From: Frantisek Sumsal Date: Mon, 19 Jun 2023 15:12:39 +0000 (+0200) Subject: test: add a couple of tests for systemd-journal-{remote,upload} X-Git-Tag: v254-rc1~158^2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e43e60992e90ae6b19e19b6347b20bef727668d6;p=thirdparty%2Fsystemd.git test: add a couple of tests for systemd-journal-{remote,upload} --- diff --git a/test/units/testsuite-04.journal-remote.sh b/test/units/testsuite-04.journal-remote.sh new file mode 100755 index 00000000000..6bdc3ccdec5 --- /dev/null +++ b/test/units/testsuite-04.journal-remote.sh @@ -0,0 +1,216 @@ +#!/usr/bin/env bash +# SPDX-License-Identifier: LGPL-2.1-or-later +# shellcheck disable=SC2016 +set -eux +set -o pipefail + +if [[ ! -x /usr/lib/systemd/systemd-journal-remote || ! -x /usr/lib/systemd/systemd-journal-upload ]]; then + echo "Built without systemd-journal-remote/upload support, skipping the test" + exit 0 +fi + +if ! command -v openssl >/dev/null; then + echo "openssl command not available, skipping the tests" + exit 0 +fi + +at_exit() { + set +e + + systemctl stop systemd-journal-upload + systemctl stop systemd-journal-remote.{socket,service} + # Remove any remote journals on exit, so we don't try to export them together + # with the local journals, causing a mess + rm -rf /var/log/journal/remote +} + +trap at_exit EXIT + +TEST_MESSAGE="-= This is a test message $RANDOM =-" +TEST_TAG="$(systemd-id128 new)" + +echo "$TEST_MESSAGE" | systemd-cat -t "$TEST_TAG" +journalctl --sync + +/usr/lib/systemd/systemd-journal-remote --version +/usr/lib/systemd/systemd-journal-remote --help +/usr/lib/systemd/systemd-journal-upload --version +/usr/lib/systemd/systemd-journal-upload --help + +# Generate a self-signed certificate for systemd-journal-remote +# +# Note: older OpenSSL requires a config file with some extra options, unfortunately +# Note2: /run here is used on purpose, since the systemd-journal-remote service uses PrivateTmp=yes +mkdir -p /run/systemd/journal-remote-tls +cat >/tmp/openssl.conf </run/systemd/journal-remote.conf.d/99-test.conf </run/systemd/journal-upload.conf.d/99-test.conf </run/systemd/remote-pki/ca.conf </run/systemd/remote-pki/client.conf </run/systemd/remote-pki/server.conf </run/systemd/remote-pki/ca.srl +# Generate a client key and signing request +openssl req -nodes -newkey rsa:2048 -sha256 \ + -config /run/systemd/remote-pki/client.conf \ + -keyout /run/systemd/remote-pki/client.key \ + -out /run/systemd/remote-pki/client.csr +# Sign the request with the CA key +openssl x509 -req -days 7 \ + -in /run/systemd/remote-pki/client.csr \ + -CA /run/systemd/remote-pki/ca.crt \ + -CAkey /run/systemd/remote-pki/ca.key \ + -out /run/systemd/remote-pki/client.crt +# And do the same for the server +openssl req -nodes -newkey rsa:2048 -sha256 \ + -config /run/systemd/remote-pki/server.conf \ + -keyout /run/systemd/remote-pki/server.key \ + -out /run/systemd/remote-pki/server.csr +openssl x509 -req -days 7 \ + -in /run/systemd/remote-pki/server.csr \ + -CA /run/systemd/remote-pki/ca.crt \ + -CAkey /run/systemd/remote-pki/ca.key \ + -out /run/systemd/remote-pki/server.crt +setfacl -R -m "u:systemd-journal-remote:rwX" /run/systemd/remote-pki +setfacl -R -m "u:systemd-journal-upload:rwX" /run/systemd/remote-pki + +# Reconfigure journal-upload/journal remote with the new keys +cat >/run/systemd/journal-remote.conf.d/99-test.conf </run/systemd/journal-upload.conf.d/99-test.conf </run/systemd/journal-upload.conf.d/99-test.conf <