Restructure project layout for better CI/CD integration

- Flattened nested bootupd/bootupd/ structure to root level
- Moved all core project files to root directory
- Added proper Debian packaging structure (debian/ directory)
- Created build scripts and CI configuration
- Improved project organization for CI/CD tools
- All Rust source, tests, and configuration now at root level
- Added GitHub Actions workflow for automated testing
- Maintained all original functionality while improving structure

tests/e2e-update/e2e-update-in-vm.sh

@@ -0,0 +1,110 @@
+#!/bin/bash
+# Run inside the vm spawned from e2e.sh
+set -euo pipefail
+
+dn=$(cd $(dirname $0) && pwd)
+bn=$(basename $0)
+. ${dn}/../kola/data/libtest.sh
+
+cd $(mktemp -d)
+
+echo "Starting $0"
+
+current_commit=$(rpm-ostree status --json | jq -r .deployments[0].checksum)
+
+stampfile=/etc/${bn}.upgraded
+if ! test -f ${stampfile}; then
+    if test "${current_commit}" = ${TARGET_COMMIT}; then
+        fatal "already at ${TARGET_COMMIT}"
+    fi
+
+    current_grub=$(rpm -q --queryformat='%{nevra}\n' ${TARGET_GRUB_NAME})
+    if test "${current_grub}" == "${TARGET_GRUB_PKG}"; then
+        fatal "Current grub ${current_grub} is same as target ${TARGET_GRUB_PKG}"
+    fi
+
+    # FIXME
+    # https://github.com/coreos/rpm-ostree/issues/2210
+    runv setenforce 0
+    runv rpm-ostree rebase /run/cosadir/tmp/repo:${TARGET_COMMIT}
+    runv touch ${stampfile}
+    runv systemd-run -- systemctl reboot
+    touch /run/rebooting
+    sleep infinity
+else
+    if test "${current_commit}" != ${TARGET_COMMIT}; then
+        fatal "not at ${TARGET_COMMIT}"
+    fi
+fi
+
+# We did setenforce 0 above for https://github.com/coreos/rpm-ostree/issues/2210
+# Validate that on reboot we're still enforcing.
+semode=$(getenforce)
+if test "$semode" != Enforcing; then
+    fatal "SELinux mode is ${semode}"
+fi
+
+if ! test -n "${TARGET_GRUB_PKG}"; then
+    fatal "Missing TARGET_GRUB_PKG"
+fi
+
+bootupctl validate
+ok validate
+
+bootupctl status | tee out.txt
+assert_file_has_content_literal out.txt 'Component EFI'
+assert_file_has_content_literal out.txt '  Installed: grub2-efi-x64-'
+assert_not_file_has_content out.txt '  Installed:.*test-bootupd-payload'
+assert_not_file_has_content out.txt '  Installed:.*'"${TARGET_GRUB_PKG}"
+assert_file_has_content out.txt 'Update: Available:.*'"${TARGET_GRUB_PKG}"
+assert_file_has_content out.txt 'Update: Available:.*test-bootupd-payload-1.0'
+bootupctl status --print-if-available > out.txt
+assert_file_has_content_literal 'out.txt' 'Updates available: BIOS EFI'
+ok update avail
+
+# Mount the EFI partition.
+tmpefimount=$(mount_tmp_efi)
+
+assert_not_has_file ${tmpefimount}/EFI/fedora/test-bootupd.efi
+
+if env FAILPOINTS='update::exchange=return' bootupctl update -vvv 2>err.txt; then
+    fatal "should have errored"
+fi
+assert_file_has_content err.txt "error: .*synthetic failpoint"
+
+bootupctl update -vvv | tee out.txt
+assert_file_has_content out.txt "Previous EFI: .*"
+assert_file_has_content out.txt "Updated EFI: ${TARGET_GRUB_PKG}.*,test-bootupd-payload-1.0"
+
+assert_file_has_content ${tmpefimount}/EFI/fedora/test-bootupd.efi test-payload
+
+bootupctl status --print-if-available > out.txt
+if test -s out.txt; then
+    fatal "Found available updates: $(cat out.txt)"
+fi
+ok update not avail
+
+mount -o remount,rw /boot
+rm -f /boot/bootupd-state.json
+bootupctl adopt-and-update | tee out.txt
+assert_file_has_content out.txt "Adopted and updated: BIOS: .*"
+assert_file_has_content out.txt "Adopted and updated: EFI: .*"
+bootupctl validate
+ok adopt-and-update
+
+# Verify the adoption does not fail when install files if they are missing on the disk.
+# see https://github.com/coreos/bootupd/issues/762
+rm -f /boot/bootupd-state.json
+[ -f "${tmpefimount}/EFI/fedora/test-bootupd.efi" ] && rm -f ${tmpefimount}/EFI/fedora/test-bootupd.efi
+bootupctl adopt-and-update | tee out.txt
+assert_file_has_content out.txt "Adopted and updated: BIOS: .*"
+assert_file_has_content out.txt "Adopted and updated: EFI: .*"
+if bootupctl validate 2>err.txt; then
+  fatal "unexpectedly passed validation"
+fi
+
+tap_finish
+touch /run/testtmp/success
+sync
+# TODO maybe try to make this use more of the exttest infrastructure?
+exec poweroff -ff

