root
/
buildah
mirror of https://github.com/containers/buildah.git
1
0
Fork 0
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Rename $TESTSDIR (the plural one), step 4 of 3 

...rename $TESTDIR (the singular one) to $TEST_SCRATCH_DIR,
which is clearer but unfortunately longer

Signed-off-by: Ed Santiago <santiago@redhat.com>
This commit is contained in:
Ed Santiago 2022-04-26 09:09:11 -06:00
parent e347e88e02
commit 552d09b272
29 changed files with 819 additions and 819 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

120
tests/add.bats
View File

@ -14,8 +14,8 @@ load helpers
}
@test "add-local-plain" {
createrandom ${TESTDIR}/randomfile
createrandom ${TESTDIR}/other-randomfile
createrandom ${TEST_SCRATCH_DIR}/randomfile
createrandom ${TEST_SCRATCH_DIR}/other-randomfile
run_buildah from $WITH_POLICY_JSON scratch
cid=$output
@ -24,18 +24,18 @@ load helpers
mkdir $root/subdir $root/other-subdir
# Copy a file to the working directory
run_buildah config --workingdir=/ $cid
run_buildah add $cid ${TESTDIR}/randomfile
run_buildah add $cid ${TEST_SCRATCH_DIR}/randomfile
# Copy a file to a specific subdirectory
run_buildah add $cid ${TESTDIR}/randomfile /subdir
run_buildah add $cid ${TEST_SCRATCH_DIR}/randomfile /subdir
# Copy two files to a specific subdirectory
run_buildah add $cid ${TESTDIR}/randomfile ${TESTDIR}/other-randomfile /other-subdir
run_buildah add $cid ${TEST_SCRATCH_DIR}/randomfile ${TEST_SCRATCH_DIR}/other-randomfile /other-subdir
# Copy two files to a specific location, which succeeds because we can create it as a directory.
run_buildah add $cid ${TESTDIR}/randomfile ${TESTDIR}/other-randomfile /notthereyet-subdir
run_buildah add $cid ${TEST_SCRATCH_DIR}/randomfile ${TEST_SCRATCH_DIR}/other-randomfile /notthereyet-subdir
# Copy two files to a specific location, which fails because it's not a directory.
run_buildah 125 add $cid ${TESTDIR}/randomfile ${TESTDIR}/other-randomfile /randomfile
run_buildah 125 add $cid ${TEST_SCRATCH_DIR}/randomfile ${TEST_SCRATCH_DIR}/other-randomfile /randomfile
# Copy a file to a different working directory
run_buildah config --workingdir=/cwd $cid
run_buildah add $cid ${TESTDIR}/randomfile
run_buildah add $cid ${TEST_SCRATCH_DIR}/randomfile
run_buildah unmount $cid
run_buildah commit $WITH_POLICY_JSON $cid containers-storage:new-image
run_buildah rm $cid
@ -45,47 +45,47 @@ load helpers
run_buildah mount $newcid
newroot=$output
test -s $newroot/randomfile
cmp ${TESTDIR}/randomfile $newroot/randomfile
cmp ${TEST_SCRATCH_DIR}/randomfile $newroot/randomfile
test -s $newroot/subdir/randomfile
cmp ${TESTDIR}/randomfile $newroot/subdir/randomfile
cmp ${TEST_SCRATCH_DIR}/randomfile $newroot/subdir/randomfile
test -s $newroot/other-subdir/randomfile
cmp ${TESTDIR}/randomfile $newroot/other-subdir/randomfile
cmp ${TEST_SCRATCH_DIR}/randomfile $newroot/other-subdir/randomfile
test -s $newroot/other-subdir/other-randomfile
cmp ${TESTDIR}/other-randomfile $newroot/other-subdir/other-randomfile
cmp ${TEST_SCRATCH_DIR}/other-randomfile $newroot/other-subdir/other-randomfile
test -d $newroot/cwd
test -s $newroot/cwd/randomfile
cmp ${TESTDIR}/randomfile $newroot/cwd/randomfile
cmp ${TEST_SCRATCH_DIR}/randomfile $newroot/cwd/randomfile
run_buildah rm $newcid
}
@test "add-local-archive" {
createrandom ${TESTDIR}/randomfile
createrandom ${TESTDIR}/other-randomfile
createrandom ${TEST_SCRATCH_DIR}/randomfile
createrandom ${TEST_SCRATCH_DIR}/other-randomfile
run_buildah from $WITH_POLICY_JSON scratch
cid=$output
dd if=/dev/urandom bs=1024 count=4 of=${TESTDIR}/random1
dd if=/dev/urandom bs=1024 count=4 of=${TESTDIR}/random2
tar -c -C ${TESTDIR} -f ${TESTDIR}/tarball1.tar random1 random2
mkdir ${TESTDIR}/tarball2
dd if=/dev/urandom bs=1024 count=4 of=${TESTDIR}/tarball2/tarball2.random1
dd if=/dev/urandom bs=1024 count=4 of=${TESTDIR}/tarball2/tarball2.random2
tar -c -C ${TESTDIR} -z -f ${TESTDIR}/tarball2.tar.gz tarball2
mkdir ${TESTDIR}/tarball3
dd if=/dev/urandom bs=1024 count=4 of=${TESTDIR}/tarball3/tarball3.random1
dd if=/dev/urandom bs=1024 count=4 of=${TESTDIR}/tarball3/tarball3.random2
tar -c -C ${TESTDIR} -j -f ${TESTDIR}/tarball3.tar.bz2 tarball3
mkdir ${TESTDIR}/tarball4
dd if=/dev/urandom bs=1024 count=4 of=${TESTDIR}/tarball4/tarball4.random1
dd if=/dev/urandom bs=1024 count=4 of=${TESTDIR}/tarball4/tarball4.random2
tar -c -C ${TESTDIR} -j -f ${TESTDIR}/tarball4.tar.bz2 tarball4
dd if=/dev/urandom bs=1024 count=4 of=${TEST_SCRATCH_DIR}/random1
dd if=/dev/urandom bs=1024 count=4 of=${TEST_SCRATCH_DIR}/random2
tar -c -C ${TEST_SCRATCH_DIR} -f ${TEST_SCRATCH_DIR}/tarball1.tar random1 random2
mkdir ${TEST_SCRATCH_DIR}/tarball2
dd if=/dev/urandom bs=1024 count=4 of=${TEST_SCRATCH_DIR}/tarball2/tarball2.random1
dd if=/dev/urandom bs=1024 count=4 of=${TEST_SCRATCH_DIR}/tarball2/tarball2.random2
tar -c -C ${TEST_SCRATCH_DIR} -z -f ${TEST_SCRATCH_DIR}/tarball2.tar.gz tarball2
mkdir ${TEST_SCRATCH_DIR}/tarball3
dd if=/dev/urandom bs=1024 count=4 of=${TEST_SCRATCH_DIR}/tarball3/tarball3.random1
dd if=/dev/urandom bs=1024 count=4 of=${TEST_SCRATCH_DIR}/tarball3/tarball3.random2
tar -c -C ${TEST_SCRATCH_DIR} -j -f ${TEST_SCRATCH_DIR}/tarball3.tar.bz2 tarball3
mkdir ${TEST_SCRATCH_DIR}/tarball4
dd if=/dev/urandom bs=1024 count=4 of=${TEST_SCRATCH_DIR}/tarball4/tarball4.random1
dd if=/dev/urandom bs=1024 count=4 of=${TEST_SCRATCH_DIR}/tarball4/tarball4.random2
tar -c -C ${TEST_SCRATCH_DIR} -j -f ${TEST_SCRATCH_DIR}/tarball4.tar.bz2 tarball4
# Add the files to the working directory, which should extract them all.
run_buildah config --workingdir=/ $cid
run_buildah add $cid ${TESTDIR}/tarball1.tar
run_buildah add $cid ${TESTDIR}/tarball2.tar.gz
run_buildah add $cid ${TESTDIR}/tarball3.tar.bz2
run_buildah add $cid ${TESTDIR}/tarball4.tar.bz2
run_buildah add $cid ${TEST_SCRATCH_DIR}/tarball1.tar
run_buildah add $cid ${TEST_SCRATCH_DIR}/tarball2.tar.gz
run_buildah add $cid ${TEST_SCRATCH_DIR}/tarball3.tar.bz2
run_buildah add $cid ${TEST_SCRATCH_DIR}/tarball4.tar.bz2
run_buildah commit $WITH_POLICY_JSON $cid containers-storage:new-image
run_buildah rm $cid
@ -94,32 +94,32 @@ load helpers
run_buildah mount $newcid
newroot=$output
test -s $newroot/random1
cmp ${TESTDIR}/random1 $newroot/random1
cmp ${TEST_SCRATCH_DIR}/random1 $newroot/random1
test -s $newroot/random2
cmp ${TESTDIR}/random2 $newroot/random2
cmp ${TEST_SCRATCH_DIR}/random2 $newroot/random2
test -s $newroot/tarball2/tarball2.random1
cmp ${TESTDIR}/tarball2/tarball2.random1 $newroot/tarball2/tarball2.random1
cmp ${TEST_SCRATCH_DIR}/tarball2/tarball2.random1 $newroot/tarball2/tarball2.random1
test -s $newroot/tarball2/tarball2.random2
cmp ${TESTDIR}/tarball2/tarball2.random2 $newroot/tarball2/tarball2.random2
cmp ${TEST_SCRATCH_DIR}/tarball2/tarball2.random2 $newroot/tarball2/tarball2.random2
test -s $newroot/tarball3/tarball3.random1
cmp ${TESTDIR}/tarball3/tarball3.random1 $newroot/tarball3/tarball3.random1
cmp ${TEST_SCRATCH_DIR}/tarball3/tarball3.random1 $newroot/tarball3/tarball3.random1
test -s $newroot/tarball3/tarball3.random2
cmp ${TESTDIR}/tarball3/tarball3.random2 $newroot/tarball3/tarball3.random2
cmp ${TEST_SCRATCH_DIR}/tarball3/tarball3.random2 $newroot/tarball3/tarball3.random2
test -s $newroot/tarball4/tarball4.random1
cmp ${TESTDIR}/tarball4/tarball4.random1 $newroot/tarball4/tarball4.random1
cmp ${TEST_SCRATCH_DIR}/tarball4/tarball4.random1 $newroot/tarball4/tarball4.random1
test -s $newroot/tarball4/tarball4.random2
cmp ${TESTDIR}/tarball4/tarball4.random2 $newroot/tarball4/tarball4.random2
cmp ${TEST_SCRATCH_DIR}/tarball4/tarball4.random2 $newroot/tarball4/tarball4.random2
}
@test "add single file creates absolute path with correct permissions" {
_prefetch ubuntu
imgName=ubuntu-image
createrandom ${TESTDIR}/distutils.cfg
permission=$(stat -c "%a" ${TESTDIR}/distutils.cfg)
createrandom ${TEST_SCRATCH_DIR}/distutils.cfg
permission=$(stat -c "%a" ${TEST_SCRATCH_DIR}/distutils.cfg)
run_buildah from --quiet $WITH_POLICY_JSON ubuntu
cid=$output
run_buildah add $cid ${TESTDIR}/distutils.cfg /usr/lib/python3.7/distutils
run_buildah add $cid ${TEST_SCRATCH_DIR}/distutils.cfg /usr/lib/python3.7/distutils
run_buildah run $cid stat -c "%a" /usr/lib/python3.7/distutils
expect_output $permission
run_buildah commit $WITH_POLICY_JSON $cid containers-storage:${imgName}
@ -134,12 +134,12 @@ load helpers
@test "add single file creates relative path with correct permissions" {
_prefetch ubuntu
imgName=ubuntu-image
createrandom ${TESTDIR}/distutils.cfg
permission=$(stat -c "%a" ${TESTDIR}/distutils.cfg)
createrandom ${TEST_SCRATCH_DIR}/distutils.cfg
permission=$(stat -c "%a" ${TEST_SCRATCH_DIR}/distutils.cfg)
run_buildah from --quiet $WITH_POLICY_JSON ubuntu
cid=$output
run_buildah add $cid ${TESTDIR}/distutils.cfg lib/custom
run_buildah add $cid ${TEST_SCRATCH_DIR}/distutils.cfg lib/custom
run_buildah run $cid stat -c "%a" lib/custom
expect_output $permission
run_buildah commit $WITH_POLICY_JSON $cid containers-storage:${imgName}
@ -153,10 +153,10 @@ load helpers
@test "add with chown" {
_prefetch busybox
createrandom ${TESTDIR}/randomfile
createrandom ${TEST_SCRATCH_DIR}/randomfile
run_buildah from --quiet $WITH_POLICY_JSON busybox
cid=$output
run_buildah add --chown bin:bin $cid ${TESTDIR}/randomfile /tmp/random
run_buildah add --chown bin:bin $cid ${TEST_SCRATCH_DIR}/randomfile /tmp/random
run_buildah run $cid ls -l /tmp/random
expect_output --substring bin.*bin
@ -164,10 +164,10 @@ load helpers
@test "add with chmod" {
_prefetch busybox
createrandom ${TESTDIR}/randomfile
createrandom ${TEST_SCRATCH_DIR}/randomfile
run_buildah from --quiet $WITH_POLICY_JSON busybox
cid=$output
run_buildah add --chmod 777 $cid ${TESTDIR}/randomfile /tmp/random
run_buildah add --chmod 777 $cid ${TEST_SCRATCH_DIR}/randomfile /tmp/random
run_buildah run $cid ls -l /tmp/random
expect_output --substring rwxrwxrwx
@ -201,7 +201,7 @@ load helpers
}
@test "add --ignorefile" {
mytest=${TESTDIR}/mytest
mytest=${TEST_SCRATCH_DIR}/mytest
mkdir -p ${mytest}
touch ${mytest}/mystuff
touch ${mytest}/source.go
@ -235,24 +235,24 @@ stuff/mystuff"
@test "add quietly" {
_prefetch busybox
createrandom ${TESTDIR}/randomfile
createrandom ${TEST_SCRATCH_DIR}/randomfile
run_buildah from --quiet $WITH_POLICY_JSON busybox
cid=$output
run_buildah add --quiet $cid ${TESTDIR}/randomfile /tmp/random
run_buildah add --quiet $cid ${TEST_SCRATCH_DIR}/randomfile /tmp/random
expect_output ""
run_buildah mount $cid
croot=$output
cmp ${TESTDIR}/randomfile ${croot}/tmp/random
cmp ${TEST_SCRATCH_DIR}/randomfile ${croot}/tmp/random
}
@test "add from container" {
_prefetch busybox
createrandom ${TESTDIR}/randomfile
createrandom ${TEST_SCRATCH_DIR}/randomfile
run_buildah from --quiet $WITH_POLICY_JSON busybox
from=$output
run_buildah from --quiet $WITH_POLICY_JSON busybox
cid=$output
run_buildah add --quiet $from ${TESTDIR}/randomfile /tmp/random
run_buildah add --quiet $from ${TEST_SCRATCH_DIR}/randomfile /tmp/random
expect_output ""
run_buildah add --quiet $WITH_POLICY_JSON --from $from $cid /tmp/random /tmp/random # absolute path
expect_output ""
@ -260,8 +260,8 @@ stuff/mystuff"
expect_output ""
run_buildah mount $cid
croot=$output
cmp ${TESTDIR}/randomfile ${croot}/tmp/random
cmp ${TESTDIR}/randomfile ${croot}/tmp/random2
cmp ${TEST_SCRATCH_DIR}/randomfile ${croot}/tmp/random
cmp ${TEST_SCRATCH_DIR}/randomfile ${croot}/tmp/random2
}
@test "add from image" {

