8 files changed, 235 insertions, 25 deletions
diff --git a/test/system/030-run.bats b/test/system/030-run.bats
index 3749dcac5..b2999a9e7 100644
--- a/test/system/030-run.bats
+++ b/test/system/030-run.bats
@@ -139,7 +139,7 @@ echo $rand        |   0 | $rand
     is "$output" "" "--pull=never [present]: no output"
 
     # Now test with a remote image which we don't have present (the 00 tag)
-    NONLOCAL_IMAGE="$PODMAN_TEST_IMAGE_REGISTRY/$PODMAN_TEST_IMAGE_USER/$PODMAN_TEST_IMAGE_NAME:00000000"
+    NONLOCAL_IMAGE="$PODMAN_NONLOCAL_IMAGE_FQN"
 
     run_podman 125 run --pull=never $NONLOCAL_IMAGE true
     is "$output" "Error: unable to find a name and tag match for $NONLOCAL_IMAGE in repotags: no such image" "--pull=never [with image not present]: error"
@@ -175,7 +175,7 @@ echo $rand        |   0 | $rand
 # 'run --rmi' deletes the image in the end unless it's used by another container
 @test "podman run --rmi" {
     # Name of a nonlocal image. It should be pulled in by the first 'run'
-    NONLOCAL_IMAGE="$PODMAN_TEST_IMAGE_REGISTRY/$PODMAN_TEST_IMAGE_USER/$PODMAN_TEST_IMAGE_NAME:00000000"
+    NONLOCAL_IMAGE="$PODMAN_NONLOCAL_IMAGE_FQN"
     run_podman 1 image exists $NONLOCAL_IMAGE
 
     # Run a container, without --rm; this should block subsequent --rmi
@@ -662,4 +662,10 @@ json-file | f
     run_podman rm $cname
 }
 
+@test "podman run - do not set empty HOME" {
+    # Regression test for #9378.
+    run_podman run --rm --user 100 $IMAGE printenv
+    is "$output" ".*HOME=/.*"
+}
+
 # vim: filetype=sh
diff --git a/test/system/055-rm.bats b/test/system/055-rm.bats
index 0107114b5..a5770f20f 100644
--- a/test/system/055-rm.bats
+++ b/test/system/055-rm.bats
@@ -51,6 +51,13 @@ load helpers
     run_podman rm $rand $external_cid
 }
 
+@test "podman rm <-> run --rm race" {
+    # A container's lock is released before attempting to stop it.  This opens
+    # the window for race conditions that led to #9479.
+    run_podman run --rm -d $IMAGE sleep infinity
+    run_podman rm -af
+}
+
 # I'm sorry! This test takes 13 seconds. There's not much I can do about it,
 # please know that I think it's justified: podman 1.5.0 had a strange bug
 # in with exit status was not preserved on some code paths with 'rm -f'
diff --git a/test/system/065-cp.bats b/test/system/065-cp.bats
index d3cf1c274..312106b36 100644
--- a/test/system/065-cp.bats
+++ b/test/system/065-cp.bats
@@ -18,6 +18,8 @@ load helpers
     echo "${randomcontent[0]}" > $srcdir/hostfile0
     echo "${randomcontent[1]}" > $srcdir/hostfile1
     echo "${randomcontent[2]}" > $srcdir/hostfile2
+    mkdir -p $srcdir/subdir
+    echo "${randomcontent[2]}" > $srcdir/subdir/dotfile.
 
     run_podman run -d --name cpcontainer --workdir=/srv $IMAGE sleep infinity
     run_podman exec cpcontainer mkdir /srv/subdir
@@ -50,6 +52,11 @@ load helpers
         is "$output" "${randomcontent[$id]}" "$description (cp -> ctr:$dest)"
     done < <(parse_table "$tests")
 
