test/units/TEST-29-PORTABLE.image.sh

   1 #!/usr/bin/env bash
   2 # SPDX-License-Identifier: LGPL-2.1-or-later
   3 # -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
   4 # ex: ts=8 sw=4 sts=4 et filetype=sh
   5 # shellcheck disable=SC2233,SC2235
   6 set -eux
   7 set -o pipefail
   8
   9 # shellcheck source=test/units/util.sh
  10 . "$(dirname "$0")"/util.sh
  11
  12 # Arrays cannot be exported, so redefine in each test script
  13 ARGS=()
  14 if [[ -v ASAN_OPTIONS || -v UBSAN_OPTIONS ]]; then
  15     # If we're running under sanitizers, we need to use a less restrictive
  16     # profile, otherwise LSan syscall would get blocked by seccomp
  17     ARGS+=(--profile=trusted)
  18 fi
  19
  20 portablectl "${ARGS[@]}" attach --now --runtime /usr/share/minimal_0.raw minimal-app0
  21
  22 portablectl is-attached minimal-app0
  23 portablectl inspect /usr/share/minimal_0.raw minimal-app0.service
  24 systemctl is-active minimal-app0.service
  25 systemctl is-active minimal-app0-foo.service
  26 systemctl is-active minimal-app0-bar.service && exit 1
  27
  28 portablectl "${ARGS[@]}" reattach --now --runtime /usr/share/minimal_1.raw minimal-app0
  29
  30 portablectl is-attached minimal-app0
  31 portablectl inspect /usr/share/minimal_0.raw minimal-app0.service
  32 systemctl is-active minimal-app0.service
  33 systemctl is-active minimal-app0-bar.service
  34 systemctl is-active minimal-app0-foo.service && exit 1
  35
  36 portablectl list | grep -q -F "minimal_1"
  37 busctl tree org.freedesktop.portable1 --no-pager | grep -q -F '/org/freedesktop/portable1/image/minimal_5f1'
  38
  39 portablectl detach --now --runtime /usr/share/minimal_1.raw minimal-app0
  40
  41 portablectl list | grep -q -F "No images."
  42 busctl tree org.freedesktop.portable1 --no-pager | grep -q -F '/org/freedesktop/portable1/image/minimal_5f1' && exit 1
  43
  44 # Ensure we don't regress (again) when using --force
  45
  46 mkdir -p /run/systemd/system.attached/minimal-app0.service.d/
  47 cat <<EOF >/run/systemd/system.attached/minimal-app0.service
  48 [Unit]
  49 Description=Minimal App 0
  50 EOF
  51 cat <<EOF >/run/systemd/system.attached/minimal-app0.service.d/10-profile.conf
  52 [Unit]
  53 Description=Minimal App 0
  54 EOF
  55 cat <<EOF >/run/systemd/system.attached/minimal-app0.service.d/20-portable.conf
  56 [Unit]
  57 Description=Minimal App 0
  58 EOF
  59 systemctl daemon-reload
  60
  61 portablectl "${ARGS[@]}" attach --force --now --runtime /usr/share/minimal_0.raw minimal-app0
  62
  63 portablectl is-attached --force minimal-app0
  64 portablectl inspect --force /usr/share/minimal_0.raw minimal-app0.service
  65 systemctl is-active minimal-app0.service
  66 systemctl is-active minimal-app0-foo.service
  67 systemctl is-active minimal-app0-bar.service && exit 1
  68
  69 portablectl "${ARGS[@]}" reattach --force --now --runtime /usr/share/minimal_1.raw minimal-app0
  70
  71 portablectl is-attached --force minimal-app0
  72 portablectl inspect --force /usr/share/minimal_0.raw minimal-app0.service
  73 systemctl is-active minimal-app0.service
  74 systemctl is-active minimal-app0-bar.service
  75 systemctl is-active minimal-app0-foo.service && exit 1
  76
  77 portablectl list | grep -q -F "minimal_1"
  78 busctl tree org.freedesktop.portable1 --no-pager | grep -q -F '/org/freedesktop/portable1/image/minimal_5f1'
  79
  80 portablectl detach --force --now --runtime /usr/share/minimal_1.raw minimal-app0
  81
  82 portablectl list | grep -q -F "No images."
