From f6d00ea6ef977bbaf167d1187d1e4e43632f6b5c Mon Sep 17 00:00:00 2001
From: cdoern <cdoern@redhat.com>
Date: Sun, 21 Nov 2021 22:48:32 -0500
Subject: podman image scp never enter podman user NS

Podman image scp should never enter the Podman UserNS unless it needs to. This allows for
a sudo exec.Command to transfer images to and from rootful storage. If this command is run using sudo,
the simple sudo podman save/load does not work, machinectl/su is necessary here.

This modification allows for both rootful and rootless transfers, and an overall change of scp to be
more of a wrapper function for different load and save calls as well as the ssh component

Signed-off-by: cdoern <cdoern@redhat.com>
---
 test/system/120-load.bats       | 29 +++++++++++++++++++++++++++++
 test/system/520-checkpoint.bats |  2 +-
 test/system/helpers.bash        | 14 ++++++++++++++
 3 files changed, 44 insertions(+), 1 deletion(-)

(limited to 'test/system')

diff --git a/test/system/120-load.bats b/test/system/120-load.bats
index a5508b2f4..541095764 100644
--- a/test/system/120-load.bats
+++ b/test/system/120-load.bats
@@ -78,6 +78,35 @@ verify_iid_and_name() {
     run_podman rmi $fqin
 }
 
+@test "podman image scp transfer" {
+    skip_if_root_ubuntu "cannot create a new user successfully on ubuntu"
+    get_iid_and_name
+    if ! is_remote; then
+        if is_rootless; then
+            whoami=$(id -un)
+            run_podman image scp $whoami@localhost::$iid root@localhost::
+            if [ "$status" -ne 0 ]; then
+                die "Command failed: podman image scp transfer"
+            fi
+            whoami=$(id -un)
+            run_podman image scp -q $whoami@localhost::$iid root@localhost::
+            if [ "$status" -ne 0 ]; then
+                die "Command failed: podman image scp quiet transfer failed"
+            fi
+        fi
+        if ! is_rootless; then
+             id -u 1000 &>/dev/null || useradd -u 1000 -g 1000 testingUsr
+             if [ "$status" -ne 0 ]; then
+                die "Command failed: useradd 1000"
+             fi
+             run_podman image scp root@localhost::$iid 1000:1000@localhost::
+             if [ "$status" -ne 0 ]; then
+                 die "Command failed: podman image scp transfer"
+             fi
+        fi
+    fi
+}
+
 
 @test "podman load - by image ID" {
     # FIXME: how to build a simple archive instead?
diff --git a/test/system/520-checkpoint.bats b/test/system/520-checkpoint.bats
index 723a20cc4..046dfd126 100644
--- a/test/system/520-checkpoint.bats
+++ b/test/system/520-checkpoint.bats
@@ -11,7 +11,7 @@ function setup() {
     # TL;DR they keep fixing it then breaking it again. There's a test we
     # could run to see if it's fixed, but it's way too complicated. Since
     # integration tests also skip checkpoint tests on Ubuntu, do the same here.
-    if grep -qiw ubuntu /etc/os-release; then
+    if is_ubuntu; then
         skip "FIXME: checkpointing broken in Ubuntu 2004, 2104, 2110, ..."
     fi
 
diff --git a/test/system/helpers.bash b/test/system/helpers.bash
index 97b6db05c..2f36c2239 100644
--- a/test/system/helpers.bash
+++ b/test/system/helpers.bash
@@ -318,6 +318,10 @@ function wait_for_port() {
 # BEGIN miscellaneous tools
 
 # Shortcuts for common needs:
+function is_ubuntu() {
+    grep -qiw ubuntu /etc/os-release
+}
+
 function is_rootless() {
     [ "$(id -u)" -ne 0 ]
 }
@@ -449,6 +453,16 @@ function skip_if_journald_unavailable {
     fi
 }
 
+function skip_if_root_ubuntu {
+    if is_ubuntu; then
+        if ! is_remote; then
+            if ! is_rootless; then
+                 skip "Cannot run this test on rootful ubuntu, usually due to user errors"
+            fi
+        fi
+    fi
+}
+
 #########
 #  die  #  Abort with helpful message
 #########
-- 
cgit v1.2.3-54-g00ecf