Those are all unary operators.
}
sighup_handler() {
- echo "hup$(( ++COUNTER ))" > /tmp/syncfifo1
+ echo "hup$(( ++COUNTER ))" >/tmp/syncfifo1
}
trap sighup_handler SIGHUP
}
sync_out() {
- echo "$1" > /tmp/syncfifo1
+ echo "$1" >/tmp/syncfifo1
}
export SYSTEMD_LOG_LEVEL=debug
test "$ret" = "/efi" -o "$ret" = "/boot" -o "$ret" = "/boot/efi"
fi
-if "$bootctl" -R > /dev/null ; then
+if "$bootctl" -R >/dev/null ; then
P=$("$bootctl" -R)
PP=$("$bootctl" -RR)
trap cleanup EXIT
-cat > /run/systemd/system/"$UNIT" <<EOF
+cat >/run/systemd/system/"$UNIT" <<EOF
[Service]
ExecStart=true
RemainAfterExit=yes
assert_eq "$(systemctl show -P NeedDaemonReload "$UNIT")" no
mkdir /run/systemd/system/"$UNIT".d
-cat > /run/systemd/system/"$UNIT".d/desc.conf <<EOF
+cat >/run/systemd/system/"$UNIT".d/desc.conf <<EOF
[Unit]
Description=Test NeedDaemonReload status after creating drop-in
EOF
trap cleanup EXIT
-cat > /run/systemd/system/"$UNIT" <<EOF
+cat >/run/systemd/system/"$UNIT" <<EOF
[Service]
ExecStart=true
EOF
mkdir /run/systemd/system/"$UNIT".d
-cat > /run/systemd/system/"$UNIT".d/desc.conf <<EOF
+cat >/run/systemd/system/"$UNIT".d/desc.conf <<EOF
[Unit]
Description=Test NeedDaemonReload status of a masked unit with drop-ins
EOF
}
trap at_exit EXIT
-cat << EOF > /run/systemd/system/mqueue-ownership.socket
+cat <<EOF >/run/systemd/system/mqueue-ownership.socket
[Unit]
Description=Create a message queue with customized ownership
[Socket]
SocketMode=$mode
EOF
-cat << 'EOF' > /run/systemd/system/mqueue-ownership.service
+cat <<EOF >/run/systemd/system/mqueue-ownership.service
[Unit]
Description=Dummy service for the socket unit
Requires=%N.socket
# server side, to not generate early SIGHUP. Hence, let's just invoke "sleep
# infinity" client side, once we acquired the fd (passing it to it), and kill
# it once we verified everything worked.
-PID=$(systemd-notify --fork -- varlinkctl --exec call /run/systemd/machine/io.systemd.Machine io.systemd.Machine.Open '{"name": ".host", "mode": "shell", "user": "root", "path": "/usr/bin/bash", "args": ["bash", "-c", "echo $FOO > /tmp/none-existent-file"], "environment": ["FOO=BAR"]}' -- sleep infinity)
+PID=$(systemd-notify --fork -- varlinkctl --exec call /run/systemd/machine/io.systemd.Machine io.systemd.Machine.Open '{"name": ".host", "mode": "shell", "user": "root", "path": "/usr/bin/bash", "args": ["bash", "-c", "echo $FOO >/tmp/none-existent-file"], "environment": ["FOO=BAR"]}' -- sleep infinity)
timeout 30 bash -c "until test -e /tmp/none-existent-file; do sleep .5; done"
grep -q "BAR" /tmp/none-existent-file
kill "$PID"
(! varlinkctl call /run/systemd/machine/io.systemd.Machine io.systemd.Machine.CopyTo '{"name": "long-running", "source": "/tmp/foo", "destination": "/root/foo"}') # FileExists
varlinkctl call /run/systemd/machine/io.systemd.Machine io.systemd.Machine.CopyTo '{"name": "long-running", "source": "/tmp/foo", "destination": "/root/foo", "replace": true}'
-echo "sample-test-output" > /tmp/foo
+echo "sample-test-output" >/tmp/foo
varlinkctl call /run/systemd/machine/io.systemd.Machine io.systemd.Machine.CopyTo '{"name": "long-running", "source": "/tmp/foo", "destination": "/root/foo", "replace": true}'
diff /tmp/foo /var/lib/machines/long-running/root/foo
rm -f /tmp/foo /var/lib/machines/long-running/root/foo