+    # Dots are special for dirs not files.
+    run_podman cp $srcdir/subdir/dotfile. cpcontainer:/tmp
+    run_podman exec cpcontainer cat /tmp/dotfile.
+    is "$output" "${randomcontent[2]}" "$description (cp -> ctr:$dest)"
+
     # Host path does not exist.
     run_podman 125 cp $srcdir/IdoNotExist cpcontainer:/tmp
     is "$output" 'Error: ".*/IdoNotExist" could not be found on the host' \
@@ -76,12 +83,14 @@ load helpers
     )
     run_podman run -d --name cpcontainer --workdir=/srv $IMAGE sleep infinity
     run_podman exec cpcontainer sh -c "echo ${randomcontent[0]} > /tmp/containerfile"
+    run_podman exec cpcontainer sh -c "echo ${randomcontent[0]} > /tmp/dotfile."
     run_podman exec cpcontainer sh -c "echo ${randomcontent[1]} > /srv/containerfile1"
     run_podman exec cpcontainer sh -c "mkdir /srv/subdir; echo ${randomcontent[2]} > /srv/subdir/containerfile2"
 
     # format is: <id> | <source arg to cp> | <destination arg (appended to $srcdir) to cp> | <full dest path (appended to $srcdir)> | <test name>
     tests="
 0 | /tmp/containerfile    |          | /containerfile  | copy to srcdir/
+0 | /tmp/dotfile.         |          | /dotfile.       | copy to srcdir/
 0 | /tmp/containerfile    | /        | /containerfile  | copy to srcdir/
 0 | /tmp/containerfile    | /.       | /containerfile  | copy to srcdir/.
 0 | /tmp/containerfile    | /newfile | /newfile        | copy to srcdir/newfile
@@ -117,12 +126,18 @@ load helpers
     echo "${randomcontent[0]}" > $srcdir/hostfile0
     echo "${randomcontent[1]}" > $srcdir/hostfile1
 
+    # "." and "dir/." will copy the contents, so make sure that a dir ending
+    # with dot is treated correctly.
+    mkdir -p $srcdir.
+    cp $srcdir/* $srcdir./
+
     run_podman run -d --name cpcontainer --workdir=/srv $IMAGE sleep infinity
     run_podman exec cpcontainer mkdir /srv/subdir
 
     # format is: <source arg to cp (appended to srcdir)> | <destination arg to cp> | <full dest path> | <test name>
     tests="
     | /        | /dir-test             | copy to root
+ .  | /        | /dir-test.            | copy dotdir to root
  /  | /tmp     | /tmp/dir-test         | copy to tmp
  /. | /usr/    | /usr/                 | copy contents of dir to usr/
     | .        | /srv/dir-test         | copy to workdir (rel path)
@@ -153,6 +168,9 @@ load helpers
     run_podman run -d --name cpcontainer --workdir=/srv $IMAGE sleep infinity
     run_podman exec cpcontainer sh -c 'mkdir /srv/subdir; echo "This first file is on the container" > /srv/subdir/containerfile1'
     run_podman exec cpcontainer sh -c 'echo "This second file is on the container as well" > /srv/subdir/containerfile2'
+    # "." and "dir/." will copy the contents, so make sure that a dir ending
+    # with dot is treated correctly.
+    run_podman exec cpcontainer sh -c 'mkdir /tmp/subdir.; cp /srv/subdir/* /tmp/subdir./'
 
     run_podman cp cpcontainer:/srv $srcdir
     run cat $srcdir/srv/subdir/containerfile1
@@ -174,6 +192,14 @@ load helpers
     is "$output" "This first file is on the container"
     run cat $srcdir/containerfile2
     is "$output" "This second file is on the container as well"
+    rm -rf $srcdir/subdir
+
+    run_podman cp cpcontainer:/tmp/subdir. $srcdir
+    run cat $srcdir/subdir./containerfile1
+    is "$output" "This first file is on the container"
+    run cat $srcdir/subdir./containerfile2
+    is "$output" "This second file is on the container as well"
+    rm -rf $srcdir/subdir.
 
