mirror of
https://github.com/systemd/systemd.git
synced 2024-10-30 06:25:37 +03:00
2350712e32
A reattach might go from img.raw to img_0.1.raw or viceversa, but this is not allowed right now as we try to match the full name. Also take into account that running strcspn(a, '/') on an image name, without leading path, will return the length of the full string, but the versions might be different so they won't match, eg: img_0.1.raw -> 12 img_0.1.1.raw -> 14 So adjust the check to take that into account, and skip it if we are not dealing with directories
158 lines
6.4 KiB
Bash
Executable File
158 lines
6.4 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
# SPDX-License-Identifier: LGPL-2.1-or-later
|
|
# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
|
|
# ex: ts=8 sw=4 sts=4 et filetype=sh
|
|
set -eux
|
|
set -o pipefail
|
|
|
|
ARGS=()
|
|
state_directory=/var/lib/private/
|
|
if [[ -v ASAN_OPTIONS || -v UBSAN_OPTIONS ]]; then
|
|
# If we're running under sanitizers, we need to use a less restrictive
|
|
# profile, otherwise LSan syscall would get blocked by seccomp
|
|
ARGS+=(--profile=trusted)
|
|
# With the trusted profile DynamicUser is disabled, so the storage is not in private/
|
|
state_directory=/var/lib/
|
|
fi
|
|
|
|
systemd-dissect --no-pager /usr/share/minimal_0.raw | grep -q '✓ portable service'
|
|
systemd-dissect --no-pager /usr/share/minimal_1.raw | grep -q '✓ portable service'
|
|
systemd-dissect --no-pager /usr/share/app0.raw | grep -q '✓ extension for portable service'
|
|
systemd-dissect --no-pager /usr/share/app1.raw | grep -q '✓ extension for portable service'
|
|
|
|
export SYSTEMD_LOG_LEVEL=debug
|
|
mkdir -p /run/systemd/system/systemd-portabled.service.d/
|
|
cat <<EOF >/run/systemd/system/systemd-portabled.service.d/override.conf
|
|
[Service]
|
|
Environment=SYSTEMD_LOG_LEVEL=debug
|
|
EOF
|
|
|
|
portablectl "${ARGS[@]}" attach --now --runtime /usr/share/minimal_0.raw minimal-app0
|
|
|
|
systemctl is-active minimal-app0.service
|
|
systemctl is-active minimal-app0-foo.service
|
|
systemctl is-active minimal-app0-bar.service && exit 1
|
|
|
|
portablectl "${ARGS[@]}" reattach --now --runtime /usr/share/minimal_1.raw minimal-app0
|
|
|
|
systemctl is-active minimal-app0.service
|
|
systemctl is-active minimal-app0-bar.service
|
|
systemctl is-active minimal-app0-foo.service && exit 1
|
|
|
|
portablectl list | grep -q -F "minimal_1"
|
|
|
|
portablectl detach --now --runtime /usr/share/minimal_1.raw minimal-app0
|
|
|
|
portablectl list | grep -q -F "No images."
|
|
|
|
# portablectl also works with directory paths rather than images
|
|
|
|
unsquashfs -dest /tmp/minimal_0 /usr/share/minimal_0.raw
|
|
unsquashfs -dest /tmp/minimal_1 /usr/share/minimal_1.raw
|
|
|
|
portablectl "${ARGS[@]}" attach --copy=symlink --now --runtime /tmp/minimal_0 minimal-app0
|
|
|
|
systemctl is-active minimal-app0.service
|
|
systemctl is-active minimal-app0-foo.service
|
|
systemctl is-active minimal-app0-bar.service && exit 1
|
|
|
|
portablectl "${ARGS[@]}" reattach --now --enable --runtime /tmp/minimal_1 minimal-app0
|
|
|
|
systemctl is-active minimal-app0.service
|
|
systemctl is-active minimal-app0-bar.service
|
|
systemctl is-active minimal-app0-foo.service && exit 1
|
|
|
|
portablectl list | grep -q -F "minimal_1"
|
|
|
|
portablectl detach --now --enable --runtime /tmp/minimal_1 minimal-app0
|
|
|
|
portablectl list | grep -q -F "No images."