assert_not_in 'kurps' "$(run0 --pipe -u testuser machinectl --user list-images)"
mkdir /home/testuser/.local/state/machines/inodetest
-echo hallo > /home/testuser/.local/state/machines/inodetest/testfile
+echo hallo >/home/testuser/.local/state/machines/inodetest/testfile
# Make the file sparse, set an xattr, set an ACL, set a chattr flag, and make it hardlink
ln /home/testuser/.local/state/machines/inodetest/testfile /home/testuser/.local/state/machines/inodetest/testfile.hard
ls -al /home/testuser/.local/state/machines/inodetest
# Verify UID squashing
-echo gaga > /home/testuser/.local/state/machines/inodetest/squashtest
+echo gaga >/home/testuser/.local/state/machines/inodetest/squashtest
chown 1000:1000 /home/testuser/.local/state/machines/inodetest/squashtest
# Ensure hardlinked symlinks work
# Test tree mangling (i.e. moving the root dir one level up on extract)
mkdir -p /var/tmp/mangletest/mangletest-0.1/usr/lib
-echo "ID=brumm" > /var/tmp/mangletest/mangletest-0.1/usr/lib/os-release
+echo "ID=brumm" >/var/tmp/mangletest/mangletest-0.1/usr/lib/os-release
tar -C /var/tmp/mangletest/ -cvzf /var/tmp/mangletest.tar.gz mangletest-0.1
run0 --pipe -u testuser importctl -m --user import-tar /var/tmp/mangletest.tar.gz
cmp /var/tmp/mangletest/mangletest-0.1/usr/lib/os-release /home/testuser/.local/state/machines/mangletest/usr/lib/os-release
-u runtime-max-sec-test-3.service \
sh -c "while true; do sleep 1; done"
mkdir -p /etc/systemd/system/runtime-max-sec-test-3.service.d/
-cat > /etc/systemd/system/runtime-max-sec-test-3.service.d/override.conf << EOF
+cat >/etc/systemd/system/runtime-max-sec-test-3.service.d/override.conf <<EOF
[Service]
RuntimeMaxSec=${runtime_max_sec}s
EOF
sleep 1
done
mkdir -p /etc/systemd/system/runtime-max-sec-test-4.scope.d/
-cat > /etc/systemd/system/runtime-max-sec-test-4.scope.d/override.conf << EOF
+cat >/etc/systemd/system/runtime-max-sec-test-4.scope.d/override.conf <<EOF
[Scope]
RuntimeMaxSec=${runtime_max_sec}s
EOF
trap at_exit EXIT
mkdir -p /run/credstore
-cat > /run/credstore/udev.conf.50-testme <<EOF
+cat >/run/credstore/udev.conf.50-testme <<EOF
udev_log=debug
EOF
-cat > /run/credstore/udev.rules.50-testme <<EOF
+cat >/run/credstore/udev.rules.50-testme <<EOF
SUBSYSTEM=="net", OPTIONS="log_level=debug"
EOF
test ! -e /tmp/C/4
touch /tmp/C/3-origin/f{2,3,4}
-echo -n ABC > /tmp/C/3/f1
+echo -n ABC >/tmp/C/3/f1
systemd-tmpfiles --create - <<EOF
C+ /tmp/C/3 0755 daemon daemon - /tmp/C/3-origin
trap at_exit EXIT
mkdir /tmp/test-extra-fd
-echo "Hello" > /tmp/test-extra-fd/1.txt
-echo "Extra" > /tmp/test-extra-fd/2.txt
+echo "Hello" >/tmp/test-extra-fd/1.txt
+echo "Extra" >/tmp/test-extra-fd/2.txt
# Open files and assign FD to variables
exec {TEST_FD1}</tmp/test-extra-fd/1.txt
# The wrong file should be ignored, given the right one has the xattr set
trap 'rm -rf /var/cache/wrongext' EXIT
mkdir -p /var/cache/wrongext/usr/lib/extension-release.d /var/cache/wrongext/usr/lib/systemd/system/
-echo "[Service]" > /var/cache/wrongext/usr/lib/systemd/system/app0.service
+echo "[Service]" >/var/cache/wrongext/usr/lib/systemd/system/app0.service
touch /var/cache/wrongext/usr/lib/extension-release.d/extension-release.wrongext_somethingwrong.txt
cp /tmp/rootdir/usr/lib/os-release /var/cache/wrongext/usr/lib/extension-release.d/extension-release.app0