tests/e2e-update/e2e-update.sh

@@ -0,0 +1,123 @@
+#!/bin/bash
+# Given a coreos-assembler dir (COSA_DIR) and assuming
+# the current dir is a git repository for bootupd,
+# synthesize a test update and upgrade to it.  This
+# assumes that the latest cosa build is using the
+# code we want to test (as happens in CI).
+set -euo pipefail
+
+dn=$(cd $(dirname $0) && pwd)
+testprefix=$(cd ${dn} && git rev-parse --show-prefix)
+. ${dn}/../kola/data/libtest.sh
+. ${dn}/testrpmbuild.sh
+
+if test -z "${COSA_DIR:-}"; then
+    fatal "COSA_DIR must be set"
+fi
+# Validate source directory
+bootupd_git=$(cd ${dn} && git rev-parse --show-toplevel)
+# https://github.com/coreos/bootupd/issues/551
+! test -f ${bootupd_git}/systemd/bootupd.service
+
+testtmp=$(mktemp -d -p /var/tmp bootupd-e2e.XXXXXXX)
+export test_tmpdir=${testtmp}
+
+# This is new content for our update
+test_bootupd_payload_file=/boot/efi/EFI/fedora/test-bootupd.efi
+test_bootupd_payload_file1=/boot/efi/EFI/BOOT/test-bootupd1.efi
+build_rpm test-bootupd-payload \
+  files "${test_bootupd_payload_file}
+         ${test_bootupd_payload_file1}" \
+  install "mkdir -p %{buildroot}/$(dirname ${test_bootupd_payload_file})
+           echo test-payload > %{buildroot}/${test_bootupd_payload_file}
+           mkdir -p %{buildroot}/$(dirname ${test_bootupd_payload_file1})
+           echo test-payload1 > %{buildroot}/${test_bootupd_payload_file1}"
+
+# Start in cosa dir
+cd ${COSA_DIR}
+test -d builds
+
+overrides=${COSA_DIR}/overrides
+test -d "${overrides}"
+mkdir -p ${overrides}/rpm
+add_override() {
+    override=$1
+    shift
+    # This relies on "gold" grub not being pruned, and different from what's
+    # in the latest fcos
+    (cd ${overrides}/rpm && runv koji download-build --arch=noarch --arch=$(arch) ${override})
+}
+
+if test -z "${e2e_skip_build:-}"; then
+    echo "Building starting image"
+    rm -f ${overrides}/rpm/*.rpm
+    # Version from F42 prior to GA
+    add_override grub2-2.12-26.fc42
+    runv cosa build
+    prev_image=$(runv cosa meta --image-path qemu)
+    # Modify manifest to include `test-bootupd-payload` RPM
+    runv git -C src/config checkout manifest.yaml # first make sure it's clean
+    echo "packages: [test-bootupd-payload]" >> src/config/manifest.yaml
+    rm -f ${overrides}/rpm/*.rpm
+    echo "Building update ostree"
+    # Latest (current) version in F42
+    add_override grub2-2.12-28.fc42
+    mv ${test_tmpdir}/yumrepo/packages/$(arch)/*.rpm ${overrides}/rpm/
+    # Only build ostree update
+    runv cosa build ostree
+    # Undo manifest modification
+    runv git -C src/config checkout manifest.yaml
+fi
+echo "Preparing test"
+grubarch=
+case $(arch) in
+    x86_64) grubarch=x64;;
+    aarch64) grubarch=aa64;;
+    *) fatal "Unhandled arch $(arch)";;
+esac
+target_grub_name=grub2-efi-${grubarch}
+target_grub_pkg=$(rpm -qp --queryformat='%{nevra}\n' ${overrides}/rpm/${target_grub_name}-2*.rpm)
+target_commit=$(cosa meta --get-value ostree-commit)
+echo "Target commit: ${target_commit}"
+# For some reason 9p can't write to tmpfs
+
+cat >${testtmp}/test.bu << EOF
+variant: fcos
+version: 1.0.0
+systemd:
+  units:
+    - name: bootupd-test.service
+      enabled: true
+      contents: |
+        [Unit]
+        RequiresMountsFor=/run/testtmp
+        [Service]
+        Type=oneshot
+        RemainAfterExit=yes
+        Environment=TARGET_COMMIT=${target_commit}
+        Environment=TARGET_GRUB_NAME=${target_grub_name}
+        Environment=TARGET_GRUB_PKG=${target_grub_pkg}
+        Environment=SRCDIR=/run/bootupd-source
+        # Run via shell because selinux denies systemd writing to 9p apparently
+        ExecStart=/bin/sh -c '/run/bootupd-source/${testprefix}/e2e-update-in-vm.sh &>>/run/testtmp/out.txt; test -f /run/rebooting || poweroff -ff'
+        [Install]
+        WantedBy=multi-user.target
+EOF
+runv butane -o ${testtmp}/test.ign ${testtmp}/test.bu
+cd ${testtmp}
+qemuexec_args=(kola qemuexec --propagate-initramfs-failure --qemu-image "${prev_image}" --qemu-firmware uefi \
+    -i test.ign --bind-ro ${COSA_DIR},/run/cosadir --bind-ro ${bootupd_git},/run/bootupd-source --bind-rw ${testtmp},/run/testtmp)
+if test -n "${e2e_debug:-}"; then
+    runv ${qemuexec_args[@]} --devshell
+else
+    runv timeout 5m "${qemuexec_args[@]}" --console-to-file ${COSA_DIR}/tmp/console.txt
+fi
+if ! test -f ${testtmp}/success; then
+    if test -s ${testtmp}/out.txt; then
+        sed -e 's,^,# ,' < ${testtmp}/out.txt
+    else
+        echo "No out.txt created, systemd unit failed to start"
+    fi
+    fatal "test failed"
+fi
+echo "ok bootupd e2e"

