From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Mon, 15 Apr 2024 18:27:32 +0000 (+0200)
Subject: test: split some overly long lines
X-Git-Tag: v256-rc1~165^2~2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=5d259f1236ffb1446ce68b09cea3bb3670b486b5;p=thirdparty%2Fsystemd.git

test: split some overly long lines

Let's get the line count back up again by splitting some overly long
lines in hopes to make the code slightly more readable.
---

diff --git a/test/units/testsuite-50.DDI.sh b/test/units/testsuite-50.DDI.sh
index 51f8d5dea28..42c9a4312ae 100755
--- a/test/units/testsuite-50.DDI.sh
+++ b/test/units/testsuite-50.DDI.sh
@@ -14,13 +14,24 @@ if [[ -z "${OPENSSL_CONFIG:?}" ]] || ! command -v mksquashfs &>/dev/null; then
     exit 0
 fi
 
-openssl req -config "$OPENSSL_CONFIG" -subj="/CN=waldo" -x509 -sha256 -nodes -days 365 -newkey rsa:4096 -keyout /tmp/test-50-privkey.key -out /tmp/test-50-cert.crt
+openssl req -config "$OPENSSL_CONFIG" -subj="/CN=waldo" \
+            -x509 -sha256 -nodes -days 365 -newkey rsa:4096 \
+            -keyout /tmp/test-50-privkey.key -out /tmp/test-50-cert.crt
 mkdir -p /tmp/test-50-confext/etc/extension-release.d/
 echo "foobar50" >/tmp/test-50-confext/etc/waldo
-(grep -e '^\(ID\|VERSION_ID\)=' /etc/os-release; echo IMAGE_ID=waldo; echo IMAGE_VERSION=7) >/tmp/test-50-confext/etc/extension-release.d/extension-release.waldo
+{
+    grep -e '^\(ID\|VERSION_ID\)=' /etc/os-release
+    echo IMAGE_ID=waldo
+    echo IMAGE_VERSION=7
+} >/tmp/test-50-confext/etc/extension-release.d/extension-release.waldo
 mkdir -p /run/confexts
 
-SYSTEMD_REPART_OVERRIDE_FSTYPE=squashfs systemd-repart -C -s /tmp/test-50-confext --certificate=/tmp/test-50-cert.crt --private-key=/tmp/test-50-privkey.key /run/confexts/waldo.confext.raw
+SYSTEMD_REPART_OVERRIDE_FSTYPE=squashfs \
+    systemd-repart -C \
+                   -s /tmp/test-50-confext \
+                   --certificate=/tmp/test-50-cert.crt \
+                   --private-key=/tmp/test-50-privkey.key \
+                   /run/confexts/waldo.confext.raw
 rm -rf /tmp/test-50-confext
 
 mkdir -p /run/verity.d
@@ -37,10 +48,19 @@ mkdir -p /tmp/test-50-sysext/usr/lib/extension-release.d/
 # Make sure the sysext is big enough to not fit in the minimum partition size of repart so we know the
 # Minimize= logic is working.
 truncate --size=50M /tmp/test-50-sysext/usr/waldo
-(grep -e '^\(ID\|VERSION_ID\)=' /etc/os-release; echo IMAGE_ID=waldo; echo IMAGE_VERSION=7) >/tmp/test-50-sysext/usr/lib/extension-release.d/extension-release.waldo
+{
+    grep -e '^\(ID\|VERSION_ID\)=' /etc/os-release
+    echo IMAGE_ID=waldo
+    echo IMAGE_VERSION=7
+} >/tmp/test-50-sysext/usr/lib/extension-release.d/extension-release.waldo
 mkdir -p /run/extensions
 
-SYSTEMD_REPART_OVERRIDE_FSTYPE=squashfs systemd-repart -S -s /tmp/test-50-sysext --certificate=/tmp/test-50-cert.crt --private-key=/tmp/test-50-privkey.key /run/extensions/waldo.sysext.raw
+SYSTEMD_REPART_OVERRIDE_FSTYPE=squashfs \
+    systemd-repart -S \
+                   -s /tmp/test-50-sysext \
+                   --certificate=/tmp/test-50-cert.crt \
+                   --private-key=/tmp/test-50-privkey.key \
+                   /run/extensions/waldo.sysext.raw
 
 systemd-dissect --mtree /run/extensions/waldo.sysext.raw
 systemd-sysext refresh
diff --git a/test/units/testsuite-50.dissect.sh b/test/units/testsuite-50.dissect.sh
index c63fd1f297e..a1c1c42b968 100755
--- a/test/units/testsuite-50.dissect.sh
+++ b/test/units/testsuite-50.dissect.sh
@@ -9,13 +9,16 @@ set -o pipefail
 # shellcheck source=test/units/util.sh
 . "$(dirname "$0")"/util.sh
 
