fail GMT-common-6.4.0-alt1_10.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/gmt/tools/gmt_prepmex.sh: $ grep /tmp/ /usr/share/gmt/tools/gmt_prepmex.sh # First get a reliable absolute path to the bundle's top directory pushd $(dirname $0) > /dev/null BUNDLEDIR=$(pwd | sed sB/Contents/Resources/share/toolsBBg) popd > /dev/null # Set path to the new gmt installation MEXGMT5DIR=/tmp/$$/gmt # Set path to additional subdirectories MEXLIBDIR=$MEXGMT5DIR/lib MEXINCDIR=$MEXGMT5DIR/include MEXSHADIR=$MEXGMT5DIR/share MEXBINDIR=$MEXGMT5DIR/bin cp -r etc usr $MEXBINDIR # Now copy the lib files printf "gmt_prepmex.sh: Copy and rename libraries\n" >&2 cd $BUNDLEDIR/Contents/Resources/lib # Find a list of all libs shipped with the OSX bundle, except our own: ls *.dylib | egrep -v 'libgmt.dylib|libpostscriptlight.dylib' > /tmp/l.lis # For each, duplicate into /opt/gmt but add a leading X to each name while read lib; do new=$(echo $lib | awk '{printf "libX%s\n", substr($1,4)}') cp $lib $MEXLIBDIR/$new done < /tmp/l.lis # Copy the supplement shared plugin cp gmt/plugins/supplements.so $MEXLIBDIR/gmt/plugins cd $MEXLIBDIR ls *.dylib > /tmp/l.lis printf "gmt_prepmex.sh: Rebaptize libraries\n" >&2 # For all libs in $MEXLIBDIR, change internal references to contain the leading "X" while read lib; do otool -L $lib | grep executable_path | awk '{print $1}' > /tmp/t.lis let k=1 while read old; do new=$(echo $old | awk -F/ '{printf "libX%s\n", substr($NF,4)}') if [ $k -eq 1 ]; then # Do the id change was=$(echo $lib | awk -F/ '{print substr($1,4)}') install_name_tool -id /opt/gmt/lib/$new $lib else install_name_tool -change $old /opt/gmt/lib/$new $lib fi let k=k+1 done < /tmp/t.lis done < /tmp/l.lis # Set links to the new libs ln -s libXgmt.dylib libgmt.dylib ln -s libXpostscriptlight.dylib libpostscriptlight.dylib ln -s libXgmt.6.dylib libXgmt.dylib ln -s libXpostscriptlight.6.dylib libXpostscriptlight.dylib -- fi fi # Do plugin supplement separately since not called lib* cd gmt/plugins otool -L supplements.so | grep executable_path | awk '{print $1}' > /tmp/t.lis let k=1 while read old; do new=$(echo $old | awk -F/ '{printf "libX%s\n", substr($NF,4)}') install_name_tool -change $old /opt/gmt/lib/$new supplements.so let k=k+1 done < /tmp/t.lis # Do bin dir cd $MEXBINDIR otool -L gmt | grep executable_path | awk '{print $1}' > /tmp/t.lis let k=1 while read old; do new=$(echo $old | awk -F/ '{printf "libX%s\n", substr($NF,4)}') install_name_tool -change $old /opt/gmt/lib/$new gmt let k=k+1 done < /tmp/t.lis chmod -R ugo+r $MEXGMT5DIR printf "gmt_prepmex.sh: Install /opt/gmt\n" >&2 sudo cp -fpR $MEXGMT5DIR /opt rm -rf /tmp/$$ cd $here version=$(/opt/gmt/bin/gmt-config --version) # Report cat << EOF >&2 gmt_prepmex.sh: Made updated GMT $version installation in /opt/gmt; fail alterator-deploy-0.1.0-alt1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/alterator/backend3/deploy: $ grep /tmp/ /usr/lib/alterator/backend3/deploy ;; esac ;; write) case "${in__objects##*/}" in set) echo "Role: ${in_role:?}" >> /tmp/out echo "Parameter: ${in_parameter:?}" >> /tmp/out echo "Value: ${in_value:?}" >> /tmp/out set_parameter "${in_role:?}" "${in_parameter:?}" "${in_value?}" ;; reset) reset_parameter "${in_role:?}" "${in_parameter:?}" ;;; fail alterator-mass-management-0.1.7-alt1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/alterator/backend3/mass-management: $ grep /tmp/ /usr/lib/alterator/backend3/mass-management mkdir "$TASKS_DIR/task-$number" cat >"$TASKS_DIR/task-$number.yml" <> /tmp/mode.log echo "$(set|grep -a "in_")" >> /tmp/mode.log case "$in_action" in type) write_type_item hostlist hostname-list #write_type_item add_host hostname ;;; fail alterator-net-domain-0.7.3-alt4.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/alterator/backend3/net-domain: $ grep /tmp/ /usr/lib/alterator/backend3/net-domain ## https://www.altlinux.org/ActiveDirectory/DC ad_provision_domain() { local domain_name="$1" shift local log="/tmp/samba-dc-provision-$(date +%d.%m.%Y-%H:%M:%S)-$domain_name.log" # Begin log date > "$log" echo "Domain: $domain_name" >> "$log" echo >> "$log" if [ "$in_domain_type" = 'ad' ]; then if ipa_install_running; then ipa_install_stop fi env > /tmp/net-domain.txt ad_current_domain="$($samba_tool domain info '127.0.0.1' | sed 's/ *: /:/' | sed -n 's/^Domain://p')" # Check creation of existing domain if [ "$ad_current_domain" != "$in_domain" ]; then write_domain "$in_domain" "1"; fail bacula15-director-common-15.0.3-alt1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/doc/bacula15-director-common-15.0.3/updatedb/update_mysql_tables_11_to_12: $ grep /tmp/ /usr/share/doc/bacula15-director-common-15.0.3/updatedb/update_mysql_tables_11_to_12 echo " " bindir=/usr/bin PATH="$bindir:$PATH" db_name=${db_name:-bacula} mysql $* ${db_name} "select VersionId from Version\G" >/tmp/$$ DBVERSION=`sed 's/^VersionId: $.*$$/\1/p' /tmp/$$` if [ $DBVERSION != 11 ] ; then echo " " echo "The existing database is version $DBVERSION !!" echo "This script can only update an existing version 11 database to version 12." echo "Error. Cannot upgrade this database."; fail bacula15-director-mysql-15.0.3-alt1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/bacula/scripts/update_mysql_tables: $ grep /tmp/ /usr/share/bacula/scripts/update_mysql_tables ARGS=$* getVersion() { mysql $ARGS ${db_name} "select VersionId from Version LIMIT 1\G" >/tmp/$$ DBVERSION=`sed 's/^VersionId: $.*$$/\1/p' /tmp/$$` } getVersion if [ "x$DBVERSION" = x ]; then; fail dracut-107-alt1.x86_64 0755 fail dracut-live-107-alt1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/dracut/modules.d/90livenet/parse-livenet.sh: $ grep /tmp/ /usr/lib/dracut/modules.d/90livenet/parse-livenet.sh # live updates updates=$(getarg live.updates=) if [ "$updates" ]; then # make sure network comes up even if we're doing a local live device if [ "$netroot" ]; then echo > /tmp/net.ifaces fi echo "$updates" > /tmp/liveupdates.info echo '[ /tmp/liveupdates.done ]' > "$hookdir"/initqueue/finished/liveupdates.sh fi str_starts "$root" "live:" && liveurl="$root" str_starts "$liveurl" "live:" || return liveurl="${liveurl#live:}" Found error in /usr/lib/dracut/modules.d/90livenet/livenetroot.sh: $ grep /tmp/ /usr/lib/dracut/modules.d/90livenet/livenetroot.sh PATH=/usr/sbin:/usr/bin:/sbin:/bin RETRIES=${RETRIES:-100} SLEEP=${SLEEP:-5} [ /tmp/livenet.downloaded ] && exit 0 # args get passed from 40network/netroot netroot="$2" liveurl="${netroot#livenet:}" info "fetching $liveurl" sleep "$SLEEP" fi i=$((i + 1)) done > /tmp/livenet.downloaded # TODO: couldn't dmsquash-live-root handle this? if [ "${imgfile##*.}" = "iso" ]; then root=$(losetup -f) losetup "$root" "$imgfile" Found error in /usr/lib/dracut/modules.d/90dmsquash-live-autooverlay/create-overlay.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/90dmsquash-live-autooverlay/create-overlay.sh #!/bin/sh command -v getarg > /dev/null || . /lib/dracut-lib.sh if getargbool 0 rd.live.debug; then exec > /tmp/create-overlay.$$.out exec 2>> /tmp/create-overlay.$$.out set -x fi gatherData() { overlay=$(getarg rd.live.overlay) Found error in /usr/lib/dracut/modules.d/90dmsquash-live/iso-scan.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/90dmsquash-live/iso-scan.sh do_iso_scan() { local _name local dev for dev in /dev/disk/by-uuid/*; do _name=$(dev_unit_name "$dev") [ -e /tmp/isoscan-"${_name}" ] && continue : > /tmp/isoscan-"${_name}" mount -t auto -o ro "$dev" "/run/initramfs/isoscan" || continue if [ -f "/run/initramfs/isoscan/$isofile" ]; then losetup -f "/run/initramfs/isoscan/$isofile" udevadm trigger --action=add > /dev/null 2>&1 ln -s "$dev" /run/initramfs/isoscandev Found error in /usr/lib/dracut/modules.d/90dmsquash-live/dmsquash-live-root.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/90dmsquash-live/dmsquash-live-root.sh command -v unpack_archive > /dev/null || . /lib/img-lib.sh PATH=/usr/sbin:/usr/bin:/sbin:/bin if getargbool 0 rd.live.debug; then exec > /tmp/liveroot.$$.out exec 2>> /tmp/liveroot.$$.out set -x fi [ -z "$1" ] && exit 1 livedev="$1"; fail dracut-network-manager-107-alt1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/dracut/modules.d/35network-manager/nm-run.sh: $ grep /tmp/ /usr/lib/dracut/modules.d/35network-manager/nm-run.sh for _i in /sys/class/net/*; do [ "$_i" ] || continue state="/run/NetworkManager/devices/$(cat "$_i"/ifindex)" grep '^connection-uuid=' "$state" 2> /dev/null || continue ifname="${_i##*/}" dhcpopts_create "$state" > /tmp/dhclient."$ifname".dhcpopts source_hook initqueue/online "$ifname" /sbin/netroot "$ifname" done : > /tmp/nm.done; fail emacspeak-58.0-alt1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/emacs/site-lisp/emacspeak/servers/log-espeak: $ grep /tmp/ /usr/share/emacs/site-lisp/emacspeak/servers/log-espeak #!/bin/sh LOG=/tmp/espeak-$$.log tee $LOG | `dirname $0`/espeak 2>&1 | tee /tmp/espeak-out-$$.log; fail event-driven-servers-1.0-alt7.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /etc/mavis/sample/tac_plus-ng.cfg: $ grep /tmp/ /etc/mavis/sample/tac_plus-ng.cfg id = tac_plus-ng { #debug = PACKET AUTHEN AUTHOR log mysyslog log accesslog { destination = /tmp/access.log } log authorlog { destination = /tmp/author.log } log authorlog2 { destination = ">/tmp/author2.log" } access log = mysyslog access log = accesslog authorization log = authorlog accounting log = mysyslog } } } # mavis module = tacinfo_cache { # directory = /tmp/tacinfo0 # } mavis module = groups { resolve gids = yes resolve gids attribute = TACMEMBER; fail foo2zjs-20200207-alt1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/foo2hbpl2-wrapper: $ grep /tmp/ /usr/bin/foo2hbpl2-wrapper #%%BeginFeature: *CustomPageSize True #792.000000 612.000000 1 0.000000 0.000000 #pop pop pop pop pop if [ $DEBUG = 0 ]; then TMPFILE=/tmp/cus$$ else TMPFILE=/tmp/custom.ps fi cat >$TMPFILE exec <$TMPFILE tmp=`head 10000 $TMPFILE \ case $NUP in [234689]|1[024568]) PREFILTER="nup";; *) PREFILTER=cat;; esac if [ "$DEBUG" -ge 9 ]; then PREFILTER="tee /tmp/$BASENAME.ps" fi # # Overload -G. If the file name ends with ".icm" or ".ICM" # then convert the ICC color profile to a Postscript CRD, -- GAMMAFILE= fi } if [ $DEBUG -gt 0 ]; then ICCTMP=/tmp/icc else ICCTMP=/tmp/icc$$ fi if [ "" = "$COLOR" ]; then COLORMODE= GAMMAFILE= -- # CRD GAMMAFILE="" GAMMAFILE="$GAMMAFILE $CRDBASE/${model}cms" GAMMAFILE="$GAMMAFILE $CRDBASE/$SCREEN" # Black text... TMPFILE2=/tmp/black$$ cat $CRDBASE/black-text.ps - >$TMPFILE2 exec <$TMPFILE2 ;; *.crd) GAMMAFILE="$CRDBASE/prolog.ps" Found error in /usr/bin/foo2ddst-wrapper: $ grep -A5 -B5 /tmp/ /usr/bin/foo2ddst-wrapper #%%BeginFeature: *CustomPageSize True #792.000000 612.000000 1 0.000000 0.000000 #pop pop pop pop pop if [ $DEBUG = 0 ]; then TMPFILE=/tmp/cus$$ else TMPFILE=/tmp/custom.ps fi cat >$TMPFILE exec <$TMPFILE tmp=`head -n 10000 $TMPFILE \ -- case $NUP in [234689]|1[024568]) PREFILTER="nup";; *) PREFILTER=cat;; esac if [ "$DEBUG" -ge 9 ]; then PREFILTER="tee /tmp/$BASENAME.ps" fi # # Overload -G. If the file name ends with ".icm" or ".ICM" # then convert the ICC color profile to a Postscript CRD, -- GAMMAFILE= fi } if [ $DEBUG -gt 0 ]; then ICCTMP=/tmp/icc else ICCTMP=/tmp/icc$$ fi if [ "" = "$COLOR" ]; then COLORMODE= GAMMAFILE=; fail gem-aliyun-sdk-0.8.0-alt1.1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/ruby/gemie/gems/aliyun-sdk-0.8.0/examples/aliyun/oss/object.rb: $ grep /tmp/ /usr/lib/ruby/gemie/gems/aliyun-sdk-0.8.0/examples/aliyun/oss/object.rb end # 上传一个文件 # 断点续传请参考：examples/resumable_upload.rb demo "Put object from local file" do File.open('/tmp/x', 'w'){ |f| f.write("hello world\n") } bucket.put_object('files/world', :file => '/tmp/x') puts "Put object: files/world" end # 创建一个Appendable object demo "Create appendable object" do puts "Total size: #{total_size}" end # 下载一个object：下载到文件中 demo "Get object to local file" do bucket.get_object('files/hello', :file => '/tmp/hello') puts "Get object: files/hello => /tmp/hello" end # 删除一个object demo "Delete object" do bucket.delete_object('files/world') -- :metas => {'year' => '2015', 'people' => 'mary'} ) do |content| content << 'hello world.' end o = bucket.get_object('files/hello', :file => '/tmp/x') puts "Object metas: #{o.metas}" end # 修改Object metas demo "Update object metas" do Found error in /usr/lib/ruby/gemie/gems/aliyun-sdk-0.8.0/examples/aliyun/oss/resumable_download.rb: $ grep -A5 -B5 /tmp/ /usr/lib/ruby/gemie/gems/aliyun-sdk-0.8.0/examples/aliyun/oss/resumable_download.rb puts end demo "Resumable download" do # 下载一个100M的文件 cpt_file = '/tmp/y.cpt' File.delete(cpt_file) if File.exist?(cpt_file) start = Time.now puts "Start download: resumable => /tmp/y" bucket.resumable_download( 'resumable', '/tmp/y', :cpt_file => cpt_file) do |progress| puts "Progress: #{(progress usr 100).round(2)} %" end puts "Download complete. Cost: #{Time.now - start} seconds." # 测试方法：; fail gem-foreman-hooks-0.3.17-alt1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/ruby/gemie/gems/foreman_hooks-0.3.17/examples/bash/log.sh: $ grep /tmp/ /usr/lib/ruby/gemie/gems/foreman_hooks-0.3.17/examples/bash/log.sh # Example of using hook_data to query the JSON representation of the object # passed by foreman_hooks. `cat $HOOK_OBJECT_FILE` to see the contents. hostname=$(hook_data host.name) echo "$(date): received ${event} on ${object}" >> /tmp/hook.log # exit code is important on orchestration tasks exit 0; fail gem-ruby-libvirt-0.8.3-alt1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/ruby/gemie/gems/ruby-libvirt-0.8.3/tests/test_storage.rb: $ grep /tmp/ /usr/lib/ruby/gemie/gems/ruby-libvirt-0.8.3/tests/test_storage.rb test.img 0 1 /tmp/rb-libvirt-test/test.img EOF new_storage_vol_xml_2 = < test2.img 0 5 /tmp/rb-libvirt-test/test2.img EOF # TESTGROUP: vol.pool expect_invalid_arg_type(newpool, "delete", 'foo') expect_success(newpool, "no args", "delete") if !test_default_uri? `mkdir -p /tmp/rb-libvirt-test` end newpool.undefine if !test_default_uri? Found error in /usr/lib/ruby/gemie/gems/ruby-libvirt-0.8.3/examples/storage.rb: $ grep -A5 -B5 /tmp/ /usr/lib/ruby/gemie/gems/ruby-libvirt-0.8.3/examples/storage.rb # etc. See https://libvirt.org/formatstorage.html for more details require 'libvirt' # a directory storage pool. This will be a pool with the name # 'ruby-libvirt-tester' with the pool itself in /tmp/ruby-libvirt-tester storage_pool_xml = < ruby-libvirt-tester 33a5c045-645a-2c00-e56b-927cdf34e17a /tmp/ruby-libvirt-tester EOF # a storage volume. This will have name test.img, with capacity of 1GB -- test.img 0 1 /tmp/ruby-libvirt-tester/test.img EOF # open up the connection to libvirt; fail gnormalize-0.63-alt1.qa1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/gnormalize: $ grep /tmp/ /usr/bin/gnormalize if ($show_cdplayer_skin and defined $window_cd_player){ # with skin_xTunes $widget->set_size_request (225, 90); # set a minimum size: (width,height) ; skin_xTunes #(pixmap, mask) = Gtk2::Gdk::Pixmap->create_from_xpm ($drawable, $transparent_color, $filename) #($pixmap, $pixmap_mask) = Gtk2::Gdk::Pixmap->create_from_xpm ($widget->window, undef, '/tmp/skin_xTunes.xpm'); ($pixmap, $pixmap_mask) = Gtk2::Gdk::Pixmap->create_from_xpm_d($widget->window, undef, @skin_xTunes); #my $pixmap_widget = Gtk2::Image->new_from_pixmap ($gdkpixmap, $mask); $window_cd_player->shape_combine_mask( $pixmap_mask, 0, 0 ) if not $window_cd_player->get_decorated; ###----------- add files to treeview --------------### sub sort_full_path_names{ my @array = @_; # For example: # $array[0] = '/tmp/teste/teste4/mus.mp3' # $array[1] = '/tmp/teste/teste2/teste4/mus.mp3' # $array[2] = '/tmp/mus.mp3' # First, sort this array in ascending order by number of '/' character. # Then, sort in case-insensitively mode. # sort case-insensitively : @articles = sort {uc($a) cmp uc($b)} @files; (see man perlfunc) # multiple comparisons in the routine and separate them with ||. # See Perl Cookbook, 2nd Edition. Chap. 4.16; 10.18 for help; #my $teste = '/tmp/teste/teste2/teste4/mus.mp3'; $teste =~ s/[^\/]//g; print "teste = $teste\n"; # output: teste = ///// # first compare the number of directory character '/'. sub compare_dir { (my $temp1 = $a) =~ s/[^\/]//g; # remove all character but '/' (my $temp2 = $b) =~ s/[^\/]//g; -- #This file 100% done All files 99% done # WaveGain Processing completed normally # No Title Gain adjustment or DC Offset correction required for file: # Error renaming '/tmp/wavegain.tmp' to '04.wav' (uh-oh) # Error processing GAIN for file - 04.wav #print "--> $_\n"; if ( $_ =~ /^\s+Applying Gain of ([-+]\d+[.,]\d+) dB to file:/ ){ $adjust = $1; } -- # leave room for WAV header (44 bytes) #seek WAV, 44, 0; #print "cdrom_rip = $cdrom_rip; value = $$addr[0]; addr = $addr; startframe = $startframe\n"; open WAV, ">/tmp/track${track}.wav" or die $!; binmode WAV; #print WAV $cdrom_rip; for (my $i=0;$i<2352;$i++){ print WAV $buf[$i]; } #syswrite(WAV, $buffer, 2352 );; fail imapsync-2.229-alt1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/imapsync: $ grep /tmp/ /usr/bin/imapsync How do you know the sync is finished and well done? When imapsync ends by itself it mentions it with lines like those: Exiting with return value 0 (EX_OK: successful termination) 0/50 nb_errors/max_errors PID 301 Removing pidfile /tmp/imapsync.pid Log file is LOG_imapsync/2020_11_17_15_59_22_761_test1_test2.txt ( to change it, use filepath ; or use to turn off logging ) If you don't have those lines it means that either the sync process is still running (or eventually hanging indefinitely) or that it ended without a whisper, a strong kill on Linux for example. Readonly my $TRUE => 1 ; Readonly my $FALSE => 0 ; Readonly my $LAST_RESSORT_SEPARATOR => q{/} ; Readonly my $CGI_TMPDIR_TOP => '/var/tmp/imapsync_cgi' ; Readonly my $CGI_HASHFILE => '/var/tmp/imapsync_hash' ; Readonly my $UMASK_PARANO => '0077' ; Readonly my $STR_use_releasecheck => q{Check if a new imapsync release is available by adding --releasecheck} ; Readonly my $GMAIL_MAXSIZE => 35_651_584 ; -- output( $mysync, "No log by default in Docker context. Use --log to trigger logging to the logfile.\n" ) ; $mysync->{ log } = 0 ; } # In case something is written relatively to . my $tmp_dir = "/var/tmp/uid_$EFFECTIVE_USER_ID" ; mkpath( $tmp_dir ) ; # silly? No. it is for imapsync --version being ok. do_valid_directory( $tmp_dir ) ; output( $mysync, "Changing current directory to $tmp_dir\n" ) ; chdir $tmp_dir ; -- is( undef, loglogfile( $mysync ), 'loglogfile: undef => undef' ) ; $mysync->{ loglogfile } = 1 ; $mysync->{ log } = 1 ; is( undef, loglogfile( $mysync ), 'loglogfile: no logfile => undef' ) ; $mysync->{ logfile } = "logfile.txt" ; $mysync->{ loglogfilename } = "W/tmp/tests/list_all_logs_auto.txt" ; like( loglogfile( $mysync ), qr{logfile.txt}xms, 'loglogfile: logfile=logfile.txt => ' ) ; note( 'Leaving tests_loglogfile()' ) ; return ; } -- SKIP: { if ( 'MSWin32' eq $OSNAME or '0' eq $EFFECTIVE_USER_ID ) { skip( 'Tests only for non-root Unix', 1 ) ; } $mysync->{ hashfile } = '/rrr' ; is( undef, hashsynclocal( $mysync ), 'hashsynclocal: permission denied' ) ; } ok( (-d 'W/tmp/tests/' or mkpath( 'W/tmp/tests/' ) ), 'hashsynclocal: mkpath W/tmp/tests/' ) ; $mysync->{ hashfile } = 'W/tmp/tests/imapsync_hash' ; ok( ! -e 'W/tmp/tests/imapsync_hash' || unlink 'W/tmp/tests/imapsync_hash', 'hashsynclocal: unlink W/tmp/tests/imapsync_hash' ) ; ok( ! -e 'W/tmp/tests/imapsync_hash', 'hashsynclocal: verify there is no W/tmp/tests/imapsync_hash' ) ; is( 'ecdeb4ede672794d173da4e08c52b8ee19b7d252', hashsynclocal( $mysync, 'mukksyhpmbixkxkpjlqivmlqsulpictj' ), 'hashsynclocal: creating/reading W/tmp/tests/imapsync_hash' ) ; # A second time now is( 'ecdeb4ede672794d173da4e08c52b8ee19b7d252', hashsynclocal( $mysync ), 'hashsynclocal: reading W/tmp/tests/imapsync_hash second time => same' ) ; note( 'Leaving tests_hashsynclocal()' ) ; return ; } -- sub tests_do_valid_directory { note( 'Entering tests_do_valid_directory()' ) ; is( 1, do_valid_directory( '.'), 'do_valid_directory: . good' ) ; is( 1, do_valid_directory( './W/tmp/tests/valid/sub'), 'do_valid_directory: ./W/tmp/tests/valid/sub good' ) ; Readonly my $NB_UNIX_tests_do_valid_directory_non_root => 2 ; diag( "OSNAME=$OSNAME EFFECTIVE_USER_ID=$EFFECTIVE_USER_ID" ) ; SKIP: { -- sub tests_remove_pidfile_not_running { note( 'Entering tests_remove_pidfile_not_running()' ) ; ok( (-d 'W/tmp/tests/' or mkpath( 'W/tmp/tests/' ) ), 'remove_pidfile_not_running: mkpath W/tmp/tests/' ) ; is( undef, remove_pidfile_not_running( ), 'remove_pidfile_not_running: no args => undef' ) ; is( undef, remove_pidfile_not_running( './W' ), 'remove_pidfile_not_running: a dir => undef' ) ; is( undef, remove_pidfile_not_running( 'noexists' ), 'remove_pidfile_not_running: noexists => undef' ) ; is( 1, touch( 'W/tmp/tests/empty.pid' ), 'remove_pidfile_not_running: prepa empty W/tmp/tests/empty.pid' ) ; is( undef, remove_pidfile_not_running( 'W/tmp/tests/empty.pid' ), 'remove_pidfile_not_running: W/tmp/tests/empty.pid => undef' ) ; is( 'lalala', string_to_file( 'lalala', 'W/tmp/tests/lalala.pid' ), 'remove_pidfile_not_running: prepa W/tmp/tests/lalala.pid' ) ; is( undef, remove_pidfile_not_running( 'W/tmp/tests/lalala.pid' ), 'remove_pidfile_not_running: W/tmp/tests/lalala.pid => undef' ) ; is( '55555', string_to_file( '55555', 'W/tmp/tests/notrunning.pid' ), 'remove_pidfile_not_running: prepa W/tmp/tests/notrunning.pid' ) ; is( 1, remove_pidfile_not_running( 'W/tmp/tests/notrunning.pid' ), 'remove_pidfile_not_running: W/tmp/tests/notrunning.pid => 1' ) ; is( $PROCESS_ID, string_to_file( $PROCESS_ID, 'W/tmp/tests/running.pid' ), 'remove_pidfile_not_running: prepa W/tmp/tests/running.pid' ) ; is( undef, remove_pidfile_not_running( 'W/tmp/tests/running.pid' ), 'remove_pidfile_not_running: W/tmp/tests/running.pid => undef' ) ; note( 'Leaving tests_remove_pidfile_not_running()' ) ; return ; } -- sub tests_tail { note( 'Entering tests_tail()' ) ; ok( (-d 'W/tmp/tests/' or mkpath( 'W/tmp/tests/' ) ), 'tail: mkpath W/tmp/tests/' ) ; ok( ( ! -e 'W/tmp/tests/tail.pid' || unlink 'W/tmp/tests/tail.pid' ), 'tail: unlink W/tmp/tests/tail.pid' ) ; ok( ( ! -e 'W/tmp/tests/tail.txt' || unlink 'W/tmp/tests/tail.txt' ), 'tail: unlink W/tmp/tests/tail.txt' ) ; is( undef, tail( ), 'tail: no args => undef' ) ; my $mysync ; is( undef, tail( $mysync ), 'tail: no pidfile => undef' ) ; $mysync->{pidfile} = 'W/tmp/tests/tail.pid' ; is( undef, tail( $mysync ), 'tail: no pidfilelocking => undef' ) ; $mysync->{pidfilelocking} = 1 ; is( undef, tail( $mysync ), 'tail: pidfile no exists => undef' ) ; my $pidandlog = "33333\nW/tmp/tests/tail.txt\n" ; is( $pidandlog, string_to_file( $pidandlog, $mysync->{pidfile} ), 'tail: put pid 33333 and tail.txt in pidfile' ) ; is( undef, tail( $mysync ), 'tail: logfile to tail no exists => undef' ) ; my $tailcontent = "L1\nL2\nL3\nL4\nL5\n" ; is( $tailcontent, string_to_file( $tailcontent, 'W/tmp/tests/tail.txt' ), 'tail: put L1\nL2\nL3\nL4\nL5\n in W/tmp/tests/tail.txt' ) ; is( undef, tail( $mysync ), 'tail: fake pid in pidfile + tail off => 1' ) ; $mysync->{ tail } = 1 ; is( 1, tail( $mysync ), 'tail: fake pid in pidfile + tail on=> 1' ) ; # put my own pid, won't do tail $pidandlog = "$PROCESS_ID\nW/tmp/tests/tail.txt\n" ; is( $pidandlog, string_to_file( $pidandlog, $mysync->{pidfile} ), 'tail: put my own PID in pidfile' ) ; is( undef, tail( $mysync ), 'tail: my own pid in pidfile => undef' ) ; note( 'Leaving tests_tail()' ) ; return ; -- is( undef, write_pidfile( $mysync ), 'write_pidfile: no permission for /no/no/no.pid, no lock => undef' ) ; $mysync->{pidfilelocking} = 1 ; is( undef, write_pidfile( $mysync ), 'write_pidfile: no