diff options
author | Lennart Poettering <lennart@poettering.net> | 2022-12-02 17:16:57 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2023-04-05 20:54:30 +0200 |
commit | f1f42aeaf1ba5444f4a4e0f2d0d4fb304fc34a49 (patch) | |
tree | 522e9eeeec7ac94f808c38213ad353a531a548d2 /test | |
parent | a594288d79f27147d95662927aa67c0567deb6cc (diff) | |
download | systemd-f1f42aeaf1ba5444f4a4e0f2d0d4fb304fc34a49.tar.gz |
test: add integration test for image policy
Diffstat (limited to 'test')
-rwxr-xr-x | test/units/testsuite-50.sh | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/test/units/testsuite-50.sh b/test/units/testsuite-50.sh index 546a915a2e..02a0230191 100755 --- a/test/units/testsuite-50.sh +++ b/test/units/testsuite-50.sh @@ -231,6 +231,33 @@ fi systemd-dissect --root-hash "${roothash}" "${image}.gpt" | grep -q -F "MARKER=1" systemd-dissect --root-hash "${roothash}" "${image}.gpt" | grep -q -F -f <(sed 's/"//g' "$os_release") +# Test image policies +systemd-dissect --validate "${image}.gpt" +systemd-dissect --validate "${image}.gpt" --image-policy='*' +(! systemd-dissect --validate "${image}.gpt" --image-policy='~') +(! systemd-dissect --validate "${image}.gpt" --image-policy='-') +(! systemd-dissect --validate "${image}.gpt" --image-policy=root=absent) +(! systemd-dissect --validate "${image}.gpt" --image-policy=swap=unprotected+encrypted+verity) +systemd-dissect --validate "${image}.gpt" --image-policy=root=unprotected +systemd-dissect --validate "${image}.gpt" --image-policy=root=verity +systemd-dissect --validate "${image}.gpt" --image-policy=root=verity:root-verity-sig=unused+absent +systemd-dissect --validate "${image}.gpt" --image-policy=root=verity:swap=absent +systemd-dissect --validate "${image}.gpt" --image-policy=root=verity:swap=absent+unprotected +(! systemd-dissect --validate "${image}.gpt" --image-policy=root=verity:root-verity=unused+absent) +systemd-dissect --validate "${image}.gpt" --image-policy=root=signed +(! systemd-dissect --validate "${image}.gpt" --image-policy=root=signed:root-verity-sig=unused+absent) +(! systemd-dissect --validate "${image}.gpt" --image-policy=root=signed:root-verity=unused+absent) + +# Test RootImagePolicy= unit file setting +systemd-run --wait -P -p RootImage="${image}.gpt" -p RootHash="${roothash}" -p MountAPIVFS=yes cat /usr/lib/os-release | grep -q -F "MARKER=1" +systemd-run --wait -P -p RootImage="${image}.gpt" -p RootHash="${roothash}" -p RootImagePolicy='*' -p MountAPIVFS=yes cat /usr/lib/os-release | grep -q -F "MARKER=1" +(! systemd-run --wait -P -p RootImage="${image}.gpt" -p RootHash="${roothash}" -p RootImagePolicy='~' -p MountAPIVFS=yes cat /usr/lib/os-release | grep -q -F "MARKER=1") +(! systemd-run --wait -P -p RootImage="${image}.gpt" -p RootHash="${roothash}" -p RootImagePolicy='-' -p MountAPIVFS=yes cat /usr/lib/os-release | grep -q -F "MARKER=1") +(! systemd-run --wait -P -p RootImage="${image}.gpt" -p RootHash="${roothash}" -p RootImagePolicy='root=absent' -p MountAPIVFS=yes cat /usr/lib/os-release | grep -q -F "MARKER=1") +systemd-run --wait -P -p RootImage="${image}.gpt" -p RootHash="${roothash}" -p RootImagePolicy='root=verity' -p MountAPIVFS=yes cat /usr/lib/os-release | grep -q -F "MARKER=1" +systemd-run --wait -P -p RootImage="${image}.gpt" -p RootHash="${roothash}" -p RootImagePolicy='root=signed' -p MountAPIVFS=yes cat /usr/lib/os-release | grep -q -F "MARKER=1" +(! systemd-run --wait -P -p RootImage="${image}.gpt" -p RootHash="${roothash}" -p RootImagePolicy='root=encrypted' -p MountAPIVFS=yes cat /usr/lib/os-release | grep -q -F "MARKER=1") + systemd-dissect --root-hash "${roothash}" --mount "${image}.gpt" "${image_dir}/mount" grep -q -F -f "$os_release" "${image_dir}/mount/usr/lib/os-release" grep -q -F -f "$os_release" "${image_dir}/mount/etc/os-release" |