systemd.unit.create: support the After option in the Unit section (HMS-3814)

[achilleas-k]

stage/systemd.unit.create: add After option

Support the After option in the Unit section of the unit file.

---

test/systemd_unit_create: Wants, Requires, After

Add test values for Wants, Requires, and After.
Adding multiple values to test that arrays work and made sure they're
all different.
The units need to be valid, real unit names otherwise the
'systemd-analyze verify' check will fail.

---

stage/systemd.unit.create: move systemd-analyze verify to tests

Verifying the systemd unit also checks if any referred systemd units
(Wants, Requires, After) exist and if all commands in Exec exist and are
executable. Without '--root', the systemd-analyze verify command is
testing this against files in the build root, which isn't valid.

Units and binaries might not exist in the build root when referenced in
the image root tree, making the unit fail when when it's valid.
Conversely, the verification can succeed by finding executables in the
build root that don't exist in the image root tree when it should be
failing.

When verifying user units, systemd expects runtime directories.

All of this makes it quite difficult to verify systemd units properly
when building an image. The call is useful for making sure the unit is
structured properly, but the user unit verification setup is difficult
to accomplish in a general way while building.

Remove the systemd-analyze verify step from the stage. Move it to the
unit test so that we have some assurance that our unit file structure is
correct and things work as expected. Create referenced unit files and
commands to make the unit valid.

---

[ezr-ondrej]

Quite cool addition 🧡

[achilleas-k]

Needs one more fix. The systemd-analyze verify in the stage should be run with the --root option because it checks if the units it references are valid (Wants etc) and that executables in Exec exist and are executable. That also needs some fiddling in the unit test to work.

[achilleas-k]

The change in cd79140 makes the systemd-analyze verify step in the stage verify against the root tree, so units and commands must exist in the target tree for it to be pass (which is the Right Thing). However, this doesn't seem to work with user unit files.

The test manifest in test/data/stages/systemd.unit.create/b.json for example fails with:

Failed to lookup RuntimeDirectory path: No such device or address
Failed to initialize manager: No such device or address

[achilleas-k]

I ended up removing the systemd-analyze verify step from the stage and added it to the unit test but only for system services. The reasons are described in the last commit (ping @mvo5).

I kept a version of some of the things I tried for getting it right here: main...achilleas-k:osbuild:systemd-after-verify-stuff

The summary is that it gets very tricky to verify user units in a non-booted system. We could skip verification only for user units, but it feels weird to have it only for certain situations. User unit verification did work for me when I would bind mount the build root's /run into the tree, but I don't know if there are any cases that would make this fail unexpectedly. Adding --user to the verify call always fails with the errors I mentioned in the previous comment. Same for --global.

If anyone feels strongly about adding the verification back, I can add it with the /run bind mount (and figure out how to get around it in the unit test).

[mvo5]

This looks very nice, thank you! Some small suggestion inline but feel free to ignore if you disagree/prefer the other way.

[mvo5]

Thank you!