permission for /no/no/no.pid + lock => undef' ) ; $mysync->{pidfile} = 'W/tmp/tests/test.pid' ; ok( (-d 'W/tmp/tests/' or mkpath( 'W/tmp/tests/' ) ), 'write_pidfile: mkpath W/tmp/tests/' ) ; is( 1, touch( $mysync->{pidfile} ), 'write_pidfile: lock prepa' ) ; $mysync->{pidfilelocking} = 0 ; is( 1, write_pidfile( $mysync ), 'write_pidfile: W/tmp/tests/test.pid + no lock => 1' ) ; is( $PROCESS_ID, firstline( 'W/tmp/tests/test.pid' ), "write_pidfile: W/tmp/tests/test.pid contains $PROCESS_ID" ) ; is( q{}, secondline( 'W/tmp/tests/test.pid' ), "write_pidfile: W/tmp/tests/test.pid contains no second line" ) ; $mysync->{pidfilelocking} = 1 ; is( undef, write_pidfile( $mysync ), 'write_pidfile: W/tmp/tests/test.pid + lock => undef' ) ; $mysync->{pidfilelocking} = 0 ; $mysync->{ logfile } = 'rrrr.txt' ; is( 1, write_pidfile( $mysync ), 'write_pidfile: W/tmp/tests/test.pid + no lock + logfile => 1' ) ; is( $PROCESS_ID, firstline( 'W/tmp/tests/test.pid' ), "write_pidfile: + no lock + logfile W/tmp/tests/test.pid contains $PROCESS_ID" ) ; is( q{rrrr.txt}, secondline( 'W/tmp/tests/test.pid' ), "write_pidfile: + no lock + logfile W/tmp/tests/test.pid contains rrrr.txt" ) ; note( 'Leaving tests_write_pidfile()' ) ; return ; } -- sub tests_get_cache { note( 'Entering tests_get_cache()' ) ; ok( not( get_cache('/cache_no_exist') ), 'get_cache: /cache_no_exist' ); ok( ( not -d 'W/tmp/cache/F1/F2' or rmtree( 'W/tmp/cache/F1/F2' ) ), 'get_cache: rmtree W/tmp/cache/F1/F2' ) ; ok( mkpath( 'W/tmp/cache/F1/F2' ), 'get_cache: mkpath W/tmp/cache/F1/F2' ) ; my @test_files_cache = ( qw( W/tmp/cache/F1/F2/100_200 W/tmp/cache/F1/F2/101_201 W/tmp/cache/F1/F2/120_220 W/tmp/cache/F1/F2/142_242 W/tmp/cache/F1/F2/143_243 W/tmp/cache/F1/F2/177_277 W/tmp/cache/F1/F2/177_377 W/tmp/cache/F1/F2/177_777 W/tmp/cache/F1/F2/155_255 ) ) ; ok( touch( @test_files_cache ), 'get_cache: touch W/tmp/cache/F1/F2/...' ) ; # on cache: 100_200 101_201 142_242 143_243 177_277 177_377 177_777 155_255 # on live: my $msgs_1 = [120, 142, 143, 144, 177 ]; -- my $msgs_all_1 = { 120 => 0, 142 => 0, 143 => 0, 144 => 0, 177 => 0 } ; my $msgs_all_2 = { 242 => 0, 243 => 0, 299 => 0, 377 => 0, 777 => 0, 255 => 0 } ; my( $c12, $c21 ) ; ok( ( $c12, $c21 ) = get_cache( 'W/tmp/cache/F1/F2', $msgs_1, $msgs_2, $msgs_all_1, $msgs_all_2 ), 'get_cache: 02' ); my $a1 = [ sort { $a <=> $b } keys %{ $c12 } ] ; my $a2 = [ sort { $a <=> $b } keys %{ $c21 } ] ; ok( 0 == compare_lists( [ 142, 143, 177 ], $a1 ), 'get_cache: 03' ); ok( 0 == compare_lists( [ 242, 243, 777 ], $a2 ), 'get_cache: 04' ); ok( -f 'W/tmp/cache/F1/F2/142_242', 'get_cache: file kept 142_242'); ok( -f 'W/tmp/cache/F1/F2/142_242', 'get_cache: file kept 143_243'); ok( ! -f 'W/tmp/cache/F1/F2/100_200', 'get_cache: file removed 100_200'); ok( ! -f 'W/tmp/cache/F1/F2/101_201', 'get_cache: file removed 101_201'); # test clean_cache executed $maxage = 2 ; ok( touch(@test_files_cache), 'get_cache: touch W/tmp/cache/F1/F2/...' ) ; ok( ( $c12, $c21 ) = get_cache('W/tmp/cache/F1/F2', $msgs_1, $msgs_2, $msgs_all_1, $msgs_all_2 ), 'get_cache: 02' ); ok( -f 'W/tmp/cache/F1/F2/142_242', 'get_cache: file kept 142_242'); ok( -f 'W/tmp/cache/F1/F2/142_242', 'get_cache: file kept 143_243'); ok( ! -f 'W/tmp/cache/F1/F2/100_200', 'get_cache: file NOT removed 100_200'); ok( ! -f 'W/tmp/cache/F1/F2/101_201', 'get_cache: file NOT removed 101_201'); # strange files #$debugcache = 1 ; $maxage = undef ; ok( ( not -d 'W/tmp/cache/rr\uee' or rmtree( 'W/tmp/cache/rr\uee' )), 'get_cache: rmtree W/tmp/cache/rr\uee' ) ; ok( mkpath( 'W/tmp/cache/rr\uee' ), 'get_cache: mkpath W/tmp/cache/rr\uee' ) ; @test_files_cache = ( qw( W/tmp/cache/rr\uee/100_200 W/tmp/cache/rr\uee/101_201 W/tmp/cache/rr\uee/120_220 W/tmp/cache/rr\uee/142_242 W/tmp/cache/rr\uee/143_243 W/tmp/cache/rr\uee/177_277 W/tmp/cache/rr\uee/177_377 W/tmp/cache/rr\uee/177_777 W/tmp/cache/rr\uee/155_255 ) ) ; ok( touch(@test_files_cache), 'get_cache: touch strange W/tmp/cache/...' ) ; # on cache: 100_200 101_201 142_242 143_243 177_277 177_377 177_777 155_255 # on live: $msgs_1 = [120, 142, 143, 144, 177 ] ; $msgs_2 = [ 242, 243, 299, 377, 777, 255 ] ; $msgs_all_1 = { 120 => q{}, 142 => q{}, 143 => q{}, 144 => q{}, 177 => q{} } ; $msgs_all_2 = { 242 => q{}, 243 => q{}, 299 => q{}, 377 => q{}, 777 => q{}, 255 => q{} } ; ok( ( $c12, $c21 ) = get_cache('W/tmp/cache/rr\uee', $msgs_1, $msgs_2, $msgs_all_1, $msgs_all_2), 'get_cache: strange path 02' ); $a1 = [ sort { $a <=> $b } keys %{ $c12 } ] ; $a2 = [ sort { $a <=> $b } keys %{ $c21 } ] ; ok( 0 == compare_lists( [ 142, 143, 177 ], $a1 ), 'get_cache: strange path 03' ); ok( 0 == compare_lists( [ 242, 243, 777 ], $a2 ), 'get_cache: strange path 04' ); ok( -f 'W/tmp/cache/rr\uee/142_242', 'get_cache: strange path file kept 142_242'); ok( -f 'W/tmp/cache/rr\uee/142_242', 'get_cache: strange path file kept 143_243'); ok( ! -f 'W/tmp/cache/rr\uee/100_200', 'get_cache: strange path file removed 100_200'); ok( ! -f 'W/tmp/cache/rr\uee/101_201', 'get_cache: strange path file removed 101_201'); note( 'Leaving tests_get_cache()' ) ; return ; } -- ok( ( $tuid1, $tuid2 ) = match_a_cache_file( '123_456' ), 'match_a_cache_file: 123_456' ) ; ok( '123' eq $tuid1, 'match_a_cache_file: 123_456 1' ) ; ok( '456' eq $tuid2, 'match_a_cache_file: 123_456 2' ) ; ok( ( $tuid1, $tuid2 ) = match_a_cache_file( '/tmp/truc/123_456' ), 'match_a_cache_file: /tmp/truc/123_456' ) ; ok( '123' eq $tuid1, 'match_a_cache_file: /tmp/truc/123_456 1' ) ; ok( '456' eq $tuid2, 'match_a_cache_file: /tmp/truc/123_456 2' ) ; ok( ( $tuid1, $tuid2 ) = match_a_cache_file( '/lala123_456' ), 'match_a_cache_file: NO /lala123_456' ) ; ok( ! $tuid1, 'match_a_cache_file: /lala123_456 1' ) ; ok( ! $tuid2, 'match_a_cache_file: /lala123_456 2' ) ; -- sub tests_clean_cache { note( 'Entering tests_clean_cache()' ) ; ok( ( not -d 'W/tmp/cache/G1/G2' or rmtree( 'W/tmp/cache/G1/G2' )), 'clean_cache: rmtree W/tmp/cache/G1/G2' ) ; ok( mkpath( 'W/tmp/cache/G1/G2' ), 'clean_cache: mkpath W/tmp/cache/G1/G2' ) ; my @test_files_cache = ( qw( W/tmp/cache/G1/G2/100_200 W/tmp/cache/G1/G2/101_201 W/tmp/cache/G1/G2/120_220 W/tmp/cache/G1/G2/142_242 W/tmp/cache/G1/G2/143_243 W/tmp/cache/G1/G2/177_277 W/tmp/cache/G1/G2/177_377 W/tmp/cache/G1/G2/177_777 W/tmp/cache/G1/G2/155_255 ) ) ; ok( touch(@test_files_cache), 'clean_cache: touch W/tmp/cache/G1/G2/...' ) ; ok( -f 'W/tmp/cache/G1/G2/100_200', 'clean_cache: 100_200 before' ); ok( -f 'W/tmp/cache/G1/G2/142_242', 'clean_cache: 142_242 before' ); ok( -f 'W/tmp/cache/G1/G2/177_277', 'clean_cache: 177_277 before' ); ok( -f 'W/tmp/cache/G1/G2/177_377', 'clean_cache: 177_377 before' ); ok( -f 'W/tmp/cache/G1/G2/177_777', 'clean_cache: 177_777 before' ); ok( -f 'W/tmp/cache/G1/G2/155_255', 'clean_cache: 155_255 before' ); my $cache = { 142 => 242, 177 => 777, } ; -- 242 => q{}, 777 => q{}, } ; ok( clean_cache( \@test_files_cache, $cache, $all_1, $all_2 ), 'clean_cache: ' ) ; ok( ! -f 'W/tmp/cache/G1/G2/100_200', 'clean_cache: 100_200 after' ); ok( -f 'W/tmp/cache/G1/G2/142_242', 'clean_cache: 142_242 after' ); ok( ! -f 'W/tmp/cache/G1/G2/177_277', 'clean_cache: 177_277 after' ); ok( ! -f 'W/tmp/cache/G1/G2/177_377', 'clean_cache: 177_377 after' ); ok( -f 'W/tmp/cache/G1/G2/177_777', 'clean_cache: 177_777 after' ); ok( ! -f 'W/tmp/cache/G1/G2/155_255', 'clean_cache: 155_255 after' ); note( 'Leaving tests_clean_cache()' ) ; return ; } sub tests_clean_cache_2 { note( 'Entering tests_clean_cache_2()' ) ; ok( ( not -d 'W/tmp/cache/G1/G2' or rmtree( 'W/tmp/cache/G1/G2' )), 'clean_cache_2: rmtree W/tmp/cache/G1/G2' ) ; ok( mkpath( 'W/tmp/cache/G1/G2' ), 'clean_cache_2: mkpath W/tmp/cache/G1/G2' ) ; my @test_files_cache = ( qw( W/tmp/cache/G1/G2/100_200 W/tmp/cache/G1/G2/101_201 W/tmp/cache/G1/G2/120_220 W/tmp/cache/G1/G2/142_242 W/tmp/cache/G1/G2/143_243 W/tmp/cache/G1/G2/177_277 W/tmp/cache/G1/G2/177_377 W/tmp/cache/G1/G2/177_777 W/tmp/cache/G1/G2/155_255 ) ) ; ok( touch(@test_files_cache), 'clean_cache_2: touch W/tmp/cache/G1/G2/...' ) ; ok( -f 'W/tmp/cache/G1/G2/100_200', 'clean_cache_2: 100_200 before' ); ok( -f 'W/tmp/cache/G1/G2/142_242', 'clean_cache_2: 142_242 before' ); ok( -f 'W/tmp/cache/G1/G2/177_277', 'clean_cache_2: 177_277 before' ); ok( -f 'W/tmp/cache/G1/G2/177_377', 'clean_cache_2: 177_377 before' ); ok( -f 'W/tmp/cache/G1/G2/177_777', 'clean_cache_2: 177_777 before' ); ok( -f 'W/tmp/cache/G1/G2/155_255', 'clean_cache_2: 155_255 before' ); my $cache = { 142 => 242, 177 => 777, } ; -- ok( clean_cache( \@test_files_cache, $cache, $all_1, $all_2 ), 'clean_cache_2: ' ) ; ok( -f 'W/tmp/cache/G1/G2/100_200', 'clean_cache_2: 100_200 after' ); ok( -f 'W/tmp/cache/G1/G2/142_242', 'clean_cache_2: 142_242 after' ); ok( ! -f 'W/tmp/cache/G1/G2/177_277', 'clean_cache_2: 177_277 after' ); ok( ! -f 'W/tmp/cache/G1/G2/177_377', 'clean_cache_2: 177_377 after' ); ok( -f 'W/tmp/cache/G1/G2/177_777', 'clean_cache_2: 177_777 after' ); ok( ! -f 'W/tmp/cache/G1/G2/155_255', 'clean_cache_2: 155_255 after' ); note( 'Leaving tests_clean_cache_2()' ) ; return ; } -- sub tests_mkpath { note( 'Entering tests_mkpath()' ) ; ok( (-d 'W/tmp/tests/' or mkpath( 'W/tmp/tests/' )), 'mkpath: mkpath W/tmp/tests/' ) ; SKIP: { skip( 'Tests only for Unix', 10 ) if ( 'MSWin32' eq $OSNAME ) ; my $long_path_unix = '123456789/' x 30 ; ok( ( -d "W/tmp/tests/long/$long_path_unix" or mkpath( "W/tmp/tests/long/$long_path_unix" ) ), 'mkpath: mkpath 300 char' ) ; ok( -d "W/tmp/tests/long/$long_path_unix", 'mkpath: mkpath > 300 char verified' ) ; ok( ( -d "W/tmp/tests/long/$long_path_unix" and rmtree( 'W/tmp/tests/long/' ) ), 'mkpath: rmtree 300 char' ) ; ok( ! -d "W/tmp/tests/long/$long_path_unix", 'mkpath: rmtree 300 char verified' ) ; ok( ( -d 'W/tmp/tests/trailing_dots...' or mkpath( 'W/tmp/tests/trailing_dots...' ) ), 'mkpath: mkpath trailing_dots...' ) ; ok( -d 'W/tmp/tests/trailing_dots...', 'mkpath: mkpath trailing_dots... verified' ) ; ok( ( -d 'W/tmp/tests/trailing_dots...' and rmtree( 'W/tmp/tests/trailing_dots...' ) ), 'mkpath: rmtree trailing_dots...' ) ; ok( ! -d 'W/tmp/tests/trailing_dots...', 'mkpath: rmtree trailing_dots... verified' ) ; eval { ok( 1 / 0, 'mkpath: divide by 0' ) ; } or ok( 1, 'mkpath: can not divide by 0' ) ; ok( 1, 'mkpath: still alive' ) ; } ; -- eval { ok( ( -d $long_path_300 or mkpath( $long_path_300 ) ), 'mkpath: create a path with 300 characters' ) ; } or ok( 1, 'mkpath: can not create a path with 300 characters' ) ; ok( ( ( ! -d $long_path_300 ) or -d $long_path_300 and rmtree( $long_path_300 ) ), 'mkpath: rmtree the 300 character path' ) ; ok( 1, 'mkpath: still alive' ) ; ok( ( -d 'W/tmp/tests/trailing_dots...' or mkpath( 'W/tmp/tests/trailing_dots...' ) ), 'mkpath: mkpath trailing_dots...' ) ; ok( -d 'W/tmp/tests/trailing_dots...', 'mkpath: mkpath trailing_dots... verified' ) ; ok( ( -d 'W/tmp/tests/trailing_dots...' and rmtree( 'W/tmp/tests/trailing_dots...' ) ), 'mkpath: rmtree trailing_dots...' ) ; ok( ! -d 'W/tmp/tests/trailing_dots...', 'mkpath: rmtree trailing_dots... verified' ) ; } ; note( 'Leaving tests_mkpath()' ) ; -- sub tests_touch { note( 'Entering tests_touch()' ) ; ok( (-d 'W/tmp/tests/' or mkpath( 'W/tmp/tests/' )), 'touch: mkpath W/tmp/tests/' ) ; ok( 1 == touch( 'W/tmp/tests/lala'), 'touch: W/tmp/tests/lala') ; ok( 1 == touch( 'W/tmp/tests/\y'), 'touch: W/tmp/tests/\y') ; ok( 0 == touch( '/no/no/no/aaa'), 'touch: not /aaa') ; ok( 1 == touch( 'W/tmp/tests/lili', 'W/tmp/tests/lolo'), 'touch: 2 files') ; ok( 0 == touch( 'W/tmp/tests/\y', '/no/no/aaa'), 'touch: 2 files, 1 fails' ) ; note( 'Leaving tests_touch()' ) ; return ; } -- sub tests_firstline { note( 'Entering tests_firstline()' ) ; is( q{}, firstline( 'W/tmp/tests/noexist.txt' ), 'firstline: getting empty string from inexisting W/tmp/tests/noexist.txt' ) ; ok( (-d 'W/tmp/tests/' or mkpath( 'W/tmp/tests/' ) ), 'firstline: mkpath W/tmp/tests/' ) ; is( "blabla\n" , string_to_file( "blabla\n", 'W/tmp/tests/firstline.txt' ), 'firstline: put blabla in W/tmp/tests/firstline.txt' ) ; is( 'blabla' , firstline( 'W/tmp/tests/firstline.txt' ), 'firstline: get blabla from W/tmp/tests/firstline.txt' ) ; is( q{} , string_to_file( q{}, 'W/tmp/tests/firstline2.txt' ), 'firstline: put empty string in W/tmp/tests/firstline2.txt' ) ; is( q{} , firstline( 'W/tmp/tests/firstline2.txt' ), 'firstline: get empty string from W/tmp/tests/firstline2.txt' ) ; is( "\n" , string_to_file( "\n", 'W/tmp/tests/firstline3.txt' ), 'firstline: put CR in W/tmp/tests/firstline3.txt' ) ; is( q{} , firstline( 'W/tmp/tests/firstline3.txt' ), 'firstline: get empty string from W/tmp/tests/firstline3.txt' ) ; is( "blabla\nTiti\n" , string_to_file( "blabla\nTiti\n", 'W/tmp/tests/firstline4.txt' ), 'firstline: put blabla\nTiti\n in W/tmp/tests/firstline4.txt' ) ; is( 'blabla' , firstline( 'W/tmp/tests/firstline4.txt' ), 'firstline: get blabla from W/tmp/tests/firstline4.txt' ) ; note( 'Leaving tests_firstline()' ) ; return ; } -- sub tests_secondline { note( 'Entering tests_secondline()' ) ; is( q{}, secondline( 'W/tmp/tests/noexist.txt' ), 'secondline: getting empty string from inexisting W/tmp/tests/noexist.txt' ) ; is( q{}, secondline( 'W/tmp/tests/noexist.txt', 2 ), 'secondline: 2nd getting empty string from inexisting W/tmp/tests/noexist.txt' ) ; ok( (-d 'W/tmp/tests/' or mkpath( 'W/tmp/tests/' ) ), 'secondline: mkpath W/tmp/tests/' ) ; is( "L1\nL2\nL3\nL4\n" , string_to_file( "L1\nL2\nL3\nL4\n", 'W/tmp/tests/secondline.txt' ), 'secondline: put L1\nL2\nL3\nL4\n in W/tmp/tests/secondline.txt' ) ; is( 'L2' , secondline( 'W/tmp/tests/secondline.txt' ), 'secondline: get L2 from W/tmp/tests/secondline.txt' ) ; note( 'Leaving tests_secondline()' ) ; return ; } -- sub tests_nthline { note( 'Entering tests_nthline()' ) ; is( q{}, nthline( 'W/tmp/tests/noexist.txt' ), 'nthline: getting empty string from inexisting W/tmp/tests/noexist.txt' ) ; is( q{}, nthline( 'W/tmp/tests/noexist.txt', 2 ), 'nthline: 2nd getting empty string from inexisting W/tmp/tests/noexist.txt' ) ; ok( (-d 'W/tmp/tests/' or mkpath( 'W/tmp/tests/' ) ), 'nthline: mkpath W/tmp/tests/' ) ; is( "L1\nL2\nL3\nL4\n" , string_to_file( "L1\nL2\nL3\nL4\n", 'W/tmp/tests/nthline.txt' ), 'nthline: put L1\nL2\nL3\nL4\n in W/tmp/tests/nthline.txt' ) ; is( 'L3' , nthline( 'W/tmp/tests/nthline.txt', 3 ), 'nthline: get L3 from W/tmp/tests/nthline.txt' ) ; note( 'Leaving tests_nthline()' ) ; return ; } -- is( undef, file_to_array( ), 'file_to_array: no args => undef' ) ; is( undef, file_to_array( '/noexist' ), 'file_to_array: /noexist => undef' ) ; is( undef, file_to_array( '/' ), 'file_to_array: reading a directory => undef' ) ; ok( (-d 'W/tmp/tests/' or mkpath( 'W/tmp/tests/' ) ), 'file_to_array: mkpath W/tmp/tests/' ) ; is( "L1\nL2\nL3\nL4\n" , string_to_file( "L1\nL2\nL3\nL4\n", 'W/tmp/tests/file_to_array.txt' ), 'file_to_array: put L1\nL2\nL3\nL4\n in W/tmp/tests/file_to_array.txt' ) ; is_deeply( [ "L1\n", "L2\n", "L3\n", "L4\n" ] , [ file_to_array( 'W/tmp/tests/file_to_array.txt' ) ], 'file_to_array: get back L1\n L2\n L3\n L4\n from W/tmp/tests/file_to_array.txt' ) ; note( 'Leaving tests_file_to_array()' ) ; return ; } -- is( undef, file_to_string( ), 'file_to_string: no args => undef' ) ; is( undef, file_to_string( '/noexist' ), 'file_to_string: /noexist => undef' ) ; is( undef, file_to_string( '/' ), 'file_to_string: reading a directory => undef' ) ; ok( file_to_string( $PROGRAM_NAME ), 'file_to_string: reading myself' ) ; ok( (-d 'W/tmp/tests/' or mkpath( 'W/tmp/tests/' ) ), 'file_to_string: mkpath W/tmp/tests/' ) ; is( 'lilili', string_to_file( 'lilili', 'W/tmp/tests/canbewritten' ), 'file_to_string: string_to_file filling W/tmp/tests/canbewritten with lilili' ) ; is( 'lilili', file_to_string( 'W/tmp/tests/canbewritten' ), 'file_to_string: reading W/tmp/tests/canbewritten is lilili' ) ; is( q{}, string_to_file( q{}, 'W/tmp/tests/empty' ), 'file_to_string: string_to_file filling W/tmp/tests/empty with empty string' ) ; is( q{}, file_to_string( 'W/tmp/tests/empty' ), 'file_to_string: reading W/tmp/tests/empty is empty' ) ; note( 'Leaving tests_file_to_string()' ) ; return ; } -- note( 'Entering tests_string_to_file()' ) ; is( undef, string_to_file( ), 'string_to_file: no args => undef' ) ; is( undef, string_to_file( 'lalala' ), 'string_to_file: one arg => undef' ) ; is( undef, string_to_file( 'lalala', '.' ), 'string_to_file: writing a directory => undef' ) ; ok( (-d 'W/tmp/tests/' or mkpath( 'W/tmp/tests/' ) ), 'string_to_file: mkpath W/tmp/tests/' ) ; is( 'lalala', string_to_file( 'lalala', 'W/tmp/tests/canbewritten' ), 'string_to_file: W/tmp/tests/canbewritten with lalala' ) ; is( q{}, string_to_file( q{}, 'W/tmp/tests/empty' ), 'string_to_file: W/tmp/tests/empty with empty string' ) ; SKIP: { Readonly my $NB_UNX_tests_string_to_file => 1 ; skip( 'Not on Unix non-root', $NB_UNX_tests_string_to_file ) if ('MSWin32' eq $OSNAME or '0' eq $EFFECTIVE_USER_ID ) ; is( undef, string_to_file( 'lalala', '/cantouch' ), 'string_to_file: /cantouch denied => undef' ) ; -- return backtick( $command ) ; } sub search_dyn_lib_locale_linux { my $command = qq{ lsof -p $PROCESS_ID | grep ' REG ' | grep -v '/tmp/par-' | grep '\.so' } ; myprint( "Search non embeded dynamic libs with the command: $command\n" ) ; return backtick( $command ) ; } sub search_dyn_lib_locale_MSWin32 -- sub tests_logfileprepa { note( 'Entering tests_logfileprepa()' ) ; is( undef, logfileprepa( ), 'logfileprepa: no args => undef' ) ; my $logfile = 'W/tmp/tests/tests_logfileprepa.txt' ; is( 1, logfileprepa( $logfile ), 'logfileprepa: W/tmp/tests/tests_logfileprepa.txt => 1' ) ; note( 'Leaving tests_logfileprepa()' ) ; return ; } -- my $mysync = {} ; is( undef, teelaunch( $mysync ), 'teelaunch: arg empty {} => undef' ) ; is( undef, teelaunch( $mysync, '' ), 'teelaunch: empty string => undef' ) ; # First time, learning IO::Tee intrasics my $tee = teelaunch( $mysync, 'W/tmp/tests/tests_teelaunch.txt' ) ; isa_ok( $tee, 'IO::Tee', 'teelaunch: logfile W/tmp/tests/tests_teelaunch.txt' ) ; is( 1, print( $tee "Hi!\n" ), 'teelaunch: write Hi!') ; is( "Hi!\n", file_to_string( 'W/tmp/tests/tests_teelaunch.txt' ), 'teelaunch: reading W/tmp/tests/tests_teelaunch.txt is Hi!\n' ) ; is( 1, print( $tee "Hoo\n" ), 'teelaunch: write Hoo') ; is( "Hi!\nHoo\n", file_to_string( 'W/tmp/tests/tests_teelaunch.txt' ), 'teelaunch: reading W/tmp/tests/tests_teelaunch.txt is Hi!\nHoo\n' ) ; # closing file handle so tee won't be happy ($tee->handles)[0]->close ; is( undef, print( $tee "Argh1\n" ), 'teelaunch: write Argh1') ; is( undef, print( $tee "Argh2\n" ), 'teelaunch: write Argh2') ; # write not done is( "Hi!\nHoo\n", file_to_string( 'W/tmp/tests/tests_teelaunch.txt' ), 'teelaunch: reading W/tmp/tests/tests_teelaunch.txt is still Hi!\nHoo\n' ) ; print join( ' ', $tee->handles ), "\n"; is( 2, scalar $tee->handles, 'teelaunch: 2 handles') ; shift @{*{$tee}}; print join(' ', $tee->handles), "\n" ; is( 1, scalar $tee->handles, 'teelaunch: 1 handle') ; -- # will not print anything now is( 0, scalar $tee->handles, 'teelaunch: 0 handle') ; is( 1, print( $tee "Argh 4\n" ), 'teelaunch: write Argh4 no') ; # Second time, lesson learnt IO::Tee $tee = teelaunch( $mysync, 'W/tmp/tests/tests_teelaunch2.txt' ) ; isa_ok( $tee, 'IO::Tee' , 'teelaunch: W/tmp/tests/tests_teelaunch2.txt' ) ; is( 1, print( $tee "Hi!\n" ), 'teelaunch: write Hi!') ; is( "Hi!\n", file_to_string( 'W/tmp/tests/tests_teelaunch2.txt' ), 'teelaunch: reading W/tmp/tests/tests_teelaunch2.txt is Hi!\n' ) ; is( 1, print( $tee "Hoo\n" ), 'teelaunch: write Hoo') ; is( "Hi!\nHoo\n", file_to_string( 'W/tmp/tests/tests_teelaunch2.txt' ), 'teelaunch: reading W/tmp/tests/tests_teelaunch2.txt is Hi!\nHoo\n' ) ; is( 1, teefinish( $tee ), 'teefinish: return 1') ; is( 1, print( $tee "Argh1\n" ), 'teelaunch: write Argh1') ; is( 1, print( $tee "Argh2\n" ), 'teelaunch: write Argh2') ; is( "Hi!\nHoo\n", file_to_string( 'W/tmp/tests/tests_teelaunch2.txt' ), 'teelaunch: reading W/tmp/tests/tests_teelaunch2.txt is still Hi!\nHoo\n' ) ; is( 1, teefinish( $tee ), 'teefinish: still return 1') ; note( 'Leaving tests_teelaunch()' ) ; return ; } -- my $mysync = { } ; is( undef, get_options_extra( $mysync ), 'get_options_extra: undef => undef' ) ; my $cwd_save = getcwd( ) ; ok( (-d 'W/tmp/tests/options_extra/' or mkpath( 'W/tmp/tests/options_extra/' )), 'get_options_extra: mkpath W/tmp/tests/options_extra/' ) ; chdir 'W/tmp/tests/options_extra/' ; is( '--debugimap1', string_to_file( '--debugimap1', 'options_extra.txt' ), 'get_options_extra: string_to_file filling options_extra.txt with --debugimap1' ) ; is( '--debugimap1', file_to_string( 'options_extra.txt' ), 'get_options_extra: reading options_extra.txt is --debugimap1' ) ; -- if ( ! $mysync->{ testsdebug } ) { skip 'No test in normal run' ; } note( 'Entering testsdebug()' ) ; #ok( ( ( not -d 'W/tmp/tests' ) or rmtree( 'W/tmp/tests/' ) ), 'testsdebug: rmtree W/tmp/tests' ) ; #tests_check_binary_embed_all_dyn_libs( ) ; #tests_killpid_by_parent( ) ; #tests_killpid_by_brother( ) ; #tests_kill_zero( ) ; #tests_connect_socket( ) ;; fail impose+-0.2-alt2.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/impose: $ grep /tmp/ /usr/bin/impose $ybot=30 unless $ybot; $pages=6 unless defined $pages; $rotdir="L" unless $rotdir; $filename = shift or do { $filename = "/tmp/$ENV{USER}-tmp.ps"; open(TMP, ">$filename"); while(<>) { print TMP; } close(TMP); $do_stdout++; $do_erase_tmp++; $_=; @oddbbox=split; $_=; @evenbbox=split; @oddbbox = @evenbbox unless @evenbbox; close(BB); } elsif ($lastbbox && -e "/tmp/bboxx-$ENV{USER}") { open(BB,"/tmp/bboxx-$ENV{USER}"); $_=; @oddbbox=split; $_=; @evenbbox=split; close(BB); # print "oddbbox = @oddbbox\n"; # print "evenbbox = @evenbbox\n"; -- } @evenbbox = @oddbbox if $noevenodd; # record the bboxx information open(BB, ">/tmp/bboxx-$ENV{USER}"); print BB "@oddbbox\n@evenbbox\n"; close(BB); # Do page calculations $oddwidth = $oddbbox[2]-$oddbbox[0];; fail installer-distro-altlinux-server-stage2-7.0.2-alt3.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/install2/initinstall.d/05-vm-profile: $ grep /tmp/ /usr/share/install2/initinstall.d/05-vm-profile #!/bin/sh # see also http://www.altlinux.org/Autoinstall message() { echo "vm-profile: $*" >>/tmp/vm-profile.log; } mem="$(sed '/^MemTotal/s/[^0-9]//gp' /proc/meminfo)" # in kB finded_disks_size="$(find /sys/block/{hd,sd,vd,nvme,mmc}*/size 2> /dev/null)" [ "$finded_disks_size" ] &&; fail installer-distro-centaurus-stage2-11.0-alt3.