8
tests/authenticate.bats
View File

@ -60,8 +60,8 @@ load helpers
expect_output --from="${lines[-1]}" "my-alpine-work-ctr"
# Create Dockerfile for bud tests
mkdir -p ${TESTDIR}/dockerdir
DOCKERFILE=${TESTDIR}/dockerdir/Dockerfile
mkdir -p ${TEST_SCRATCH_DIR}/dockerdir
DOCKERFILE=${TEST_SCRATCH_DIR}/dockerdir/Dockerfile
/bin/cat <<EOM >$DOCKERFILE
FROM localhost:$REGISTRY_PORT/my-alpine
EOM
@ -105,8 +105,8 @@ EOM
run_buildah commit $WITH_POLICY_JSON --cert-dir=$REGISTRY_DIR --tls-verify=true --creds=testuser:testpassword $cid docker://localhost:$REGISTRY_PORT/my-alpine
# Create Dockerfile for bud tests
mkdir -p ${TESTDIR}/dockerdir
DOCKERFILE=${TESTDIR}/dockerdir/Dockerfile
mkdir -p ${TEST_SCRATCH_DIR}/dockerdir
DOCKERFILE=${TEST_SCRATCH_DIR}/dockerdir/Dockerfile
/bin/cat <<EOM >$DOCKERFILE
FROM localhost:$REGISTRY_PORT/my-alpine
RUN rm testfile

26
tests/basic.bats
View File

@ -58,17 +58,17 @@ load helpers
}
@test "commit" {
createrandom ${TESTDIR}/randomfile
createrandom ${TESTDIR}/other-randomfile
createrandom ${TEST_SCRATCH_DIR}/randomfile
createrandom ${TEST_SCRATCH_DIR}/other-randomfile
run_buildah from $WITH_POLICY_JSON scratch
cid=$output
run_buildah mount $cid
root=$output
cp ${TESTDIR}/randomfile $root/randomfile
cp ${TEST_SCRATCH_DIR}/randomfile $root/randomfile
run_buildah unmount $cid
run_buildah commit --iidfile ${TESTDIR}/output.iid $WITH_POLICY_JSON $cid containers-storage:new-image
iid=$(< ${TESTDIR}/output.iid)
run_buildah commit --iidfile ${TEST_SCRATCH_DIR}/output.iid $WITH_POLICY_JSON $cid containers-storage:new-image
iid=$(< ${TEST_SCRATCH_DIR}/output.iid)
assert "$iid" =~ "sha256:[0-9a-f]{64}"
run_buildah rmi $iid
run_buildah commit $WITH_POLICY_JSON $cid containers-storage:new-image
@ -78,8 +78,8 @@ load helpers
run_buildah mount $newcid
newroot=$output
test -s $newroot/randomfile
cmp ${TESTDIR}/randomfile $newroot/randomfile
cp ${TESTDIR}/other-randomfile $newroot/other-randomfile
cmp ${TEST_SCRATCH_DIR}/randomfile $newroot/randomfile
cp ${TEST_SCRATCH_DIR}/other-randomfile $newroot/other-randomfile
run_buildah commit $WITH_POLICY_JSON $newcid containers-storage:other-new-image
# Not an allowed ordering of arguments and flags. Check that it's rejected.
run_buildah 125 commit $newcid $WITH_POLICY_JSON containers-storage:rejected-new-image
@ -94,9 +94,9 @@ load helpers
run_buildah mount $othernewcid
othernewroot=$output
test -s $othernewroot/randomfile
cmp ${TESTDIR}/randomfile $othernewroot/randomfile
cmp ${TEST_SCRATCH_DIR}/randomfile $othernewroot/randomfile
test -s $othernewroot/other-randomfile
cmp ${TESTDIR}/other-randomfile $othernewroot/other-randomfile
cmp ${TEST_SCRATCH_DIR}/other-randomfile $othernewroot/other-randomfile
run_buildah rm $othernewcid
run_buildah from --quiet $WITH_POLICY_JSON another-new-image
@ -104,9 +104,9 @@ load helpers
run_buildah mount $anothernewcid
anothernewroot=$output
test -s $anothernewroot/randomfile
cmp ${TESTDIR}/randomfile $anothernewroot/randomfile
cmp ${TEST_SCRATCH_DIR}/randomfile $anothernewroot/randomfile
test -s $anothernewroot/other-randomfile
cmp ${TESTDIR}/other-randomfile $anothernewroot/other-randomfile
cmp ${TEST_SCRATCH_DIR}/other-randomfile $anothernewroot/other-randomfile
run_buildah rm $anothernewcid
run_buildah from --quiet $WITH_POLICY_JSON yet-another-new-image
@ -114,9 +114,9 @@ load helpers
run_buildah mount $yetanothernewcid
yetanothernewroot=$output
test -s $yetanothernewroot/randomfile
cmp ${TESTDIR}/randomfile $yetanothernewroot/randomfile
cmp ${TEST_SCRATCH_DIR}/randomfile $yetanothernewroot/randomfile
test -s $yetanothernewroot/other-randomfile
cmp ${TESTDIR}/other-randomfile $yetanothernewroot/other-randomfile
cmp ${TEST_SCRATCH_DIR}/other-randomfile $yetanothernewroot/other-randomfile
run_buildah delete $yetanothernewcid
run_buildah from --quiet $WITH_POLICY_JSON new-image

32
tests/blobcache.bats
View File

@ -3,7 +3,7 @@
load helpers
@test "blobcache-pull" {
blobcachedir=${TESTDIR}/cache
blobcachedir=${TEST_SCRATCH_DIR}/cache
mkdir -p ${blobcachedir}
# Pull an image using a fresh directory for the blob cache.
run_buildah pull --blob-cache=${blobcachedir} $WITH_POLICY_JSON k8s.gcr.io/pause
@ -15,7 +15,7 @@ load helpers
}
@test "blobcache-from" {
blobcachedir=${TESTDIR}/cache
blobcachedir=${TEST_SCRATCH_DIR}/cache
mkdir -p ${blobcachedir}
# Pull an image using a fresh directory for the blob cache.
run_buildah from --blob-cache=${blobcachedir} $WITH_POLICY_JSON k8s.gcr.io/pause
@ -56,7 +56,7 @@ function _check_matches() {
}
@test "blobcache-commit" {
blobcachedir=${TESTDIR}/cache
blobcachedir=${TEST_SCRATCH_DIR}/cache
mkdir -p ${blobcachedir}
# Pull an image using a fresh directory for the blob cache.
run_buildah from --quiet --blob-cache=${blobcachedir} $WITH_POLICY_JSON k8s.gcr.io/pause
@ -64,7 +64,7 @@ function _check_matches() {
run_buildah add ${ctr} $BUDFILES/add-file/file /
# Commit the image without using the blob cache, using compression so that uncompressed blobs
# in the cache which we inherited from our base image won't be matched.
doomeddir=${TESTDIR}/doomed
doomeddir=${TEST_SCRATCH_DIR}/doomed
mkdir -p ${doomeddir}
run_buildah commit $WITH_POLICY_JSON --disable-compression=false ${ctr} dir:${doomeddir}
_check_matches $doomeddir $blobcachedir \
@ -74,7 +74,7 @@ function _check_matches() {
# Commit the image using the blob cache, again using compression. We'll have recorded the
# compressed digests that match the uncompressed digests the last time around, so we should
# get some matches this time.
destdir=${TESTDIR}/dest
destdir=${TEST_SCRATCH_DIR}/dest
mkdir -p ${destdir}
ls -l ${blobcachedir}
run_buildah commit $WITH_POLICY_JSON --blob-cache=${blobcachedir} --disable-compression=false ${ctr} dir:${destdir}
@ -85,7 +85,7 @@ function _check_matches() {
@test "blobcache-push" {
target=targetimage
blobcachedir=${TESTDIR}/cache
blobcachedir=${TEST_SCRATCH_DIR}/cache
mkdir -p ${blobcachedir}
# Pull an image using a fresh directory for the blob cache.
run_buildah from --quiet --blob-cache=${blobcachedir} $WITH_POLICY_JSON k8s.gcr.io/pause
@ -95,7 +95,7 @@ function _check_matches() {
ls -l ${blobcachedir}
run_buildah commit $WITH_POLICY_JSON --blob-cache=${blobcachedir} --disable-compression=false ${ctr} ${target}
# Try to push the image without the blob cache.
doomeddir=${TESTDIR}/doomed
doomeddir=${TEST_SCRATCH_DIR}/doomed
mkdir -p ${doomeddir}
ls -l ${blobcachedir}
run_buildah push $WITH_POLICY_JSON ${target} dir:${doomeddir}
@ -104,7 +104,7 @@ function _check_matches() {
4 "version, manifest, base layers"
# Now try to push the image using the blob cache.
destdir=${TESTDIR}/dest
destdir=${TEST_SCRATCH_DIR}/dest
mkdir -p ${destdir}
ls -l ${blobcachedir}
@ -115,7 +115,7 @@ function _check_matches() {
}
@test "blobcache-build-compressed-using-dockerfile-explicit-push" {
blobcachedir=${TESTDIR}/cache
blobcachedir=${TEST_SCRATCH_DIR}/cache
mkdir -p ${blobcachedir}
target=new-image
# Build an image while pulling the base image. Compress the layers so that they get added
@ -125,7 +125,7 @@ function _check_matches() {
# compressed version of a blob if it's been told that we want to compress things, so
# we also request compression here to avoid having the copy logic just compress the
# uncompressed copy again.
destdir=${TESTDIR}/dest
destdir=${TEST_SCRATCH_DIR}/dest
mkdir -p ${destdir}
run_buildah push $WITH_POLICY_JSON --blob-cache=${blobcachedir} --disable-compression=false ${target} dir:${destdir}
_check_matches $destdir $blobcachedir \
@ -134,13 +134,13 @@ function _check_matches() {
}
@test "blobcache-build-uncompressed-using-dockerfile-explicit-push" {
blobcachedir=${TESTDIR}/cache
blobcachedir=${TEST_SCRATCH_DIR}/cache
mkdir -p ${blobcachedir}
target=new-image
# Build an image while pulling the base image.
run_buildah build-using-dockerfile -t ${target} -D --pull-always --blob-cache=${blobcachedir} $WITH_POLICY_JSON $BUDFILES/add-file
# Now try to push the image using the blob cache.
destdir=${TESTDIR}/dest
destdir=${TEST_SCRATCH_DIR}/dest
mkdir -p ${destdir}
run_buildah push $WITH_POLICY_JSON --blob-cache=${blobcachedir} ${target} dir:${destdir}
_check_matches $destdir $blobcachedir \
@ -149,10 +149,10 @@ function _check_matches() {
}
@test "blobcache-build-compressed-using-dockerfile-implicit-push" {
blobcachedir=${TESTDIR}/cache
blobcachedir=${TEST_SCRATCH_DIR}/cache
mkdir -p ${blobcachedir}
target=new-image
destdir=${TESTDIR}/dest
destdir=${TEST_SCRATCH_DIR}/dest
mkdir -p ${destdir}
# Build an image while pulling the base image, implicitly pushing while writing.
run_buildah build-using-dockerfile -t dir:${destdir} --pull-always --blob-cache=${blobcachedir} $WITH_POLICY_JSON $BUDFILES/add-file
@ -162,10 +162,10 @@ function _check_matches() {
}
@test "blobcache-build-uncompressed-using-dockerfile-implicit-push" {
blobcachedir=${TESTDIR}/cache
blobcachedir=${TEST_SCRATCH_DIR}/cache
mkdir -p ${blobcachedir}
target=new-image
destdir=${TESTDIR}/dest
destdir=${TEST_SCRATCH_DIR}/dest
mkdir -p ${destdir}
# Build an image while pulling the base image, implicitly pushing while writing.
run_buildah build-using-dockerfile -t dir:${destdir} -D --pull-always --blob-cache=${blobcachedir} $WITH_POLICY_JSON $BUDFILES/add-file