tests/e2e-update/testrpmbuild.sh

@@ -0,0 +1,142 @@
+# Copied from rpm-ostree
+
+# builds a new RPM and adds it to the testdir's repo
+# $1 - name
+# $2+ - optional, treated as directive/value pairs
+build_rpm() {
+    local name=$1; shift
+    # Unset, not zero https://github.com/projectatomic/rpm-ostree/issues/349
+    local epoch=""
+    local version=1.0
+    local release=1
+    local arch=x86_64
+
+    mkdir -p $test_tmpdir/yumrepo/{specs,packages}
+    local spec=$test_tmpdir/yumrepo/specs/$name.spec
+
+    # write out the header
+    cat > $spec << EOF
+Name: $name
+Summary: %{name}
+License: GPLv2+
+EOF
+
+    local build= install= files= pretrans= pre= post= posttrans= post_args=
+    local verifyscript= uinfo=
+    local transfiletriggerin= transfiletriggerin_patterns=
+    local transfiletriggerin2= transfiletriggerin2_patterns=
+    local transfiletriggerun= transfiletriggerun_patterns=
+    while [ $# -ne 0 ]; do
+        local section=$1; shift
+        local arg=$1; shift
+        case $section in
+        requires)
+            echo "Requires: $arg" >> $spec;;
+        recommends)
+            echo "Recommends: $arg" >> $spec;;
+        provides)
+            echo "Provides: $arg" >> $spec;;
+        conflicts)
+            echo "Conflicts: $arg" >> $spec;;
+        post_args)
+            post_args="$arg";;
+        version|release|epoch|arch|build|install|files|pretrans|pre|post|posttrans|verifyscript|uinfo)
+            declare $section="$arg";;
+        transfiletriggerin)
+            transfiletriggerin_patterns="$arg";
+            declare $section="$1"; shift;;
+        transfiletriggerin2)
+            transfiletriggerin2_patterns="$arg";
+            declare $section="$1"; shift;;
+        transfiletriggerun)
+            transfiletriggerun_patterns="$arg";
+            declare $section="$1"; shift;;
+        *)
+            assert_not_reached "unhandled section $section";;
+        esac
+    done
+
+    cat >> $spec << EOF
+Version: $version
+Release: $release
+${epoch:+Epoch: $epoch}
+BuildArch: $arch
+
+%description
+%{summary}
+
+# by default, we create a /usr/bin/$name script which just outputs $name
+%build
+echo -e "#!/bin/sh\necho $name-$version-$release.$arch" > $name
+chmod a+x $name
+$build
+
+${pretrans:+%pretrans}
+$pretrans
+
+${pre:+%pre}
+$pre
+
+${post:+%post} ${post_args}
+$post
+
+${posttrans:+%posttrans}
+$posttrans
+
+${transfiletriggerin:+%transfiletriggerin -- ${transfiletriggerin_patterns}}
+$transfiletriggerin
+
+${transfiletriggerin2:+%transfiletriggerin -- ${transfiletriggerin2_patterns}}
+$transfiletriggerin2
+
+${transfiletriggerun:+%transfiletriggerun -- ${transfiletriggerun_patterns}}
+$transfiletriggerun
+
+${verifyscript:+%verifyscript}
+$verifyscript
+
+%install
+mkdir -p %{buildroot}/usr/bin
+install $name %{buildroot}/usr/bin
+$install
+
+%clean
+rm -rf %{buildroot}
+
+%files
+/usr/bin/$name
+$files
+EOF
+
+    # because it'd be overkill to set up mock for this, let's just fool
+    # rpmbuild using setarch
+    local buildarch=$arch
+    if [ "$arch" == "noarch" ]; then
+        buildarch=$(uname -m)
+    fi
+
+    (cd $test_tmpdir/yumrepo/specs &&
+     setarch $buildarch rpmbuild --target $arch -ba $name.spec \
+        --define "_topdir $PWD" \
+        --define "_sourcedir $PWD" \
+        --define "_specdir $PWD" \
+        --define "_builddir $PWD/.build" \
+        --define "_srcrpmdir $PWD" \
+        --define "_rpmdir $test_tmpdir/yumrepo/packages" \
+        --define "_buildrootdir $PWD")
+    # use --keep-all-metadata to retain previous updateinfo
+    (cd $test_tmpdir/yumrepo &&
+     createrepo_c --no-database --update --keep-all-metadata .)
+    # convenience function to avoid follow-up add-pkg
+    if [ -n "$uinfo" ]; then
+        uinfo_cmd add-pkg $uinfo $name 0 $version $release $arch
+    fi
+    if test '!' -f $test_tmpdir/yumrepo.repo; then
+        cat > $test_tmpdir/yumrepo.repo.tmp << EOF
+[test-repo]
+name=test-repo
+baseurl=file:///$PWD/yumrepo
+EOF
+        mv $test_tmpdir/yumrepo.repo{.tmp,}
+    fi
+}

