6 files changed, 252 insertions, 197 deletions

diff --git a/contrib/cirrus/packer/Makefile b/contrib/cirrus/packer/Makefile
index fa87d7019..a911cafdb 100644
--- a/contrib/cirrus/packer/Makefile
+++ b/contrib/cirrus/packer/Makefile
@@ -1,9 +1,4 @@
-
-# N/B: PACKER_BUILDS variable is required.  Should contain CSV of
-# builder name(s) from applicable YAML file,
-# e.g for names see libpod_images.yml
-
-PACKER_VER ?= 1.4.2
+PACKER_VER ?= 1.4.3
 GOARCH=$(shell go env GOARCH)
 ARCH=$(uname -m)
 PACKER_DIST_FILENAME := packer_${PACKER_VER}_linux_${GOARCH}.zip
@@ -56,8 +51,9 @@ test: libpod_base_images.json libpod_images.json packer
 
 .PHONY: libpod_images
 libpod_images: guard-PACKER_BUILDS libpod_images.json packer
-	./packer build -only=${PACKER_BUILDS} \
+	./packer build \
 		-force \
+		$(shell test -z "${PACKER_BUILDS}" || echo "-only=${PACKER_BUILDS}") \
 		-var GOSRC=$(GOSRC) \
 		-var PACKER_BASE=$(PACKER_BASE) \
 		-var SCRIPT_BASE=$(SCRIPT_BASE) \
@@ -82,6 +78,7 @@ cidata.iso: user-data meta-data
 .PHONY: libpod_base_images
 libpod_base_images: guard-GCP_PROJECT_ID guard-GOOGLE_APPLICATION_CREDENTIALS libpod_base_images.json cidata.iso cidata.ssh packer
 	PACKER_CACHE_DIR=/tmp ./packer build \
+		$(shell test -z "${PACKER_BUILDS}" || echo "-only=${PACKER_BUILDS}") \
 		-force \
 		-var TIMESTAMP=$(TIMESTAMP) \
 		-var TTYDEV=$(TTYDEV) \
diff --git a/contrib/cirrus/packer/fedora_setup.sh b/contrib/cirrus/packer/fedora_setup.sh
index 6cfaa05ce..81a46b13f 100644
--- a/contrib/cirrus/packer/fedora_setup.sh
+++ b/contrib/cirrus/packer/fedora_setup.sh
@@ -8,107 +8,130 @@ set -e
 # Load in library (copied by packer, before this script was run)
 source /tmp/libpod/$SCRIPT_BASE/lib.sh
 
-req_env_var SCRIPT_BASE PACKER_BUILDER_NAME GOSRC
+req_env_var SCRIPT_BASE PACKER_BUILDER_NAME GOSRC FEDORA_BASE_IMAGE OS_RELEASE_ID OS_RELEASE_VER
 