     run_podman rm -f cpcontainer
 }
@@ -449,9 +475,9 @@ load helpers
     run_podman exec cpcontainer rm -rf /tmp/$srcdir
 
     # Now for "/dev/stdin".
+    # Note: while this works, the content ends up in Nirvana.
+    #       Same for Docker.
     run_podman cp /dev/stdin cpcontainer:/tmp < $tar_file
-    run_podman exec cpcontainer cat /tmp/$srcdir/$rand_filename
-    is "$output" "$rand_content"
 
     # Error checks below ...
 
@@ -461,11 +487,11 @@ load helpers
 
     # Destination must be a directory (on an existing file).
     run_podman exec cpcontainer touch /tmp/file.txt
-    run_podman 125 cp /dev/stdin cpcontainer:/tmp/file.txt < $tar_file
+    run_podman 125 cp - cpcontainer:/tmp/file.txt < $tar_file
     is "$output" 'Error: destination must be a directory when copying from stdin'
 
     # Destination must be a directory (on an absent path).
-    run_podman 125 cp /dev/stdin cpcontainer:/tmp/IdoNotExist < $tar_file
+    run_podman 125 cp - cpcontainer:/tmp/IdoNotExist < $tar_file
     is "$output" 'Error: destination must be a directory when copying from stdin'
 
     run_podman rm -f cpcontainer
@@ -482,6 +508,10 @@ load helpers
     run_podman exec cpcontainer sh -c "echo '$rand_content' > /tmp/file.txt"
     run_podman exec cpcontainer touch /tmp/empty.txt
 
+    # Make sure that only "-" gets special treatment. "/dev/stdout"
+    run_podman 125 cp cpcontainer:/tmp/file.txt /dev/stdout
+    is "$output" 'Error: invalid destination: "/dev/stdout" must be a directory or a regular file'
+
     # Copying from stdout will always compress.  So let's copy the previously
     # created file from the container via stdout, untar the archive and make
     # sure the file exists with the expected content.
diff --git a/test/system/070-build.bats b/test/system/070-build.bats
index 7a42a4c18..1e7d366a1 100644
--- a/test/system/070-build.bats
+++ b/test/system/070-build.bats
@@ -46,6 +46,31 @@ EOF
     is "$output" ".*invalidflag" "failed when passing undefined flags to the runtime"
 }
 
+@test "podman build - set runtime" {
+    skip_if_remote "--runtime flag not supported for remote"
+    # Test on the CLI and via containers.conf
+
+    tmpdir=$PODMAN_TMPDIR/build-test
+    run mkdir -p $tmpdir
+    containerfile=$tmpdir/Containerfile
+    cat >$containerfile <<EOF
+FROM $IMAGE
+RUN echo $rand_content
+EOF
+
+    run_podman 125 --runtime=idonotexist build -t build_test $tmpdir
+    is "$output" ".*\"idonotexist\" not found.*" "failed when passing invalid OCI runtime via CLI"
+
+    containersconf=$tmpdir/containers.conf
+    cat >$containersconf <<EOF
+[engine]
+runtime="idonotexist"
+EOF
+
+    CONTAINERS_CONF="$containersconf" run_podman 125 build -t build_test $tmpdir
+    is "$output" ".*\"idonotexist\" not found.*" "failed when passing invalid OCI runtime via containers.conf"
+}
+
 # Regression from v1.5.0. This test passes fine in v1.5.0, fails in 1.6
 @test "podman build - cache (#3920)" {
     # Make an empty test directory, with a subdirectory used for tar
@@ -280,8 +305,10 @@ Cmd[0]             | /bin/mydefaultcmd
 Cmd[1]             | $s_echo
 WorkingDir         | $workdir
 Labels.$label_name | $label_value
-Labels.\"io.buildah.version\" | $buildah_version
 "
+    # FIXME: 2021-02-24: Fixed in buildah #3036; reenable this once podman
+    #        vendors in a newer buildah!
+    # Labels.\"io.buildah.version\" | $buildah_version
 
     parse_table "$tests" | while read field expect; do
         actual=$(jq -r ".[0].Config.$field" <<<"$output")
@@ -453,6 +480,45 @@ EOF
     run_podman rmi -a --force
 }
 