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/install2/preinstall.d/35-disable-systemd-networkd.sh: $ grep /tmp/ /usr/share/install2/preinstall.d/35-disable-systemd-networkd.sh mkdir $i shell_config_set $i/options SYSTEMD_CONTROLLED no shell_config_set $i/options DISABLED no done } >> /tmp/install2.log 2>&1 : Found error in /usr/share/install2/postinstall.d/66-setup-net-services.sh: $ grep /tmp/ /usr/share/install2/postinstall.d/66-setup-net-services.sh if [ "$SYSTEMD_CONTROLLED" ] ; then chroot $destdir systemctl disable systemd-networkd.service chroot $destdir systemctl disable systemd-resolved.service fi } >> /tmp/install2.log 2>&1 :; fail installer-scripts-remount-stage2-0.7.0-alt1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/sbin/install2-remount-functions: $ grep /tmp/ /usr/sbin/install2-remount-functions start_lvm && start_luks && mount_chroot && systemd_tmpfiles_chroot && set_active \ ) >& /tmp/remount.log || return $? } remount_destination() { # remount destdir after alterator-vm # no mount chroot filesystem (/dev, /proc, /sys) start_mdraid && start_lvm && start_luks && mount_destination && set_active \ ) >& /tmp/remount.log || return $? } # avoid automatic rpm shell.req dependency MULTIPATHD=/sbin/multipathd MDADM=/sbin/mdadm LVM=/sbin/lvm CRYPTSETUP=/sbin/cryptsetup CRYPTSETUP_KEY=/tmp/empty PUTFILE=/usr/share/make-initrd/tools/put-file BLKID="blkid -c /dev/null" # alterator-vm should leave LUKS containers # with initial empty password, see #28200 -- # for installer-feature-desktop-other-fs, see also #29005 save_blkid_state() { find /dev/mapper -type l \ | xargs -r $BLKID \ > /tmp/blkid.dm } populate_fstab() { [ ! -f /tmp/fstab ] || cat /tmp/fstab >> "$destdir/etc/fstab" } copy_chroot_binaries() { useputfile= if [ -x "$destdir$PUTFILE" ]; then useputfile='yes' binddir="$(mktemp -d "$destdir/tmp/copy_chroot_binaries.XXXXXXXXX")" workdir="${binddir#$destdir}" mount --bind / "$binddir" else echo "remount: file does not exist or is not available for execution: $destdir$PUTFILE" >&2 fi -- } stop_mdraid() { # saving state is only important *after* evms if [ -f /proc/mdstat -a -x "$MDADM" ]; then "$MDADM" --examine --scan > /tmp/mdadm.conf "$MDADM" -v --stop --scan fi } start_mdraid() { if [ -s /tmp/mdadm.conf -a -x "$MDADM" ]; then # an arbitrary value of the year: packages installed already sysctl -w dev.raid.speed_limit_max=1000000 # chroot's mdadm.conf populated by 45-mdadm.sh "$MDADM" -v --assemble --run --scan --config=/tmp/mdadm.conf ||: fi } start_multipath() { if [ -x "$MULTIPATHD" ]; then -- done fi } mount_destfs() { # depends on /tmp/fstab just like 10-fstab.sh local mpoint="$1" mountpoint -q "$destdir""$mpoint" && return 0 local destfs="$(awk -v mpoint="$mpoint" '{ if ($2==mpoint) print $1 }' < /tmp/fstab)" case "$destfs" in UUID=*) destfs="`$BLKID -U ${destfs#UUID=}`" ;; LABEL=*) -- echo "by ${UUID:+UUID=$UUID}${LABEL:+LABEL=$LABEL}" time $BLKID return 3 fi >&2 mountopts="$(grep "[[:space:]]$mpoint[[:space:]]" /tmp/fstab | awk '{ print $4 }')" mount -v "$destfs" "$destdir$mpoint" -o "$mountopts" || return 3 } mount_chroot() { -- ! mountpoint "$destdir" || return 1 } # mount destdir without make chroot, after umount_destination mount_destination() { [ -s /tmp/fstab ] || return 4 for mpoint in $(awk '{ print $2 }' < /tmp/fstab | grep / | sort); do mount_destfs $mpoint || return $? done } systemd_tmpfiles_chroot() {; fail linuxcnc-2.9.4-alt1.20250304.1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib64/tcl/linuxcnc/ngcgui_ttt.tcl: $ grep /tmp/ /usr/lib64/tcl/linuxcnc/ngcgui_ttt.tcl #future: puts check:<$msg> #future: } #future: test ans here # hack follows: catch {set ans1 [eval exec $::ttt(exe) 2>/tmp/ttt.q]} catch {set ans2 [eval exec grep subdiv /tmp/ttt.q]} catch {file delete /tmp/ttt.q} if {[info exists ans2] && $ans2 == 1} { set ::ttt(msg) "::ttt::embedinit [_ "found truetype-tracer v4 return 1 } else { puts stderr "::ttt::embedinit:[_ "Note truetype-tracer v4 is required"]"; fail lua5.1-module-luasocket-3.0rc1-alt5_lr2.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/luarocks/rocks-5.1/luasocket/3.0rc1-2/test/cgi/cat: $ grep /tmp/ /usr/lib/luarocks/rocks-5.1/luasocket/3.0rc1-2/test/cgi/cat #!/bin/sh echo Content-type: text/plain echo cat > /tmp/luasocket.cat.tmp cat /tmp/luasocket.cat.tmp; fail lua5.4-module-luasocket-3.1.0-alt2_lr1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/luarocks/rocks-5.4/luasocket/3.1.0-1/test/cgi/cat: $ grep /tmp/ /usr/lib/luarocks/rocks-5.4/luasocket/3.1.0-1/test/cgi/cat #!/bin/sh echo Content-type: text/plain echo cat > /tmp/luasocket.cat.tmp cat /tmp/luasocket.cat.tmp; fail lz11-V2-1.2-alt1.qa2.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/lz11.stopjobs: $ grep /tmp/ /usr/bin/lz11.stopjobs if [ "${pids}" ] ; then exit 0 fi echo "${pids}" > /tmp/lz11.terminate waitcounts=30 echo echo echo "removing all active printer jobs for " echo " etc usr with PIDS ${pids}" if [ ${nonefound} == 1 ] ; then i=${waitcounts} echo -n " STOPPED!" fi done rm -f /tmp/lz11.terminate echo if [ ${nonefound} = 0 ] ; then echo "The program could not stop the prints safely." echo "Just killing the print processes now!" echo Found error in /usr/bin/lz11.foomatic: $ grep -A5 -B5 /tmp/ /usr/bin/lz11.foomatic $debug = 1; local *ERR; if ($debug) { open(ERR,">>/tmp/lz11err"); print ERR "-----------\n"; print ERR "@ARGV\n"; } else { open(ERR, ">&STDERR"); } -- # ---------------------------------------------------------- # cZ11 command line # ---------------------------------------------------------- $cz11 = "cZ11-V2 $devicez11 $sizez11 $adjustz11"; if ( $cancel == 1 ) { $cz11 = "$cz11"." --terminate=/tmp/lz11.terminate"; } elsif ( $cancel ) { $cz11 = "$cz11"." --terminate-eject=/tmp/lz11.terminate"; } $cz11 = "$cz11"." 2>>/tmp/lz11err"; # ---------------------------------------------------------- # Do it! # ---------------------------------------------------------- $invokation = "$gs -q -dBATCH -dSAFER -dNOPAUSE $devicegs $ditherppi $resgs $sizegs -sOutputFile=- - | $cz11"; if ($debug) { print ERR "$invokation \n"; } system("$invokation"); system("chmod a+rw /tmp/lz11*"); close(ERR);; fail m2300w-0.51-alt1.qa1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/m2300w-wrapper: $ grep /tmp/ /usr/bin/m2300w-wrapper # is heavy based on the Script from Rick's 'foo2zjs-wrapper' for the # Minolta Magiccolor 2300DL. # So i will leave his copyright on it. #********************************************************************* cat >> /tmp/m2300w.log <> /tmp/m2300w.log <>/tmp/m2300w.log) 3>&1 | tee /tmp/m2300w_gsout.pbm | $DRIVER $DRIVER_DEBUG $M2300WUCR $SAVETONER $PAPERCODE $MEDIACODE \ -i - -o - $COLOR $RESCODESTR | tee /tmp/m2300w.prn EOF $PREFILTER | ($GS $gsPaperCode $RES $GSDEV $GSOPT \ -sOutputFile="|cat 1>&3" $RENDERFILES - >>/tmp/m2300w.log) 3>&1 | tee_pbm | $DRIVER $DRIVER_DEBUG $M2300WUCR $SAVETONER $PAPERCODE $MEDIACODE \ -i - -o - $COLOR $RESCODESTR | tee_prn; fail make-initrd-colaboot-0.5-alt2.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/make-initrd/features/colaboot/data/scripts/post/udev/colaboot: $ grep /tmp/ /usr/share/make-initrd/features/colaboot/data/scripts/post/udev/colaboot REPLACEMENT=$(echo $ROOT |sed 's|(.*)/.*|\1|') elif echo $MACRO_NAME |grep "^DHCP_"; then # for this macro type we need to make sure first that network is up [ "$NETWORK_IS_UP" ] && network_init >&2 DHCP_OPT_NAME=$(echo $MACRO_NAME |sed 's/^DHCP_//') REPLACEMENT=$(get_mnf_param $DHCP_OPT_NAME /tmp/lease-info |sed "s/'//g") fi STR=$(echo $STR |sed "s|{.*}|$REPLACEMENT|") fi echo $STR } done } network_init() { if [ -s /tmp/lease-info ]; then # It seems network is already up NETWORK_IS_UP=1 return fi -- fi sleep .1 done if ip -o -4 addr list |grep -Fqv "inet 127.0.0.1"; then verbose "Save lease info into /tmp/lease-info" for lease in /var/lib/dhcpcd/*.lease; do iface=$(basename $lease |sed -e 's/dhcpcd-//' -e 's/\.lease$//') dhcpcd -4 -U $iface > /tmp/lease-info done NETWORK_IS_UP=1 else error "No assigned IP found. Network problem?" fi -- FORCE_CACHE_IMAGES=${clb_force_cache_images:-1} WAIT_DELAY=${ROOTDELAY:-180} verbose "CoLaBoot: root url=${ROOT}, clb_fs_size=${clb_fs_size}, clb_force_cache_images=${FORCE_CACHE_IMAGES}" RDISK=/tmp/clb-ramdisk CACHED_IMAGES=$RDISK/cached-images IMAGES_MPOINTS=$RDISK/mount-points IMG_FS_PATH=/tmp/images-fs # this location can be overrided for local HDD, NFS or iSCSI RW_LAYER_PATH=$IMAGES_MPOINTS mkdir -p $RDISK -- for MPOINT in $IMG_FS_PATH/*; do grep -q " $MPOINT " /proc/mounts && umount -l $MPOINT done [ -n "$NETWORK_IS_UP" -o -s /tmp/lease-info ] && network_down } # =========< start here >============= prepare; fail ndiswrapper-1.61-alt1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/sbin/ndiswrapper-buginfo: $ grep /tmp/ /usr/sbin/ndiswrapper-buginfo # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA LOGFILE=`mktemp /tmp/ndiswrapper.XXXXXX` KVERS=`uname log() { echo "$*" 2>&1 >> $LOGFILE log "kernel config missing" fi fi fi gzip -c $LOGFILE > /tmp/ndiswrapper-buginfo.gz echo "please attach /tmp/ndiswrapper-buginfo.gz to your bugreport!" \rm -f $LOGFILE; fail net-snmp-common-5.9.4-alt1.1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/doc/net-snmp-common-5.9.4/passtest: $ grep /tmp/ /usr/share/doc/net-snmp-common-5.9.4/passtest # Process SET requests by simply logging the assigned value # Note that such "assignments" are not persistent, # nor is the syntax or requested value validated # if [ "$1" = "-s" ]; then echo $* >> /tmp/passtest.log exit 0 fi # # GETNEXT requests - determine next valid instance; fail newsboat-2.40-alt1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/doc/newsboat/contrib/getpocket.com/create-pocket-user-token.sh: $ grep /tmp/ /usr/share/doc/newsboat/contrib/getpocket.com/create-pocket-user-token.sh # shamelessy copy this from contrib/bookmark-pinboard TMP_TOKEN=`echo $output | sed 's/^.*\"code\":"$[^"]*$".*$/\1/'` # redirect user to pocket authentication page AUTH_URL="https://getpocket.com/auth/authorize?request_token=$TMP_TOKEN&redirect_uri=https://github.com/newsboat/newsboat/blob/c8c92a17fa0862fb7a648e88723eb48cb9cb582c/contrib/getpocket.com/after_authentication.md" echo $TMP_TOKEN> /tmp/pocket_token echo "please navigate to $AUTH_URL, active the access. Then press enter" xdg-open $AUTH_URL read dontcare output=`wget "consumer_key=$APPLICATION_CONSUMER_KEY&code=$TMP_TOKEN" https://getpocket.com/v3/oauth/authorize - 2>/dev/null` echo $output > /tmp/input output=`echo $output | sed 's/^.*access_token=$[^&"]*$.*$/\1/'` echo $output > ~/.pocket_access_token; fail ocsinventory-agent-2.10.4-alt1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/ocsinventory-agent: $ grep /tmp/ /usr/bin/ocsinventory-agent =item B<--stdout> Print the inventory on stdout. % ocsinventory-agent > /tmp/report.xml # prepare an inventory and write it in the /tmp/report.xml file. # A file will be created. =item B<--scan-homedirs> Authorized OCS to scan home directories to increase the Virtual Machine inventory.; fail opennebula-server-6.8.0.1-alt5.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /var/lib/one/remotes/im/qemu.d/monitord-client_control.sh: $ grep /tmp/ /var/lib/one/remotes/im/qemu.d/monitord-client_control.sh # Collectd client (Ruby) CLIENT=$DIR/${BASENAME}.rb # Collectd client PID CLIENT_PID_FILE=/tmp/one-monitord-$HID.pid # Launch the client function start_client() { rm $CLIENT_PID_FILE >/dev/null 2>&1 echo "$STDIN" | /usr/bin/env ruby $CLIENT $ARGV 2> /tmp/one-monitord-$HID.error & CLIENT_PID=$! sleep 1 if [ "$CLIENT_PID" ] || ! ps $CLIENT_PID > /dev/null; then cat /tmp/one-monitord-$HID.error exit 1 fi echo $CLIENT_PID > $CLIENT_PID_FILE } Found error in /var/lib/one/remotes/im/one.d/monitord-client_control.sh: $ grep /tmp/ /var/lib/one/remotes/im/one.d/monitord-client_control.sh # Collectd client (Ruby) CLIENT=$DIR/${BASENAME}.rb # Collectd client PID CLIENT_PID_FILE=/tmp/one-monitord-$HID.pid # Launch the client function start_client() { rm $CLIENT_PID_FILE >/dev/null 2>&1 echo "$STDIN" | /usr/bin/env ruby $CLIENT $ARGV 2> /tmp/one-monitord-$HID.error & CLIENT_PID=$! sleep 1 if [ "$CLIENT_PID" ] || ! ps $CLIENT_PID > /dev/null; then cat /tmp/one-monitord-$HID.error exit 1 fi echo $CLIENT_PID > $CLIENT_PID_FILE } Found error in /var/lib/one/remotes/im/lxd.d/monitord-client_control.sh: $ grep /tmp/ /var/lib/one/remotes/im/lxd.d/monitord-client_control.sh # Collectd client (Ruby) CLIENT=$DIR/${BASENAME}.rb # Collectd client PID CLIENT_PID_FILE=/tmp/one-monitord-$HID.pid # Launch the client function start_client() { rm $CLIENT_PID_FILE >/dev/null 2>&1 echo "$STDIN" | /usr/bin/env ruby $CLIENT $ARGV 2> /tmp/one-monitord-$HID.error & CLIENT_PID=$! sleep 1 if [ "$CLIENT_PID" ] || ! ps $CLIENT_PID > /dev/null; then cat /tmp/one-monitord-$HID.error exit 1 fi echo $CLIENT_PID > $CLIENT_PID_FILE } Found error in /var/lib/one/remotes/im/lxc.d/monitord-client_control.sh: $ grep /tmp/ /var/lib/one/remotes/im/lxc.d/monitord-client_control.sh # Collectd client (Ruby) CLIENT=$DIR/${BASENAME}.rb # Collectd client PID CLIENT_PID_FILE=/tmp/one-monitord-$HID.pid # Launch the client function start_client() { rm $CLIENT_PID_FILE >/dev/null 2>&1 echo "$STDIN" | /usr/bin/env ruby $CLIENT $ARGV 2> /tmp/one-monitord-$HID.error & CLIENT_PID=$! sleep 1 if [ "$CLIENT_PID" ] || ! ps $CLIENT_PID > /dev/null; then cat /tmp/one-monitord-$HID.error exit 1 fi echo $CLIENT_PID > $CLIENT_PID_FILE } Found error in /var/lib/one/remotes/im/kvm.d/monitord-client_control.sh: $ grep /tmp/ /var/lib/one/remotes/im/kvm.d/monitord-client_control.sh # Collectd client (Ruby) CLIENT=$DIR/${BASENAME}.rb # Collectd client PID CLIENT_PID_FILE=/tmp/one-monitord-$HID.pid # Launch the client function start_client() { rm $CLIENT_PID_FILE >/dev/null 2>&1 echo "$STDIN" | /usr/bin/env ruby $CLIENT $ARGV 2> /tmp/one-monitord-$HID.error & CLIENT_PID=$! sleep 1 if [ "$CLIENT_PID" ] || ! ps $CLIENT_PID > /dev/null; then cat /tmp/one-monitord-$HID.error exit 1 fi echo $CLIENT_PID > $CLIENT_PID_FILE } Found error in /var/lib/one/remotes/im/firecracker.d/monitord-client_control.sh: $ grep /tmp/ /var/lib/one/remotes/im/firecracker.d/monitord-client_control.sh # Collectd client (Ruby) CLIENT=$DIR/${BASENAME}.rb # Collectd client PID CLIENT_PID_FILE=/tmp/one-monitord-$HID.pid # Launch the client function start_client() { rm $CLIENT_PID_FILE >/dev/null 2>&1 echo "$STDIN" | /usr/bin/env ruby $CLIENT $ARGV 2> /tmp/one-monitord-$HID.error & CLIENT_PID=$! sleep 1 if [ "$CLIENT_PID" ] || ! ps $CLIENT_PID > /dev/null; then cat /tmp/one-monitord-$HID.error exit 1 fi echo $CLIENT_PID > $CLIENT_PID_FILE } Found error in /var/lib/one/remotes/im/equinix.d/monitord-client_control.sh: $ grep /tmp/ /var/lib/one/remotes/im/equinix.d/monitord-client_control.sh # Collectd client (Ruby) CLIENT=$DIR/${BASENAME}.rb # Collectd client PID CLIENT_PID_FILE=/tmp/one-monitord-$HID.pid # Launch the client function start_client() { rm $CLIENT_PID_FILE >/dev/null 2>&1 echo "$STDIN" | /usr/bin/env ruby $CLIENT $ARGV 2> /tmp/one-monitord-$HID.error & CLIENT_PID=$! sleep 1 if [ "$CLIENT_PID" ] || ! ps $CLIENT_PID > /dev/null; then cat /tmp/one-monitord-$HID.error exit 1 fi echo $CLIENT_PID > $CLIENT_PID_FILE } Found error in /var/lib/one/remotes/im/ec2.d/monitord-client_control.sh: $ grep /tmp/ /var/lib/one/remotes/im/ec2.d/monitord-client_control.sh # Collectd client (Ruby) CLIENT=$DIR/${BASENAME}.rb # Collectd client PID CLIENT_PID_FILE=/tmp/one-monitord-$HID.pid # Launch the client function start_client() { rm $CLIENT_PID_FILE >/dev/null 2>&1 echo "$STDIN" | /usr/bin/env ruby $CLIENT $ARGV 2> /tmp/one-monitord-$HID.error & CLIENT_PID=$! sleep 1 if [ "$CLIENT_PID" ] || ! ps $CLIENT_PID > /dev/null; then cat /tmp/one-monitord-$HID.error exit 1 fi echo $CLIENT_PID > $CLIENT_PID_FILE } Found error in /var/lib/one/remotes/im/az.d/monitord-client_control.sh: $ grep /tmp/ /var/lib/one/remotes/im/az.d/monitord-client_control.sh # Collectd client (Ruby) CLIENT=$DIR/${BASENAME}.rb # Collectd client PID CLIENT_PID_FILE=/tmp/one-monitord-$HID.pid # Launch the client function start_client() { rm $CLIENT_PID_FILE >/dev/null 2>&1 echo "$STDIN" | /usr/bin/env ruby $CLIENT $ARGV 2> /tmp/one-monitord-$HID.error & CLIENT_PID=$! sleep 1 if [ "$CLIENT_PID" ] || ! ps $CLIENT_PID > /dev/null; then cat /tmp/one-monitord-$HID.error exit 1 fi echo $CLIENT_PID > $CLIENT_PID_FILE }; fail otl-0.54-alt1.qa1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/otl: $ grep /tmp/ /usr/bin/otl #### # # need to rewrite and reread file so that \n's are now processed correctly # and each line ends up as a separate array element # write it to temp file open(FOUT, ">/tmp/tmp.otl"); flock(FOUT,2); print FOUT @linesout; close (FOUT); # now read it @linesout=(); open(INFO,"/tmp/tmp.otl"); @linesout=; close(INFO); $lineslength=@linesout; if ($debug) Found error in /usr/bin/otlsub: $ grep -A5 -B5 /tmp/ /usr/bin/otlsub ################################### # need to rewrite and reread file so that \n's are now processed correctly # and each line ends up as a separate array element # -- write it to temp file unlink("/tmp/tmp.otl"); open(FOUT, ">/tmp/tmp.otl"); flock(FOUT,2); print FOUT @linesout; close (FOUT); # now read it @linesout=(); open(INFO,"/tmp/tmp.otl"); @linesout=; close(INFO); # # $llength is length of linesout; fail perl-Tapper-Cmd-5.0.14-alt1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/perl5/auto/Tapper/Cmd/Init/hello-world/run-hello-world.sh: $ grep /tmp/ /usr/share/perl5/auto/Tapper/Cmd/Init/hello-world/run-hello-world.sh start-tapper-daemon () { DAEMON=$1 if ps auxwww | grep grep | grep $DAEMON ; then kill $(ps auxwww | grep grep | grep $DAEMON | awk '{print $2}') fi $DAEMON > /tmp/$DAEMON-helloworld.log 2>&1 & } start-tapper-daemon tapper_reports_web_server.pl start-tapper-daemon tapper-reports-receiver start-tapper-daemon tapper-reports-api; fail phoronix-test-suite-10.8.4-alt3.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/tww3-1.0.0/pre.sh: $ grep /tmp/ /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/tww3-1.0.0/pre.sh #!/bin/bash set xtrace exec > /tmp/test exec 2>&1 # Input settings WIDTH=$1 HEIGHT=$2 export HOME=$DEBUG_REAL_HOME GAME_PREFS="$DEBUG_REAL_HOME/.local/share/feral-interactive/Total War WARHAMMER III" # Set up (and back up) the game preferences files DATETIME=$( date +%Y-%d-%m-%H-%M ) echo "$DATETIME" >/tmp/tww3-bkp-dt GAME_PREFS_BKP="${GAME_PREFS}.pts-$DATETIME-bkp" cp -r "$GAME_PREFS" "$GAME_PREFS_BKP" # clear previous runs rm -rf "${GAME_PREFS:?}" Found error in /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/tww2-1.1.0/pre.sh: $ grep -A5 -B5 /tmp/ /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/tww2-1.1.0/pre.sh #!/bin/bash -e set -o xtrace exec > /tmp/test exec 2>&1 # Input settings WIDTH=$1 HEIGHT=$2 -- export HOME=$DEBUG_REAL_HOME GAME_PREFS="$DEBUG_REAL_HOME/.local/share/feral-interactive/Total War WARHAMMER II" # Set up (and back up) the game preferences files DATETIME=$( date +%Y-%d-%m-%H-%M ) echo "$DATETIME" >/tmp/tww2-bkp-dt GAME_PREFS_BKP="${GAME_PREFS}.pts-$DATETIME-bkp" cp -r "$GAME_PREFS" "$GAME_PREFS_BKP" # clear previous runs rm -rf "${GAME_PREFS:?}" Found error in /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/twtk-1.0.3/pre.sh: $ grep -A5 -B5 /tmp/ /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/twtk-1.0.3/pre.sh #!/bin/bash -e set -o xtrace exec > /tmp/test exec 2>&1 # Input settings WIDTH=$1 HEIGHT=$2 -- export HOME=$DEBUG_REAL_HOME GAME_PREFS="$DEBUG_REAL_HOME/.local/share/feral-interactive/Three Kingdoms" # Set up (and back up) the game preferences files DATETIME=$( date +%Y-%d-%m-%H-%M ) echo "$DATETIME" >/tmp/twtk-bkp-dt GAME_PREFS_BKP="${GAME_PREFS}.pts-$DATETIME-bkp" cp -r "$GAME_PREFS" "$GAME_PREFS_BKP" # clear previous runs rm -rf "${GAME_PREFS:?}" Found error in /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/twtk-1.0.2/pre.sh: $ grep -A5 -B5 /tmp/ /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/twtk-1.0.2/pre.sh #!/bin/bash -e set -o xtrace exec > /tmp/test exec 2>&1 # Input settings WIDTH=$1 HEIGHT=$2 -- export HOME=$DEBUG_REAL_HOME GAME_PREFS="$DEBUG_REAL_HOME/.local/share/feral-interactive/Three Kingdoms" # Set up (and back up) the game preferences files DATETIME=$( date +%Y-%d-%m-%H-%M ) echo "$DATETIME" >/tmp/twtk-bkp-dt GAME_PREFS_BKP="${GAME_PREFS}.pts-$DATETIME-bkp" cp -r "$GAME_PREFS" "$GAME_PREFS_BKP" # clear previous runs rm -rf "${GAME_PREFS:?}" Found error in /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/twtk-1.0.1/pre.sh: $ grep -A5 -B5 /tmp/ /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/twtk-1.0.1/pre.sh #!/bin/bash -e set -o xtrace exec > /tmp/test exec 2>&1 # Input settings WIDTH=$1 HEIGHT=$2 -- export HOME=$DEBUG_REAL_HOME GAME_PREFS="$DEBUG_REAL_HOME/.local/share/feral-interactive/Three Kingdoms" # Set up (and back up) the game preferences files DATETIME=$( date +%Y-%d-%m-%H-%M ) echo "$DATETIME" >/tmp/twtk-bkp-dt GAME_PREFS_BKP="${GAME_PREFS}.pts-$DATETIME-bkp" cp -r "$GAME_PREFS" "$GAME_PREFS_BKP" # clear previous runs rm -rf "${GAME_PREFS:?}" Found error in /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/thronesofbritannia-1.0.0/pre.sh: $ grep -A5 -B5 /tmp/ /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/thronesofbritannia-1.0.0/pre.sh #!/bin/bash -e set -o xtrace exec > /tmp/test exec 2>&1 # Input settings WIDTH=$1 HEIGHT=$2 -- export HOME=$DEBUG_REAL_HOME GAME_PREFS="$DEBUG_REAL_HOME/.local/share/feral-interactive/Thrones of Britannia" # Set up (and back up) the game preferences files DATETIME=$( date +%Y-%d-%m-%H-%M ) echo "$DATETIME" >/tmp/tob-bkp-dt GAME_PREFS_BKP="${GAME_PREFS}.pts-$DATETIME-bkp" cp -r "$GAME_PREFS" "$GAME_PREFS_BKP" # clear previous runs rm -rf "${GAME_PREFS:?}" Found error in /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/shadowofthetombraider-1.1.0/pre.sh: $ grep -A5 -B5 /tmp/ /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/shadowofthetombraider-1.1.0/pre.sh #!/bin/bash -e set -o xtrace exec > /tmp/test exec 2>&1 # Input settings WIDTH=$1 HEIGHT=$2 -- export HOME=$DEBUG_REAL_HOME GAME_PREFS="$DEBUG_REAL_HOME/.local/share/feral-interactive/Shadow of the Tomb Raider" # Set up (and back up) the game preferences files DATETIME=$( date +%Y-%d-%m-%H-%M ) echo "$DATETIME" > /tmp/sotr-bkp-dt GAME_PREFS_BKP="${GAME_PREFS}.pts-$DATETIME-bkp" cp -r "$GAME_PREFS" "$GAME_PREFS_BKP" if [ -f "$GAME_PREFS/preferences" ]; then rm "$GAME_PREFS/preferences" Found error in /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/shadowofthetombraider-1.1.0/interim.sh: $ grep -A5 -B5 /tmp/ /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/shadowofthetombraider-1.1.0/interim.sh #!/bin/bash -e set -o xtrace exec > /tmp/test exec 2>&1 # Input settings WIDTH=$1 HEIGHT=$2 -- export HOME=$DEBUG_REAL_HOME GAME_PREFS="$DEBUG_REAL_HOME/.local/share/feral-interactive/Shadow of the Tomb Raider" # Set up (and back up) the game preferences files DATETIME=$( date +%Y-%d-%m-%H-%M ) echo "$DATETIME" > /tmp/sotr-bkp-dt GAME_PREFS_BKP="${GAME_PREFS}.pts-$DATETIME-bkp" cp -r "$GAME_PREFS" "$GAME_PREFS_BKP" if [ -f "$GAME_PREFS/preferences" ]; then rm "$GAME_PREFS/preferences" Found error in /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/shadowofthetombraider-1.0.1/pre.sh: $ grep -A5 -B5 /tmp/ /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/shadowofthetombraider-1.0.1/pre.sh #!/bin/bash -e set -o xtrace exec > /tmp/test exec 2>&1 # Input settings WIDTH=$1 HEIGHT=$2 -- export HOME=$DEBUG_REAL_HOME GAME_PREFS="$DEBUG_REAL_HOME/.local/share/feral-interactive/Shadow of the Tomb Raider" # Set up (and back up) the game preferences files DATETIME=$( date +%Y-%d-%m-%H-%M ) echo "$DATETIME" > /tmp/sotr-bkp-dt GAME_PREFS_BKP="${GAME_PREFS}.pts-$DATETIME-bkp" cp -r "$GAME_PREFS" "$GAME_PREFS_BKP" if [ -f "$GAME_PREFS/preferences" ]; then rm "$GAME_PREFS/preferences" Found error in /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/shadowofthetombraider-1.0.0/pre.sh: $ grep -A5 -B5 /tmp/ /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/shadowofthetombraider-1.0.0/pre.sh #!/bin/bash -e set -o xtrace exec > /tmp/test exec 2>&1 # Input settings WIDTH=$1 HEIGHT=$2 -- export HOME=$DEBUG_REAL_HOME GAME_PREFS="$DEBUG_REAL_HOME/.local/share/feral-interactive/Shadow of the Tomb Raider" # Set up (and back up) the game preferences files DATETIME=$( date +%Y-%d-%m-%H-%M ) echo "$DATETIME" > /tmp/sotr-bkp-dt GAME_PREFS_BKP="${GAME_PREFS}.pts-$DATETIME-bkp" cp -r "$GAME_PREFS" "$GAME_PREFS_BKP" if [ -f "$GAME_PREFS/preferences" ]; then rm "$GAME_PREFS/preferences" Found error in /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/riseofthetombraider-1.0.2/pre.sh: $ grep -A5 -B5 /tmp/ /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/riseofthetombraider-1.0.2/pre.sh #!