 install_ooe
 
 export GOPATH="$(mktemp -d)"
 trap "sudo rm -rf $GOPATH" EXIT
 
-ooe.sh sudo dnf update -y
-
-echo "Enabling updates-testing repository"
-ooe.sh sudo dnf install -y 'dnf-command(config-manager)'
-ooe.sh sudo dnf config-manager --set-enabled updates-testing
-
-echo "Installing general build/test dependencies"
-ooe.sh sudo dnf install -y \
-    atomic-registries \
-    autoconf \
-    automake \
-    bash-completion \
-    bats \
-    bridge-utils \
-    btrfs-progs-devel \
-    bzip2 \
-    conmon \
-    container-selinux \
-    containernetworking-plugins \
-    containers-common \
-    criu \
-    device-mapper-devel \
-    emacs-nox \
-    file \
-    findutils \
-    fuse3 \
-    fuse3-devel \
-    gcc \
-    git \
-    glib2-devel \
-    glibc-static \
-    gnupg \
-    go-md2man \
-    golang \
-    golang-github-cpuguy83-go-md2man \
-    gpgme-devel \
-    iproute \
-    iptables \
-    jq \
-    libassuan-devel \
-    libcap-devel \
-    libmsi1 \
-    libnet \
-    libnet-devel \
-    libnl3-devel \
-    libseccomp \
-    libseccomp-devel \
-    libselinux-devel \
-    libtool \
-    libvarlink-util \
-    lsof \
-    make \
-    msitools \
-    nmap-ncat \
-    pandoc \
-    podman \
-    procps-ng \
-    protobuf \
-    protobuf-c \
-    protobuf-c-devel \
-    protobuf-compiler \
-    protobuf-devel \
-    protobuf-python \
-    python \
-    python2-future \
-    python3-dateutil \
-    python3-psutil \
-    python3-pytoml \
-    runc \
-    selinux-policy-devel \
-    slirp4netns \
-    unzip \
-    vim \
-    which \
-    xz \
+$BIGTO ooe.sh sudo dnf update -y
+
+# Do not enable update-stesting on the previous Fedora release
+if [[ "$FEDORA_BASE_IMAGE" =~ "${OS_RELEASE_ID}-cloud-base-${OS_RELEASE_VER}" ]]; then
+    warn "Enabling updates-testing repository for image based on $FEDORA_BASE_IMAGE"
+    $LILTO ooe.sh sudo dnf install -y 'dnf-command(config-manager)'
+    $LILTO ooe.sh sudo dnf config-manager --set-enabled updates-testing
+else
+    warn "NOT enabling updates-testing repository for image based on $PRIOR_FEDORA_BASE_IMAGE"
+fi
+
+REMOVE_PACKAGES=()
+INSTALL_PACKAGES=(\
+    autoconf
+    automake
+    bash-completion
+    bats
+    bridge-utils
+    btrfs-progs-devel
+    bzip2
+    conmon
+    container-selinux
+    containernetworking-plugins
+    containers-common
+    criu
+    device-mapper-devel
+    dnsmasq
+    emacs-nox
+    file
+    findutils
+    fuse3
+    fuse3-devel
+    gcc
+    git
+    glib2-devel
+    glibc-static
+    gnupg
+    go-md2man
+    golang
+    gpgme-devel
+    iproute
+    iptables
+    jq
+    libassuan-devel
+    libcap-devel
+    libmsi1
+    libnet
+    libnet-devel
+    libnl3-devel
+    libseccomp
+    libseccomp-devel
+    libselinux-devel
+    libtool
+    libvarlink-util
+    lsof
+    make
+    msitools
+    nmap-ncat
+    ostree-devel
+    pandoc
+    podman
+    procps-ng
+    protobuf
+    protobuf-c
+    protobuf-c-devel
+    protobuf-devel
+    protobuf-python
+    python
+    python3-dateutil
+    python3-psutil
+    python3-pytoml
+    rsync
+    runc
+    selinux-policy-devel
+    skopeo
+    skopeo-containers
+    slirp4netns
+    unzip
+    vim
+    wget
+    which
+    xz
     zip
+)
+case "$OS_RELEASE_VER" in
+    30)
+        INSTALL_PACKAGES+=(\
+            atomic-registries
+            golang-github-cpuguy83-go-md2man
+            python2-future
+            runc
+        )
+        REMOVE_PACKAGES+=(crun)
+        ;;
+    31)
+        INSTALL_PACKAGES+=(crun)
+        REMOVE_PACKAGES+=(runc)
+        ;;
+    *)
+        bad_os_id_ver ;;
+esac
 
+echo "Installing general build/test dependencies for Fedora '$OS_RELEASE_VER'"
+$BIGTO ooe.sh sudo dnf install -y ${INSTALL_PACKAGES[@]}
 
-# Ensure there are no disruptive periodic services enabled by default in image
-systemd_banish
+install_buildah_packages
 
-sudo /tmp/libpod/hack/install_catatonit.sh
+[[ "${#REMOVE_PACKAGES[@]}" -eq "0" ]] || \
+    $LILTO ooe.sh sudo dnf erase -y ${REMOVE_PACKAGES[@]}
 
