mirror of
https://github.com/systemd/systemd.git
synced 2025-01-05 13:18:06 +03:00
82c2214539
A fixed name is too rigid, let's give users the ability to define custom drop-in names which at the same time also allows defining multiple dropins per unit. We use ~ as the separator because: - ':' is not allowed in credential names - '=' is used to separate credential from value in mkosi's --credential argument. - '-' is commonly used in filenames - '@' already has meaning as the unit template specifier which might be confusing when adding dropins for template units
88 lines
3.0 KiB
Bash
Executable File
88 lines
3.0 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
# SPDX-License-Identifier: LGPL-2.1-or-later
|
|
set -e
|
|
|
|
TEST_DESCRIPTION="test credentials"
|
|
|
|
NSPAWN_CREDS=(
|
|
"--set-credential=mynspawncredential:strangevalue"
|
|
)
|
|
NSPAWN_ARGUMENTS="${NSPAWN_ARGUMENTS:-} ${NSPAWN_CREDS[*]}"
|
|
|
|
UNIT_CRED=$(base64 -w 0 <<EOF
|
|
[Service]
|
|
Type=oneshot
|
|
ExecStart=touch /tmp/unit-cred
|
|
EOF
|
|
)
|
|
DROPIN_CRED=$(base64 -w 0 <<EOF
|
|
[Service]
|
|
ExecStart=touch /tmp/unit-dropin
|
|
EOF
|
|
)
|
|
NAMED_DROPIN_CRED=$(base64 -w 0 <<EOF
|
|
[Service]
|
|
ExecStart=touch /tmp/unit-named-dropin
|
|
EOF
|
|
)
|
|
|
|
QEMU_CREDS=(
|
|
"-fw_cfg name=opt/io.systemd.credentials/myqemucredential,string=othervalue"
|
|
"-smbios type=11,value=io.systemd.credential:smbioscredential=magicdata"
|
|
"-smbios type=11,value=io.systemd.credential.binary:binarysmbioscredential=bWFnaWNiaW5hcnlkYXRh"
|
|
"-smbios type=11,value=io.systemd.credential.binary:sysusers.extra=dSBjcmVkdGVzdHVzZXIK"
|
|
"-smbios type=11,value=io.systemd.credential.binary:tmpfiles.extra=ZiAvdG1wL3NvdXJjZWRmcm9tY3JlZGVudGlhbCAtIC0gLSAtIHRtcGZpbGVzc2VjcmV0Cg=="
|
|
"-smbios type=11,value=io.systemd.credential.binary:fstab.extra=aW5qZWN0ZWQgL2luamVjdGVkIHRtcGZzIFgtbW91bnQubWtkaXIgMCAwCg=="
|
|
"-smbios type=11,value=io.systemd.credential:getty.ttys.container=idontexist"
|
|
"-smbios type=11,value=io.systemd.credential.binary:systemd.extra-unit.my-service.service=$UNIT_CRED"
|
|
"-smbios type=11,value=io.systemd.credential.binary:systemd.unit-dropin.my-service.service=$DROPIN_CRED"
|
|
"-smbios type=11,value=io.systemd.credential.binary:systemd.unit-dropin.my-service.service~30-named=$NAMED_DROPIN_CRED"
|
|
)
|
|
QEMU_OPTIONS="${QEMU_OPTIONS:-} ${QEMU_CREDS[*]}"
|
|
|
|
KERNEL_CREDS=(
|
|
"systemd.set_credential=kernelcmdlinecred:uff"
|
|
"systemd.set_credential=sysctl.extra:kernel.domainname=sysctltest"
|
|
"systemd.set_credential=login.motd:hello"
|
|
"systemd.set_credential=login.issue:welcome"
|
|
"systemd.set_credential_binary=waldi:d29vb29mZmZ3dWZmZnd1ZmYK"
|
|
"rd.systemd.import_credentials=no"
|
|
)
|
|
KERNEL_APPEND="${KERNEL_APPEND:-} ${KERNEL_CREDS[*]}"
|
|
|
|
# shellcheck source=test/test-functions
|
|
. "${TEST_BASE_DIR:?}/test-functions"
|
|
|
|
test_append_files() {
|
|
instmods qemu_fw_cfg
|
|
if get_bool "$LOOKS_LIKE_SUSE"; then
|
|
instmods dmi-sysfs
|
|
fi
|
|
generate_module_dependencies
|
|
}
|
|
|
|
run_qemu_hook() {
|
|
local td="$WORKDIR"/initrd.extra."$RANDOM"
|
|
mkdir -m 755 "$td"
|
|
add_at_exit_handler "rm -rf $td"
|
|
mkdir -m 755 "$td/etc" "$td"/etc/systemd "$td"/etc/systemd/system "$td"/etc/systemd/system/initrd.target.wants
|
|
|
|
cat > "$td"/etc/systemd/system/initrdcred.service <<EOF
|
|
[Unit]
|
|
Description=populate initrd credential dir
|
|
|
|
[Service]
|
|
Type=oneshot
|
|
RemainAfterExit=yes
|
|
ExecStart=sh -c "mkdir -m 0755 -p /run/credentials && mkdir -m 0700 /run/credentials/@initrd && umask 0077 && echo guatemala > /run/credentials/@initrd/myinitrdcred"
|
|
EOF
|
|
ln -s ../initrdcred.service "$td"/etc/systemd/system/initrd.target.wants/initrdcred.service
|
|
|
|
( cd "$td" && find . | cpio -o -H newc -R root:root > "$td".cpio )
|
|
add_at_exit_handler "rm $td.cpio"
|
|
|
|
INITRD_EXTRA="$td.cpio"
|
|
}
|
|
|
|
do_test "$@"
|