/bin/bash -e set -o xtrace exec > /tmp/test exec 2>&1 # Input settings WIDTH=$1 HEIGHT=$2 -- export HOME=$DEBUG_REAL_HOME GAME_PREFS="$DEBUG_REAL_HOME/.local/share/feral-interactive/Rise of the Tomb Raider" # Set up (and back up) the game preferences files DATETIME=$( date +%Y-%d-%m-%H-%M ) echo "$DATETIME" >/tmp/rotr-bkp-dt GAME_PREFS_BKP="${GAME_PREFS}.pts-$DATETIME-bkp" cp -r "$GAME_PREFS" "$GAME_PREFS_BKP" # clear previous runs rm -rf "${GAME_PREFS:?}" Found error in /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/riseofthetombraider-1.0.1/pre.sh: $ grep -A5 -B5 /tmp/ /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/riseofthetombraider-1.0.1/pre.sh #!/bin/bash -e set -o xtrace exec > /tmp/test exec 2>&1 # Input settings WIDTH=$1 HEIGHT=$2 -- export HOME=$DEBUG_REAL_HOME GAME_PREFS="$DEBUG_REAL_HOME/.local/share/feral-interactive/Rise of the Tomb Raider" # Set up (and back up) the game preferences files DATETIME=$( date +%Y-%d-%m-%H-%M ) echo "$DATETIME" >/tmp/rotr-bkp-dt GAME_PREFS_BKP="${GAME_PREFS}.pts-$DATETIME-bkp" cp -r "$GAME_PREFS" "$GAME_PREFS_BKP" # clear previous runs rm -rf "${GAME_PREFS:?}" Found error in /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/f12017-1.1.1/pre.sh: $ grep -A5 -B5 /tmp/ /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/f12017-1.1.1/pre.sh #!/bin/bash set -o xtrace exec > /tmp/test exec 2>&1 export HOME=$DEBUG_REAL_HOME # Game identity FERAL_PREFS="$DEBUG_REAL_HOME/.local/share/feral-interactive" -- ;; esac # Set up (and back up) the game preferences files DATETIME=$( date +%Y-%d-%m-%H-%M ) echo "$DATETIME" >/tmp/f12017-bkp-dt GAME_PREFS_BKP="${FERAL_PREFS}/F1 2017.pts-$DATETIME-bkp" cp -r "$GAME_PREFS" "$GAME_PREFS_BKP" # clear previous runs rm -rf "${GAME_PREFS:?}" Found error in /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/f12017-1.1.0/pre.sh: $ grep -A5 -B5 /tmp/ /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/f12017-1.1.0/pre.sh #!/bin/bash set -o xtrace exec > /tmp/test exec 2>&1 export HOME=$DEBUG_REAL_HOME # Game identity FERAL_PREFS="$DEBUG_REAL_HOME/.local/share/feral-interactive" -- ;; esac # Set up (and back up) the game preferences files DATETIME=$( date +%Y-%d-%m-%H-%M ) echo "$DATETIME" >/tmp/f12017-bkp-dt GAME_PREFS_BKP="${FERAL_PREFS}/F1 2017.pts-$DATETIME-bkp" cp -r "$GAME_PREFS" "$GAME_PREFS_BKP" # clear previous runs rm -rf "${GAME_PREFS:?}"; fail resource-agents-4.16.0-alt1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/ocf/resource.d/heartbeat/rabbitmq-server-ha: $ grep /tmp/ /usr/lib/ocf/resource.d/heartbeat/rabbitmq-server-ha The debug flag for agent (${OCF_RESKEY_binary}) instance. In the /tmp/ directory will be created rmq-* files for log some operations and ENV values inside OCF-script. AMQP server (${OCF_RESKEY_binary}) debug flag local rc=$OCF_ERR_GENERIC local LH="${LL} monitor:" ocf_log debug "${LH} action start." if ocf_is_true "${OCF_RESKEY_debug}"; then d=`date '+%Y%m%d %H:%M:%S'` echo $d >> /tmp/rmq-monitor.log env >> /tmp/rmq-monitor.log echo "$d [monitor] start='${OCF_RESKEY_CRM_meta_notify_start_uname}' stop='${OCF_RESKEY_CRM_meta_notify_stop_uname}' active='${OCF_RESKEY_CRM_meta_notify_active_uname}' inactive='${OCF_RESKEY_CRM_meta_notify_inactive_uname}'" >> /tmp/rmq-ocf.log fi get_monitor rc=$? ocf_log debug "${LH} role: ${OCF_RESKEY_CRM_meta_role}" ocf_log debug "${LH} result: $rc" -- local LH="${LL} start:" local nowtime if ocf_is_true "${OCF_RESKEY_debug}"; then d=`date '+%Y%m%d %H:%M:%S'` echo $d >> /tmp/rmq-start.log env >> /tmp/rmq-start.log echo "$d [start] start='${OCF_RESKEY_CRM_meta_notify_start_uname}' stop='${OCF_RESKEY_CRM_meta_notify_stop_uname}' active='${OCF_RESKEY_CRM_meta_notify_active_uname}' inactive='${OCF_RESKEY_CRM_meta_notify_inactive_uname}'" >> /tmp/rmq-ocf.log fi ocf_log info "${LH} action begin." get_status -- local rc=$OCF_ERR_GENERIC local LH="${LL} stop:" if ocf_is_true "${OCF_RESKEY_debug}"; then d=$(date '+%Y%m%d %H:%M:%S') echo $d >> /tmp/rmq-stop.log env >> /tmp/rmq-stop.log echo "$d [stop] start='${OCF_RESKEY_CRM_meta_notify_start_uname}' stop='${OCF_RESKEY_CRM_meta_notify_stop_uname}' active='${OCF_RESKEY_CRM_meta_notify_active_uname}' inactive='${OCF_RESKEY_CRM_meta_notify_inactive_uname}'" >> /tmp/rmq-ocf.log fi ocf_log info "${LH} action begin." ocf_log info "${LH} Deleting master attribute" -- local LH="${LL} notify:" local nodelist if ocf_is_true "${OCF_RESKEY_debug}"; then d=`date '+%Y%m%d %H:%M:%S'` echo $d >> /tmp/rmq-notify.log env >> /tmp/rmq-notify.log echo "$d [notify] ${OCF_RESKEY_CRM_meta_notify_type}-${OCF_RESKEY_CRM_meta_notify_operation} promote='${OCF_RESKEY_CRM_meta_notify_promote_uname}' demote='${OCF_RESKEY_CRM_meta_notify_demote_uname}' master='${OCF_RESKEY_CRM_meta_notify_master_uname}' slave='${OCF_RESKEY_CRM_meta_notify_slave_uname}' start='${OCF_RESKEY_CRM_meta_notify_start_uname}' stop='${OCF_RESKEY_CRM_meta_notify_stop_uname}' active='${OCF_RESKEY_CRM_meta_notify_active_uname}' inactive='${OCF_RESKEY_CRM_meta_notify_inactive_uname}'" >> /tmp/rmq-ocf.log fi if [ "${OCF_RESKEY_CRM_meta_notify_type}" = 'post' ] ; then # POST- anything notify section case "$OCF_RESKEY_CRM_meta_notify_operation" in -- local rc=$OCF_ERR_GENERIC local LH="${LL} promote:" if ocf_is_true "${OCF_RESKEY_debug}"; then d=$(date '+%Y%m%d %H:%M:%S') echo $d >> /tmp/rmq-promote.log env >> /tmp/rmq-promote.log echo "$d [promote] start='${OCF_RESKEY_CRM_meta_notify_start_uname}' stop='${OCF_RESKEY_CRM_meta_notify_stop_uname}' active='${OCF_RESKEY_CRM_meta_notify_active_uname}' inactive='${OCF_RESKEY_CRM_meta_notify_inactive_uname}'" >> /tmp/rmq-ocf.log fi ocf_log info "${LH} action begin." get_monitor; fail rpm-build-vm-checkinstall-1.76-alt1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/vm-run.ci/checkinstall: $ grep /tmp/ /usr/lib/vm-run.ci/checkinstall # Bringing up secondary CPUs" message. ls /dev/kvm set | grep ^LD_ # Simulate filetrigger run find /boot > /tmp/filelist /usr/lib/rpm/posttrans-filetriggers /tmp/filelist rm /tmp/filelist # Remove trigger so it does not re-create '/tmp/vm-ext4.img'. > /usr/lib/rpm/z-vm-createimage.filetrigger kvm-ok timeout 300 vm-run <<-'EOF' uname ! timeout --preserve-status 300 vm-run "true; false; true" || exit 1 timeout 300 vm-run --mem=max free -g timeout 300 vm-run --cpu=max lscpu df -h /tmp timeout 300 vm-run --tmp=max df -h /tmp rm /tmp/vm-tmpfs.qcow2 timeout 300 vm-run --verbose --overlay=ext4 uname -a rmdir /mnt/0 rm /usr/src/ext4.0.img timeout 300 vm-run --rootfs --verbose df rm /tmp/vm-ext4.img timeout 300 vm-run --hvc --no-quiet 'dmesg -r | grep -E "printk:( legacy)? console \[hvc0\] enabled"' timeout 300 vm-run --tcg --mem='' --cpu=1 cat /proc/cpuinfo if [ "$ALT_BRANCH_ID" = sisyphus ]; then rpm -qa PROVIDES=kernel-latest | grep '^kernel-image-' fi # Clean up without '-f' ensures these files existed. rm /tmp/initramfs-*-*-alt*.img # SCRIPT and exit code files form each vm-run invocation. Each SCRIPT file # should correspond to '.ret' file. find /tmp/vm.?????????? -maxdepth 0 | xargs -t -i -n1 rm {} {}.ret; fail scanbuttond-0.2.3-alt4.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /etc/scanbuttond/buttonpressed.sh: $ grep /tmp/ /etc/scanbuttond/buttonpressed.sh # $1 ... the button number # $2 ... the scanner's SANE device name, which comes in handy if there are two or # more scanners. In this case we can pass the device name to SANE programs # like scanimage. TMPFILE="/tmp/scan.tiff" LOCKFILE="/tmp/copy.lock" case $1 in 1) echo "button 1 has been pressed on $2" # echo "Error: Another scanning operation is currently in progress" # exit # fi # touch $LOCKFILE # rm -f $TMPFILE scanimage --device-name $2 -x 215 -y 297 1> /tmp/image.pnm A= gimp /tmp/image.pnm # tiff2ps -z -w 8.27 -h 11.69 $TMPFILE | lpr # rm -f $LOCKFILE # ;; 2) echo "button 2 has been pressed on $2" scanimage --device-name $2 -x 215 -y 297 1> /tmp/image.pnm lpr /tmp/image.pnm ;; 3) echo "button 3 has been pressed on $2" scanimage --device-name $2 -x 215 -y 297 1> /tmp/image.pnm A= evolution mailto:?attach=/tmp/image.pnm ;; 4) echo "button 4 has been pressed on $2" ;; esac; fail select-kernel-0.99.2-alt1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/sbin/select-kernel: $ grep /tmp/ /usr/sbin/select-kernel message() { printf %s\\n "$PROG: $*" >&2 } debug() { echo "$@" >> /tmp/$PROG.dbg } show_help() { cat << EOF yes= numeric= RELEASE=. FLAVOUR=. CACHE=/tmp/$PROG.$$ trap "rm -f $CACHE" EXIT SIGHUP SIGINT SIGQUIT SIGTERM while [ -n "$1" ]; do if [ "$1" = "-h" ] || [ "$1" = "--help" ]; then show_help; fail spdk-25.05-alt1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/libexec/spdk/scripts/spdx.sh: $ grep /tmp/ /usr/libexec/spdk/scripts/spdx.sh etc usr THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT etc usr (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE etc usr OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. etc/ usr/ END ) > /tmp/c.txt ( cat << 'END' # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # END ) > /tmp/makefile.txt function get_sha() { sha= start=$(cat -n $1 | grep "Redistribution and use" | awk '{print $1}') end=$(cat -n $1 | grep "POSSIBILITY OF SUCH DAMAGE" | head -1 | awk '{print $1}') -- fi count=$((end - start + 1)) sha=$(sed -n "${start},+${count}p" $1 | sha1sum | awk '{print $1}') } intel_c_sha=$(sed 's/__COMPANY__/Intel Corporation/g' /tmp/c.txt | sha1sum | awk '{print $1}') nvidia_c_sha=$(sed 's/__COMPANY__/Nvidia Corporation/g' /tmp/c.txt | sha1sum | awk '{print $1}') samsung_c_sha=$(sed 's/__COMPANY__/Samsung Electronics Co., Ltd./g' /tmp/c.txt | sha1sum | awk '{print $1}') eideticom_c_sha=$(sed 's/__COMPANY__/Eideticom Inc/g' /tmp/c.txt | sha1sum | awk '{print $1}') generic_c_sha=$(sed 's/__COMPANY__/the copyright holder/g' /tmp/c.txt | sha1sum | awk '{print $1}') for f in $(git ls-files '**/*.c' '**/*.cpp' '**/*.h' '**/*.cc' '**/*.go'); do get_sha $f if [[ $sha == "$intel_c_sha" ]] \ || [[ $sha == "$nvidia_c_sha" ]] \ -- sed -i '1 i /ALT /bin /boot /dev /etc /home /lib /lib64 /libx32 /lost+found /media /mnt /opt /proc /root /run /sbin /selinux /srv /sys /tmp /usr /var SPDX-License-Identifier: BSD-3-Clause' $f fi done intel_makefile_sha=$(sed 's/__COMPANY__/Intel Corporation/g' /tmp/makefile.txt | sha1sum | awk '{print $1}') nvidia_makefile_sha=$(sed 's/__COMPANY__/Nvidia Corporation/g' /tmp/makefile.txt | sha1sum | awk '{print $1}') samsung_makefile_sha=$(sed 's/__COMPANY__/Samsung Electronics Co., Ltd./g' /tmp/makefile.txt | sha1sum | awk '{print $1}') eideticom_makefile_sha=$(sed 's/__COMPANY__/Eideticom Inc/g' /tmp/makefile.txt | sha1sum | awk '{print $1}') generic_makefile_sha=$(sed 's/__COMPANY__/the copyright holder/g' /tmp/makefile.txt | sha1sum | awk '{print $1}') for f in $(git ls-files CONFIG MAKEFILE '**/*.mk' '**/Makefile'); do get_sha $f if [[ $sha == "$intel_makefile_sha" ]] \ || [[ $sha == "$nvidia_makefile_sha" ]] \; fail startup-rescue-0.50-alt2.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /etc/rc.d/rc.sysinit.rescue: $ grep /tmp/ /etc/rc.d/rc.sysinit.rescue # Ensure plymouth is not running killall plymouthd >/dev/null 2>&1 remount_aufs() { [ "$1" ] || return 0 mkdir "/tmp/root$1" mount -n -t aufs -o dirs="/tmp/root$1=rw:$1=ro" "/tmp/root$1" "$1" } # Avoid double-aufs/overlayfs attempt if ! grep -qE "^overlay|/ aufs" /proc/mounts; then for mpoint in /etc /var /lib /bin /sbin /home /root /mnt; do -- action "Mounting efivars filesystem:" mount -t efivarfs none /sys/firmware/efi/efivars fi # run tmpfiles.d scripts if systemd_tmpfiles="$(find_util systemd-tmpfiles)"; then "$systemd_tmpfiles" --clean >/tmp/tmpfiles.log 2>&1 "$systemd_tmpfiles" --remove --create --boot --exclude-prefix=/dev >>/tmp/tmpfiles.log 2>&1 fi # Recover mdadm.conf if it's been changed above if [ -s "$MDCONF" ]; then sed -i 's,^DEVICE /dev/null,DEVICE partitions,' "$MDCONF"; fail strongswan-testing-6.0.1-alt1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/doc/strongswan-testing-6.0.1/testing/hosts/default/usr/local/bin/init-test: $ grep /tmp/ /usr/share/doc/strongswan-testing-6.0.1/testing/hosts/default/usr/local/bin/init-test shift $((OPTIND-1)) # start tcpdump in the background if [ "$INTERFACE" ] then tcpdump $INTERFACE not port ssh and not port domain >/tmp/tcpdump.log 2>/tmp/tcpdump.err.log & fi # setup ramdisk for databases if [ "$DB" ] then; fail systemd-tests-257.7-alt1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/systemd/tests/testdata/units/TEST-87-AUX-UTILS-VM.modules-load.sh: $ grep /tmp/ /usr/lib/systemd/tests/testdata/units/TEST-87-AUX-UTILS-VM.modules-load.sh "$MODULES_LOAD_BIN" # Explicit config file modprobe dummy printf "dummy" >"$CONFIG_FILE" "$MODULES_LOAD_BIN" "$CONFIG_FILE" |& tee /tmp/out.log grep "Inserted module .*dummy" /tmp/out.log # Implicit config file modprobe dummy printf "dummy" >"$CONFIG_FILE" "$MODULES_LOAD_BIN" |& tee /tmp/out.log grep "Inserted module .*dummy" /tmp/out.log # Valid & invalid data mixed together modprobe dummy cat >"$CONFIG_FILE" </tmp/core.redirected test -s /tmp/core.redirected coredumpctl dump -o /tmp/core.output "${CORE_TEST_BIN##*/}" test -s /tmp/core.output rm -f /tmp/core.{output,redirected} # Unprivileged stuff # Related issue: https://github.com/systemd/systemd/issues/26912 UNPRIV_CMD=(systemd-run --user --wait --pipe -M "testuser@.host" --) # Trigger a couple of coredumps as an unprivileged user -- "${UNPRIV_CMD[@]}" coredumpctl info "$CORE_TEST_UNPRIV_BIN" "${UNPRIV_CMD[@]}" coredumpctl info "${CORE_TEST_UNPRIV_BIN##*/}" (! "${UNPRIV_CMD[@]}" coredumpctl info --all "$CORE_TEST_BIN") (! "${UNPRIV_CMD[@]}" coredumpctl info --all "${CORE_TEST_BIN##*/}") # We should have a couple of externally stored coredumps "${UNPRIV_CMD[@]}" coredumpctl --field=COREDUMP_FILENAME | tee /tmp/coredumpctl.out grep "/var/lib/systemd/coredump/core" /tmp/coredumpctl.out rm -f /tmp/coredumpctl.out "${UNPRIV_CMD[@]}" coredumpctl debug --debugger=/bin/true "$CORE_TEST_UNPRIV_BIN" "${UNPRIV_CMD[@]}" coredumpctl debug --debugger=/bin/true --debugger-arguments="-this --does --not 'do anything' -a -t --all" "${CORE_TEST_UNPRIV_BIN##*/}" "${UNPRIV_CMD[@]}" coredumpctl dump "$CORE_TEST_UNPRIV_BIN" >/tmp/core.redirected test -s /tmp/core.redirected "${UNPRIV_CMD[@]}" coredumpctl dump -o /tmp/core.output "${CORE_TEST_UNPRIV_BIN##*/}" test -s /tmp/core.output rm -f /tmp/core.{output,redirected} (! "${UNPRIV_CMD[@]}" coredumpctl dump "$CORE_TEST_BIN" >/dev/null) # --backtrace mode # Pass one of the existing journal coredump records to systemd-coredump. # Use our PID as the source to be able to create a PIDFD and to make matching easier. Found error in /usr/lib/systemd/tests/testdata/units/TEST-87-AUX-UTILS-VM.bootctl.sh: $ grep -A5 -B5 /tmp/ /usr/lib/systemd/tests/testdata/units/TEST-87-AUX-UTILS-VM.bootctl.sh return 0 ) testcase_bootctl_image() { IMAGE_DIR="$(mktemp --directory /tmp/test-bootctl.XXXXXXXXXX)" trap cleanup_image RETURN truncate -s 256m "${IMAGE_DIR}/image" cat >"${IMAGE_DIR}/partscript" </dev/null; then echo "mkfs.btrfs not found, skipping." return 0 fi IMAGE_DIR="$(mktemp --directory /tmp/test-bootctl.XXXXXXXXXX)" trap cleanup_raid RETURN truncate -s 256m "${IMAGE_DIR}/image1" truncate -s 256m "${IMAGE_DIR}/image2" -- SYSTEMD_LOG_TARGET=console varlinkctl call --json=short /run/systemd/io.systemd.BootControl io.systemd.BootControl.SetRebootToFirmware '{"state":true}' --graceful=io.systemd.BootControl.RebootToFirmwareNotSupported SYSTEMD_LOG_TARGET=console varlinkctl call --json=short /run/systemd/io.systemd.BootControl io.systemd.BootControl.SetRebootToFirmware '{"state":false}' --graceful=io.systemd.BootControl.RebootToFirmwareNotSupported } testcase_bootctl_secure_boot_auto_enroll() { cat >/tmp/openssl.conf </tmp/nextroot-lower/lower # Copy os-release away, so that we can manipulate it and check that it is updated in the propagate # directory across soft reboots. Try to cover corner cases by truncating it. mkdir -p /tmp/nextroot-lower/etc grep ID /etc/os-release >/tmp/nextroot-lower/etc/os-release echo MARKER=1 >>/tmp/nextroot-lower/etc/os-release cmp /etc/os-release /run/systemd/propagate/.os-release-stage/os-release (! grep -q MARKER=1 /etc/os-release) mount -t overlay nextroot /run/nextroot -o lowerdir=/tmp/nextroot-lower:/,ro # Bind our current root into the target so that we later can return to it mount --bind / /run/nextroot/original-root # Restart the unit that is not supposed to survive -- systemd-run --collect --service-type=exec -p DefaultDependencies=no -p IgnoreOnIsolate=yes -p SetCredential=gone:hoge --unit=TEST-82-SOFTREBOOT-nosurvive.service sleep infinity # Ensure that the unit doesn't get deactivated by dependencies on the source file. Given it's a verity # image that is already open, even if the tmpfs with the image goes away, the file will be pinned by the # kernel and will keep working. cp /usr/share/minimal_0.* /tmp/ # Configure these transient units to survive the soft reboot - they will not conflict with shutdown.target # and it will be ignored on the isolate that happens in the next boot. The first will use argv[0][0] = # '@', and the second will use SurviveFinalKillSignal=yes. Both should survive. # By writing to stdout, which is connected to the journal, we also ensure logging doesn't break across -- --property SetCredential=preserve:yay \ "$survive_argv" # shellcheck disable=SC2016 systemd-run --service-type=exec --unit=TEST-82-SOFTREBOOT-survive.service \ --property TemporaryFileSystem="/run /tmp /var" \ --property RootImage=/tmp/minimal_0.raw \ --property SurviveFinalKillSignal=yes \ --property IgnoreOnIsolate=yes \ --property DefaultDependencies=no \ --property After=basic.target \ --property "Conflicts=reboot.target kexec.target poweroff.target halt.target emergency.target rescue.target" \ Found error in /usr/lib/systemd/tests/testdata/units/TEST-81-GENERATORS.system-update-generator.sh: $ grep -A5 -B5 /tmp/ /usr/lib/systemd/tests/testdata/units/TEST-81-GENERATORS.system-update-generator.sh # shellcheck source=test/units/generator-utils.sh . "$(dirname "$0")/generator-utils.sh" GENERATOR_BIN="/usr/lib/systemd/system-generators/systemd-system-update-generator" OUT_DIR="$(mktemp -d /tmp/system-update-generator-generator.XXX)" at_exit() { rm -frv "${OUT_DIR:?}" /system-update } -- link_endswith "$OUT_DIR/early/default.target" "/lib/systemd/system/system-update.target" : "system-update-generator: kernel cmdline warnings" # We should warn if the default target is overridden on the kernel cmdline # by a runlevel or systemd.unit=, but still generate the symlink SYSTEMD_PROC_CMDLINE="systemd.unit=foo.bar 3" run_and_list "$GENERATOR_BIN" "$OUT_DIR" |& tee /tmp/system-update-generator.log link_endswith "$OUT_DIR/early/default.target" "/lib/systemd/system/system-update.target" grep -qE "Offline system update overridden .* systemd.unit=" /tmp/system-update-generator.log grep -qE "Offline system update overridden .* runlevel" /tmp/system-update-generator.log Found error in /usr/lib/systemd/tests/testdata/units/TEST-81-GENERATORS.getty-generator.sh: $ grep -A5 -B5 /tmp/ /usr/lib/systemd/tests/testdata/units/TEST-81-GENERATORS.getty-generator.sh # shellcheck source=test/units/generator-utils.sh . "$(dirname "$0")/generator-utils.sh" GENERATOR_BIN="/usr/lib/systemd/system-generators/systemd-getty-generator" OUT_DIR="$(mktemp -d /tmp/getty-generator.XXX)" at_exit() { rm -frv "${OUT_DIR:?}" } -- done # Sneak in one "not-a-tty" console touch /dev/notatty99 # Temporarily replace /sys/class/tty/console/active with our list of dummy # consoles so getty-generator can process them echo -ne "${DUMMY_ACTIVE_CONSOLES[@]}" /dev/notatty99 >/tmp/dummy-active-consoles mount -v --bind /tmp/dummy-active-consoles /sys/class/tty/console/active : "getty-generator: no arguments" # Sneak in an invalid value for $SYSTEMD_GETTY_AUTO to test things out PID1_ENVIRON="SYSTEMD_GETTY_AUTO=foo" run_and_list "$GENERATOR_BIN" "$OUT_DIR" for console in "${DUMMY_ACTIVE_CONSOLES[@]}"; do Found error in /usr/lib/systemd/tests/testdata/units/TEST-80-NOTIFYACCESS.sh: $ grep -A5 -B5 /tmp/ /usr/lib/systemd/tests/testdata/units/TEST-80-NOTIFYACCESS.sh set -o pipefail # shellcheck source=test/units/util.sh . "$(dirname "$0")"/util.sh mkfifo /tmp/syncfifo1 /tmp/syncfifo2 sync_in() { read -r x < /tmp/syncfifo1 test "$x" = "$1" } sync_out() { echo "$1" > /tmp/syncfifo2 } export SYSTEMD_LOG_LEVEL=debug # Test NotifyAccess= override through sd_notify() -- assert_eq "$(systemctl show notify.service -p NotifyAccess --value)" "none" systemctl stop notify.service assert_eq "$(systemctl show notify.service -p NotifyAccess --value)" "all" rm /tmp/syncfifo1 /tmp/syncfifo2 # Explicitly test busctl's BUSERROR= reporting and systemctl status should show it (! systemd-run --wait --unit="TEST-80-BUSERROR.service" -p NotifyAccess=main busctl introspect org.freedesktop.systemd1 /bogus/001) assert_eq "$(systemctl show TEST-80-BUSERROR.service -P StatusBusError)" "org.freedesktop.DBus.Error.UnknownObject" assert_in "D-Bus: org.freedesktop.DBus.Error.UnknownObject" "$(systemctl status TEST-80-BUSERROR.service)" # Now test basic fdstore behaviour MYSCRIPT="/tmp/myscript$RANDOM.sh" cat >> "$MYSCRIPT" <<'EOF' #!/usr/bin/env bash set -eux set -o pipefail test "$FDSTORE" -eq 7 N="/tmp/$RANDOM" echo $RANDOM > "$N" systemd-notify --fd=4 --fdname=quux --pid=parent 4< "$N" rm "$N" systemd-notify --ready exec sleep infinity -- MYUNIT="myunit$RANDOM.service" systemd-run -u "$MYUNIT" -p Type=notify -p FileDescriptorStoreMax=7 "$MYSCRIPT" test "$(systemd-analyze fdstore "$MYUNIT" | wc -l)" -eq 2 systemd-analyze fdstore "$MYUNIT" --json=short systemd-analyze fdstore "$MYUNIT" --json=short | grep -P -q '\[{"fdname":"quux","type":.*,"devno":\[.*\],"inode":.*,"rdevno":null,"path":"/tmp/.*","flags":"ro"}\]' systemctl stop "$MYUNIT" rm "$MYSCRIPT" systemd-analyze log-level debug Found error in /usr/lib/systemd/tests/testdata/units/TEST-76-SYSCTL.sh: $ grep -A5 -B5 /tmp/ /usr/lib/systemd/tests/testdata/units/TEST-76-SYSCTL.sh # shellcheck source=test/units/util.sh . "$(dirname "$0")"/util.sh export SYSTEMD_LOG_LEVEL=debug echo "foo.bar=42" >/tmp/foo.conf assert_rc 0 /usr/lib/systemd/systemd-sysctl /tmp/foo.conf assert_rc 1 /usr/lib/systemd/systemd-sysctl --strict /tmp/foo.conf echo "-foo.foo=42" >/tmp/foo.conf assert_rc 0 /usr/lib/systemd/systemd-sysctl /tmp/foo.conf assert_rc 0 /usr/lib/systemd/systemd-sysctl --strict /tmp/foo.conf if ! systemd-detect-virt --quiet --container; then ip link add hoge type dummy udevadm wait /sys/class/net/hoge cat >/tmp/foo.conf </proc/sys/net/ipv4/conf/hoge/drop_gratuitous_arp echo 0 >/proc/sys/net/ipv4/conf/hoge/bootp_relay echo 0 >/proc/sys/net/ipv4/conf/hoge/disable_policy assert_rc 0 /usr/lib/systemd/systemd-sysctl --prefix=/net/ipv4/conf/hoge /tmp/foo.conf assert_eq "$(cat /proc/sys/net/ipv4/conf/hoge/drop_gratuitous_arp)" "1" assert_eq "$(cat /proc/sys/net/ipv4/conf/hoge/bootp_relay)" "1" assert_eq "$(cat /proc/sys/net/ipv4/conf/hoge/disable_policy)" "0" fi Found error in /usr/lib/systemd/tests/testdata/units/TEST-74-AUX-UTILS.socket.sh: $ grep -A5 -B5 /tmp/ /usr/lib/systemd/tests/testdata/units/TEST-74-AUX-UTILS.socket.sh systemctl daemon-reload systemctl start per-source-limit.socket systemctl status per-source-limit.socket # So these two should take up the first two connection slots socat -U - UNIX-CONNECT:/run/per-source-limit.sk | tee /tmp/foo.conn1 & J1="$!" socat -U - UNIX-CONNECT:/run/per-source-limit.sk | tee /tmp/foo.conn2 & J2="$!" waitfor() { local file="${1:?