From 164d3b2741dc6cb2439fe1672f8d825b9ae4f020 Mon Sep 17 00:00:00 2001 From: Chris Evich Date: Mon, 31 Mar 2025 10:12:25 -0400 Subject: [PATCH 1/3] Add vfs/chroot build test to aio container Ref: https://github.com/containers/buildah/issues/5988 Having this test in the AIO build is merely a convenience, as it will exercise both buildah and podman packages as they appear in their respective purpose-built images. Signed-off-by: Chris Evich --- aio/test.sh | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/aio/test.sh b/aio/test.sh index 7f52011..aeead97 100755 --- a/aio/test.sh +++ b/aio/test.sh @@ -63,11 +63,26 @@ trap "podman unshare rm -rf '$TMPD'" EXIT msg "Loading test image" showrun podman load -i $HOME/$FQIN_FILE -# These tests come directly from the aio/README.md examples + mkdir $TMPD/cntr_storage mkdir $TMPD/context + echo -e 'FROM registry.fedoraproject.org/fedora-minimal:latest\nENV TESTING=true' > $TMPD/context/Containerfile +# Contents printed on build, mask test string 'Fo0b@r' for rwmount build test +cat << EOF > $TMPD/context/Containerfile.rwmount +FROM registry.fedoraproject.org/fedora-minimal:latest as base +RUN mkdir -p /var/tmp/test +ADD ./Containerfile /var/tmp/test/ + +FROM base as final +RUN --mount=type=bind,from=base,src=/var/tmp/test,dst=/var/tmp/test,rw \ + set -x && \ + echo -e '\x46\x6f\x30\x62\x40\x72' > /var/tmp/test/Containerfile && \ + cat /var/tmp/test/Containerfile +EOF + for tool in buildah podman; do + # The next two tests come directly from the aio/README.md examples msg "Verify $tool can create a simple image as root inside $FQIN" showrun podman unshare rm -rf $TMPD/cntr_storage/* $TMPD/cntr_storage/.??* showrun podman run -i --rm --net=host --security-opt label=disable --privileged \ @@ -84,4 +99,13 @@ for tool in buildah podman; do -v $TMPD/cntr_storage:/home/user/.local/share/containers:Z \ -v $TMPD/context:/home/user/context:Z \ $FQIN $tool build -t rootless_testimage /home/user/context + + # Verify problematic rwmount build functions + # This type of build is frequently done w/in CI systems + msg "Verify $tool can perform a vfs/chroot build inside $FQIN" + showrun podman run -i --rm \ + -v $TMPD/context:/root/context:Z \ + $FQIN $tool --storage-driver=vfs build --isolation=chroot -t rwmount_testimage -f Containerfile.rwmount /root/context \ + | tee $TMPD/rwmount.output + showrun grep -Fqx 'Fo0b@r' $TMPD/rwmount.output done From 8bc3f3cddbb6373d54944e31af821b43617413b0 Mon Sep 17 00:00:00 2001 From: Chris Evich Date: Mon, 31 Mar 2025 10:15:28 -0400 Subject: [PATCH 2/3] Run the AIO tests against official images Note: The tests are run after the images are pushed to quay. It would be more ideal to run them prior, but this is left as an exerise to a future maintainer. Signed-off-by: Chris Evich --- .cirrus.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.cirrus.yml b/.cirrus.yml index f73b56a..37d2ba0 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -135,7 +135,7 @@ test_aio_image_build_task: image_export_artifacts: path: ./${EXPORT_FILENAME}.tar type: application/octet-stream - test_script: ./aio/test.sh + test_script: &aio_test ./aio/test.sh cron_aio_build_task: alias: cron_aio_build @@ -146,6 +146,7 @@ cron_aio_build_task: CONTAINERS_USERNAME: *cntu CONTAINERS_PASSWORD: *cntp build_script: *aio_script + test_script: *aio_test # This task is critical. It updates the "last-used by" timestamp stored # in metadata for all VM images. This mechanism functions in tandem with From a4875f0fe5b7605f1610b62745adfd9947a54d3f Mon Sep 17 00:00:00 2001 From: Chris Evich Date: Mon, 31 Mar 2025 10:22:27 -0400 Subject: [PATCH 3/3] Update CI images to F41 Signed-off-by: Chris Evich --- .cirrus.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.cirrus.yml b/.cirrus.yml index 37d2ba0..b7c36a0 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -6,7 +6,7 @@ env: CIRRUS_SHELL: "/bin/bash" # No need to go crazy, but grab enough to cover most PRs CIRRUS_CLONE_DEPTH: 10 - IMAGE_SUFFIX: "c20240529t141726z-f40f39d13" + IMAGE_SUFFIX: "c20250324t111922z-f41f40d13" gcp_credentials: ENCRYPTED[88b219cf6b4f2d70c4ff7f8c6c3186396102e14a27b47b985e40a0a0bc5337a270f9eee195b36ff6b3e2f07558998a95]