From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Fri, 31 Oct 2025 16:46:49 +0000 (+0000)
Subject: test: add test case for verity deferred removal without sharing
X-Git-Tag: v259-rc1~198
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=10fc43e504da5962fa5f04341ae8ba92a9981be9;p=thirdparty%2Fsystemd.git

test: add test case for verity deferred removal without sharing

I recently found out (the hard way) that on an older version
there was a bug when the verity sharing is disabled: the
deferred close flag was not set correctly, so verity devices
were leaked.

This is not an issue in main currently, but add a test case
to cover it just in case, to avoid future regressions.
---

diff --git a/test/units/TEST-50-DISSECT.dissect.sh b/test/units/TEST-50-DISSECT.dissect.sh
index f6e5c07bc93..6eac920c8d7 100755
--- a/test/units/TEST-50-DISSECT.dissect.sh
+++ b/test/units/TEST-50-DISSECT.dissect.sh
@@ -78,6 +78,17 @@ fi
 systemd-dissect --umount "$IMAGE_DIR/mount"
 systemd-dissect --umount "$IMAGE_DIR/mount2"
 
+# Ensure the deferred close flag is set up correctly and we don't leak verity devices
+# when sharing is disabled
+set +o pipefail
+# The devices are named 'loopXYZ-verity' when sharing is disabled
+n_before=$(dmsetup ls | grep loop | grep -c verity || true)
+SYSTEMD_VERITY_SHARING=0 systemd-dissect --mount "$MINIMAL_IMAGE.raw" "$IMAGE_DIR/mount"
+test $((n_before + 1)) -eq "$(dmsetup ls | grep loop | grep -c verity || true)"
+umount -R "$IMAGE_DIR/mount"
+test "$n_before" -eq "$(dmsetup ls | grep loop | grep -c verity || true)"
+set -o pipefail
+
 # Test BindLogSockets=
 systemd-run --wait -p RootImage="$MINIMAL_IMAGE.raw" mountpoint /run/systemd/journal/socket
 (! systemd-run --wait -p RootImage="$MINIMAL_IMAGE.raw" -p BindLogSockets=no ls /run/systemd/journal/socket)