mirror of
https://github.com/systemd/systemd
synced 2024-10-14 20:17:52 +00:00
test: add test for initrd credentials
This extends the test framework a bit, and allows adding additional initrds to the qemu invocation, which we use here to place credentials in the new /run/systemd/@initrd/ credentials dir which are then passed to the host.
This commit is contained in:
parent
bfa6d9cc64
commit
4a262d5677
|
@ -38,4 +38,27 @@ test_append_files() {
|
|||
generate_module_dependencies
|
||||
}
|
||||
|
||||
run_qemu_hook() {
|
||||
local td="$WORKDIR"/initrd.extra."$RANDOM"
|
||||
mkdir -m 755 "$td"
|
||||
add_at_exit_handler "rm -rf $td"
|
||||
mkdir -m 755 "$td/etc" "$td"/etc/systemd "$td"/etc/systemd/system "$td"/etc/systemd/system/initrd.target.wants
|
||||
|
||||
cat > "$td"/etc/systemd/system/initrdcred.service <<EOF
|
||||
[Unit]
|
||||
Description=populate initrd credential dir
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
RemainAfterExit=yes
|
||||
ExecStart=sh -c "mkdir -m 0755 -p /run/credentials && mkdir -m 0700 /run/credentials/@initrd && umask 0077 && echo guatemala > /run/credentials/@initrd/myinitrdcred"
|
||||
EOF
|
||||
ln -s ../initrdcred.service "$td"/etc/systemd/system/initrd.target.wants/initrdcred.service
|
||||
|
||||
( cd "$td" && find . | cpio -o -H newc -R root:root > "$td".cpio )
|
||||
add_at_exit_handler "rm $td.cpio"
|
||||
|
||||
INITRD_EXTRA="$td.cpio"
|
||||
}
|
||||
|
||||
do_test "$@"
|
||||
|
|
|
@ -428,9 +428,25 @@ qemu_min_version() {
|
|||
printf "%s\n%s\n" "$1" "$qemu_ver" | sort -V -C
|
||||
}
|
||||
|
||||
# Pads a file to multiple of 4 bytes
|
||||
pad4_file() {
|
||||
local size
|
||||
size=$(stat -c "%s" "$1")
|
||||
local padded
|
||||
padded=$((((size + 3) / 4) * 4))
|
||||
truncate -s "$padded" "$1"
|
||||
}
|
||||
|
||||
# Return 0 if qemu did run (then you must check the result state/logs for actual
|
||||
# success), or 1 if qemu is not available.
|
||||
run_qemu() {
|
||||
if declare -F run_qemu_hook >/dev/null; then
|
||||
if ! run_qemu_hook "${workspace}"; then
|
||||
derror "check_qemu_hook() returned with EC > 0"
|
||||
ret=4
|
||||
fi
|
||||
fi
|
||||
|
||||
# If the test provided its own initrd, use it (e.g. TEST-24)
|
||||
if [[ -z "$INITRD" && -f "${TESTDIR:?}/initrd.img" ]]; then
|
||||
INITRD="$TESTDIR/initrd.img"
|
||||
|
@ -577,8 +593,29 @@ run_qemu() {
|
|||
fi
|
||||
|
||||
if [[ -n "$INITRD" ]]; then
|
||||
if [[ -n "$INITRD_EXTRA" ]]; then
|
||||
# An addition initrd has been specified, let's combine it with the main one.
|
||||
local t="$WORKDIR"/initrd.combined."$RANDOM"
|
||||
|
||||
# First, show contents of additional initrd
|
||||
echo "Additional initrd contents:"
|
||||
cpio -tv < "$INITRD_EXTRA"
|
||||
|
||||
# Copy the main initrd
|
||||
zstd -d -c -f "$INITRD" > "$t"
|
||||
add_at_exit_handler "rm $t"
|
||||
# Kernel requires this to be padded to multiple of 4 bytes with zeroes
|
||||
pad4_file "$t"
|
||||
|
||||
# Copy the additional initrd
|
||||
cat "$INITRD_EXTRA" >> "$t"
|
||||
pad4_file "$t"
|
||||
|
||||
qemu_options+=(-initrd "$t")
|
||||
else
|
||||
qemu_options+=(-initrd "$INITRD")
|
||||
fi
|
||||
fi
|
||||
|
||||
# Let's use KVM if possible
|
||||
if [[ -c /dev/kvm ]] && get_bool $QEMU_KVM; then
|
||||
|
|
|
@ -301,6 +301,11 @@ systemd-run -p DynamicUser=yes -p 'LoadCredential=os:/etc/os-release' \
|
|||
--pipe \
|
||||
true | cmp /etc/os-release
|
||||
|
||||
if ! systemd-detect-virt -q -c ; then
|
||||
# Validate that the credential we inserted via the initrd logic arrived
|
||||
test "$(systemd-creds cat --system myinitrdcred)" = "guatemala"
|
||||
fi
|
||||
|
||||
systemd-analyze log-level info
|
||||
|
||||
echo OK >/testok
|
||||
|
|
Loading…
Reference in a new issue