460
tests/bud.bats
View File

File diff suppressed because it is too large Load Diff

2
tests/bud_overlay_leaks.bats
View File

@ -11,7 +11,7 @@ load helpers
run_buildah 125 --storage-driver=overlay bud $WITH_POLICY_JSON -t ${target} --pull-never $BUDFILES/pull
expect_output --substring "image not known"
leftover=$(mount | grep $TESTDIR | cat)
leftover=$(mount | grep $TEST_SCRATCH_DIR | cat)
if [ -n "$leftover" ]; then
die "buildah leaked a mount on error: $leftover"
fi

2
tests/byid.bats
View File

@ -61,7 +61,7 @@ load helpers
echo pulling/pushing image $image
_prefetch $image
TARGET=${TESTDIR}/subdir-$(basename $image)
TARGET=${TEST_SCRATCH_DIR}/subdir-$(basename $image)
mkdir -p $TARGET $TARGET-truncated
# Pull down the image, if we have to.

34
tests/commit.bats
View File

@ -85,9 +85,9 @@ load helpers
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
cid=$output
echo COMMIT
run_buildah commit $WITH_POLICY_JSON $cid "containers-storage:[vfs@${TESTDIR}/root2+${TESTDIR}/runroot2]newimage"
run_buildah commit $WITH_POLICY_JSON $cid "containers-storage:[vfs@${TEST_SCRATCH_DIR}/root2+${TEST_SCRATCH_DIR}/runroot2]newimage"
echo FROM
run_buildah --storage-driver vfs --root ${TESTDIR}/root2 --runroot ${TESTDIR}/runroot2 from $WITH_POLICY_JSON newimage
run_buildah --storage-driver vfs --root ${TEST_SCRATCH_DIR}/root2 --runroot ${TEST_SCRATCH_DIR}/runroot2 from $WITH_POLICY_JSON newimage
}
@test "commit-rejected-name" {
@ -207,28 +207,28 @@ load helpers
@test "commit encrypted local oci image" {
skip_if_rootless_environment
_prefetch busybox
mkdir ${TESTDIR}/tmp
openssl genrsa -out ${TESTDIR}/tmp/mykey.pem 1024
openssl rsa -in ${TESTDIR}/tmp/mykey.pem -pubout > ${TESTDIR}/tmp/mykey.pub
mkdir ${TEST_SCRATCH_DIR}/tmp
openssl genrsa -out ${TEST_SCRATCH_DIR}/tmp/mykey.pem 1024
openssl rsa -in ${TEST_SCRATCH_DIR}/tmp/mykey.pem -pubout > ${TEST_SCRATCH_DIR}/tmp/mykey.pub
run_buildah from --quiet --pull=false $WITH_POLICY_JSON busybox
cid=$output
run_buildah commit --iidfile /dev/null $WITH_POLICY_JSON --encryption-key jwe:${TESTDIR}/tmp/mykey.pub -q $cid oci:${TESTDIR}/tmp/busybox_enc
imgtype -show-manifest oci:${TESTDIR}/tmp/busybox_enc | grep "+encrypted"
rm -rf ${TESTDIR}/tmp
run_buildah commit --iidfile /dev/null $WITH_POLICY_JSON --encryption-key jwe:${TEST_SCRATCH_DIR}/tmp/mykey.pub -q $cid oci:${TEST_SCRATCH_DIR}/tmp/busybox_enc
imgtype -show-manifest oci:${TEST_SCRATCH_DIR}/tmp/busybox_enc | grep "+encrypted"
rm -rf ${TEST_SCRATCH_DIR}/tmp
}
@test "commit oci encrypt to registry" {
_prefetch busybox
mkdir ${TESTDIR}/tmp
openssl genrsa -out ${TESTDIR}/tmp/mykey.pem 1024
openssl rsa -in ${TESTDIR}/tmp/mykey.pem -pubout > ${TESTDIR}/tmp/mykey.pub
mkdir ${TEST_SCRATCH_DIR}/tmp
openssl genrsa -out ${TEST_SCRATCH_DIR}/tmp/mykey.pem 1024
openssl rsa -in ${TEST_SCRATCH_DIR}/tmp/mykey.pem -pubout > ${TEST_SCRATCH_DIR}/tmp/mykey.pub
start_registry
run_buildah from --quiet --pull=false $WITH_POLICY_JSON busybox
cid=$output
run_buildah commit --iidfile /dev/null --tls-verify=false --creds testuser:testpassword $WITH_POLICY_JSON --encryption-key jwe:${TESTDIR}/tmp/mykey.pub -q $cid docker://localhost:${REGISTRY_PORT}/buildah/busybox_encrypted:latest
run_buildah commit --iidfile /dev/null --tls-verify=false --creds testuser:testpassword $WITH_POLICY_JSON --encryption-key jwe:${TEST_SCRATCH_DIR}/tmp/mykey.pub -q $cid docker://localhost:${REGISTRY_PORT}/buildah/busybox_encrypted:latest
# this test, just checks the ability to commit an image to a registry
# there is no good way to test the details of the image unless with ./buildah pull, test will be in pull.bats
rm -rf ${TESTDIR}/tmp
rm -rf ${TEST_SCRATCH_DIR}/tmp
}
@test "commit omit-timestamp" {
@ -248,7 +248,7 @@ load helpers
run_buildah run $cid ls -l /test
expect_output --substring "1970"
rm -rf ${TESTDIR}/tmp
rm -rf ${TEST_SCRATCH_DIR}/tmp
}
@test "commit timestamp" {
@ -268,7 +268,7 @@ load helpers
run_buildah run $cid ls -l /test
expect_output --substring "1970"
rm -rf ${TESTDIR}/tmp
rm -rf ${TEST_SCRATCH_DIR}/tmp
}
@test "commit with authfile" {
@ -278,7 +278,7 @@ load helpers
run_buildah run $cid touch /test
start_registry
run_buildah login --authfile ${TESTDIR}/test.auth --username testuser --password testpassword --tls-verify=false localhost:${REGISTRY_PORT}
run_buildah commit --authfile ${TESTDIR}/test.auth $WITH_POLICY_JSON --tls-verify=false $cid docker://localhost:${REGISTRY_PORT}/buildah/my-busybox
run_buildah login --authfile ${TEST_SCRATCH_DIR}/test.auth --username testuser --password testpassword --tls-verify=false localhost:${REGISTRY_PORT}
run_buildah commit --authfile ${TEST_SCRATCH_DIR}/test.auth $WITH_POLICY_JSON --tls-verify=false $cid docker://localhost:${REGISTRY_PORT}/buildah/my-busybox
expect_output --substring "Writing manifest to image destination"
}

2
tests/config.bats
View File

@ -299,7 +299,7 @@ function check_matrix() {
@test "docker formatted builds must inherit healthcheck from base image" {
_prefetch busybox
ctxdir=${TESTDIR}/bud
ctxdir=${TEST_SCRATCH_DIR}/bud
mkdir -p $ctxdir
cat >$ctxdir/Dockerfile <<EOF
FROM busybox

2
tests/containers.bats
View File

@ -74,7 +74,7 @@ load helpers
_prefetch alpine busybox
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
podman create --root ${TESTDIR}/root --storage-driver ${STORAGE_DRIVER} --net=host busybox ls
podman create --root ${TEST_SCRATCH_DIR}/root --storage-driver ${STORAGE_DRIVER} --net=host busybox ls
run_buildah containers
expect_line_count 2
run_buildah containers -a

