diff options
30 files changed, 260 insertions, 291 deletions
diff --git a/test/units/testsuite-03.sh b/test/units/testsuite-03.sh index 1d4bf3aaaa..289d8dac28 100755 --- a/test/units/testsuite-03.sh +++ b/test/units/testsuite-03.sh @@ -34,11 +34,11 @@ grep 'hello\.service' /root/list-jobs.txt && exit 1 systemctl stop sleep.service hello-after-sleep.target # Some basic testing that --show-transaction does something useful -systemctl is-active systemd-importd && { echo 'unexpected success'; exit 1; } +(! systemctl is-active systemd-importd) systemctl -T start systemd-importd systemctl is-active systemd-importd systemctl --show-transaction stop systemd-importd -systemctl is-active systemd-importd && { echo 'unexpected success'; exit 1; } +(! systemctl is-active systemd-importd) # Test for a crash when enqueuing a JOB_NOP when other job already exists systemctl start --no-block hello-after-sleep.target @@ -95,7 +95,7 @@ ELAPSED=$((END_SEC-START_SEC)) # wait5fail fails, so systemctl should fail START_SEC=$(date -u '+%s') -systemctl start --wait wait2.service wait5fail.service && { echo 'unexpected success'; exit 1; } +(! systemctl start --wait wait2.service wait5fail.service) END_SEC=$(date -u '+%s') ELAPSED=$((END_SEC-START_SEC)) [[ "$ELAPSED" -ge 5 ]] && [[ "$ELAPSED" -le 7 ]] || exit 1 diff --git a/test/units/testsuite-04.sh b/test/units/testsuite-04.sh index 35d35c0e85..2a9b67949c 100755 --- a/test/units/testsuite-04.sh +++ b/test/units/testsuite-04.sh @@ -74,10 +74,10 @@ journalctl -b -o export --output-fields=MESSAGE,FOO --output-fields=PRIORITY,MES grep -q '^__CURSOR=' /output grep -q '^MESSAGE=foo$' /output grep -q '^PRIORITY=6$' /output -grep '^FOO=' /output && { echo 'unexpected success'; exit 1; } -grep '^SYSLOG_FACILITY=' /output && { echo 'unexpected success'; exit 1; } +(! grep '^FOO=' /output) +(! grep '^SYSLOG_FACILITY=' /output) -# `-b all` negates earlier use of -b (-b and -m are otherwise exclusive) +# '-b all' negates earlier use of -b (-b and -m are otherwise exclusive) journalctl -b -1 -b all -m >/dev/null # -b always behaves like -b0 @@ -212,11 +212,7 @@ function is_xattr_supported() { END=$(date '+%Y-%m-%d %T.%6N') systemctl stop text_xattr - if journalctl -q -u "text_xattr" -S "$START" -U "$END" --grep "Failed to set 'user.journald_log_filter_patterns' xattr.*not supported$"; then - return 1 - fi - - return 0 + ! journalctl -q -u "text_xattr" -S "$START" -U "$END" --grep "Failed to set 'user.journald_log_filter_patterns' xattr.*not supported$" } if is_xattr_supported; then @@ -279,9 +275,9 @@ test "$SEQNUM2" -gt "$SEQNUM1" JTMP="/var/tmp/jtmp-$RANDOM" mkdir "$JTMP" -( cd /test-journals/1 && for f in *.zst ; do unzstd < "$f" > "$JTMP/${f%.zst}" ; done ) +( cd /test-journals/1 && for f in *.zst; do unzstd "$f" -o "$JTMP/${f%.zst}"; done ) -journalctl --directory="$JTMP" --list-boots --output=json > /tmp/lb1 +journalctl --directory="$JTMP" --list-boots --output=json >/tmp/lb1 diff -u /tmp/lb1 - <<'EOF' [{"index":-3,"boot_id":"5ea5fc4f82a14186b5332a788ef9435e","first_entry":1666569600994371,"last_entry":1666584266223608},{"index":-2,"boot_id":"bea6864f21ad4c9594c04a99d89948b0","first_entry":1666584266731785,"last_entry":1666584347230411},{"index":-1,"boot_id":"4c708e1fd0744336be16f3931aa861fb","first_entry":1666584348378271,"last_entry":1666584354649355},{"index":0,"boot_id":"35e8501129134edd9df5267c49f744a4","first_entry":1666584356661527,"last_entry":1666584438086856}] diff --git a/test/units/testsuite-17.06.sh b/test/units/testsuite-17.06.sh index 224063f6a6..4d452ff97c 100755 --- a/test/units/testsuite-17.06.sh +++ b/test/units/testsuite-17.06.sh @@ -16,20 +16,18 @@ function check_validity() { } function check() { - local i j - - for ((i = 0; i < 2; i++)); do + for _ in {1..2}; do systemctl restart systemd-udevd.service udevadm control --ping udevadm settle check_validity - for ((j = 0; j < 2; j++)); do + for _ in {1..2}; do udevadm trigger -w --action add --subsystem-match=block check_validity done - for ((j = 0; j < 2; j++)); do + for _ in {1..2}; do udevadm trigger -w --action change --subsystem-match=block check_validity done diff --git a/test/units/testsuite-17.07.sh b/test/units/testsuite-17.07.sh index 549107af10..b4dfd904e9 100755 --- a/test/units/testsuite-17.07.sh +++ b/test/units/testsuite-17.07.sh @@ -8,8 +8,8 @@ set -o pipefail wait_service_active() {( set +ex - for (( i = 0; i < 20; i++ )); do - if (( i != 0 )); then sleep 0.5; fi + for i in {1..20}; do + (( i > 1 )) && sleep 0.5 if systemctl --quiet is-active "${1?}"; then return 0 fi @@ -19,8 +19,8 @@ wait_service_active() {( wait_service_inactive() {( set +ex - for (( i = 0; i < 20; i++ )); do - if (( i != 0 )); then sleep 0.5; fi + for i in {1..20}; do + (( i > 1 )) && sleep 0.5 systemctl --quiet is-active "${1?}" if [[ "$?" == "3" ]]; then return 0 diff --git a/test/units/testsuite-17.08.sh b/test/units/testsuite-17.08.sh index f740b337f7..a49a77dc44 100755 --- a/test/units/testsuite-17.08.sh +++ b/test/units/testsuite-17.08.sh @@ -18,8 +18,8 @@ EOF udevadm control --reload udevadm trigger --settle --action add /dev/null -for ((i = 0; i < 20; i++)); do - ((i == 0)) || sleep .5 +for i in {1..20}; do + ((i > 1)) && sleep .5 ( systemctl -q is-active /dev/test/symlink-to-null-on-add @@ -34,8 +34,8 @@ assert_rc 0 systemctl -q is-active /sys/test/alias-to-null-on-add assert_rc 3 systemctl -q is-active /sys/test/alias-to-null-on-change udevadm trigger --settle --action change /dev/null -for ((i = 0; i < 20; i++)); do - ((i == 0)) || sleep .5 +for i in {1..20}; do + ((i > 1)) && sleep .5 ( ! systemctl -q is-active /dev/test/symlink-to-null-on-add @@ -50,8 +50,8 @@ assert_rc 3 systemctl -q is-active /sys/test/alias-to-null-on-add assert_rc 0 systemctl -q is-active /sys/test/alias-to-null-on-change udevadm trigger --settle --action add /dev/null -for ((i = 0; i < 20; i++)); do - ((i == 0)) || sleep .5 +for i in {1..20}; do + ((i > 1)) && sleep .5 ( systemctl -q is-active /dev/test/symlink-to-null-on-add diff --git a/test/units/testsuite-17.09.sh b/test/units/testsuite-17.09.sh index 01ac5f1709..31fc9d6842 100755 --- a/test/units/testsuite-17.09.sh +++ b/test/units/testsuite-17.09.sh @@ -15,7 +15,7 @@ KERNEL!="null", GOTO="test-end" ACTION=="remove", GOTO="test-end" # add 100 * 100byte of properties -$(for ((i = 0; i < 100; i++)); do printf 'ENV{XXX%03i}="0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789"\n' "$i"; done) +$(for i in {1..100}; do printf 'ENV{XXX%03i}="0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789"\n' "$i"; done) LABEL="test-end" EOF @@ -46,7 +46,7 @@ for _ in {1..40}; do fi FOUND=1 - for ((i = 0; i < 100; i++)); do + for i in {1..100}; do if ! grep -F "$(printf 'XXX%03i=0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789' "$i")" "$TMPDIR"/monitor.txt; then FOUND= break diff --git a/test/units/testsuite-18.sh b/test/units/testsuite-18.sh index e9d7c5bfc8..44b792f003 100755 --- a/test/units/testsuite-18.sh +++ b/test/units/testsuite-18.sh @@ -4,7 +4,7 @@ set -eux set -o pipefail systemd-run --wait -p FailureAction=poweroff true -systemd-run --wait -p SuccessAction=poweroff false && { echo 'unexpected success'; exit 1; } +(! systemd-run --wait -p SuccessAction=poweroff false) if ! test -f /firstphase ; then echo OK >/firstphase diff --git a/test/units/testsuite-20.sh b/test/units/testsuite-20.sh index 5493b0df9b..6ce992f41a 100755 --- a/test/units/testsuite-20.sh +++ b/test/units/testsuite-20.sh @@ -128,16 +128,16 @@ chmod 755 /dev/shm/test-mainpid3.sh # This has to fail, as we shouldn't accept the dangerous PID file, and then # inotify-wait on it to be corrected which we never do. -systemd-run --unit=test-mainpidsh3.service \ - -p StandardOutput=tty \ - -p StandardError=tty \ - -p Type=forking \ - -p RuntimeDirectory=mainpidsh3 \ - -p PIDFile=/run/mainpidsh3/pid \ - -p DynamicUser=1 \ - -p TimeoutStartSec=2s \ - /dev/shm/test-mainpid3.sh \ - && { echo 'unexpected success'; exit 1; } +(! systemd-run \ + --unit=test-mainpidsh3.service \ + -p StandardOutput=tty \ + -p StandardError=tty \ + -p Type=forking \ + -p RuntimeDirectory=mainpidsh3 \ + -p PIDFile=/run/mainpidsh3/pid \ + -p DynamicUser=1 \ + -p TimeoutStartSec=2s \ + /dev/shm/test-mainpid3.sh) # Test that this failed due to timeout, and not some other error test "$(systemctl show -P Result test-mainpidsh3.service)" = timeout diff --git a/test/units/testsuite-22.03.sh b/test/units/testsuite-22.03.sh index a9df3d6bdd..6fce4c0705 100755 --- a/test/units/testsuite-22.03.sh +++ b/test/units/testsuite-22.03.sh @@ -38,7 +38,7 @@ test "$(stat -c %U:%G:%a /tmp/f/1)" = "daemon:daemon:666" mkfifo /tmp/f/fifo chmod 644 /tmp/f/fifo -systemd-tmpfiles --create - <<EOF && { echo 'unexpected success'; exit 1; } +(! systemd-tmpfiles --create -) <<EOF f /tmp/f/fifo 0666 daemon daemon - This string should not be written EOF @@ -49,7 +49,7 @@ test "$(stat -c %U:%G:%a /tmp/f/fifo)" = "root:root:644" ln -s missing /tmp/f/dangling ln -s /tmp/file-owned-by-root /tmp/f/symlink -systemd-tmpfiles --create - <<EOF && { echo 'unexpected success'; exit 1; } +(! systemd-tmpfiles --create -) <<EOF f /tmp/f/dangling 0644 daemon daemon - - f /tmp/f/symlink 0644 daemon daemon - - EOF @@ -71,12 +71,12 @@ f /tmp/f/ro-fs/foo 0644 - - - - This string should not be written EOF test -f /tmp/f/ro-fs/foo; test ! -s /tmp/f/ro-fs/foo -systemd-tmpfiles --create - <<EOF && { echo 'unexpected success'; exit 1; } +(! systemd-tmpfiles --create -) <<EOF f /tmp/f/ro-fs/foo 0666 - - - - EOF test "$(stat -c %U:%G:%a /tmp/f/fifo)" = "root:root:644" -systemd-tmpfiles --create - <<EOF && { echo 'unexpected success'; exit 1; } +(! systemd-tmpfiles --create -) <<EOF f /tmp/f/ro-fs/bar 0644 - - - - EOF test ! -e /tmp/f/ro-fs/bar @@ -86,7 +86,7 @@ mkdir /tmp/f/daemon ln -s /root /tmp/f/daemon/unsafe-symlink chown -R --no-dereference daemon:daemon /tmp/f/daemon -systemd-tmpfiles --create - <<EOF && { echo 'unexpected success'; exit 1; } +(! systemd-tmpfiles --create -) <<EOF f /tmp/f/daemon/unsafe-symlink/exploit 0644 daemon daemon - - EOF test ! -e /tmp/f/daemon/unsafe-symlink/exploit @@ -116,7 +116,7 @@ test "$(stat -c %U:%G:%a /tmp/F/truncated-with-content)" = "daemon:daemon:666" ### unspecified in the other cases. mkfifo /tmp/F/fifo -systemd-tmpfiles --create - <<EOF && { echo 'unexpected success'; exit 1; } +(! systemd-tmpfiles --create -) <<EOF F /tmp/F/fifo 0644 - - - - EOF @@ -126,7 +126,7 @@ test -p /tmp/F/fifo ln -s missing /tmp/F/dangling ln -s /tmp/file-owned-by-root /tmp/F/symlink -systemd-tmpfiles --create - <<EOF && { echo 'unexpected success'; exit 1; } +(! systemd-tmpfiles --create -) <<EOF f /tmp/F/dangling 0644 daemon daemon - - f /tmp/F/symlink 0644 daemon daemon - - EOF @@ -149,11 +149,11 @@ EOF test -f /tmp/F/ro-fs/foo; test ! -s /tmp/F/ro-fs/foo echo "truncating is not allowed anymore" >/tmp/F/rw-fs/foo -systemd-tmpfiles --create - <<EOF && { echo 'unexpected success'; exit 1; } +(! systemd-tmpfiles --create -) <<EOF F /tmp/F/ro-fs/foo 0644 - - - - EOF -systemd-tmpfiles --create - <<EOF && { echo 'unexpected success'; exit 1; } +(! systemd-tmpfiles --create -) <<EOF F /tmp/F/ro-fs/foo 0644 - - - - This string should not be written EOF test -f /tmp/F/ro-fs/foo @@ -161,13 +161,13 @@ grep -q 'truncating is not allowed' /tmp/F/ro-fs/foo # Trying to change the perms should fail. : >/tmp/F/rw-fs/foo -systemd-tmpfiles --create - <<EOF && { echo 'unexpected success'; exit 1; } +(! systemd-tmpfiles --create -) <<EOF F /tmp/F/ro-fs/foo 0666 - - - - EOF test "$(stat -c %U:%G:%a /tmp/F/ro-fs/foo)" = "root:root:644" ### Try to create a new file. -systemd-tmpfiles --create - <<EOF && { echo 'unexpected success'; exit 1; } +(! systemd-tmpfiles --create -) <<EOF F /tmp/F/ro-fs/bar 0644 - - - - EOF test ! -e /tmp/F/ro-fs/bar @@ -177,7 +177,7 @@ mkdir /tmp/F/daemon ln -s /root /tmp/F/daemon/unsafe-symlink chown -R --no-dereference daemon:daemon /tmp/F/daemon -systemd-tmpfiles --create - <<EOF && { echo 'unexpected success'; exit 1; } +(! systemd-tmpfiles --create -) <<EOF F /tmp/F/daemon/unsafe-symlink/exploit 0644 daemon daemon - - EOF test ! -e /tmp/F/daemon/unsafe-symlink/exploit @@ -195,7 +195,7 @@ EOF test ! -e /tmp/w/unexistent ### no argument given -> fails. -systemd-tmpfiles --create - <<EOF && { echo 'unexpected success'; exit 1; } +(! systemd-tmpfiles --create -) <<EOF w /tmp/w/unexistent 0644 - - - - EOF @@ -240,7 +240,7 @@ mkdir /tmp/w/daemon ln -s /root /tmp/w/daemon/unsafe-symlink chown -R --no-dereference daemon:daemon /tmp/w/daemon -systemd-tmpfiles --create - <<EOF && { echo 'unexpected success'; exit 1; } +(! systemd-tmpfiles --create -) <<EOF f /tmp/w/daemon/unsafe-symlink/exploit 0644 daemon daemon - - EOF test ! -e /tmp/w/daemon/unsafe-symlink/exploit diff --git a/test/units/testsuite-22.08.sh b/test/units/testsuite-22.08.sh index 65f1832adc..40fafd33bf 100755 --- a/test/units/testsuite-22.08.sh +++ b/test/units/testsuite-22.08.sh @@ -22,11 +22,9 @@ test -d /tmp/root/test2 # Verify the command fails to write to a root-owned subdirectory under an # unprivileged user's directory when it's not part of the prefix, as expected # by the unsafe_transition function. -echo 'd /tmp/user/root/test' | systemd-tmpfiles --create - \ - && { echo 'unexpected success'; exit 1; } +echo 'd /tmp/user/root/test' | (! systemd-tmpfiles --create -) test ! -e /tmp/user/root/test -echo 'd /user/root/test' | systemd-tmpfiles --root=/tmp --create - \ - && { echo 'unexpected success'; exit 1; } +echo 'd /user/root/test' | (! systemd-tmpfiles --root=/tmp --create -) test ! -e /tmp/user/root/test # Verify the above works when all user-owned directories are in the prefix. diff --git a/test/units/testsuite-23.sh b/test/units/testsuite-23.sh index e8f99ff60d..4ce205fae6 100755 --- a/test/units/testsuite-23.sh +++ b/test/units/testsuite-23.sh @@ -16,8 +16,8 @@ systemd-run --unit=three -p Type=simple /tmp/brokenbinary # And now, do the same with Type=exec, where the latter two should fail systemd-run --unit=four -p Type=exec /bin/sleep infinity -systemd-run --unit=five -p Type=exec -p User=idontexist /bin/sleep infinity && { echo 'unexpected success'; exit 1; } -systemd-run --unit=six -p Type=exec /tmp/brokenbinary && { echo 'unexpected success'; exit 1; } +(! systemd-run --unit=five -p Type=exec -p User=idontexist /bin/sleep infinity) +(! systemd-run --unit=six -p Type=exec /tmp/brokenbinary) systemd-run --unit=seven -p KillSignal=SIGTERM -p RestartKillSignal=SIGINT -p Type=exec /bin/sleep infinity # Both TERM and SIGINT happen to have the same number on all architectures @@ -31,32 +31,32 @@ systemctl stop seven.service # Should work normally busctl call \ - org.freedesktop.systemd1 /org/freedesktop/systemd1 \ - org.freedesktop.systemd1.Manager StartTransientUnit \ - "ssa(sv)a(sa(sv))" test-20933-ok.service replace 1 \ - ExecStart "a(sasb)" 1 \ - /usr/bin/sleep 2 /usr/bin/sleep 1 true \ - 0 + org.freedesktop.systemd1 /org/freedesktop/systemd1 \ + org.freedesktop.systemd1.Manager StartTransientUnit \ + "ssa(sv)a(sa(sv))" test-20933-ok.service replace 1 \ + ExecStart "a(sasb)" 1 \ + /usr/bin/sleep 2 /usr/bin/sleep 1 true \ + 0 # DBus call should fail but not crash systemd -busctl call \ - org.freedesktop.systemd1 /org/freedesktop/systemd1 \ - org.freedesktop.systemd1.Manager StartTransientUnit \ - "ssa(sv)a(sa(sv))" test-20933-bad.service replace 1 \ - ExecStart "a(sasb)" 1 \ - /usr/bin/sleep 0 true \ - 0 && { echo 'unexpected success'; exit 