test: add test case for verity deferred removal without sharing

I recently found out (the hard way) that on an older version
there was a bug when the verity sharing is disabled: the
deferred close flag was not set correctly, so verity devices
were leaked.

This is not an issue in main currently, but add a test case
to cover it just in case, to avoid future regressions.

diff --git a/test/units/TEST-50-DISSECT.dissect.sh b/test/units/TEST-50-DISSECT.dissect.sh
index f6e5c07bc938a8305ef8383c5a2825a14d9c999c..6eac920c8d774613e42618d2efb32dbd83db63de 100755 (executable)
--- a/test/units/TEST-50-DISSECT.dissect.sh
+++ b/test/units/TEST-50-DISSECT.dissect.sh
@@ -78,6 +78,17 @@ fi
 systemd-dissect --umount "$IMAGE_DIR/mount"
 systemd-dissect --umount "$IMAGE_DIR/mount2"
 
+# Ensure the deferred close flag is set up correctly and we don't leak verity devices
+# when sharing is disabled
+set +o pipefail
+# The devices are named 'loopXYZ-verity' when sharing is disabled
+n_before=$(dmsetup ls | grep loop | grep -c verity || true)
+SYSTEMD_VERITY_SHARING=0 systemd-dissect --mount "$MINIMAL_IMAGE.raw" "$IMAGE_DIR/mount"
+test $((n_before + 1)) -eq "$(dmsetup ls | grep loop | grep -c verity || true)"
+umount -R "$IMAGE_DIR/mount"
+test "$n_before" -eq "$(dmsetup ls | grep loop | grep -c verity || true)"
+set -o pipefail
+
 # Test BindLogSockets=
 systemd-run --wait -p RootImage="$MINIMAL_IMAGE.raw" mountpoint /run/systemd/journal/socket
 (! systemd-run --wait -p RootImage="$MINIMAL_IMAGE.raw" -p BindLogSockets=no ls /run/systemd/journal/socket)