1
0
mirror of https://github.com/systemd/systemd.git synced 2025-01-20 18:04:03 +03:00
Daan De Meyer 82c2214539 debug-generator: Allow specifying name of unit-dropin credential
A fixed name is too rigid, let's give users the ability to define
custom drop-in names which at the same time also allows defining
multiple dropins per unit.

We use ~ as the separator because:
- ':' is not allowed in credential names
- '=' is used to separate credential from value in mkosi's --credential
  argument.
- '-' is commonly used in filenames
- '@' already has meaning as the unit template specifier which might be
  confusing when adding dropins for template units
2024-05-11 19:46:15 +02:00

88 lines
3.0 KiB
Bash
Executable File

#!/usr/bin/env bash
# SPDX-License-Identifier: LGPL-2.1-or-later
set -e
TEST_DESCRIPTION="test credentials"
NSPAWN_CREDS=(
"--set-credential=mynspawncredential:strangevalue"
)
NSPAWN_ARGUMENTS="${NSPAWN_ARGUMENTS:-} ${NSPAWN_CREDS[*]}"
UNIT_CRED=$(base64 -w 0 <<EOF
[Service]
Type=oneshot
ExecStart=touch /tmp/unit-cred
EOF
)
DROPIN_CRED=$(base64 -w 0 <<EOF
[Service]
ExecStart=touch /tmp/unit-dropin
EOF
)
NAMED_DROPIN_CRED=$(base64 -w 0 <<EOF
[Service]
ExecStart=touch /tmp/unit-named-dropin
EOF
)
QEMU_CREDS=(
"-fw_cfg name=opt/io.systemd.credentials/myqemucredential,string=othervalue"
"-smbios type=11,value=io.systemd.credential:smbioscredential=magicdata"
"-smbios type=11,value=io.systemd.credential.binary:binarysmbioscredential=bWFnaWNiaW5hcnlkYXRh"
"-smbios type=11,value=io.systemd.credential.binary:sysusers.extra=dSBjcmVkdGVzdHVzZXIK"
"-smbios type=11,value=io.systemd.credential.binary:tmpfiles.extra=ZiAvdG1wL3NvdXJjZWRmcm9tY3JlZGVudGlhbCAtIC0gLSAtIHRtcGZpbGVzc2VjcmV0Cg=="
"-smbios type=11,value=io.systemd.credential.binary:fstab.extra=aW5qZWN0ZWQgL2luamVjdGVkIHRtcGZzIFgtbW91bnQubWtkaXIgMCAwCg=="
"-smbios type=11,value=io.systemd.credential:getty.ttys.container=idontexist"
"-smbios type=11,value=io.systemd.credential.binary:systemd.extra-unit.my-service.service=$UNIT_CRED"
"-smbios type=11,value=io.systemd.credential.binary:systemd.unit-dropin.my-service.service=$DROPIN_CRED"
"-smbios type=11,value=io.systemd.credential.binary:systemd.unit-dropin.my-service.service~30-named=$NAMED_DROPIN_CRED"
)
QEMU_OPTIONS="${QEMU_OPTIONS:-} ${QEMU_CREDS[*]}"
KERNEL_CREDS=(
"systemd.set_credential=kernelcmdlinecred:uff"
"systemd.set_credential=sysctl.extra:kernel.domainname=sysctltest"
"systemd.set_credential=login.motd:hello"
"systemd.set_credential=login.issue:welcome"
"systemd.set_credential_binary=waldi:d29vb29mZmZ3dWZmZnd1ZmYK"
"rd.systemd.import_credentials=no"
)
KERNEL_APPEND="${KERNEL_APPEND:-} ${KERNEL_CREDS[*]}"
# shellcheck source=test/test-functions
. "${TEST_BASE_DIR:?}/test-functions"
test_append_files() {
instmods qemu_fw_cfg
if get_bool "$LOOKS_LIKE_SUSE"; then
instmods dmi-sysfs
fi
generate_module_dependencies
}
run_qemu_hook() {
local td="$WORKDIR"/initrd.extra."$RANDOM"
mkdir -m 755 "$td"
add_at_exit_handler "rm -rf $td"
mkdir -m 755 "$td/etc" "$td"/etc/systemd "$td"/etc/systemd/system "$td"/etc/systemd/system/initrd.target.wants
cat > "$td"/etc/systemd/system/initrdcred.service <<EOF
[Unit]
Description=populate initrd credential dir
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=sh -c "mkdir -m 0755 -p /run/credentials && mkdir -m 0700 /run/credentials/@initrd && umask 0077 && echo guatemala > /run/credentials/@initrd/myinitrdcred"
EOF
ln -s ../initrdcred.service "$td"/etc/systemd/system/initrd.target.wants/initrdcred.service
( cd "$td" && find . | cpio -o -H newc -R root:root > "$td".cpio )
add_at_exit_handler "rm $td.cpio"
INITRD_EXTRA="$td.cpio"
}
do_test "$@"