1; } +(! busctl call \ + org.freedesktop.systemd1 /org/freedesktop/systemd1 \ + org.freedesktop.systemd1.Manager StartTransientUnit \ + "ssa(sv)a(sa(sv))" test-20933-bad.service replace 1 \ + ExecStart "a(sasb)" 1 \ + /usr/bin/sleep 0 true \ + 0) # Same but with the empty argv in the middle -busctl call \ - org.freedesktop.systemd1 /org/freedesktop/systemd1 \ - org.freedesktop.systemd1.Manager StartTransientUnit \ - "ssa(sv)a(sa(sv))" test-20933-bad-middle.service replace 1 \ - ExecStart "a(sasb)" 3 \ - /usr/bin/sleep 2 /usr/bin/sleep 1 true \ - /usr/bin/sleep 0 true \ - /usr/bin/sleep 2 /usr/bin/sleep 1 true \ - 0 && { echo 'unexpected success'; exit 1; } +(! busctl call \ + org.freedesktop.systemd1 /org/freedesktop/systemd1 \ + org.freedesktop.systemd1.Manager StartTransientUnit \ + "ssa(sv)a(sa(sv))" test-20933-bad-middle.service replace 1 \ + ExecStart "a(sasb)" 3 \ + /usr/bin/sleep 2 /usr/bin/sleep 1 true \ + /usr/bin/sleep 0 true \ + /usr/bin/sleep 2 /usr/bin/sleep 1 true \ + 0) systemd-analyze log-level info diff --git a/test/units/testsuite-25.sh b/test/units/testsuite-25.sh index 4119d777b3..860dc5bfdc 100755 --- a/test/units/testsuite-25.sh +++ b/test/units/testsuite-25.sh @@ -36,7 +36,7 @@ cmp /var/tmp/testimage.raw /var/lib/machines/testimage3.raw # Test removal machinectl remove testimage test ! -f /var/lib/machines/testimage.raw -machinectl image-status testimage && { echo 'unexpected success'; exit 1; } +(! machinectl image-status testimage) # Test export of clone machinectl export-raw testimage3 /var/tmp/testimage3.raw @@ -48,7 +48,7 @@ machinectl rename testimage3 testimage4 test -f /var/lib/machines/testimage4.raw machinectl image-status testimage4 test ! -f /var/lib/machines/testimage3.raw -machinectl image-status testimage3 && { echo 'unexpected success'; exit 1; } +(! machinectl image-status testimage3) cmp /var/tmp/testimage.raw /var/lib/machines/testimage4.raw # Test export of rename @@ -59,7 +59,7 @@ rm /var/tmp/testimage4.raw # Test removal machinectl remove testimage4 test ! -f /var/lib/machines/testimage4.raw -machinectl image-status testimage4 && { echo 'unexpected success'; exit 1; } +(! machinectl image-status testimage4) # → And now, let's test directory trees ← # @@ -92,7 +92,7 @@ diff -r /var/tmp/scratch/ /var/lib/machines/scratch2 # Test removal machinectl remove scratch test ! -f /var/lib/machines/scratch -machinectl image-status scratchi && { echo 'unexpected success'; exit 1; } +(! machinectl image-status scratch) # Test clone machinectl clone scratch2 scratch3 @@ -105,20 +105,20 @@ diff -r /var/tmp/scratch/ /var/lib/machines/scratch3 # Test removal machinectl remove scratch2 test ! -f /var/lib/machines/scratch2 -machinectl image-status scratch2 && { echo 'unexpected success'; exit 1; } +(! machinectl image-status scratch2) # Test rename machinectl rename scratch3 scratch4 test -d /var/lib/machines/scratch4 machinectl image-status scratch4 test ! -f /var/lib/machines/scratch3 -machinectl image-status scratch3 && { echo 'unexpected success'; exit 1; } +(! machinectl image-status scratch3) diff -r /var/tmp/scratch/ /var/lib/machines/scratch4 # Test removal machinectl remove scratch4 test ! -f /var/lib/machines/scratch4 -machinectl image-status scratch4 && { echo 'unexpected success'; exit 1; } +(! machinectl image-status scratch4) # Test import-tar hyphen/stdin pipe behavior # shellcheck disable=SC2002 @@ -138,7 +138,7 @@ rm -rf /var/tmp/scratch # Test removal machinectl remove scratch5 test ! -f /var/lib/machines/scratch5 -machinectl image-status scratch5 && { echo 'unexpected success'; exit 1; } +(! machinectl image-status scratch5) echo OK >/testok diff --git a/test/units/testsuite-33.sh b/test/units/testsuite-33.sh index 9fb17a50c9..c9bd66e268 100755 --- a/test/units/testsuite-33.sh +++ b/test/units/testsuite-33.sh @@ -33,7 +33,7 @@ test -d /var/lib/test-service test -d /var/cache/test-service test -d /var/log/test-service -systemctl clean test-service && { echo 'unexpected success'; exit 1; } +(! systemctl clean test-service) systemctl stop test-service @@ -108,7 +108,7 @@ test -L /var/lib/test-service test -L /var/cache/test-service test -L /var/log/test-service -systemctl clean test-service && { echo 'unexpected success'; exit 1; } +(! systemctl clean test-service) systemctl stop test-service @@ -197,7 +197,7 @@ test -d /var/lib/hoge test -d /var/cache/hoge test -d /var/log/hoge -systemctl clean tmp-hoge.mount && { echo 'unexpected success'; exit 1; } +(! systemctl clean tmp-hoge.mount) test -d /etc/hoge test -d /run/hoge @@ -273,7 +273,7 @@ test -d /var/lib/test-socket test -d /var/cache/test-socket test -d /var/log/test-socket -systemctl clean test-service.socket && { echo 'unexpected success'; exit 1; } +(! systemctl clean test-service.socket) systemctl stop test-service.socket diff --git a/test/units/testsuite-34.sh b/test/units/testsuite-34.sh index 2172f7434b..0bc3adc9b4 100755 --- a/test/units/testsuite-34.sh +++ b/test/units/testsuite-34.sh @@ -22,8 +22,7 @@ test_directory() { systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=0 -p "${directory}"=zzz:yyy test -f "${path}"/yyy/test systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=0 -p "${directory}=zzz:xxx zzz:xxx2" -p TemporaryFileSystem="${path}" bash -c "test -f ${path}/xxx/test && test -f ${path}/xxx2/test" systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=0 -p "${directory}"=zzz:xxx -p TemporaryFileSystem="${path}":ro test -f "${path}"/xxx/test - systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=0 -p "${directory}"=zzz test -f "${path}"/zzz/test-missing \ - && { echo 'unexpected success'; exit 1; } + (! systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=0 -p "${directory}"=zzz test -f "${path}"/zzz/test-missing) test -d "${path}"/zzz test ! -L "${path}"/zzz @@ -47,8 +46,7 @@ test_directory() { systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=1 -p "${directory}=zzz:xxx zzz:xxx2" \ -p TemporaryFileSystem="${path}" -p EnvironmentFile=-/usr/lib/systemd/systemd-asan-env bash -c "test -f ${path}/xxx/test && test -f ${path}/xxx2/test" systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=1 -p "${directory}"=zzz:xxx -p TemporaryFileSystem="${path}":ro test -f "${path}"/xxx/test - systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=1 -p "${directory}"=zzz test -f "${path}"/zzz/test-missing \ - && { echo 'unexpected success'; exit 1; } + (! systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=1 -p "${directory}"=zzz test -f "${path}"/zzz/test-missing) test -L "${path}"/zzz test -d "${path}"/private/zzz @@ -71,8 +69,7 @@ test_directory() { systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=0 -p "${directory}"=zzz:xxx -p TemporaryFileSystem="${path}" test -f "${path}"/xxx/test systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=0 -p "${directory}=zzz:xxx zzz:xxx2" -p TemporaryFileSystem="${path}" bash -c "test -f ${path}/xxx/test && test -f ${path}/xxx2/test" systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=0 -p "${directory}"=zzz:xxx -p TemporaryFileSystem="${path}":ro test -f "${path}"/xxx/test - systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=0 -p "${directory}"=zzz test -f "${path}"/zzz/test-missing \ - && { echo 'unexpected success'; exit 1; } + (! systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=0 -p "${directory}"=zzz test -f "${path}"/zzz/test-missing) test -d "${path}"/zzz test ! -L "${path}"/zzz diff --git a/test/units/testsuite-35.sh b/test/units/testsuite-35.sh index 0b83a6a536..bfd11658d6 100755 --- a/test/units/testsuite-35.sh +++ b/test/units/testsuite-35.sh @@ -330,8 +330,8 @@ EOF systemctl restart getty@tty2.service # check session - for ((i = 0; i < 