2 # SPDX-License-Identifier: LGPL-2.1-or-later
3 # shellcheck disable=SC2016
6 systemd-analyze log-level debug
8 # Verify that the creds are properly loaded and we can read them from the service's unpriv user
9 systemd-run
-p LoadCredential
=passwd
:/etc
/passwd \
10 -p LoadCredential
=shadow
:/etc
/shadow \
11 -p SetCredential
=dog
:wuff \
15 cat '${CREDENTIALS_DIRECTORY}/passwd' '${CREDENTIALS_DIRECTORY}/shadow' '${CREDENTIALS_DIRECTORY}/dog' >/tmp
/ts54-concat
16 ( cat /etc
/passwd
/etc
/shadow
&& echo -n wuff
) |
cmp /tmp
/ts54-concat
19 # Verify that the creds are immutable
20 systemd-run
-p LoadCredential
=passwd
:/etc
/passwd \
23 touch '${CREDENTIALS_DIRECTORY}/passwd' \
24 && { echo 'unexpected success'; exit 1; }
25 systemd-run
-p LoadCredential
=passwd
:/etc
/passwd \
28 rm '${CREDENTIALS_DIRECTORY}/passwd' \
29 && { echo 'unexpected success'; exit 1; }
31 # Now test encrypted credentials (only supported when built with OpenSSL though)
33 if systemctl
--version |
grep -q -- +OPENSSL
; then
34 echo -n $RANDOM >/tmp
/test-54-plaintext
35 systemd-creds encrypt
--name=test-54
/tmp
/test-54-plaintext
/tmp
/test-54-ciphertext
36 systemd-creds decrypt
--name=test-54
/tmp
/test-54-ciphertext |
cmp /tmp
/test-54-plaintext
38 systemd-run
-p LoadCredentialEncrypted
=test-54
:/tmp
/test-54-ciphertext \
41 cat '${CREDENTIALS_DIRECTORY}/test-54' |
cmp /tmp
/test-54-plaintext
43 echo -n $RANDOM >/tmp
/test-54-plaintext
44 systemd-creds encrypt
--name=test-54
/tmp
/test-54-plaintext
/tmp
/test-54-ciphertext
45 systemd-creds decrypt
--name=test-54
/tmp
/test-54-ciphertext |
cmp /tmp
/test-54-plaintext
47 systemd-run
-p SetCredentialEncrypted
=test-54
:"$(cat /tmp/test-54-ciphertext)" \
50 cat '${CREDENTIALS_DIRECTORY}/test-54' |
cmp /tmp
/test-54-plaintext
52 rm /tmp
/test-54-plaintext
/tmp
/test-54-ciphertext
55 systemd-analyze log-level info