-# Same script is used for several related contexts
-case "$PACKER_BUILDER_NAME" in
-    xfedora*)
-        echo "Configuring CGroups v2 enabled on next boot"
-        sudo grubby --update-kernel=ALL --args="systemd.unified_cgroup_hierarchy=1"
-        sudo dnf install -y crun
-        ;&  # continue to next matching item
-    *)
-        echo "Finalizing $PACKER_BUILDER_NAME VM image"
-        ;;
-esac
+echo "Enabling cgroup management from containers"
+ooe.sh sudo setsebool container_manage_cgroup true
+
+ooe.sh sudo /tmp/libpod/hack/install_catatonit.sh
+
+# Ensure there are no disruptive periodic services enabled by default in image
+systemd_banish
 
 rh_finalize
 
diff --git a/contrib/cirrus/packer/image-builder-image_base-setup.sh b/contrib/cirrus/packer/image-builder-image_base-setup.sh
index 43cfa7180..78772da09 100644
--- a/contrib/cirrus/packer/image-builder-image_base-setup.sh
+++ b/contrib/cirrus/packer/image-builder-image_base-setup.sh
@@ -31,10 +31,8 @@ ooe.sh sudo yum -y install \
     libvirt-client \
     libvirt-daemon \
     make \
-    python34 \
-    python34 \
-    python34-PyYAML \
-    python34-PyYAML \
+    python36 \
+    python36-PyYAML \
     qemu-img \
     qemu-kvm \
     qemu-kvm-tools \
diff --git a/contrib/cirrus/packer/libpod_base_images.yml b/contrib/cirrus/packer/libpod_base_images.yml
index bcca440ae..255723d57 100644
--- a/contrib/cirrus/packer/libpod_base_images.yml
+++ b/contrib/cirrus/packer/libpod_base_images.yml
@@ -12,19 +12,19 @@ variables:
     # Required for output from qemu builders
     TTYDEV:
 
-    # Ubuntu releases are mearly copied to this project for control purposes
+    # Ubuntu releases are merely copied to this project for control purposes
     UBUNTU_BASE_IMAGE:
     PRIOR_UBUNTU_BASE_IMAGE:
 
     # Latest Fedora release
-    FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/30/Cloud/x86_64/images/Fedora-Cloud-Base-30-1.2.x86_64.qcow2"
-    FEDORA_CSUM_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/30/Cloud/x86_64/images/Fedora-Cloud-30-1.2-x86_64-CHECKSUM"
-    FEDORA_BASE_IMAGE_NAME: 'fedora-cloud-base-30-1-2'
+    FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/31/Cloud/x86_64/images/Fedora-Cloud-Base-31-1.9.x86_64.qcow2"
+    FEDORA_CSUM_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/31/Cloud/x86_64/images/Fedora-Cloud-31-1.9-x86_64-CHECKSUM"
+    FEDORA_BASE_IMAGE_NAME: 'fedora-cloud-base-31-1-9'
 
     # Prior Fedora release
-    PRIOR_FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/29/Cloud/x86_64/images/Fedora-Cloud-Base-29-1.2.x86_64.qcow2"
-    PRIOR_FEDORA_CSUM_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/29/Cloud/x86_64/images/Fedora-Cloud-29-1.2-x86_64-CHECKSUM"
-    PRIOR_FEDORA_BASE_IMAGE_NAME: 'fedora-cloud-base-29-1-2'  # Name to use in GCE
+    PRIOR_FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/30/Cloud/x86_64/images/Fedora-Cloud-Base-30-1.2.x86_64.qcow2"
+    PRIOR_FEDORA_CSUM_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/30/Cloud/x86_64/images/Fedora-Cloud-30-1.2-x86_64-CHECKSUM"
+    PRIOR_FEDORA_BASE_IMAGE_NAME: 'fedora-cloud-base-30-1-2'
 
     # The name of the image in GCE used for packer build libpod_images.yml
     IBI_BASE_NAME: 'image-builder-image'
diff --git a/contrib/cirrus/packer/libpod_images.yml b/contrib/cirrus/packer/libpod_images.yml
index 01a65d867..074a813af 100644
--- a/contrib/cirrus/packer/libpod_images.yml
+++ b/contrib/cirrus/packer/libpod_images.yml
@@ -51,17 +51,12 @@ builders:
       source_image_family: 'prior-ubuntu-base'
 
