aboutsummaryrefslogtreecommitdiff
path: root/test/system/330-corrupt-images.bats
blob: 9836de36301dd0e77d9fa719069891d077ef735a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
#!/usr/bin/env bats   -*- bats -*-
#
# All tests in here perform nasty manipulations on image storage.
#

load helpers

###############################################################################
# BEGIN setup/teardown

# Create a scratch directory; this is what we'll use for image store and cache
if [ -z "${PODMAN_CORRUPT_TEST_WORKDIR}" ]; then
    export PODMAN_CORRUPT_TEST_WORKDIR=$(mktemp -d --tmpdir=${BATS_TMPDIR:-${TMPDIR:-/tmp}} podman_corrupt_test.XXXXXX)
fi

PODMAN_CORRUPT_TEST_IMAGE_FQIN=quay.io/libpod/alpine@sha256:634a8f35b5f16dcf4aaa0822adc0b1964bb786fca12f6831de8ddc45e5986a00
PODMAN_CORRUPT_TEST_IMAGE_ID=961769676411f082461f9ef46626dd7a2d1e2b2a38e6a44364bcbecf51e66dd4

# All tests in this file (and ONLY in this file) run with a custom rootdir
function setup() {
    skip_if_remote "none of these tests run under podman-remote"
    _PODMAN_TEST_OPTS="--root ${PODMAN_CORRUPT_TEST_WORKDIR}/root"
}

function teardown() {
    # No other tests should ever run with this custom rootdir
    unset _PODMAN_TEST_OPTS

    is_remote && return

    # Clean up
    umount ${PODMAN_CORRUPT_TEST_WORKDIR}/root/overlay || true
    if is_rootless; then
        run_podman unshare rm -rf ${PODMAN_CORRUPT_TEST_WORKDIR}/root
    else
        rm -rf ${PODMAN_CORRUPT_TEST_WORKDIR}/root
    fi
}

# END   setup/teardown
###############################################################################
# BEGIN primary test helper

# This is our main action, invoked by every actual test. It:
#    - creates a new empty rootdir
#    - populates it with our crafted test image
#    - removes [ manifest, blob ]
#    - confirms that "podman images" throws an error
#    - runs the specified command (rmi -a -f, prune, reset, etc)
#    - confirms that it succeeds, and also emits expected warnings
function _corrupt_image_test() {
    # Run this test twice: once removing manifest, once removing blob
    for what_to_rm in manifest blob; do
        # I have no idea, but this sometimes remains mounted
        umount ${PODMAN_CORRUPT_TEST_WORKDIR}/root/overlay || true
        # Start with a fresh storage root, load prefetched image into it.
        /bin/rm -rf ${PODMAN_CORRUPT_TEST_WORKDIR}/root
        mkdir -p ${PODMAN_CORRUPT_TEST_WORKDIR}/root
        run_podman load -i ${PODMAN_CORRUPT_TEST_WORKDIR}/img.tar
        # "podman load" restores it without a tag, which (a) causes rmi-by-name
        # to fail, and (b) causes "podman images" to exit 0 instead of 125
        run_podman tag ${PODMAN_CORRUPT_TEST_IMAGE_ID} ${PODMAN_CORRUPT_TEST_IMAGE_FQIN}

        # shortcut variable name
        local id=${PODMAN_CORRUPT_TEST_IMAGE_ID}

        case "$what_to_rm" in
            manifest)  rm_path=manifest ;;
            blob)      rm_path="=$(echo -n "sha256:$id" | base64 -w0)" ;;
            *)         die "Internal error: unknown action '$what_to_rm'" ;;
        esac

        # Corruptify, and confirm that 'podman images' throws an error
        rm -v ${PODMAN_CORRUPT_TEST_WORKDIR}/root/*-images/$id/${rm_path}
        run_podman 125 images
        is "$output" "Error: error retrieving label for image \"$id\": you may need to remove the image to resolve the error"

        # Run the requested command. Confirm it succeeds, with suitable warnings
        run_podman $*
        is "$output" ".*error determining parent of image" \
           "$* with missing $what_to_rm"

        run_podman images -a --noheading
        is "$output" "" "podman images -a, after $*, is empty"
    done
}

# END   primary test helper
###############################################################################
# BEGIN first "test" does a one-time pull of our desired image

@test "podman corrupt images - initialize" {
    # Pull once, save cached copy.
    run_podman pull $PODMAN_CORRUPT_TEST_IMAGE_FQIN
    run_podman save -o ${PODMAN_CORRUPT_TEST_WORKDIR}/img.tar \
               $PODMAN_CORRUPT_TEST_IMAGE_FQIN
}

# END   first "test" does a one-time pull of our desired image
###############################################################################
# BEGIN actual tests

@test "podman corrupt images - rmi -f <image-id>" {
    _corrupt_image_test "rmi -f ${PODMAN_CORRUPT_TEST_IMAGE_ID}"
}

@test "podman corrupt images - rmi -f <image-name>" {
    _corrupt_image_test "rmi -f ${PODMAN_CORRUPT_TEST_IMAGE_FQIN}"
}

@test "podman corrupt images - rmi -f -a" {
    _corrupt_image_test "rmi -f -a"
}

@test "podman corrupt images - image prune" {
    _corrupt_image_test "image prune -a -f"
}

@test "podman corrupt images - system reset" {
    _corrupt_image_test "image prune -a -f"
}

# END   actual tests
###############################################################################
# BEGIN final cleanup

@test "podman corrupt images - cleanup" {
    rm -rf ${PODMAN_CORRUPT_TEST_WORKDIR}
}

# END   final cleanup
###############################################################################

# vim: filetype=sh