30; i++)); do - (( i != 0 )) && sleep 1 + for i in {1..30}; do + (( i > 1 )) && sleep 1 check_session && break done check_session diff --git a/test/units/testsuite-39.sh b/test/units/testsuite-39.sh index 5b77bbbaf1..dbeb1df894 100755 --- a/test/units/testsuite-39.sh +++ b/test/units/testsuite-39.sh @@ -20,7 +20,7 @@ systemctl daemon-reload systemctl start "$SERVICE_NAME" systemctl status "$SERVICE_NAME" # The reload SHOULD fail but SHOULD NOT affect the service state -systemctl reload "$SERVICE_NAME" && { echo 'unexpected success'; exit 1; } +(! systemctl reload "$SERVICE_NAME") systemctl status "$SERVICE_NAME" systemctl stop "$SERVICE_NAME" @@ -38,7 +38,7 @@ systemctl daemon-reload systemctl start "$SERVICE_NAME" systemctl status "$SERVICE_NAME" # The reload SHOULD fail but SHOULD NOT affect the service state -systemctl reload "$SERVICE_NAME" && { echo 'unexpected success'; exit 1; } +(! systemctl reload "$SERVICE_NAME") systemctl status "$SERVICE_NAME" systemctl stop "$SERVICE_NAME" diff --git a/test/units/testsuite-41.sh b/test/units/testsuite-41.sh index a82258821f..a6ae7bc010 100755 --- a/test/units/testsuite-41.sh +++ b/test/units/testsuite-41.sh @@ -9,15 +9,14 @@ MAX_SECS=60 systemd-analyze log-level debug # test one: Restart=on-failure should restart the service -systemd-run --unit=one -p Type=oneshot -p Restart=on-failure /bin/bash -c "exit 1" \ - && { echo 'unexpected success'; exit 1; } +(! systemd-run --unit=one -p Type=oneshot -p Restart=on-failure /bin/bash -c "exit 1") for ((secs = 0; secs < MAX_SECS; secs++)); do - [[ "$(systemctl show one.service -P NRestarts)" -le 0 ]] || break - sleep 1 + [[ "$(systemctl show one.service -P NRestarts)" -le 0 ]] || break + sleep 1 done if [[ "$(systemctl show one.service -P NRestarts)" -le 0 ]]; then - exit 1 + exit 1 fi TMP_FILE="/tmp/test-41-oneshot-restart-test" @@ -26,27 +25,26 @@ TMP_FILE="/tmp/test-41-oneshot-restart-test" # test two: make sure StartLimitBurst correctly limits the number of restarts # and restarts execution of the unit from the first ExecStart= -systemd-run --unit=two \ - -p StartLimitIntervalSec=120 \ - -p StartLimitBurst=3 \ - -p Type=oneshot \ - -p Restart=on-failure \ - -p ExecStart="/bin/bash -c \"printf a >>$TMP_FILE\"" /bin/bash -c "exit 1" \ - && { echo 'unexpected success'; exit 1; } +(! systemd-run --unit=two \ + -p StartLimitIntervalSec=120 \ + -p StartLimitBurst=3 \ + -p Type=oneshot \ + -p Restart=on-failure \ + -p ExecStart="/bin/bash -c \"printf a >>$TMP_FILE\"" /bin/bash -c "exit 1") # wait for at least 3 restarts for ((secs = 0; secs < MAX_SECS; secs++)); do - [[ $(cat $TMP_FILE) != "aaa" ]] || break - sleep 1 + [[ $(cat $TMP_FILE) != "aaa" ]] || break + sleep 1 done if [[ $(cat $TMP_FILE) != "aaa" ]]; then - exit 1 + exit 1 fi # wait for 5 more seconds to make sure there aren't excess restarts sleep 5 if [[ $(cat $TMP_FILE) != "aaa" ]]; then - exit 1 + exit 1 fi systemd-analyze log-level info diff --git a/test/units/testsuite-42.sh b/test/units/testsuite-42.sh index 9476df86dd..b78d5b7a43 100755 --- a/test/units/testsuite-42.sh +++ b/test/units/testsuite-42.sh @@ -4,18 +4,20 @@ set -eux systemd-analyze log-level debug -systemd-run --unit=simple1.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=simple -p ExecStopPost='/bin/touch /run/simple1' true +systemd-run --unit=simple1.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=simple \ + -p ExecStopPost='/bin/touch /run/simple1' true test -f /run/simple1 -systemd-run --unit=simple2.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=simple -p ExecStopPost='/bin/touch /run/simple2' false \ - && { echo 'unexpected success'; exit 1; } +(! systemd-run --unit=simple2.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=simple \ + -p ExecStopPost='/bin/touch /run/simple2' false) test -f /run/simple2 -systemd-run --unit=exec1.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=exec -p ExecStopPost='/bin/touch /run/exec1' sleep 1 +systemd-run --unit=exec1.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=exec \ + -p ExecStopPost='/bin/touch /run/exec1' sleep 1 test -f /run/exec1 -systemd-run --unit=exec2.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=exec -p ExecStopPost='/bin/touch /run/exec2' sh -c 'sleep 1; false' \ - && { echo 'unexpected success'; exit 1; } +(! systemd-run --unit=exec2.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=exec \ + -p ExecStopPost='/bin/touch /run/exec2' sh -c 'sleep 1; false') test -f /run/exec2 cat >/tmp/forking1.sh <<EOF @@ -31,7 +33,8 @@ systemd-notify MAINPID=\$MAINPID EOF chmod +x /tmp/forking1.sh -systemd-run --unit=forking1.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=forking -p NotifyAccess=exec -p ExecStopPost='/bin/touch /run/forking1' /tmp/forking1.sh +systemd-run --unit=forking1.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=forking -p NotifyAccess=exec \ + -p ExecStopPost='/bin/touch /run/forking1' /tmp/forking1.sh test -f /run/forking1 cat >/tmp/forking2.sh <<EOF @@ -39,7 +42,7 @@ cat >/tmp/forking2.sh <<EOF set -eux -( sleep 4; exit 1 ) & +(sleep 4; exit 1) & MAINPID=\$! disown @@ -47,28 +50,30 @@ systemd-notify MAINPID=\$MAINPID EOF chmod +x /tmp/forking2.sh -systemd-run --unit=forking2.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=forking -p NotifyAccess=exec -p ExecStopPost='/bin/touch /run/forking2' /tmp/forking2.sh \ - && { echo 'unexpected success'; exit 1; } +(! systemd-run --unit=forking2.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=forking -p NotifyAccess=exec \ + -p ExecStopPost='/bin/touch /run/forking2' /tmp/forking2.sh) test -f /run/forking2 -systemd-run --unit=oneshot1.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=oneshot -p ExecStopPost='/bin/touch /run/oneshot1' true +systemd-run --unit=oneshot1.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=oneshot \ + -p ExecStopPost='/bin/touch /run/oneshot1' true test -f /run/oneshot1 -systemd-run --unit=oneshot2.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=oneshot -p ExecStopPost='/bin/touch /run/oneshot2' false \ - && { echo 'unexpected success'; exit 1; } +(! systemd-run --unit=oneshot2.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=oneshot \ + -p ExecStopPost='/bin/touch /run/oneshot2' false) test -f /run/oneshot2 -systemd-run --unit=dbus1.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=dbus -p BusName=systemd.test.ExecStopPost -p ExecStopPost='/bin/touch /run/dbus1' \ - busctl call org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus RequestName su systemd.test.ExecStopPost 4 \ - || : +systemd-run --unit=dbus1.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=dbus -p BusName=systemd.test.ExecStopPost \ + -p ExecStopPost='/bin/touch /run/dbus1' \ + busctl call org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus RequestName su systemd.test.ExecStopPost 4 || : test -f /run/dbus1 -systemd-run --unit=dbus2.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=dbus -p BusName=systemd.test.ExecStopPost -p ExecStopPost='/bin/touch /run/dbus2' true +systemd-run --unit=dbus2.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=dbus -p BusName=systemd.test.ExecStopPost \ + -p ExecStopPost='/bin/touch /run/dbus2' true test -f /run/dbus2 # https://github.com/systemd/systemd/issues/19920 -systemd-run --unit=dbus3.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=dbus -p ExecStopPost='/bin/touch /run/dbus3' true \ - && { echo 'unexpected success'; exit 1; } +(! systemd-run --unit=dbus3.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=dbus \ + -p ExecStopPost='/bin/touch /run/dbus3' true) cat >/tmp/notify1.sh <<EOF #!/usr/bin/env bash @@ -79,18 +84,19 @@ systemd-notify --ready EOF chmod +x /tmp/notify1.sh -systemd-run --unit=notify1.