     - <<: *gce_hosted_image
-      name: 'fedora-30'
-      source_image: '{{user `FEDORA_BASE_IMAGE`}}'
-      source_image_family: 'fedora-base'
-
-    - <<: *gce_hosted_image
-      name: 'xfedora-30'
+      name: 'fedora-31'
       source_image: '{{user `FEDORA_BASE_IMAGE`}}'
       source_image_family: 'fedora-base'
 
     - <<: *gce_hosted_image
-      name: 'fedora-29'
+      name: 'fedora-30'
       source_image: '{{user `PRIOR_FEDORA_BASE_IMAGE`}}'
       source_image_family: 'prior-fedora-base'
 
diff --git a/contrib/cirrus/packer/ubuntu_setup.sh b/contrib/cirrus/packer/ubuntu_setup.sh
index 118ee062a..46e7a620f 100644
--- a/contrib/cirrus/packer/ubuntu_setup.sh
+++ b/contrib/cirrus/packer/ubuntu_setup.sh
@@ -15,9 +15,6 @@ install_ooe
 export GOPATH="$(mktemp -d)"
 trap "sudo rm -rf $GOPATH" EXIT
 
-# Ensure there are no disruptive periodic services enabled by default in image
-systemd_banish
-
 # Stop disruption upon boot ASAP after booting
 echo "Disabling all packaging activity on boot"
 # Don't let sed process sed's temporary files
@@ -32,96 +29,123 @@ $BIGTO $SUDOAPTGET update
 echo "Upgrading all packages"
 $BIGTO $SUDOAPTGET upgrade
 
-echo "Adding PPAs"
+echo "Adding third-party repositories and PPAs"
 $LILTO $SUDOAPTGET install software-properties-common
-$LILTO $SUDOAPTADD ppa:projectatomic/ppa
 $LILTO $SUDOAPTADD ppa:criu/ppa
 if [[ "$OS_RELEASE_VER" -eq "18" ]]
 then
     $LILTO $SUDOAPTADD ppa:longsleep/golang-backports
 fi
 
-$LILTO $SUDOAPTGET update
-
-echo "Installing general testing and system dependencies"
-$BIGTO $SUDOAPTGET install \
-    apparmor \
-    aufs-tools \
-    autoconf \
-    automake \
-    bash-completion \
-    bats \
-    bison \
-    btrfs-tools \
-    build-essential \
-    containernetworking-plugins \
-    containers-common \
-    cri-o-runc \
-    criu \
-    curl \
-    e2fslibs-dev \
-    emacs-nox \
-    file \
-    gawk \
-    gcc \
-    gettext \
-    go-md2man \
-    golang \
-    iproute2 \
-    iptables \
-    jq \
-    libaio-dev \
-    libapparmor-dev \
-    libcap-dev \
-    libdevmapper-dev \
-    libdevmapper1.02.1 \
-    libfuse-dev \
-    libfuse2 \
-    libglib2.0-dev \
-    libgpgme11-dev \
-    liblzma-dev \
-    libnet1 \
-    libnet1-dev \
-    libnl-3-dev \
-    libvarlink \
-    libprotobuf-c-dev \
-    libprotobuf-dev \
-    libseccomp-dev \
-    libseccomp2 \
-    libsystemd-dev \
-    libtool \
-    libudev-dev \
-    lsof \
-    make \
-    netcat \
-    pkg-config \
-    podman \
-    protobuf-c-compiler \
-    protobuf-compiler \
-    python-future \
-    python-minimal \
-    python-protobuf \
-    python3-dateutil \
-    python3-pip \
-    python3-psutil \
-    python3-pytoml \
-    python3-setuptools \
-    skopeo \
-    slirp4netns \
-    socat \
-    unzip \
-    vim \
-    xz-utils \
+echo "Configuring/Instaling deps from Open build server"
+VERSION_ID=$(source /etc/os-release; echo $VERSION_ID)
+echo "deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_$VERSION_ID/ /" \
+    | ooe.sh sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list
+ooe.sh curl -L -o /tmp/Release.key "https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/xUbuntu_${VERSION_ID}/Release.key"
+ooe.sh sudo apt-key add - < /tmp/Release.key
+
+INSTALL_PACKAGES=(\
+    apparmor
+    aufs-tools
+    autoconf
+    automake
+    bash-completion
+    bison
+    build-essential
+    bzip2
+    conmon
+    containernetworking-plugins
+    containers-common
+    coreutils
+    cri-o-runc
+    criu
+    curl
+    dnsmasq
+    e2fslibs-dev
+    emacs-nox
+    file
+    gawk
+    gcc
+    gettext
+    git
+    go-md2man
+    golang
+    iproute2
+    iptables
+    jq
+    libaio-dev
+    libapparmor-dev
+    libcap-dev
+    libdevmapper-dev
+    libdevmapper1.02.1
+    libfuse-dev
+    libfuse2
+    libglib2.0-dev
+    libgpgme11-dev
+    liblzma-dev
+    libnet1
+    libnet1-dev
+    libnl-3-dev
+    libprotobuf-c-dev
+    libprotobuf-dev
+    libseccomp-dev
+    libseccomp2
+    libselinux-dev
+    libsystemd-dev
+    libtool
+    libudev-dev
+    libvarlink
+    lsof
+    make
+    netcat
+    openssl
+    pkg-config
+    podman
+    protobuf-c-compiler
+    protobuf-compiler
+    python-future
+    python-minimal
+    python-protobuf
+    python3-dateutil
+    python3-pip
+    python3-psutil
+    python3-pytoml
+    python3-setuptools
+    rsync
+    runc
+    scons
+    skopeo
+    slirp4netns
+    socat
+    unzip
+    vim
+    wget
+    xz-utils
+    yum-utils
     zip
+    zlib1g-dev
+)
 