tests/fixtures/example-lsblk-output.json

@@ -0,0 +1,33 @@
+{
+   "blockdevices": [
+      {
+         "path": "/dev/sr0",
+         "pttype": null,
+         "parttypename": null
+      },{
+         "path": "/dev/zram0",
+         "pttype": null,
+         "parttypename": null
+      },{
+         "path": "/dev/vda",
+         "pttype": "gpt",
+         "parttypename": null
+      },{
+         "path": "/dev/vda1",
+         "pttype": "gpt",
+         "parttypename": "EFI System"
+      },{
+         "path": "/dev/vda2",
+         "pttype": "gpt",
+         "parttypename": "Linux extended boot"
+      },{
+         "path": "/dev/vda3",
+         "pttype": "gpt",
+         "parttypename": "Linux filesystem"
+      },{
+         "path": "/dev/mapper/luks-df2d5f95-5725-44dd-83e1-81bc4cdc49b8",
+         "pttype": null,
+         "parttypename": null
+      }
+   ]
+}

tests/fixtures/example-state-v0-legacy.json

@@ -0,0 +1,48 @@
+{
+  "installed": {
+    "EFI": {
+      "meta": {
+        "timestamp": "2020-09-15T13:01:21",
+        "version": "grub2-efi-x64-1:2.04-23.fc32.x86_64,shim-x64-15-8.x86_64"
+      },
+      "filetree": {
+        "timestamp": "1970-01-01T00:00:00",
+        "children": {
+          "BOOT/BOOTX64.EFI": {
+            "size": 1210776,
+            "sha512": "sha512:52e08b6e1686b19fea9e8f8d8ca51d22bba252467ceaf6db6ead8dd2dca4a0b0b02e547e50ddf1cdee225b8785f8514f6baa846bdf1ea0bf994e772daf70f2c3"
+          },
+          "BOOT/fbx64.efi": {
+            "size": 357248,
+            "sha512": "sha512:81fed5039bdd2bc53a203a1eaf56c6a6c9a95aa7ac88f037718a342205d83550f409741c8ef86b481f55ea7188ce0d661742548596f92ef97ba2a1695bc4caae"
+          },
+          "fedora/BOOTX64.CSV": {
+            "size": 110,
+            "sha512": "sha512:0c29b8ae73171ef683ba690069c1bae711e130a084a81169af33a83dfbae4e07d909c2482dbe89a96ab26e171f17c53f1de8cb13d558bc1535412ff8accf253f"
+          },
+          "fedora/grubx64.efi": {
+            "size": 2528520,
+            "sha512": "sha512:b35a6317658d07844d6bf0f96c35f2df90342b8b13a329b4429ac892351ff74fc794a97bc3d3e2d79bef4c234b49a8dd5147b71a3376f24bc956130994e9961c"
+          },
+          "fedora/mmx64.efi": {
+            "size": 1159560,
+            "sha512": "sha512:f83ea67756cfcc3ec4eb1c83104c719ba08e66abfadb94b4bd75891e237c448bbec0fdb5bd42826e291ccc3dee559af424900b3d642a7d11c5bc9f117718837a"
+          },
+          "fedora/shim.efi": {
+            "size": 1210776,
+            "sha512": "sha512:52e08b6e1686b19fea9e8f8d8ca51d22bba252467ceaf6db6ead8dd2dca4a0b0b02e547e50ddf1cdee225b8785f8514f6baa846bdf1ea0bf994e772daf70f2c3"
+          },
+          "fedora/shimx64-fedora.efi": {
+            "size": 1204496,
