From: Zbigniew Jędrzejewski-Szmek Date: Wed, 5 Apr 2023 13:50:42 +0000 (+0200) Subject: test: drop uses of "&& { echo 'unexpected success'; exit 1; }" X-Git-Tag: v254-rc1~645^2~3 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=128db0aa0098b58b415065c2955f9abc7fc967e1;p=thirdparty%2Fsystemd.git test: drop uses of "&& { echo 'unexpected success'; exit 1; }" Brief is sweet. --- diff --git a/test/units/testsuite-03.sh b/test/units/testsuite-03.sh index 1d4bf3aaaaf..289d8dac284 100755 --- a/test/units/testsuite-03.sh +++ b/test/units/testsuite-03.sh @@ -34,11 +34,11 @@ grep 'hello\.service' /root/list-jobs.txt && exit 1 systemctl stop sleep.service hello-after-sleep.target # Some basic testing that --show-transaction does something useful -systemctl is-active systemd-importd && { echo 'unexpected success'; exit 1; } +(! systemctl is-active systemd-importd) systemctl -T start systemd-importd systemctl is-active systemd-importd systemctl --show-transaction stop systemd-importd -systemctl is-active systemd-importd && { echo 'unexpected success'; exit 1; } +(! systemctl is-active systemd-importd) # Test for a crash when enqueuing a JOB_NOP when other job already exists systemctl start --no-block hello-after-sleep.target @@ -95,7 +95,7 @@ ELAPSED=$((END_SEC-START_SEC)) # wait5fail fails, so systemctl should fail START_SEC=$(date -u '+%s') -systemctl start --wait wait2.service wait5fail.service && { echo 'unexpected success'; exit 1; } +(! systemctl start --wait wait2.service wait5fail.service) END_SEC=$(date -u '+%s') ELAPSED=$((END_SEC-START_SEC)) [[ "$ELAPSED" -ge 5 ]] && [[ "$ELAPSED" -le 7 ]] || exit 1 diff --git a/test/units/testsuite-04.sh b/test/units/testsuite-04.sh index 4893141fed9..2a9b67949c3 100755 --- a/test/units/testsuite-04.sh +++ b/test/units/testsuite-04.sh @@ -74,10 +74,10 @@ journalctl -b -o export --output-fields=MESSAGE,FOO --output-fields=PRIORITY,MES grep -q '^__CURSOR=' /output grep -q '^MESSAGE=foo$' /output grep -q '^PRIORITY=6$' /output -grep '^FOO=' /output && { echo 'unexpected success'; exit 1; } -grep '^SYSLOG_FACILITY=' /output && { echo 'unexpected success'; exit 1; } +(! grep '^FOO=' /output) +(! grep '^SYSLOG_FACILITY=' /output) -# `-b all` negates earlier use of -b (-b and -m are otherwise exclusive) +# '-b all' negates earlier use of -b (-b and -m are otherwise exclusive) journalctl -b -1 -b all -m >/dev/null # -b always behaves like -b0 diff --git a/test/units/testsuite-18.sh b/test/units/testsuite-18.sh index e9d7c5bfc87..44b792f0031 100755 --- a/test/units/testsuite-18.sh +++ b/test/units/testsuite-18.sh @@ -4,7 +4,7 @@ set -eux set -o pipefail systemd-run --wait -p FailureAction=poweroff true -systemd-run --wait -p SuccessAction=poweroff false && { echo 'unexpected success'; exit 1; } +(! systemd-run --wait -p SuccessAction=poweroff false) if ! test -f /firstphase ; then echo OK >/firstphase diff --git a/test/units/testsuite-20.sh b/test/units/testsuite-20.sh index 5493b0df9b0..6ce992f41ac 100755 --- a/test/units/testsuite-20.sh +++ b/test/units/testsuite-20.sh @@ -128,16 +128,16 @@ chmod 755 /dev/shm/test-mainpid3.sh # This has to fail, as we shouldn't accept the dangerous PID file, and then # inotify-wait on it to be corrected which we never do. -systemd-run --unit=test-mainpidsh3.service \ - -p StandardOutput=tty \ - -p StandardError=tty \ - -p Type=forking \ - -p RuntimeDirectory=mainpidsh3 \ - -p PIDFile=/run/mainpidsh3/pid \ - -p DynamicUser=1 \ - -p TimeoutStartSec=2s \ - /dev/shm/test-mainpid3.sh \ - && { echo 'unexpected success'; exit 1; } +(! systemd-run \ + --unit=test-mainpidsh3.service \ + -p StandardOutput=tty \ + -p StandardError=tty \ + -p Type=forking \ + -p RuntimeDirectory=mainpidsh3 \ + -p PIDFile=/run/mainpidsh3/pid \ + -p DynamicUser=1 \ + -p TimeoutStartSec=2s \ + /dev/shm/test-mainpid3.sh) # Test that this failed due to timeout, and not some other error test "$(systemctl show -P Result test-mainpidsh3.service)" = timeout diff --git a/test/units/testsuite-22.03.sh b/test/units/testsuite-22.03.sh index a9df3d6bdd5..6fce4c07053 100755 --- a/test/units/testsuite-22.03.sh +++ b/test/units/testsuite-22.03.sh @@ -38,7 +38,7 @@ test "$(stat -c %U:%G:%a /tmp/f/1)" = "daemon:daemon:666" mkfifo /tmp/f/fifo chmod 644 /tmp/f/fifo -systemd-tmpfiles --create - </tmp/F/rw-fs/foo -systemd-tmpfiles --create - </tmp/F/rw-fs/foo -systemd-tmpfiles --create - < fails. -systemd-tmpfiles --create - </testok diff --git a/test/units/testsuite-33.sh b/test/units/testsuite-33.sh index 9fb17a50c93..c9bd66e2688 100755 --- a/test/units/testsuite-33.sh +++ b/test/units/testsuite-33.sh @@ -33,7 +33,7 @@ test -d /var/lib/test-service test -d /var/cache/test-service test -d /var/log/test-service -systemctl clean test-service && { echo 'unexpected success'; exit 1; } +(! systemctl clean test-service) systemctl stop test-service @@ -108,7 +108,7 @@ test -L /var/lib/test-service test -L /var/cache/test-service test -L /var/log/test-service -systemctl clean test-service && { echo 'unexpected success'; exit 1; } +(! systemctl clean test-service) systemctl stop test-service @@ -197,7 +197,7 @@ test -d /var/lib/hoge test -d /var/cache/hoge test -d /var/log/hoge -systemctl clean tmp-hoge.mount && { echo 'unexpected success'; exit 1; } +(! systemctl clean tmp-hoge.mount) test -d /etc/hoge test -d /run/hoge @@ -273,7 +273,7 @@ test -d /var/lib/test-socket test -d /var/cache/test-socket test -d /var/log/test-socket -systemctl clean test-service.socket && { echo 'unexpected success'; exit 1; } +(! systemctl clean test-service.socket) systemctl stop test-service.socket diff --git a/test/units/testsuite-34.sh b/test/units/testsuite-34.sh index 2172f7434b8..0bc3adc9b40 100755 --- a/test/units/testsuite-34.sh +++ b/test/units/testsuite-34.sh @@ -22,8 +22,7 @@ test_directory() { systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=0 -p "${directory}"=zzz:yyy test -f "${path}"/yyy/test systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=0 -p "${directory}=zzz:xxx zzz:xxx2" -p TemporaryFileSystem="${path}" bash -c "test -f ${path}/xxx/test && test -f ${path}/xxx2/test" systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=0 -p "${directory}"=zzz:xxx -p TemporaryFileSystem="${path}":ro test -f "${path}"/xxx/test - systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=0 -p "${directory}"=zzz test -f "${path}"/zzz/test-missing \ - && { echo 'unexpected success'; exit 1; } + (! systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=0 -p "${directory}"=zzz test -f "${path}"/zzz/test-missing) test -d "${path}"/zzz test ! -L "${path}"/zzz @@ -47,8 +46,7 @@ test_directory() { systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=1 -p "${directory}=zzz:xxx zzz:xxx2" \ -p TemporaryFileSystem="${path}" -p EnvironmentFile=-/usr/lib/systemd/systemd-asan-env bash -c "test -f ${path}/xxx/test && test -f ${path}/xxx2/test" systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=1 -p "${directory}"=zzz:xxx -p TemporaryFileSystem="${path}":ro test -f "${path}"/xxx/test - systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=1 -p "${directory}"=zzz test -f "${path}"/zzz/test-missing \ - && { echo 'unexpected success'; exit 1; } + (! systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=1 -p "${directory}"=zzz test -f "${path}"/zzz/test-missing) test -L "${path}"/zzz test -d "${path}"/private/zzz @@ -71,8 +69,7 @@ test_directory() { systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=0 -p "${directory}"=zzz:xxx -p TemporaryFileSystem="${path}" test -f "${path}"/xxx/test systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=0 -p "${directory}=zzz:xxx zzz:xxx2" -p TemporaryFileSystem="${path}" bash -c "test -f ${path}/xxx/test && test -f ${path}/xxx2/test" systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=0 -p "${directory}"=zzz:xxx -p TemporaryFileSystem="${path}":ro test -f "${path}"/xxx/test - systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=0 -p "${directory}"=zzz test -f "${path}"/zzz/test-missing \ - && { echo 'unexpected success'; exit 1; } + (! systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=0 -p "${directory}"=zzz test -f "${path}"/zzz/test-missing) test -d "${path}"/zzz test ! -L "${path}"/zzz diff --git a/test/units/testsuite-39.sh b/test/units/testsuite-39.sh index 5b77bbbaf17..dbeb1df8947 100755 --- a/test/units/testsuite-39.sh +++ b/test/units/testsuite-39.sh @@ -20,7 +20,7 @@ systemctl daemon-reload systemctl start "$SERVICE_NAME" systemctl status "$SERVICE_NAME" # The reload SHOULD fail but SHOULD NOT affect the service state -systemctl reload "$SERVICE_NAME" && { echo 'unexpected success'; exit 1; } +(! systemctl reload "$SERVICE_NAME") systemctl status "$SERVICE_NAME" systemctl stop "$SERVICE_NAME" @@ -38,7 +38,7 @@ systemctl