 if [[ "$OS_RELEASE_VER" -ge "19" ]]
 then
-    echo "Installing Ubuntu > 18 packages"
-    $LILTO $SUDOAPTGET install fuse3 libfuse3-dev libbtrfs-dev
-fi
+    INSTALL_PACKAGES+=(\
+        bats
+        btrfs-progs
+        fuse3
+        libbtrfs-dev
+        libfuse3-dev
+    )
+else
+    echo "Downloading version of bats with fix for a \$IFS related bug in 'run' command"
+    cd /tmp
+    BATS_URL='http://launchpadlibrarian.net/438140887/bats_1.1.0+git104-g1c83a1b-1_all.deb'
+    curl -L -O "$BATS_URL"
+    cd -
+    INSTALL_PACKAGES+=(\
+        /tmp/$(basename $BATS_URL)
+        btrfs-tools
+    )
 
-if [[ "$OS_RELEASE_VER" -eq "18" ]]
-then
     echo "Forced Ubuntu 18 kernel to enable cgroup swap accounting."
     SEDCMD='s/^GRUB_CMDLINE_LINUX="(.*)"/GRUB_CMDLINE_LINUX="\1 cgroup_enable=memory swapaccount=1"/g'
     ooe.sh sudo sed -re "$SEDCMD" -i /etc/default/grub.d/*
@@ -129,9 +153,27 @@ then
     ooe.sh sudo update-grub
 fi
 
-sudo /tmp/libpod/hack/install_catatonit.sh
+echo "Installing general testing and system dependencies"
+# Necessary to update cache of newly added repos
+$LILTO $SUDOAPTGET update
+$BIGTO $SUDOAPTGET install ${INSTALL_PACKAGES[@]}
+
+install_buildah_packages
+
+echo "Installing cataonit and libseccomp.sudo"
+ooe.sh sudo /tmp/libpod/hack/install_catatonit.sh
 ooe.sh sudo make -C /tmp/libpod install.libseccomp.sudo
 
+# Ensure there are no disruptive periodic services enabled by default in image
+systemd_banish
+
+CRIO_RUNC_PATH="/usr/lib/cri-o-runc/sbin/runc"
+if sudo dpkg -L cri-o-runc | grep -m 1 -q "$CRIO_RUNC_PATH"
+then
+    echo "Linking $CRIO_RUNC_PATH to /usr/bin/runc for ease of testing."
+    sudo ln -f "$CRIO_RUNC_PATH" "/usr/bin/runc"
+fi
+
 ubuntu_finalize
 
 echo "SUCCESS!"