setfattr -n user.extension-release.strict -v "false" /var/cache/wrongext/usr/lib/extension-release.d/extension-release.app0
TRANSIENTUNIT="capwakealarm$RANDOM.service"
SCRIPT="/tmp/capwakealarm$RANDOM.sh"
- cat > /etc/pam.d/"$PAMSERVICE" <<EOF
+ cat >/etc/pam.d/"$PAMSERVICE" <<EOF
auth sufficient pam_unix.so
auth required pam_deny.so
account sufficient pam_unix.so
trap background_at_return RETURN
- cat > /etc/pam.d/"$PAMSERVICE" <<EOF
+ cat >/etc/pam.d/"$PAMSERVICE" <<EOF
auth sufficient pam_unix.so
auth required pam_deny.so
account sufficient pam_unix.so
read -r SHA256SUM1 _ < <(systemd-dissect --copy-from /tmp/img etc/os-release | sha256sum)
test "$SHA256SUM1" != ""
-echo abc > abc
+echo abc >abc
systemd-dissect --copy-to /tmp/img abc /abc
test -f /tmp/img/abc
# Make sure nspawn works unpriv, too (for now do not nest)
if ! systemd-detect-virt -c; then
- systemd-nspawn --pipe -i /var/tmp/unpriv.raw --read-only echo thisisatest > /tmp/unpriv.out
+ systemd-nspawn --pipe -i /var/tmp/unpriv.raw --read-only echo thisisatest >/tmp/unpriv.out
echo thisisatest | cmp /tmp/unpriv.out -
# The unpriv user has no rights to lock the image or write to it. Let's
# Decrypt/encrypt via varlink
DATA="Zm9vYmFyCg=="
-echo "{\"data\":\"$DATA\"}" > /tmp/vlcredsdata
+echo "{\"data\":\"$DATA\"}" >/tmp/vlcredsdata
varlinkctl call /run/systemd/io.systemd.Credentials io.systemd.Credentials.Encrypt "$(cat /tmp/vlcredsdata)" | \
- varlinkctl call --json=short /run/systemd/io.systemd.Credentials io.systemd.Credentials.Decrypt > /tmp/vlcredsdata2
+ varlinkctl call --json=short /run/systemd/io.systemd.Credentials io.systemd.Credentials.Decrypt >/tmp/vlcredsdata2
cmp /tmp/vlcredsdata /tmp/vlcredsdata2
rm /tmp/vlcredsdata2
# Pick a key type explicitly
varlinkctl call /run/systemd/io.systemd.Credentials io.systemd.Credentials.Encrypt "{\"data\":\"$DATA\",\"withKey\":\"host\"}" | \
- varlinkctl call --json=short /run/systemd/io.systemd.Credentials io.systemd.Credentials.Decrypt > /tmp/vlcredsdata2
+ varlinkctl call --json=short /run/systemd/io.systemd.Credentials io.systemd.Credentials.Decrypt >/tmp/vlcredsdata2
cmp /tmp/vlcredsdata /tmp/vlcredsdata2
rm /tmp/vlcredsdata2
varlinkctl call /run/systemd/io.systemd.Credentials io.systemd.Credentials.Encrypt "{\"data\":\"$DATA\",\"withKey\":\"null\"}" | \
jq '.["allowNull"] = true' |
- varlinkctl call --json=short /run/systemd/io.systemd.Credentials io.systemd.Credentials.Decrypt > /tmp/vlcredsdata2
+ varlinkctl call --json=short /run/systemd/io.systemd.Credentials io.systemd.Credentials.Decrypt >/tmp/vlcredsdata2
cmp /tmp/vlcredsdata /tmp/vlcredsdata2
rm /tmp/vlcredsdata /tmp/vlcredsdata2
systemctl start test63-pr-30768.path
exec {lock}<>/tmp/noexit
flock -e $lock
-echo test1 > /tmp/copyme
+echo test1 >/tmp/copyme
# shellcheck disable=SC2016
timeout 30 bash -c 'until test "$(systemctl show test63-pr-30768.service -P ActiveState)" = deactivating; do sleep .2; done'
diff /tmp/copyme /tmp/copied
-echo test2 > /tmp/copyme
+echo test2 >/tmp/copyme
exec {lock}<&-
timeout 30 bash -c 'until diff /tmp/copyme /tmp/copied >/dev/null; do sleep .2; done'
export SYSTEMD_LOG_LEVEL=debug
# Ensure that sandboxing doesn't stop creds from being accessible
-echo "test" > /tmp/testdata
+echo "test" >/tmp/testdata
systemd-creds encrypt /tmp/testdata /tmp/testdata.encrypted --with-key=tpm2
