verify: ignore nonexistent executables if required

We provide a way via the '-' symbol to ignore errors when nonexistent
executable files are passed to Exec* parameters & so on. In such a case,
the flag `EXEC_COMMAND_IGNORE_FAILURE` is set and we go on happily with
our life if that happens. However, `systemd-analyze verify` complained
about missing executables even in such a case. In such a case it is not
an error for this to happen so check if the flag is set before checking
if the file is accessible and executable.

Add some small tests to check this condition.

Closes #15218.

diff --git a/src/analyze/analyze-verify.c b/src/analyze/analyze-verify.c
index 4cfbdfa5ab2b353bbd68e2daf7960bed8def7752..8275360adc3911bde3aa996ae9640cbe9c357ca2 100644 (file)
--- a/src/analyze/analyze-verify.c
+++ b/src/analyze/analyze-verify.c
@@ -124,10 +124,13 @@ static int verify_socket(Unit *u) {
         return 0;
 }
 
-static int verify_executable(Unit *u, ExecCommand *exec) {
+int verify_executable(Unit *u, const ExecCommand *exec) {
         if (!exec)
                 return 0;
 
+        if (exec->flags & EXEC_COMMAND_IGNORE_FAILURE)
+                return 0;
+
         if (access(exec->path, X_OK) < 0)
                 return log_unit_error_errno(u, errno, "Command %s is not executable: %m", exec->path);
 

diff --git a/src/analyze/analyze-verify.h b/src/analyze/analyze-verify.h
index 3561d4302bfe6b73e03e8864264d0a83a2201d1c..3da2cf7097a46d5f378eaf3b641b11525c4f595d 100644 (file)
--- a/src/analyze/analyze-verify.h
+++ b/src/analyze/analyze-verify.h
@@ -3,6 +3,8 @@
 
 #include <stdbool.h>
 
+#include "execute.h"
 #include "path-lookup.h"
 
+int verify_executable(Unit *u, const ExecCommand *exec);
 int verify_units(char **filenames, UnitFileScope scope, bool check_man, bool run_generators);

diff --git a/src/analyze/test-verify.c b/src/analyze/test-verify.c
new file mode 100644 (file)
index 0000000..dcbb639
--- /dev/null
+++ b/src/analyze/test-verify.c
@@ -0,0 +1,19 @@
+/* SPDX-License-Identifier: LGPL-2.1+ */
+#include "analyze-verify.h"
+#include "tests.h"
+
+static void test_verify_nonexistent(void) {
+        /* Negative cases */
+        assert_se(verify_executable(NULL, &(ExecCommand) {.flags = EXEC_COMMAND_IGNORE_FAILURE, .path = (char*) "/non/existent"}) == 0);
+        assert_se(verify_executable(NULL, &(ExecCommand) {.path = (char*) "/non/existent"}) < 0);
+
+        /* Ordinary cases */
+        assert_se(verify_executable(NULL, &(ExecCommand) {.path = (char*) "/bin/echo"}) == 0);
+        assert_se(verify_executable(NULL, &(ExecCommand) {.flags = EXEC_COMMAND_IGNORE_FAILURE, .path = (char*) "/bin/echo"}) == 0);
+}
+
+int main(int argc, char *argv[]) {
+        test_setup_logging(LOG_DEBUG);
+
+        test_verify_nonexistent();
+}

diff --git a/src/test/meson.build b/src/test/meson.build
index a674d6cfe9313c13ac319535bb6e304fe1a4bafb..7f96be8f55afabe88f0f0e4093e57bf5321858d6 100644 (file)
--- a/src/test/meson.build
+++ b/src/test/meson.build
@@ -1127,6 +1127,10 @@ tests += [
          [],
          []],
 
+        [['src/analyze/test-verify.c', 'src/analyze/analyze-verify.c', 'src/analyze/analyze-verify.h'],
+         [libcore, libshared],
+         []],
+
         [['src/login/test-inhibit.c'],
          [],
          [],