+            "sha512": "sha512:dc3656b90c0d1767365bea462cc94a2a3044899f510bd61a9a7ae1a9ca586e3d6189592b1ba1ee859f45614421297fa2f5353328caa615f51da5aed9ecfbf29c"
+          },
+          "fedora/shimx64.efi": {
+            "size": 1210776,
+            "sha512": "sha512:52e08b6e1686b19fea9e8f8d8ca51d22bba252467ceaf6db6ead8dd2dca4a0b0b02e547e50ddf1cdee225b8785f8514f6baa846bdf1ea0bf994e772daf70f2c3"
+          }
+        }
+      }
+    }
+  },
+  "pending": null
+}

tests/fixtures/example-state-v0.json

@@ -0,0 +1,47 @@
+{
+  "installed": {
+    "EFI": {
+      "meta": {
+        "timestamp": "2020-09-15T13:01:21Z",
+        "version": "grub2-efi-x64-1:2.04-23.fc32.x86_64,shim-x64-15-8.x86_64"
+      },
+      "filetree": {
+        "children": {
+          "BOOT/BOOTX64.EFI": {
+            "size": 1210776,
+            "sha512": "sha512:52e08b6e1686b19fea9e8f8d8ca51d22bba252467ceaf6db6ead8dd2dca4a0b0b02e547e50ddf1cdee225b8785f8514f6baa846bdf1ea0bf994e772daf70f2c3"
+          },
+          "BOOT/fbx64.efi": {
+            "size": 357248,
+            "sha512": "sha512:81fed5039bdd2bc53a203a1eaf56c6a6c9a95aa7ac88f037718a342205d83550f409741c8ef86b481f55ea7188ce0d661742548596f92ef97ba2a1695bc4caae"
+          },
+          "fedora/BOOTX64.CSV": {
+            "size": 110,
+            "sha512": "sha512:0c29b8ae73171ef683ba690069c1bae711e130a084a81169af33a83dfbae4e07d909c2482dbe89a96ab26e171f17c53f1de8cb13d558bc1535412ff8accf253f"
+          },
+          "fedora/grubx64.efi": {
+            "size": 2528520,
+            "sha512": "sha512:b35a6317658d07844d6bf0f96c35f2df90342b8b13a329b4429ac892351ff74fc794a97bc3d3e2d79bef4c234b49a8dd5147b71a3376f24bc956130994e9961c"
+          },
+          "fedora/mmx64.efi": {
+            "size": 1159560,
+            "sha512": "sha512:f83ea67756cfcc3ec4eb1c83104c719ba08e66abfadb94b4bd75891e237c448bbec0fdb5bd42826e291ccc3dee559af424900b3d642a7d11c5bc9f117718837a"
+          },
+          "fedora/shim.efi": {
+            "size": 1210776,
+            "sha512": "sha512:52e08b6e1686b19fea9e8f8d8ca51d22bba252467ceaf6db6ead8dd2dca4a0b0b02e547e50ddf1cdee225b8785f8514f6baa846bdf1ea0bf994e772daf70f2c3"
+          },
+          "fedora/shimx64-fedora.efi": {
+            "size": 1204496,
+            "sha512": "sha512:dc3656b90c0d1767365bea462cc94a2a3044899f510bd61a9a7ae1a9ca586e3d6189592b1ba1ee859f45614421297fa2f5353328caa615f51da5aed9ecfbf29c"
+          },
+          "fedora/shimx64.efi": {
+            "size": 1210776,
+            "sha512": "sha512:52e08b6e1686b19fea9e8f8d8ca51d22bba252467ceaf6db6ead8dd2dca4a0b0b02e547e50ddf1cdee225b8785f8514f6baa846bdf1ea0bf994e772daf70f2c3"
+          }
+        }
+      }
+    }
+  },
+  "pending": null
+}