# LoadCredentialEncrypted
systemd-run -p PrivateDevices=yes -p LoadCredentialEncrypted=testdata.encrypted:/tmp/testdata.encrypted --pipe --wait systemd-creds cat testdata.encrypted | cmp - /tmp/testdata
tpm2_pcrread -Q -o /tmp/pcr.dat sha256:12
CURRENT_PCR_VALUE=$(cat /sys/class/tpm/tpm0/pcr-sha256/12)
tpm2_readpublic -c 0x81000001 -o /tmp/srk.pub
- systemd-analyze srk > /tmp/srk2.pub
+ systemd-analyze srk >/tmp/srk2.pub
cmp /tmp/srk.pub /tmp/srk2.pub
if [ -f /run/systemd/tpm2-srk-public-key.tpm2b_public ] ; then
cmp /tmp/srk.pub /run/systemd/tpm2-srk-public-key.tpm2b_public
# Make sure that --tpm2-device-key= also works with systemd-repart
tpm2_readpublic -c 0x81000001 -o /tmp/srk.pub
mkdir /tmp/dditest
- cat > /tmp/dditest/50-root.conf <<EOF
+ cat >/tmp/dditest/50-root.conf <<EOF
[Partition]
Type=root
Format=ext4
tpm2_pcrread sha256:11 -Q -o /tmp/oldpcr11
# Do the equivalent of 'SYSTEMD_FORCE_MEASURE=1 "$SD_PCREXTEND" foobar' via Varlink, just to test the Varlink logic (but first we need to patch out the conditionalization...)
mkdir -p /run/systemd/system/systemd-pcrextend.socket.d
-cat > /run/systemd/system/systemd-pcrextend.socket.d/50-no-condition.conf <<EOF
+cat >/run/systemd/system/systemd-pcrextend.socket.d/50-no-condition.conf <<EOF
[Unit]
# Turn off all conditions */
ConditionSecurity=
# Exercise Varlink API a bit (but first turn off condition)
mkdir -p /run/systemd/system/systemd-pcrlock.socket.d
-cat > /run/systemd/system/systemd-pcrlock.socket.d/50-no-condition.conf <<EOF
+cat >/run/systemd/system/systemd-pcrlock.socket.d/50-no-condition.conf <<EOF
[Unit]
# Turn off all conditions
ConditionSecurity=
rm "$ROOT/etc/vconsole.conf"
# this should be a NOP, given that stdout is connected to /dev/null, and hence not a VT
- systemd-firstboot --root="$ROOT" --prompt-keymap-auto > /dev/null
+ systemd-firstboot --root="$ROOT" --prompt-keymap-auto >/dev/null
fi
echo -ne "Europe/Berlin\n" | systemd-firstboot --root="$ROOT" --prompt-timezone
readlink "$ROOT/etc/localtime" | grep -q "Europe/Berlin$"
verify_pkcs7() {
# Verify using internal certificate
- openssl smime -verify -binary -inform der -in /tmp/payload.p7s -content /tmp/payload -noverify > /dev/null
+ openssl smime -verify -binary -inform der -in /tmp/payload.p7s -content /tmp/payload -noverify >/dev/null
# Verify using external (original) certificate
- openssl smime -verify -binary -inform der -in /tmp/payload.p7s -content /tmp/payload -noverify -certfile /tmp/test.crt -nointern > /dev/null
+ openssl smime -verify -binary -inform der -in /tmp/payload.p7s -content /tmp/payload -noverify -certfile /tmp/test.crt -nointern >/dev/null
}
verify_pkcs7_fail() {
# Verify using internal certificate
- (! openssl smime -verify -binary -inform der -in /tmp/payload.p7s -content /tmp/payload -noverify > /dev/null)
+ (! openssl smime -verify -binary -inform der -in /tmp/payload.p7s -content /tmp/payload -noverify >/dev/null)
# Verify using external (original) certificate
- (! openssl smime -verify -binary -inform der -in /tmp/payload.p7s -content /tmp/payload -noverify -certfile /tmp/test.crt -nointern > /dev/null)
+ (! openssl smime -verify -binary -inform der -in /tmp/payload.p7s -content /tmp/payload -noverify -certfile /tmp/test.crt -nointern >/dev/null)
}
testcase_pkcs7() {
- echo -n "test" > /tmp/payload
+ echo -n "test" >/tmp/payload