daemon-reload systemctl start "$SERVICE_NAME" systemctl status "$SERVICE_NAME" # The reload SHOULD fail but SHOULD NOT affect the service state -systemctl reload "$SERVICE_NAME" && { echo 'unexpected success'; exit 1; } +(! systemctl reload "$SERVICE_NAME") systemctl status "$SERVICE_NAME" systemctl stop "$SERVICE_NAME" diff --git a/test/units/testsuite-41.sh b/test/units/testsuite-41.sh index a82258821f4..a6ae7bc0107 100755 --- a/test/units/testsuite-41.sh +++ b/test/units/testsuite-41.sh @@ -9,15 +9,14 @@ MAX_SECS=60 systemd-analyze log-level debug # test one: Restart=on-failure should restart the service -systemd-run --unit=one -p Type=oneshot -p Restart=on-failure /bin/bash -c "exit 1" \ - && { echo 'unexpected success'; exit 1; } +(! systemd-run --unit=one -p Type=oneshot -p Restart=on-failure /bin/bash -c "exit 1") for ((secs = 0; secs < MAX_SECS; secs++)); do - [[ "$(systemctl show one.service -P NRestarts)" -le 0 ]] || break - sleep 1 + [[ "$(systemctl show one.service -P NRestarts)" -le 0 ]] || break + sleep 1 done if [[ "$(systemctl show one.service -P NRestarts)" -le 0 ]]; then - exit 1 + exit 1 fi TMP_FILE="/tmp/test-41-oneshot-restart-test" @@ -26,27 +25,26 @@ TMP_FILE="/tmp/test-41-oneshot-restart-test" # test two: make sure StartLimitBurst correctly limits the number of restarts # and restarts execution of the unit from the first ExecStart= -systemd-run --unit=two \ - -p StartLimitIntervalSec=120 \ - -p StartLimitBurst=3 \ - -p Type=oneshot \ - -p Restart=on-failure \ - -p ExecStart="/bin/bash -c \"printf a >>$TMP_FILE\"" /bin/bash -c "exit 1" \ - && { echo 'unexpected success'; exit 1; } +(! systemd-run --unit=two \ + -p StartLimitIntervalSec=120 \ + -p StartLimitBurst=3 \ + -p Type=oneshot \ + -p Restart=on-failure \ + -p ExecStart="/bin/bash -c \"printf a >>$TMP_FILE\"" /bin/bash -c "exit 1") # wait for at least 3 restarts for ((secs = 0; secs < MAX_SECS; secs++)); do - [[ $(cat $TMP_FILE) != "aaa" ]] || break - sleep 1 + [[ $(cat $TMP_FILE) != "aaa" ]] || break + sleep 1 done if [[ $(cat $TMP_FILE) != "aaa" ]]; then - exit 1 + exit 1 fi # wait for 5 more seconds to make sure there aren't excess restarts sleep 5 if [[ $(cat $TMP_FILE) != "aaa" ]]; then - exit 1 + exit 1 fi systemd-analyze log-level info diff --git a/test/units/testsuite-42.sh b/test/units/testsuite-42.sh index 9476df86dde..b78d5b7a435 100755 --- a/test/units/testsuite-42.sh +++ b/test/units/testsuite-42.sh @@ -4,18 +4,20 @@ set -eux systemd-analyze log-level debug -systemd-run --unit=simple1.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=simple -p ExecStopPost='/bin/touch /run/simple1' true +systemd-run --unit=simple1.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=simple \ + -p ExecStopPost='/bin/touch /run/simple1' true test -f /run/simple1 -systemd-run --unit=simple2.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=simple -p ExecStopPost='/bin/touch /run/simple2' false \ - && { echo 'unexpected success'; exit 1; } +(! systemd-run --unit=simple2.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=simple \ + -p ExecStopPost='/bin/touch /run/simple2' false) test -f /run/simple2 -systemd-run --unit=exec1.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=exec -p ExecStopPost='/bin/touch /run/exec1' sleep 1 +systemd-run --unit=exec1.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=exec \ + -p ExecStopPost='/bin/touch /run/exec1' sleep 1 test -f /run/exec1 -systemd-run --unit=exec2.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=exec -p ExecStopPost='/bin/touch /run/exec2' sh -c 'sleep 1; false' \ - && { echo 'unexpected success'; exit 1; } +(! systemd-run --unit=exec2.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=exec \ + -p ExecStopPost='/bin/touch /run/exec2' sh -c 'sleep 1; false') test -f /run/exec2 cat >/tmp/forking1.sh </tmp/forking2.sh </tmp/forking2.sh </tmp/notify1.sh </proc/sys/user/max_user_namespaces" \ - && { echo 'unexpected success'; exit 1; } + sh -c "echo 0 >/proc/sys/user/max_user_namespaces") -runas testuser systemd-run --wait --user --unit=test-kernel-mod \ +(! runas testuser systemd-run --wait --user --unit=test-kernel-mod \ -p ProtectKernelModules=yes \ - sh -c "modprobe -r overlay && modprobe overlay" \ - && { echo 'unexpected success'; exit 1; } + sh -c "modprobe -r overlay && modprobe overlay") if sysctl kernel.dmesg_restrict=0; then - runas testuser systemd-run --wait --user --unit=test-kernel-log \ + (! runas testuser systemd-run --wait --user --unit=test-kernel-log \ -p ProtectKernelLogs=yes -p LogNamespace=yes \ - dmesg \ - && { echo 'unexpected success'; exit 1; } + dmesg) fi unsquashfs -no-xattrs -d /tmp/img /usr/share/minimal_0.raw diff --git a/test/units/testsuite-44.sh b/test/units/testsuite-44.sh index 49c240ff8e4..da779a6901c 100755 --- a/test/units/testsuite-44.sh +++ b/test/units/testsuite-44.sh @@ -11,7 +11,7 @@ journalctl -o cat --namespace=foobar >/tmp/hello-world journalctl -o cat >/tmp/no-hello-world grep "^hello world$" /tmp/hello-world -grep "^hello world$" /tmp/no-hello-world && { echo 'unexpected success'; exit 1; } +(! grep "^hello world$" /tmp/no-hello-world) systemd-analyze log-level info diff --git a/test/units/testsuite-46.sh b/test/units/testsuite-46.sh index 84a1d1d9d90..46ee34b7338 100755 --- a/test/units/testsuite-46.sh +++ b/test/units/testsuite-46.sh @@ -153,14 +153,12 @@ if ! systemd-detect-virt -cq ; then fi PASSWORD=xEhErW0ndafV4s homectl with test-user -- test ! -f /home/test-user/xyz -PASSWORD=xEhErW0ndafV4s homectl with test-user -- test -f /home/test-user/xyz \ - && { echo 'unexpected success'; exit 1; } +(! PASSWORD=xEhErW0ndafV4s homectl with test-user -- test -f /home/test-user/xyz) PASSWORD=xEhErW0ndafV4s homectl with test-user -- touch /home/test-user/xyz PASSWORD=xEhErW0ndafV4s homectl with test-user -- test -f /home/test-user/xyz PASSWORD=xEhErW0ndafV4s homectl with test-user -- rm /home/test-user/xyz PASSWORD=xEhErW0ndafV4s homectl with test-user -- test ! -f /home/test-user/xyz -PASSWORD=xEhErW0ndafV4s homectl with test-user -- test -f /home/test-user/xyz \ - && { echo 'unexpected success'; exit 1; } +(! PASSWORD=xEhErW0ndafV4s homectl with test-user -- test -f /home/test-user/xyz) wait_for_state test-user inactive homectl remove test-user diff --git a/test/units/testsuite-50.sh b/test/units/testsuite-50.sh index f6b2467a989..75cb4c49b2e 100755 --- a/test/units/testsuite-50.sh +++ b/test/units/testsuite-50.sh @@ -398,8 +398,8 @@ systemctl is-active testservice-50e.service # ExtensionDirectories will set up an overlay mkdir -p "${image_dir}/app0" "${image_dir}/app1" "${image_dir}/app-nodistro" -systemd-run -P --property ExtensionDirectories="${image_dir}/nonexistent" --property RootImage="${image}.raw" cat /opt/script0.sh && { echo 'unexpected success'; exit 1; } -systemd-run -P --property ExtensionDirectories="${image_dir}/app0" --property RootImage="${image}.raw" cat /opt/script0.sh && { echo 'unexpected success'; exit 1; } +(! systemd-run -P --property ExtensionDirectories="${image_dir}/nonexistent" --property RootImage="${image}.raw" cat /opt/script0.sh) +(! systemd-run -P --property ExtensionDirectories="${image_dir}/app0" --property RootImage="${image}.raw" cat /opt/script0.sh) systemd-dissect --mount /usr/share/app0.raw "${image_dir}/app0" systemd-dissect --mount /usr/share/app1.raw "${image_dir}/app1" systemd-dissect --mount /usr/share/app-nodistro.raw "${image_dir}/app-nodistro" @@ -446,7 +446,7 @@ mkdir -p /run/extensions/app-reject/usr/lib/{extension-release.d/,systemd/system echo "ID=_any" >/run/extensions/app-reject/usr/lib/extension-release.d/extension-release.app-reject echo "ID=_any" >/run/extensions/app-reject/usr/lib/os-release touch /run/extensions/app-reject/usr/lib/systemd/system/other_file -systemd-sysext merge && { echo 'unexpected success'; exit 1; } +(! systemd-sysext merge) test ! -e /usr/lib/systemd/system/some_file test ! -e /usr/lib/systemd/system/other_file systemd-sysext unmerge @@ -515,14 +515,14 @@ mkdir -p /run/confexts/test/etc/extension-release.d echo "ID=_any" >/run/confexts/test/etc/extension-release.d/extension-release.test echo "ARCHITECTURE=_any" >>/run/confexts/test/etc/extension-release.d/extension-release.test echo "MARKER_CONFEXT_123" >/run/confexts/test/etc/testfile -cat </run/confexts/test/etc/testscript +cat </run/confexts/test/etc/testscript #!