|
|
|
|
portablectl "${ARGS[@]}" attach --now --runtime --extension /usr/share/app0.raw /usr/share/minimal_0.raw app0
|
|
|
|
systemctl is-active app0.service
|
|
status="$(portablectl is-attached --extension app0 minimal_0)"
|
|
[[ "${status}" == "running-runtime" ]]
|
|
|
|
portablectl "${ARGS[@]}" reattach --now --runtime --extension /usr/share/app0.raw /usr/share/minimal_1.raw app0
|
|
|
|
systemctl is-active app0.service
|
|
status="$(portablectl is-attached --extension app0 minimal_1)"
|
|
[[ "${status}" == "running-runtime" ]]
|
|
|
|
portablectl detach --now --runtime --extension /usr/share/app0.raw /usr/share/minimal_1.raw app0
|
|
|
|
portablectl "${ARGS[@]}" attach --now --runtime --extension /usr/share/app1.raw /usr/share/minimal_0.raw app1
|
|
|
|
systemctl is-active app1.service
|
|
status="$(portablectl is-attached --extension app1 minimal_0)"
|
|
[[ "${status}" == "running-runtime" ]]
|
|
|
|
# Ensure that adding or removing a version to the image doesn't break reattaching
|
|
cp /usr/share/app1.raw /tmp/app1_2.raw
|
|
portablectl "${ARGS[@]}" reattach --now --runtime --extension /tmp/app1_2.raw /usr/share/minimal_1.raw app1
|
|
|
|
systemctl is-active app1.service
|
|
status="$(portablectl is-attached --extension app1_2 minimal_1)"
|
|
[[ "${status}" == "running-runtime" ]]
|
|
|
|
portablectl "${ARGS[@]}" reattach --now --runtime --extension /usr/share/app1.raw /usr/share/minimal_1.raw app1
|
|
|
|
systemctl is-active app1.service
|
|
status="$(portablectl is-attached --extension app1 minimal_1)"
|
|
[[ "${status}" == "running-runtime" ]]
|
|
|
|
portablectl detach --now --runtime --extension /usr/share/app1.raw /usr/share/minimal_1.raw app1
|
|
|
|
# Ensure that the combination of read-only images, state directory and dynamic user works, and that
|
|
# state is retained. Check after detaching, as on slow systems (eg: sanitizers) it might take a while
|
|
# after the service is attached before the file appears.
|
|
grep -q -F bar "${state_directory}/app0/foo"
|
|
grep -q -F baz "${state_directory}/app1/foo"
|
|
|
|
# portablectl also works with directory paths rather than images
|
|
|
|
mkdir /tmp/rootdir /tmp/app0 /tmp/app1 /tmp/overlay /tmp/os-release-fix /tmp/os-release-fix/etc
|
|
mount /usr/share/app0.raw /tmp/app0
|
|
mount /usr/share/app1.raw /tmp/app1
|
|
mount /usr/share/minimal_0.raw /tmp/rootdir
|
|
|
|
# Fix up os-release to drop the valid PORTABLE_SERVICES field (because we are
|
|
# bypassing the sysext logic in portabled here it will otherwise not see the
|
|
# extensions additional valid prefix)
|
|
grep -v "^PORTABLE_PREFIXES=" /tmp/rootdir/etc/os-release > /tmp/os-release-fix/etc/os-release
|
|
|
|
mount -t overlay overlay -o lowerdir=/tmp/os-release-fix:/tmp/app1:/tmp/rootdir /tmp/overlay
|
|
|
|
grep . /tmp/overlay/usr/lib/extension-release.d/*
|
|
grep . /tmp/overlay/etc/os-release
|
|
|
|
portablectl "${ARGS[@]}" attach --copy=symlink --now --runtime /tmp/overlay app1
|
|
|
|
systemctl is-active app1.service
|
|
|
|
portablectl detach --now --runtime overlay app1
|
|
|
|
umount /tmp/overlay
|
|
|
|
portablectl "${ARGS[@]}" attach --copy=symlink --now --runtime --extension /tmp/app0 --extension /tmp/app1 /tmp/rootdir app0 app1
|
|
|
|
systemctl is-active app0.service
|
|
systemctl is-active app1.service
|
|
|
|
portablectl inspect --cat --extension app0 --extension app1 rootdir app0 app1 | grep -q -f /tmp/rootdir/usr/lib/os-release
|
|
portablectl inspect --cat --extension app0 --extension app1 rootdir app0 app1 | grep -q -f /tmp/app0/usr/lib/extension-release.d/extension-release.app0
|
|
portablectl inspect --cat --extension app0 --extension app1 rootdir app0 app1 | grep -q -f /tmp/app1/usr/lib/extension-release.d/extension-release.app2
|
|
portablectl inspect --cat --extension app0 --extension app1 rootdir app0 app1 | grep -q -f /tmp/app1/usr/lib/systemd/system/app1.service
|
|
portablectl inspect --cat --extension app0 --extension app1 rootdir app0 app1 | grep -q -f /tmp/app0/usr/lib/systemd/system/app0.service
|
|
|
|
portablectl detach --now --runtime --extension /tmp/app0 --extension /tmp/app1 /tmp/rootdir app0 app1
|
|
|
|
umount /tmp/rootdir
|
|
umount /tmp/app0
|
|
umount /tmp/app1
|
|
|
|
echo OK >/testok
|
|
|
|
exit 0
|