aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEd Santiago <santiago@redhat.com>2022-01-11 10:33:55 -0700
committerEd Santiago <santiago@redhat.com>2022-01-17 14:40:30 -0700
commit471a4356bfc57e37218afa6e2db4e9a58e53032b (patch)
tree29f956e3c01e9c8e4bea41e41e9dd8b877a24d44
parentc8124b88aecf8b01f6376950b7caf1ba9f619988 (diff)
downloadpodman-471a4356bfc57e37218afa6e2db4e9a58e53032b.tar.gz
podman-471a4356bfc57e37218afa6e2db4e9a58e53032b.tar.bz2
podman-471a4356bfc57e37218afa6e2db4e9a58e53032b.zip
CI: rootless user: also create in some root tests
viz, rootful system tests. The rootless account will be used by image-scp tests. Unfortunately, having ssh available means the system-connection tests will start running, which is very bad because they will fail, because system connection doesn't actually work (long story). Add a few more checks to prevent this test from running. Signed-off-by: Ed Santiago <santiago@redhat.com>
-rw-r--r--contrib/cirrus/lib.sh18
-rwxr-xr-xcontrib/cirrus/setup_environment.sh15
-rw-r--r--test/system/272-system-connection.bats8
3 files changed, 30 insertions, 11 deletions
diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh
index c7352106a..ae538d23f 100644
--- a/contrib/cirrus/lib.sh
+++ b/contrib/cirrus/lib.sh
@@ -138,7 +138,9 @@ passthrough_envars(){
}
setup_rootless() {
- req_env_vars ROOTLESS_USER GOPATH GOSRC SECRET_ENV_RE
+ req_env_vars GOPATH GOSRC SECRET_ENV_RE
+
+ ROOTLESS_USER="${ROOTLESS_USER:-some${RANDOM}dude}"
local rootless_uid
local rootless_gid
@@ -150,9 +152,11 @@ setup_rootless() {
# shellcheck disable=SC2154
if passwd --status $ROOTLESS_USER
then
- msg "Updating $ROOTLESS_USER user permissions on possibly changed libpod code"
- chown -R $ROOTLESS_USER:$ROOTLESS_USER "$GOPATH" "$GOSRC"
- return 0
+ if [[ $PRIV_NAME = "rootless" ]]; then
+ msg "Updating $ROOTLESS_USER user permissions on possibly changed libpod code"
+ chown -R $ROOTLESS_USER:$ROOTLESS_USER "$GOPATH" "$GOSRC"
+ return 0
+ fi
fi
msg "************************************************************"
msg "Setting up rootless user '$ROOTLESS_USER'"
@@ -164,7 +168,11 @@ setup_rootless() {
msg "creating $rootless_uid:$rootless_gid $ROOTLESS_USER user"
groupadd -g $rootless_gid $ROOTLESS_USER
useradd -g $rootless_gid -u $rootless_uid --no-user-group --create-home $ROOTLESS_USER
- chown -R $ROOTLESS_USER:$ROOTLESS_USER "$GOPATH" "$GOSRC"
+
+ # We also set up rootless user for image-scp tests (running as root)
+ if [[ $PRIV_NAME = "rootless" ]]; then
+ chown -R $ROOTLESS_USER:$ROOTLESS_USER "$GOPATH" "$GOSRC"
+ fi
echo "$ROOTLESS_USER ALL=(root) NOPASSWD: ALL" > /etc/sudoers.d/ci-rootless
mkdir -p "$HOME/.ssh" "/home/$ROOTLESS_USER/.ssh"
diff --git a/contrib/cirrus/setup_environment.sh b/contrib/cirrus/setup_environment.sh
index 8f535c7e7..03b954a5b 100755
--- a/contrib/cirrus/setup_environment.sh
+++ b/contrib/cirrus/setup_environment.sh
@@ -177,19 +177,26 @@ esac
# Required to be defined by caller: Are we testing as root or a regular user
case "$PRIV_NAME" in
- root) ;;
+ root)
+ if [[ "$TEST_FLAVOR" = "sys" ]]; then
+ # Used in local image-scp testing
+ setup_rootless
+ echo "PODMAN_ROOTLESS_USER=$ROOTLESS_USER" >> /etc/ci_environment
+ fi
+ ;;
rootless)
# load kernel modules since the rootless user has no permission to do so
modprobe ip6_tables || :
modprobe ip6table_nat || :
- # Needs to exist for setup_rootless()
- ROOTLESS_USER="${ROOTLESS_USER:-some${RANDOM}dude}"
- echo "ROOTLESS_USER=$ROOTLESS_USER" >> /etc/ci_environment
setup_rootless
;;
*) die_unknown PRIV_NAME
esac
+if [[ -n "$ROOTLESS_USER" ]]; then
+ echo "ROOTLESS_USER=$ROOTLESS_USER" >> /etc/ci_environment
+fi
+
# Required to be defined by caller: Are we testing podman or podman-remote client
# shellcheck disable=SC2154
case "$PODBIN_NAME" in
diff --git a/test/system/272-system-connection.bats b/test/system/272-system-connection.bats
index 4e9ac4dd6..7b70f60f4 100644
--- a/test/system/272-system-connection.bats
+++ b/test/system/272-system-connection.bats
@@ -124,10 +124,14 @@ $c2[ ]\+tcp://localhost:54321[ ]\+true" \
# If we have ssh access to localhost (unlikely in CI), test that.
@test "podman system connection - ssh" {
- rand=$(random_string 20)
- echo $rand >$PODMAN_TMPDIR/testfile
+ # system connection only really works if we have an agent
+ run ssh-add -l
+ test "$status" -eq 0 || skip "Not running under ssh-agent"
+ test "${#lines[@]}" -ge 1 || skip "ssh agent has no identities"
# Can we actually ssh to localhost?
+ rand=$(random_string 20)
+ echo $rand >$PODMAN_TMPDIR/testfile
run ssh -q -o BatchMode=yes \
-o UserKnownHostsFile=/dev/null \
-o StrictHostKeyChecking=no \