From 414541569955888766c831d9238e7f17aafb8dc7 Mon Sep 17 00:00:00 2001 From: Scott Moser Date: Fri, 1 Dec 2023 17:38:35 -0500 Subject: [PATCH] test: Wrap use of skopeo to avoid its unwanted side effects. (#570) 2 things are fixed here. 1. Running skopeo as root creates /run/containers with 700 permissions. That causes a problem when you run skopeo as root and then run stacker as non-root. The error would look like this: > error: initializing source ... getting username and password: 1 error occurred: > * reading JSON file "/run/containers/0/auth.json": > open /run/containers/0/auth.json: permission denied > couldn't import base layer base > stackerbuild.io/stacker/pkg/stacker.importContainersImage > /stacker-tree/pkg/stacker/base.go:141 > stackerbuild.io/stacker/pkg/stacker.GetBase > /stacker-tree/pkg/stacker/base.go:49 > stackerbuild.io/stacker/pkg/stacker.(*Builder).build > /stacker-tree/pkg/stacker/build.go:407 > stackerbuild.io/stacker/pkg/stacker.(*Builder).BuildMultiple > /stacker-tree/pkg/stacker/build.go:622 > main.doBuild 2. skopeo copy containers-registry populates ~/.local/share/containers/ This is an unwanted side effect of running the test. Further annoying is that it ends up getting directories with 555 perms on them. That means rm -Rf .local/share/containers/storage/vfs-layers will fail like: rm: cannot remove '.local/share/containers/storage/vfs/dir/HASH': Permission denied We don't want someone's HOME getting populated with artifacts from stacker test, and there are probably also race conditions here in that we run stacker tests in parallel. Signed-off-by: Scott Moser --- test/helpers.bash | 28 +++++++++++++++++++++++----- 1 file changed, 23 insertions(+), 5 deletions(-) diff --git a/test/helpers.bash b/test/helpers.bash index 2fc4d3ab..18798fe2 100644 --- a/test/helpers.bash +++ b/test/helpers.bash @@ -207,6 +207,24 @@ function zot_teardown { rm -f $TEST_TMPDIR/zot-config.json } +function _skopeo() { + [ "$1" = "--version" ] && { + "$SKOPEO" "$@" + return + } + local uid="" + uid=$(id -u) + if [ ! -e /run/containers ]; then + if [ "$uid" = "0" ]; then + mkdir --mode=755 /run/containers || chmod /run/containers 755 + fi + fi + [ -n "$TEST_TMPDIR" ] + local home="${TEST_TMPDIR}/home" + [ -d "$home" ] || mkdir -p "$home" + HOME="$home" "$SKOPEO" "$@" +} + function test_copy_buffer_size() { local buffer_size=$1 local file_type=$2 @@ -244,13 +262,13 @@ EOF m1=$(cat oci/index.json | jq .manifests[0].digest | sed 's/sha256://' | tr -d \") cat oci/blobs/sha256/"$m1" | jq . l1=$(cat oci/blobs/sha256/"$m1" | jq .layers[0].digest | sed 's/sha256://' | tr -d \") - $SKOPEO --version - [[ "$($SKOPEO --version)" =~ "skopeo version ${SKOPEO_VERSION}" ]] || { + _skopeo --version + [[ "$(_skopeo --version)" =~ "skopeo version ${SKOPEO_VERSION}" ]] || { echo "$SKOPEO --version should be ${SKOPEO_VERSION}" exit 1 } - $SKOPEO copy --format=oci oci:oci:tar containers-storage:test:tar - $SKOPEO copy --format=oci containers-storage:test:tar oci:oci:test + _skopeo copy --format=oci oci:oci:tar containers-storage:test:tar + _skopeo copy --format=oci containers-storage:test:tar oci:oci:test cat oci/index.json | jq . m2=$(cat oci/index.json | jq .manifests[1].digest | sed 's/sha256://' | tr -d \") cat oci/blobs/sha256/"$m2" | jq . @@ -261,5 +279,5 @@ EOF stacker clean rm -rf folder1 cd "$ROOT_DIR" - rm -rf "tmpdir" + rm -rf "$tmpdir" }