24
tests/containers_conf.bats
View File

@ -15,9 +15,9 @@ load helpers
run_buildah rm $cid
sed "s/^label = true/label = false/g" ${TEST_SOURCES}/containers.conf > ${TESTDIR}/containers.conf
sed "s/^label = true/label = false/g" ${TEST_SOURCES}/containers.conf > ${TEST_SCRATCH_DIR}/containers.conf
cid=$(buildah from $WITH_POLICY_JSON alpine)
CONTAINERS_CONF=${TESTDIR}/containers.conf run_buildah 1 --log-level=error run $cid sh -c "cat /proc/self/attr/current | grep container_t"
CONTAINERS_CONF=${TEST_SCRATCH_DIR}/containers.conf run_buildah 1 --log-level=error run $cid sh -c "cat /proc/self/attr/current | grep container_t"
}
@test "containers.conf ulimit test" {
@ -46,11 +46,11 @@ load helpers
CONTAINERS_CONF=$CONTAINERS_CONF run_buildah 1 --log-level=error run $cid ls /dev/foo1
run_buildah rm $cid
sed '/^devices.*/a "\/dev\/foo:\/dev\/foo1:rmw",' ${TEST_SOURCES}/containers.conf > ${TESTDIR}/containers.conf
sed '/^devices.*/a "\/dev\/foo:\/dev\/foo1:rmw",' ${TEST_SOURCES}/containers.conf > ${TEST_SCRATCH_DIR}/containers.conf
rm -f /dev/foo; mknod /dev/foo c 1 1
CONTAINERS_CONF=${TESTDIR}/containers.conf run_buildah from --quiet $WITH_POLICY_JSON alpine
CONTAINERS_CONF=${TEST_SCRATCH_DIR}/containers.conf run_buildah from --quiet $WITH_POLICY_JSON alpine
cid="$output"
CONTAINERS_CONF=${TESTDIR}/containers.conf run_buildah --log-level=error run $cid ls /dev/foo1
CONTAINERS_CONF=${TEST_SCRATCH_DIR}/containers.conf run_buildah --log-level=error run $cid ls /dev/foo1
rm -f /dev/foo
}
@ -64,11 +64,11 @@ load helpers
expect_output "00000000a80425fb"
run_buildah rm $cid
sed "/AUDIT_WRITE/d" ${TEST_SOURCES}/containers.conf > ${TESTDIR}/containers.conf
CONTAINERS_CONF=${TESTDIR}/containers.conf run_buildah from --quiet $WITH_POLICY_JSON alpine
sed "/AUDIT_WRITE/d" ${TEST_SOURCES}/containers.conf > ${TEST_SCRATCH_DIR}/containers.conf
CONTAINERS_CONF=${TEST_SCRATCH_DIR}/containers.conf run_buildah from --quiet $WITH_POLICY_JSON alpine
cid="$output"
CONTAINERS_CONF=${TESTDIR}/containers.conf run_buildah --log-level=error run $cid sh -c 'grep CapEff /proc/self/status | cut -f2'
CONTAINERS_CONF=${TEST_SCRATCH_DIR}/containers.conf run_buildah --log-level=error run $cid sh -c 'grep CapEff /proc/self/status | cut -f2'
run_buildah rm $cid
test "$output" != "$CapEff"
@ -93,16 +93,16 @@ load helpers
test -x /usr/bin/crun || skip "/usr/bin/crun doesn't exist"
ln -s /usr/bin/crun ${TESTDIR}/runtime
ln -s /usr/bin/crun ${TEST_SCRATCH_DIR}/runtime
cat >${TESTDIR}/containers.conf << EOF
cat >${TEST_SCRATCH_DIR}/containers.conf << EOF
[engine]
runtime = "nonstandard_runtime_name"
[engine.runtimes]
nonstandard_runtime_name = ["${TESTDIR}/runtime"]
nonstandard_runtime_name = ["${TEST_SCRATCH_DIR}/runtime"]
EOF
_prefetch alpine
cid=$(buildah from $WITH_POLICY_JSON alpine)
CONTAINERS_CONF=${TESTDIR}/containers.conf run_buildah --log-level=error run $cid true
CONTAINERS_CONF=${TEST_SCRATCH_DIR}/containers.conf run_buildah --log-level=error run $cid true
}

