fix: update manage.sh and tests to handle systemd unit file installation and upgrades correctly

Author: bslatyer

package/manage.sh

@@ -3,6 +3,7 @@ set -e
 
 PACKAGE_ROOT="${PACKAGE_ROOT:-"$(dirname -- "$(readlink -f -- "$0";)")"}"
 export TAILSCALE_ROOT="${TAILSCALE_ROOT:-/data/tailscale}"
+SYSTEMD_UNIT_DIR="${SYSTEMD_UNIT_DIR:-/etc/systemd/system}"
 
 tailscale_status() {
   if ! command -v tailscale >/dev/null 2>&1; then
@@ -96,23 +97,22 @@ tailscale_install() {
       exit 1
   }
 
-  if [ ! -L "/etc/systemd/system/tailscale-install.service" ]; then
-      if [ ! -e "${TAILSCALE_ROOT}/tailscale-install.service" ]; then
-          rm -f /etc/systemd/system/tailscale-install.service
-      fi
-
-      echo "Installing pre-start script to install Tailscale on firmware updates."
-      ln -s "${TAILSCALE_ROOT}/tailscale-install.service" /etc/systemd/system/tailscale-install.service
-  fi
-
-  if [ ! -L "/etc/systemd/system/tailscale-install.timer" ]; then
-      if [ ! -e "${TAILSCALE_ROOT}/tailscale-install.timer" ]; then
-          rm -f /etc/systemd/system/tailscale-install.timer
-      fi
-
-      echo "Installing auto-update timer to ensure that Tailscale is kept installed and up to date."
-      ln -s "${TAILSCALE_ROOT}/tailscale-install.timer" /etc/systemd/system/tailscale-install.timer
-  fi
+  # Remove any pre-existing file or symlink at the destination before copying.
+  # A plain `cp -f` does NOT pre-unlink the destination; it only retries if the
+  # open fails.  On UDM-SE /data -> /ssd1/.data, so a v3.2.0 symlink at
+  # ${SYSTEMD_UNIT_DIR}/tailscale-install.{service,timer} pointing back into
+  # /data/tailscale/ causes both source and destination to canonicalise to the
+  # same inode, and cp aborts with "are the same file".  Explicitly removing the
+  # destination first handles symlinks, hard-links, and regular files uniformly.
+  # /etc lives on the overlay root (always mounted), so the copied regular files
+  # are visible to systemd on every boot even before /ssd1 is mounted.
+  echo "Installing pre-start script to install Tailscale on firmware updates."
+  rm -f "${SYSTEMD_UNIT_DIR}/tailscale-install.service"
+  cp "${PACKAGE_ROOT}/tailscale-install.service" "${SYSTEMD_UNIT_DIR}/tailscale-install.service"
+
+  echo "Installing auto-update timer to ensure that Tailscale is kept installed and up to date."
+  rm -f "${SYSTEMD_UNIT_DIR}/tailscale-install.timer"
+  cp "${PACKAGE_ROOT}/tailscale-install.timer" "${SYSTEMD_UNIT_DIR}/tailscale-install.timer"
 
   systemctl daemon-reload
   systemctl enable tailscale-install.service
@@ -127,15 +127,15 @@ tailscale_uninstall() {
   rm -f /etc/apt/sources.list.d/tailscale.list || true
 
   systemctl disable tailscale-install.service || true
-  rm -f /lib/systemd/system/tailscale-install.service || true
+  rm -f "${SYSTEMD_UNIT_DIR}/tailscale-install.service" || true
 
   systemctl disable tailscale-install.timer || true
-  rm -f /lib/systemd/system/tailscale-install.timer || true
+  rm -f "${SYSTEMD_UNIT_DIR}/tailscale-install.timer" || true
 
   systemctl disable tailscale-cert-renewal.timer || true
   systemctl stop tailscale-cert-renewal.timer || true
-  rm -f /lib/systemd/system/tailscale-cert-renewal.service || true
-  rm -f /lib/systemd/system/tailscale-cert-renewal.timer || true
+  rm -f "${SYSTEMD_UNIT_DIR}/tailscale-cert-renewal.service" || true
+  rm -f "${SYSTEMD_UNIT_DIR}/tailscale-cert-renewal.timer" || true
 }
 
 tailscale_has_update() {
@@ -185,17 +185,18 @@ tailscale_cert_generate() {
       echo ""
       echo "Certificate expires in 90 days. Use '$0 cert renew $TAILSCALE_HOSTNAME' to renew."
 
