[thirdparty/systemd.git] / test / TEST-54-CREDS / test.sh

#!/usr/bin/env bash
# SPDX-License-Identifier: LGPL-2.1-or-later
set -e

TEST_DESCRIPTION="test credentials"

NSPAWN_CREDS=(
    "--set-credential=mynspawncredential:strangevalue"
)
NSPAWN_ARGUMENTS="${NSPAWN_ARGUMENTS:-} ${NSPAWN_CREDS[*]}"

UNIT_CRED=$(base64 -w 0 <<EOF
[Service]
Type=oneshot
ExecStart=touch /tmp/unit-cred
EOF
)
DROPIN_CRED=$(base64 -w 0 <<EOF
[Service]
ExecStart=
ExecStart=touch /tmp/unit-dropin
EOF
)

QEMU_CREDS=(
    "-fw_cfg name=opt/io.systemd.credentials/myqemucredential,string=othervalue"
    "-smbios type=11,value=io.systemd.credential:smbioscredential=magicdata"
    "-smbios type=11,value=io.systemd.credential.binary:binarysmbioscredential=bWFnaWNiaW5hcnlkYXRh"
    "-smbios type=11,value=io.systemd.credential.binary:sysusers.extra=dSBjcmVkdGVzdHVzZXIK"
    "-smbios type=11,value=io.systemd.credential.binary:tmpfiles.extra=ZiAvdG1wL3NvdXJjZWRmcm9tY3JlZGVudGlhbCAtIC0gLSAtIHRtcGZpbGVzc2VjcmV0Cg=="
    "-smbios type=11,value=io.systemd.credential.binary:fstab.extra=aW5qZWN0ZWQgL2luamVjdGVkIHRtcGZzIFgtbW91bnQubWtkaXIgMCAwCg=="
    "-smbios type=11,value=io.systemd.credential:getty.ttys.container=idontexist"
    "-smbios type=11,value=io.systemd.credential.binary:systemd.extra-unit.my-service.service=$UNIT_CRED"
    "-smbios type=11,value=io.systemd.credential.binary:systemd.unit-dropin.my-service.service=$DROPIN_CRED"
)
QEMU_OPTIONS="${QEMU_OPTIONS:-} ${QEMU_CREDS[*]}"

KERNEL_CREDS=(
    "systemd.set_credential=kernelcmdlinecred:uff"
    "systemd.set_credential=sysctl.extra:kernel.domainname=sysctltest"
    "systemd.set_credential=login.motd:hello"
    "systemd.set_credential=login.issue:welcome"
    "systemd.set_credential_binary=waldi:d29vb29mZmZ3dWZmZnd1ZmYK"
    "rd.systemd.import_credentials=no"
)
KERNEL_APPEND="${KERNEL_APPEND:-} ${KERNEL_CREDS[*]}"

# shellcheck source=test/test-functions
. "${TEST_BASE_DIR:?}/test-functions"

test_append_files() {
    instmods qemu_fw_cfg
    if get_bool "$LOOKS_LIKE_SUSE"; then
        instmods dmi-sysfs
    fi
    generate_module_dependencies
}

run_qemu_hook() {
    local td="$WORKDIR"/initrd.extra."$RANDOM"
    mkdir -m 755 "$td"
    add_at_exit_handler "rm -rf $td"
    mkdir -m 755 "$td/etc" "$td"/etc/systemd "$td"/etc/systemd/system "$td"/etc/systemd/system/initrd.target.wants

    cat > "$td"/etc/systemd/system/initrdcred.service <<EOF
[Unit]
Description=populate initrd credential dir

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=sh -c "mkdir -m 0755 -p /run/credentials && mkdir -m 0700 /run/credentials/@initrd && umask 0077 && echo guatemala > /run/credentials/@initrd/myinitrdcred"
EOF
    ln -s ../initrdcred.service "$td"/etc/systemd/system/initrd.target.wants/initrdcred.service

    ( cd "$td" && find . | cpio -o -H newc -R root:root > "$td".cpio )
    add_at_exit_handler "rm $td.cpio"