}" -- echo >&2 "Timeout while waiting for the expected output" return 1 } # Wait until the word "waldo" shows in the output files waitfor /tmp/foo.conn1 waitfor /tmp/foo.conn2 # The next connection should fail, because the limit is hit socat -U - UNIX-CONNECT:/run/per-source-limit.sk | tee /tmp/foo.conn3 & J3="$!" # But this one should work, because done under a different UID setpriv --reuid=1 socat -U - UNIX-CONNECT:/run/per-source-limit.sk | tee /tmp/foo.conn4 & J4="$!" waitfor /tmp/foo.conn4 # The third job should fail quickly, wait for it wait "$J3" # The other jobs will hang forever, since we run "sleep infinity" on the server side. Let's kill the jobs now. kill "$J1" kill "$J2" kill "$J4" # The 3rd connection should not have seen "waldo", since it should have been refused too early (! grep -q "waldo" /tmp/foo.conn3 ) Found error in /usr/lib/systemd/tests/testdata/units/TEST-74-AUX-UTILS.sbsign.sh: $ grep -A5 -B5 /tmp/ /usr/lib/systemd/tests/testdata/units/TEST-74-AUX-UTILS.sbsign.sh if [[ ! -d /usr/lib/systemd/boot/efi ]]; then echo "systemd-boot is not installed, skipping." exit 0 fi cat >/tmp/openssl.conf </dev/null; then echo "sbverify not found, skipping." exit 0 fi SD_BOOT="$(find /usr/lib/systemd/boot/efi/ -name "systemd-boot*.efi" | head -n1)" (! sbverify --cert /tmp/sb.crt "$SD_BOOT") /usr/lib/systemd/systemd-sbsign sign --certificate /tmp/sb.crt --private-key /tmp/sb.key --output /tmp/sdboot "$SD_BOOT" sbverify --cert /tmp/sb.crt /tmp/sdboot # Make sure appending signatures to an existing certificate table works as well. /usr/lib/systemd/systemd-sbsign sign --certificate /tmp/sb.crt --private-key /tmp/sb.key --output /tmp/sdboot /tmp/sdboot sbverify --cert /tmp/sb.crt /tmp/sdboot } run_testcases Found error in /usr/lib/systemd/tests/testdata/units/TEST-74-AUX-UTILS.keyutil.sh: $ grep -A5 -B5 /tmp/ /usr/lib/systemd/tests/testdata/units/TEST-74-AUX-UTILS.keyutil.sh if ! command -v /usr/lib/systemd/systemd-keyutil >/dev/null; then echo "systemd-keyutil not found, skipping." exit 0 fi cat >/tmp/openssl.conf </tmp/borked set +e SYSTEMD_MEASURE_LOG_USERSPACE=/tmp/borked "$SD_PCRLOCK" cel --no-pager --json=pretty ret=$? set -e # If it crashes the exit code will be 149 test $ret -eq 1 -- PIN=huhu "$SD_PCRLOCK" make-policy --pcr="$PCRS" --recovery-pin=query # Repeat immediately (this call will have to reuse the nvindex, rather than create it) "$SD_PCRLOCK" make-policy --pcr="$PCRS" "$SD_PCRLOCK" make-policy --pcr="$PCRS" --force img="/tmp/pcrlock.img" truncate -s 20M "$img" echo -n hoho >/tmp/pcrlockpwd chmod 0600 /tmp/pcrlockpwd cryptsetup luksFormat -q --pbkdf pbkdf2 --pbkdf-force-iterations 1000 --use-urandom "$img" /tmp/pcrlockpwd systemd-cryptenroll --unlock-key-file=/tmp/pcrlockpwd --tpm2-device=auto --tpm2-pcrlock=/var/lib/systemd/pcrlock.json --tpm2-public-key= --wipe-slot=tpm2 "$img" systemd-cryptsetup attach pcrlock "$img" - tpm2-device=auto,tpm2-pcrlock=/var/lib/systemd/pcrlock.json,headless systemd-cryptsetup detach pcrlock # Ensure systemd-pcrlock not crashing on empty variant directory mkdir -p /var/lib/pcrlock.d/123-empty.pcrlock.d -- openssl rsa -pubout -in "$img".private.pem -out "$img".public.pem systemd-cryptenroll --unlock-tpm2-device=auto --tpm2-device=auto --tpm2-pcrlock=/var/lib/systemd/pcrlock.json --tpm2-public-key="$img".public.pem --wipe-slot=tpm2 "$img" "$SD_MEASURE" sign --current --bank=sha256 --private-key="$img".private.pem --public-key="$img".public.pem --phase=: | tee "$img".pcrsign SYSTEMD_CRYPTSETUP_USE_TOKEN_MODULE=0 systemd-cryptsetup attach pcrlock "$img" - "tpm2-device=auto,tpm2-pcrlock=/var/lib/systemd/pcrlock.json,tpm2-signature=$img.pcrsign,headless" systemd-cryptsetup detach pcrlock systemd-cryptenroll --unlock-key-file=/tmp/pcrlockpwd --tpm2-device=auto --tpm2-pcrlock=/var/lib/systemd/pcrlock.json --tpm2-public-key= --wipe-slot=tpm2 "$img" rm "$img".public.pem "$img".private.pem "$img".pcrsign # Now use the root fs support, i.e. make the tool write a copy of the pcrlock # file as service credential to some temporary dir and remove the local copy, so that # it has to use the credential version. mkdir /tmp/fakexbootldr SYSTEMD_XBOOTLDR_PATH=/tmp/fakexbootldr SYSTEMD_RELAX_XBOOTLDR_CHECKS=1 "$SD_PCRLOCK" make-policy --pcr="$PCRS" --force mv /var/lib/systemd/pcrlock.json /var/lib/systemd/pcrlock.json.gone ls -al /tmp/fakexbootldr/loader/credentials CREDENTIAL_FILE="$(echo /tmp/fakexbootldr/loader/credentials/pcrlock.*.cred)" test -f "$CREDENTIAL_FILE" # Strip dir and .cred suffix from file name. CREDENTIAL_NAME=${CREDENTIAL_FILE#/tmp/fakexbootldr/loader/credentials/} CREDENTIAL_NAME=${CREDENTIAL_NAME%.cred} systemd-creds decrypt --name="$CREDENTIAL_NAME" "$CREDENTIAL_FILE" ln -s "$CREDENTIAL_FILE" /tmp/fakexbootldr/loader/credentials/"$CREDENTIAL_NAME" test -f /tmp/fakexbootldr/loader/credentials/"$CREDENTIAL_NAME" SYSTEMD_ENCRYPTED_SYSTEM_CREDENTIALS_DIRECTORY=/tmp/fakexbootldr/loader/credentials systemd-cryptsetup attach pcrlock "$img" - tpm2-device=auto,headless systemd-cryptsetup detach pcrlock mv /var/lib/systemd/pcrlock.json.gone /var/lib/systemd/pcrlock.json SYSTEMD_XBOOTLDR_PATH=/tmp/fakexbootldr SYSTEMD_RELAX_XBOOTLDR_CHECKS=1 "$SD_PCRLOCK" remove-policy "$SD_PCRLOCK" unlock-firmware-config "$SD_PCRLOCK" unlock-gpt "$SD_PCRLOCK" unlock-machine-id "$SD_PCRLOCK" unlock-file-system -- varlinkctl call /run/systemd/io.systemd.PCRLock io.systemd.PCRLock.RemovePolicy '{}' varlinkctl call /run/systemd/io.systemd.PCRLock io.systemd.PCRLock.MakePolicy '{}' varlinkctl call --collect --json=pretty /run/systemd/io.systemd.PCRLock io.systemd.PCRLock.ReadEventLog '{}' rm "$img" /tmp/pcrlockpwd # For issue #35746 for _ in {0..10}; do run0 /usr/lib/systemd/systemd-pcrlock done Found error in /usr/lib/systemd/tests/testdata/units/TEST-70-TPM2.measure.sh: $ grep -A5 -B5 /tmp/ /usr/lib/systemd/tests/testdata/units/TEST-70-TPM2.measure.sh if [[ ! -x "${SD_MEASURE:?}" ]]; then echo "$SD_MEASURE not found, skipping the test" exit 0 fi IMAGE="$(mktemp /tmp/systemd-measure-XXX.image)" echo HALLO >/tmp/tpmdata1 echo foobar >/tmp/tpmdata2 cat >/tmp/result </tmp/result.json </tmp/result </tmp/result.json </dev/null; then MEASURE_BANKS+=("--bank=sha1") fi # Sign current PCR state with it "$SD_MEASURE" sign --current "${MEASURE_BANKS[@]}" --private-key="/tmp/pcrsign-private.pem" --public-key="/tmp/pcrsign-public.pem" --phase=: | tee "/tmp/pcrsign.sig" dd if=/dev/urandom of=/tmp/pcrtestdata bs=1024 count=64 systemd-creds encrypt /tmp/pcrtestdata /tmp/pcrtestdata.encrypted --with-key=host+tpm2-with-public-key --tpm2-public-key="/tmp/pcrsign-public.pem" systemd-creds decrypt /tmp/pcrtestdata.encrypted - --tpm2-signature="/tmp/pcrsign.sig" | cmp - /tmp/pcrtestdata # Invalidate PCR, decrypting should fail now tpm2_pcrextend 11:sha256=0000000000000000000000000000000000000000000000000000000000000000 (! systemd-creds decrypt /tmp/pcrtestdata.encrypted - --tpm2-signature="/tmp/pcrsign.sig" >/dev/null) # Sign new PCR state, decrypting should work now. "$SD_MEASURE" sign --current "${MEASURE_BANKS[@]}" --private-key="/tmp/pcrsign-private.pem" --public-key="/tmp/pcrsign-public.pem" --phase=: >"/tmp/pcrsign.sig2" systemd-creds decrypt /tmp/pcrtestdata.encrypted - --tpm2-signature="/tmp/pcrsign.sig2" | cmp - /tmp/pcrtestdata # Now, do the same, but with a cryptsetup binding truncate -s 20M "$IMAGE" cryptsetup luksFormat -q --pbkdf pbkdf2 --pbkdf-force-iterations 1000 --use-urandom "$IMAGE" /tmp/passphrase # Ensure that an unrelated signature, when not requested, is not used touch /run/systemd/tpm2-pcr-signature.json systemd-cryptenroll --unlock-key-file=/tmp/passphrase --tpm2-device=auto --tpm2-public-key="/tmp/pcrsign-public.pem" "$IMAGE" # Reset and use the signature now rm -f /run/systemd/tpm2-pcr-signature.json systemd-cryptenroll --wipe-slot=tpm2 "$IMAGE" systemd-cryptenroll --unlock-key-file=/tmp/passphrase --tpm2-device=auto --tpm2-public-key="/tmp/pcrsign-public.pem" --tpm2-signature="/tmp/pcrsign.sig2" "$IMAGE" # Check if we can activate that (without the token module stuff) SYSTEMD_CRYPTSETUP_USE_TOKEN_MODULE=0 systemd-cryptsetup attach test-volume2 "$IMAGE" - tpm2-device=auto,tpm2-signature="/tmp/pcrsign.sig2",headless=1 SYSTEMD_CRYPTSETUP_USE_TOKEN_MODULE=0 systemd-cryptsetup detach test-volume2 # Check if we can activate that (and a second time with the token module stuff enabled) SYSTEMD_CRYPTSETUP_USE_TOKEN_MODULE=1 systemd-cryptsetup attach test-volume2 "$IMAGE" - tpm2-device=auto,tpm2-signature="/tmp/pcrsign.sig2",headless=1 SYSTEMD_CRYPTSETUP_USE_TOKEN_MODULE=1 systemd-cryptsetup detach test-volume2 # After extending the PCR things should fail tpm2_pcrextend 11:sha256=0000000000000000000000000000000000000000000000000000000000000000 (! SYSTEMD_CRYPTSETUP_USE_TOKEN_MODULE=0 systemd-cryptsetup attach test-volume2 "$IMAGE" - tpm2-device=auto,tpm2-signature="/tmp/pcrsign.sig2",headless=1) (! SYSTEMD_CRYPTSETUP_USE_TOKEN_MODULE=1 systemd-cryptsetup attach test-volume2 "$IMAGE" - tpm2-device=auto,tpm2-signature="/tmp/pcrsign.sig2",headless=1) # But once we sign the current PCRs, we should be able to unlock again "$SD_MEASURE" sign --current "${MEASURE_BANKS[@]}" --private-key="/tmp/pcrsign-private.pem" --public-key="/tmp/pcrsign-public.pem" --phase=: >"/tmp/pcrsign.sig3" SYSTEMD_CRYPTSETUP_USE_TOKEN_MODULE=0 systemd-cryptsetup attach test-volume2 "$IMAGE" - tpm2-device=auto,tpm2-signature="/tmp/pcrsign.sig3",headless=1 systemd-cryptsetup detach test-volume2 SYSTEMD_CRYPTSETUP_USE_TOKEN_MODULE=1 systemd-cryptsetup attach test-volume2 "$IMAGE" - tpm2-device=auto,tpm2-signature="/tmp/pcrsign.sig3",headless=1 systemd-cryptsetup detach test-volume2 # Test --append mode and de-duplication. With the same parameters signing should not add a new entry "$SD_MEASURE" sign --current "${MEASURE_BANKS[@]}" --private-key="/tmp/pcrsign-private.pem" --public-key="/tmp/pcrsign-public.pem" --phase=: --append="/tmp/pcrsign.sig3" >"/tmp/pcrsign.sig4" cmp "/tmp/pcrsign.sig3" "/tmp/pcrsign.sig4" # Sign one more phase, this should "$SD_MEASURE" sign --current "${MEASURE_BANKS[@]}" --private-key="/tmp/pcrsign-private.pem" --public-key="/tmp/pcrsign-public.pem" --phase=quux:waldo --append="/tmp/pcrsign.sig4" >"/tmp/pcrsign.sig5" (! cmp "/tmp/pcrsign.sig4" "/tmp/pcrsign.sig5") # Should still be good to unlock, given the old entry still exists SYSTEMD_CRYPTSETUP_USE_TOKEN_MODULE=0 systemd-cryptsetup attach test-volume2 "$IMAGE" - tpm2-device=auto,tpm2-signature="/tmp/pcrsign.sig5",headless=1 systemd-cryptsetup detach test-volume2 # Adding both signatures once more should not change anything, due to the deduplication "$SD_MEASURE" sign --current "${MEASURE_BANKS[@]}" --private-key="/tmp/pcrsign-private.pem" --public-key="/tmp/pcrsign-public.pem" --phase=: --append="/tmp/pcrsign.sig5" >"/tmp/pcrsign.sig6" "$SD_MEASURE" sign --current "${MEASURE_BANKS[@]}" --private-key="/tmp/pcrsign-private.pem" --public-key="/tmp/pcrsign-public.pem" --phase=quux:waldo --append="/tmp/pcrsign.sig6" >"/tmp/pcrsign.sig7" cmp "/tmp/pcrsign.sig5" "/tmp/pcrsign.sig7" rm -f "$IMAGE" Found error in /usr/lib/systemd/tests/testdata/units/TEST-70-TPM2.cryptsetup.sh: $ grep -A5 -B5 /tmp/ /usr/lib/systemd/tests/testdata/units/TEST-70-TPM2.cryptsetup.sh } trap at_exit EXIT # Prepare a fresh disk image IMAGE="$(mktemp /tmp/systemd-cryptsetup-XXX.IMAGE)" truncate -s 20M "$IMAGE" echo -n passphrase >/tmp/passphrase # Change file mode to avoid "/tmp/passphrase has 0644 mode that is too permissive" messages chmod 0600 /tmp/passphrase cryptsetup luksFormat -q --pbkdf pbkdf2 --pbkdf-force-iterations 1000 --use-urandom "$IMAGE" /tmp/passphrase # Unlocking via keyfile systemd-cryptenroll --unlock-key-file=/tmp/passphrase --tpm2-device=auto "$IMAGE" # Enroll unlock with default PCR policy PASSWORD=passphrase systemd-cryptenroll --tpm2-device=auto "$IMAGE" systemd-cryptsetup attach test-volume "$IMAGE" - tpm2-device=auto,headless=1 systemd-cryptsetup detach test-volume -- systemd-cryptsetup attach test-volume "$IMAGE" - tpm2-device=auto,headless=1 systemd-cryptsetup detach test-volume # Now the interesting part, enrolling using a hash value that doesn't match the current PCR value systemd-cryptenroll --wipe-slot=tpm2 "$IMAGE" tpm2_pcrread -Q -o /tmp/pcr.dat sha256:12 CURRENT_PCR_VALUE=$(cat /sys/class/tpm/tpm0/pcr-sha256/12) EXPECTED_PCR_VALUE=$(cat /tmp/pcr.dat /tmp/pcr.dat | openssl dgst -sha256 -r | cut -d ' ' -f 1) PASSWORD=passphrase systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs="12:sha256=$EXPECTED_PCR_VALUE" "$IMAGE" (! systemd-cryptsetup attach test-volume "$IMAGE" - tpm2-device=auto,headless=1) tpm2_pcrextend "12:sha256=$CURRENT_PCR_VALUE" systemd-cryptsetup attach test-volume "$IMAGE" - tpm2-device=auto,headless=1 systemd-cryptsetup detach test-volume # enroll TPM using device key instead of direct access, then verify unlock using TPM tpm2_pcrread -Q -o /tmp/pcr.dat sha256:12 CURRENT_PCR_VALUE=$(cat /sys/class/tpm/tpm0/pcr-sha256/12) tpm2_readpublic -c 0x81000001 -o /tmp/srk.pub systemd-analyze srk > /tmp/srk2.pub cmp /tmp/srk.pub /tmp/srk2.pub if [ -f /run/systemd/tpm2-srk-public-key.tpm2b_public ] ; then cmp /tmp/srk.pub /run/systemd/tpm2-srk-public-key.tpm2b_public fi # --tpm2-device-key= requires OpenSSL >= 3 with KDF-SS if openssl_supports_kdf SSKDF; then PASSWORD=passphrase systemd-cryptenroll --tpm2-device-key=/tmp/srk.pub --tpm2-pcrs="12:sha256=$CURRENT_PCR_VALUE" "$IMAGE" systemd-cryptsetup attach test-volume "$IMAGE" - tpm2-device=auto,headless=1 systemd-cryptsetup detach test-volume fi rm -f /tmp/pcr.dat /tmp/srk.pub fi # Use default (0) seal key handle systemd-cryptenroll --wipe-slot=tpm2 "$IMAGE" PASSWORD=passphrase systemd-cryptenroll --tpm2-device=auto --tpm2-seal-key-handle=0 "$IMAGE" -- (! PASSWORD=passphrase systemd-cryptenroll --tpm2-device=auto --tpm2-seal-key-handle=0x02000001 "$IMAGE") # HMAC/loaded session (! PASSWORD=passphrase systemd-cryptenroll --tpm2-device=auto --tpm2-seal-key-handle=0x03000001 "$IMAGE") # Policy/saved session (! PASSWORD=passphrase systemd-cryptenroll --tpm2-device=auto --tpm2-seal-key-handle=0x40000001 "$IMAGE") # Permanent # Use non-SRK persistent seal key handle (by creating/persisting new key) PRIMARY=/tmp/primary.ctx tpm2_createprimary -c "$PRIMARY" PERSISTENT_LINE=$(tpm2_evictcontrol -c "$PRIMARY" | grep persistent-handle) PERSISTENT_HANDLE="0x${PERSISTENT_LINE##*0x}" tpm2_flushcontext -t -- systemd-cryptsetup detach test-volume # --tpm2-device-key= requires OpenSSL >= 3 with KDF-SS if openssl_supports_kdf SSKDF; then # Make sure that --tpm2-device-key= also works with systemd-repart tpm2_readpublic -c 0x81000001 -o /tmp/srk.pub mkdir /tmp/dditest cat > /tmp/dditest/50-root.conf </tmp/cryptenroll.out systemd-cryptenroll "$@" |& tee /tmp/cryptenroll.out grep -qE "Wiped slot [[:digit:]]+" /tmp/cryptenroll.out )} # There is an external issue with libcryptsetup on ppc64 that hits 95% of Ubuntu ppc64 test runs, so skip it if [[ "$(uname -m)" == "ppc64le" ]]; then echo "Skipping systemd-cryptenroll tests on ppc64le, see https://github.com/systemd/systemd/issues/27716" exit 0 fi export SYSTEMD_LOG_LEVEL=debug IMAGE="$(mktemp /tmp/systemd-cryptenroll-XXX.image)" truncate -s 20M "$IMAGE" echo -n password >/tmp/password # Change file mode to avoid "/tmp/password has 0644 mode that is too permissive" messages chmod 0600 /tmp/password cryptsetup luksFormat -q --pbkdf pbkdf2 --pbkdf-force-iterations 1000 --use-urandom "$IMAGE" /tmp/password # Enroll additional tokens, keys, and passwords to exercise the list and wipe stuff systemd-cryptenroll --unlock-key-file=/tmp/password --tpm2-device=auto "$IMAGE" NEWPASSWORD="" systemd-cryptenroll --unlock-key-file=/tmp/password --password "$IMAGE" NEWPASSWORD=foo systemd-cryptenroll --unlock-key-file=/tmp/password --password "$IMAGE" for _ in {0..9}; do systemd-cryptenroll --unlock-key-file=/tmp/password --recovery-key "$IMAGE" done PASSWORD="" NEWPIN=123456 systemd-cryptenroll --tpm2-device=auto --tpm2-with-pin=true "$IMAGE" # Do some basic checks before we start wiping stuff systemd-cryptenroll "$IMAGE" systemd-cryptenroll "$IMAGE" | grep password -- (! systemd-cryptenroll "$IMAGE" | grep recovery) # We shouldn't be able to wipe all keyslots without enrolling a new key first (! systemd-cryptenroll "$IMAGE" --wipe=all) PASSWORD=foo NEWPASSWORD=foo cryptenroll_wipe_and_check "$IMAGE" --password --wipe=all # Check if the newly (and only) enrolled password works (! systemd-cryptenroll --unlock-key-file=/tmp/password --recovery-key "$IMAGE") (! PASSWORD="" systemd-cryptenroll --recovery-key "$IMAGE") PASSWORD=foo systemd-cryptenroll --recovery-key "$IMAGE" systemd-cryptenroll --fido2-with-client-pin=false "$IMAGE" systemd-cryptenroll --fido2-with-user-presence=false "$IMAGE" -- # Change PIN on TPM2 enrollment PIN=1234 NEWPIN=4321 systemd-cryptenroll --unlock-tpm2-device=auto --tpm2-device=auto --tpm2-with-pin=yes "$IMAGE" PIN=4321 systemd-cryptenroll --unlock-tpm2-device=auto --recovery-key "$IMAGE" (! systemd-cryptenroll --fido2-with-client-pin=false) (! systemd-cryptenroll --fido2-with-user-presence=f "$IMAGE" /tmp/foo) (! systemd-cryptenroll --fido2-with-client-pin=1234 "$IMAGE") (! systemd-cryptenroll --fido2-with-user-presence=1234 "$IMAGE") (! systemd-cryptenroll --fido2-with-user-verification=1234 "$IMAGE") (! systemd-cryptenroll --tpm2-with-pin=1234 "$IMAGE") (! systemd-cryptenroll --recovery-key --password "$IMAGE") (! systemd-cryptenroll --password --recovery-key "$IMAGE") (! systemd-cryptenroll --password --fido2-device=auto "$IMAGE") (! systemd-cryptenroll --password --pkcs11-token-uri=auto "$IMAGE") (! systemd-cryptenroll --password --tpm2-device=auto "$IMAGE") (! systemd-cryptenroll --unlock-fido2-device=auto --unlock-fido2-device=auto "$IMAGE") (! systemd-cryptenroll --unlock-fido2-device=auto --unlock-key-file=/tmp/unlock "$IMAGE") (! systemd-cryptenroll --fido2-credential-algorithm=es512 "$IMAGE") (! systemd-cryptenroll --tpm2-public-key-pcrs=key "$IMAGE") (! systemd-cryptenroll --tpm2-pcrs=key "$IMAGE") (! systemd-cryptenroll --tpm2-pcrs=44+8 "$IMAGE") (! systemd-cryptenroll --tpm2-pcrs=hello "$IMAGE") Found error in /usr/lib/systemd/tests/testdata/units/TEST-70-TPM2.creds.sh: $ grep -A5 -B5 /tmp/ /usr/lib/systemd/tests/testdata/units/TEST-70-TPM2.creds.sh set -o pipefail export SYSTEMD_LOG_LEVEL=debug # Ensure that sandboxing doesn't stop creds from being accessible echo "test" > /tmp/testdata systemd-creds encrypt /tmp/testdata /tmp/testdata.encrypted --with-key=tpm2 # LoadCredentialEncrypted systemd-run -p PrivateDevices=yes -p LoadCredentialEncrypted=testdata.encrypted:/tmp/testdata.encrypted --pipe --wait systemd-creds cat testdata.encrypted | cmp - /tmp/testdata # SetCredentialEncrypted systemd-run -p PrivateDevices=yes -p SetCredentialEncrypted=testdata.encrypted:"$(cat /tmp/testdata.encrypted)" --pipe --wait systemd-creds cat testdata.encrypted | cmp - /tmp/testdata rm -f /tmp/testdata Found error in /usr/lib/systemd/tests/testdata/units/TEST-68-PROPAGATE-EXIT-STATUS.sh: $ grep -A5 -B5 /tmp/ /usr/lib/systemd/tests/testdata/units/TEST-68-PROPAGATE-EXIT-STATUS.sh ExecStart=sh -c "exit 0" EOF # Script to check that when an OnSuccess= dependency fires, the correct # MONITOR* env variables are passed. cat >/tmp/check_on_success.sh <<"EOF" #!/bin/sh set -ex env | sort if [ "$MONITOR_SERVICE_RESULT" != "success" ]; then -- exit 1 fi exit 0 EOF chmod +x /tmp/check_on_success.sh cat >/run/systemd/system/testservice-success-exit-handler-68.service </run/systemd/system/testservice-success-exit-handler-68-template@.service </tmp/check_on_failure.sh <<"EOF" #!/bin/sh set -ex env | sort if [ "$MONITOR_SERVICE_RESULT" != "exit-code" ]; then -- exit 1 fi exit 0 EOF chmod +x /tmp/check_on_failure.sh cat >/run/systemd/system/testservice-failure-exit-handler-68.service </run/systemd/system/testservice-failure-exit-handler-68-template@.service </tmp/out1 chroot /tmp/root systemd-analyze cat-config systemd/system-preset >/tmp/out2 diff /tmp/out{1,2} fi # verify mkdir -p /tmp/img/usr/lib/systemd/system/ mkdir -p /tmp/img/opt/ touch /tmp/img/opt/script0.sh chmod +x /tmp/img/opt/script0.sh cat </tmp/img/usr/lib/systemd/system/testfile.service [Service] ExecStart = /opt/script0.sh EOF set +e # Default behaviour is to recurse through all dependencies when unit is loaded (! systemd-analyze verify --root=/tmp/img/ testfile.service) # As above, recurses through all dependencies when unit is loaded (! systemd-analyze verify --recursive-errors=yes --root=/tmp/img/ testfile.service) # Recurses through unit file and its direct dependencies when unit is loaded (! systemd-analyze verify --recursive-errors=one --root=/tmp/img/ testfile.service) set -e # zero exit status since dependencies are ignored when unit is loaded systemd-analyze verify --recursive-errors=no --root=/tmp/img/ testfile.service rm /tmp/img/usr/lib/systemd/system/testfile.service cat </tmp/testfile.service [Unit] foo = bar [Service] ExecStart = echo hello EOF cat </tmp/testfile2.service [Unit] Requires = testfile.service [Service] ExecStart = echo hello EOF # Zero exit status since no additional dependencies are recursively loaded when the unit file is loaded systemd-analyze verify --recursive-errors=no /tmp/testfile2.service set +e # Non-zero exit status since all associated dependencies are recursively loaded when the unit file is loaded (! systemd-analyze verify --recursive-errors=yes /tmp/testfile2.service) set -e rm /tmp/testfile.service rm /tmp/testfile2.service cat </tmp/sample.service [Unit] Description = A Sample Service [Service] ExecStart = echo hello Slice=support.slice EOF # Zero exit status since no additional dependencies are recursively loaded when the unit file is loaded systemd-analyze verify --recursive-errors=no /tmp/sample.service cat </tmp/testfile.service [Service] ExecStart = echo hello DeviceAllow=/dev/sda EOF # Prevent regression from #13380 and #20859 where we can't verify hidden files cp /tmp/testfile.service /tmp/.testfile.service systemd-analyze verify /tmp/.testfile.service rm /tmp/.testfile.service # Alias a unit file's name on disk (see #20061) cp /tmp/testfile.service /tmp/testsrvc (! systemd-analyze verify /tmp/testsrvc) systemd-analyze verify /tmp/testsrvc:alias.service # Zero exit status since the value used for comparison determine exposure to security threats is by default 100 systemd-analyze security --offline=true /tmp/testfile.service #The overall exposure level assigned to the unit is greater than the set threshold (! systemd-analyze security --threshold=90 --offline=true /tmp/testfile.service) # Ensure we print the list of ACLs, see https://github.com/systemd/systemd/issues/23185 systemd-analyze security --offline=true /tmp/testfile.service | grep -q -F "/dev/sda" # Make sure that running generators under systemd-analyze verify works. # Note: sd-analyze spawns generators in a sandbox which makes gcov unhapy, so temporarily override # $GCOV_PREFIX to make it skip generating any coverage reports GCOV_PREFIX=/tmp systemd-analyze verify --generators /tmp/testfile.service rm /tmp/testfile.service cat </tmp/img/usr/lib/systemd/system/testfile.service [Service] ExecStart = echo hello PrivateNetwork = yes PrivateDevices = yes PrivateUsers = yes EOF # The new overall exposure level assigned to the unit is less than the set thresholds # Verifies that the --offline= option works with --root= systemd-analyze security --threshold=90 --offline=true --root=/tmp/img/ testfile.service cat </tmp/foo@.service [Service] ExecStart=ls EOF cat </tmp/hoge@test.service [Service] ExecStart=ls EOF # issue #30357 -- systemd-analyze verify tmp/hoge@test.service (! systemd-analyze verify tmp/hoge@nonexist.service) (! systemd-analyze verify tmp/hoge@.service) popd pushd /usr systemd-analyze verify ../tmp/foo@bar.service systemd-analyze verify ../tmp/foo@.service systemd-analyze verify ../tmp/hoge@test.service (! systemd-analyze verify ../tmp/hoge@nonexist.service) (! systemd-analyze verify ../tmp/hoge@.service) popd systemd-analyze verify /tmp/foo@bar.service