3 files changed, 26 insertions, 12 deletions

diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh
index 9a7bfba8f..9b7c613f5 100644
--- a/contrib/cirrus/lib.sh
+++ b/contrib/cirrus/lib.sh
@@ -143,6 +143,8 @@ setup_rootless() {
     local rootless_uid
     local rootless_gid
     local env_var_val
+    local akfilepath
+    local sshcmd
 
     # Only do this once; established by setup_environment.sh
     # shellcheck disable=SC2154
@@ -169,24 +171,25 @@ setup_rootless() {
         ssh-keygen -P "" -f "$HOME/.ssh/id_rsa"
 
     msg "Allowing ssh key for $ROOTLESS_USER"
+    akfilepath="/home/$ROOTLESS_USER/.ssh/authorized_keys"
     (umask 077 && mkdir "/home/$ROOTLESS_USER/.ssh")
     chown -R $ROOTLESS_USER:$ROOTLESS_USER "/home/$ROOTLESS_USER/.ssh"
     install -o $ROOTLESS_USER -g $ROOTLESS_USER -m 0600 \
-        "$HOME/.ssh/id_rsa.pub" "/home/$ROOTLESS_USER/.ssh/authorized_keys"
+        "$HOME/.ssh/id_rsa.pub" "$akfilepath"
     # Makes debugging easier
-    cat /root/.ssh/authorized_keys >> "/home/$ROOTLESS_USER/.ssh/authorized_keys"
-
-    msg "Configuring subuid and subgid"
-    grep -q "${ROOTLESS_USER}" /etc/subuid || \
-        echo "${ROOTLESS_USER}:$[rootless_uid * 100]:65536" | \
-            tee -a /etc/subuid >> /etc/subgid
+    cat /root/.ssh/authorized_keys >> "$akfilepath"
 
     msg "Ensure the ssh daemon is up and running within 5 minutes"
     systemctl start sshd
-    lilto ssh $ROOTLESS_USER@localhost \
-           -o UserKnownHostsFile=/dev/null \
-           -o StrictHostKeyChecking=no \
-           -o CheckHostIP=no true
+    sshcmd="ssh $ROOTLESS_USER@localhost
+           -o UserKnownHostsFile=/dev/null
+           -o StrictHostKeyChecking=no
+           -o CheckHostIP=no"
+    lilto $sshcmd true  # retry until sshd is up
+
+    msg "Configuring rootless user self-access to ssh to localhost"
+    $sshcmd ssh-keygen -P '""' -f "/home/$ROOTLESS_USER/.ssh/id_rsa"
+    cat "/home/$ROOTLESS_USER/.ssh/id_rsa" >> "$akfilepath"
 }
 
 install_test_configs() {
diff --git a/contrib/cirrus/runner.sh b/contrib/cirrus/runner.sh
index 22a66dd08..8ef2a6e64 100755
--- a/contrib/cirrus/runner.sh
+++ b/contrib/cirrus/runner.sh
@@ -117,6 +117,7 @@ exec_container() {
     set -x
     # shellcheck disable=SC2154
     exec podman run --rm --privileged --net=host --cgroupns=host \
+        -v `mktemp -d -p /var/tmp`:/tmp:Z \
         -v /dev/fuse:/dev/fuse \
         -v "$GOPATH:$GOPATH:Z" \
         --workdir "$GOSRC" \
diff --git a/contrib/cirrus/setup_environment.sh b/contrib/cirrus/setup_environment.sh
index f2afbfef5..3786054a7 100755
--- a/contrib/cirrus/setup_environment.sh
+++ b/contrib/cirrus/setup_environment.sh
@@ -236,9 +236,19 @@ case "$TEST_FLAVOR" in
         # Use existing host bits when testing is to happen inside a container
         # since this script will run again in that environment.
         # shellcheck disable=SC2154
-        if ((CONTAINER==0)) && [[ "$TEST_ENVIRON" == "host" ]]; then
+        if [[ "$TEST_ENVIRON" == "host" ]]; then
+            if ((CONTAINER)); then
+                die "Refusing to config. host-test in container";
+            fi
             remove_packaged_podman_files
             make install PREFIX=/usr ETCDIR=/etc
+        elif [[ "$TEST_ENVIRON" == "container" ]]; then
+            if ((CONTAINER)); then
+                remove_packaged_podman_files
+                make install PREFIX=/usr ETCDIR=/etc
+            fi
+        else
+            die "Invalid value for $$TEST_ENVIRON=$TEST_ENVIRON"
         fi
 
         install_test_configs