206
tests/copy.bats
View File

@ -14,23 +14,23 @@ load helpers
}
@test "copy-local-multiple" {
createrandom ${TESTDIR}/randomfile
createrandom ${TESTDIR}/other-randomfile
createrandom ${TESTDIR}/third-randomfile
createrandom ${TEST_SCRATCH_DIR}/randomfile
createrandom ${TEST_SCRATCH_DIR}/other-randomfile
createrandom ${TEST_SCRATCH_DIR}/third-randomfile
run_buildah from $WITH_POLICY_JSON scratch
cid=$output
run_buildah mount $cid
root=$output
run_buildah config --workingdir / $cid
# copy ${TESTDIR}/randomfile to a file of the same name in the container's working directory
run_buildah copy $cid ${TESTDIR}/randomfile
# copy ${TESTDIR}/other-randomfile and ${TESTDIR}/third-randomfile to a new directory named ${TESTDIR}/randomfile in the container
run_buildah copy $cid ${TESTDIR}/other-randomfile ${TESTDIR}/third-randomfile ${TESTDIR}/randomfile
# try to copy ${TESTDIR}/other-randomfile and ${TESTDIR}/third-randomfile to a /randomfile, which already exists and is a file
run_buildah 125 copy $cid ${TESTDIR}/other-randomfile ${TESTDIR}/third-randomfile /randomfile
# copy ${TESTDIR}/other-randomfile and ${TESTDIR}/third-randomfile to previously-created directory named ${TESTDIR}/randomfile in the container
run_buildah copy $cid ${TESTDIR}/other-randomfile ${TESTDIR}/third-randomfile ${TESTDIR}/randomfile
# copy ${TEST_SCRATCH_DIR}/randomfile to a file of the same name in the container's working directory
run_buildah copy $cid ${TEST_SCRATCH_DIR}/randomfile
# copy ${TEST_SCRATCH_DIR}/other-randomfile and ${TEST_SCRATCH_DIR}/third-randomfile to a new directory named ${TEST_SCRATCH_DIR}/randomfile in the container
run_buildah copy $cid ${TEST_SCRATCH_DIR}/other-randomfile ${TEST_SCRATCH_DIR}/third-randomfile ${TEST_SCRATCH_DIR}/randomfile
# try to copy ${TEST_SCRATCH_DIR}/other-randomfile and ${TEST_SCRATCH_DIR}/third-randomfile to a /randomfile, which already exists and is a file
run_buildah 125 copy $cid ${TEST_SCRATCH_DIR}/other-randomfile ${TEST_SCRATCH_DIR}/third-randomfile /randomfile
# copy ${TEST_SCRATCH_DIR}/other-randomfile and ${TEST_SCRATCH_DIR}/third-randomfile to previously-created directory named ${TEST_SCRATCH_DIR}/randomfile in the container
run_buildah copy $cid ${TEST_SCRATCH_DIR}/other-randomfile ${TEST_SCRATCH_DIR}/third-randomfile ${TEST_SCRATCH_DIR}/randomfile
run_buildah rm $cid
_prefetch alpine
@ -39,8 +39,8 @@ load helpers
run_buildah mount $cid
root=$output
run_buildah config --workingdir / $cid
run_buildah copy $cid ${TESTDIR}/randomfile
run_buildah copy $cid ${TESTDIR}/other-randomfile ${TESTDIR}/third-randomfile ${TESTDIR}/randomfile /etc
run_buildah copy $cid ${TEST_SCRATCH_DIR}/randomfile
run_buildah copy $cid ${TEST_SCRATCH_DIR}/other-randomfile ${TEST_SCRATCH_DIR}/third-randomfile ${TEST_SCRATCH_DIR}/randomfile /etc
run_buildah rm $cid
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
@ -48,22 +48,22 @@ load helpers
run_buildah mount $cid
root=$output
run_buildah config --workingdir / $cid
run_buildah copy $cid "${TESTDIR}/*randomfile" /etc
(cd ${TESTDIR}; for i in *randomfile; do cmp $i ${root}/etc/$i; done)
run_buildah copy $cid "${TEST_SCRATCH_DIR}/*randomfile" /etc
(cd ${TEST_SCRATCH_DIR}; for i in *randomfile; do cmp $i ${root}/etc/$i; done)
}
@test "copy-local-plain" {
createrandom ${TESTDIR}/randomfile
createrandom ${TESTDIR}/other-randomfile
createrandom ${TESTDIR}/third-randomfile
createrandom ${TEST_SCRATCH_DIR}/randomfile
createrandom ${TEST_SCRATCH_DIR}/other-randomfile
createrandom ${TEST_SCRATCH_DIR}/third-randomfile
run_buildah from $WITH_POLICY_JSON scratch
cid=$output
run_buildah mount $cid
root=$output
run_buildah config --workingdir / $cid
run_buildah copy $cid ${TESTDIR}/randomfile
run_buildah copy $cid ${TESTDIR}/other-randomfile
run_buildah copy $cid ${TEST_SCRATCH_DIR}/randomfile
run_buildah copy $cid ${TEST_SCRATCH_DIR}/other-randomfile
run_buildah unmount $cid
run_buildah commit $WITH_POLICY_JSON $cid containers-storage:new-image
run_buildah rm $cid
@ -73,98 +73,98 @@ load helpers
run_buildah mount $newcid
newroot=$output
test -s $newroot/randomfile
cmp ${TESTDIR}/randomfile $newroot/randomfile
cmp ${TEST_SCRATCH_DIR}/randomfile $newroot/randomfile
test -s $newroot/other-randomfile
cmp ${TESTDIR}/other-randomfile $newroot/other-randomfile
cmp ${TEST_SCRATCH_DIR}/other-randomfile $newroot/other-randomfile
}
@test "copy-local-subdirectory" {
mkdir -p ${TESTDIR}/subdir
createrandom ${TESTDIR}/subdir/randomfile
createrandom ${TESTDIR}/subdir/other-randomfile
mkdir -p ${TEST_SCRATCH_DIR}/subdir
createrandom ${TEST_SCRATCH_DIR}/subdir/randomfile
createrandom ${TEST_SCRATCH_DIR}/subdir/other-randomfile
run_buildah from $WITH_POLICY_JSON scratch
cid=$output
run_buildah config --workingdir /container-subdir $cid
run_buildah copy $cid ${TESTDIR}/subdir
run_buildah copy $cid ${TEST_SCRATCH_DIR}/subdir
run_buildah mount $cid
root=$output
test -s $root/container-subdir/randomfile
cmp ${TESTDIR}/subdir/randomfile $root/container-subdir/randomfile
cmp ${TEST_SCRATCH_DIR}/subdir/randomfile $root/container-subdir/randomfile
test -s $root/container-subdir/other-randomfile
cmp ${TESTDIR}/subdir/other-randomfile $root/container-subdir/other-randomfile
run_buildah copy $cid ${TESTDIR}/subdir /other-subdir
cmp ${TEST_SCRATCH_DIR}/subdir/other-randomfile $root/container-subdir/other-randomfile
run_buildah copy $cid ${TEST_SCRATCH_DIR}/subdir /other-subdir
test -s $root/other-subdir/randomfile
cmp ${TESTDIR}/subdir/randomfile $root/other-subdir/randomfile
cmp ${TEST_SCRATCH_DIR}/subdir/randomfile $root/other-subdir/randomfile
test -s $root/other-subdir/other-randomfile
cmp ${TESTDIR}/subdir/other-randomfile $root/other-subdir/other-randomfile
cmp ${TEST_SCRATCH_DIR}/subdir/other-randomfile $root/other-subdir/other-randomfile
}
@test "copy-local-force-directory" {
createrandom ${TESTDIR}/randomfile
createrandom ${TEST_SCRATCH_DIR}/randomfile
run_buildah from $WITH_POLICY_JSON scratch
cid=$output
run_buildah config --workingdir / $cid
run_buildah copy $cid ${TESTDIR}/randomfile /randomfile
run_buildah copy $cid ${TEST_SCRATCH_DIR}/randomfile /randomfile
run_buildah mount $cid
root=$output
test -s $root/randomfile
cmp ${TESTDIR}/randomfile $root/randomfile
cmp ${TEST_SCRATCH_DIR}/randomfile $root/randomfile
run_buildah rm $cid
run_buildah from $WITH_POLICY_JSON scratch
cid=$output
run_buildah config --workingdir / $cid
run_buildah copy $cid ${TESTDIR}/randomfile /randomsubdir/
run_buildah copy $cid ${TEST_SCRATCH_DIR}/randomfile /randomsubdir/
run_buildah mount $cid
root=$output
test -s $root/randomsubdir/randomfile
cmp ${TESTDIR}/randomfile $root/randomsubdir/randomfile
cmp ${TEST_SCRATCH_DIR}/randomfile $root/randomsubdir/randomfile
}
@test "copy-url-mtime" {
# Create a file with random content and a non-now timestamp (so we can
# can trust that buildah correctly set mtime on copy)
createrandom ${TESTDIR}/randomfile
touch -t 201910310123.45 ${TESTDIR}/randomfile
createrandom ${TEST_SCRATCH_DIR}/randomfile
touch -t 201910310123.45 ${TEST_SCRATCH_DIR}/randomfile
run_buildah from $WITH_POLICY_JSON scratch
cid=$output
run_buildah config --workingdir / $cid
starthttpd ${TESTDIR}
starthttpd ${TEST_SCRATCH_DIR}
run_buildah copy $cid http://0.0.0.0:${HTTP_SERVER_PORT}/randomfile /urlfile
stophttpd
run_buildah mount $cid
root=$output
test -s $root/urlfile
cmp ${TESTDIR}/randomfile $root/urlfile
cmp ${TEST_SCRATCH_DIR}/randomfile $root/urlfile
# Compare timestamps. Display them in human-readable form, so if there's
# a mismatch it will be shown in the test log.
mtime_randomfile=$(stat --format %y ${TESTDIR}/randomfile)
mtime_randomfile=$(stat --format %y ${TEST_SCRATCH_DIR}/randomfile)
mtime_urlfile=$(stat --format %y $root/urlfile)
expect_output --from="$mtime_randomfile" "$mtime_urlfile" "mtime[randomfile] == mtime[urlfile]"
}
@test "copy --chown" {
mkdir -p ${TESTDIR}/subdir
mkdir -p ${TESTDIR}/other-subdir
createrandom ${TESTDIR}/subdir/randomfile
createrandom ${TESTDIR}/subdir/other-randomfile
createrandom ${TESTDIR}/randomfile
createrandom ${TESTDIR}/other-subdir/randomfile
createrandom ${TESTDIR}/other-subdir/other-randomfile
mkdir -p ${TEST_SCRATCH_DIR}/subdir
mkdir -p ${TEST_SCRATCH_DIR}/other-subdir
createrandom ${TEST_SCRATCH_DIR}/subdir/randomfile
createrandom ${TEST_SCRATCH_DIR}/subdir/other-randomfile
createrandom ${TEST_SCRATCH_DIR}/randomfile
createrandom ${TEST_SCRATCH_DIR}/other-subdir/randomfile
createrandom ${TEST_SCRATCH_DIR}/other-subdir/other-randomfile
_prefetch alpine
run_buildah from --quiet $WITH_POLICY_JSON alpine
cid=$output
run_buildah config --workingdir / $cid
run_buildah copy --chown 1:1 $cid ${TESTDIR}/randomfile
run_buildah copy --chown root:1 $cid ${TESTDIR}/randomfile /randomfile2
run_buildah copy --chown nobody $cid ${TESTDIR}/randomfile /randomfile3
run_buildah copy --chown nobody:root $cid ${TESTDIR}/subdir /subdir
run_buildah copy --chown 1:1 $cid ${TEST_SCRATCH_DIR}/randomfile
run_buildah copy --chown root:1 $cid ${TEST_SCRATCH_DIR}/randomfile /randomfile2
run_buildah copy --chown nobody $cid ${TEST_SCRATCH_DIR}/randomfile /randomfile3
run_buildah copy --chown nobody:root $cid ${TEST_SCRATCH_DIR}/subdir /subdir
run_buildah run $cid stat -c "%u:%g" /randomfile
expect_output "1:1" "stat ug /randomfile"
@ -183,7 +183,7 @@ load helpers
run_buildah run $cid stat -c "%U:%G" /subdir
expect_output "nobody:root" "stat UG /subdir"
run_buildah copy --chown root:root $cid ${TESTDIR}/other-subdir /subdir
run_buildah copy --chown root:root $cid ${TEST_SCRATCH_DIR}/other-subdir /subdir