for hashalg in sha256 sha384 sha512; do
# shellcheck disable=SC2086
trap at_exit EXIT
mkdir -p /run/credstore
-cat > /run/credstore/network.conf.50-testme <<EOF
+cat >/run/credstore/network.conf.50-testme <<EOF
[Network]
SpeedMeter=yes
EOF
-cat > /run/credstore/network.network.50-testme <<EOF
+cat >/run/credstore/network.network.50-testme <<EOF
[Match]
Property=IDONTEXIST
EOF
varlinkctl call /run/systemd/io.systemd.Hostname io.systemd.Hostname.Describe '{}'
# Validate that --exec results in the very same values
-varlinkctl call /run/systemd/io.systemd.Hostname io.systemd.Hostname.Describe '{}' | jq > /tmp/describe1.json
-varlinkctl --exec call /run/systemd/io.systemd.Hostname io.systemd.Hostname.Describe '{}' -- jq > /tmp/describe2.json
+varlinkctl call /run/systemd/io.systemd.Hostname io.systemd.Hostname.Describe '{}' | jq >/tmp/describe1.json
+varlinkctl --exec call /run/systemd/io.systemd.Hostname io.systemd.Hostname.Describe '{}' -- jq >/tmp/describe2.json
cmp /tmp/describe1.json /tmp/describe2.json
rm /tmp/describe1.json /tmp/describe2.json
echo "[NetDev]"
echo "Name=dns2"
echo "Kind=dummy"
- } > /run/systemd/network/10-dns2.netdev
+ } >/run/systemd/network/10-dns2.netdev
{
echo "[Match]"
echo "Name=dns2"
echo "IPv6AcceptRA=no"
echo "Address=10.123.0.1/24"
echo "DNS=10.0.0.1"
- } > /run/systemd/network/10-dns2.network
+ } >/run/systemd/network/10-dns2.network
networkctl reload
networkctl reconfigure dns2
echo "[Resolve]"
echo "DNSSEC=no"
echo "DNSOverTLS=no"
- } > /run/systemd/resolved.conf.d/90-resolved.conf
+ } >/run/systemd/resolved.conf.d/90-resolved.conf
systemctl reload systemd-resolved.service
test "$(resolvectl show-cache --json=short | jq -rc '.[] | select(.ifname == "dns2" and .protocol == "dns") | .dnssec')" == 'no'
echo "[Resolve]"
echo "DNSSEC=allow-downgrade"
echo "DNSOverTLS=opportunistic"
- } > /run/systemd/resolved.conf.d/90-resolved.conf
+ } >/run/systemd/resolved.conf.d/90-resolved.conf
systemctl reload systemd-resolved.service
test "$(resolvectl show-cache --json=short | jq -rc '.[] | select(.ifname == "dns2" and .protocol == "dns") | .dnssec')" == 'allow-downgrade'
}
sync_out() {
- echo "$1" > /tmp/syncfifo2
+ echo "$1" >/tmp/syncfifo2
}
export SYSTEMD_LOG_LEVEL=debug
trap at_exit EXIT
mkdir /tmp/validatefs-test
-cat > /tmp/validatefs-test/validatefs-root.conf <<EOF
+cat >/tmp/validatefs-test/validatefs-root.conf <<EOF
[Partition]
Type=root
Label=kromm
Format=ext4
EOF
-cat > /tmp/validatefs-test/validatefs-usr.conf <<EOF
+cat >/tmp/validatefs-test/validatefs-usr.conf <<EOF
[Partition]
Type=usr
Label=plisch
VerityMatchKey=mupf
EOF
-cat > /tmp/validatefs-test/validatefs-usr-verity.conf <<EOF
+cat >/tmp/validatefs-test/validatefs-usr-verity.conf <<EOF
[Partition]
Type=usr-verity
Label=plisch-verity
VerityMatchKey=mupf
EOF
-cat > /tmp/validatefs-test/validatefs-home.conf <<EOF
+cat >/tmp/validatefs-test/validatefs-home.conf <<EOF
[Partition]
Type=home
Label=rupft
Format=ext4
EOF
-cat > /tmp/validatefs-test/validatefs-esp.conf <<EOF
+cat >/tmp/validatefs-test/validatefs-esp.conf <<EOF
[Partition]
Type=esp
Label=fumm
Format=vfat
EOF
-cat > /tmp/validatefs-test/validatefs-generic.conf <<EOF
+cat >/tmp/validatefs-test/validatefs-generic.conf <<EOF
[Partition]
Label=qnurx
Type=linux-generic
projects / thirdparty / systemd.git / commitdiff