-systemd-dissect --json=short "$MINIMAL_IMAGE.raw" | grep -q -F '{"rw":"ro","designator":"root","partition_uuid":null,"partition_label":null,"fstype":"squashfs","architecture":null,"verity":"external"'
+systemd-dissect --json=short "$MINIMAL_IMAGE.raw" | \
+    grep -q -F '{"rw":"ro","designator":"root","partition_uuid":null,"partition_label":null,"fstype":"squashfs","architecture":null,"verity":"external"'
 systemd-dissect "$MINIMAL_IMAGE.raw" | grep -q -F "MARKER=1"
 systemd-dissect "$MINIMAL_IMAGE.raw" | grep -q -F -f <(sed 's/"//g' "$OS_RELEASE")
 
 systemd-dissect --list "$MINIMAL_IMAGE.raw" | grep -q '^etc/os-release$'
-systemd-dissect --mtree "$MINIMAL_IMAGE.raw" --mtree-hash yes | grep -qe "^./usr/bin/cat type=file mode=0755 uid=0 gid=0 size=[0-9]* sha256sum=[a-z0-9]*$"
-systemd-dissect --mtree "$MINIMAL_IMAGE.raw" --mtree-hash no  | grep -qe "^./usr/bin/cat type=file mode=0755 uid=0 gid=0 size=[0-9]*$"
+systemd-dissect --mtree "$MINIMAL_IMAGE.raw" --mtree-hash yes | \
+    grep -qe "^./usr/bin/cat type=file mode=0755 uid=0 gid=0 size=[0-9]* sha256sum=[a-z0-9]*$"
+systemd-dissect --mtree "$MINIMAL_IMAGE.raw" --mtree-hash no  | \
+    grep -qe "^./usr/bin/cat type=file mode=0755 uid=0 gid=0 size=[0-9]*$"
 
 read -r SHA256SUM1 _ < <(systemd-dissect --copy-from "$MINIMAL_IMAGE.raw" etc/os-release | sha256sum)
 test "$SHA256SUM1" != ""
@@ -36,9 +39,19 @@ fi
 
 mv "$MINIMAL_IMAGE.verity" "$MINIMAL_IMAGE.fooverity"
 mv "$MINIMAL_IMAGE.roothash" "$MINIMAL_IMAGE.foohash"
-systemd-dissect --json=short "$MINIMAL_IMAGE.raw" --root-hash="$MINIMAL_IMAGE_ROOTHASH" --verity-data="$MINIMAL_IMAGE.fooverity" | grep -q -F '{"rw":"ro","designator":"root","partition_uuid":null,"partition_label":null,"fstype":"squashfs","architecture":null,"verity":"external"'
-systemd-dissect "$MINIMAL_IMAGE.raw" --root-hash="$MINIMAL_IMAGE_ROOTHASH" --verity-data="$MINIMAL_IMAGE.fooverity" | grep -q -F "MARKER=1"
-systemd-dissect "$MINIMAL_IMAGE.raw" --root-hash="$MINIMAL_IMAGE_ROOTHASH" --verity-data="$MINIMAL_IMAGE.fooverity" | grep -q -F -f <(sed 's/"//g' "$OS_RELEASE")
+systemd-dissect "$MINIMAL_IMAGE.raw" \
+                --json=short \
+                --root-hash="$MINIMAL_IMAGE_ROOTHASH" \
+                --verity-data="$MINIMAL_IMAGE.fooverity" | \
+                grep -q -F '{"rw":"ro","designator":"root","partition_uuid":null,"partition_label":null,"fstype":"squashfs","architecture":null,"verity":"external"'
+systemd-dissect "$MINIMAL_IMAGE.raw" \
+                --root-hash="$MINIMAL_IMAGE_ROOTHASH" \
+                --verity-data="$MINIMAL_IMAGE.fooverity" | \
+                grep -q -F "MARKER=1"
+systemd-dissect "$MINIMAL_IMAGE.raw" \
+                --root-hash="$MINIMAL_IMAGE_ROOTHASH" \
+                --verity-data="$MINIMAL_IMAGE.fooverity" | \
+                grep -q -F -f <(sed 's/"//g' "$OS_RELEASE")
 mv "$MINIMAL_IMAGE.fooverity" "$MINIMAL_IMAGE.verity"
 mv "$MINIMAL_IMAGE.foohash" "$MINIMAL_IMAGE.roothash"
 
@@ -63,9 +76,17 @@ systemd-dissect --umount "$IMAGE_DIR/mount2"
 systemd-run -P -p RootImage="$MINIMAL_IMAGE.raw" cat /usr/lib/os-release | grep -q -F "MARKER=1"
 mv "$MINIMAL_IMAGE.verity" "$MINIMAL_IMAGE.fooverity"
 mv "$MINIMAL_IMAGE.roothash" "$MINIMAL_IMAGE.foohash"
-systemd-run -P -p RootImage="$MINIMAL_IMAGE.raw" -p RootHash="$MINIMAL_IMAGE.foohash" -p RootVerity="$MINIMAL_IMAGE.fooverity" cat /usr/lib/os-release | grep -q -F "MARKER=1"
+systemd-run -P \
+            -p RootImage="$MINIMAL_IMAGE.raw" \
+            -p RootHash="$MINIMAL_IMAGE.foohash" \
+            -p RootVerity="$MINIMAL_IMAGE.fooverity" \
+            cat /usr/lib/os-release | grep -q -F "MARKER=1"
 # Let's use the long option name just here as a test
-systemd-run -P --property RootImage="$MINIMAL_IMAGE.raw" --property RootHash="$MINIMAL_IMAGE_ROOTHASH" --property RootVerity="$MINIMAL_IMAGE.fooverity" cat /usr/lib/os-release | grep -q -F "MARKER=1"
+systemd-run -P \
+            --property RootImage="$MINIMAL_IMAGE.raw" \
+            --property RootHash="$MINIMAL_IMAGE_ROOTHASH" \
+            --property RootVerity="$MINIMAL_IMAGE.fooverity" \
+            cat /usr/lib/os-release | grep -q -F "MARKER=1"
 mv "$MINIMAL_IMAGE.fooverity" "$MINIMAL_IMAGE.verity"
 mv "$MINIMAL_IMAGE.foohash" "$MINIMAL_IMAGE.roothash"
 
