | grep -q '"imageUuid":"1d2ce291-7cce-4f7d-bc83-fdb49ad74ebd"'
systemd-dissect "$imgs/verity" --root-hash "$roothash" -M "$imgs/mnt" systemd-dissect "$imgs/verity" --root-hash "$roothash" -M "$imgs/mnt"
@ -814,14 +837,9 @@ EOF
test_issue_24786() { test_issue_24786() {
local defs imgs root output local defs imgs root output
if systemd-detect-virt --quiet --container; then defs="$(runas testuser mktemp --directory "/tmp/test-repart.XXXXXXXXXX")"
echo "Skipping verity test in container." imgs="$(runas testuser mktemp --directory "/var/tmp/test-repart.XXXXXXXXXX")"
return root="$(runas testuser mktemp --directory "/var/tmp/test-repart.XXXXXXXXXX")"
fi
defs="$(mktemp --directory "/tmp/test-repart.XXXXXXXXXX")"
imgs="$(mktemp --directory "/var/tmp/test-repart.XXXXXXXXXX")"
root="$(mktemp --directory "/var/tmp/test-repart.XXXXXXXXXX")"
# shellcheck disable=SC2064 # shellcheck disable=SC2064
trap "rm -rf '$defs' '$imgs' '$root'" RETURN trap "rm -rf '$defs' '$imgs' '$root'" RETURN
@ -841,14 +859,19 @@ Type=usr-${architecture}
CopyFiles=/usr:/ CopyFiles=/usr:/
EOF EOF
output=$(systemd-repart --definitions="$defs" \ output=$(runas testuser systemd-repart --definitions="$defs" \
--seed="$seed" \ --seed="$seed" \
--dry-run=no \ --dry-run=no \
--empty=create \ --empty=create \
--size=auto \ --size=auto \
--json=pretty \ --json=pretty \
--root="$root" \ --root="$root" \
"$imgs/zzz") "$imgs/zzz")
if systemd-detect-virt --quiet --container; then
echo "Skipping issue 24786 test loop/mount parts in container."
return
fi
loop=$(losetup -P --show -f "$imgs/zzz") loop=$(losetup -P --show -f "$imgs/zzz")
udevadm wait --timeout 60 --settle "${loop:?}" udevadm wait --timeout 60 --settle "${loop:?}"
@ -953,6 +976,8 @@ EOF
truncate -s 100m "$imgs/$sector.img" truncate -s 100m "$imgs/$sector.img"
loop=$(losetup -b "$sector" -P --show -f "$imgs/$sector.img" ) loop=$(losetup -b "$sector" -P --show -f "$imgs/$sector.img" )
udevadm wait --timeout 60 --settle "${loop:?}" udevadm wait --timeout 60 --settle "${loop:?}"
# This operates on a loop device which we don't support doing without root privileges so we skip runas
# here.
systemd-repart --pretty=yes \ systemd-repart --pretty=yes \
--definitions="$defs" \ --definitions="$defs" \
--seed="$seed" \ --seed="$seed" \