  83 busctl tree org.freedesktop.portable1 --no-pager | grep -q -F '/org/freedesktop/portable1/image/minimal_5f1' && exit 1
  84
  85 portablectl "${ARGS[@]}" attach --now --runtime --extension /tmp/app0.raw /usr/share/minimal_0.raw app0
  86
  87 systemctl is-active app0.service
  88 status="$(portablectl is-attached --extension app0 minimal_0)"
  89 [[ "${status}" == "running-runtime" ]]
  90
  91 grep -q -F "LogExtraFields=PORTABLE_ROOT=minimal_0.raw" /run/systemd/system.attached/app0.service.d/20-portable.conf
  92 grep -q -F "LogExtraFields=PORTABLE_EXTENSION=app0.raw" /run/systemd/system.attached/app0.service.d/20-portable.conf
  93 grep -q -F "LogExtraFields=PORTABLE_EXTENSION_NAME_AND_VERSION=app" /run/systemd/system.attached/app0.service.d/20-portable.conf
  94
  95 portablectl "${ARGS[@]}" reattach --now --runtime --extension /tmp/app0.raw /usr/share/minimal_1.raw app0
  96
  97 systemctl is-active app0.service
  98 status="$(portablectl is-attached --extension app0 minimal_1)"
  99 [[ "${status}" == "running-runtime" ]]
 100
 101 grep -q -F "LogExtraFields=PORTABLE_ROOT=minimal_1.raw" /run/systemd/system.attached/app0.service.d/20-portable.conf
 102 grep -q -F "LogExtraFields=PORTABLE_EXTENSION=app0.raw" /run/systemd/system.attached/app0.service.d/20-portable.conf
 103 grep -q -F "LogExtraFields=PORTABLE_EXTENSION_NAME_AND_VERSION=app" /run/systemd/system.attached/app0.service.d/20-portable.conf
 104
 105 portablectl detach --now --runtime --extension /tmp/app0.raw /usr/share/minimal_1.raw app0
 106
 107 # Ensure versioned images are accepted without needing to use --force to override the extension-release
 108 # matching
 109
 110 cp /tmp/app0.raw /tmp/app0_1.0.raw
 111 portablectl "${ARGS[@]}" attach --now --runtime --extension /tmp/app0_1.0.raw /usr/share/minimal_0.raw app0
 112
 113 systemctl is-active app0.service
 114 status="$(portablectl is-attached --extension app0_1 minimal_0)"
 115 [[ "${status}" == "running-runtime" ]]
 116
 117 portablectl detach --now --runtime --extension /tmp/app0_1.0.raw /usr/share/minimal_1.raw app0
 118 rm -f /tmp/app0_1.0.raw
 119
 120 portablectl "${ARGS[@]}" attach --now --runtime --extension /tmp/app1.raw /usr/share/minimal_0.raw app1
 121
 122 systemctl is-active app1.service
 123 status="$(portablectl is-attached --extension app1 minimal_0)"
 124 [[ "${status}" == "running-runtime" ]]
 125
 126 # Ensure that adding or removing a version to the image doesn't break reattaching
 127 cp /tmp/app1.raw /tmp/app1_2.raw
 128 portablectl "${ARGS[@]}" reattach --now --runtime --extension /tmp/app1_2.raw /usr/share/minimal_1.raw app1
 129
 130 systemctl is-active app1.service
 131 status="$(portablectl is-attached --extension app1_2 minimal_1)"
 132 [[ "${status}" == "running-runtime" ]]
 133
 134 portablectl "${ARGS[@]}" reattach --now --runtime --extension /tmp/app1.raw /usr/share/minimal_1.raw app1
 135
 136 systemctl is-active app1.service
 137 status="$(portablectl is-attached --extension app1 minimal_1)"
 138 [[ "${status}" == "running-runtime" ]]
 139
 140 portablectl detach --force --no-reload --runtime --extension /tmp/app1.raw /usr/share/minimal_1.raw app1
 141 portablectl "${ARGS[@]}" attach --force --no-reload --runtime --extension /tmp/app1.raw /usr/share/minimal_0.raw app1
 142 systemctl daemon-reload
 143 systemctl restart app1.service
 144
 145 systemctl is-active app1.service
 146 status="$(portablectl is-attached --extension app1 minimal_0)"
 147 [[ "${status}" == "running-runtime" ]]
 148
 149 portablectl detach --now --runtime --extension /tmp/app1.raw /usr/share/minimal_0.raw app1
 150
 151 # Ensure vpick works, including reattaching to a new image
 152 mkdir -p /tmp/app1.v/
 153 cp /tmp/app1.raw /tmp/app1.v/app1_1.0.raw
 154 cp /tmp/app1_2.raw /tmp/app1.v/app1_2.0.raw
 155 portablectl "${ARGS[@]}" attach --now --runtime --extension /tmp/app1.v/ /usr/share/minimal_1.raw app1
 156
 157 systemctl is-active app1.service
 158 status="$(portablectl is-attached --extension app1_2.0.raw minimal_1)"
 159 [[ "${status}" == "running-runtime" ]]
 160
 161 rm -f /tmp/app1.v/app1_2.0.raw
 162 portablectl "${ARGS[@]}" reattach --now --runtime --extension /tmp/app1.v/ /usr/share/minimal_1.raw app1
 163
 164 systemctl is-active app1.service
 165 status="$(portablectl is-attached --extension app1_1.0.raw minimal_1)"
 166 [[ "${status}" == "running-runtime" ]]
 167
 168 portablectl detach --now --runtime --extension /tmp/app1.v/ /usr/share/minimal_0.raw app1
 169 rm -f /tmp/app1.v/app1_1.0.raw
 170
 171 # Ensure that the combination of read-only images, state directory and dynamic user works, and that
 172 # state is retained. Check after detaching, as on slow systems (eg: sanitizers) it might take a while
 173 # after the service is attached before the file appears.