@@ -73,10 +94,19 @@ mv "$MINIMAL_IMAGE.foohash" "$MINIMAL_IMAGE.roothash"
 ROOT_UUID="$(systemd-id128 -u show "$(head -c 32 "$MINIMAL_IMAGE.roothash")" -u | tail -n 1 | cut -b 6-)"
 VERITY_UUID="$(systemd-id128 -u show "$(tail -c 32 "$MINIMAL_IMAGE.roothash")" -u | tail -n 1 | cut -b 6-)"
 
-systemd-dissect --json=short --root-hash "$MINIMAL_IMAGE_ROOTHASH" "$MINIMAL_IMAGE.gpt" | grep -q '{"rw":"ro","designator":"root","partition_uuid":"'"$ROOT_UUID"'","partition_label":"Root Partition","fstype":"squashfs","architecture":"'"$ARCHITECTURE"'","verity":"signed",'
-systemd-dissect --json=short --root-hash "$MINIMAL_IMAGE_ROOTHASH" "$MINIMAL_IMAGE.gpt" | grep -q '{"rw":"ro","designator":"root-verity","partition_uuid":"'"$VERITY_UUID"'","partition_label":"Verity Partition","fstype":"DM_verity_hash","architecture":"'"$ARCHITECTURE"'","verity":null,'
+systemd-dissect --json=short \
+                --root-hash "$MINIMAL_IMAGE_ROOTHASH" \
+                "$MINIMAL_IMAGE.gpt" | \
+                grep -q '{"rw":"ro","designator":"root","partition_uuid":"'"$ROOT_UUID"'","partition_label":"Root Partition","fstype":"squashfs","architecture":"'"$ARCHITECTURE"'","verity":"signed",'
+systemd-dissect --json=short \
+                --root-hash "$MINIMAL_IMAGE_ROOTHASH" \
+                "$MINIMAL_IMAGE.gpt" | \
+                grep -q '{"rw":"ro","designator":"root-verity","partition_uuid":"'"$VERITY_UUID"'","partition_label":"Verity Partition","fstype":"DM_verity_hash","architecture":"'"$ARCHITECTURE"'","verity":null,'
 if [[ -n "${OPENSSL_CONFIG:-}" ]]; then
-    systemd-dissect --json=short --root-hash "$MINIMAL_IMAGE_ROOTHASH" "$MINIMAL_IMAGE.gpt" | grep -q -E '{"rw":"ro","designator":"root-verity-sig","partition_uuid":"'".*"'","partition_label":"Signature Partition","fstype":"verity_hash_signature","architecture":"'"$ARCHITECTURE"'","verity":null,'
+    systemd-dissect --json=short \
+                    --root-hash "$MINIMAL_IMAGE_ROOTHASH" \
+                    "$MINIMAL_IMAGE.gpt" | \
+                    grep -qE '{"rw":"ro","designator":"root-verity-sig","partition_uuid":"'".*"'","partition_label":"Signature Partition","fstype":"verity_hash_signature","architecture":"'"$ARCHITECTURE"'","verity":null,'
 fi
 systemd-dissect --root-hash "$MINIMAL_IMAGE_ROOTHASH" "$MINIMAL_IMAGE.gpt" | grep -q -F "MARKER=1"
 systemd-dissect --root-hash "$MINIMAL_IMAGE_ROOTHASH" "$MINIMAL_IMAGE.gpt" | grep -q -F -f <(sed 's/"//g' "$OS_RELEASE")
@@ -99,14 +129,53 @@ systemd-dissect --validate "$MINIMAL_IMAGE.gpt" --image-policy=root=signed
 (! systemd-dissect --validate "$MINIMAL_IMAGE.gpt" --image-policy=root=signed:root-verity=unused+absent)
 