-      # Install auto-renewal timer if not already installed
-      if [ ! -L "/etc/systemd/system/tailscale-cert-renewal.service" ]; then
-          if [ -f "${TAILSCALE_ROOT}/tailscale-cert-renewal.service" ] && [ -f "${TAILSCALE_ROOT}/tailscale-cert-renewal.timer" ]; then
-              echo "Installing certificate auto-renewal timer..."
-              ln -s "${TAILSCALE_ROOT}/tailscale-cert-renewal.service" /etc/systemd/system/
-              ln -s "${TAILSCALE_ROOT}/tailscale-cert-renewal.timer" /etc/systemd/system/
-              systemctl daemon-reload
-              systemctl enable tailscale-cert-renewal.timer
-              systemctl start tailscale-cert-renewal.timer
-              echo "Certificate will be automatically renewed weekly"
-          fi
+      # Remove any pre-existing file or symlink before copying (see comment in
+      # tailscale_install for the full explanation of why rm -f is required).
+      if [ -f "${PACKAGE_ROOT}/tailscale-cert-renewal.service" ] && [ -f "${PACKAGE_ROOT}/tailscale-cert-renewal.timer" ]; then
+          echo "Installing certificate auto-renewal timer..."
+          rm -f "${SYSTEMD_UNIT_DIR}/tailscale-cert-renewal.service"
+          cp "${PACKAGE_ROOT}/tailscale-cert-renewal.service" "${SYSTEMD_UNIT_DIR}/tailscale-cert-renewal.service"
+          rm -f "${SYSTEMD_UNIT_DIR}/tailscale-cert-renewal.timer"
+          cp "${PACKAGE_ROOT}/tailscale-cert-renewal.timer" "${SYSTEMD_UNIT_DIR}/tailscale-cert-renewal.timer"
+          systemctl daemon-reload
+          systemctl enable tailscale-cert-renewal.timer
+          systemctl start tailscale-cert-renewal.timer
+          echo "Certificate will be automatically renewed weekly"
       fi
   else
       echo "Failed to generate certificate. Ensure:"
@@ -456,4 +457,4 @@ case $1 in
     echo "Usage: $0 {status|start|stop|restart|install|uninstall|update|cert}"
     exit 1
     ;;
-esac
+esac

tests/cert.test.sh

@@ -10,6 +10,11 @@ trap 'rm -rf ${WORKDIR}' EXIT
 export PATH="${WORKDIR}:${PATH}"
 export TAILSCALE_ROOT="${WORKDIR}"
 export TAILSCALED_SOCK="${WORKDIR}/tailscaled.sock"
+export SYSTEMD_UNIT_DIR="${WORKDIR}/systemd"
+
+MANAGE_SH="${ROOT}/package/manage.sh"
+
+mkdir -p "${SYSTEMD_UNIT_DIR}"
 
 mock "${WORKDIR}/ubnt-device-info" "2.0.0"
 touch "${TAILSCALED_SOCK}"  # Create the tailscaled socket for testing
@@ -24,6 +29,18 @@ case "\$1" in
             exit 1
         fi
         ;;
+    "enable")
+        echo "--## systemctl enable \$2 ##--"
+        touch "${WORKDIR}/\$2.enabled"
+        ;;
+    "daemon-reload")
+        echo "--## systemctl daemon-reload ##--"
+        touch "${WORKDIR}/systemctl.daemon-reload"
+        ;;
+    "start")
+        echo "--## systemctl start \$2 ##--"
+        touch "${WORKDIR}/\$2.started"
+        ;;
     *)
         echo "Unexpected command: \${1}"
         exit 1
@@ -62,7 +79,6 @@ mock_tailscale_cert() {
     return 1
 }
 
-# Override tailscale binary variable for testing
 case "\$1" in
     cert)
         shift
@@ -89,8 +105,7 @@ chmod +x "${WORKDIR}/tailscale"
 test_cert_generate() {
     touch "$TAILSCALED_SOCK"  # Mock running state
 
-    # Test generate
-    output=$("${ROOT}/package/manage.sh" cert generate 2>&1)
+    output=$("$MANAGE_SH" cert generate 2>&1)
     assert_contains "$output" "Certificate generated successfully" "Output contains success message"
     assert_file_exists "$TAILSCALE_ROOT/certs/test-host.example.ts.net.crt" "Certificate file exists"
     assert_file_exists "$TAILSCALE_ROOT/certs/test-host.example.ts.net.key" "Key file exists"
@@ -113,27 +128,23 @@ test_cert_renew() {
     echo "OLD CERT" > "$TAILSCALE_ROOT/certs/test-host.example.ts.net.crt"
     echo "OLD KEY" > "$TAILSCALE_ROOT/certs/test-host.example.ts.net.key"
 
