Skip to content

Commit

Permalink
secboot: update system-run command for skipping tests
Browse files Browse the repository at this point in the history 
On 18.04, the following error is observed in secboot tests using fde hooks:

"cannot run fde-reveal-key: Failed to start transient service unit: Invalid Type
setting: exec"

This is confirmed by running the following command on 18.04 using the same
parameters as the actual FDE reveal key command:

google:ubuntu-18.04-64 $ systemd-run --user --wait --collect --service-type=exec /bin/true
Failed to start transient service unit: Invalid Type setting: exec

The --help output of systemd-run includes --service-type, but the manpage does
not, suggesting this may be a bug in systemd or its packaging.

Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
  • Loading branch information
@bboozzoo
bboozzoo committed Mar 3, 2021
1 parent abe3d11 commit db4de99
Showing 1 changed file with 6 additions and 6 deletions.
12 changes: 6 additions & 6 deletions secboot/secboot_tpm_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1162,7 +1162,7 @@ func (s *secbootSuite) TestUnlockEncryptedVolumeUsingKeyErr(c *C) {
func (s *secbootSuite) TestUnlockVolumeUsingSealedKeyIfEncryptedFdeRevealKeyTruncatesStreamFiles(c *C) {
// this test uses a real systemd-run --user so check here if that
// actually works
if output, err := exec.Command("systemd-run", "--user", "--wait", "--collect", "true").CombinedOutput(); err != nil {
if output, err := exec.Command("systemd-run", "--user", "--wait", "--collect", "--service-type=exec", "true").CombinedOutput(); err != nil {
c.Skip(fmt.Sprintf("systemd-run not working: %v", osutil.OutputErr(output, err)))
}

Expand Down Expand Up @@ -1264,7 +1264,7 @@ service result: exit-code
func (s *secbootSuite) TestUnlockVolumeUsingSealedKeyIfEncryptedFdeRevealKeyErr(c *C) {
// this test uses a real systemd-run --user so check here if that
// actually works
if output, err := exec.Command("systemd-run", "--user", "--wait", "--collect", "true").CombinedOutput(); err != nil {
if output, err := exec.Command("systemd-run", "--user", "--wait", "--collect", "--service-type=exec", "/bin/true").CombinedOutput(); err != nil {
c.Skip(fmt.Sprintf("systemd-run not working: %v", osutil.OutputErr(output, err)))
}

Expand Down Expand Up @@ -1302,7 +1302,7 @@ service result: exit-code
func (s *secbootSuite) TestUnlockVolumeUsingSealedKeyIfEncryptedFdeRevealKey(c *C) {
// this test uses a real systemd-run --user so check here if that
// actually works
if output, err := exec.Command("systemd-run", "--user", "--wait", "--collect", "true").CombinedOutput(); err != nil {
if output, err := exec.Command("systemd-run", "--user", "--wait", "--collect", "--service-type=exec", "/bin/true").CombinedOutput(); err != nil {
c.Skip(fmt.Sprintf("systemd-run not working: %v", osutil.OutputErr(output, err)))
}

Expand Down Expand Up @@ -1363,7 +1363,7 @@ printf "unsealed-key-from-hook"
func (s *secbootSuite) TestLockSealedKeysCallsFdeReveal(c *C) {
// this test uses a real systemd-run --user so check here if that
// actually works
if output, err := exec.Command("systemd-run", "--user", "--wait", "--collect", "true").CombinedOutput(); err != nil {
if output, err := exec.Command("systemd-run", "--user", "--wait", "--collect", "--service-type=exec", "/bin/true").CombinedOutput(); err != nil {
c.Skip(fmt.Sprintf("systemd-run not working: %v", osutil.OutputErr(output, err)))
}

Expand Down Expand Up @@ -1394,7 +1394,7 @@ cat - > %s
func (s *secbootSuite) TestLockSealedKeysHonorsRuntimeMax(c *C) {
// this test uses a real systemd-run --user so check here if that
// actually works
if output, err := exec.Command("systemd-run", "--user", "--wait", "--collect", "true").CombinedOutput(); err != nil {
if output, err := exec.Command("systemd-run", "--user", "--wait", "--collect", "--service-type=exec", "/bin/true").CombinedOutput(); err != nil {
c.Skip(fmt.Sprintf("systemd-run not working: %v", osutil.OutputErr(output, err)))
}

Expand All @@ -1421,7 +1421,7 @@ func (s *secbootSuite) TestLockSealedKeysHonorsRuntimeMax(c *C) {
func (s *secbootSuite) TestLockSealedKeysHonorsParanoia(c *C) {
// this test uses a real systemd-run --user so check here if that
// actually works
if output, err := exec.Command("systemd-run", "--user", "--wait", "--collect", "true").CombinedOutput(); err != nil {
if output, err := exec.Command("systemd-run", "--user", "--wait", "--collect", "--service-type=exec", "/bin/true").CombinedOutput(); err != nil {
c.Skip(fmt.Sprintf("systemd-run not working: %v", osutil.OutputErr(output, err)))
}

Expand Down

0 comments on commit db4de99

Please sign in to comment.