tests/fixtures/example-status-v0.json

@@ -0,0 +1,26 @@
+{
+  "components": {
+    "EFI": {
+      "installed": {
+        "timestamp": "2020-09-15T13:01:21Z",
+        "version": "grub2-efi-x64-1:2.04-23.fc32.x86_64,shim-x64-15-8.x86_64"
+      },
+      "interrupted": null,
+      "update": {
+        "timestamp": "2020-09-15T13:01:21Z",
+        "version": "grub2-efi-x64-1:2.04-23.fc32.x86_64,shim-x64-15-8.x86_64"
+      },
+      "updatable": "at-latest-version",
+      "adopted-from": null
+    }
+  },
+  "adoptable": {
+    "BIOS": {
+      "version": {
+        "version": "grub2-bios-42.x86_64",
+        "timestamp": "2020-09-15T13:01:21Z"
+      },
+      "confident": true
+    }
+  }
+}

tests/kola/data/libtest.sh

@@ -0,0 +1,91 @@
+# Source library for shell script tests
+# Copyright (C) 2020 Red Hat, Inc.
+# SPDX-License-Identifier: Apache-2.0
+
+runv() {
+    (set -x && "$@")
+}
+
+N_TESTS=0
+ok() {
+    echo "ok" $@
+    N_TESTS=$((N_TESTS + 1))
+}
+
+tap_finish() {
+    echo "Completing TAP test with:"
+    echo "1..${N_TESTS}"
+}
+
+fatal() {
+    echo error: $@ 1>&2; exit 1
+}
+
+runv() {
+    set -x
+    "$@"
+}
+
+# Dump ls -al + file contents to stderr, then fatal()
+_fatal_print_file() {
+    file="$1"
+    shift
+    ls -al "$file" >&2
+    sed -e 's/^/# /' < "$file" >&2
+    fatal "$@"
+}
+
+assert_not_has_file () {
+    fpath=$1
+    shift
+    if test -e "$fpath"; then
+        fatal "Path exists: ${fpath}"
+    fi
+}
+
+assert_file_has_content () {
+    fpath=$1
+    shift
+    for re in "$@"; do
+        if ! grep -q -e "$re" "$fpath"; then
+            _fatal_print_file "$fpath" "File '$fpath' doesn't match regexp '$re'"
+        fi
+    done
+}
+
+assert_file_has_content_literal () {
+    fpath=$1; shift
+    for s in "$@"; do
+        if ! grep -q -F -e "$s" "$fpath"; then
+            _fatal_print_file "$fpath" "File '$fpath' doesn't match fixed string list '$s'"
+        fi
+    done
+}
+
+assert_not_file_has_content () {
+    fpath=$1
+    shift
+    for re in "$@"; do
+        if grep -q -e "$re" "$fpath"; then
+            _fatal_print_file "$fpath" "File '$fpath' matches regexp '$re'"
+        fi
+    done
+}
+
+assert_not_file_has_content_literal () {
+    fpath=$1; shift
+    for s in "$@"; do
+        if grep -q -F -e "$s" "$fpath"; then
+            _fatal_print_file "$fpath" "File '$fpath' matches fixed string list '$s'"
+        fi
+    done
+}
+
+# Mount the EFI partition at a temporary location.
+efipart=/dev/disk/by-partlabel/EFI-SYSTEM
+mount_tmp_efi () {
+    tmpmount=$(mktemp -d)
+    mkdir -p ${tmpmount}
+    mount ${efipart} ${tmpmount}
+    echo ${tmpmount}
+}

tests/kola/raid1/config.bu

@@ -0,0 +1,7 @@
+variant: fcos
+version: 1.5.0
+boot_device:
+  mirror:
+    devices:
+      - /dev/vda
+      - /dev/vdb

