test: add integration test that makes sure unpriv creds work correctly

This checks both the per-user credstore directory logic, and that
unprivileged, encrypted credentials work.

src/test/test-execute.c

@@ -1398,6 +1398,10 @@ static void run_tests(RuntimeScope scope, char **patterns) {
         ASSERT_NOT_NULL(unit_paths = strjoin(PRIVATE_UNIT_DIR, ":", user_runtime_unit_dir));
         ASSERT_OK(setenv_unit_path(unit_paths));
 
+        /* Write credential for test-execute-load-credential to the fake runtime dir, too */
+        _cleanup_free_ char *j = ASSERT_PTR(path_join(runtime_dir, "credstore/test-execute.load-credential"));
+        ASSERT_OK(write_string_file(j, "foo", WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_MKDIR_0755));
+
         r = manager_new(scope, MANAGER_TEST_RUN_BASIC, &m);
         if (manager_errno_skip_test(r))
                 return (void) log_tests_skipped_errno(r, "manager_new");

test/units/TEST-54-CREDS.sh

@@ -490,7 +490,7 @@ cmp /tmp/vlcredsdata /tmp/vlcredsdata2
 rm /tmp/vlcredsdata /tmp/vlcredsdata2
 
 clean_usertest() {
-    rm -f /tmp/usertest.data /tmp/usertest.data
+    rm -f /tmp/usertest.data /tmp/usertest.data /tmp/brummbaer.data
 }
 
 trap clean_usertest EXIT
@@ -520,6 +520,12 @@ XDG_RUNTIME_DIR=/run/user/0 systemd-run --pipe --user --unit=waldi.service -p Lo
 # Test mount unit with credential
 test_mount_with_credential
 
+# Fully unpriv operation
+dd if=/dev/urandom of=/tmp/brummbaer.data bs=4096 count=1
+run0 -u testuser --pipe mkdir -p /home/testuser/.config/credstore.encrypted
+run0 -u testuser --pipe systemd-creds encrypt --user --name=brummbaer - /home/testuser/.config/credstore.encrypted/brummbaer < /tmp/brummbaer.data
+run0 -u testuser --pipe systemd-run --user --pipe -p ImportCredential=brummbaer systemd-creds cat brummbaer | cmp /tmp/brummbaer.data
+
 systemd-analyze log-level info
 
 touch /testok