-    # Test renew
-    output=$("${ROOT}/package/manage.sh" cert renew 2>&1)
+    output=$("$MANAGE_SH" cert renew 2>&1)
     assert_contains "$output" "Certificate renewed successfully" "Output contains success message"
 
-    # Check that certificates were updated
     cert_content=$(cat "$TAILSCALE_ROOT/certs/test-host.example.ts.net.crt")
     assert_eq "CERTIFICATE" "$cert_content" "Certificate content is correct"
 
     rm -rf "$TAILSCALE_ROOT/certs"
 }
 
-# Test certificate listing
+# Test certificate info
 test_cert_info() {
     mkdir -p "$TAILSCALE_ROOT/certs"
 
-    # Create test certificates
     echo "CERT" > "$TAILSCALE_ROOT/certs/test-host.example.ts.net.crt"
     echo "KEY" > "$TAILSCALE_ROOT/certs/test-host.example.ts.net.key"
 
-    # Test list
-    output=$("${ROOT}/package/manage.sh" cert info 2>&1)
+    output=$("$MANAGE_SH" cert info 2>&1)
     assert_contains "$output" "Certificate:" "Output contains Certificate path"
     assert_contains "$output" "test-host.example.ts.net.crt" "Output contains test-host.example.ts.net.crt"
     assert_contains "$output" "Private key:" "Output contains Private key path"
@@ -146,29 +157,60 @@ test_cert_info() {
 test_cert_not_running() {
     mkdir -p "$TAILSCALE_ROOT"
 
-    # Mock not running state
     rm -f "$TAILSCALED_SOCK"
 
-    # Test generate when not running
-    output=$("${ROOT}/package/manage.sh" cert generate 2>&1 || true)
+    output=$("$MANAGE_SH" cert generate 2>&1) || true
     assert_contains "$output" "Tailscale is not running" "Output contains not running message"
 }
 
 # Test help command
 test_cert_help() {
-    output=$("${ROOT}/package/manage.sh" cert help 2>&1)
+    output=$("$MANAGE_SH" cert help 2>&1)
     assert_contains "$output" "Usage:" "Output contains usage title"
     assert_contains "$output" "generate" "Output contains generate command"
     assert_contains "$output" "renew" "Output contains renew command"
     assert_contains "$output" "info" "Output contains info command"
     assert_contains "$output" "install-unifi" "Output contains install-unifi command"
 }
 
+# Test cert-renewal unit upgrade-from-symlink path
+# Simulate a v3.2.0 install where tailscale-cert-renewal.{service,timer} in
+# SYSTEMD_UNIT_DIR are symlinks pointing back into PACKAGE_ROOT.
+# The same-inode cp failure that affects the install path applies here.
+test_cert_generate_upgrade_from_symlink() {
+    touch "$TAILSCALED_SOCK"  # Mock running state
+
+    # Only run this fixture if the package ships the cert-renewal units;
+    # skip silently if they are absent (e.g. in minimal test environments).
+    if [ ! -f "${ROOT}/package/tailscale-cert-renewal.service" ] || \
+       [ ! -f "${ROOT}/package/tailscale-cert-renewal.timer" ]; then
+        return 0
+    fi
+
+    ln -sf "${ROOT}/package/tailscale-cert-renewal.service" \
+           "${SYSTEMD_UNIT_DIR}/tailscale-cert-renewal.service"
+    ln -sf "${ROOT}/package/tailscale-cert-renewal.timer" \
+           "${SYSTEMD_UNIT_DIR}/tailscale-cert-renewal.timer"
+
+    output=$("$MANAGE_SH" cert generate 2>&1)
+    assert_contains "$output" "Certificate generated successfully" \
+        "cert generate succeeds when cert-renewal units are pre-existing symlinks"
+
+    [[ ! -L "${SYSTEMD_UNIT_DIR}/tailscale-cert-renewal.service" ]]
+    assert "tailscale-cert-renewal.service should be a regular file after upgrade, not a symlink"
+
+    [[ ! -L "${SYSTEMD_UNIT_DIR}/tailscale-cert-renewal.timer" ]]
+    assert "tailscale-cert-renewal.timer should be a regular file after upgrade, not a symlink"
+
+    rm -rf "$TAILSCALE_ROOT/certs"
+}
+
 # Run tests
 test_cert_generate
 test_cert_renew
 test_cert_info
 test_cert_not_running
 test_cert_help
+test_cert_generate_upgrade_from_symlink
 
-echo "All certificate tests passed!"
+echo "All certificate tests passed!"