tests/kola/raid1/data/libtest.sh

@@ -0,0 +1 @@
+../../data/libtest.sh

tests/kola/raid1/test.sh

@@ -0,0 +1,42 @@
+#!/bin/bash
+## kola:
+##   # additionalDisks is only supported on qemu.
+##   platforms: qemu
+##   # Root reprovisioning requires at least 4GiB of memory.
+##   minMemory: 4096
+##   # Linear RAID is setup on these disks.
+##   additionalDisks: ["10G"]
+##   # This test includes a lot of disk I/O and needs a higher
+##   # timeout value than the default.
+##   timeoutMin: 15
+##   description: Verify updating multiple EFIs using RAID 1 works.
+
+set -xeuo pipefail
+
+# shellcheck disable=SC1091
+. "$KOLA_EXT_DATA/libtest.sh"
+
+tmpdir=$(mktemp -d)
+cd ${tmpdir}
+
+srcdev=$(findmnt -nvr /sysroot -o SOURCE)
+[[ ${srcdev} == "/dev/md126" ]]
+
+blktype=$(lsblk -o TYPE "${srcdev}" --noheadings)
+[[ ${blktype} == "raid1" ]]
+
+fstype=$(findmnt -nvr /sysroot -o FSTYPE)
+[[ ${fstype} == "xfs" ]]
+ok "source is XFS on RAID1 device"
+
+mount -o remount,rw /boot
+rm -f -v /boot/bootupd-state.json
+
+bootupctl adopt-and-update | tee out.txt
+assert_file_has_content out.txt "Adopted and updated: BIOS: .*"
+assert_file_has_content out.txt "Adopted and updated: EFI: .*"
+
+bootupctl status | tee out.txt
+assert_file_has_content_literal out.txt 'Component BIOS'
+assert_file_has_content_literal out.txt 'Component EFI'
+ok "bootupctl adopt-and-update supports multiple EFIs on RAID1"

tests/kola/test-bootupd

@@ -0,0 +1,122 @@
+#!/bin/bash
+set -xeuo pipefail
+
+. ${KOLA_EXT_DATA}/libtest.sh
+
+tmpdir=$(mktemp -d)
+cd ${tmpdir}
+echo "using tmpdir: ${tmpdir}"
+touch .testtmp
+trap cleanup EXIT
+function cleanup () {
+  if test -z "${TEST_SKIP_CLEANUP:-}"; then
+    if test -f "${tmpdir}"/.testtmp; then
+      cd /
+      rm "${tmpdir}" -rf
+    fi
+  else
+    echo "Skipping cleanup of ${tmpdir}"
+  fi
+}
+
+# Mount the EFI partition.
+tmpefimount=$(mount_tmp_efi)
+bootmount=/boot
+tmpefidir=${tmpefimount}/EFI
+bootupdir=/usr/lib/bootupd/updates
+efiupdir=${bootupdir}/EFI
+ostbaseefi=/usr/lib/ostree-boot/efi/EFI
+efisubdir=fedora
+efidir=${efiupdir}/${efisubdir}
+ostefi=${ostbaseefi}/${efisubdir}
+shim=shimx64.efi
+
+test -f "${efidir}/${shim}"
+
+prepare_efi_update() {
+  test -w /usr
+  mkdir -p ${ostbaseefi}
+  cp -a ${efiupdir}.orig/* ${ostbaseefi}/
+  rm -rf ${efiupdir} ${bootupdir}/EFI.json
+}
+
+bootupctl status > out.txt
+assert_file_has_content_literal out.txt 'Component EFI'
+assert_file_has_content_literal out.txt '  Installed: grub2-efi-x64-'
+assert_file_has_content_literal out.txt 'Update: At latest version'
+assert_file_has_content out.txt '^CoreOS aleph version:'
+ok status
+
+bootupctl validate | tee out.txt
+ok validate
+
+if env LANG=C.UTF-8 runuser -u bin bootupctl status 2>err.txt; then
+  fatal "Was able to bootupctl status as non-root"
+fi
+assert_file_has_content err.txt 'error: This command requires root privileges'
+
+# From here we'll fake updates
+test -w /usr || rpm-ostree usroverlay
+# Save a backup copy of the update dir
+cp -a ${efiupdir} ${efiupdir}.orig
+
+prepare_efi_update
+# FIXME need to synthesize an RPM for this
+# echo somenewfile > ${ostefi}/somenew.efi
+rm -v ${ostefi}/shim.efi
+echo bootupd-test-changes >> ${ostefi}/grubx64.efi
+/usr/libexec/bootupd generate-update-metadata /
+ver=$(jq -r .version < ${bootupdir}/EFI.json)
+cat >ver.json << EOF
+{ "version": "${ver},test", "timestamp": "$(date -u --iso-8601=seconds)" }
+EOF
+jq -s add ${bootupdir}/EFI.json ver.json > new.json
+mv new.json ${bootupdir}/EFI.json
+
+bootupctl status | tee out.txt
+assert_file_has_content_literal out.txt 'Component EFI'
+assert_file_has_content_literal out.txt '  Installed: grub2-efi-x64-'
+assert_not_file_has_content out.txt '  Installed: grub2-efi-x64.*,test'
+assert_file_has_content_literal out.txt 'Update: Available:'
+ok update avail
+
+bootupctl status --json > status.json
+jq -r '.components.EFI.installed.version' < status.json > installed.txt
+assert_file_has_content installed.txt '^grub2-efi-x64'
+
+bootupctl update | tee out.txt
+assert_file_has_content out.txt 'Updated EFI: grub2-efi-x64.*,test'
+
+bootupctl status > out.txt
+assert_file_has_content_literal out.txt 'Component EFI'
+assert_file_has_content out.txt '  Installed: grub2-efi-x64.*,test'
+assert_file_has_content_literal out.txt 'Update: At latest version'
+ok status after update
+
+bootupctl validate | tee out.txt
+ok validate after update
+
+# FIXME see above
+# assert_file_has_content ${tmpefidir}/${efisubdir}/somenew.efi 'somenewfile'
+if test -f ${tmpefidir}/${efisubdir}/shim.efi; then 
+  fatal "failed to remove file"
+fi
+if ! grep -q 'bootupd-test-changes' ${tmpefidir}/${efisubdir}/grubx64.efi; then
+  fatal "failed to update modified file"
+fi
+cmp ${tmpefidir}/${efisubdir}/shimx64.efi ${efiupdir}/${efisubdir}/shimx64.efi
+ok filesystem changes
+
+bootupctl update | tee out.txt
+assert_file_has_content_literal out.txt 'No update available for any component'
+assert_not_file_has_content_literal out.txt 'Updated EFI'
+
+echo "some additions" >> ${tmpefidir}/${efisubdir}/shimx64.efi
+if bootupctl validate 2>err.txt; then
+  fatal "unexpectedly passed validation"
+fi
+assert_file_has_content err.txt "Changed: ${efisubdir}/shimx64.efi"
+test "$(grep -cEe '^Changed:' err.txt)" = "1"
+ok validate detected changes
+
+tap_finish