systemd-analyze verify /tmp/foo@.service systemd-analyze verify /tmp/hoge@test.service (! systemd-analyze verify /tmp/hoge@nonexist.service) (! systemd-analyze verify /tmp/hoge@.service) # test that all commands are verified. cat </tmp/multi-exec-start.service [Service] Type=oneshot ExecStart=true ExecStart=ls EOF systemd-analyze verify /tmp/multi-exec-start.service echo 'ExecStart=command-should-not-exist' >>/tmp/multi-exec-start.service (! systemd-analyze verify /tmp/multi-exec-start.service) # Prevent regression from #20233 where systemd-analyze will return nonzero exit codes on warnings # Unit file with warning "Unknown key name 'foo' in section 'Unit', ignoring" cat </tmp/testwarnings.service [Unit] Foo=Bar [Service] ExecStart=echo hello EOF # yes/no/one should all return nonzero exit status for warnings in unit file (! systemd-analyze verify --recursive-errors=yes /tmp/testwarnings.service) (! systemd-analyze verify --recursive-errors=no /tmp/testwarnings.service) (! systemd-analyze verify --recursive-errors=one /tmp/testwarnings.service) # zero exit status since no errors and only warnings systemd-analyze verify /tmp/testwarnings.service rm /tmp/testwarnings.service # Added an additional "INVALID_ID" id to the .json to verify that nothing breaks when input is malformed # The PrivateNetwork id description and weight was changed to verify that 'security' is actually reading in # values from the .json file when required. The default weight for "PrivateNetwork" is 2500, and the new weight # assigned to that id in the .json file is 6000. This increased weight means that when the "PrivateNetwork" key is # set to 'yes' (as above in the case of testfile.service) in the content of the unit file, the overall exposure # level for the unit file should decrease to account for that increased weight. cat </tmp/testfile.json {"UserOrDynamicUser": {"description_bad": "Service runs as root user", "weight": 0, "range": 10 }, -- } EOF # Reads in custom security requirements from the parsed .json file and uses these for comparison systemd-analyze security --threshold=90 --offline=true \ --security-policy=/tmp/testfile.json \ --root=/tmp/img/ testfile.service # The strict profile adds a lot of sanboxing options systemd-analyze security --threshold=25 --offline=true \ --security-policy=/tmp/testfile.json \ --profile=strict \ --root=/tmp/img/ testfile.service # The trusted profile doesn't add any sanboxing options (! systemd-analyze security --threshold=25 --offline=true \ --security-policy=/tmp/testfile.json \ --profile=/usr/lib/systemd/portable/profile/trusted/service.conf \ --root=/tmp/img/ testfile.service) (! systemd-analyze security --threshold=50 --offline=true \ --security-policy=/tmp/testfile.json \ --root=/tmp/img/ testfile.service) rm /tmp/img/usr/lib/systemd/system/testfile.service if systemd-analyze --version | grep -q -F "+ELFUTILS"; then systemd-analyze inspect-elf --json=short /lib/systemd/systemd | grep -q -F '"elfType":"executable"' fi Found error in /usr/lib/systemd/tests/testdata/units/TEST-63-PATH.sh: $ grep -A5 -B5 /tmp/ /usr/lib/systemd/tests/testdata/units/TEST-63-PATH.sh systemctl log-level debug # Test that a path unit continuously triggering a service that fails condition checks eventually fails with # the trigger-limit-hit error. rm -f /tmp/nonexistent systemctl start test63.path touch /tmp/test63 # Make sure systemd has sufficient time to hit the trigger limit for test63.path. # shellcheck disable=SC2016 timeout 30 bash -c 'until test "$(systemctl show test63.path -P ActiveState)" = failed; do sleep .2; done' test "$(systemctl show test63.service -P ActiveState)" = inactive test "$(systemctl show test63.service -P Result)" = success test "$(systemctl show test63.path -P Result)" = trigger-limit-hit # Test that starting the service manually doesn't affect the path unit. rm -f /tmp/test63 systemctl reset-failed systemctl start test63.path systemctl start test63.service test "$(systemctl show test63.service -P ActiveState)" = inactive test "$(systemctl show test63.service -P Result)" = success test "$(systemctl show test63.path -P ActiveState)" = active test "$(systemctl show test63.path -P Result)" = success # Test that glob matching works too, with $TRIGGER_PATH systemctl start test63-glob.path touch /tmp/test63-glob-foo timeout 60 bash -c 'until systemctl -q is-active test63-glob.service; do sleep .2; done' test "$(systemctl show test63-glob.service -P ActiveState)" = active test "$(systemctl show test63-glob.service -P Result)" = success test "$(busctl --json=short get-property org.freedesktop.systemd1 /org/freedesktop/systemd1/unit/test63_2dglob_2eservice org.freedesktop.systemd1.Unit ActivationDetails)" = '{"type":"a(ss)","data":[["trigger_unit","test63-glob.path"],["trigger_path","/tmp/test63-glob-foo"]]}' systemctl stop test63-glob.path test63-glob.service test "$(busctl --json=short get-property org.freedesktop.systemd1 /org/freedesktop/systemd1/unit/test63_2dglob_2eservice org.freedesktop.systemd1.Unit ActivationDetails)" = '{"type":"a(ss)","data":[]}' # tests for issue https://github.com/systemd/systemd/issues/24577#issuecomment-1522628906 rm -f /tmp/hoge systemctl start test63-issue-24577.path systemctl status -n 0 test63-issue-24577.path systemctl status -n 0 test63-issue-24577.service || : systemctl list-jobs output=$(systemctl list-jobs --no-legend) assert_not_in "test63-issue-24577.service" "$output" assert_not_in "test63-issue-24577-dep.service" "$output" touch /tmp/hoge systemctl status -n 0 test63-issue-24577.path systemctl status -n 0 test63-issue-24577.service || : systemctl list-jobs output=$(systemctl list-jobs --no-legend) assert_in "test63-issue-24577.service" "$output" -- systemctl list-jobs output=$(systemctl list-jobs --no-legend) assert_in "test63-issue-24577.service" "$output" assert_in "test63-issue-24577-dep.service" "$output" rm -f /tmp/hoge systemctl stop test63-issue-24577.service systemctl status -n 0 test63-issue-24577.path systemctl status -n 0 test63-issue-24577.service || : systemctl list-jobs output=$(systemctl list-jobs --no-legend) -- assert_in "test63-issue-24577-dep.service" "$output" # Test for race condition fixed by https://github.com/systemd/systemd/pull/30768 # Here's the schedule of events that we to happen during this test: # (This test) (The service) # .path unit monitors /tmp/copyme for changes # Take lock on /tmp/noexeit ↓ # Write to /tmp/copyme ↓ # Wait for deactivating Started # ↓ Copies /tmp/copyme to /tmp/copied # ↓ Tells manager it's shutting down # Ensure service did the copy Tries to lock /tmp/noexit and blocks # Write to /tmp/copyme ↓ # # Now at this point the test can diverge. If we regress, this second write is # missed and we'll see: # ... (second write) ... (blocked) # Drop lock on /tmp/noexit ↓ # Wait for service to do copy Unblocks and exits # ↓ (dead) # ↓ # (timeout) # Test fails # # Otherwise, we'll see: # ... (second write) ... (blocked) # Drop lock on /tmp/noexit ↓ and .path unit queues a new start job # Wait for service to do copy Unblocks and exits # ↓ Starts again b/c of queued job # ↓ Copies again # Test Passes systemctl start test63-pr-30768.path exec {lock}<>/tmp/noexit flock -e $lock echo test1 > /tmp/copyme # shellcheck disable=SC2016 timeout 30 bash -c 'until test "$(systemctl show test63-pr-30768.service -P ActiveState)" = deactivating; do sleep .2; done' diff /tmp/copyme /tmp/copied echo test2 > /tmp/copyme exec {lock}<&- timeout 30 bash -c 'until diff /tmp/copyme /tmp/copied >/dev/null; do sleep .2; done' systemctl log-level info touch /testok Found error in /usr/lib/systemd/tests/testdata/units/TEST-55-OOMD.sh: $ grep -A5 -B5 /tmp/ /usr/lib/systemd/tests/testdata/units/TEST-55-OOMD.sh systemctl daemon-reload } testcase_duration_analyze() { # Verify memory pressure duration is valid if >= 1 second cat </tmp/TEST-55-OOMD-valid-duration.service [Service] ExecStart=echo hello ManagedOOMMemoryPressureDurationSec=1s EOF # Verify memory pressure duration is invalid if < 1 second cat </tmp/TEST-55-OOMD-invalid-duration.service [Service] ExecStart=echo hello ManagedOOMMemoryPressureDurationSec=0 EOF systemd-analyze --recursive-errors=no verify /tmp/TEST-55-OOMD-valid-duration.service (! systemd-analyze --recursive-errors=no verify /tmp/TEST-55-OOMD-invalid-duration.service) rm -f /tmp/TEST-55-OOMD-valid-duration.service rm -f /tmp/TEST-55-OOMD-invalid-duration.service } testcase_duration_override() { # Verify memory pressure duration can be overridden to non-zero values mkdir -p /run/systemd/system/TEST-55-OOMD-testmunch.service.d/ Found error in /usr/lib/systemd/tests/testdata/units/TEST-54-CREDS.sh: $ grep -A5 -B5 /tmp/ /usr/lib/systemd/tests/testdata/units/TEST-54-CREDS.sh # Sanity checks # # Create a dummy "full" disk (similar to /dev/full) to check out-of-space # scenarios mkdir /tmp/full mount -t tmpfs -o size=1,nr_inodes=1 tmpfs /tmp/full # verb: setup # Run this first, otherwise any encrypted credentials wouldn't be decryptable # as we regenerate the host key rm -fv /var/lib/systemd/credential.secret -- echo foo >"$CRED_DIR/insecure" echo foo | systemd-creds --name="encrypted" encrypt - "$ENC_CRED_DIR/encrypted" echo foo | systemd-creds encrypt - "$ENC_CRED_DIR/encrypted-unnamed" chmod -R 0400 "$CRED_DIR" "$ENC_CRED_DIR" chmod -R 0444 "$CRED_DIR/insecure" mkdir /tmp/empty/ systemd-creds --system systemd-creds --no-pager --help systemd-creds --version systemd-creds has-tpm2 || : -- systemd-creds list --system ENCRYPTED_CREDENTIALS_DIRECTORY="$ENC_CRED_DIR" CREDENTIALS_DIRECTORY="$CRED_DIR" systemd-creds list --no-legend ENCRYPTED_CREDENTIALS_DIRECTORY="$ENC_CRED_DIR" CREDENTIALS_DIRECTORY="$CRED_DIR" systemd-creds list --json=pretty | jq ENCRYPTED_CREDENTIALS_DIRECTORY="$ENC_CRED_DIR" CREDENTIALS_DIRECTORY="$CRED_DIR" systemd-creds list --json=short | jq ENCRYPTED_CREDENTIALS_DIRECTORY="$ENC_CRED_DIR" CREDENTIALS_DIRECTORY="$CRED_DIR" systemd-creds list --json=off ENCRYPTED_CREDENTIALS_DIRECTORY="/tmp/empty/" CREDENTIALS_DIRECTORY="/tmp/empty/" systemd-creds list # verb: cat for cred in secure-or-weak insecure encrypted encrypted-unnamed; do ENCRYPTED_CREDENTIALS_DIRECTORY="$ENC_CRED_DIR" CREDENTIALS_DIRECTORY="$CRED_DIR" systemd-creds cat "$cred" done -- run_with_cred_compare "mycred:68656c6c6f0a776f726c64" "hello\nworld" --transcode=unhex cat mycred run_with_cred_compare 'mycred:{ "foo" : "bar", "baz" : [ 3, 4 ] }' '{"foo":"bar","baz":[3,4]}\n' --json=short cat mycred systemd-run -p SetCredential='mycred:{ "foo" : "bar", "baz" : [ 3, 4 ] }' --wait --pipe -- systemd-creds --json=pretty cat mycred | jq # verb: encrypt/decrypt echo "According to all known laws of aviation..." >/tmp/cred.orig systemd-creds --with-key=host encrypt /tmp/cred.orig /tmp/cred.enc systemd-creds decrypt /tmp/cred.enc /tmp/cred.dec diff /tmp/cred.orig /tmp/cred.dec rm -f /tmp/cred.{enc,dec} # --pretty cred_name="fo'''o''bar" cred_option="$(systemd-creds --pretty --name="$cred_name" encrypt /tmp/cred.orig -)" mkdir -p /run/systemd/system cat >/run/systemd/system/test-54-pretty-cred.service </tmp/ts54-concat (cat /etc/passwd /etc/shadow && echo -n wuff) | cmp /tmp/ts54-concat rm /tmp/ts54-concat # Test that SetCredential= acts as fallback for LoadCredential= echo piff >/tmp/ts54-fallback [ "$(systemd-run -p LoadCredential=paff:/tmp/ts54-fallback -p SetCredential=paff:poff --pipe --wait systemd-creds cat paff)" = "piff" ] rm /tmp/ts54-fallback [ "$(systemd-run -p LoadCredential=paff:/tmp/ts54-fallback -p SetCredential=paff:poff --pipe --wait systemd-creds cat paff)" = "poff" ] if systemd-detect-virt -q -c ; then expected_credential=mynspawncredential expected_value=strangevalue elif [ -d /sys/firmware/qemu_fw_cfg/by_name ]; then -- # Verify that creating a user via sysusers via the kernel cmdline worked grep -q ^credtestuser: /etc/passwd # Verify that writing a file via tmpfiles worked [ "$(cat /tmp/sourcedfromcredential)" = "tmpfilessecret" ] [ "$(cat /etc/motd.d/50-provision.conf)" = "hello" ] [ "$(cat /etc/issue.d/50-provision.conf)" = "welcome" ] # Verify that adding a unit and drop-in via credentials worked systemctl start my-service test -f /tmp/unit-cred test -f /tmp/unit-dropin test -f /tmp/unit-named-dropin else echo "qemu_fw_cfg support missing in kernel. Sniff!" expected_credential="" expected_value="" fi -- --unit=test-54-immutable-rm.service \ --wait \ rm '${CREDENTIALS_DIRECTORY}/passwd') # Check directory-based loading mkdir -p /tmp/ts54-creds/sub echo -n a >/tmp/ts54-creds/foo echo -n b >/tmp/ts54-creds/bar echo -n c >/tmp/ts54-creds/baz echo -n d >/tmp/ts54-creds/sub/qux systemd-run -p LoadCredential=cred:/tmp/ts54-creds \ -p DynamicUser=1 \ --unit=test-54-dir.service \ --wait \ --pipe \ cat '${CREDENTIALS_DIRECTORY}/cred_foo' \ '${CREDENTIALS_DIRECTORY}/cred_bar' \ '${CREDENTIALS_DIRECTORY}/cred_baz' \ '${CREDENTIALS_DIRECTORY}/cred_sub_qux' >/tmp/ts54-concat cmp /tmp/ts54-concat <(echo -n abcd) rm /tmp/ts54-concat rm -rf /tmp/ts54-creds # Check that globs work as expected mkdir -p /run/credstore echo -n a >/run/credstore/test.creds.first # Make sure that when multiple credentials of the same name are found, the first one is used (/etc/credstore -- -p DynamicUser=1 \ --wait \ --pipe \ cat '${CREDENTIALS_DIRECTORY}/test.creds.first' \ '${CREDENTIALS_DIRECTORY}/test.creds.second' \ '${CREDENTIALS_DIRECTORY}/test.creds.third' >/tmp/ts54-concat cmp /tmp/ts54-concat <(echo -n abc) # Check that ImportCredentialEx= works without renaming. systemd-run -p "ImportCredentialEx=test.creds.*" \ --unit=test-54-ImportCredential.service \ -p DynamicUser=1 \ --wait \ --pipe \ cat '${CREDENTIALS_DIRECTORY}/test.creds.first' \ '${CREDENTIALS_DIRECTORY}/test.creds.second' \ '${CREDENTIALS_DIRECTORY}/test.creds.third' >/tmp/ts54-concat cmp /tmp/ts54-concat <(echo -n abc) # Check that renaming with globs works as expected. systemd-run -p "ImportCredentialEx=test.creds.*:renamed.creds." \ --unit=test-54-ImportCredential.service \ -p DynamicUser=1 \ --wait \ --pipe \ cat '${CREDENTIALS_DIRECTORY}/renamed.creds.first' \ '${CREDENTIALS_DIRECTORY}/renamed.creds.second' \ '${CREDENTIALS_DIRECTORY}/renamed.creds.third' >/tmp/ts54-concat cmp /tmp/ts54-concat <(echo -n abc) # Check that renaming without globs works as expected. systemd-run -p "ImportCredentialEx=test.creds.first:renamed.creds.first" \ --unit=test-54-ImportCredential.service \ -p DynamicUser=1 \ --wait \ --pipe \ cat '${CREDENTIALS_DIRECTORY}/renamed.creds.first' >/tmp/ts54-concat cmp /tmp/ts54-concat <(echo -n a) # Test that multiple renames are processed in the correct order. systemd-run -p "ImportCredentialEx=test.creds.first:renamed.creds.first" \ -p "ImportCredentialEx=test.creds.second:renamed.creds.first" \ --unit=test-54-ImportCredential.service \ -p DynamicUser=1 \ --wait \ --pipe \ cat '${CREDENTIALS_DIRECTORY}/renamed.creds.first' >/tmp/ts54-concat cmp /tmp/ts54-concat <(echo -n a) # Test that a credential can be imported multiple times with different names. systemd-run -p "ImportCredentialEx=test.creds.first" \ -p "ImportCredentialEx=test.creds.first:renamed.creds.first" \ -p "ImportCredentialEx=test.creds.first:renamed.creds.second" \ -- -p DynamicUser=1 \ --wait \ --pipe \ cat '${CREDENTIALS_DIRECTORY}/test.creds.first' \ '${CREDENTIALS_DIRECTORY}/renamed.creds.first' \ '${CREDENTIALS_DIRECTORY}/renamed.creds.second' >/tmp/ts54-concat cmp /tmp/ts54-concat <(echo -n aaa) # Now test encrypted credentials (only supported when built with OpenSSL though) if systemctl --version | grep -q -- +OPENSSL ; then echo -n $RANDOM >/tmp/test-54-plaintext systemd-creds encrypt --name=test-54 /tmp/test-54-plaintext /tmp/test-54-ciphertext systemd-creds decrypt --name=test-54 /tmp/test-54-ciphertext | cmp /tmp/test-54-plaintext systemd-run -p LoadCredentialEncrypted=test-54:/tmp/test-54-ciphertext \ --wait \ --pipe \ cat '${CREDENTIALS_DIRECTORY}/test-54' | cmp /tmp/test-54-plaintext echo -n $RANDOM >/tmp/test-54-plaintext systemd-creds encrypt --name=test-54 /tmp/test-54-plaintext /tmp/test-54-ciphertext systemd-creds decrypt --name=test-54 /tmp/test-54-ciphertext | cmp /tmp/test-54-plaintext systemd-run -p SetCredentialEncrypted=test-54:"$(cat /tmp/test-54-ciphertext)" \ --wait \ --pipe \ cat '${CREDENTIALS_DIRECTORY}/test-54' | cmp /tmp/test-54-plaintext rm /tmp/test-54-plaintext /tmp/test-54-ciphertext fi # https://github.com/systemd/systemd/issues/27275 systemd-run -p DynamicUser=yes -p 'LoadCredential=os:/etc/os-release' \ -p 'ExecStartPre=true' \ -- --service-type=oneshot --wait --pipe \ true | cmp /etc/os-release # https://github.com/systemd/systemd/pull/24734#issuecomment-1925440546 # Also ExecStartPre= should be able to update creds dd if=/dev/urandom of=/tmp/cred-huge bs=600K count=1 chmod 777 /tmp/cred-huge systemd-run -p ProtectSystem=full \ -p 'LoadCredential=huge:/tmp/cred-huge' \ -p 'ExecStartPre=true' \ -p 'ExecStartPre=bash -c "echo fresh >/tmp/cred-huge"' \ --unit=test-54-huge-cred.service \ --wait --pipe \ systemd-creds cat huge | cmp - <(echo "fresh") rm /tmp/cred-huge echo stable >/tmp/cred-stable systemd-run -p 'LoadCredential=stable:/tmp/cred-stable' \ -p 'ExecStartPost=systemd-creds cat stable' \ --unit=test-54-stable.service \ --service-type=oneshot --wait --pipe \ bash -c "echo bogus >/tmp/cred-stable" | cmp - <(echo "stable") assert_eq "$(cat /tmp/cred-stable)" "bogus" rm /tmp/cred-stable if ! systemd-detect-virt -q -c ; then # Validate that the credential we inserted via the initrd logic arrived test "$(systemd-creds cat --system myinitrdcred)" = "guatemala" -- systemctl -P Wants show getty.target | grep -q container-getty@idontexist.service fi # Decrypt/encrypt via varlink echo '{"data":"Zm9vYmFyCg=="}' > /tmp/vlcredsdata varlinkctl call /run/systemd/io.systemd.Credentials io.systemd.Credentials.Encrypt "$(cat /tmp/vlcredsdata)" | \ varlinkctl call --json=short /run/systemd/io.systemd.Credentials io.systemd.Credentials.Decrypt > /tmp/vlcredsdata2 cmp /tmp/vlcredsdata /tmp/vlcredsdata2 rm /tmp/vlcredsdata /tmp/vlcredsdata2 clean_usertest() { rm -f /tmp/usertest.data /tmp/usertest.data } trap clean_usertest EXIT dd if=/dev/urandom of=/tmp/usertest.data bs=4096 count=1 systemd-creds encrypt --user /tmp/usertest.data /tmp/usertest.cred systemd-creds decrypt --user /tmp/usertest.cred - | cmp /tmp/usertest.data # Decryption must fail if it's not done in user context (! systemd-creds decrypt /tmp/usertest.cred - ) # Decryption must also fail if a different user is used (! systemd-creds decrypt --user --uid=65534 /tmp/usertest.cred - ) # Try the reverse systemd-creds encrypt --user --uid=65534 /tmp/usertest.data /tmp/usertest.cred (! systemd-creds decrypt --user /tmp/usertest.cred - ) systemd-creds decrypt --user --uid=65534 /tmp/usertest.cred - | cmp /tmp/usertest.data systemd-creds encrypt --user /tmp/usertest.data /tmp/usertest.creds --name=mytest # Make sure we actually can decode this in user context systemctl start user@0.service XDG_RUNTIME_DIR=/run/user/0 systemd-run --pipe --user --unit=waldi.service -p LoadCredentialEncrypted=mytest:/tmp/usertest.creds cat /run/user/0/credentials/waldi.service/mytest | cmp /tmp/usertest.data systemd-analyze log-level info touch /testok Found error in /usr/lib/systemd/tests/testdata/units/TEST-50-DISSECT.mountfsd.sh: $ grep -A5 -B5 /tmp/ /usr/lib/systemd/tests/testdata/units/TEST-50-DISSECT.mountfsd.sh fi at_exit() { set +e umount -R /tmp/unpriv/mount rmdir /tmp/unpriv rm -f /tmp/test-50-unpriv-privkey.key /tmp/test-50-unpriv-cert.crt /run/verity.d/test-50-unpriv-cert.crt rm -f /var/tmp/unpriv.raw /tmp/unpriv.raw.mtree /tmp/unpriv2.raw.mtree rm -f /tmp/unpriv.out /tmp/unpriv.out2 /tmp/unpriv.out3 } trap at_exit EXIT systemctl start systemd-mountfsd.socket systemd-nsresourced.socket openssl req -config "$OPENSSL_CONFIG" -subj="/CN=waldo" \ -x509 -sha256 -nodes -days 365 -newkey rsa:4096 \ -keyout /tmp/test-50-unpriv-privkey.key -out /tmp/test-50-unpriv-cert.crt systemd-dissect --mkdir --mount "$MINIMAL_IMAGE.raw" /tmp/unpriv/mount SYSTEMD_REPART_OVERRIDE_FSTYPE=squashfs \ systemd-repart -P \ -s /tmp/unpriv/mount \ --certificate=/tmp/test-50-unpriv-cert.crt \ --private-key=/tmp/test-50-unpriv-privkey.key \ /var/tmp/unpriv.raw systemd-dissect --rmdir --umount /tmp/unpriv/mount systemd-dissect --image-policy='root=unprotected:=absent+unused' /var/tmp/unpriv.raw systemd-dissect --image-policy='root=unprotected:=absent+unused' --mtree /var/tmp/unpriv.raw >/tmp/unpriv.raw.mtree # Run unpriv, should fail due to lack of privs (! runas testuser systemd-dissect /var/tmp/unpriv.raw) (! runas testuser systemd-dissect --mtree /var/tmp/unpriv.raw) if (SYSTEMD_LOG_TARGET=console varlinkctl call \ /run/systemd/userdb/io.systemd.NamespaceResource \ io.systemd.NamespaceResource.AllocateUserRange \ '{"name":"test-supported","size":65536,"userNamespaceFileDescriptor":0}' 2>&1 || true) | -- echo "User namespace interface not supported, skipping mountfsd/nsresourced tests" exit 0 fi # Install key in keychain cp /tmp/test-50-unpriv-cert.crt /run/verity.d # Now run unpriv again, should be OK now. runas testuser systemd-dissect /var/tmp/unpriv.raw runas testuser systemd-dissect --mtree /var/tmp/unpriv.raw >/tmp/unpriv2.raw.mtree # Check that unpriv and priv run yielded same results cmp /tmp/unpriv.raw.mtree /tmp/unpriv2.raw.mtree # Make sure nspawn works unpriv, too (for now do not nest) if ! systemd-detect-virt -c; then systemd-nspawn --pipe -i /var/tmp/unpriv.raw --read-only echo thisisatest > /tmp/unpriv.out echo thisisatest | cmp /tmp/unpriv.out - # The unpriv user has no rights to lock the image or write to it. Let's # turn off both for this test, so that we don't have to copy the image # around. systemd-run -M testuser@ --user --pipe \ -p Environment=SYSTEMD_NSPAWN_LOCK=0 \ -p Delegate=1 \ -p DelegateSubgroup=supervisor \ -p Environment=SYSTEMD_LOG_LEVEL=debug \ --wait -- \ systemd-nspawn --keep-unit --register=no -i /var/tmp/unpriv.raw --read-only --pipe echo thisisatest >/tmp/unpriv.out2 echo thisisatest | cmp /tmp/unpriv.out2 - fi systemd-run -M testuser@ --user --pipe -p RootImage=/var/tmp/unpriv.raw -p PrivateUsers=1 --wait echo thisisatest >/tmp/unpriv.out3 echo thisisatest | cmp /tmp/unpriv.out3 - Found error in /usr/lib/systemd/tests/testdata/units/TEST-50-DISSECT.dissect.sh: $ grep -A5 -B5 /tmp/ /usr/lib/systemd/tests/testdata/units/TEST-50-DISSECT.dissect.sh RemainAfterExit=yes MountAPIVFS=yes PrivateTmp=yes ExecStart=sh -c ' \\ systemd-notify --ready; \\ while [ ! -f /tmp/img/usr/lib/os-release ] || ! grep -q -F MARKER /tmp/img/usr/lib/os-release; do \\ sleep 0.1; \\ done; \\ mount; \\ mount | grep -F "on /tmp/img type squashfs" | grep -q -F "nosuid"; \\ ' EOF systemctl start testservice-50d.service # Mount twice to exercise mount-beneath (on kernel 6.5+, on older kernels it will just overmount) mkdir -p /tmp/wrong/foo mksquashfs /tmp/wrong/foo /tmp/wrong.raw systemctl mount-image --mkdir testservice-50d.service /tmp/wrong.raw /tmp/img test "$(systemctl show -P SubState testservice-50d.service)" = "running" systemctl mount-image --mkdir testservice-50d.service "$MINIMAL_IMAGE.raw" /tmp/img root:nosuid # shellcheck disable=SC2016 timeout 30s bash -xec 'while [[ $(systemctl show -P SubState testservice-50d.service) == running ]]; do sleep .2; done' systemctl is-active testservice-50d.service # ExtensionImages will set up an overlay systemd-run -P \ --property ExtensionImages=/tmp/app0.raw \ --property RootImage="$MINIMAL_IMAGE.raw" \ cat /opt/script0.sh | grep -q -F "extension-release.app0" systemd-run -P \ --property ExtensionImages=/tmp/app0.raw \ --property RootImage="$MINIMAL_IMAGE.raw" \ cat /usr/lib/systemd/system/some_file | grep -q -F "MARKER=1" systemd-run -P \ --property ExtensionImages="/tmp/app0.raw /tmp/app1.raw" \ --property RootImage="$MINIMAL_IMAGE.raw" \ cat /opt/script0.sh | grep -q -F "extension-release.app0" systemd-run -P \ --property ExtensionImages="/tmp/app0.raw /tmp/app1.raw" \ --property RootImage="$MINIMAL_IMAGE.raw" \ cat /usr/lib/systemd/system/some_file | grep -q -F "MARKER=1" systemd-run -P \ --property ExtensionImages="/tmp/app0.raw /tmp/app1.raw" \ --property RootImage="$MINIMAL_IMAGE.raw" \ cat /opt/script1.sh | grep -q -F "extension-release.app2" systemd-run -P \ --property ExtensionImages="/tmp/app0.raw /tmp/app1.raw" \ --property RootImage="$MINIMAL_IMAGE.raw" \ cat /usr/lib/systemd/system/other_file | grep -q -F "MARKER=1" systemd-run -P \ --property ExtensionImages=/tmp/app-nodistro.raw \ --property RootImage="$MINIMAL_IMAGE.raw" \ cat /usr/lib/systemd/system/some_file | grep -q -F "MARKER=1" systemd-run -P \ --property ExtensionImages=/etc/service-scoped-test.raw \ --property RootImage="$MINIMAL_IMAGE.raw" \ cat /etc/systemd/system/some_file | grep -q -F "MARKER_CONFEXT_123" systemd-run -P \ --property ExtensionImages="/tmp/app0.raw /tmp/conf0.raw" \ veritysetup status "$(cat /tmp/app0.roothash)-verity" | grep -q "$(cat /tmp/app0.roothash)" systemd-run -P \ --property ExtensionImages="/tmp/app0.raw /tmp/conf0.raw" \ veritysetup status "$(cat /tmp/conf0.roothash)-verity" | grep -q "$(cat /tmp/conf0.roothash)" # Check that two identical verity images at different paths do not fail with -ELOOP from OverlayFS mkdir -p /tmp/loop cp /tmp/app0.raw /tmp/loop/app0.raw veritysetup format /tmp/loop/app0.raw /tmp/loop/app0.verity --root-hash-file /tmp/loop/app0.roothash cp /tmp/loop/app0.raw /tmp/loop/app0_copy.raw cp /tmp/loop/app0.verity /tmp/loop/app0_copy.verity cp /tmp/loop/app0.roothash /tmp/loop/app0_copy.roothash systemd-run -P \ --property ExtensionImages=/tmp/loop/app0.raw \ --property ExtensionImages=/tmp/loop/app0_copy.raw \ --property RootImage="$MINIMAL_IMAGE.raw" \ "${BIND_LOG_SOCKETS[@]}" \ cat /opt/script0.sh | grep -q -F "extension-release.app0" rm -rf /tmp/loop/ # Check that using a symlink to NAME-VERSION.raw works as long as the symlink has the correct name NAME.raw mkdir -p /tmp/symlink-test/ cp /tmp/app-nodistro.raw /tmp/symlink-test/app-nodistro-v1.raw ln -fs /tmp/symlink-test/app-nodistro-v1.raw /tmp/symlink-test/app-nodistro.raw systemd-run -P \ --property ExtensionImages=/tmp/symlink-test/app-nodistro.raw \ --property RootImage="$MINIMAL_IMAGE.raw" \ cat /usr/lib/systemd/system/some_file | grep -q -F "MARKER=1" # Symlink check again but for confext mkdir -p /etc/symlink-test/ -- --property ExtensionImages=/etc/symlink-test/service-scoped-test.raw \ --property RootImage="$MINIMAL_IMAGE.raw" \ cat /etc/systemd/system/some_file | grep -q -F "MARKER_CONFEXT_123" # And again mixing sysext and confext systemd-run -P \ --property ExtensionImages=/tmp/symlink-test/app-nodistro.raw \ --property ExtensionImages=/etc/symlink-test/service-scoped-test.raw \ --property RootImage="$MINIMAL_IMAGE.raw" \ cat /etc/systemd/system/some_file | grep -q -F "MARKER_CONFEXT_123" systemd-run -P \ --property ExtensionImages=/tmp/symlink-test/app-nodistro.raw \ --property ExtensionImages=/etc/symlink-test/service-scoped-test.raw \ --property RootImage="$MINIMAL_IMAGE.raw" \ cat /usr/lib/systemd/system/some_file | grep -q -F "MARKER=1" cat >/run/systemd/system/testservice-50e.service </tmp/discover.json grep -q -F '{"name":"a","type":"raw","class":"machine","ro":false,"path":"/run/machines/a.raw"' /tmp/discover.json grep -q -F '{"name":"b","type":"raw","class":"portable","ro":false,"path":"/run/portables/b.raw"' /tmp/discover.json grep -q -F '{"name":"c","type":"raw","class":"sysext","ro":false,"path":"/run/extensions/c.raw"' /tmp/discover.json rm /tmp/discover.json /run/machines/a.raw /run/portables/b.raw /run/extensions/c.raw LOOP="$(systemd-dissect --attach --loop-ref=waldo "$MINIMAL_IMAGE.raw")" # Wait until the symlinks we want to test are established udevadm trigger -w "$LOOP" -- (! /etc/testscript) systemd-confext status systemd-confext unmerge rm -rf /run/confexts/ unsquashfs -no-xattrs -d /tmp/img "$MINIMAL_IMAGE.raw" systemd-run --unit=test-root-ephemeral \ -p RootDirectory=/tmp/img \ -p RootEphemeral=yes \ -p Type=exec \ bash -c "touch /abc && sleep infinity" test -n "$(ls -A /var/lib/systemd/ephemeral-trees)" systemctl stop test-root-ephemeral # shellcheck disable=SC2016 timeout 10 bash -c 'until test -z "$(ls -A /var/lib/systemd/ephemeral-trees)"; do sleep .5; done' test ! -f /tmp/img/abc systemd-dissect --mtree /tmp/img >/dev/null systemd-dissect --list /tmp/img >/dev/null read -r SHA256SUM1 _ < <(systemd-dissect --copy-from /tmp/img etc/os-release | sha256sum) test "$SHA256SUM1" != "" echo abc > abc systemd-dissect --copy-to /tmp/img abc /abc test -f /tmp/img/abc # Test for dissect tool support with systemd-sysext mkdir -p /run/extensions/ testkit/usr/lib/extension-release.d/ echo "ID=_any" >testkit/usr/lib/extension-release.d/extension-release.testkit echo "ARCHITECTURE=_any" >>testkit/usr/lib/extension-release.d/extension-release.testkit -- systemd-run -P -p RootImage="$MINIMAL_IMAGE.raw" cat /run/host/os-release | cmp "$OS_RELEASE" # Test that systemd-sysext reloads the daemon. mkdir -p /var/lib/extensions/ ln -s /tmp/app-reload.raw /var/lib/extensions/app-reload.raw systemd-sysext merge --no-reload # the service should not be running (! systemctl --quiet is-active foo.service) systemd-sysext unmerge --no-reload systemd-sysext merge Found error in /usr/lib/systemd/tests/testdata/units/TEST-50-DISSECT.DDI.sh: $ grep -A5 -B5 /tmp/ /usr/lib/systemd/tests/testdata/units/TEST-50-DISSECT.DDI.sh # SPDX-License-Identifier: LGPL-2.1-or-later set -eux set -o pipefail # Check that the /sbin/mount.ddi helper works dir="/tmp/mounthelper.$RANDOM" mount -t ddi "$MINIMAL_IMAGE.gpt" "$dir" -o ro,X-mount.mkdir,discard umount -R "$dir" # Test systemd-repart --make-ddi=: if [[ -z "${OPENSSL_CONFIG:?}" ]] || ! command -v mksquashfs &>/dev/null; then -- exit 0 fi openssl req -config "$OPENSSL_CONFIG" -subj="/CN=waldo" \ -x509 -sha256 -nodes -days 365 -newkey rsa:4096 \ -keyout /tmp/test-50-privkey.key -out /tmp/test-50-cert.crt mkdir -p /tmp/test-50-confext/etc/extension-release.d/ echo "foobar50" >/tmp/test-50-confext/etc/waldo { grep -e '^$ID\|VERSION_ID$=' /etc/os-release echo IMAGE_ID=waldo echo IMAGE_VERSION=7 } >/tmp/test-50-confext/etc/extension-release.d/extension-release.waldo mkdir -p /run/confexts SYSTEMD_REPART_OVERRIDE_FSTYPE=squashfs \ systemd-repart -C \ -s /tmp/test-50-confext \ --certificate=/tmp/test-50-cert.crt \ --private-key=/tmp/test-50-privkey.key \ /run/confexts/waldo.confext.raw rm -rf /tmp/test-50-confext mkdir -p /run/verity.d cp /tmp/test-50-cert.crt /run/verity.d/ systemd-dissect --mtree /run/confexts/waldo.confext.raw systemd-confext refresh test "$(/tmp/blob1/test1 echo data1 blob2 >/tmp/blob2/test1 echo data2 blob1 >/tmp/blob1/test2 echo data2 blob2 >/tmp/blob2/test2 echo invalid filename >/tmp/blob1/файл echo data3 >/tmp/external-test3 echo avatardata >/tmp/external-avatar ln -s /tmp/external-avatar /tmp/external-avatar-lnk dd if=/dev/urandom of=/tmp/external-barely-fits bs=1M count=64 dd if=/dev/urandom of=/tmp/external-toobig bs=1M count=65 # create w/ prepopulated blob dir NEWPASSWORD=EMJuc3zQaMibJo homectl create blob-user \ --disk-size=min --luks-discard=yes \ --luks-pbkdf-type=pbkdf2 --luks-pbkdf-time-cost=1ms \ --rate-limit-interval=1s --rate-limit-burst=1000 \ --uid=12345 \ --blob=/tmp/blob1 inspect blob-user PASSWORD=EMJuc3zQaMibJo homectl activate blob-user inspect blob-user test -d /var/cache/systemd/home/blob-user stat -c "%u %#a" /var/cache/systemd/home/blob-user | grep "^0 0755" test -d /home/blob-user/.identity-blob stat -c "%u %#a" /home/blob-user/.identity-blob | grep "^12345 0700" checkblob test1 /tmp/blob1/test1 (! checkblob test1 /tmp/blob2/test1 ) checkblob test2 /tmp/blob1/test2 (! checkblob test2 /tmp/blob2/test2 ) (! checkblob фаил /tmp/blob1/фаил ) (! checkblob test3 /tmp/external-test3 ) (! checkblob avatar /tmp/external-avatar ) # append files to existing blob, both well-known and other PASSWORD=EMJuc3zQaMibJo homectl update blob-user \ -b test3=/tmp/external-test3 --avatar=/tmp/external-avatar inspect blob-user checkblob test1 /tmp/blob1/test1 (! checkblob test1 /tmp/blob2/test1 ) checkblob test2 /tmp/blob1/test2 (! checkblob test2 /tmp/blob2/test2 ) (! checkblob фаил /tmp/blob1/фаил ) checkblob test3 /tmp/external-test3 checkblob avatar /tmp/external-avatar # delete files from existing blob, both well-known and other PASSWORD=EMJuc3zQaMibJo homectl update blob-user \ -b test3= --avatar= inspect blob-user checkblob test1 /tmp/blob1/test1 (! checkblob test1 /tmp/blob2/test1 ) checkblob test2 /tmp/blob1/test2 (! checkblob test2 /tmp/blob2/test2 ) (! checkblob фаил /tmp/blob1/фаил ) (! checkblob test3 /tmp/external-test3 ) (! checkblob avatar /tmp/external-avatar ) # swap entire blob directory PASSWORD=EMJuc3zQaMibJo homectl update blob-user \ -b /tmp/blob2 inspect blob-user (! checkblob test1 /tmp/blob1/test1 ) checkblob test1 /tmp/blob2/test1 (! checkblob test2 /tmp/blob1/test2 ) checkblob test2 /tmp/blob2/test2 (! checkblob фаил /tmp/blob1/фаил ) (! checkblob test3 /tmp/external-test3 ) (! checkblob avatar /tmp/external-avatar ) # create and delete files while swapping blob directory. Also symlinks. PASSWORD=EMJuc3zQaMibJo homectl update blob-user \ -b /tmp/blob1 -b test2= -b test3=/tmp/external-test3 --avatar=/tmp/external-avatar-lnk inspect blob-user checkblob test1 /tmp/blob1/test1 (! checkblob test1 /tmp/blob2/test1 ) (! checkblob test2 /tmp/blob1/test2 ) (! checkblob test2 /tmp/blob2/test2 ) (! checkblob фаил /tmp/blob1/фаил ) checkblob test3 /tmp/external-test3 checkblob avatar /tmp/external-avatar # target of the link # clear the blob directory PASSWORD=EMJuc3zQaMibJo homectl update blob-user \ -b /tmp/blob2 -b test3=/tmp/external-test3 --blob= inspect blob-user (! checkblob test1 /tmp/blob1/test1 ) (! checkblob test1 /tmp/blob2/test1 ) (! checkblob test2 /tmp/blob1/test2 ) (! checkblob test2 /tmp/blob2/test2 ) (! checkblob фаил /tmp/blob1/фаил ) (! checkblob test3 /tmp/external-test3 ) (! checkblob avatar /tmp/external-avatar ) # file that's exactly 64M still fits # FIXME: Figure out why this fails on ext4. if [[ "$FSTYPE" != "ext2/ext3" ]]; then PASSWORD=EMJuc3zQaMibJo homectl update blob-user \ -b barely-fits=/tmp/external-barely-fits (! checkblob test1 /tmp/blob1/test1 ) (! checkblob test1 /tmp/blob2/test1 ) (! checkblob test2 /tmp/blob1/test2 ) (! checkblob test2 /tmp/blob2/test2 ) (! checkblob фаил /tmp/blob1/фаил ) (! checkblob test3 /tmp/external-test3 ) (! checkblob avatar /tmp/external-avatar ) checkblob barely-fits /tmp/external-barely-fits fi # error out if the file is too big (! PASSWORD=EMJuc3zQaMibJo homectl update blob-user -b huge=/tmp/external-toobig ) # error out if filenames are invalid (! PASSWORD=EMJuc3zQaMibJo homectl update blob-user -b .hidden=/tmp/external-test3 ) (! PASSWORD=EMJuc3zQaMibJo homectl update blob-user -b "with spaces=/tmp/external-test3" ) (! PASSWORD=EMJuc3zQaMibJo homectl update blob-user -b with=equals=/tmp/external-test3 ) (! PASSWORD=EMJuc3zQaMibJo homectl update blob-user -b файл=/tmp/external-test3 ) (! PASSWORD=EMJuc3zQaMibJo homectl update blob-user -b special@chars=/tmp/external-test3 ) # Make sure offline updates to blobs get propagated in homectl deactivate blob-user inspect blob-user homectl update blob-user --offline -b barely-fits= -b propagated=/tmp/external-test3 inspect blob-user PASSWORD=EMJuc3zQaMibJo homectl activate blob-user inspect blob-user (! checkblob barely-fits /tmp/external-barely-fits ) checkblob propagated /tmp/external-test3 homectl deactivate blob-user wait_for_state blob-user inactive homectl remove blob-user -- varlinkctl call /run/systemd/userdb/io.systemd.Multiplexer io.systemd.UserDatabase.GetUserRecord '{"uid":2000000,"service":"io.systemd.Multiplexer"}' (! varlinkctl call /run/systemd/userdb/io.systemd.Multiplexer io.systemd.UserDatabase.GetUserRecord '{"userName":"","service":"io.systemd.Multiplexer"}') (! varlinkctl call /run/systemd/userdb/io.systemd.Multiplexer io.systemd.UserDatabase.GetUserRecord '{"userName":"🐱","service":"io.systemd.Multiplexer"}') (! varlinkctl call /run/systemd/userdb/io.systemd.Multiplexer io.systemd.UserDatabase.GetUserRecord '{"userName":"i-do-not-exist","service":"io.systemd.Multiplexer"}') userdbctl ssh-authorized-keys dropinuser | tee /tmp/authorized-keys grep "ssh-ed25519" /tmp/authorized-keys grep "ecdsa-sha2-nistp256" /tmp/authorized-keys echo "my-top-secret-key 🐱" >/tmp/my-top-secret-key userdbctl ssh-authorized-keys dropinuser --chain /bin/cat /tmp/my-top-secret-key | tee /tmp/authorized-keys grep "ssh-ed25519" /tmp/authorized-keys grep "ecdsa-sha2-nistp256" /tmp/authorized-keys grep "my-top-secret-key 🐱" /tmp/authorized-keys (! userdbctl ssh-authorized-keys 🐱) (! userdbctl ssh-authorized-keys dropin-user --chain) (! userdbctl ssh-authorized-keys dropin-user --chain '') (! SYSTEMD_LOG_LEVEL=debug userdbctl ssh-authorized-keys dropin-user --chain /bin/false) -- if command -v ssh &>/dev/null && command -v sshd &>/dev/null && ! [[ -v ASAN_OPTIONS ]]; then at_exit() { set +e systemctl is-active -q mysshserver.socket && systemctl stop mysshserver.socket rm -f /tmp/homed.id_ecdsa /run/systemd/system/mysshserver{@.service,.socket} systemctl daemon-reload homectl remove homedsshtest for dir in /etc /usr/lib; do if [[ -f "$dir/pam.d/sshd.bak" ]]; then mv "$dir/pam.d/sshd.bak" "$dir/pam.d/sshd" -- } trap at_exit EXIT # Test that SSH logins work with delayed unlocking ssh-keygen -N '' -C '' -t ecdsa -f /tmp/homed.id_ecdsa NEWPASSWORD=hunter4711 homectl create \ --disk-size=min \ --luks-discard=yes \ --luks-pbkdf-type=pbkdf2 \ --luks-pbkdf-time-cost=1ms \ --rate-limit-interval=1s \ --rate-limit-burst=1000 \ --enforce-password-policy=no \ --ssh-authorized-keys=@/tmp/homed.id_ecdsa.pub \ --stop-delay=0 \ homedsshtest homectl inspect homedsshtest mkdir -p /etc/ssh -- systemctl daemon-reload systemctl start mysshserver.socket userdbctl user -j homedsshtest ssh -t -t -4 -p 4711 -i /tmp/homed.id_ecdsa \ -o "SetEnv PASSWORD=hunter4711" -o "StrictHostKeyChecking no" \ homedsshtest@localhost echo zzz | tr -d '\r' | tee /tmp/homedsshtest.out grep -E "^zzz$" /tmp/homedsshtest.out rm /tmp/homedsshtest.out ssh -t -t -4 -p 4711 -i /tmp/homed.id_ecdsa \ -o "SetEnv PASSWORD=hunter4711" -o "StrictHostKeyChecking no" \ homedsshtest@localhost env wait_for_state homedsshtest inactive fi Found error in /usr/lib/systemd/tests/testdata/units/TEST-44-LOG-NAMESPACE.sh: $ grep -A5 -B5 /tmp/ /usr/lib/systemd/tests/testdata/units/TEST-44-LOG-NAMESPACE.sh journalctl --namespace=foobar --sync journalctl --namespace=foobaz --sync ls -l /var/log/journal/ journalctl --list-namespaces journalctl -o cat --namespace=foobar >/tmp/hello-world journalctl -o cat >/tmp/no-hello-world journalctl --list-namespaces | grep foobar journalctl --list-namespaces | grep foobaz journalctl --list-namespaces -o json | jq . [[ "$(journalctl --root=/tmp --list-namespaces --quiet)" == "" ]] grep "^hello world$" /tmp/hello-world (! grep "^hello world$" /tmp/no-hello-world) systemd-analyze log-level info touch /testok Found error in /usr/lib/systemd/tests/testdata/units/TEST-29-PORTABLE.directory.sh: $ grep -A5 -B5 /tmp/ /usr/lib/systemd/tests/testdata/units/TEST-29-PORTABLE.directory.sh # If we're running under sanitizers, we need to use a less restrictive # profile, otherwise LSan syscall would get blocked by seccomp ARGS+=(--profile=trusted) fi unsquashfs -dest /tmp/minimal_0 /usr/share/minimal_0.raw unsquashfs -dest /tmp/minimal_1 /usr/share/minimal_1.raw portablectl "${ARGS[@]}" attach --copy=symlink --now --runtime /tmp/minimal_0 minimal-app0 systemctl is-active minimal-app0.service systemctl is-active minimal-app0-foo.service systemctl is-active minimal-app0-bar.service && exit 1 portablectl "${ARGS[@]}" reattach --now --enable --runtime /tmp/minimal_1 minimal-app0 systemctl is-active minimal-app0.service systemctl is-active minimal-app0-bar.service systemctl is-active minimal-app0-foo.service && exit 1 portablectl list | grep -q -F "minimal_1" busctl tree org.freedesktop.portable1 --no-pager | grep -q -F '/org/freedesktop/portable1/image/minimal_5f1' portablectl detach --now --enable --runtime /tmp/minimal_1 minimal-app0 portablectl list | grep -q -F "No images." busctl tree org.freedesktop.portable1 --no-pager | grep -q -F '/org/freedesktop/portable1/image/minimal_5f1' && exit 1 mkdir /tmp/rootdir /tmp/app0 /tmp/app1 /tmp/overlay /tmp/os-release-fix /tmp/os-release-fix/etc mount /tmp/app0.raw /tmp/app0 mount /tmp/app1.raw /tmp/app1 mount /usr/share/minimal_0.raw /tmp/rootdir # Fix up os-release to drop the valid PORTABLE_SERVICES field (because we are # bypassing the sysext logic in portabled here it will otherwise not see the # extensions additional valid prefix) grep -v "^PORTABLE_PREFIXES=" /tmp/rootdir/etc/os-release >/tmp/os-release-fix/etc/os-release mount -t overlay overlay -o lowerdir=/tmp/os-release-fix:/tmp/app1:/tmp/rootdir /tmp/overlay grep . /tmp/overlay/usr/lib/extension-release.d/* grep . /tmp/overlay/etc/os-release portablectl "${ARGS[@]}" attach --copy=symlink --now --runtime /tmp/overlay app1 systemctl is-active app1.service portablectl detach --now --runtime overlay app1 -- [Unit] Description=App 1 EOF systemctl daemon-reload portablectl "${ARGS[@]}" attach --force --copy=symlink --now --runtime /tmp/overlay app1 systemctl is-active app1.service portablectl detach --now --runtime overlay app1 umount /tmp/overlay portablectl "${ARGS[@]}" attach --copy=symlink --now --runtime --extension /tmp/app0 --extension /tmp/app1 /tmp/rootdir app0 app1 systemctl is-active app0.service systemctl is-active app1.service portablectl inspect --cat --extension app0 --extension app1 rootdir app0 app1 | grep -q -f /tmp/rootdir/usr/lib/os-release portablectl inspect --cat --extension app0 --extension app1 rootdir app0 app1 | grep -q -f /tmp/app0/usr/lib/extension-release.d/extension-release.app0 portablectl inspect --cat --extension app0 --extension app1 rootdir app0 app1 | grep -q -f /tmp/app1/usr/lib/extension-release.d/extension-release.app2 portablectl inspect --cat --extension app0 --extension app1 rootdir app0 app1 | grep -q -f /tmp/app1/usr/lib/systemd/system/app1.service portablectl inspect --cat --extension app0 --extension app1 rootdir app0 app1 | grep -q -f /tmp/app0/usr/lib/systemd/system/app0.service grep -q -F "LogExtraFields=PORTABLE=app0" /run/systemd/system.attached/app0.service.d/20-portable.conf grep -q -F "LogExtraFields=PORTABLE_ROOT=rootdir" /run/systemd/system.attached/app0.service.d/20-portable.conf grep -q -F "LogExtraFields=PORTABLE_EXTENSION=app0" /run/systemd/system.attached/app0.service.d/20-portable.conf grep -q -F "LogExtraFields=PORTABLE_EXTENSION_NAME_AND_VERSION=app" /run/systemd/system.attached/app0.service.d/20-portable.conf -- grep -q -F "LogExtraFields=PORTABLE_EXTENSION=app0" /run/systemd/system.attached/app1.service.d/20-portable.conf grep -q -F "LogExtraFields=PORTABLE_EXTENSION_NAME_AND_VERSION=app" /run/systemd/system.attached/app1.service.d/20-portable.conf grep -q -F "LogExtraFields=PORTABLE_EXTENSION=app1" /run/systemd/system.attached/app1.service.d/20-portable.conf grep -q -F "LogExtraFields=PORTABLE_EXTENSION_NAME_AND_VERSION=app_1" /run/systemd/system.attached/app1.service.d/20-portable.conf portablectl detach --clean --now --runtime --extension /tmp/app0 --extension /tmp/app1 /tmp/rootdir app0 app1 # Ensure --clean remove state and other directories belonging to the portable image being detached test ! -d /var/lib/app0 test ! -d /run/app0 # Ensure that mixed mode copies the images and units (client-owned) but symlinks the profile (OS owned) portablectl "${ARGS[@]}" attach --copy=mixed --runtime --extension /tmp/app0 --extension /tmp/app1 /tmp/rootdir app0 app1 test -d /run/portables/app0 test -d /run/portables/app1 test -d /run/portables/rootdir test -f /run/systemd/system.attached/app0.service test -f /run/systemd/system.attached/app1.service test -L /run/systemd/system.attached/app0.service.d/10-profile.conf test -L /run/systemd/system.attached/app1.service.d/10-profile.conf portablectl detach --runtime --extension /tmp/app0 --extension /tmp/app1 /tmp/rootdir app0 app1 # Attempt to disable the app unit during detaching. Requires --copy=symlink to reproduce. # Provides coverage for https://github.com/systemd/systemd/issues/23481 portablectl "${ARGS[@]}" attach --copy=symlink --now --runtime /tmp/rootdir minimal-app0 portablectl detach --now --runtime --enable /tmp/rootdir minimal-app0 # attach and detach again to check if all drop-in configs are removed even if the main unit files are removed portablectl "${ARGS[@]}" attach --copy=symlink --now --runtime /tmp/rootdir minimal-app0 portablectl detach --now --runtime --enable /tmp/rootdir minimal-app0 # The wrong file should be ignored, given the right one has the xattr set trap 'rm -rf /var/cache/wrongext' EXIT mkdir -p /var/cache/wrongext/usr/lib/extension-release.d /var/cache/wrongext/usr/lib/systemd/system/ echo "[Service]" > /var/cache/wrongext/usr/lib/systemd/system/app0.service touch /var/cache/wrongext/usr/lib/extension-release.d/extension-release.wrongext_somethingwrong.txt cp /tmp/rootdir/usr/lib/os-release /var/cache/wrongext/usr/lib/extension-release.d/extension-release.app0 setfattr -n user.extension-release.strict -v "false" /var/cache/wrongext/usr/lib/extension-release.d/extension-release.app0 portablectl "${ARGS[@]}" attach --runtime --extension /var/cache/wrongext /tmp/rootdir app0 status="$(portablectl is-attached --extension wrongext rootdir)" [[ "${status}" == "attached-runtime" ]] portablectl detach --runtime --extension /var/cache/wrongext /tmp/rootdir app0 umount /tmp/rootdir umount /tmp/app0 umount /tmp/app1 Found error in /usr/lib/systemd/tests/testdata/units/TEST-24-CRYPTSETUP.sh: $ grep -A5 -B5 /tmp/ /usr/lib/systemd/tests/testdata/units/TEST-24-CRYPTSETUP.sh at_exit() { set +e mountpoint -q /proc/cmdline && umount /proc/cmdline rm -f /etc/crypttab [[ -e /tmp/crypttab.bak ]] && cp -fv /tmp/crypttab.bak /etc/crypttab [[ -n "${STORE_LOOP:-}" ]] && losetup -d "$STORE_LOOP" [[ -n "${WORKDIR:-}" ]] && rm -rf "$WORKDIR" systemctl daemon-reload } -- cp "$IMAGE_DETACHED_HEADER" "$TMPFS_DETACHED_HEADER/header" udevadm settle --timeout=60 # Prepare our test crypttab [[ -e /etc/crypttab ]] && cp -fv /etc/crypttab /tmp/crypttab.bak cat >/etc/crypttab </tmp/cmdline.tmp mount --bind /tmp/cmdline.tmp /proc/cmdline # Run the systemd-cryptsetup-generator once explicitly, to collect coverage, # as during daemon-reload we run generators in a sandbox mkdir -p /tmp/systemd-cryptsetup-generator.out /usr/lib/systemd/system-generators/systemd-cryptsetup-generator /tmp/systemd-cryptsetup-generator.out/ systemctl daemon-reload systemctl list-unit-files "systemd-cryptsetup@*" cryptsetup_start_and_check empty_key test -e "$IMAGE_EMPTY_KEYFILE_ERASE" Found error in /usr/lib/systemd/tests/testdata/units/TEST-23-UNIT-FILE.ExtraFileDescriptors.sh: $ grep -A5 -B5 /tmp/ /usr/lib/systemd/tests/testdata/units/TEST-23-UNIT-FILE.ExtraFileDescriptors.sh . "$(dirname "$0")"/util.sh at_exit() { set +e rm -rf /tmp/test-extra-fd/ } trap at_exit EXIT mkdir /tmp/test-extra-fd echo "Hello" > /tmp/test-extra-fd/1.txt echo "Extra" > /tmp/test-extra-fd/2.txt systemd-analyze log-level debug # Open files and assign FD to variables exec {TEST_FD1}/tmp/forking1.sh </tmp/forking2.sh </tmp/notify1.sh </tmp/TEST-23-UNIT-FILE.counter if [ "$counter" -eq 5 ] ; then systemctl kill --kill-whom=main -sUSR1 