 174 grep -q -F bar "${STATE_DIRECTORY}/app0/foo"
 175 grep -q -F baz "${STATE_DIRECTORY}/app1/foo"
 176
 177 # Ensure that we can override the check on extension-release.NAME
 178 cp /tmp/app0.raw /tmp/app10.raw
 179 portablectl "${ARGS[@]}" attach --force --now --runtime --extension /tmp/app10.raw /usr/share/minimal_0.raw app0
 180
 181 systemctl is-active app0.service
 182 status="$(portablectl is-attached --extension /tmp/app10.raw /usr/share/minimal_0.raw)"
 183 [[ "${status}" == "running-runtime" ]]
 184
 185 portablectl inspect --force --cat --extension /tmp/app10.raw /usr/share/minimal_0.raw app0 | grep -q -F "Extension Release: /tmp/app10.raw"
 186
 187 # Ensure that we can detach even when an image has been deleted already (stop the unit manually as
 188 # portablectl won't find it)
 189 rm -f /tmp/app10.raw
 190 systemctl stop app0.service
 191 portablectl detach --force --runtime --extension /tmp/app10.raw /usr/share/minimal_0.raw app0
 192
 193 # portablectl also accepts confexts
 194 portablectl "${ARGS[@]}" attach --now --runtime --extension /tmp/app0.raw --extension /tmp/conf0.raw /usr/share/minimal_0.raw app0
 195
 196 systemctl is-active app0.service
 197 status="$(portablectl is-attached --extension /tmp/app0.raw --extension /tmp/conf0.raw /usr/share/minimal_0.raw)"
 198 [[ "${status}" == "running-runtime" ]]
 199
 200 portablectl inspect --force --cat --extension /tmp/app0.raw --extension /tmp/conf0.raw /usr/share/minimal_0.raw app0 | grep -q -F "Extension Release: /tmp/conf0.raw"
 201
 202 portablectl detach --now --runtime --extension /tmp/app0.raw --extension /tmp/conf0.raw /usr/share/minimal_0.raw app0
 203
 204 # Ensure that mixed mode copies the images and units (client-owned) but symlinks the profile (OS owned)
 205 portablectl "${ARGS[@]}" attach --copy=mixed --runtime --extension /tmp/app0.raw /usr/share/minimal_0.raw app0
 206 test -f /run/portables/app0.raw
 207 test -f /run/portables/minimal_0.raw
 208 test -f /run/systemd/system.attached/app0.service
 209 test -L /run/systemd/system.attached/app0.service.d/10-profile.conf
 210 portablectl detach --runtime --extension /tmp/app0.raw /usr/share/minimal_0.raw app0
 211
 212 # Ensure that when two portables share the same base image, removing one doesn't remove the other too
 213
 214 portablectl "${ARGS[@]}" attach --runtime --extension /tmp/app0.raw /usr/share/minimal_0.raw app0
 215 portablectl "${ARGS[@]}" attach --runtime --extension /tmp/app1.raw /usr/share/minimal_0.raw app1
 216
 217 status="$(portablectl is-attached --extension app0 minimal_0)"
 218 [[ "${status}" == "attached-runtime" ]]
 219 status="$(portablectl is-attached --extension app1 minimal_0)"
 220 [[ "${status}" == "attached-runtime" ]]
 221
 222 (! portablectl detach --runtime /usr/share/minimal_0.raw app)
 223
 224 status="$(portablectl is-attached --extension app0 minimal_0)"
 225 [[ "${status}" == "attached-runtime" ]]
 226 status="$(portablectl is-attached --extension app1 minimal_0)"
 227 [[ "${status}" == "attached-runtime" ]]
 228
 229 # Ensure 'portablectl list' shows the correct status for both images
 230 portablectl list
 231 portablectl list | grep -F "minimal_0" | grep -q -F "attached-runtime"
 232 portablectl list | grep -F "app0" | grep -q -F "attached-runtime"
 233 portablectl list | grep -F "app1" | grep -q -F "attached-runtime"
 234
 235 portablectl detach --runtime --extension /tmp/app0.raw /usr/share/minimal_0.raw app
 236
 237 status="$(portablectl is-attached --extension app1 minimal_0)"
 238 [[ "${status}" == "attached-runtime" ]]
 239
 240 portablectl detach --runtime --extension /tmp/app1.raw /usr/share/minimal_0.raw app