From: Lennart Poettering Date: Fri, 22 Apr 2022 19:44:26 +0000 (+0200) Subject: test: test new credential features X-Git-Tag: v251-rc2~38^2~1 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=93a1f57db821ebab3b4709bd6445a5f6ba934a5a;p=thirdparty%2Fsystemd.git test: test new credential features --- diff --git a/test/TEST-54-CREDS/test.sh b/test/TEST-54-CREDS/test.sh index d045d2391f2..3b2c2413232 100755 --- a/test/TEST-54-CREDS/test.sh +++ b/test/TEST-54-CREDS/test.sh @@ -3,9 +3,16 @@ set -e TEST_DESCRIPTION="test credentials" -NSPAWN_ARGUMENTS="--set-credential=mynspawncredential:strangevalue" +NSPAWN_ARGUMENTS="${NSPAWN_ARGUMENTS:-} --set-credential=mynspawncredential:strangevalue" +QEMU_OPTIONS="${QEMU_OPTIONS:-} -fw_cfg name=opt/io.systemd.credentials/myqemucredential,string=othervalue" +KERNEL_APPEND="${KERNEL_APPEND:-} systemd.set_credential=kernelcmdlinecred:uff rd.systemd.import_credentials=no" # shellcheck source=test/test-functions . "${TEST_BASE_DIR:?}/test-functions" +test_append_files() { + instmods qemu_fw_cfg + generate_module_dependencies +} + do_test "$@" diff --git a/test/units/testsuite-54.sh b/test/units/testsuite-54.sh index bf43205cbd2..c5347e351ec 100755 --- a/test/units/testsuite-54.sh +++ b/test/units/testsuite-54.sh @@ -23,17 +23,34 @@ rm /tmp/ts54-fallback [ "$(systemd-run -p LoadCredential=paff:/tmp/ts54-fallback -p SetCredential=paff:poff --pipe --wait systemd-creds cat paff)" = "poff" ] if systemd-detect-virt -q -c ; then + expected_credential=mynspawncredential + expected_value=strangevalue +elif [ -d /sys/firmware/qemu_fw_cfg/by_name ]; then + # Verify that passing creds through kernel cmdline works + [ "$(systemd-creds --system cat kernelcmdlinecred)" = "uff" ] + + # If we aren't run in nspawn, we are run in qemu + systemd-detect-virt -q -v + expected_credential=myqemucredential + expected_value=othervalue +else + echo "qemu_fw_cfg support missing in kernel. Sniff!" + expected_credential="" + expected_value="" +fi + +if [ "$expected_credential" != "" ] ; then # If this test is run in nspawn a credential should have been passed to us. See test/TEST-54-CREDS/test.sh - [ "$(systemd-creds --system cat mynspawncredential)" = "strangevalue" ] + [ "$(systemd-creds --system cat "$expected_credential")" = "$expected_value" ] # Test that propagation from system credential to service credential works - [ "$(systemd-run -p LoadCredential=mynspawncredential --pipe --wait systemd-creds cat mynspawncredential)" = "strangevalue" ] + [ "$(systemd-run -p LoadCredential="$expected_credential" --pipe --wait systemd-creds cat "$expected_credential")" = "$expected_value" ] # Check it also works, if we rename it while propagating it - [ "$(systemd-run -p LoadCredential=miau:mynspawncredential --pipe --wait systemd-creds cat miau)" = "strangevalue" ] + [ "$(systemd-run -p LoadCredential=miau:"$expected_credential" --pipe --wait systemd-creds cat miau)" = "$expected_value" ] # Combine it with a fallback (which should have no effect, given the cred should be passed down) - [ "$(systemd-run -p LoadCredential=mynspawncredential -p SetCredential=mynspawncredential:zzz --pipe --wait systemd-creds cat mynspawncredential)" = "strangevalue" ] + [ "$(systemd-run -p LoadCredential="$expected_credential" -p SetCredential="$expected_credential":zzz --pipe --wait systemd-creds cat "$expected_credential")" = "$expected_value" ] fi # Verify that the creds are immutable