for i in randomfile other-randomfile ; do
run_buildah run $cid stat -c "%U:%G" /subdir/$i
expect_output "root:root" "stat UG /subdir/$i (after chown)"
@ -195,22 +195,22 @@ load helpers
}
@test "copy --chmod" {
mkdir -p ${TESTDIR}/subdir
mkdir -p ${TESTDIR}/other-subdir
createrandom ${TESTDIR}/subdir/randomfile
createrandom ${TESTDIR}/subdir/other-randomfile
createrandom ${TESTDIR}/randomfile
createrandom ${TESTDIR}/other-subdir/randomfile
createrandom ${TESTDIR}/other-subdir/other-randomfile
mkdir -p ${TEST_SCRATCH_DIR}/subdir
mkdir -p ${TEST_SCRATCH_DIR}/other-subdir
createrandom ${TEST_SCRATCH_DIR}/subdir/randomfile
createrandom ${TEST_SCRATCH_DIR}/subdir/other-randomfile
createrandom ${TEST_SCRATCH_DIR}/randomfile
createrandom ${TEST_SCRATCH_DIR}/other-subdir/randomfile
createrandom ${TEST_SCRATCH_DIR}/other-subdir/other-randomfile
_prefetch alpine
run_buildah from --quiet $WITH_POLICY_JSON alpine
cid=$output
run_buildah config --workingdir / $cid
run_buildah copy --chmod 777 $cid ${TESTDIR}/randomfile
run_buildah copy --chmod 700 $cid ${TESTDIR}/randomfile /randomfile2
run_buildah copy --chmod 755 $cid ${TESTDIR}/randomfile /randomfile3
run_buildah copy --chmod 660 $cid ${TESTDIR}/subdir /subdir
run_buildah copy --chmod 777 $cid ${TEST_SCRATCH_DIR}/randomfile
run_buildah copy --chmod 700 $cid ${TEST_SCRATCH_DIR}/randomfile /randomfile2
run_buildah copy --chmod 755 $cid ${TEST_SCRATCH_DIR}/randomfile /randomfile3
run_buildah copy --chmod 660 $cid ${TEST_SCRATCH_DIR}/subdir /subdir
run_buildah run $cid ls -l /randomfile
expect_output --substring rwxrwxrwx
@ -229,7 +229,7 @@ load helpers
run_buildah run $cid ls -l /subdir
expect_output --substring rw-rw----
run_buildah copy --chmod 600 $cid ${TESTDIR}/other-subdir /subdir
run_buildah copy --chmod 600 $cid ${TEST_SCRATCH_DIR}/other-subdir /subdir
for i in randomfile other-randomfile ; do
run_buildah run $cid ls -l /subdir/$i
expect_output --substring rw-------
@ -237,15 +237,15 @@ load helpers
}
@test "copy-symlink" {
createrandom ${TESTDIR}/randomfile
ln -s ${TESTDIR}/randomfile ${TESTDIR}/link-randomfile
createrandom ${TEST_SCRATCH_DIR}/randomfile
ln -s ${TEST_SCRATCH_DIR}/randomfile ${TEST_SCRATCH_DIR}/link-randomfile
run_buildah from $WITH_POLICY_JSON scratch
cid=$output
run_buildah mount $cid
root=$output
run_buildah config --workingdir / $cid
run_buildah copy $cid ${TESTDIR}/link-randomfile
run_buildah copy $cid ${TEST_SCRATCH_DIR}/link-randomfile
run_buildah unmount $cid
run_buildah commit $WITH_POLICY_JSON $cid containers-storage:new-image
run_buildah rm $cid
@ -256,22 +256,22 @@ load helpers
newroot=$output
test -s $newroot/link-randomfile
test -f $newroot/link-randomfile
cmp ${TESTDIR}/randomfile $newroot/link-randomfile
cmp ${TEST_SCRATCH_DIR}/randomfile $newroot/link-randomfile
}
@test "ignore-socket" {
createrandom ${TESTDIR}/randomfile
createrandom ${TEST_SCRATCH_DIR}/randomfile
# This seems to be the least-worst way to create a socket: run and kill nc
nc -lkU ${TESTDIR}/test.socket &
nc -lkU ${TEST_SCRATCH_DIR}/test.socket &
nc_pid=$!
# This should succeed fairly quickly. We test with a timeout in case of
# failure (likely reason: 'nc' not installed.)
retries=50
while ! test -e ${TESTDIR}/test.socket; do
while ! test -e ${TEST_SCRATCH_DIR}/test.socket; do
sleep 0.1
retries=$((retries - 1))
if [[ $retries -eq 0 ]]; then
die "Timed out waiting for ${TESTDIR}/test.socket (is nc installed?)"
die "Timed out waiting for ${TEST_SCRATCH_DIR}/test.socket (is nc installed?)"
fi
done
kill $nc_pid
@ -293,15 +293,15 @@ load helpers
}
@test "copy-symlink-archive-suffix" {
createrandom ${TESTDIR}/randomfile.tar.gz
ln -s ${TESTDIR}/randomfile.tar.gz ${TESTDIR}/link-randomfile.tar.gz
createrandom ${TEST_SCRATCH_DIR}/randomfile.tar.gz
ln -s ${TEST_SCRATCH_DIR}/randomfile.tar.gz ${TEST_SCRATCH_DIR}/link-randomfile.tar.gz
run_buildah from $WITH_POLICY_JSON scratch
cid=$output
run_buildah mount $cid
root=$output
run_buildah config --workingdir / $cid
run_buildah copy $cid ${TESTDIR}/link-randomfile.tar.gz
run_buildah copy $cid ${TEST_SCRATCH_DIR}/link-randomfile.tar.gz
run_buildah unmount $cid
run_buildah commit $WITH_POLICY_JSON $cid containers-storage:new-image
run_buildah rm $cid
@ -312,22 +312,22 @@ load helpers
newroot=$output
test -s $newroot/link-randomfile.tar.gz
test -f $newroot/link-randomfile.tar.gz
cmp ${TESTDIR}/randomfile.tar.gz $newroot/link-randomfile.tar.gz
cmp ${TEST_SCRATCH_DIR}/randomfile.tar.gz $newroot/link-randomfile.tar.gz
}
@test "copy-detect-missing-data" {
_prefetch busybox
: > ${TESTDIR}/Dockerfile
echo FROM busybox AS builder >> ${TESTDIR}/Dockerfile
echo FROM scratch >> ${TESTDIR}/Dockerfile
echo COPY --from=builder /bin/-no-such-file-error- /usr/bin >> ${TESTDIR}/Dockerfile
run_buildah 125 build-using-dockerfile $WITH_POLICY_JSON ${TESTDIR}
: > ${TEST_SCRATCH_DIR}/Dockerfile
echo FROM busybox AS builder >> ${TEST_SCRATCH_DIR}/Dockerfile
echo FROM scratch >> ${TEST_SCRATCH_DIR}/Dockerfile
echo COPY --from=builder /bin/-no-such-file-error- /usr/bin >> ${TEST_SCRATCH_DIR}/Dockerfile
run_buildah 125 build-using-dockerfile $WITH_POLICY_JSON ${TEST_SCRATCH_DIR}
expect_output --substring "no such file or directory"
}
@test "copy --ignorefile" {
mytest=${TESTDIR}/mytest
mytest=${TEST_SCRATCH_DIR}/mytest
mkdir -p ${mytest}
touch ${mytest}/mystuff
touch ${mytest}/source.go
@ -360,27 +360,27 @@ stuff/mystuff"
}
@test "copy-quiet" {
createrandom ${TESTDIR}/randomfile
createrandom ${TEST_SCRATCH_DIR}/randomfile
_prefetch alpine
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
cid=$output
run_buildah mount $cid
root=$output
run_buildah copy --quiet $cid ${TESTDIR}/randomfile /
run_buildah copy --quiet $cid ${TEST_SCRATCH_DIR}/randomfile /
expect_output ""
cmp ${TESTDIR}/randomfile $root/randomfile
cmp ${TEST_SCRATCH_DIR}/randomfile $root/randomfile
run_buildah umount $cid
run_buildah rm $cid
}
@test "copy-from-container" {
_prefetch busybox
createrandom ${TESTDIR}/randomfile
createrandom ${TEST_SCRATCH_DIR}/randomfile
run_buildah from --quiet $WITH_POLICY_JSON busybox
from=$output
run_buildah from --quiet $WITH_POLICY_JSON busybox
cid=$output
run_buildah copy --quiet $from ${TESTDIR}/randomfile /tmp/random
run_buildah copy --quiet $from ${TEST_SCRATCH_DIR}/randomfile /tmp/random
expect_output ""
run_buildah copy --quiet $WITH_POLICY_JSON --from $from $cid /tmp/random /tmp/random # absolute path
expect_output ""
@ -388,25 +388,25 @@ stuff/mystuff"
expect_output ""
run_buildah mount $cid
croot=$output
cmp ${TESTDIR}/randomfile ${croot}/tmp/random
cmp ${TESTDIR}/randomfile ${croot}/tmp/random2
cmp ${TEST_SCRATCH_DIR}/randomfile ${croot}/tmp/random
cmp ${TEST_SCRATCH_DIR}/randomfile ${croot}/tmp/random2
}
@test "copy-container-root" {
_prefetch busybox
createrandom ${TESTDIR}/randomfile
createrandom ${TEST_SCRATCH_DIR}/randomfile
run_buildah from --quiet $WITH_POLICY_JSON busybox
from=$output
run_buildah from --quiet $WITH_POLICY_JSON busybox
cid=$output
run_buildah copy --quiet $from ${TESTDIR}/randomfile /tmp/random
run_buildah copy --quiet $from ${TEST_SCRATCH_DIR}/randomfile /tmp/random
expect_output ""
run_buildah copy --quiet $WITH_POLICY_JSON --from $from $cid / /tmp/
expect_output "" || \
expect_output --substring "copier: file disappeared while reading"
run_buildah mount $cid
croot=$output
cmp ${TESTDIR}/randomfile ${croot}/tmp/tmp/random
cmp ${TEST_SCRATCH_DIR}/randomfile ${croot}/tmp/tmp/random
}
@test "add-from-image" {
@ -445,16 +445,16 @@ stuff/mystuff"
}
@test "copy-preserving-extended-attributes" {
createrandom ${TESTDIR}/randomfile
createrandom ${TEST_SCRATCH_DIR}/randomfile
# if we need to change which image we use, any image that can provide a working setattr/setcap/getfattr will do
image="quay.io/libpod/fedora-minimal:34"
if ! which setfattr > /dev/null 2> /dev/null; then
skip "setfattr not available, unable to check if it'll work in filesystem at ${TESTDIR}"
skip "setfattr not available, unable to check if it'll work in filesystem at ${TEST_SCRATCH_DIR}"
fi
run setfattr -n user.yeah -v butno ${TESTDIR}/root
run setfattr -n user.yeah -v butno ${TEST_SCRATCH_DIR}/root
if [ "$status" -ne 0 ] ; then
if [[ "$output" =~ "not supported" ]] ; then
skip "setfattr not supported in filesystem at ${TESTDIR}"
skip "setfattr not supported in filesystem at ${TEST_SCRATCH_DIR}"
fi
skip "$output"
fi
@ -462,7 +462,7 @@ stuff/mystuff"
run_buildah from --quiet $WITH_POLICY_JSON $image
first="$output"
run_buildah run $first microdnf -y install /usr/bin/setfattr /usr/sbin/setcap
run_buildah copy $first ${TESTDIR}/randomfile /
run_buildah copy $first ${TEST_SCRATCH_DIR}/randomfile /
# set security.capability
run_buildah run $first setcap cap_setuid=ep /randomfile
# set user.something
@ -482,13 +482,13 @@ stuff/mystuff"
@test "copy-relative-context-dir" {
image=busybox
_prefetch $image
mkdir -p ${TESTDIR}/context
createrandom ${TESTDIR}/context/excluded_test_file
createrandom ${TESTDIR}/context/test_file
echo excluded_test_file | tee ${TESTDIR}/context/.containerignore | tee ${TESTDIR}/context/.dockerignore
mkdir -p ${TEST_SCRATCH_DIR}/context
createrandom ${TEST_SCRATCH_DIR}/context/excluded_test_file
createrandom ${TEST_SCRATCH_DIR}/context/test_file
echo excluded_test_file | tee ${TEST_SCRATCH_DIR}/context/.containerignore | tee ${TEST_SCRATCH_DIR}/context/.dockerignore
run_buildah from --quiet $WITH_POLICY_JSON $image
ctr="$output"
cd ${TESTDIR}/context
cd ${TEST_SCRATCH_DIR}/context
run_buildah copy --contextdir . $ctr / /opt/
run_buildah run $ctr ls -1 /opt/
expect_line_count 1