 # Test RootImagePolicy= unit file setting
-systemd-run --wait -P -p RootImage="$MINIMAL_IMAGE.gpt" -p RootHash="$MINIMAL_IMAGE_ROOTHASH" -p MountAPIVFS=yes cat /usr/lib/os-release | grep -q -F "MARKER=1"
-systemd-run --wait -P -p RootImage="$MINIMAL_IMAGE.gpt" -p RootHash="$MINIMAL_IMAGE_ROOTHASH" -p RootImagePolicy='*' -p MountAPIVFS=yes cat /usr/lib/os-release | grep -q -F "MARKER=1"
-(! systemd-run --wait -P -p RootImage="$MINIMAL_IMAGE.gpt" -p RootHash="$MINIMAL_IMAGE_ROOTHASH" -p RootImagePolicy='~' -p MountAPIVFS=yes cat /usr/lib/os-release | grep -q -F "MARKER=1")
-(! systemd-run --wait -P -p RootImage="$MINIMAL_IMAGE.gpt" -p RootHash="$MINIMAL_IMAGE_ROOTHASH" -p RootImagePolicy='-' -p MountAPIVFS=yes cat /usr/lib/os-release | grep -q -F "MARKER=1")
-(! systemd-run --wait -P -p RootImage="$MINIMAL_IMAGE.gpt" -p RootHash="$MINIMAL_IMAGE_ROOTHASH" -p RootImagePolicy='root=absent' -p MountAPIVFS=yes cat /usr/lib/os-release | grep -q -F "MARKER=1")
-systemd-run --wait -P -p RootImage="$MINIMAL_IMAGE.gpt" -p RootHash="$MINIMAL_IMAGE_ROOTHASH" -p RootImagePolicy='root=verity' -p MountAPIVFS=yes cat /usr/lib/os-release | grep -q -F "MARKER=1"
-systemd-run --wait -P -p RootImage="$MINIMAL_IMAGE.gpt" -p RootHash="$MINIMAL_IMAGE_ROOTHASH" -p RootImagePolicy='root=signed' -p MountAPIVFS=yes cat /usr/lib/os-release | grep -q -F "MARKER=1"
-(! systemd-run --wait -P -p RootImage="$MINIMAL_IMAGE.gpt" -p RootHash="$MINIMAL_IMAGE_ROOTHASH" -p RootImagePolicy='root=encrypted' -p MountAPIVFS=yes cat /usr/lib/os-release | grep -q -F "MARKER=1")
+systemd-run --wait -P \
+            -p RootImage="$MINIMAL_IMAGE.gpt" \
+            -p RootHash="$MINIMAL_IMAGE_ROOTHASH" \
+            -p MountAPIVFS=yes \
+            cat /usr/lib/os-release | grep -q -F "MARKER=1"
+systemd-run --wait -P \
+            -p RootImage="$MINIMAL_IMAGE.gpt" \
+            -p RootHash="$MINIMAL_IMAGE_ROOTHASH" \
+            -p RootImagePolicy='*' \
+            -p MountAPIVFS=yes \
+            cat /usr/lib/os-release | grep -q -F "MARKER=1"
+(! systemd-run --wait -P \
+               -p RootImage="$MINIMAL_IMAGE.gpt" \
+               -p RootHash="$MINIMAL_IMAGE_ROOTHASH" \
+               -p RootImagePolicy='~' \
+               -p MountAPIVFS=yes \
+               cat /usr/lib/os-release | grep -q -F "MARKER=1")
+(! systemd-run --wait -P \
+               -p RootImage="$MINIMAL_IMAGE.gpt" \
+               -p RootHash="$MINIMAL_IMAGE_ROOTHASH" \
+               -p RootImagePolicy='-' \
+               -p MountAPIVFS=yes \
+               cat /usr/lib/os-release | grep -q -F "MARKER=1")
+(! systemd-run --wait -P \
+               -p RootImage="$MINIMAL_IMAGE.gpt" \
+               -p RootHash="$MINIMAL_IMAGE_ROOTHASH" \
+               -p RootImagePolicy='root=absent' \
+               -p MountAPIVFS=yes \
+               cat /usr/lib/os-release | grep -q -F "MARKER=1")
+systemd-run --wait -P \
+            -p RootImage="$MINIMAL_IMAGE.gpt" \
+            -p RootHash="$MINIMAL_IMAGE_ROOTHASH" \
+            -p RootImagePolicy='root=verity' \
+            -p MountAPIVFS=yes \
+            cat /usr/lib/os-release | grep -q -F "MARKER=1"
+systemd-run --wait -P \
+            -p RootImage="$MINIMAL_IMAGE.gpt" \
+            -p RootHash="$MINIMAL_IMAGE_ROOTHASH" \
+            -p RootImagePolicy='root=signed' \
+            -p MountAPIVFS=yes \
+            cat /usr/lib/os-release | grep -q -F "MARKER=1"
+(! systemd-run --wait -P \
+               -p RootImage="$MINIMAL_IMAGE.gpt" \
+               -p RootHash="$MINIMAL_IMAGE_ROOTHASH" \
+               -p RootImagePolicy='root=encrypted' \
+               -p MountAPIVFS=yes \
+               cat /usr/lib/os-release | grep -q -F "MARKER=1")
 
 systemd-dissect --root-hash "$MINIMAL_IMAGE_ROOTHASH" --mount "$MINIMAL_IMAGE.gpt" "$IMAGE_DIR/mount"
 grep -q -F -f "$OS_RELEASE" "$IMAGE_DIR/mount/usr/lib/os-release"
@@ -121,10 +190,19 @@ grep -q -F "MARKER=1" "$IMAGE_DIR/mount/usr/lib/os-release"
 systemd-dissect --umount "$IMAGE_DIR/mount"
 
 # add explicit -p MountAPIVFS=yes once to test the parser
-systemd-run -P -p RootImage="$MINIMAL_IMAGE.gpt" -p RootHash="$MINIMAL_IMAGE_ROOTHASH" -p MountAPIVFS=yes cat /usr/lib/os-release | grep -q -F "MARKER=1"
-
-systemd-run -P -p RootImage="$MINIMAL_IMAGE.raw" -p RootImageOptions="root:nosuid,dev home:ro,dev ro,noatime" mount | grep -F "squashfs" | grep -q -F "nosuid"
-systemd-run -P -p RootImage="$MINIMAL_IMAGE.gpt" -p RootImageOptions="root:ro,noatime root:ro,dev" mount | grep -F "squashfs" | grep -q -F "noatime"
+systemd-run -P \
+            -p RootImage="$MINIMAL_IMAGE.gpt" \
+            -p RootHash="$MINIMAL_IMAGE_ROOTHASH" \
+            -p MountAPIVFS=yes \
+            cat /usr/lib/os-release | grep -q -F "MARKER=1"
+systemd-run -P \
+            -p RootImage="$MINIMAL_IMAGE.raw" \
+            -p RootImageOptions="root:nosuid,dev home:ro,dev ro,noatime" \
+            mount | grep -F "squashfs" | grep -q -F "nosuid"
+systemd-run -P \
+            -p RootImage="$MINIMAL_IMAGE.gpt" \
+            -p RootImageOptions="root:ro,noatime root:ro,dev" \
+            mount | grep -F "squashfs" | grep -q -F "noatime"
 