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=notify -p ExecStopPost='/bin/touch /run/notify1' /tmp/notify1.sh +systemd-run --unit=notify1.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=notify \ + -p ExecStopPost='/bin/touch /run/notify1' /tmp/notify1.sh test -f /run/notify1 -systemd-run --unit=notify2.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=notify -p ExecStopPost='/bin/touch /run/notify2' true \ - && { echo 'unexpected success'; exit 1; } +(! systemd-run --unit=notify2.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=notify \ + -p ExecStopPost='/bin/touch /run/notify2' true) test -f /run/notify2 systemd-run --unit=idle1.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=idle -p ExecStopPost='/bin/touch /run/idle1' true test -f /run/idle1 -systemd-run --unit=idle2.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=idle -p ExecStopPost='/bin/touch /run/idle2' false \ - && { echo 'unexpected success'; exit 1; } +(! systemd-run --unit=idle2.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=idle \ + -p ExecStopPost='/bin/touch /run/idle2' false) test -f /run/idle2 systemd-analyze log-level info diff --git a/test/units/testsuite-43.sh b/test/units/testsuite-43.sh index 90cb71e7a3..ae979d734b 100755 --- a/test/units/testsuite-43.sh +++ b/test/units/testsuite-43.sh @@ -34,13 +34,12 @@ runas testuser systemd-run --wait --user --unit=test-unprotected-home \ test -e /home/testuser/works.txt # Confirm that creating a file in home is blocked under read-only -runas testuser systemd-run --wait --user --unit=test-protect-home-read-only \ +(! runas testuser systemd-run --wait --user --unit=test-protect-home-read-only \ -p ProtectHome=read-only \ -P bash -c ' test -e /home/testuser/works.txt || exit 10 touch /home/testuser/blocked.txt && exit 11 - ' \ - && { echo 'unexpected success'; exit 1; } + ') test ! -e /home/testuser/blocked.txt # Check that tmpfs hides the whole directory @@ -62,10 +61,9 @@ runas testuser systemd-run --wait --user --unit=test-protect-home-yes \ # namespace (no CAP_SETGID in the parent namespace to write the additional # mapping of the user supplied group and thus cannot change groups to an # unmapped group ID) -runas testuser systemd-run --wait --user --unit=test-group-fail \ +(! runas testuser systemd-run --wait --user --unit=test-group-fail \ -p PrivateUsers=yes -p Group=daemon \ - -P true \ - && { echo 'unexpected success'; exit 1; } + -P true) # Check that with a new user namespace we can bind mount # files and use a different root directory @@ -93,31 +91,26 @@ runas testuser systemd-run --wait --user --unit=test-network \ -p PrivateNetwork=yes \ /bin/sh -x -c '! ip link | grep -E "^[0-9]+: " | grep -Ev ": (lo|(erspan|gre|gretap|ip_vti|ip6_vti|ip6gre|ip6tnl|sit|tunl)0@.*):"' -runas testuser systemd-run --wait --user --unit=test-hostname \ +(! runas testuser systemd-run --wait --user --unit=test-hostname \ -p ProtectHostname=yes \ - hostnamectl hostname foo \ - && { echo 'unexpected success'; exit 1; } + hostnamectl hostname foo) -runas testuser systemd-run --wait --user --unit=test-clock \ +(! runas testuser systemd-run --wait --user --unit=test-clock \ -p ProtectClock=yes \ - timedatectl set-time "2012-10-30 18:17:16" \ - && { echo 'unexpected success'; exit 1; } + timedatectl set-time "2012-10-30 18:17:16") -runas testuser systemd-run --wait --user --unit=test-kernel-tunable \ +(! runas testuser systemd-run --wait --user --unit=test-kernel-tunable \ -p ProtectKernelTunables=yes \ - sh -c "echo 0 >/proc/sys/user/max_user_namespaces" \ - && { echo 'unexpected success'; exit 1; } + sh -c "echo 0 >/proc/sys/user/max_user_namespaces") -runas testuser systemd-run --wait --user --unit=test-kernel-mod \ +(! runas testuser systemd-run --wait --user --unit=test-kernel-mod \ -p ProtectKernelModules=yes \ - sh -c "modprobe -r overlay && modprobe overlay" \ - && { echo 'unexpected success'; exit 1; } + sh -c "modprobe -r overlay && modprobe overlay") if sysctl kernel.dmesg_restrict=0; then - runas testuser systemd-run --wait --user --unit=test-kernel-log \ + (! runas testuser systemd-run --wait --user --unit=test-kernel-log \ -p ProtectKernelLogs=yes -p LogNamespace=yes \ - dmesg \ - && { echo 'unexpected success'; exit 1; } + dmesg) fi unsquashfs -no-xattrs -d /tmp/img /usr/share/minimal_0.raw diff --git a/test/units/testsuite-44.sh b/test/units/testsuite-44.sh index 49c240ff8e..da779a6901 100755 --- a/test/units/testsuite-44.sh +++ b/test/units/testsuite-44.sh @@ -11,7 +11,7 @@ journalctl -o cat --namespace=foobar >/tmp/hello-world journalctl -o cat >/tmp/no-hello-world grep "^hello world$" /tmp/hello-world -grep "^hello world$" /tmp/no-hello-world && { echo 'unexpected success'; exit 1; } +(! grep "^hello world$" /tmp/no-hello-world) systemd-analyze log-level info diff --git a/test/units/testsuite-45.sh b/test/units/testsuite-45.sh index 73608756bf..74b3a2c6a9 100755 --- a/test/units/testsuite-45.sh +++ b/test/units/testsuite-45.sh @@ -212,8 +212,8 @@ start_mon() { } wait_mon() { - for ((i = 0; i < 10; i++)); do - if (( i != 0 )); then sleep 1; fi + for i in {1..10}; do + (( i > 1 )) && sleep 1 if grep -q "$1" "$mon"; then break; fi done assert_in "$2" "$(cat "$mon")" @@ -243,8 +243,8 @@ EOF echo 'disable NTP' timedatectl set-ntp false - for ((i = 0; i < 10; i++)); do - if (( i != 0 )); then sleep 1; fi + for i in {1..10}; do + (( i > 1 )) && sleep 1 if [[ "$(systemctl show systemd-timesyncd --property ActiveState)" == "ActiveState=inactive" ]]; then break; fi @@ -258,8 +258,8 @@ EOF timedatectl set-ntp true wait_mon "NTP" "BOOLEAN true" assert_ntp "true" - for ((i = 0; i < 10; i++)); do - if (( i != 0 )); then sleep 1; fi + for i in {1..10}; do + (( i > 1 )) && sleep 1 if [[ "$(systemctl show systemd-timesyncd --property ActiveState)" == "ActiveState=active" ]]; then break; fi diff --git a/test/units/testsuite-46.sh b/test/units/testsuite-46.sh index 84a1d1d9d9..ec80b7147f 100755 --- a/test/units/testsuite-46.sh +++ b/test/units/testsuite-46.sh @@ -27,9 +27,9 @@ inspect() { } wait_for_state() { - for ((i = 0; i < 10; i++)) ; do + for i in {1..10}; do + (( i > 1 )) && sleep 0.5 homectl inspect "$1" | grep -qF "State: $2" && break - sleep .5 done } @@ -153,14 +153,12 @@ if ! systemd-detect-virt -cq ; then fi PASSWORD=xEhErW0ndafV4s homectl with test-user -- test ! -f /home/test-user/xyz -PASSWORD=xEhErW0ndafV4s homectl with test-user -- test -f /home/test-user/xyz \ - && { echo 'unexpected success'; exit 1; } +(! PASSWORD=xEhErW0ndafV4s homectl with test-user -- test -f /home/test-user/xyz) PASSWORD=xEhErW0ndafV4s homectl with test-user -- touch /home/test-user/xyz PASSWORD=xEhErW0ndafV4s homectl with test-user -- test -f /home/test-user/xyz PASSWORD=xEhErW0ndafV4s homectl with test-user -- rm /home/test-user/xyz PASSWORD=xEhErW0ndafV4s homectl with test-user -- test ! -f /home/test-user/xyz -PASSWORD=xEhErW0ndafV4s homectl with test-user -- test -f /home/test-user/xyz \ - && { echo 'unexpected success'; exit 1; } +(! PASSWORD=xEhErW0ndafV4s homectl with test-user -- test -f /home/test-user/xyz) wait_for_state test-user inactive homectl remove test-user diff --git a/test/units/testsuite-50.sh b/test/units/testsuite-50.sh index f6b2467a98..1b703dc18c 100755 --- a/test/units/testsuite-50.sh +++ b/test/units/testsuite-50.sh @@ -398,8 +398,8 @@ systemctl is-active testservice-50e.service # ExtensionDirectories will set up an overlay mkdir -p "${image_dir}/app0" "${image_dir}/app1" "${image_dir}/app-nodistro" -systemd-run -P --property ExtensionDirectories="${image_dir}/nonexistent" --property RootImage="${image}.raw" cat /opt/script0.sh && { echo 'unexpected success'; exit 1; } -systemd-run -P --property