+@test "build with copy-from referencing the base image" {
+  skip_if_rootless "cannot mount as rootless"
+  target=busybox-derived
+  target_mt=busybox-mt-derived
+  tmpdir=$PODMAN_TMPDIR/build-test
+  mkdir -p $tmpdir
+  containerfile1=$tmpdir/Containerfile1
+    cat >$containerfile1 <<EOF
+FROM quay.io/libpod/busybox AS build
+RUN rm -f /bin/paste
+USER 1001
+COPY --from=quay.io/libpod/busybox /bin/paste /test/
+EOF
+  containerfile2=$tmpdir/Containerfile2
+    cat >$containerfile2 <<EOF
+FROM quay.io/libpod/busybox AS test
+RUN rm -f /bin/nl
+FROM quay.io/libpod/alpine AS final
+COPY --from=quay.io/libpod/busybox /bin/nl /test/
+EOF
+  run_podman build -t ${target} -f ${containerfile1} ${tmpdir}
+  run_podman build --jobs 4 -t ${target} -f ${containerfile1} ${tmpdir}
+
+  run_podman build -t ${target} -f ${containerfile2} ${tmpdir}
+  run_podman build --no-cache --jobs 4 -t ${target_mt} -f ${containerfile2} ${tmpdir}
+
+  # (can only test locally; podman-remote has no image mount command)
+  if ! is_remote; then
+    run_podman image mount ${target}
+    root_single_job=$output
+
+    run_podman image mount ${target_mt}
+    root_multi_job=$output
+
+    # Check that both the version with --jobs 1 and --jobs=N have the same number of files
+    test $(find $root_single_job -type f | wc -l) = $(find $root_multi_job -type f | wc -l)
+  fi
+}
+
 @test "podman build --logfile test" {
     tmpdir=$PODMAN_TMPDIR/build-test
     mkdir -p $tmpdir
diff --git a/test/system/600-completion.bats b/test/system/600-completion.bats
index 8cac2c9aa..fbb0da231 100644
--- a/test/system/600-completion.bats
+++ b/test/system/600-completion.bats
@@ -157,7 +157,17 @@ function check_shell_completion() {
                     # resume
                     ;;&
 
-                *PATH* | *CONTEXT* | *KUBEFILE* | *COMMAND* | *ARG...* | *URI*)
+                *SECRET*)
+                    run_completion "$@" $cmd "${extra_args[@]}" ""
+                    is "$output" ".*$random_secret_name${nl}" \
+                       "$* $cmd: actual secret listed in suggestions"
+                    _check_completion_end NoFileComp
+
+                    match=true
+                    # resume
+                    ;;&
+
+                *PATH* | *CONTEXT* | *FILE* | *COMMAND* | *ARG...* | *URI*)
                     # default shell completion should be done for everything which accepts a path
                     run_completion "$@" $cmd "${extra_args[@]}" ""
 
@@ -232,6 +242,11 @@ function _check_completion_end() {
     random_image_tag=$(random_string 5)
     random_network_name=$(random_string 30)
     random_volume_name=$(random_string 30)
+    random_secret_name=$(random_string 30)
+    random_secret_content=$(random_string 30)
+    secret_file=$PODMAN_TMPDIR/$(random_string 10)
+
+    echo $random_secret_content > $secret_file
 
     # create a container for each state since some commands are only suggesting running container for example
     run_podman create --name created-$random_container_name $IMAGE
@@ -263,6 +278,8 @@ function _check_completion_end() {
     # create volume
     run_podman volume create $random_volume_name
 
+    # create secret
+    run_podman secret create $random_secret_name $secret_file
 