 mkdir -p "$IMAGE_DIR/result"
 cat >/run/systemd/system/testservice-50a.service <<EOF
@@ -157,18 +235,45 @@ systemctl start testservice-50b.service
 grep -F "squashfs" "$IMAGE_DIR/result/b" | grep -q -F "noatime"
 
 # Check that specifier escape is applied %%foo â %foo
-busctl get-property org.freedesktop.systemd1 /org/freedesktop/systemd1/unit/testservice_2d50b_2eservice org.freedesktop.systemd1.Service RootImageOptions | grep -F "nosuid,dev,%foo"
+busctl get-property org.freedesktop.systemd1 \
+                    /org/freedesktop/systemd1/unit/testservice_2d50b_2eservice \
+                    org.freedesktop.systemd1.Service RootImageOptions | grep -F "nosuid,dev,%foo"
 
 # Now do some checks with MountImages, both by itself, with options and in combination with RootImage, and as single FS or GPT image
-systemd-run -P -p MountImages="$MINIMAL_IMAGE.gpt:/run/img1 $MINIMAL_IMAGE.raw:/run/img2" cat /run/img1/usr/lib/os-release | grep -q -F "MARKER=1"
-systemd-run -P -p MountImages="$MINIMAL_IMAGE.gpt:/run/img1 $MINIMAL_IMAGE.raw:/run/img2" cat /run/img2/usr/lib/os-release | grep -q -F "MARKER=1"
-systemd-run -P -p MountImages="$MINIMAL_IMAGE.gpt:/run/img1 $MINIMAL_IMAGE.raw:/run/img2:nosuid,dev" mount | grep -F "squashfs" | grep -q -F "nosuid"
-systemd-run -P -p MountImages="$MINIMAL_IMAGE.gpt:/run/img1:root:nosuid $MINIMAL_IMAGE.raw:/run/img2:home:suid" mount | grep -F "squashfs" | grep -q -F "nosuid"
-systemd-run -P -p MountImages="$MINIMAL_IMAGE.raw:/run/img2\:3" cat /run/img2:3/usr/lib/os-release | grep -q -F "MARKER=1"
-systemd-run -P -p MountImages="$MINIMAL_IMAGE.raw:/run/img2\:3:nosuid" mount | grep -F "squashfs" | grep -q -F "nosuid"
-systemd-run -P -p TemporaryFileSystem=/run -p RootImage="$MINIMAL_IMAGE.raw" -p MountImages="$MINIMAL_IMAGE.gpt:/run/img1 $MINIMAL_IMAGE.raw:/run/img2" cat /usr/lib/os-release | grep -q -F "MARKER=1"
-systemd-run -P -p TemporaryFileSystem=/run -p RootImage="$MINIMAL_IMAGE.raw" -p MountImages="$MINIMAL_IMAGE.gpt:/run/img1 $MINIMAL_IMAGE.raw:/run/img2" cat /run/img1/usr/lib/os-release | grep -q -F "MARKER=1"
-systemd-run -P -p TemporaryFileSystem=/run -p RootImage="$MINIMAL_IMAGE.gpt" -p RootHash="$MINIMAL_IMAGE_ROOTHASH" -p MountImages="$MINIMAL_IMAGE.gpt:/run/img1 $MINIMAL_IMAGE.raw:/run/img2" cat /run/img2/usr/lib/os-release | grep -q -F "MARKER=1"
+systemd-run -P \
+            -p MountImages="$MINIMAL_IMAGE.gpt:/run/img1 $MINIMAL_IMAGE.raw:/run/img2" \
+            cat /run/img1/usr/lib/os-release | grep -q -F "MARKER=1"
+systemd-run -P \
+            -p MountImages="$MINIMAL_IMAGE.gpt:/run/img1 $MINIMAL_IMAGE.raw:/run/img2" \
+            cat /run/img2/usr/lib/os-release | grep -q -F "MARKER=1"
+systemd-run -P \
+            -p MountImages="$MINIMAL_IMAGE.gpt:/run/img1 $MINIMAL_IMAGE.raw:/run/img2:nosuid,dev" \
+            mount | grep -F "squashfs" | grep -q -F "nosuid"
+systemd-run -P \
+            -p MountImages="$MINIMAL_IMAGE.gpt:/run/img1:root:nosuid $MINIMAL_IMAGE.raw:/run/img2:home:suid" \
+            mount | grep -F "squashfs" | grep -q -F "nosuid"
+systemd-run -P \
+            -p MountImages="$MINIMAL_IMAGE.raw:/run/img2\:3" \
+            cat /run/img2:3/usr/lib/os-release | grep -q -F "MARKER=1"
+systemd-run -P \
+            -p MountImages="$MINIMAL_IMAGE.raw:/run/img2\:3:nosuid" \
+            mount | grep -F "squashfs" | grep -q -F "nosuid"
+systemd-run -P \
+            -p TemporaryFileSystem=/run \
+            -p RootImage="$MINIMAL_IMAGE.raw" \
+            -p MountImages="$MINIMAL_IMAGE.gpt:/run/img1 $MINIMAL_IMAGE.raw:/run/img2" \
+            cat /usr/lib/os-release | grep -q -F "MARKER=1"
+systemd-run -P \
+            -p TemporaryFileSystem=/run \
+            -p RootImage="$MINIMAL_IMAGE.raw" \
+            -p MountImages="$MINIMAL_IMAGE.gpt:/run/img1 $MINIMAL_IMAGE.raw:/run/img2" \
+            cat /run/img1/usr/lib/os-release | grep -q -F "MARKER=1"
+systemd-run -P \
+            -p TemporaryFileSystem=/run \
+            -p RootImage="$MINIMAL_IMAGE.gpt" \
+            -p RootHash="$MINIMAL_IMAGE_ROOTHASH" \
+            -p MountImages="$MINIMAL_IMAGE.gpt:/run/img1 $MINIMAL_IMAGE.raw:/run/img2" \
+            cat /run/img2/usr/lib/os-release | grep -q -F "MARKER=1"
 cat >/run/systemd/system/testservice-50c.service <<EOF
 [Service]
 MountAPIVFS=yes
@@ -222,34 +327,66 @@ done
 systemctl is-active testservice-50d.service
 