ExtensionDirectories="${image_dir}/app0" --property RootImage="${image}.raw" cat /opt/script0.sh && { echo 'unexpected success'; exit 1; } +(! systemd-run -P --property ExtensionDirectories="${image_dir}/nonexistent" --property RootImage="${image}.raw" cat /opt/script0.sh) +(! systemd-run -P --property ExtensionDirectories="${image_dir}/app0" --property RootImage="${image}.raw" cat /opt/script0.sh) systemd-dissect --mount /usr/share/app0.raw "${image_dir}/app0" systemd-dissect --mount /usr/share/app1.raw "${image_dir}/app1" systemd-dissect --mount /usr/share/app-nodistro.raw "${image_dir}/app-nodistro" @@ -446,7 +446,7 @@ mkdir -p /run/extensions/app-reject/usr/lib/{extension-release.d/,systemd/system echo "ID=_any" >/run/extensions/app-reject/usr/lib/extension-release.d/extension-release.app-reject echo "ID=_any" >/run/extensions/app-reject/usr/lib/os-release touch /run/extensions/app-reject/usr/lib/systemd/system/other_file -systemd-sysext merge && { echo 'unexpected success'; exit 1; } +(! systemd-sysext merge) test ! -e /usr/lib/systemd/system/some_file test ! -e /usr/lib/systemd/system/other_file systemd-sysext unmerge @@ -489,7 +489,7 @@ systemd-dissect --detach "$LOOP" # Note, sizeof_field(struct loop_info64, lo_file_name) == 64, # and --loop-ref accepts upto 63 characters, and udev creates symlink # based on the name when it has upto _62_ characters. -name="$(for (( i = 0; i < 62; i++ )); do echo -n 'x'; done)" +name="$(for _ in {1..62}; do echo -n 'x'; done)" LOOP="$(systemd-dissect --attach --loop-ref="$name" "${image}.raw")" udevadm trigger -w "$LOOP" @@ -499,7 +499,7 @@ test "/dev/loop/by-ref/$name" -ef "$LOOP" # Detach by the /dev/loop/by-ref symlink systemd-dissect --detach "/dev/loop/by-ref/$name" -name="$(for (( i = 0; i < 63; i++ )); do echo -n 'x'; done)" +name="$(for _ in {1..63}; do echo -n 'x'; done)" LOOP="$(systemd-dissect --attach --loop-ref="$name" "${image}.raw")" udevadm trigger -w "$LOOP" @@ -515,14 +515,14 @@ mkdir -p /run/confexts/test/etc/extension-release.d echo "ID=_any" >/run/confexts/test/etc/extension-release.d/extension-release.test echo "ARCHITECTURE=_any" >>/run/confexts/test/etc/extension-release.d/extension-release.test echo "MARKER_CONFEXT_123" >/run/confexts/test/etc/testfile -cat <<EOF>/run/confexts/test/etc/testscript +cat <<EOF >/run/confexts/test/etc/testscript #!/bin/bash echo "This should not happen" EOF chmod +x /run/confexts/test/etc/testscript systemd-confext merge grep -q -F "MARKER_CONFEXT_123" /etc/testfile -/etc/testscript && { echo 'unexpected success'; exit 1; } +(! /etc/testscript) systemd-confext status systemd-confext unmerge rm -rf /run/confexts/ diff --git a/test/units/testsuite-54.sh b/test/units/testsuite-54.sh index 4f9a0c2877..cc732989a2 100755 --- a/test/units/testsuite-54.sh +++ b/test/units/testsuite-54.sh @@ -7,14 +7,15 @@ systemd-analyze log-level debug # Verify that the creds are properly loaded and we can read them from the service's unpriv user systemd-run -p LoadCredential=passwd:/etc/passwd \ - -p LoadCredential=shadow:/etc/shadow \ - -p SetCredential=dog:wuff \ - -p DynamicUser=1 \ - --unit=test-54-unpriv.service \ - --wait \ - --pipe \ - cat '${CREDENTIALS_DIRECTORY}/passwd' '${CREDENTIALS_DIRECTORY}/shadow' '${CREDENTIALS_DIRECTORY}/dog' >/tmp/ts54-concat -( cat /etc/passwd /etc/shadow && echo -n wuff ) | cmp /tmp/ts54-concat + -p LoadCredential=shadow:/etc/shadow \ + -p SetCredential=dog:wuff \ + -p DynamicUser=1 \ + --unit=test-54-unpriv.service \ + --wait \ + --pipe \ + cat '${CREDENTIALS_DIRECTORY}/passwd' '${CREDENTIALS_DIRECTORY}/shadow' '${CREDENTIALS_DIRECTORY}/dog' \ + >/tmp/ts54-concat +(cat /etc/passwd /etc/shadow && echo -n wuff) | cmp /tmp/ts54-concat rm /tmp/ts54-concat # Test that SetCredential= acts as fallback for LoadCredential= @@ -72,22 +73,20 @@ if [ "$expected_credential" != "" ] ; then systemd-run -p AssertCredential="$expected_credential" -p Type=oneshot true # And this should fail - systemd-run -p AssertCredential="undefinedcredential" -p Type=oneshot true && { echo 'unexpected success'; exit 1; } + (! systemd-run -p AssertCredential="undefinedcredential" -p Type=oneshot true) fi # Verify that the creds are immutable -systemd-run -p LoadCredential=passwd:/etc/passwd \ - -p DynamicUser=1 \ - --unit=test-54-immutable-touch.service \ - --wait \ - touch '${CREDENTIALS_DIRECTORY}/passwd' \ - && { echo 'unexpected success'; exit 1; } -systemd-run -p LoadCredential=passwd:/etc/passwd \ - -p DynamicUser=1 \ - --unit=test-54-immutable-rm.service \ - --wait \ - rm '${CREDENTIALS_DIRECTORY}/passwd' \ - && { echo 'unexpected success'; exit 1; } +(! systemd-run -p LoadCredential=passwd:/etc/passwd \ + -p DynamicUser=1 \ + --unit=test-54-immutable-touch.service \ + --wait \ + touch '${CREDENTIALS_DIRECTORY}/passwd') +(! systemd-run -p LoadCredential=passwd:/etc/passwd \ + -p DynamicUser=1 \ + --unit=test-54-immutable-rm.service \ + --wait \ + rm '${CREDENTIALS_DIRECTORY}/passwd') # Check directory-based loading mkdir -p /tmp/ts54-creds/sub @@ -96,15 +95,15 @@ echo -n b >/tmp/ts54-creds/bar echo -n c >/tmp/ts54-creds/baz echo -n d >/tmp/ts54-creds/sub/qux systemd-run -p LoadCredential=cred:/tmp/ts54-creds \ - -p DynamicUser=1 \ - --unit=test-54-dir.service \ - --wait \ - --pipe \ - cat '${CREDENTIALS_DIRECTORY}/cred_foo' \ - '${CREDENTIALS_DIRECTORY}/cred_bar' \ - '${CREDENTIALS_DIRECTORY}/cred_baz' \ - '${CREDENTIALS_DIRECTORY}/cred_sub_qux' >/tmp/ts54-concat -( echo -n abcd ) | cmp /tmp/ts54-concat + -p DynamicUser=1 \ + --unit=test-54-dir.service \ + --wait \ + --pipe \ + cat '${CREDENTIALS_DIRECTORY}/cred_foo' \ + '${CREDENTIALS_DIRECTORY}/cred_bar' \ + '${CREDENTIALS_DIRECTORY}/cred_baz' \ + '${CREDENTIALS_DIRECTORY}/cred_sub_qux' >/tmp/ts54-concat +cmp /tmp/ts54-concat <(echo -n abcd) rm /tmp/ts54-concat rm -rf /tmp/ts54-creds @@ -115,18 +114,18 @@ if systemctl --version | grep -q -- +OPENSSL ; then systemd-creds decrypt --name=test-54 /tmp/test-54-ciphertext | cmp /tmp/test-54-plaintext systemd-run -p LoadCredentialEncrypted=test-54:/tmp/test-54-ciphertext \ - --wait \ - --pipe \ - cat '${CREDENTIALS_DIRECTORY}/test-54' | cmp /tmp/test-54-plaintext + --wait \ + --pipe \ + cat '${CREDENTIALS_DIRECTORY}/test-54' | cmp /tmp/test-54-plaintext echo -n $RANDOM >/tmp/test-54-plaintext systemd-creds encrypt --name=test-54 /tmp/test-54-plaintext /tmp/test-54-ciphertext systemd-creds decrypt --name=test-54 /tmp/test-54-ciphertext | cmp /tmp/test-54-plaintext systemd-run -p SetCredentialEncrypted=test-54:"$(cat /tmp/test-54-ciphertext)" \ - --wait \ - --pipe \ - cat '${CREDENTIALS_DIRECTORY}/test-54' | cmp /tmp/test-54-plaintext + --wait \ + --pipe \ + cat '${CREDENTIALS_DIRECTORY}/test-54' | cmp /tmp/test-54-plaintext rm /tmp/test-54-plaintext /tmp/test-54-ciphertext fi diff --git a/test/units/testsuite-56.sh b/test/units/testsuite-56.sh index ffdd352872..f81c6ddf1f 100755 --- a/test/units/testsuite-56.sh +++ b/test/units/testsuite-56.sh @@ -35,15 +35,13 @@ systemd-run --wait --unit=two -p Type=notify -p ExitType=cgroup \ /tmp/test56-exit-cgroup.sh 'systemctl stop two' # false exec condition: systemd-run should exit immediately with status code: 1 -systemd-run --wait --unit=three -p Type=notify -p ExitType=cgroup \ +(! systemd-run --wait --unit=three -p Type=notify -p ExitType=cgroup \ -p ExecCondition=false \ - /tmp/test56-exit-cgroup.sh \ - && { echo 'unexpected success'; exit 1; } + /tmp/test56-exit-cgroup.sh) # service should exit uncleanly (main process exits with SIGKILL) -systemd-run --wait --unit=four -p Type=notify -p ExitType=cgroup \ - /tmp/test56-exit-cgroup.sh 'systemctl kill --signal 9 four' \ - && { echo 'unexpected success'; exit 1; } +(! systemd-run --wait --unit=four -p Type=notify -p ExitType=cgroup \ + /tmp/test56-exit-cgroup.sh 'systemctl kill --signal 9 four') # Multiple level process tree, parent process exits quickly diff --git a/test/units/testsuite-60.sh b/test/units/testsuite-60.sh index 1b45ba21fb..5795d6bbeb 100755 --- a/test/units/testsuite-60.sh +++ b/test/units/testsuite-60.sh @@ -181,7 +181,7 @@ EOF # Trigger the mount ratelimiting cd "$(mktemp -d)" mkdir foo - for ((i = 0; i < 50; i++)); do + for _ in {1..50}; do mount --bind foo foo umount foo done @@ -225,7 +225,7 @@ EOF # shellcheck disable=SC2064 trap "rm -f /run/systemd/system/tmp-hoge.mount '$mount_mytmpfs'" RETURN - for ((i = 0; i < 10; i++)); do + for _ in {1..10}; do systemctl --no-block start tmp-hoge.mount sleep ".