tests/install.test.sh

@@ -11,8 +11,11 @@ trap 'rm -rf ${WORKDIR}' EXIT
 export PACKAGE_ROOT="${ROOT}/package"
 export TAILSCALE_ROOT="${WORKDIR}"
 export TAILSCALED_SOCK="${WORKDIR}/tailscaled.sock"
+export SYSTEMD_UNIT_DIR="${WORKDIR}/systemd"
 export OS_VERSION="v2"
 
+mkdir -p "${SYSTEMD_UNIT_DIR}"
+
 export PATH="${WORKDIR}:${PATH}"
 mock "${WORKDIR}/apt-key" "--## apt-key mock: \$* ##--"
 mock "${WORKDIR}/tee" "--## tee mock: \$* ##--"
@@ -59,15 +62,39 @@ export OS_RELEASE_FILE="${WORKDIR}/os-release"
 
 cp "${PACKAGE_ROOT}/tailscale-env" "${WORKDIR}/tailscale-env"
 
+# ── fresh install (clean SYSTEMD_UNIT_DIR) ────────────────────────────────────
 "${ROOT}/package/manage.sh" install; assert "Tailscale installer should run successfully"
 
-cat "${WORKDIR}/apt.args"
-cat "${WORKDIR}/sed.args"
+apt_first=$(head -n 1 "${WORKDIR}/apt.args")
+apt_second=$(head -n 2 "${WORKDIR}/apt.args" | tail -n 1)
+sed_args=$(cat "${WORKDIR}/sed.args")
 
-assert_contains "$(head -n 1 "${WORKDIR}/apt.args")" "update" "The apt command should be called to update the package list"
-assert_contains "$(head -n 2 "${WORKDIR}/apt.args" | tail -n 1)" "install -y tailscale" "The apt command should be called with the command to install tailscale file"
-assert_contains "$(cat "${WORKDIR}/sed.args")" "--state /data/tailscale" "The defaults should be updated with state directory"
+assert_contains "$apt_first" "update" "The apt command should be called to update the package list"
+assert_contains "$apt_second" "install -y tailscale" "The apt command should be called with the command to install tailscale file"
+assert_contains "$sed_args" "--state /data/tailscale" "The defaults should be updated with state directory"
 [[ -f "${WORKDIR}/tailscaled.restarted" ]]; assert "tailscaled should have been restarted"
 [[ -f "${WORKDIR}/tailscaled.service.enabled" ]]; assert "tailscaled unit should be enabled"
 [[ -f "${WORKDIR}/systemctl.daemon-reload" ]]; assert "systemctl should have been reloaded"
 [[ -f "${WORKDIR}/tailscale-install.service.enabled" ]]; assert "tailscale-install unit should be enabled"
+[[ -f "${SYSTEMD_UNIT_DIR}/tailscale-install.service" ]]; assert "tailscale-install.service unit file should be copied to systemd directory"
+[[ -f "${SYSTEMD_UNIT_DIR}/tailscale-install.timer" ]]; assert "tailscale-install.timer unit file should be copied to systemd directory"
+
+# ── upgrade-from-symlink path ─────────────────────────────────────────────────
+# Simulate a v3.2.0 install where the unit files in SYSTEMD_UNIT_DIR are
+# symlinks pointing back into PACKAGE_ROOT (= /data/tailscale on a real
+# device).  On UDM-SE /data -> /ssd1/.data, so both paths canonicalise to
+# the same inode; a plain `cp -f` aborts with "are the same file" and the
+# symlinks are left in place, silently breaking the boot-time fix.
+# The rm-before-cp change must handle this without error.
+ln -sf "${PACKAGE_ROOT}/tailscale-install.service" \
+       "${SYSTEMD_UNIT_DIR}/tailscale-install.service"
+ln -sf "${PACKAGE_ROOT}/tailscale-install.timer" \
+       "${SYSTEMD_UNIT_DIR}/tailscale-install.timer"
+
+"${ROOT}/package/manage.sh" install; assert "Upgrade from symlink state should succeed without 'same file' error"
+
+# After the fix the destination must be a regular file, not a symlink.
+# If rm -f silently failed and cp wrote through the symlink instead, the
+# destination would still appear as a file — only -L distinguishes the two.
+[[ ! -L "${SYSTEMD_UNIT_DIR}/tailscale-install.service" ]]; assert "tailscale-install.service should be a regular file after upgrade, not a symlink"
+[[ ! -L "${SYSTEMD_UNIT_DIR}/tailscale-install.timer" ]]; assert "tailscale-install.timer should be a regular file after upgrade, not a symlink"