 # ExtensionImages will set up an overlay
-systemd-run -P --property ExtensionImages=/usr/share/app0.raw --property RootImage="$MINIMAL_IMAGE.raw" cat /opt/script0.sh | grep -q -F "extension-release.app0"
-systemd-run -P --property ExtensionImages=/usr/share/app0.raw --property RootImage="$MINIMAL_IMAGE.raw" cat /usr/lib/systemd/system/some_file | grep -q -F "MARKER=1"
-systemd-run -P --property ExtensionImages="/usr/share/app0.raw /usr/share/app1.raw" --property RootImage="$MINIMAL_IMAGE.raw" cat /opt/script0.sh | grep -q -F "extension-release.app0"
-systemd-run -P --property ExtensionImages="/usr/share/app0.raw /usr/share/app1.raw" --property RootImage="$MINIMAL_IMAGE.raw" cat /usr/lib/systemd/system/some_file | grep -q -F "MARKER=1"
-systemd-run -P --property ExtensionImages="/usr/share/app0.raw /usr/share/app1.raw" --property RootImage="$MINIMAL_IMAGE.raw" cat /opt/script1.sh | grep -q -F "extension-release.app2"
-systemd-run -P --property ExtensionImages="/usr/share/app0.raw /usr/share/app1.raw" --property RootImage="$MINIMAL_IMAGE.raw" cat /usr/lib/systemd/system/other_file | grep -q -F "MARKER=1"
-systemd-run -P --property ExtensionImages=/usr/share/app-nodistro.raw --property RootImage="$MINIMAL_IMAGE.raw" cat /usr/lib/systemd/system/some_file | grep -q -F "MARKER=1"
-systemd-run -P --property ExtensionImages=/etc/service-scoped-test.raw --property RootImage="$MINIMAL_IMAGE.raw" cat /etc/systemd/system/some_file | grep -q -F "MARKER_CONFEXT_123"
+systemd-run -P \
+            --property ExtensionImages=/usr/share/app0.raw \
+            --property RootImage="$MINIMAL_IMAGE.raw" \
+            cat /opt/script0.sh | grep -q -F "extension-release.app0"
+systemd-run -P \
+            --property ExtensionImages=/usr/share/app0.raw \
+            --property RootImage="$MINIMAL_IMAGE.raw" \
+            cat /usr/lib/systemd/system/some_file | grep -q -F "MARKER=1"
+systemd-run -P \
+            --property ExtensionImages="/usr/share/app0.raw /usr/share/app1.raw" \
+            --property RootImage="$MINIMAL_IMAGE.raw" \
+            cat /opt/script0.sh | grep -q -F "extension-release.app0"
+systemd-run -P \
+            --property ExtensionImages="/usr/share/app0.raw /usr/share/app1.raw" \
+            --property RootImage="$MINIMAL_IMAGE.raw" \
+            cat /usr/lib/systemd/system/some_file | grep -q -F "MARKER=1"
+systemd-run -P \
+            --property ExtensionImages="/usr/share/app0.raw /usr/share/app1.raw" \
+            --property RootImage="$MINIMAL_IMAGE.raw" \
+            cat /opt/script1.sh | grep -q -F "extension-release.app2"
+systemd-run -P \
+            --property ExtensionImages="/usr/share/app0.raw /usr/share/app1.raw" \
+            --property RootImage="$MINIMAL_IMAGE.raw" \
+            cat /usr/lib/systemd/system/other_file | grep -q -F "MARKER=1"
+systemd-run -P \
+            --property ExtensionImages=/usr/share/app-nodistro.raw \
+            --property RootImage="$MINIMAL_IMAGE.raw" \
+            cat /usr/lib/systemd/system/some_file | grep -q -F "MARKER=1"
+systemd-run -P \
+            --property ExtensionImages=/etc/service-scoped-test.raw \
+            --property RootImage="$MINIMAL_IMAGE.raw" \
+            cat /etc/systemd/system/some_file | grep -q -F "MARKER_CONFEXT_123"
 # Check that using a symlink to NAME-VERSION.raw works as long as the symlink has the correct name NAME.raw
 mkdir -p /usr/share/symlink-test/
 cp /usr/share/app-nodistro.raw /usr/share/symlink-test/app-nodistro-v1.raw
 ln -fs /usr/share/symlink-test/app-nodistro-v1.raw /usr/share/symlink-test/app-nodistro.raw
-systemd-run -P --property ExtensionImages=/usr/share/symlink-test/app-nodistro.raw --property RootImage="$MINIMAL_IMAGE.raw" cat /usr/lib/systemd/system/some_file | grep -q -F "MARKER=1"
+systemd-run -P \
+            --property ExtensionImages=/usr/share/symlink-test/app-nodistro.raw \
+            --property RootImage="$MINIMAL_IMAGE.raw" \
+            cat /usr/lib/systemd/system/some_file | grep -q -F "MARKER=1"
 