/bin/bash echo "This should not happen" EOF chmod +x /run/confexts/test/etc/testscript systemd-confext merge grep -q -F "MARKER_CONFEXT_123" /etc/testfile -/etc/testscript && { echo 'unexpected success'; exit 1; } +(! /etc/testscript) systemd-confext status systemd-confext unmerge rm -rf /run/confexts/ diff --git a/test/units/testsuite-54.sh b/test/units/testsuite-54.sh index 4f9a0c2877e..ec0c43b9098 100755 --- a/test/units/testsuite-54.sh +++ b/test/units/testsuite-54.sh @@ -7,14 +7,15 @@ systemd-analyze log-level debug # Verify that the creds are properly loaded and we can read them from the service's unpriv user systemd-run -p LoadCredential=passwd:/etc/passwd \ - -p LoadCredential=shadow:/etc/shadow \ - -p SetCredential=dog:wuff \ - -p DynamicUser=1 \ - --unit=test-54-unpriv.service \ - --wait \ - --pipe \ - cat '${CREDENTIALS_DIRECTORY}/passwd' '${CREDENTIALS_DIRECTORY}/shadow' '${CREDENTIALS_DIRECTORY}/dog' >/tmp/ts54-concat -( cat /etc/passwd /etc/shadow && echo -n wuff ) | cmp /tmp/ts54-concat + -p LoadCredential=shadow:/etc/shadow \ + -p SetCredential=dog:wuff \ + -p DynamicUser=1 \ + --unit=test-54-unpriv.service \ + --wait \ + --pipe \ + cat '${CREDENTIALS_DIRECTORY}/passwd' '${CREDENTIALS_DIRECTORY}/shadow' '${CREDENTIALS_DIRECTORY}/dog' \ + >/tmp/ts54-concat +(cat /etc/passwd /etc/shadow && echo -n wuff) | cmp /tmp/ts54-concat rm /tmp/ts54-concat # Test that SetCredential= acts as fallback for LoadCredential= @@ -72,22 +73,20 @@ if [ "$expected_credential" != "" ] ; then systemd-run -p AssertCredential="$expected_credential" -p Type=oneshot true # And this should fail - systemd-run -p AssertCredential="undefinedcredential" -p Type=oneshot true && { echo 'unexpected success'; exit 1; } + (! systemd-run -p AssertCredential="undefinedcredential" -p Type=oneshot true) fi # Verify that the creds are immutable -systemd-run -p LoadCredential=passwd:/etc/passwd \ - -p DynamicUser=1 \ - --unit=test-54-immutable-touch.service \ - --wait \ - touch '${CREDENTIALS_DIRECTORY}/passwd' \ - && { echo 'unexpected success'; exit 1; } -systemd-run -p LoadCredential=passwd:/etc/passwd \ - -p DynamicUser=1 \ - --unit=test-54-immutable-rm.service \ - --wait \ - rm '${CREDENTIALS_DIRECTORY}/passwd' \ - && { echo 'unexpected success'; exit 1; } +(! systemd-run -p LoadCredential=passwd:/etc/passwd \ + -p DynamicUser=1 \ + --unit=test-54-immutable-touch.service \ + --wait \ + touch '${CREDENTIALS_DIRECTORY}/passwd') +(! systemd-run -p LoadCredential=passwd:/etc/passwd \ + -p DynamicUser=1 \ + --unit=test-54-immutable-rm.service \ + --wait \ + rm '${CREDENTIALS_DIRECTORY}/passwd') # Check directory-based loading mkdir -p /tmp/ts54-creds/sub @@ -96,14 +95,14 @@ echo -n b >/tmp/ts54-creds/bar echo -n c >/tmp/ts54-creds/baz echo -n d >/tmp/ts54-creds/sub/qux systemd-run -p LoadCredential=cred:/tmp/ts54-creds \ - -p DynamicUser=1 \ - --unit=test-54-dir.service \ - --wait \ - --pipe \ - cat '${CREDENTIALS_DIRECTORY}/cred_foo' \ - '${CREDENTIALS_DIRECTORY}/cred_bar' \ - '${CREDENTIALS_DIRECTORY}/cred_baz' \ - '${CREDENTIALS_DIRECTORY}/cred_sub_qux' >/tmp/ts54-concat + -p DynamicUser=1 \ + --unit=test-54-dir.service \ + --wait \ + --pipe \ + cat '${CREDENTIALS_DIRECTORY}/cred_foo' \ + '${CREDENTIALS_DIRECTORY}/cred_bar' \ + '${CREDENTIALS_DIRECTORY}/cred_baz' \ + '${CREDENTIALS_DIRECTORY}/cred_sub_qux' >/tmp/ts54-concat ( echo -n abcd ) | cmp /tmp/ts54-concat rm /tmp/ts54-concat rm -rf /tmp/ts54-creds @@ -115,18 +114,18 @@ if systemctl --version | grep -q -- +OPENSSL ; then systemd-creds decrypt --name=test-54 /tmp/test-54-ciphertext | cmp /tmp/test-54-plaintext systemd-run -p LoadCredentialEncrypted=test-54:/tmp/test-54-ciphertext \ - --wait \ - --pipe \ - cat '${CREDENTIALS_DIRECTORY}/test-54' | cmp /tmp/test-54-plaintext + --wait \ + --pipe \ + cat '${CREDENTIALS_DIRECTORY}/test-54' | cmp /tmp/test-54-plaintext echo -n $RANDOM >/tmp/test-54-plaintext systemd-creds encrypt --name=test-54 /tmp/test-54-plaintext /tmp/test-54-ciphertext systemd-creds decrypt --name=test-54 /tmp/test-54-ciphertext | cmp /tmp/test-54-plaintext systemd-run -p SetCredentialEncrypted=test-54:"$(cat /tmp/test-54-ciphertext)" \ - --wait \ - --pipe \ - cat '${CREDENTIALS_DIRECTORY}/test-54' | cmp /tmp/test-54-plaintext + --wait \ + --pipe \ + cat '${CREDENTIALS_DIRECTORY}/test-54' | cmp /tmp/test-54-plaintext rm /tmp/test-54-plaintext /tmp/test-54-ciphertext fi diff --git a/test/units/testsuite-56.sh b/test/units/testsuite-56.sh index ffdd3528725..f81c6ddf1f7 100755 --- a/test/units/testsuite-56.sh +++ b/test/units/testsuite-56.sh @@ -35,15 +35,13 @@ systemd-run --wait --unit=two -p Type=notify -p ExitType=cgroup \ /tmp/test56-exit-cgroup.sh 'systemctl stop two' # false exec condition: systemd-run should exit immediately with status code: 1 -systemd-run --wait --unit=three -p