2
tests/digest.bats
View File

@ -17,7 +17,7 @@ fromreftest() {
fi
# This is all we test: basically, that buildah doesn't crash when pushing
pushdir=${TESTDIR}/fromreftest
pushdir=${TEST_SCRATCH_DIR}/fromreftest
mkdir -p ${pushdir}/{1,2,3}
run_buildah push $WITH_POLICY_JSON $img dir:${pushdir}/1
run_buildah commit $WITH_POLICY_JSON $cid new-image

100
tests/from.bats
View File

@ -32,7 +32,7 @@ load helpers
}
@test "commit-to-from-elsewhere" {
elsewhere=${TESTDIR}/elsewhere-img
elsewhere=${TEST_SCRATCH_DIR}/elsewhere-img
mkdir -p ${elsewhere}
run_buildah from --pull $WITH_POLICY_JSON scratch
@ -123,22 +123,22 @@ load helpers
run_buildah from --quiet --pull=true $WITH_POLICY_JSON docker:latest
run_buildah rm $output
run_buildah push $WITH_POLICY_JSON alpine docker-archive:${TESTDIR}/docker-alp.tar:alpine
run_buildah push $WITH_POLICY_JSON alpine oci-archive:${TESTDIR}/oci-alp.tar:alpine
run_buildah push $WITH_POLICY_JSON alpine dir:${TESTDIR}/alp-dir
run_buildah push $WITH_POLICY_JSON alpine docker-archive:${TEST_SCRATCH_DIR}/docker-alp.tar:alpine
run_buildah push $WITH_POLICY_JSON alpine oci-archive:${TEST_SCRATCH_DIR}/oci-alp.tar:alpine
run_buildah push $WITH_POLICY_JSON alpine dir:${TEST_SCRATCH_DIR}/alp-dir
run_buildah rmi alpine
run_buildah from --quiet $WITH_POLICY_JSON docker-archive:${TESTDIR}/docker-alp.tar
run_buildah from --quiet $WITH_POLICY_JSON docker-archive:${TEST_SCRATCH_DIR}/docker-alp.tar
expect_output "alpine-working-container"
run_buildah rm ${output}
run_buildah rmi alpine
run_buildah from --quiet $WITH_POLICY_JSON oci-archive:${TESTDIR}/oci-alp.tar
run_buildah from --quiet $WITH_POLICY_JSON oci-archive:${TEST_SCRATCH_DIR}/oci-alp.tar
expect_output "alpine-working-container"
run_buildah rm ${output}
run_buildah rmi alpine
run_buildah from --quiet $WITH_POLICY_JSON dir:${TESTDIR}/alp-dir
run_buildah from --quiet $WITH_POLICY_JSON dir:${TEST_SCRATCH_DIR}/alp-dir
expect_output "dir-working-container"
}
@ -147,16 +147,16 @@ load helpers
run_buildah from --quiet --pull=true $WITH_POLICY_JSON alpine
run_buildah rm $output
run_buildah push $WITH_POLICY_JSON alpine docker-archive:${TESTDIR}/docker-alp.tar
run_buildah push $WITH_POLICY_JSON alpine oci-archive:${TESTDIR}/oci-alp.tar
run_buildah push $WITH_POLICY_JSON alpine docker-archive:${TEST_SCRATCH_DIR}/docker-alp.tar
run_buildah push $WITH_POLICY_JSON alpine oci-archive:${TEST_SCRATCH_DIR}/oci-alp.tar
run_buildah rmi alpine
run_buildah from --quiet $WITH_POLICY_JSON docker-archive:${TESTDIR}/docker-alp.tar
run_buildah from --quiet $WITH_POLICY_JSON docker-archive:${TEST_SCRATCH_DIR}/docker-alp.tar
expect_output "alpine-working-container"
run_buildah rm $output
run_buildah rmi -a
run_buildah from --quiet $WITH_POLICY_JSON oci-archive:${TESTDIR}/oci-alp.tar
run_buildah from --quiet $WITH_POLICY_JSON oci-archive:${TEST_SCRATCH_DIR}/oci-alp.tar
expect_output "oci-archive-working-container"
run_buildah rm $output
run_buildah rmi -a
@ -277,7 +277,7 @@ load helpers
skip_if_no_runtime
_prefetch alpine
run_buildah from --quiet --volume=${TESTDIR}:/myvol --pull $WITH_POLICY_JSON alpine
run_buildah from --quiet --volume=${TEST_SCRATCH_DIR}:/myvol --pull $WITH_POLICY_JSON alpine
cid=$output
run_buildah run $cid -- cat /proc/mounts
expect_output --substring " /myvol "
@ -288,7 +288,7 @@ load helpers
skip_if_no_runtime
_prefetch alpine
run_buildah from --quiet --volume=${TESTDIR}:/myvol:ro --pull=false $WITH_POLICY_JSON alpine
run_buildah from --quiet --volume=${TEST_SCRATCH_DIR}:/myvol:ro --pull=false $WITH_POLICY_JSON alpine
cid=$output
run_buildah run $cid -- cat /proc/mounts
expect_output --substring " /myvol "
@ -310,12 +310,12 @@ load helpers
gidsize=$((${RANDOM}+1024))
# Create source volume.
mkdir ${TESTDIR}/testdata
touch ${TESTDIR}/testdata/testfile1.txt
mkdir ${TEST_SCRATCH_DIR}/testdata
touch ${TEST_SCRATCH_DIR}/testdata/testfile1.txt
# Create a container that uses that mapping and U volume flag.
_prefetch alpine
run_buildah from --pull=false $WITH_POLICY_JSON --userns-uid-map 0:$uidbase:$uidsize --userns-gid-map 0:$gidbase:$gidsize --volume ${TESTDIR}/testdata:/mnt:z,U alpine
run_buildah from --pull=false $WITH_POLICY_JSON --userns-uid-map 0:$uidbase:$uidsize --userns-gid-map 0:$gidbase:$gidsize --volume ${TEST_SCRATCH_DIR}/testdata:/mnt:z,U alpine
ctr="$output"
# Test mounted volume has correct UID and GID ownership.
@ -361,8 +361,8 @@ load helpers
@test "from cidfile test" {
_prefetch alpine
run_buildah from --cidfile ${TESTDIR}/output.cid --pull=false $WITH_POLICY_JSON alpine
cid=$(< ${TESTDIR}/output.cid)
run_buildah from --cidfile ${TEST_SCRATCH_DIR}/output.cid --pull=false $WITH_POLICY_JSON alpine
cid=$(< ${TEST_SCRATCH_DIR}/output.cid)
run_buildah containers -f id=${cid}
}
@ -420,49 +420,49 @@ load helpers
@test "from encrypted local image" {
_prefetch busybox
mkdir ${TESTDIR}/tmp
openssl genrsa -out ${TESTDIR}/tmp/mykey.pem 1024
openssl genrsa -out ${TESTDIR}/tmp/mykey2.pem 1024
openssl rsa -in ${TESTDIR}/tmp/mykey.pem -pubout > ${TESTDIR}/tmp/mykey.pub
run_buildah push $WITH_POLICY_JSON --tls-verify=false --creds testuser:testpassword --encryption-key jwe:${TESTDIR}/tmp/mykey.pub busybox oci:${TESTDIR}/tmp/busybox_enc
mkdir ${TEST_SCRATCH_DIR}/tmp
openssl genrsa -out ${TEST_SCRATCH_DIR}/tmp/mykey.pem 1024
openssl genrsa -out ${TEST_SCRATCH_DIR}/tmp/mykey2.pem 1024
openssl rsa -in ${TEST_SCRATCH_DIR}/tmp/mykey.pem -pubout > ${TEST_SCRATCH_DIR}/tmp/mykey.pub
run_buildah push $WITH_POLICY_JSON --tls-verify=false --creds testuser:testpassword --encryption-key jwe:${TEST_SCRATCH_DIR}/tmp/mykey.pub busybox oci:${TEST_SCRATCH_DIR}/tmp/busybox_enc
# Try encrypted image without key should fail
run_buildah 125 from oci:${TESTDIR}/tmp/busybox_enc
run_buildah 125 from oci:${TEST_SCRATCH_DIR}/tmp/busybox_enc
expect_output --substring "decrypting layer .* missing private key needed for decryption"
# Try encrypted image with wrong key should fail
run_buildah 125 from --decryption-key ${TESTDIR}/tmp/mykey2.pem oci:${TESTDIR}/tmp/busybox_enc
run_buildah 125 from --decryption-key ${TEST_SCRATCH_DIR}/tmp/mykey2.pem oci:${TEST_SCRATCH_DIR}/tmp/busybox_enc
expect_output --substring "decrypting layer .* no suitable key unwrapper found or none of the private keys could be used for decryption"
# Providing the right key should succeed
run_buildah from --decryption-key ${TESTDIR}/tmp/mykey.pem oci:${TESTDIR}/tmp/busybox_enc
run_buildah from --decryption-key ${TEST_SCRATCH_DIR}/tmp/mykey.pem oci:${TEST_SCRATCH_DIR}/tmp/busybox_enc
rm -rf ${TESTDIR}/tmp
rm -rf ${TEST_SCRATCH_DIR}/tmp
}
@test "from encrypted registry image" {
_prefetch busybox
mkdir ${TESTDIR}/tmp
openssl genrsa -out ${TESTDIR}/tmp/mykey.pem 2048
openssl genrsa -out ${TESTDIR}/tmp/mykey2.pem 2048
openssl rsa -in ${TESTDIR}/tmp/mykey.pem -pubout > ${TESTDIR}/tmp/mykey.pub
mkdir ${TEST_SCRATCH_DIR}/tmp
openssl genrsa -out ${TEST_SCRATCH_DIR}/tmp/mykey.pem 2048
openssl genrsa -out ${TEST_SCRATCH_DIR}/tmp/mykey2.pem 2048
openssl rsa -in ${TEST_SCRATCH_DIR}/tmp/mykey.pem -pubout > ${TEST_SCRATCH_DIR}/tmp/mykey.pub
start_registry
run_buildah push $WITH_POLICY_JSON --tls-verify=false --creds testuser:testpassword --encryption-key jwe:${TESTDIR}/tmp/mykey.pub busybox docker://localhost:${REGISTRY_PORT}/buildah/busybox_encrypted:latest
run_buildah push $WITH_POLICY_JSON --tls-verify=false --creds testuser:testpassword --encryption-key jwe:${TEST_SCRATCH_DIR}/tmp/mykey.pub busybox docker://localhost:${REGISTRY_PORT}/buildah/busybox_encrypted:latest
# Try encrypted image without key should fail
run_buildah 125 from --tls-verify=false --creds testuser:testpassword docker://localhost:${REGISTRY_PORT}/buildah/busybox_encrypted:latest
expect_output --substring "decrypting layer .* missing private key needed for decryption"
# Try encrypted image with wrong key should fail
run_buildah 125 from --tls-verify=false --creds testuser:testpassword --decryption-key ${TESTDIR}/tmp/mykey2.pem docker://localhost:${REGISTRY_PORT}/buildah/busybox_encrypted:latest
run_buildah 125 from --tls-verify=false --creds testuser:testpassword --decryption-key ${TEST_SCRATCH_DIR}/tmp/mykey2.pem docker://localhost:${REGISTRY_PORT}/buildah/busybox_encrypted:latest
expect_output --substring "decrypting layer .* no suitable key unwrapper found or none of the private keys could be used for decryption"
# Providing the right key should succeed
run_buildah from --tls-verify=false --creds testuser:testpassword --decryption-key ${TESTDIR}/tmp/mykey.pem docker://localhost:${REGISTRY_PORT}/buildah/busybox_encrypted:latest
run_buildah from --tls-verify=false --creds testuser:testpassword --decryption-key ${TEST_SCRATCH_DIR}/tmp/mykey.pem docker://localhost:${REGISTRY_PORT}/buildah/busybox_encrypted:latest
run_buildah rm -a
run_buildah rmi localhost:${REGISTRY_PORT}/buildah/busybox_encrypted:latest
rm -rf ${TESTDIR}/tmp
rm -rf ${TEST_SCRATCH_DIR}/tmp
}
@test "from with non buildah container" {
@ -524,10 +524,10 @@ load helpers
@test "from --authfile test" {
_prefetch busybox
start_registry
run_buildah login --tls-verify=false --authfile ${TESTDIR}/test.auth --username testuser --password testpassword localhost:${REGISTRY_PORT}
run_buildah push $WITH_POLICY_JSON --tls-verify=false --authfile ${TESTDIR}/test.auth busybox docker://localhost:${REGISTRY_PORT}/buildah/busybox:latest
run_buildah login --tls-verify=false --authfile ${TEST_SCRATCH_DIR}/test.auth --username testuser --password testpassword localhost:${REGISTRY_PORT}
run_buildah push $WITH_POLICY_JSON --tls-verify=false --authfile ${TEST_SCRATCH_DIR}/test.auth busybox docker://localhost:${REGISTRY_PORT}/buildah/busybox:latest
target=busybox-image
run_buildah from -q $WITH_POLICY_JSON --tls-verify=false --authfile ${TESTDIR}/test.auth docker://localhost:${REGISTRY_PORT}/buildah/busybox:latest
run_buildah from -q $WITH_POLICY_JSON --tls-verify=false --authfile ${TEST_SCRATCH_DIR}/test.auth docker://localhost:${REGISTRY_PORT}/buildah/busybox:latest
run_buildah rm $output
run_buildah rmi localhost:${REGISTRY_PORT}/buildah/busybox:latest
}
@ -612,8 +612,8 @@ load helpers
@test "from cni config test" {
_prefetch alpine
cni_config_dir=${TESTDIR}/no-cni-configs
cni_plugin_path=${TESTDIR}/no-cni-plugin
cni_config_dir=${TEST_SCRATCH_DIR}/no-cni-configs
cni_plugin_path=${TEST_SCRATCH_DIR}/no-cni-plugin
mkdir -p ${cni_config_dir}
mkdir -p ${cni_plugin_path}
run_buildah from -q --cni-config-dir=${cni_config_dir} --cni-plugin-path=${cni_plugin_path} $WITH_POLICY_JSON alpine
@ -626,8 +626,8 @@ load helpers
}
@test "from-image-with-zstd-compression" {
copy --format oci --dest-compress --dest-compress-format zstd docker://quay.io/libpod/alpine_nginx:latest dir:${TESTDIR}/base-image
run_buildah from dir:${TESTDIR}/base-image
copy --format oci --dest-compress --dest-compress-format zstd docker://quay.io/libpod/alpine_nginx:latest dir:${TEST_SCRATCH_DIR}/base-image
run_buildah from dir:${TEST_SCRATCH_DIR}/base-image
}
@test "from proxy test" {
@ -653,14 +653,14 @@ load helpers
skip_if_no_runtime
_prefetch busybox
run_buildah from --cidfile ${TESTDIR}/cid busybox
cid=$(cat ${TESTDIR}/cid)
createrandom ${TESTDIR}/randomfile
run_buildah copy ${cid} ${TESTDIR}/randomfile /
run_buildah commit --iidfile ${TESTDIR}/iid ${cid}
iid=$(cat ${TESTDIR}/iid)
run_buildah from --cidfile ${TESTDIR}/cid2 ${iid}
cid2=$(cat ${TESTDIR}/cid2)
run_buildah from --cidfile ${TEST_SCRATCH_DIR}/cid busybox
cid=$(cat ${TEST_SCRATCH_DIR}/cid)
createrandom ${TEST_SCRATCH_DIR}/randomfile
run_buildah copy ${cid} ${TEST_SCRATCH_DIR}/randomfile /
run_buildah commit --iidfile ${TEST_SCRATCH_DIR}/iid ${cid}
iid=$(cat ${TEST_SCRATCH_DIR}/iid)
run_buildah from --cidfile ${TEST_SCRATCH_DIR}/cid2 ${iid}
cid2=$(cat ${TEST_SCRATCH_DIR}/cid2)
run_buildah run ${cid2} cat /etc/hosts
truncated=${iid##*:}
truncated="${truncated:0:12}"