 # Symlink check again but for confext
 mkdir -p /etc/symlink-test/
 cp /etc/service-scoped-test.raw /etc/symlink-test/service-scoped-test-v1.raw
 ln -fs /etc/symlink-test/service-scoped-test-v1.raw /etc/symlink-test/service-scoped-test.raw
-systemd-run -P --property ExtensionImages=/etc/symlink-test/service-scoped-test.raw --property RootImage="$MINIMAL_IMAGE.raw" cat /etc/systemd/system/some_file | grep -q -F "MARKER_CONFEXT_123"
+systemd-run -P \
+            --property ExtensionImages=/etc/symlink-test/service-scoped-test.raw \
+            --property RootImage="$MINIMAL_IMAGE.raw" \
+            cat /etc/systemd/system/some_file | grep -q -F "MARKER_CONFEXT_123"
 # And again mixing sysext and confext
 systemd-run -P \
     --property ExtensionImages=/usr/share/symlink-test/app-nodistro.raw \
     --property ExtensionImages=/etc/symlink-test/service-scoped-test.raw \
-    --property RootImage="$MINIMAL_IMAGE.raw" cat /etc/systemd/system/some_file | grep -q -F "MARKER_CONFEXT_123"
+    --property RootImage="$MINIMAL_IMAGE.raw" \
+    cat /etc/systemd/system/some_file | grep -q -F "MARKER_CONFEXT_123"
 systemd-run -P \
     --property ExtensionImages=/usr/share/symlink-test/app-nodistro.raw \
     --property ExtensionImages=/etc/symlink-test/service-scoped-test.raw \
-    --property RootImage="$MINIMAL_IMAGE.raw" cat /usr/lib/systemd/system/some_file | grep -q -F "MARKER=1"
+    --property RootImage="$MINIMAL_IMAGE.raw" \
+    cat /usr/lib/systemd/system/some_file | grep -q -F "MARKER=1"
 
 cat >/run/systemd/system/testservice-50e.service <<EOF
 [Service]
@@ -282,20 +419,50 @@ rm -rf "$VDIR"
 