$RANDOM" systemctl daemon-reexec diff --git a/test/units/testsuite-64.sh b/test/units/testsuite-64.sh index 015b6b69b5..ad502a229c 100755 --- a/test/units/testsuite-64.sh +++ b/test/units/testsuite-64.sh @@ -158,11 +158,11 @@ helper_check_device_units() {( local i - for (( i = 0; i < 20; i++ )); do + for i in {1..20}; do + (( i > 1 )) && sleep 0.5 if check_device_units 0 "$@"; then return 0 fi - sleep .5 done check_device_units 1 "$@" diff --git a/test/units/testsuite-65.sh b/test/units/testsuite-65.sh index cf3a856413..2ad7b9a439 100755 --- a/test/units/testsuite-65.sh +++ b/test/units/testsuite-65.sh @@ -179,16 +179,13 @@ EOF set +e # Default behaviour is to recurse through all dependencies when unit is loaded -systemd-analyze verify --root=/tmp/img/ testfile.service \ - && { echo 'unexpected success'; exit 1; } +(! systemd-analyze verify --root=/tmp/img/ testfile.service) # As above, recurses through all dependencies when unit is loaded -systemd-analyze verify --recursive-errors=yes --root=/tmp/img/ testfile.service \ - && { echo 'unexpected success'; exit 1; } +(! systemd-analyze verify --recursive-errors=yes --root=/tmp/img/ testfile.service) # Recurses through unit file and its direct dependencies when unit is loaded -systemd-analyze verify --recursive-errors=one --root=/tmp/img/ testfile.service \ - && { echo 'unexpected success'; exit 1; } +(! systemd-analyze verify --recursive-errors=one --root=/tmp/img/ testfile.service) set -e @@ -218,8 +215,7 @@ systemd-analyze verify --recursive-errors=no /tmp/testfile2.service set +e # Non-zero exit status since all associated dependencies are recursively loaded when the unit file is loaded -systemd-analyze verify --recursive-errors=yes /tmp/testfile2.service \ - && { echo 'unexpected success'; exit 1; } +(! systemd-analyze verify --recursive-errors=yes /tmp/testfile2.service) set -e rm /tmp/testfile.service @@ -241,19 +237,15 @@ rm /tmp/.testfile.service # Alias a unit file's name on disk (see #20061) cp /tmp/testfile.service /tmp/testsrvc -systemd-analyze verify /tmp/testsrvc \ - && { echo 'unexpected success'; exit 1; } +(! systemd-analyze verify /tmp/testsrvc) systemd-analyze verify /tmp/testsrvc:alias.service # Zero exit status since the value used for comparison determine exposure to security threats is by default 100 systemd-analyze security --offline=true /tmp/testfile.service -set +e #The overall exposure level assigned to the unit is greater than the set threshold -systemd-analyze security --threshold=90 --offline=true /tmp/testfile.service \ - && { echo 'unexpected success'; exit 1; } -set -e +(! systemd-analyze security --threshold=90 --offline=true /tmp/testfile.service) # Ensure we print the list of ACLs, see https://github.com/systemd/systemd/issues/23185 systemd-analyze security --offline=true /tmp/testfile.service | grep -q -F "/dev/sda" @@ -744,19 +736,15 @@ systemd-analyze security --threshold=25 --offline=true \ --profile=strict \ --root=/tmp/img/ testfile.service -set +e # The trusted profile doesn't add any sanboxing options -systemd-analyze security --threshold=25 --offline=true \ +(! systemd-analyze security --threshold=25 --offline=true \ --security-policy=/tmp/testfile.json \ --profile=/usr/lib/systemd/portable/profile/trusted/service.conf \ - --root=/tmp/img/ testfile.service \ - && { echo 'unexpected success'; exit 1; } + --root=/tmp/img/ testfile.service) -systemd-analyze security --threshold=50 --offline=true \ +(! systemd-analyze security --threshold=50 --offline=true \ --security-policy=/tmp/testfile.json \ - --root=/tmp/img/ testfile.service \ - && { echo 'unexpected success'; exit 1; } -set -e + --root=/tmp/img/ testfile.service) rm /tmp/img/usr/lib/systemd/system/testfile.service @@ -833,7 +821,7 @@ systemd-analyze image-policy 'home=encrypted:usr=verity' 2>&1 | grep -q -e '^usr systemd-analyze image-policy 'home=encrypted:usr=verity' 2>&1 | grep -q -e '^root \+ignore \+' systemd-analyze image-policy 'home=encrypted:usr=verity' 2>&1 | grep -q -e '^usr-verity \+unprotected \+' -(! systemd-analyze image-policy 'doedel' ) +(! systemd-analyze image-policy 'doedel') systemd-analyze log-level info diff --git a/test/units/testsuite-70.sh b/test/units/testsuite-70.sh index 8fd2354295..16a1edfd9c 100755 --- a/test/units/testsuite-70.sh +++ b/test/units/testsuite-70.sh @@ -15,42 +15,42 @@ cryptsetup luksFormat -q --pbkdf pbkdf2 --pbkdf-force-iterations 1000 --use-uran systemd-cryptenroll --unlock-key-file=/tmp/passphrase --tpm2-device=auto $img # Enroll unlock with default PCR policy -env PASSWORD=passphrase systemd-cryptenroll --tpm2-device=auto $img +PASSWORD=passphrase systemd-cryptenroll --tpm2-device=auto $img /usr/lib/systemd/systemd-cryptsetup attach test-volume $img - tpm2-device=auto,headless=1 /usr/lib/systemd/systemd-cryptsetup detach test-volume # Check with wrong PCR tpm2_pcrextend 7:sha256=0000000000000000000000000000000000000000000000000000000000000000 -/usr/lib/systemd/systemd-cryptsetup attach test-volume $img - tpm2-device=auto,headless=1 && { echo 'unexpected success'; exit 1; } +(! /usr/lib/systemd/systemd-cryptsetup attach test-volume $img - tpm2-device=auto,headless=1) # Enroll unlock with PCR+PIN policy systemd-cryptenroll --wipe-slot=tpm2 $img -env PASSWORD=passphrase NEWPIN=123456 systemd-cryptenroll --tpm2-device=auto --tpm2-with-pin=true $img -env PIN=123456 /usr/lib/systemd/systemd-cryptsetup attach test-volume $img - tpm2-device=auto,headless=1 +PASSWORD=passphrase NEWPIN=123456 systemd-cryptenroll --tpm2-device=auto --tpm2-with-pin=true $img +PIN=123456 /usr/lib/systemd/systemd-cryptsetup attach test-volume $img - tpm2-device=auto,headless=1 /usr/lib/systemd/systemd-cryptsetup detach test-volume # Check failure with wrong PIN -env PIN=123457 /usr/lib/systemd/systemd-cryptsetup attach test-volume $img - tpm2-device=auto,headless=1 && { echo 'unexpected success'; exit 1; } +(! PIN=123457 /usr/lib/systemd/systemd-cryptsetup attach test-volume $img - tpm2-device=auto,headless=1) # Check LUKS2 token plugin unlock (i.e. without specifying tpm2-device=auto) if cryptsetup --help | grep -q 'LUKS2 external token plugin support is compiled-in' && \ [ -f "$(cryptsetup --help | sed -n -r 's/.*LUKS2 external token plugin path: (.