     # $PODMAN may be a space-separated string, e.g. if we include a --url.
     local -a podman_as_array=($PODMAN)
@@ -274,6 +291,9 @@ function _check_completion_end() {
     check_shell_completion
 
     # cleanup
+    run_podman secret rm $random_secret_name
+    rm -f $secret_file
+
     run_podman volume rm $random_volume_name
 
     run_podman network rm $random_network_name
diff --git a/test/system/700-play.bats b/test/system/700-play.bats
new file mode 100644
index 000000000..e7904f59f
--- /dev/null
+++ b/test/system/700-play.bats
@@ -0,0 +1,54 @@
+#!/usr/bin/env bats   -*- bats -*-
+#
+# Test podman play
+#
+
+load helpers
+
+testYaml="
+apiVersion: v1
+kind: Pod
+metadata:
+  labels:
+    app: test
+  name: test_pod
+spec:
+  containers:
+  - command:
+    - sleep
+    - "100"
+    env:
+    - name: PATH
+      value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+    - name: TERM
+      value: xterm
+    - name: container
+      value: podman
+    image: quay.io/libpod/alpine:latest
+    name: test
+    resources: {}
+    securityContext:
+      runAsUser: 1000
+      runAsGroup: 3000
+      fsGroup: 2000
+      allowPrivilegeEscalation: true
+      capabilities: {}
+      privileged: false
+      seLinuxOptions:
+         level: "s0:c1,c2"
+      readOnlyRootFilesystem: false
+    workingDir: /
+status: {}
+"
+
+@test "podman play with stdin" {
+    echo "$testYaml" > $PODMAN_TMPDIR/test.yaml
+    run_podman play kube - < $PODMAN_TMPDIR/test.yaml
+    run_podman pod rm -f test_pod
+}
+
+@test "podman play" {
+    echo "$testYaml" > $PODMAN_TMPDIR/test.yaml
+    run_podman play kube $PODMAN_TMPDIR/test.yaml
+    run_podman pod rm -f test_pod
+}
diff --git a/test/system/build-testimage b/test/system/build-testimage
index 53ade57f0..aac08e307 100755
--- a/test/system/build-testimage
+++ b/test/system/build-testimage
@@ -12,6 +12,9 @@
 # still need a fedora image for that.
 #
 
+# Buildah binary
+BUILDAH=${BUILDAH:-buildah}
+
 # Tag for this new image
 YMD=$(date +%Y%m%d)
 
@@ -58,7 +61,8 @@ chmod 755 pause
 #    - check for updates @ https://hub.docker.com/_/alpine
 # busybox-extras provides httpd needed in 500-networking.bats
 cat >Containerfile <<EOF
-FROM docker.io/library/alpine:3.12.0
+ARG ARCH=please-override-arch
+FROM docker.io/\${ARCH}/alpine:3.12.0
 RUN apk add busybox-extras
 ADD testimage-id pause /home/podman/
 LABEL created_by=$create_script
@@ -69,26 +73,44 @@ EOF
 
 # --squash-all    : needed by 'tree' test in 070-build.bats
 podman rmi -f testimage &> /dev/null || true
-podman build --squash-all -t testimage .
+
+# We need to use buildah because (as of 2021-02-23) only buildah has --manifest
+# and because Dan says arch emulation is not currently working on podman
+# (no further details).
+# Arch emulation on Fedora requires the qemu-user-static package.
+for arch in amd64 ppc64le s390x;do
+    ${BUILDAH} bud \
+               --arch=$arch \
+               --build-arg ARCH=$arch \
+               --manifest=testimage \
+               --squash \
+               .
+done
 
 # Clean up
 cd /tmp
 rm -rf $tmpdir
 
-# Tag and push to quay.
-podman tag testimage quay.io/libpod/testimage:$YMD
-podman push quay.io/libpod/testimage:$YMD
+# Tag image and push (all arches) to quay.
+remote_tag=quay.io/libpod/testimage:$YMD
+podman tag testimage ${remote_tag}
+${BUILDAH} manifest push --all  ${remote_tag} docker://${remote_tag}
 