 # ExtensionDirectories will set up an overlay
 mkdir -p "$IMAGE_DIR/app0" "$IMAGE_DIR/app1" "$IMAGE_DIR/app-nodistro" "$IMAGE_DIR/service-scoped-test"
-(! systemd-run -P --property ExtensionDirectories="$IMAGE_DIR/nonexistent" --property RootImage="$MINIMAL_IMAGE.raw" cat /opt/script0.sh)
-(! systemd-run -P --property ExtensionDirectories="$IMAGE_DIR/app0" --property RootImage="$MINIMAL_IMAGE.raw" cat /opt/script0.sh)
+(! systemd-run -P \
+               --property ExtensionDirectories="$IMAGE_DIR/nonexistent" \
+               --property RootImage="$MINIMAL_IMAGE.raw" \
+               cat /opt/script0.sh)
+(! systemd-run -P \
+               --property ExtensionDirectories="$IMAGE_DIR/app0" \
+               --property RootImage="$MINIMAL_IMAGE.raw" \
+               cat /opt/script0.sh)
 systemd-dissect --mount /usr/share/app0.raw "$IMAGE_DIR/app0"
 systemd-dissect --mount /usr/share/app1.raw "$IMAGE_DIR/app1"
 systemd-dissect --mount /usr/share/app-nodistro.raw "$IMAGE_DIR/app-nodistro"
 systemd-dissect --mount /etc/service-scoped-test.raw "$IMAGE_DIR/service-scoped-test"
-systemd-run -P --property ExtensionDirectories="$IMAGE_DIR/app0" --property RootImage="$MINIMAL_IMAGE.raw" cat /opt/script0.sh | grep -q -F "extension-release.app0"
-systemd-run -P --property ExtensionDirectories="$IMAGE_DIR/app0" --property RootImage="$MINIMAL_IMAGE.raw" cat /usr/lib/systemd/system/some_file | grep -q -F "MARKER=1"
-systemd-run -P --property ExtensionDirectories="$IMAGE_DIR/app0 $IMAGE_DIR/app1" --property RootImage="$MINIMAL_IMAGE.raw" cat /opt/script0.sh | grep -q -F "extension-release.app0"
-systemd-run -P --property ExtensionDirectories="$IMAGE_DIR/app0 $IMAGE_DIR/app1" --property RootImage="$MINIMAL_IMAGE.raw" cat /usr/lib/systemd/system/some_file | grep -q -F "MARKER=1"
-systemd-run -P --property ExtensionDirectories="$IMAGE_DIR/app0 $IMAGE_DIR/app1" --property RootImage="$MINIMAL_IMAGE.raw" cat /opt/script1.sh | grep -q -F "extension-release.app2"
-systemd-run -P --property ExtensionDirectories="$IMAGE_DIR/app0 $IMAGE_DIR/app1" --property RootImage="$MINIMAL_IMAGE.raw" cat /usr/lib/systemd/system/other_file | grep -q -F "MARKER=1"
-systemd-run -P --property ExtensionDirectories="$IMAGE_DIR/app-nodistro" --property RootImage="$MINIMAL_IMAGE.raw" cat /usr/lib/systemd/system/some_file | grep -q -F "MARKER=1"
-systemd-run -P --property ExtensionDirectories="$IMAGE_DIR/service-scoped-test" --property RootImage="$MINIMAL_IMAGE.raw" cat /etc/systemd/system/some_file | grep -q -F "MARKER_CONFEXT_123"
+systemd-run -P \
+            --property ExtensionDirectories="$IMAGE_DIR/app0" \
+            --property RootImage="$MINIMAL_IMAGE.raw" \
+            cat /opt/script0.sh | grep -q -F "extension-release.app0"
+systemd-run -P \
+            --property ExtensionDirectories="$IMAGE_DIR/app0" \
+            --property RootImage="$MINIMAL_IMAGE.raw" \
+            cat /usr/lib/systemd/system/some_file | grep -q -F "MARKER=1"
+systemd-run -P \
+            --property ExtensionDirectories="$IMAGE_DIR/app0 $IMAGE_DIR/app1" \
+            --property RootImage="$MINIMAL_IMAGE.raw" \
+            cat /opt/script0.sh | grep -q -F "extension-release.app0"
+systemd-run -P \
+            --property ExtensionDirectories="$IMAGE_DIR/app0 $IMAGE_DIR/app1" \
+            --property RootImage="$MINIMAL_IMAGE.raw" \
+            cat /usr/lib/systemd/system/some_file | grep -q -F "MARKER=1"
+systemd-run -P \
+            --property ExtensionDirectories="$IMAGE_DIR/app0 $IMAGE_DIR/app1" \
+            --property RootImage="$MINIMAL_IMAGE.raw" \
+            cat /opt/script1.sh | grep -q -F "extension-release.app2"
+systemd-run -P \
+            --property ExtensionDirectories="$IMAGE_DIR/app0 $IMAGE_DIR/app1" \
+            --property RootImage="$MINIMAL_IMAGE.raw" \
+            cat /usr/lib/systemd/system/other_file | grep -q -F "MARKER=1"
+systemd-run -P \
+            --property ExtensionDirectories="$IMAGE_DIR/app-nodistro" \
+            --property RootImage="$MINIMAL_IMAGE.raw" \
+            cat /usr/lib/systemd/system/some_file | grep -q -F "MARKER=1"
+systemd-run -P \
+            --property ExtensionDirectories="$IMAGE_DIR/service-scoped-test" \
+            --property RootImage="$MINIMAL_IMAGE.raw" \
+            cat /etc/systemd/system/some_file | grep -q -F "MARKER_CONFEXT_123"
 cat >/run/systemd/system/testservice-50f.service <<EOF
 [Service]
 MountAPIVFS=yes
diff --git a/test/units/testsuite-50.mountnfsd.sh b/test/units/testsuite-50.mountnfsd.sh
index ef999842570..d6b5fafeabe 100755
--- a/test/units/testsuite-50.mountnfsd.sh
+++ b/test/units/testsuite-50.mountnfsd.sh
@@ -29,10 +29,17 @@ trap at_exit EXIT
 
 systemctl start systemd-mountfsd.socket systemd-nsresourced.socket
 
-openssl req -config "$OPENSSL_CONFIG" -subj="/CN=waldo" -x509 -sha256 -nodes -days 365 -newkey rsa:4096 -keyout /tmp/test-50-unpriv-privkey.key -out /tmp/test-50-unpriv-cert.crt
+openssl req -config "$OPENSSL_CONFIG" -subj="/CN=waldo" \
+            -x509 -sha256 -nodes -days 365 -newkey rsa:4096 \
+            -keyout /tmp/test-50-unpriv-privkey.key -out /tmp/test-50-unpriv-cert.crt
 
 systemd-dissect --mkdir --mount "$MINIMAL_IMAGE.raw" /tmp/unpriv/mount
-SYSTEMD_REPART_OVERRIDE_FSTYPE=squashfs systemd-repart -P -s /tmp/unpriv/mount --certificate=/tmp/test-50-unpriv-cert.crt --private-key=/tmp/test-50-unpriv-privkey.key /var/tmp/unpriv.raw
+SYSTEMD_REPART_OVERRIDE_FSTYPE=squashfs \
+    systemd-repart -P \
+                   -s /tmp/unpriv/mount \
+                   --certificate=/tmp/test-50-unpriv-cert.crt \
+                   --private-key=/tmp/test-50-unpriv-privkey.key \
+                   /var/tmp/unpriv.raw
 systemd-dissect --rmdir --umount /tmp/unpriv/mount
 
 systemd-dissect --image-policy='root=unprotected:=absent+unused' /var/tmp/unpriv.raw