    INITRD_EXTRA="$td.cpio"
}

do_test "$@"
Commit	Line	Data
30dd9f73	1	#!/usr/bin/env bash
7b3cec95	2	# SPDX-License-Identifier: LGPL-2.1-or-later
30dd9f73	3	set -e
3f161ba9	4
30dd9f73	5	TEST_DESCRIPTION="test credentials"
a0f4426d LP	6
	7	NSPAWN_CREDS=(
	8	"--set-credential=mynspawncredential:strangevalue"
	9	)
	10	NSPAWN_ARGUMENTS="${NSPAWN_ARGUMENTS:-} ${NSPAWN_CREDS[*]}"
	11
8595f578 DDM	12	UNIT_CRED=$(base64 -w 0 <<EOF
	13	[Service]
	14	Type=oneshot
	15	ExecStart=touch /tmp/unit-cred
	16	EOF
	17	)
	18	DROPIN_CRED=$(base64 -w 0 <<EOF
	19	[Service]
	20	ExecStart=
	21	ExecStart=touch /tmp/unit-dropin
	22	EOF
	23	)
	24
a0f4426d LP	25	QEMU_CREDS=(
	26	"-fw_cfg name=opt/io.systemd.credentials/myqemucredential,string=othervalue"
	27	"-smbios type=11,value=io.systemd.credential:smbioscredential=magicdata"
	28	"-smbios type=11,value=io.systemd.credential.binary:binarysmbioscredential=bWFnaWNiaW5hcnlkYXRh"
	29	"-smbios type=11,value=io.systemd.credential.binary:sysusers.extra=dSBjcmVkdGVzdHVzZXIK"
	30	"-smbios type=11,value=io.systemd.credential.binary:tmpfiles.extra=ZiAvdG1wL3NvdXJjZWRmcm9tY3JlZGVudGlhbCAtIC0gLSAtIHRtcGZpbGVzc2VjcmV0Cg=="
51235f2f	31	"-smbios type=11,value=io.systemd.credential.binary:fstab.extra=aW5qZWN0ZWQgL2luamVjdGVkIHRtcGZzIFgtbW91bnQubWtkaXIgMCAwCg=="
53888c33	32	"-smbios type=11,value=io.systemd.credential:getty.ttys.container=idontexist"
8595f578 DDM	33	"-smbios type=11,value=io.systemd.credential.binary:systemd.extra-unit.my-service.service=$UNIT_CRED"
8595f578 DDM	34	"-smbios type=11,value=io.systemd.credential.binary:systemd.unit-dropin.my-service.service=$DROPIN_CRED"
a0f4426d LP	35	)
	36	QEMU_OPTIONS="${QEMU_OPTIONS:-} ${QEMU_CREDS[*]}"
	37
	38	KERNEL_CREDS=(
	39	"systemd.set_credential=kernelcmdlinecred:uff"
	40	"systemd.set_credential=sysctl.extra:kernel.domainname=sysctltest"
	41	"systemd.set_credential=login.motd:hello"
	42	"systemd.set_credential=login.issue:welcome"
de70ecb3	43	"systemd.set_credential_binary=waldi:d29vb29mZmZ3dWZmZnd1ZmYK"
a0f4426d LP	44	"rd.systemd.import_credentials=no"
	45	)
	46	KERNEL_APPEND="${KERNEL_APPEND:-} ${KERNEL_CREDS[*]}"
30dd9f73	47
3f161ba9 FS	48	# shellcheck source=test/test-functions
3f161ba9 FS	49	. "${TEST_BASE_DIR:?}/test-functions"
30dd9f73	50
93a1f57d LP	51	test_append_files() {
93a1f57d LP	52	instmods qemu_fw_cfg
23ff8a77 YW	53	if get_bool "$LOOKS_LIKE_SUSE"; then
	54	instmods dmi-sysfs
	55	fi
93a1f57d LP	56	generate_module_dependencies
	57	}
	58
4a262d56 LP	59	run_qemu_hook() {
	60	local td="$WORKDIR"/initrd.extra."$RANDOM"
	61	mkdir -m 755 "$td"
	62	add_at_exit_handler "rm -rf $td"
	63	mkdir -m 755 "$td/etc" "$td"/etc/systemd "$td"/etc/systemd/system "$td"/etc/systemd/system/initrd.target.wants
	64
	65	cat > "$td"/etc/systemd/system/initrdcred.service <<EOF
	66	[Unit]
	67	Description=populate initrd credential dir
	68
	69	[Service]
	70	Type=oneshot
	71	RemainAfterExit=yes
	72	ExecStart=sh -c "mkdir -m 0755 -p /run/credentials && mkdir -m 0700 /run/credentials/@initrd && umask 0077 && echo guatemala > /run/credentials/@initrd/myinitrdcred"
	73	EOF
	74	ln -s ../initrdcred.service "$td"/etc/systemd/system/initrd.target.wants/initrdcred.service
	75
	76	( cd "$td" && find . \| cpio -o -H newc -R root:root > "$td".cpio )
	77	add_at_exit_handler "rm $td.cpio"
	78
	79	INITRD_EXTRA="$td.cpio"
	80	}
	81
c4cd6205	82	do_test "$@"