-# Side note: there should always be a testimage tagged ':00000000'
-# (eight zeroes) in the same location; this is used by tests which
-# need to pull a non-locally-cached image. This image will rarely
-# if ever need to change, nor in fact does it even have to be a
-# copy of this testimage since all we use it for is 'true'.
+# Side note: there should always be a testimage tagged ':0000000<X>'
+# (eight digits, zero-padded sequence ID) in the same location; this is
+# used by tests which need to pull a non-locally-cached image. This
+# image will rarely if ever need to change, nor in fact does it even
+# have to be a copy of this testimage since all we use it for is 'true'.
+# However, it does need to be multiarch :-(
 #
-# As of 2020-09-02 it is simply busybox, because it is super small:
+# As of 2021-02-24 it is simply busybox, because it is super small,
+# but it's complicated because of multiarch:
 #
-#    podman pull docker.io/library/busybox:1.32.0
-#    podman tag  docker.io/library/busybox:1.32.0 \
-#                quay.io/libpod/testimage:00000000
-#    podman push quay.io/libpod/testimage:00000000
+#    img=quay.io/libpod/testimage:00000001
+#    buildah manifest create $img
+#    for arch in amd64 ppc64le s390x;do
+#        buildah pull --arch $arch docker.io/$arch/busybox:1.32.0
+#        buildah manifest add $img docker.io/$arch/busybox:1.32.0
+#    done
+#    buildah manifest push --all $img docker://$img
 #
diff --git a/test/system/helpers.bash b/test/system/helpers.bash
index 0572c6866..38e317709 100644
--- a/test/system/helpers.bash
+++ b/test/system/helpers.bash
@@ -7,9 +7,14 @@ PODMAN=${PODMAN:-podman}
 PODMAN_TEST_IMAGE_REGISTRY=${PODMAN_TEST_IMAGE_REGISTRY:-"quay.io"}
 PODMAN_TEST_IMAGE_USER=${PODMAN_TEST_IMAGE_USER:-"libpod"}
 PODMAN_TEST_IMAGE_NAME=${PODMAN_TEST_IMAGE_NAME:-"testimage"}
-PODMAN_TEST_IMAGE_TAG=${PODMAN_TEST_IMAGE_TAG:-"20200929"}
+PODMAN_TEST_IMAGE_TAG=${PODMAN_TEST_IMAGE_TAG:-"20210223"}
 PODMAN_TEST_IMAGE_FQN="$PODMAN_TEST_IMAGE_REGISTRY/$PODMAN_TEST_IMAGE_USER/$PODMAN_TEST_IMAGE_NAME:$PODMAN_TEST_IMAGE_TAG"
 
+# Remote image that we *DO NOT* fetch or keep by default; used for testing pull
+# This changed from 0 to 1 on 2021-02-24 due to multiarch considerations; it
+# should change only very rarely.
+PODMAN_NONLOCAL_IMAGE_FQN="$PODMAN_TEST_IMAGE_REGISTRY/$PODMAN_TEST_IMAGE_USER/$PODMAN_TEST_IMAGE_NAME:00000001"
+
 # Because who wants to spell that out each time?
 IMAGE=$PODMAN_TEST_IMAGE_FQN
 
@@ -149,7 +154,7 @@ function run_podman() {
     echo "$_LOG_PROMPT $PODMAN $*"
     # BATS hangs if a subprocess remains and keeps FD 3 open; this happens
     # if podman crashes unexpectedly without cleaning up subprocesses.
-    run timeout --foreground -v --kill=10 $PODMAN_TIMEOUT $PODMAN "$@" 3>/dev/null
+    run timeout --foreground -v --kill=10 $PODMAN_TIMEOUT $PODMAN $_PODMAN_TEST_OPTS "$@" 3>/dev/null
     # without "quotes", multiple lines are glommed together into one
     if [ -n "$output" ]; then
         echo "$output"