tests/kolainst/Makefile

@@ -0,0 +1,6 @@
+all:
+	echo "No build step"
+
+install:
+	mkdir -p $(DESTDIR)/usr/lib/coreos-assembler/tests/kola/
+	rsync -rlv ../kola $(DESTDIR)/usr/lib/coreos-assembler/tests/kola/bootupd

tests/tests/bootupctl-status-in-bootc.sh

@@ -0,0 +1,28 @@
+#!/bin/bash
+set -xeuo pipefail
+
+# Verify that bootupctl status running in bootc container
+if [ ! -d "/sysroot/ostree/repo/" ]; then
+  echo "Error: should run test in bootc container"
+  exit 100
+fi
+
+# check if running in container
+if [ "$container" ] || [ -f /run/.containerenv ] || [ -f /.dockerenv ]; then
+  arch="$(uname --machine)"
+  if [[ "${arch}" == "x86_64" ]]; then
+    components_text='Available components: BIOS EFI'
+    components_json='{"components":["BIOS","EFI"]}'
+  else
+    # Assume aarch64 for now
+    components_text='Available components: EFI'
+    components_json='{"components":["EFI"]}'
+  fi
+
+  output=$(bootupctl status | tr -d '\r')
+  [ "${components_text}" == "${output}" ]
+  output=$(bootupctl status --json)
+  [ "${components_json}" == "${output}" ]
+else
+  echo "Skip running as not in container"
+fi

tests/tests/move-content-to-usr.sh

@@ -0,0 +1,28 @@
+#!/bin/bash
+set -xeuo pipefail
+
+updates=/usr/lib/bootupd/updates
+rm -fv ${updates}/{BIOS,EFI}.json
+cp -r ${updates}/EFI /usr/lib/ostree-boot/efi
+# prepare /usr/lib/efi/<grub2|shim>/<ver>
+if [ ! -d "/usr/lib/efi" ]; then
+  arch="$(uname --machine)"
+  if [[ "${arch}" == "x86_64" ]]; then
+    suffix="x64"
+  else
+    # Assume aarch64 for now
+    suffix="aa64"
+  fi
+
+  grub_ver=$(rpm -qa grub2-efi-${suffix} --queryformat '%{VERSION}-%{RELEASE}')
+  mkdir -p /usr/lib/efi/grub2/${grub_ver}/EFI/centos
+  mv ${updates}/EFI/centos/grub${suffix}.efi /usr/lib/efi/grub2/${grub_ver}/EFI/centos/
+
+  shim_ver=$(rpm -qa shim-${suffix} --queryformat '%{VERSION}-%{RELEASE}')
+  mkdir -p /usr/lib/efi/shim/${shim_ver}/EFI/
+  mv ${updates}/EFI /usr/lib/efi/shim/${shim_ver}/
+else
+  rm -rf ${updates}/EFI
+fi
+bootupctl backend generate-update-metadata -vvv
+cat ${updates}/EFI.json | jq