Type=notify -p ExitType=cgroup \ +(! systemd-run --wait --unit=three -p Type=notify -p ExitType=cgroup \ -p ExecCondition=false \ - /tmp/test56-exit-cgroup.sh \ - && { echo 'unexpected success'; exit 1; } + /tmp/test56-exit-cgroup.sh) # service should exit uncleanly (main process exits with SIGKILL) -systemd-run --wait --unit=four -p Type=notify -p ExitType=cgroup \ - /tmp/test56-exit-cgroup.sh 'systemctl kill --signal 9 four' \ - && { echo 'unexpected success'; exit 1; } +(! systemd-run --wait --unit=four -p Type=notify -p ExitType=cgroup \ + /tmp/test56-exit-cgroup.sh 'systemctl kill --signal 9 four') # Multiple level process tree, parent process exits quickly diff --git a/test/units/testsuite-65.sh b/test/units/testsuite-65.sh index cf3a8564136..2ad7b9a4394 100755 --- a/test/units/testsuite-65.sh +++ b/test/units/testsuite-65.sh @@ -179,16 +179,13 @@ EOF set +e # Default behaviour is to recurse through all dependencies when unit is loaded -systemd-analyze verify --root=/tmp/img/ testfile.service \ - && { echo 'unexpected success'; exit 1; } +(! systemd-analyze verify --root=/tmp/img/ testfile.service) # As above, recurses through all dependencies when unit is loaded -systemd-analyze verify --recursive-errors=yes --root=/tmp/img/ testfile.service \ - && { echo 'unexpected success'; exit 1; } +(! systemd-analyze verify --recursive-errors=yes --root=/tmp/img/ testfile.service) # Recurses through unit file and its direct dependencies when unit is loaded -systemd-analyze verify --recursive-errors=one --root=/tmp/img/ testfile.service \ - && { echo 'unexpected success'; exit 1; } +(! systemd-analyze verify --recursive-errors=one --root=/tmp/img/ testfile.service) set -e @@ -218,8 +215,7 @@ systemd-analyze verify --recursive-errors=no /tmp/testfile2.service set +e # Non-zero exit status since all associated dependencies are recursively loaded when the unit file is loaded -systemd-analyze verify --recursive-errors=yes /tmp/testfile2.service \ - && { echo 'unexpected success'; exit 1; } +(! systemd-analyze verify --recursive-errors=yes /tmp/testfile2.service) set -e rm /tmp/testfile.service @@ -241,19 +237,15 @@ rm /tmp/.testfile.service # Alias a unit file's name on disk (see #20061) cp /tmp/testfile.service /tmp/testsrvc -systemd-analyze verify /tmp/testsrvc \ - && { echo 'unexpected success'; exit 1; } +(! systemd-analyze verify /tmp/testsrvc) systemd-analyze verify /tmp/testsrvc:alias.service # Zero exit status since the value used for comparison determine exposure to security threats is by default 100 systemd-analyze security --offline=true /tmp/testfile.service -set +e #The overall exposure level assigned to the unit is greater than the set threshold -systemd-analyze security --threshold=90 --offline=true /tmp/testfile.service \ - && { echo 'unexpected success'; exit 1; } -set -e +(! systemd-analyze security --threshold=90 --offline=true /tmp/testfile.service) # Ensure we print the list of ACLs, see https://github.com/systemd/systemd/issues/23185 systemd-analyze security --offline=true /tmp/testfile.service | grep -q -F "/dev/sda" @@ -744,19 +736,15 @@ systemd-analyze security --threshold=25 --offline=true \ --profile=strict \ --root=/tmp/img/ testfile.service -set +e # The trusted profile doesn't add any sanboxing options -systemd-analyze security --threshold=25 --offline=true \ +(! systemd-analyze security --threshold=25 --offline=true \ --security-policy=/tmp/testfile.json \ --profile=/usr/lib/systemd/portable/profile/trusted/service.conf \ - --root=/tmp/img/ testfile.service \ - && { echo 'unexpected success'; exit 1; } + --root=/tmp/img/ testfile.service) -systemd-analyze security --threshold=50 --offline=true \ +(! systemd-analyze security --threshold=50 --offline=true \ --security-policy=/tmp/testfile.json \ - --root=/tmp/img/ testfile.service \ - && { echo 'unexpected success'; exit 1; } -set -e + --root=/tmp/img/ testfile.service) rm /tmp/img/usr/lib/systemd/system/testfile.service @@ -833,7 +821,7 @@ systemd-analyze image-policy 'home=encrypted:usr=verity' 2>&1 | grep -q -e '^usr systemd-analyze image-policy 'home=encrypted:usr=verity' 2>&1 | grep -q -e '^root \+ignore \+' systemd-analyze image-policy 'home=encrypted:usr=verity' 2>&1 | grep -q -e '^usr-verity \+unprotected \+' -(! systemd-analyze image-policy 'doedel' ) +(! systemd-analyze image-policy 'doedel') systemd-analyze log-level info diff --git a/test/units/testsuite-70.sh b/test/units/testsuite-70.sh index 8fd23542951..3c87d04d4cd 100755 --- a/test/units/testsuite-70.sh +++ b/test/units/testsuite-70.sh @@ -21,7 +21,7 @@ env PASSWORD=passphrase systemd-cryptenroll --tpm2-device=auto $img # Check with wrong PCR tpm2_pcrextend 7:sha256=0000000000000000000000000000000000000000000000000000000000000000 -/usr/lib/systemd/systemd-cryptsetup attach test-volume $img - tpm2-device=auto,headless=1 && { echo 'unexpected success'; exit 1; } +(! /usr/lib/systemd/systemd-cryptsetup attach test-volume $img - tpm2-device=auto,headless=1) # Enroll unlock with PCR+PIN policy systemd-cryptenroll --wipe-slot=tpm2 $img @@ -30,7 +30,8 @@ env PIN=123456 /usr/lib/systemd/systemd-cryptsetup attach test-volume $img - tpm /usr/lib/systemd/systemd-cryptsetup detach test-volume # Check failure with wrong PIN -env PIN=123457 /usr/lib/systemd/systemd-cryptsetup attach test-volume $img - tpm2-device=auto,headless=1 && { echo 'unexpected success'; exit 1; } +(! env PIN=123457 /usr/lib/systemd/systemd-cryptsetup attach test-volume $img - tpm2-device=auto,headless=1) + # Check LUKS2 token plugin unlock (i.e. without specifying tpm2-device=auto) if cryptsetup --help | grep -q 'LUKS2 external token plugin support is compiled-in' && \ @@ -39,14 +40,14 @@ if cryptsetup --help | grep -q 'LUKS2 external token plugin support is compiled- /usr/lib/systemd/systemd-cryptsetup detach test-volume # Check failure with wrong PIN - env PIN=123457 /usr/lib/systemd/systemd-cryptsetup attach test-volume $img - headless=1 && { echo 'unexpected success'; exit 1; } + (! env PIN=123457 /usr/lib/systemd/systemd-cryptsetup attach test-volume $img - headless=1) else echo 'cryptsetup has no LUKS2 token plugin support, skipping' fi # Check failure with wrong PCR (and correct PIN) tpm2_pcrextend 7:sha256=0000000000000000000000000000000000000000000000000000000000000000 -env PIN=123456 /usr/lib/systemd/systemd-cryptsetup attach test-volume $img - tpm2-device=auto,headless=1 && { echo 'unexpected success'; exit 1; } +(! env PIN=123456 /usr/lib/systemd/systemd-cryptsetup attach test-volume $img - tpm2-device=auto,headless=1) # Enroll unlock with PCR 0+7 systemd-cryptenroll --wipe-slot=tpm2 $img @@ -119,7 +120,7 @@ if [ -e /usr/lib/systemd/systemd-measure ] && \ # Invalidate PCR, decrypting should fail now tpm2_pcrextend 11:sha256=0000000000000000000000000000000000000000000000000000000000000000 - systemd-creds decrypt /tmp/pcrtestdata.encrypted - --tpm2-signature="/tmp/pcrsign.sig" >/dev/null && { echo 'unexpected success'; exit 1; } + (! systemd-creds decrypt /tmp/pcrtestdata.encrypted - --tpm2-signature="/tmp/pcrsign.sig" >/dev/null) # Sign new PCR state, decrypting should work now. /usr/lib/systemd/systemd-measure sign --current "${MEASURE_BANKS[@]}" --private-key="/tmp/pcrsign-private.pem" --public-key="/tmp/pcrsign-public.pem" --phase=: >"/tmp/pcrsign.sig2" @@ -146,8 +147,8 @@ if [ -e /usr/lib/systemd/systemd-measure ] && \ # After extending the PCR things should fail tpm2_pcrextend 11:sha256=0000000000000000000000000000000000000000000000000000000000000000 - SYSTEMD_CRYPTSETUP_USE_TOKEN_MODULE=0 /usr/lib/systemd/systemd-cryptsetup attach test-volume2 $img - tpm2-device=auto,tpm2-signature="/tmp/pcrsign.sig2",headless=1 && { echo 'unexpected success'; exit 1; } - SYSTEMD_CRYPTSETUP_USE_TOKEN_MODULE=1 /usr/lib/systemd/systemd-cryptsetup attach test-volume2 $img - tpm2-device=auto,tpm2-signature="/tmp/pcrsign.sig2",headless=1 && { echo 'unexpected success'; exit 1; } + (! SYSTEMD_CRYPTSETUP_USE_TOKEN_MODULE=0 /usr/lib/systemd/systemd-cryptsetup attach test-volume2 $img - tpm2-device=auto,tpm2-signature="/tmp/pcrsign.sig2",headless=1) + (! SYSTEMD_CRYPTSETUP_USE_TOKEN_MODULE=1 /usr/lib/systemd/systemd-cryptsetup attach test-volume2 $img - tpm2-device=auto,tpm2-signature="/tmp/pcrsign.sig2",headless=1) # But once we sign the current PCRs, we should be able to unlock again /usr/lib/systemd/systemd-measure sign --current "${MEASURE_BANKS[@]}" --private-key="/tmp/pcrsign-private.pem" --public-key="/tmp/pcrsign-public.pem" --phase=: >"/tmp/pcrsign.sig3" @@ -162,7 +163,7 @@ if [ -e /usr/lib/systemd/systemd-measure ] && \ # Sign one more phase, this should /usr/lib/systemd/systemd-measure sign --current "${MEASURE_BANKS[@]}" --private-key="/tmp/pcrsign-private.pem" --public-key="/tmp/pcrsign-public.pem" --phase=quux:waldo --append="/tmp/pcrsign.sig4" >"/tmp/pcrsign.sig5" - ( ! cmp "/tmp/pcrsign.sig4" "/tmp/pcrsign.sig5" ) + (! cmp "/tmp/pcrsign.sig4" "/tmp/pcrsign.sig5") # Should still be good to unlock, given the old entry still exists SYSTEMD_CRYPTSETUP_USE_TOKEN_MODULE=0 /usr/lib/systemd/systemd-cryptsetup attach test-volume2 $img - tpm2-device=auto,tpm2-signature="/tmp/pcrsign.sig5",headless=1 @@ -226,63 +227,63 @@ echo -n password >/tmp/password cryptsetup luksFormat -q --pbkdf pbkdf2 --pbkdf-force-iterations 1000 --use-urandom $img_2 /tmp/password #boolean_arguments -systemd-cryptenroll --fido2-with-client-pin=false && { echo 'unexpected success'; exit 1; } +(! systemd-cryptenroll --fido2-with-client-pin=false) -systemd-cryptenroll --fido2-with-user-presence=f $img_2 /tmp/foo && { echo 'unexpected success'; exit 1; } +(! systemd-cryptenroll --fido2-with-user-presence=f $img_2 /tmp/foo) -systemd-cryptenroll --fido2-with-client-pin=1234 $img_2 && { echo 'unexpected success'; exit 1; } +(! systemd-cryptenroll --fido2-with-client-pin=1234 $img_2) systemd-cryptenroll --fido2-with-client-pin=false $img_2 -systemd-cryptenroll --fido2-with-user-presence=1234 $img_2 && { echo 'unexpected success'; exit 1; } +(! systemd-cryptenroll --fido2-with-user-presence=1234 $img_2) systemd-cryptenroll --fido2-with-user-presence=false $img_2 -systemd-cryptenroll --fido2-with-user-verification=1234 $img_2 && { echo 'unexpected success'; exit 1; } +(! systemd-cryptenroll --fido2-with-user-verification=1234 $img_2) -systemd-cryptenroll --tpm2-with-pin=1234 $img_2 && { echo 'unexpected success'; exit 1; } +(! systemd-cryptenroll --tpm2-with-pin=1234 $img_2) systemd-cryptenroll --fido2-with-user-verification=false $img_2 #arg_enroll_type -systemd-cryptenroll --recovery-key --password $img_2 && { echo 'unexpected success'; exit 1; } +(! systemd-cryptenroll --recovery-key --password $img_2) -systemd-cryptenroll --password --recovery-key $img_2 && { echo 'unexpected success'; exit 1; } +(! systemd-cryptenroll --password --recovery-key $img_2) -systemd-cryptenroll --password --fido2-device=auto $img_2 && { echo 'unexpected success'; exit 1; } +(! systemd-cryptenroll --password --fido2-device=auto $img_2) -systemd-cryptenroll --password --pkcs11-token-uri=auto $img_2 && { echo 'unexpected success'; exit 1; } +(! systemd-cryptenroll --password --pkcs11-token-uri=auto $img_2) -systemd-cryptenroll --password --tpm2-device=auto $img_2 && { echo 'unexpected success'; exit 1; } +(! systemd-cryptenroll --password --tpm2-device=auto $img_2) #arg_unlock_type -systemd-cryptenroll --unlock-fido2-device=auto --unlock-fido2-device=auto $img_2 && { echo 'unexpected success'; exit 1; } +(! systemd-cryptenroll --unlock-fido2-device=auto --unlock-fido2-device=auto $img_2) -systemd-cryptenroll --unlock-fido2-device=auto --unlock-key-file=/tmp/unlock $img_2 && { echo 'unexpected success'; exit 1; } +(! systemd-cryptenroll --unlock-fido2-device=auto --unlock-key-file=/tmp/unlock $img_2) #fido2_cred_algorithm -systemd-cryptenroll --fido2-credential-algorithm=es512 $img_2 && { echo 'unexpected success'; exit 1; } +(! systemd-cryptenroll --fido2-credential-algorithm=es512 $img_2) #tpm2_errors -systemd-cryptenroll --tpm2-public-key-pcrs=key $img_2 && { echo 'unexpected success'; exit 1; } +(! systemd-cryptenroll --tpm2-public-key-pcrs=key $img_2) -systemd-cryptenroll --tpm2-pcrs=key $img_2 && { echo 'unexpected success'; exit 1; } +(! systemd-cryptenroll --tpm2-pcrs=key $img_2) -systemd-cryptenroll --tpm2-pcrs=44+8 $img_2 && { echo 'unexpected success'; exit 1; } +(! systemd-cryptenroll --tpm2-pcrs=44+8 $img_2) systemd-cryptenroll --tpm2-pcrs=8 $img_2 -systemd-cryptenroll --tpm2-pcrs=hello $img_2 && { echo 'unexpected success'; exit 1; } +(! systemd-cryptenroll --tpm2-pcrs=hello $img_2) systemd-cryptenroll --tpm2-pcrs=boot-loader-code+boot-loader-config $img_2 #wipe_slots -systemd-cryptenroll --wipe-slot $img_2 && { echo 'unexpected success'; exit 1; } +(! systemd-cryptenroll --wipe-slot $img_2) -systemd-cryptenroll --wipe-slot=10240000 $img_2 && { echo 'unexpected success'; exit 1; } +(! systemd-cryptenroll --wipe-slot=10240000 $img_2) #fido2_multiple_auto -systemd-cryptenroll --fido2-device=auto --unlock-fido2-device=auto $img_2 && { echo 'unexpected success'; exit 1; } +(! systemd-cryptenroll --fido2-device=auto --unlock-fido2-device=auto $img_2) echo OK >/testok