mirror of
https://github.com/systemd/systemd
synced 2024-10-14 20:17:52 +00:00
test: add test for initrd credentials
This extends the test framework a bit, and allows adding additional initrds to the qemu invocation, which we use here to place credentials in the new /run/systemd/@initrd/ credentials dir which are then passed to the host.
This commit is contained in:
parent
bfa6d9cc64
commit
4a262d5677
|
@ -38,4 +38,27 @@ test_append_files() {
|
||||||
generate_module_dependencies
|
generate_module_dependencies
|
||||||
}
|
}
|
||||||
|
|
||||||
|
run_qemu_hook() {
|
||||||
|
local td="$WORKDIR"/initrd.extra."$RANDOM"
|
||||||
|
mkdir -m 755 "$td"
|
||||||
|
add_at_exit_handler "rm -rf $td"
|
||||||
|
mkdir -m 755 "$td/etc" "$td"/etc/systemd "$td"/etc/systemd/system "$td"/etc/systemd/system/initrd.target.wants
|
||||||
|
|
||||||
|
cat > "$td"/etc/systemd/system/initrdcred.service <<EOF
|
||||||
|
[Unit]
|
||||||
|
Description=populate initrd credential dir
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
RemainAfterExit=yes
|
||||||
|
ExecStart=sh -c "mkdir -m 0755 -p /run/credentials && mkdir -m 0700 /run/credentials/@initrd && umask 0077 && echo guatemala > /run/credentials/@initrd/myinitrdcred"
|
||||||
|
EOF
|
||||||
|
ln -s ../initrdcred.service "$td"/etc/systemd/system/initrd.target.wants/initrdcred.service
|
||||||
|
|
||||||
|
( cd "$td" && find . | cpio -o -H newc -R root:root > "$td".cpio )
|
||||||
|
add_at_exit_handler "rm $td.cpio"
|
||||||
|
|
||||||
|
INITRD_EXTRA="$td.cpio"
|
||||||
|
}
|
||||||
|
|
||||||
do_test "$@"
|
do_test "$@"
|
||||||
|
|
|
@ -428,9 +428,25 @@ qemu_min_version() {
|
||||||
printf "%s\n%s\n" "$1" "$qemu_ver" | sort -V -C
|
printf "%s\n%s\n" "$1" "$qemu_ver" | sort -V -C
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Pads a file to multiple of 4 bytes
|
||||||
|
pad4_file() {
|
||||||
|
local size
|
||||||
|
size=$(stat -c "%s" "$1")
|
||||||
|
local padded
|
||||||
|
padded=$((((size + 3) / 4) * 4))
|
||||||
|
truncate -s "$padded" "$1"
|
||||||
|
}
|
||||||
|
|
||||||
# Return 0 if qemu did run (then you must check the result state/logs for actual
|
# Return 0 if qemu did run (then you must check the result state/logs for actual
|
||||||
# success), or 1 if qemu is not available.
|
# success), or 1 if qemu is not available.
|
||||||
run_qemu() {
|
run_qemu() {
|
||||||
|
if declare -F run_qemu_hook >/dev/null; then
|
||||||
|
if ! run_qemu_hook "${workspace}"; then
|
||||||
|
derror "check_qemu_hook() returned with EC > 0"
|
||||||
|
ret=4
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
# If the test provided its own initrd, use it (e.g. TEST-24)
|
# If the test provided its own initrd, use it (e.g. TEST-24)
|
||||||
if [[ -z "$INITRD" && -f "${TESTDIR:?}/initrd.img" ]]; then
|
if [[ -z "$INITRD" && -f "${TESTDIR:?}/initrd.img" ]]; then
|
||||||
INITRD="$TESTDIR/initrd.img"
|
INITRD="$TESTDIR/initrd.img"
|
||||||
|
@ -577,7 +593,28 @@ run_qemu() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ -n "$INITRD" ]]; then
|
if [[ -n "$INITRD" ]]; then
|
||||||
qemu_options+=(-initrd "$INITRD")
|
if [[ -n "$INITRD_EXTRA" ]]; then
|
||||||
|
# An addition initrd has been specified, let's combine it with the main one.
|
||||||
|
local t="$WORKDIR"/initrd.combined."$RANDOM"
|
||||||
|
|
||||||
|
# First, show contents of additional initrd
|
||||||
|
echo "Additional initrd contents:"
|
||||||
|
cpio -tv < "$INITRD_EXTRA"
|
||||||
|
|
||||||
|
# Copy the main initrd
|
||||||
|
zstd -d -c -f "$INITRD" > "$t"
|
||||||
|
add_at_exit_handler "rm $t"
|
||||||
|
# Kernel requires this to be padded to multiple of 4 bytes with zeroes
|
||||||
|
pad4_file "$t"
|
||||||
|
|
||||||
|
# Copy the additional initrd
|
||||||
|
cat "$INITRD_EXTRA" >> "$t"
|
||||||
|
pad4_file "$t"
|
||||||
|
|
||||||
|
qemu_options+=(-initrd "$t")
|
||||||
|
else
|
||||||
|
qemu_options+=(-initrd "$INITRD")
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Let's use KVM if possible
|
# Let's use KVM if possible
|
||||||
|
|
|
@ -301,6 +301,11 @@ systemd-run -p DynamicUser=yes -p 'LoadCredential=os:/etc/os-release' \
|
||||||
--pipe \
|
--pipe \
|
||||||
true | cmp /etc/os-release
|
true | cmp /etc/os-release
|
||||||
|
|
||||||
|
if ! systemd-detect-virt -q -c ; then
|
||||||
|
# Validate that the credential we inserted via the initrd logic arrived
|
||||||
|
test "$(systemd-creds cat --system myinitrdcred)" = "guatemala"
|
||||||
|
fi
|
||||||
|
|
||||||
systemd-analyze log-level info
|
systemd-analyze log-level info
|
||||||
|
|
||||||
echo OK >/testok
|
echo OK >/testok
|
||||||
|
|
Loading…
Reference in a new issue