TEST-23-UNIT-FILE.service fi Found error in /usr/lib/systemd/tests/testdata/units/TEST-22-TMPFILES.03.sh: $ grep -A5 -B5 /tmp/ /usr/lib/systemd/tests/testdata/units/TEST-22-TMPFILES.03.sh # # Basic tests for types creating/writing files set -eux set -o pipefail rm -fr /tmp/{f,F,w} mkdir /tmp/{f,F,w} touch /tmp/file-owned-by-root # # 'f' # systemd-tmpfiles --dry-run --create - </tmp/F/truncated echo "This should be truncated" >/tmp/F/truncated-with-content systemd-tmpfiles --create - </tmp/F/rw-fs/foo (! systemd-tmpfiles --create -) </tmp/F/rw-fs/foo (! systemd-tmpfiles --create -) < fails. (! systemd-tmpfiles --create -) < /tmp/C/3/f1 systemd-tmpfiles --create - </tmp/test19-exit-cgroup.sh < sleep sleep infinity & -- (sleep 1; \$1) & # process tree: systemd -> bash -> sleep sleep infinity EOF chmod +x /tmp/test19-exit-cgroup.sh # service should be stopped cleanly systemd-run --wait \ --unit=one \ --property="Type=notify" \ --property="ExitType=cgroup" \ /tmp/test19-exit-cgroup.sh 'systemctl stop one' # same thing with a truthy exec condition systemd-run --wait \ --unit=two \ --property="Type=notify" \ --property="ExitType=cgroup" \ --property="ExecCondition=true" \ /tmp/test19-exit-cgroup.sh 'systemctl stop two' # false exec condition: systemd-run should exit immediately with status code: 1 (! systemd-run --wait \ --unit=three \ --property="Type=notify" \ --property="ExitType=cgroup" \ --property="ExecCondition=false" \ /tmp/test19-exit-cgroup.sh) # service should exit uncleanly (main process exits with SIGKILL) (! systemd-run --wait \ --unit=four \ --property="Type=notify" \ --property="ExitType=cgroup" \ /tmp/test19-exit-cgroup.sh 'systemctl kill --signal 9 four') # Multiple level process tree, parent process exits quickly cat >/tmp/test19-exit-cgroup-parentless.sh < sleep sleep infinity & -- systemd-notify --ready # Run the stop/kill command after this bash process exits (sleep 1; \$1) & EOF chmod +x /tmp/test19-exit-cgroup-parentless.sh # service should be stopped cleanly systemd-run --wait \ --unit=five \ --property="Type=notify" \ --property="ExitType=cgroup" \ /tmp/test19-exit-cgroup-parentless.sh 'systemctl stop five' # service should still exit cleanly despite SIGKILL (the main process already exited cleanly) systemd-run --wait \ --unit=six \ --property="Type=notify" \ --property="ExitType=cgroup" \ /tmp/test19-exit-cgroup-parentless.sh 'systemctl kill --signal 9 six' systemd-analyze log-level info Found error in /usr/lib/systemd/tests/testdata/units/TEST-17-UDEV.SYSTEMD_WANTS-escape.sh: $ grep -A5 -B5 /tmp/ /usr/lib/systemd/tests/testdata/units/TEST-17-UDEV.SYSTEMD_WANTS-escape.sh IFNAME=test-netif-foo at_exit() { set +e rm -f /tmp/output-i /tmp/output-I rm -rf /run/udev/rules.d/ udevadm control --reload rm -f /run/systemd/system/test@.service -- mkdir -p /run/systemd/system/ cat >/run/systemd/system/test@.service </tmp/output-i; echo "I=/%I" >/tmp/output-I' RemainAfterExit=yes EOF systemctl daemon-reload -- udevadm wait --timeout 30 --settle "/sys/class/net/${IFNAME}" assert_eq "$(udevadm info --query=property --property SYSTEMD_WANTS --value "/sys/class/net/${IFNAME}")" "test@${ESCAPED}.service" # The value shown by systemctl is doubly escaped and quoted. assert_eq "$(systemctl show -p Wants --value "${ESCAPED}.device")" "\"test@${SHELL_ESCAPED}.service\"" timeout 30 bash -c 'until [[ -s /tmp/output-i ]] && [[ -s /tmp/output-I ]]; do sleep .5; done' assert_eq "$(cat /tmp/output-i)" "i=${ESCAPED}" assert_eq "$(cat /tmp/output-I)" "I=${SYSPATH}" exit 0 Found error in /usr/lib/systemd/tests/testdata/units/TEST-15-DROPIN.sh: $ grep -A5 -B5 /tmp/ /usr/lib/systemd/tests/testdata/units/TEST-15-DROPIN.sh testcase_symlink_dropin_directory() { # For issue #21920. echo "Testing symlink drop-in directory..." create_services test15-a rmdir /{etc,run,usr/lib}/systemd/system/test15-a.service.d mkdir -p /tmp/TEST-15-DROPIN-test15-a-dropin-directory ln -s /tmp/TEST-15-DROPIN-test15-a-dropin-directory /etc/systemd/system/test15-a.service.d cat >/tmp/TEST-15-DROPIN-test15-a-dropin-directory/override.conf </tmp/cred.path systemd-nspawn --directory="$root" \ --load-credential=cred.path:/tmp/cred.path \ --set-credential="cred.set:hello world" \ bash -xec '[[ "$(/tmp/bind systemd-nspawn --register=no \ --directory="$root" \ --bind=/tmp/bind \ bash -c 'test -e /tmp/bind' rm -fr "$root" /tmp/bind } testcase_norbind() { # https://github.com/systemd/systemd/issues/13170 local root root="$(mktemp -d /var/lib/machines/TEST-13-NSPAWN.norbind-path.XXX)" mkdir -p /tmp/binddir/subdir echo -n "outer" >/tmp/binddir/subdir/file mount -t tmpfs tmpfs /tmp/binddir/subdir echo -n "inner" >/tmp/binddir/subdir/file create_dummy_container "$root" systemd-nspawn --register=no \ --directory="$root" \ --bind=/tmp/binddir:/mnt:norbind \ bash -c 'CONTENT=$(cat /mnt/subdir/file); if [[ $CONTENT != "outer" ]]; then echo "*** unexpected content: $CONTENT"; exit 1; fi' umount /tmp/binddir/subdir rm -fr "$root" /tmp/binddir/ } rootidmap_cleanup() { local dir="${1:?}" -- local root cmd permissions local owner=1000 root="$(mktemp -d /var/lib/machines/TEST-13-NSPAWN.rootidmap-path.XXX)" # Create ext4 image, as ext4 supports idmapped-mounts. mkdir -p /tmp/rootidmap/bind dd if=/dev/zero of=/tmp/rootidmap/ext4.img bs=4k count=2048 mkfs.ext4 /tmp/rootidmap/ext4.img mount /tmp/rootidmap/ext4.img /tmp/rootidmap/bind trap "rootidmap_cleanup /tmp/rootidmap/" RETURN touch /tmp/rootidmap/bind/file chown -R "$owner:$owner" /tmp/rootidmap/bind create_dummy_container "$root" cmd='PERMISSIONS=$(stat -c "%u:%g" /mnt/file); if [[ $PERMISSIONS != "0:0" ]]; then echo "*** wrong permissions: $PERMISSIONS"; return 1; fi; touch /mnt/other_file' if ! SYSTEMD_LOG_TARGET=console \ systemd-nspawn --register=no \ --directory="$root" \ --bind=/tmp/rootidmap/bind:/mnt:rootidmap \ bash -c "$cmd" |& tee nspawn.out; then if grep -q "Failed to map ids for bind mount.*: Function not implemented" nspawn.out; then echo "idmapped mounts are not supported, skipping the test..." return 0 fi return 1 fi permissions=$(stat -c "%u:%g" /tmp/rootidmap/bind/other_file) if [[ $permissions != "$owner:$owner" ]]; then echo "*** wrong permissions: $permissions" [[ "$IS_USERNS_SUPPORTED" == "yes" ]] && return 1 fi } -- local root cmd permissions local owner=1000 root="$(mktemp -d /var/lib/machines/TEST-13-NSPAWN.owneridmap-path.XXX)" # Create ext4 image, as ext4 supports idmapped-mounts. mkdir -p /tmp/owneridmap/bind dd if=/dev/zero of=/tmp/owneridmap/ext4.img bs=4k count=2048 mkfs.ext4 /tmp/owneridmap/ext4.img mount /tmp/owneridmap/ext4.img /tmp/owneridmap/bind trap "owneridmap_cleanup /tmp/owneridmap/" RETURN touch /tmp/owneridmap/bind/file chown -R "$owner:$owner" /tmp/owneridmap/bind # Allow users to read and execute / in order to execute binaries chmod o+rx "$root" create_dummy_container "$root" -- if ! SYSTEMD_LOG_TARGET=console \ systemd-nspawn --register=no \ --directory="$root" \ -U \ --user=testuser \ --bind=/tmp/owneridmap/bind:/home/testuser:owneridmap \ ${COVERAGE_BUILD_DIR:+--bind="$COVERAGE_BUILD_DIR"} \ /usr/bin/bash -c "$cmd" |& tee nspawn.out; then if grep -q "Failed to map ids for bind mount.*: Function not implemented" nspawn.out; then echo "idmapped mounts are not supported, skipping the test..." return 0 fi return 1 fi permissions=$(stat -c "%u:%g" /tmp/owneridmap/bind/other_file) if [[ $permissions != "$owner:$owner" ]]; then echo "*** wrong permissions: $permissions" [[ "$IS_USERNS_SUPPORTED" == "yes" ]] && return 1 fi } -- create_dummy_container "$root" entrypoint="$root/entrypoint.sh" cat >"$entrypoint" <<\EOF #!/usr/bin/bash -ex . /tmp/os-release [[ -n "${ID:-}" && "$ID" != "$container_host_id" ]] && exit 1 [[ -n "${VERSION_ID:-}" && "$VERSION_ID" != "$container_host_version_id" ]] && exit 1 [[ -n "${BUILD_ID:-}" && "$BUILD_ID" != "$container_host_build_id" ]] && exit 1 [[ -n "${VARIANT_ID:-}" && "$VARIANT_ID" != "$container_host_variant_id" ]] && exit 1 -- echo MARKER=1 >>/etc/os-release fi systemd-nspawn --register=no \ --directory="$root" \ --bind="$os_release_source:/tmp/os-release" \ "${entrypoint##"$root"}" if grep -q MARKER /etc/os-release; then ln -svrf /usr/lib/os-release /etc/os-release fi -- rm -fr "$root" } testcase_machinectl_bind() { local service_path service_name root container_name ec local cmd='for i in $(seq 1 20); do if test -f /tmp/marker; then exit 0; fi; sleep .5; done; exit 1;' root="$(mktemp -d /var/lib/machines/TEST-13-NSPAWN.machinectl-bind.XXX)" create_dummy_container "$root" container_name="$(basename "$root")" -- ExecStart=systemd-nspawn --directory="$root" --notify-ready=no /usr/bin/bash -xec "$cmd" EOF systemctl daemon-reload systemctl start "$service_name" touch /tmp/marker machinectl bind --mkdir "$container_name" /tmp/marker timeout 10 bash -c "while [[ '\$(systemctl show -P SubState $service_name)' == running ]]; do sleep .2; done" ec="$(systemctl show -P ExecMainStatus "$service_name")" systemctl stop "$service_name" -- mkdir -p /run/systemd/nspawn/ rm -f "/etc/systemd/nspawn/$container_name.nspawn" cat >"/run/systemd/nspawn/$container_name.nspawn" <"/var/lib/machines/$NSPAWN_FRAGMENT" </tmp/fragment.nspawn </tmp/expected varlinkctl call /run/systemd/machine/io.systemd.Machine io.systemd.Machine.List "{\"pid\":$pid}" | diff /tmp/expected - varlinkctl call /run/systemd/machine/io.systemd.Machine io.systemd.Machine.List "{\"name\":\"long-running\", \"pid\":$pid}" | diff /tmp/expected - (! varlinkctl call /run/systemd/machine/io.systemd.Machine io.systemd.Machine.List "{\"name\":\"non-existent\", \"pid\":$pid}") (! varlinkctl call /run/systemd/machine/io.systemd.Machine io.systemd.Machine.List '{"name":""}') (! varlinkctl call /run/systemd/machine/io.systemd.Machine io.systemd.Machine.List '{"name":"ah@??.hmm"}') # test io.systemd.Machine.Kill -- varlinkctl call /run/systemd/machine/io.systemd.Machine io.systemd.Machine.Open '{"name": ".host", "mode": "tty"}' varlinkctl call /run/systemd/machine/io.systemd.Machine io.systemd.Machine.Open '{"name": ".host", "mode": "login"}' varlinkctl call /run/systemd/machine/io.systemd.Machine io.systemd.Machine.Open '{"name": ".host", "mode": "shell"}' rm -f /tmp/none-existent-file varlinkctl call /run/systemd/machine/io.systemd.Machine io.systemd.Machine.Open '{"name": ".host", "mode": "shell", "user": "root", "path": "/bin/sh", "args": ["/bin/sh", "-c", "echo $FOO > /tmp/none-existent-file"], "environment": ["FOO=BAR"]}' timeout 30 bash -c "until test -e /tmp/none-existent-file; do sleep .5; done" grep -q "BAR" /tmp/none-existent-file # test io.systemd.MachineImage.List varlinkctl --more call /run/systemd/machine/io.systemd.MachineImage io.systemd.MachineImage.List '{}' | grep 'long-running' varlinkctl --more call /run/systemd/machine/io.systemd.MachineImage io.systemd.MachineImage.List '{}' | grep '.host' varlinkctl call /run/systemd/machine/io.systemd.MachineImage io.systemd.MachineImage.List '{"name":"long-running"}' Found error in /usr/lib/systemd/tests/testdata/units/TEST-07-PID1.private-pids.sh: $ grep -A5 -B5 /tmp/ /usr/lib/systemd/tests/testdata/units/TEST-07-PID1.private-pids.sh # Unmount any file systems if [[ "$HAS_EXISTING_SCSI_MOUNT" == "no" ]]; then umount /proc/scsi fi umount /tmp/TEST-07-PID1-private-pids-proc rm -rf /tmp/TEST-07-PID1-private-pids-proc # Remove any test files rm -rf /tmp/TEST-07-PID1-private-pids-services rm -rf /tmp/TEST-07-PID1-private-pids-root # Stop any test services systemctl kill --signal=KILL TEST-07-PID1-private-pid.service # Remove any failed transient units systemctl reset-failed } -- assert_eq "$(systemctl show -P ExecMainStatus TEST-07-PID1-private-pid.service)" "9" systemctl reset-failed } testcase_analyze() { mkdir -p /tmp/TEST-07-PID1-private-pids-services # Verify other services are compatible with PrivatePIDs=yes cat </tmp/TEST-07-PID1-private-pids-services/oneshot-valid.service [Service] ExecStart=echo hello PrivatePIDs=yes Type=oneshot EOF # Verify Type=forking services are not compatible with PrivatePIDs=yes cat </tmp/TEST-07-PID1-private-pids-services/forking-invalid.service [Service] ExecStart=echo hello PrivatePIDs=yes Type=forking EOF systemd-analyze --recursive-errors=no verify /tmp/TEST-07-PID1-private-pids-services/oneshot-valid.service (! systemd-analyze --recursive-errors=no verify /tmp/TEST-07-PID1-private-pids-services/forking-invalid.service) rm -rf /tmp/TEST-07-PID1-private-pids-services } testcase_multiple_features() { unsquashfs -no-xattrs -d /tmp/TEST-07-PID1-private-pids-root /usr/share/minimal_0.raw systemd-run \ -p PrivatePIDs=yes \ -p RootDirectory=/tmp/TEST-07-PID1-private-pids-root \ -p ProcSubset=pid \ -p BindReadOnlyPaths=/usr/share \ -p NoNewPrivileges=yes \ -p ProtectSystem=strict \ -p User=testuser\ -- -p Environment=ABC=QED \ --wait \ --pipe \ grep MARKER=1 /etc/os-release rm -rf /tmp/TEST-07-PID1-private-pids-root } testcase_unpriv() { if [ ! -f /usr/lib/systemd/user/dbus.socket ] && [ ! -f /etc/systemd/user/dbus.socket ]; then echo "Per-user instances are not supported, skipping unprivileged PrivatePIDs=yes test" -- # be at least 1 unmasked procfs mount in ANY directory. Otherwise, if /proc/ is masked (e.g. /proc/scsi is # over-mounted with tmpfs), then mounting a new /proc/ will fail. # # Thus, to guarantee PrivatePIDs=yes tests for unprivileged users pass, we mount a new procfs on a temporary # directory with no masking. This will guarantee an unprivileged user can mount a new /proc/ successfully. mkdir -p /tmp/TEST-07-PID1-private-pids-proc mount -t proc proc /tmp/TEST-07-PID1-private-pids-proc # Verify running as unprivileged user can unshare PID namespace and mounts /proc properly. assert_eq "$(runas testuser systemd-run --wait --user --pipe -p PrivatePIDs=yes readlink /proc/self)" "1" assert_eq "$(runas testuser systemd-run --wait --user --pipe -p PrivatePIDs=yes ps aux --no-heading | wc -l)" "1" umount /tmp/TEST-07-PID1-private-pids-proc rm -rf /tmp/TEST-07-PID1-private-pids-proc # Now we will mask /proc/ by mounting tmpfs over /proc/scsi. This will guarantee that mounting /proc/ will fail # for unprivileged users when using PrivatePIDs=yes. Now units should fail as PrivatePIDs=yes has no graceful # fallback. # Found error in /usr/lib/systemd/tests/testdata/units/TEST-07-PID1.main-PID-change.sh: $ grep -A5 -B5 /tmp/ /usr/lib/systemd/tests/testdata/units/TEST-07-PID1.main-PID-change.sh # Update it back to our own PID, this should also work systemd-notify --uid=1000 MAINPID="$MAINPID" test "$(systemctl show -P MainPID TEST-07-PID1.service)" -eq "$MAINPID" cat >/tmp/test-mainpid.sh <<\EOF #!/usr/bin/env bash set -eux set -o pipefail -- sleep infinity & disown echo $MAINPID >/run/mainpidsh/pid EOF chmod +x /tmp/test-mainpid.sh systemd-run --unit=test-mainpidsh.service \ -p StandardOutput=tty \ -p StandardError=tty \ -p Type=forking \ -p RuntimeDirectory=mainpidsh \ -p PIDFile=/run/mainpidsh/pid \ /tmp/test-mainpid.sh test "$(systemctl show -P MainPID test-mainpidsh.service)" -eq "$(cat /run/mainpidsh/pid)" cat >/tmp/test-mainpid2.sh <<\EOF #!/usr/bin/env bash set -eux set -o pipefail -- disown echo $MAINPID >/run/mainpidsh2/pid chown 1001:1001 /run/mainpidsh2/pid EOF chmod +x /tmp/test-mainpid2.sh systemd-run --unit=test-mainpidsh2.service \ -p StandardOutput=tty \ -p StandardError=tty \ -p Type=forking \ -p RuntimeDirectory=mainpidsh2 \ -p PIDFile=/run/mainpidsh2/pid \ /tmp/test-mainpid2.sh test "$(systemctl show -P MainPID test-mainpidsh2.service)" -eq "$(cat /run/mainpidsh2/pid)" cat >/dev/shm/test-mainpid3.sh </tmp/output [[ $(wc -l /dev/null # -b always behaves like -b0 journalctl -q -b-1 -b0 | head -1 >/tmp/expected journalctl -q -b-1 -b | head -1 >/tmp/output diff /tmp/expected /tmp/output # ... even when another option follows (both of these should fail due to -m) { journalctl -ball -b0 -m 2>&1 || :; } | head -1 >/tmp/expected { journalctl -ball -b -m 2>&1 || :; } | head -1 >/tmp/output diff /tmp/expected /tmp/output # https://github.com/systemd/systemd/issues/13708 ID=$(systemd-id128 new) systemd-cat -t "$ID" bash -c 'echo parent; (echo child) & wait' & PID=$! wait $PID journalctl --sync # We can drop this grep when https://github.com/systemd/systemd/issues/13937 # has a fix. journalctl -b -o export -t "$ID" --output-fields=_PID | grep '^_PID=' >/tmp/output [[ $(wc -l /tmp/expected systemd-cat -t "$ID" /bin/sh -c 'env echo -n "This will";echo;env echo -n "usually fail";echo;env echo -n "and be truncated";echo;' journalctl --sync journalctl -b -o cat -t "$ID" >/tmp/output diff /tmp/expected /tmp/output [[ $(journalctl -b -o cat -t "$ID" --output-fields=_TRANSPORT | grep -Pc "^stdout$") -eq 3 ]] [[ $(journalctl -b -o cat -t "$ID" --output-fields=_LINE_BREAK | grep -Pc "^pid-change$") -eq 3 ]] [[ $(journalctl -b -o cat -t "$ID" --output-fields=_PID | sort -u | grep -c "^.*$") -eq 3 ]] [[ $(journalctl -b -o cat -t "$ID" --output-fields=MESSAGE | grep -Pc "^(This will|usually fail|and be truncated)$") -eq 3 ]] -- systemctl start forever-print-hola sleep 3 systemctl restart systemd-journald sleep 3 systemctl stop forever-print-hola [[ ! -f "/tmp/i-lose-my-logs" ]] # https://github.com/systemd/systemd/issues/4408 rm -f /tmp/i-lose-my-logs systemctl start forever-print-hola sleep 3 systemctl kill --signal=SIGKILL systemd-journald sleep 3 [[ ! -f "/tmp/i-lose-my-logs" ]] systemctl stop forever-print-hola set +o pipefail # https://github.com/systemd/systemd/issues/15528 journalctl --follow --file=/var/log/journal/*/* | head -n1 | grep . # https://github.com/systemd/systemd/issues/24565 journalctl --follow --merge | head -n1 | grep . set -o pipefail # https://github.com/systemd/systemd/issues/26746 rm -f /tmp/issue-26746-log /tmp/issue-26746-cursor ID="$(systemd-id128 new)" journalctl -t "$ID" --follow --cursor-file=/tmp/issue-26746-cursor | tee /tmp/issue-26746-log & systemd-cat -t "$ID" /bin/sh -c 'echo hogehoge' # shellcheck disable=SC2016 timeout 10 bash -c 'until [[ -f /tmp/issue-26746-log && "$(cat /tmp/issue-26746-log)" =~ hogehoge ]]; do sleep .5; done' pkill -TERM journalctl timeout 10 bash -c 'until test -f /tmp/issue-26746-cursor; do sleep .5; done' CURSOR_FROM_FILE="$(cat /tmp/issue-26746-cursor)" CURSOR_FROM_JOURNAL="$(journalctl -t "$ID" --output=export MESSAGE=hogehoge | sed -n -e '/__CURSOR=/ { s/__CURSOR=//; p }')" test "$CURSOR_FROM_FILE" = "$CURSOR_FROM_JOURNAL" # Check that the seqnum field at least superficially works systemd-cat echo "ya" -- while read -r file; do filename="${file##*/}" unzstd "$file" -o "$JOURNAL_DIR/${filename%*.zst}" done < <(find /usr/lib/systemd/tests/testdata/test-journals/no-rtc -name "*.zst") journalctl --directory="$JOURNAL_DIR" --list-boots --output=json >/tmp/lb1 diff -u /tmp/lb1 - <<'EOF' [{"index":-3,"boot_id":"5ea5fc4f82a14186b5332a788ef9435e","first_entry":1666569600994371,"last_entry":1666584266223608},{"index":-2,"boot_id":"bea6864f21ad4c9594c04a99d89948b0","first_entry":1666569601005945,"last_entry":1666584347230411},{"index":-1,"boot_id":"4c708e1fd0744336be16f3931aa861fb","first_entry":1666569601017222,"last_entry":1666584354649355},{"index":0,"boot_id":"35e8501129134edd9df5267c49f744a4","first_entry":1666569601009823,"last_entry":1666584438086856}] EOF rm -rf "$JOURNAL_DIR" /tmp/lb1 # Check that using --after-cursor/--cursor-file= together with journal filters doesn't # skip over entries matched by the filter # See: https://github.com/systemd/systemd/issues/30288 UNIT_NAME="test-cursor-$RANDOM.service" Found error in /usr/lib/systemd/tests/testdata/units/TEST-04-JOURNAL.journal-remote.sh: $ grep -A5 -B5 /tmp/ /usr/lib/systemd/tests/testdata/units/TEST-04-JOURNAL.journal-remote.sh # Generate a self-signed certificate for systemd-journal-remote # # Note: older OpenSSL requires a config file with some extra options, unfortunately # Note2: /run here is used on purpose, since the systemd-journal-remote service uses PrivateTmp=yes mkdir -p /run/systemd/journal-remote-tls cat >/tmp/openssl.conf <"$LOG_FILE" awk '!/^(data: \{.+\}|)$/ { exit 1; }' "$LOG_FILE" # Same thing as journalctl --output=export mkdir /tmp/remote-journal curl -LSfs --header "Accept: application/vnd.fdo.journal" http://localhost:19531/entries >"$LOG_FILE" /usr/lib/systemd/systemd-journal-remote --output=/tmp/remote-journal/system.journal --split-mode=none "$LOG_FILE" journalctl --directory=/tmp/remote-journal -t "$TEST_TAG" --grep "$TEST_MESSAGE" rm -rf /tmp/remote-journal/* # Let's do the same thing again, but let systemd-journal-remote spawn curl itself /usr/lib/systemd/systemd-journal-remote --url=http://localhost:19531/entries \ --output=/tmp/remote-journal/system.journal \ --split-mode=none journalctl --directory=/tmp/remote-journal -t "$TEST_TAG" --grep "$TEST_MESSAGE" rm -rf /tmp/remote-journal # /machine curl -LSfs http://localhost:19531/machine >"$LOG_FILE" jq . "$LOG_FILE" -- fi # Generate a self-signed certificate for systemd-journal-gatewayd # # Note: older OpenSSL requires a config file with some extra options, unfortunately cat >/tmp/openssl.conf < /tmp/syncfifo1 } export SYSTEMD_LOG_LEVEL=debug echo "toplevel PID: $BASHPID"; fail volumes-profile-alt-server-v-1.1-alt1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/install2/initinstall.d/10-vm-profile.sh: $ grep /tmp/ /usr/share/install2/initinstall.d/10-vm-profile.sh #!/bin/sh # see also http://www.altlinux.org/Autoinstall message() { echo "vm-profile: $*" >>/tmp/vm-profile.log; } ROOT_MIN=7 # In Gb VAR_MIN=1 # In Gb mem="$(sed '/^MemTotal/s/[^0-9]//gp' /proc/meminfo)" # in kB; info menu-2.1.41-alt25.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/doc/menu-2.1.41/examples/cat: $ grep /tmp/ /usr/share/doc/menu-2.1.41/examples/cat #!/bin/sh cat > /tmp/menu-stdin exit 0 #In the good old days of menu-0 compatibility, one had to use: # #This file can be very usefull when you want to run one particular # #menu-method file several times, without running any of the others. # #In order to do so, do: # # - cp ./cat /etc/menu-methods/ # # - run update-menus so that the "cat" menu-method gets executed. # # Now you've got /tmp/menu-stdin. # # - With this file, you don't need update-menus at all any more, and you # # can symply run your hand-written "menu-test" menu-method by typing: # # ./menu-test < /tmp/menu-stdin # # # # The advantage of doing this is # # - none of the other menu-method files get excecuted (speedup) # # - update-menus doesn't need to open some hundred menu-entry files # # every time you test a change in your menu-method file. # # (speedup) # compat="menu-1" # command="cat > /tmp/menu-stdin"; info python3-module-dialog-3.4.0-alt2.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/doc/python3-module-dialog-3.4.0/examples/with-autowidgetsize/demo.py: $ grep /tmp/ /usr/share/doc/python3-module-dialog-3.4.0/examples/with-autowidgetsize/demo.py easily append data. With the {widget} widget, you can see the data stream \ flow in real time. To create a FIFO, you can use the commmand mkfifo(1), like this: % mkfifo /tmp/my_shiny_new_fifo Then, you can cat(1) data to the FIFO like this: % cat >>/tmp/my_shiny_new_fifo First line of text Second line of text ... You can end the input to cat(1) by typing Ctrl-D at the beginning of a \ Found error in /usr/share/doc/python3-module-dialog-3.4.0/examples/demo.py: $ grep /tmp/ /usr/share/doc/python3-module-dialog-3.4.0/examples/demo.py easily append data. With the {widget} widget, you can see the data stream \ flow in real time. To create a FIFO, you can use the commmand mkfifo(1), like this: % mkfifo /tmp/my_shiny_new_fifo Then, you can cat(1) data to the FIFO like this: % cat >>/tmp/my_shiny_new_fifo First line of text Second line of text ... You can end the input to cat(1) by typing Ctrl-D at the beginning of a \;