portable: fix --force flag combination with directory extension

The check for image type uses the wrong variable, so it's applied
when it shouldn't.

Follow-up for 06768b90a32ac0d36252ebc5f426ad471bf29fce

diff --git a/src/portable/portable.c b/src/portable/portable.c
index 2b709f22f5f55d25583adfa0859ce484de423898..5341fb60b67728fbae0338d1ce572a2326c2efbd 100644 (file)
--- a/src/portable/portable.c
+++ b/src/portable/portable.c
@@ -1465,7 +1465,7 @@ static int install_chroot_dropin(
                                                ext->path,
                                                /* With --force tell PID1 to avoid enforcing that the image <name> and
                                                 * extension-release.<name> have to match. */
-                                               !IN_SET(type, IMAGE_DIRECTORY, IMAGE_SUBVOLUME) &&
+                                               !IN_SET(ext->type, IMAGE_DIRECTORY, IMAGE_SUBVOLUME) &&
                                                    FLAGS_SET(flags, PORTABLE_FORCE_EXTENSION) ?
                                                        ":x-systemd.relax-extension-release-check\n" :
                                                        "\n",

diff --git a/test/units/TEST-29-PORTABLE.directory.sh b/test/units/TEST-29-PORTABLE.directory.sh
index 81aae08a3d6d6586f85b8f1d36ee38ff57fc6b9e..8f35c9ee0838210e709c1706a9718554e5cbd3fc 100755 (executable)
--- a/test/units/TEST-29-PORTABLE.directory.sh
+++ b/test/units/TEST-29-PORTABLE.directory.sh
@@ -127,6 +127,19 @@ test -L /run/systemd/system.attached/app0.service.d/10-profile.conf
 test -L /run/systemd/system.attached/app1.service.d/10-profile.conf
 portablectl detach --runtime --extension /tmp/app0 --extension /tmp/app1 /tmp/rootdir app0 app1
 
+# Ensure that --force works with directory extensions, and that ExtensionDirectories=
+# is not decorated with :x-systemd.relax-extension-release-check
+portablectl "${ARGS[@]}" attach --force --copy=symlink --now --runtime --extension /tmp/app0 /tmp/rootdir app0
+
+systemctl is-active app0.service
+status="$(portablectl is-attached --extension app0 rootdir)"
+[[ "${status}" == "running-runtime" ]]
+
+grep -q -F "ExtensionDirectories=" /run/systemd/system.attached/app0.service.d/20-portable.conf
+(! grep -q -F "x-systemd.relax-extension-release-check" /run/systemd/system.attached/app0.service.d/20-portable.conf)
+
+portablectl detach --now --runtime --extension /tmp/app0 /tmp/rootdir app0
+
 # Attempt to disable the app unit during detaching. Requires --copy=symlink to reproduce.
 # Provides coverage for https://github.com/systemd/systemd/issues/23481
 portablectl "${ARGS[@]}" attach --copy=symlink --now --runtime /tmp/rootdir minimal-app0

diff --git a/test/units/TEST-29-PORTABLE.image.sh b/test/units/TEST-29-PORTABLE.image.sh
index 8b930d40f2c433290822457f7c47f5bb8b490b1d..cc83ebc5d6351a6dea5f5129624f38cdb06260fb 100755 (executable)
--- a/test/units/TEST-29-PORTABLE.image.sh
+++ b/test/units/TEST-29-PORTABLE.image.sh
@@ -189,6 +189,10 @@ systemctl is-active app0.service
 status="$(portablectl is-attached --extension /tmp/app10.raw /usr/share/minimal_0.raw)"
 [[ "${status}" == "running-runtime" ]]
 
+# Ensure --force adds relax-extension-release-check for image extensions
+grep -q -F "ExtensionImages=" /run/systemd/system.attached/app0.service.d/20-portable.conf
+grep -q -F "ExtensionImagePolicy=" /run/systemd/system.attached/app0.service.d/20-portable.conf
+
 portablectl inspect --force --cat --extension /tmp/app10.raw /usr/share/minimal_0.raw app0 | grep -F "Extension Release: /tmp/app10.raw" >/dev/null
 
 # Ensure that we can detach even when an image has been deleted already (stop the unit manually as