*)\./\1/p')/libcryptsetup-token-systemd-tpm2.so" ]; then - env PIN=123456 /usr/lib/systemd/systemd-cryptsetup attach test-volume $img - headless=1 + PIN=123456 /usr/lib/systemd/systemd-cryptsetup attach test-volume $img - headless=1 /usr/lib/systemd/systemd-cryptsetup detach test-volume # Check failure with wrong PIN - env PIN=123457 /usr/lib/systemd/systemd-cryptsetup attach test-volume $img - headless=1 && { echo 'unexpected success'; exit 1; } + (! PIN=123457 /usr/lib/systemd/systemd-cryptsetup attach test-volume $img - headless=1) else echo 'cryptsetup has no LUKS2 token plugin support, skipping' fi # Check failure with wrong PCR (and correct PIN) tpm2_pcrextend 7:sha256=0000000000000000000000000000000000000000000000000000000000000000 -env PIN=123456 /usr/lib/systemd/systemd-cryptsetup attach test-volume $img - tpm2-device=auto,headless=1 && { echo 'unexpected success'; exit 1; } +(! PIN=123456 /usr/lib/systemd/systemd-cryptsetup attach test-volume $img - tpm2-device=auto,headless=1) # Enroll unlock with PCR 0+7 systemd-cryptenroll --wipe-slot=tpm2 $img -env PASSWORD=passphrase systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+7 $img +PASSWORD=passphrase systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+7 $img /usr/lib/systemd/systemd-cryptsetup attach test-volume $img - tpm2-device=auto,headless=1 /usr/lib/systemd/systemd-cryptsetup detach test-volume @@ -119,7 +119,7 @@ if [ -e /usr/lib/systemd/systemd-measure ] && \ # Invalidate PCR, decrypting should fail now tpm2_pcrextend 11:sha256=0000000000000000000000000000000000000000000000000000000000000000 - systemd-creds decrypt /tmp/pcrtestdata.encrypted - --tpm2-signature="/tmp/pcrsign.sig" >/dev/null && { echo 'unexpected success'; exit 1; } + (! systemd-creds decrypt /tmp/pcrtestdata.encrypted - --tpm2-signature="/tmp/pcrsign.sig" >/dev/null) # Sign new PCR state, decrypting should work now. /usr/lib/systemd/systemd-measure sign --current "${MEASURE_BANKS[@]}" --private-key="/tmp/pcrsign-private.pem" --public-key="/tmp/pcrsign-public.pem" --phase=: >"/tmp/pcrsign.sig2" @@ -146,8 +146,8 @@ if [ -e /usr/lib/systemd/systemd-measure ] && \ # After extending the PCR things should fail tpm2_pcrextend 11:sha256=0000000000000000000000000000000000000000000000000000000000000000 - SYSTEMD_CRYPTSETUP_USE_TOKEN_MODULE=0 /usr/lib/systemd/systemd-cryptsetup attach test-volume2 $img - tpm2-device=auto,tpm2-signature="/tmp/pcrsign.sig2",headless=1 && { echo 'unexpected success'; exit 1; } - SYSTEMD_CRYPTSETUP_USE_TOKEN_MODULE=1 /usr/lib/systemd/systemd-cryptsetup attach test-volume2 $img - tpm2-device=auto,tpm2-signature="/tmp/pcrsign.sig2",headless=1 && { echo 'unexpected success'; exit 1; } + (! SYSTEMD_CRYPTSETUP_USE_TOKEN_MODULE=0 /usr/lib/systemd/systemd-cryptsetup attach test-volume2 $img - tpm2-device=auto,tpm2-signature="/tmp/pcrsign.sig2",headless=1) + (! SYSTEMD_CRYPTSETUP_USE_TOKEN_MODULE=1 /usr/lib/systemd/systemd-cryptsetup attach test-volume2 $img - tpm2-device=auto,tpm2-signature="/tmp/pcrsign.sig2",headless=1) # But once we sign the current PCRs, we should be able to unlock again /usr/lib/systemd/systemd-measure sign --current "${MEASURE_BANKS[@]}" --private-key="/tmp/pcrsign-private.pem" --public-key="/tmp/pcrsign-public.pem" --phase=: >"/tmp/pcrsign.sig3" @@ -162,7 +162,7 @@ if [ -e /usr/lib/systemd/systemd-measure ] && \ # Sign one more phase, this should /usr/lib/systemd/systemd-measure sign --current "${MEASURE_BANKS[@]}" --private-key="/tmp/pcrsign-private.pem" --public-key="/tmp/pcrsign-public.pem" --phase=quux:waldo --append="/tmp/pcrsign.sig4" >"/tmp/pcrsign.sig5" - ( ! cmp "/tmp/pcrsign.sig4" "/tmp/pcrsign.sig5" ) + (! cmp "/tmp/pcrsign.sig4" "/tmp/pcrsign.sig5") # Should still be good to unlock, given the old entry still exists SYSTEMD_CRYPTSETUP_USE_TOKEN_MODULE=0 /usr/lib/systemd/systemd-cryptsetup attach test-volume2 $img - tpm2-device=auto,tpm2-signature="/tmp/pcrsign.sig5",headless=1 @@ -226,63 +226,63 @@ echo -n password >/tmp/password cryptsetup luksFormat -q --pbkdf pbkdf2 --pbkdf-force-iterations 1000 --use-urandom $img_2 /tmp/password #boolean_arguments -systemd-cryptenroll --fido2-with-client-pin=false && { echo 'unexpected success'; exit 1; } +(! systemd-cryptenroll --fido2-with-client-pin=false) -systemd-cryptenroll --fido2-with-user-presence=f $img_2 /tmp/foo && { echo 'unexpected success'; exit 1; } +(! systemd-cryptenroll --fido2-with-user-presence=f $img_2 /tmp/foo) -systemd-cryptenroll --fido2-with-client-pin=1234 $img_2 && { echo 'unexpected success'; exit 1; } +(! systemd-cryptenroll --fido2-with-client-pin=1234 $img_2) systemd-cryptenroll --fido2-with-client-pin=false $img_2 -systemd-cryptenroll --fido2-with-user-presence=1234 $img_2 && { echo 'unexpected success'; exit 1; } +(! systemd-cryptenroll --fido2-with-user-presence=1234 $img_2) systemd-cryptenroll --fido2-with-user-presence=false $img_2 -systemd-cryptenroll --fido2-with-user-verification=1234 $img_2 && { echo 'unexpected success'; exit 1; } +(! systemd-cryptenroll --fido2-with-user-verification=1234 $img_2) -systemd-cryptenroll --tpm2-with-pin=1234 $img_2 && { echo 'unexpected success'; exit 1; } +(! systemd-cryptenroll --tpm2-with-pin=1234 $img_2) systemd-cryptenroll --fido2-with-user-verification=false $img_2 #arg_enroll_type -systemd-cryptenroll --recovery-key --password $img_2 && { echo 'unexpected success'; exit 1; } +(! systemd-cryptenroll --recovery-key --password $img_2) -systemd-cryptenroll --password --recovery-key $img_2 && { echo 'unexpected success'; exit 1; } +(! systemd-cryptenroll --password --recovery-key $img_2) -systemd-cryptenroll --password --fido2-device=auto $img_2 && { echo 'unexpected success'; exit 1; } +(! systemd-cryptenroll --password --fido2-device=auto $img_2) -systemd-cryptenroll --password --pkcs11-token-uri=auto $img_2 && { echo 'unexpected success'; exit 1; } +(! systemd-cryptenroll --password --pkcs11-token-uri=auto $img_2) -systemd-cryptenroll --password --tpm2-device=auto $img_2 && { echo 'unexpected success'; exit 1; } +(! systemd-cryptenroll --password --tpm2-device=auto $img_2) #arg_unlock_type -systemd-cryptenroll --unlock-fido2-device=auto --unlock-fido2-device=auto $img_2 && { echo 'unexpected success'; exit 1; } +(! systemd-cryptenroll --unlock-fido2-device=auto --unlock-fido2-device=auto $img_2) -systemd-cryptenroll --unlock-fido2-device=auto --unlock-key-file=/tmp/unlock $img_2 && { echo 'unexpected success'; exit 1; } +(! systemd-cryptenroll --unlock-fido2-device=auto --unlock-key-file=/tmp/unlock $img_2) #fido2_cred_algorithm -systemd-cryptenroll --fido2-credential-algorithm=es512 $img_2 && { echo 'unexpected success'; exit 1; } +(! systemd-cryptenroll --fido2-credential-algorithm=es512 $img_2) #tpm2_errors -systemd-cryptenroll --tpm2-public-key-pcrs=key $img_2 && { echo 'unexpected success'; exit 1; } +(! systemd-cryptenroll --tpm2-public-key-pcrs=key $img_2) -systemd-cryptenroll --tpm2-pcrs=key $img_2 && { echo 'unexpected success'; exit 1; } +(! systemd-cryptenroll --tpm2-pcrs=key $img_2) -systemd-cryptenroll --tpm2-pcrs=44+8 $img_2 && { echo 'unexpected success'; exit 1; } +(! systemd-cryptenroll --tpm2-pcrs=44+8 $img_2) systemd-cryptenroll --tpm2-pcrs=8 $img_2 -systemd-cryptenroll --tpm2-pcrs=hello $img_2 && { echo 'unexpected success'; exit 1; } +(! systemd-cryptenroll --tpm2-pcrs=hello $img_2) systemd-cryptenroll --tpm2-pcrs=boot-loader-code+boot-loader-config $img_2 #wipe_slots -systemd-cryptenroll --wipe-slot $img_2 && { echo 'unexpected success'; exit 1; } +(! systemd-cryptenroll --wipe-slot $img_2) -systemd-cryptenroll --wipe-slot=10240000 $img_2 && { echo 'unexpected success'; exit 1; } +(! systemd-cryptenroll --wipe-slot=10240000 $img_2) #fido2_multiple_auto -systemd-cryptenroll --fido2-device=auto --unlock-fido2-device=auto $img_2 && { echo 'unexpected success'; exit 1; } +(! systemd-cryptenroll --fido2-device=auto --unlock-fido2-device=auto $img_2) echo OK >/testok diff --git a/test/units/testsuite-73.sh b/test/units/testsuite-73.sh index e5ac09c2e3..7be400d43e 100755 --- a/test/units/testsuite-73.sh +++ b/test/units/testsuite-73.sh @@ -206,8 +206,8 @@ restore_keymap() { wait_vconsole_setup() { local i ss - for ((i = 0; i < 20; i++)); do - if (( i != 0 )); then sleep .5; fi + for i in {1..20}; do + (( i > 1 )) && sleep 0.5 ss="$(systemctl --property SubState --value show systemd-vconsole-setup.service)" if [[ "$ss" == "exited" || "$ss" == "dead" || "$ss" == "condition" ]]; then return 0 |