60
tests/helpers.bash
View File

@ -33,13 +33,13 @@ function setup_tests() {
# buildah/podman: "repository name must be lowercase".
# me: "but it's a local file path, not a repository name!"
# buildah/podman: "i dont care. no caps anywhere!"
TESTDIR=$(mktemp -d --dry-run --tmpdir=${BATS_TMPDIR:-${TMPDIR:-/tmp}} buildah_tests.XXXXXX | tr A-Z a-z)
mkdir --mode=0700 $TESTDIR
TEST_SCRATCH_DIR=$(mktemp -d --dry-run --tmpdir=${BATS_TMPDIR:-${TMPDIR:-/tmp}} buildah_tests.XXXXXX | tr A-Z a-z)
mkdir --mode=0700 $TEST_SCRATCH_DIR
mkdir -p ${TESTDIR}/{root,runroot,sigstore,registries.d}
cat >${TESTDIR}/registries.d/default.yaml <<EOF
mkdir -p ${TEST_SCRATCH_DIR}/{root,runroot,sigstore,registries.d}
cat >${TEST_SCRATCH_DIR}/registries.d/default.yaml <<EOF
default-docker:
sigstore-staging: file://${TESTDIR}/sigstore
sigstore-staging: file://${TEST_SCRATCH_DIR}/sigstore
docker:
registry.access.redhat.com:
sigstore: https://access.redhat.com/webassets/docker/content/sigstore
@ -48,13 +48,13 @@ docker:
EOF
# Common options for all buildah and podman invocations
ROOTDIR_OPTS="--root ${TESTDIR}/root --runroot ${TESTDIR}/runroot --storage-driver ${STORAGE_DRIVER}"
BUILDAH_REGISTRY_OPTS="--registries-conf ${TEST_SOURCES}/registries.conf --registries-conf-dir ${TESTDIR}/registries.d --short-name-alias-conf ${TESTDIR}/cache/shortnames.conf"
ROOTDIR_OPTS="--root ${TEST_SCRATCH_DIR}/root --runroot ${TEST_SCRATCH_DIR}/runroot --storage-driver ${STORAGE_DRIVER}"
BUILDAH_REGISTRY_OPTS="--registries-conf ${TEST_SOURCES}/registries.conf --registries-conf-dir ${TEST_SCRATCH_DIR}/registries.d --short-name-alias-conf ${TEST_SCRATCH_DIR}/cache/shortnames.conf"
PODMAN_REGISTRY_OPTS="--registries-conf ${TEST_SOURCES}/registries.conf"
}
function starthttpd() {
pushd ${2:-${TESTDIR}} > /dev/null
pushd ${2:-${TEST_SCRATCH_DIR}} > /dev/null
go build -o serve ${TEST_SOURCES}/serve/serve.go
portfile=$(mktemp)
if test -z "${portfile}"; then
@ -99,11 +99,11 @@ function teardown_tests() {
# let's find those and clean them up, otherwise 'rm -rf' fails.
# 'sort -r' guarantees that we umount deepest subpaths first.
mount |\
awk '$3 ~ testdir { print $3 }' testdir="^${TESTDIR}/" |\
awk '$3 ~ testdir { print $3 }' testdir="^${TEST_SCRATCH_DIR}/" |\
sort -r |\
xargs --no-run-if-empty --max-lines=1 umount
rm -fr ${TESTDIR}
rm -fr ${TEST_SCRATCH_DIR}
popd
}
@ -596,17 +596,17 @@ function skip_if_no_docker() {
}
function start_git_daemon() {
daemondir=${TESTDIR}/git-daemon
daemondir=${TEST_SCRATCH_DIR}/git-daemon
mkdir -p ${daemondir}/repo
gzip -dc < ${1:-${TEST_SOURCES}/git-daemon/repo.tar.gz} | tar x -C ${daemondir}/repo
GITPORT=$(($RANDOM + 32768))
git daemon --detach --pid-file=${TESTDIR}/git-daemon/pid --reuseaddr --port=${GITPORT} --base-path=${daemondir} ${daemondir}
git daemon --detach --pid-file=${TEST_SCRATCH_DIR}/git-daemon/pid --reuseaddr --port=${GITPORT} --base-path=${daemondir} ${daemondir}
}
function stop_git_daemon() {
if test -s ${TESTDIR}/git-daemon/pid ; then
kill $(cat ${TESTDIR}/git-daemon/pid)
rm -f ${TESTDIR}/git-daemon/pid
if test -s ${TEST_SCRATCH_DIR}/git-daemon/pid ; then
kill $(cat ${TEST_SCRATCH_DIR}/git-daemon/pid)
rm -f ${TEST_SCRATCH_DIR}/git-daemon/pid
fi
}
@ -654,45 +654,45 @@ auth:
htpasswd=${testuser}:$(buildah passwd ${testpassword})
# generate the htpasswd and config.yml files for the registry
mkdir -p "${TESTDIR}"/registry/root "${TESTDIR}"/registry/run "${TESTDIR}"/registry/certs "${TESTDIR}"/registry/config
cat > "${TESTDIR}"/registry/config/htpasswd <<< "$htpasswd"
cat > "${TESTDIR}"/registry/config/config.yml <<< "$config"
chmod 644 "${TESTDIR}"/registry/config/htpasswd "${TESTDIR}"/registry/config/config.yml
mkdir -p "${TEST_SCRATCH_DIR}"/registry/root "${TEST_SCRATCH_DIR}"/registry/run "${TEST_SCRATCH_DIR}"/registry/certs "${TEST_SCRATCH_DIR}"/registry/config
cat > "${TEST_SCRATCH_DIR}"/registry/config/htpasswd <<< "$htpasswd"
cat > "${TEST_SCRATCH_DIR}"/registry/config/config.yml <<< "$config"
chmod 644 "${TEST_SCRATCH_DIR}"/registry/config/htpasswd "${TEST_SCRATCH_DIR}"/registry/config/config.yml
# generate a new key and certificate
if ! openssl req -newkey rsa:4096 -nodes -sha256 -keyout "${TESTDIR}"/registry/certs/localhost.key -x509 -days 2 -addext "subjectAltName = DNS:localhost" -out "${TESTDIR}"/registry/certs/localhost.crt -subj "/CN=localhost" ; then
if ! openssl req -newkey rsa:4096 -nodes -sha256 -keyout "${TEST_SCRATCH_DIR}"/registry/certs/localhost.key -x509 -days 2 -addext "subjectAltName = DNS:localhost" -out "${TEST_SCRATCH_DIR}"/registry/certs/localhost.crt -subj "/CN=localhost" ; then
die error creating new key and certificate
fi
chmod 644 "${TESTDIR}"/registry/certs/localhost.crt
chmod 600 "${TESTDIR}"/registry/certs/localhost.key
chmod 644 "${TEST_SCRATCH_DIR}"/registry/certs/localhost.crt
chmod 600 "${TEST_SCRATCH_DIR}"/registry/certs/localhost.key
# use a copy of the server's certificate for validation from a client
cp "${TESTDIR}"/registry/certs/localhost.crt "${TESTDIR}"/registry/
cp "${TEST_SCRATCH_DIR}"/registry/certs/localhost.crt "${TEST_SCRATCH_DIR}"/registry/
# create a container in its own storage
_prefetch "[vfs@${TESTDIR}/registry/root+${TESTDIR}/registry/run]" ${REGISTRY_IMAGE}
ctr=$(${BUILDAH_BINARY} --storage-driver vfs --root "${TESTDIR}"/registry/root --runroot "${TESTDIR}"/registry/run from --quiet --pull-never ${REGISTRY_IMAGE})
${BUILDAH_BINARY} --storage-driver vfs --root "${TESTDIR}"/registry/root --runroot "${TESTDIR}"/registry/run copy $ctr "${TESTDIR}"/registry/config/htpasswd "${TESTDIR}"/registry/config/config.yml "${TESTDIR}"/registry/certs/localhost.key "${TESTDIR}"/registry/certs/localhost.crt /etc/docker/registry/
_prefetch "[vfs@${TEST_SCRATCH_DIR}/registry/root+${TEST_SCRATCH_DIR}/registry/run]" ${REGISTRY_IMAGE}
ctr=$(${BUILDAH_BINARY} --storage-driver vfs --root "${TEST_SCRATCH_DIR}"/registry/root --runroot "${TEST_SCRATCH_DIR}"/registry/run from --quiet --pull-never ${REGISTRY_IMAGE})
${BUILDAH_BINARY} --storage-driver vfs --root "${TEST_SCRATCH_DIR}"/registry/root --runroot "${TEST_SCRATCH_DIR}"/registry/run copy $ctr "${TEST_SCRATCH_DIR}"/registry/config/htpasswd "${TEST_SCRATCH_DIR}"/registry/config/config.yml "${TEST_SCRATCH_DIR}"/registry/certs/localhost.key "${TEST_SCRATCH_DIR}"/registry/certs/localhost.crt /etc/docker/registry/
# fire it up
coproc ${BUILDAH_BINARY} --storage-driver vfs --root "${TESTDIR}"/registry/root --runroot "${TESTDIR}"/registry/run run --net host "$ctr" /entrypoint.sh /etc/docker/registry/config.yml 2> "${TESTDIR}"/registry/registry.log
coproc ${BUILDAH_BINARY} --storage-driver vfs --root "${TEST_SCRATCH_DIR}"/registry/root --runroot "${TEST_SCRATCH_DIR}"/registry/run run --net host "$ctr" /entrypoint.sh /etc/docker/registry/config.yml 2> "${TEST_SCRATCH_DIR}"/registry/registry.log
# record the coprocess's ID and try to parse the listening port from the log
# we're separating all of this from the storage for any test that might call
# this function and using vfs to minimize the cleanup required
REGISTRY_PID="${COPROC_PID}"
REGISTRY_DIR="${TESTDIR}"/registry
REGISTRY_DIR="${TEST_SCRATCH_DIR}"/registry
REGISTRY_PORT=
local waited=0
while [ -z "${REGISTRY_PORT}" ] ; do
if [ $waited -ge $BUILDAH_TIMEOUT ] ; then
echo Could not determine listening port from log:
sed -e 's/^/ >/' ${TESTDIR}/registry/registry.log
sed -e 's/^/ >/' ${TEST_SCRATCH_DIR}/registry/registry.log
stop_registry
false
fi
waited=$((waited+1))
sleep 1
REGISTRY_PORT=$(sed -ne 's^.*listening on.*:\([0-9]\+\),.*^\1^p' ${TESTDIR}/registry/registry.log)
REGISTRY_PORT=$(sed -ne 's^.*listening on.*:\([0-9]\+\),.*^\1^p' ${TEST_SCRATCH_DIR}/registry/registry.log)
done
# push the registry image we just started... to itself, as a confidence check

12
tests/history.bats
View File

@ -78,9 +78,9 @@ function testconfighistory() {
}
@test "history-add" {
createrandom ${TESTDIR}/randomfile
createrandom ${TEST_SCRATCH_DIR}/randomfile
run_buildah from --name addctr --format docker scratch
run_buildah add --add-history addctr ${TESTDIR}/randomfile
run_buildah add --add-history addctr ${TEST_SCRATCH_DIR}/randomfile
digest="$output"
run_buildah commit $WITH_POLICY_JSON addctr addimg
run_buildah inspect --format '{{range .Docker.History}}{{println .CreatedBy}}{{end}}' addimg
@ -89,9 +89,9 @@ function testconfighistory() {
}
@test "history-copy" {
createrandom ${TESTDIR}/randomfile
createrandom ${TEST_SCRATCH_DIR}/randomfile
run_buildah from --name copyctr --format docker scratch
run_buildah copy --add-history copyctr ${TESTDIR}/randomfile
run_buildah copy --add-history copyctr ${TEST_SCRATCH_DIR}/randomfile
digest="$output"
run_buildah commit $WITH_POLICY_JSON copyctr copyimg
run_buildah inspect --format '{{range .Docker.History}}{{println .CreatedBy}}{{end}}' copyimg
@ -111,7 +111,7 @@ function testconfighistory() {
@test "history should not contain vars in allowlist unless set in ARG" {
_prefetch busybox
ctxdir=${TESTDIR}/bud
ctxdir=${TEST_SCRATCH_DIR}/bud
mkdir -p $ctxdir
cat >$ctxdir/Dockerfile <<EOF
FROM busybox
@ -128,7 +128,7 @@ EOF
@test "history should contain vars in allowlist when set in ARG" {
_prefetch busybox
ctxdir=${TESTDIR}/bud
ctxdir=${TEST_SCRATCH_DIR}/bud
mkdir -p $ctxdir
cat >$ctxdir/Dockerfile <<EOF
FROM busybox

32
tests/images.bats
View File

@ -182,18 +182,18 @@ load helpers
}
@test "images in OCI format with no creation dates" {
mkdir -p $TESTDIR/blobs/sha256
mkdir -p $TEST_SCRATCH_DIR/blobs/sha256
# Create a layer.
dd if=/dev/zero bs=512 count=2 of=$TESTDIR/blob
layerdigest=$(sha256sum $TESTDIR/blob | awk '{print $1}')
layersize=$(stat -c %s $TESTDIR/blob)
mv $TESTDIR/blob $TESTDIR/blobs/sha256/${layerdigest}
dd if=/dev/zero bs=512 count=2 of=$TEST_SCRATCH_DIR/blob
layerdigest=$(sha256sum $TEST_SCRATCH_DIR/blob | awk '{print $1}')
layersize=$(stat -c %s $TEST_SCRATCH_DIR/blob)
mv $TEST_SCRATCH_DIR/blob $TEST_SCRATCH_DIR/blobs/sha256/${layerdigest}
# Create a configuration blob that doesn't include a "created" date.
now=$(TZ=UTC date +%Y-%m-%dT%H:%M:%S.%NZ)
arch=$(go env GOARCH)
cat > $TESTDIR/blob << EOF
cat > $TEST_SCRATCH_DIR/blob << EOF
{
"architecture": "$arch",
"os": "linux",
@ -219,12 +219,12 @@ load helpers
]
}
EOF
configdigest=$(sha256sum $TESTDIR/blob | awk '{print $1}')
configsize=$(stat -c %s $TESTDIR/blob)
mv $TESTDIR/blob $TESTDIR/blobs/sha256/${configdigest}
configdigest=$(sha256sum $TEST_SCRATCH_DIR/blob | awk '{print $1}')
configsize=$(stat -c %s $TEST_SCRATCH_DIR/blob)
mv $TEST_SCRATCH_DIR/blob $TEST_SCRATCH_DIR/blobs/sha256/${configdigest}
# Create a manifest for that configuration blob and layer.
cat > $TESTDIR/blob << EOF
cat > $TEST_SCRATCH_DIR/blob << EOF
{
"schemaVersion": 2,
"config": {
@ -241,12 +241,12 @@ EOF
]
}
EOF
manifestdigest=$(sha256sum $TESTDIR/blob | awk '{print $1}')
manifestsize=$(stat -c %s $TESTDIR/blob)
mv $TESTDIR/blob $TESTDIR/blobs/sha256/${manifestdigest}
manifestdigest=$(sha256sum $TEST_SCRATCH_DIR/blob | awk '{print $1}')
manifestsize=$(stat -c %s $TEST_SCRATCH_DIR/blob)
mv $TEST_SCRATCH_DIR/blob $TEST_SCRATCH_DIR/blobs/sha256/${manifestdigest}
# Add the manifest to the image index.
cat > $TESTDIR/index.json << EOF
cat > $TEST_SCRATCH_DIR/index.json << EOF
{
"schemaVersion": 2,
"manifests": [
@ -260,10 +260,10 @@ EOF
EOF
# Mark the directory as a layout directory.
echo -n '{"imageLayoutVersion": "1.0.0"}' > $TESTDIR/oci-layout
echo -n '{"imageLayoutVersion": "1.0.0"}' > $TEST_SCRATCH_DIR/oci-layout
# Import the image.
run_buildah pull oci:$TESTDIR
run_buildah pull oci:$TEST_SCRATCH_DIR
# Inspect the image. We shouldn't crash.
run_buildah inspect ${configdigest}

26
tests/lists.bats
View File

@ -86,7 +86,7 @@ IMAGE_LIST_S390X_INSTANCE_DIGEST=sha256:882a20ee0df7399a445285361d38b711c299ca09
@test "manifest-push" {
run_buildah manifest create foo
run_buildah manifest add --all foo ${IMAGE_LIST}
run_buildah manifest push $WITH_POLICY_JSON foo dir:${TESTDIR}/pushed
run_buildah manifest push $WITH_POLICY_JSON foo dir:${TEST_SCRATCH_DIR}/pushed
case "$(go env GOARCH 2> /dev/null)" in
amd64) IMAGE_LIST_EXPECTED_INSTANCE_DIGEST=${IMAGE_LIST_AMD64_INSTANCE_DIGEST} ;;
arm64) IMAGE_LIST_EXPECTED_INSTANCE_DIGEST=${IMAGE_LIST_ARM64_INSTANCE_DIGEST} ;;
@ -95,15 +95,15 @@ IMAGE_LIST_S390X_INSTANCE_DIGEST=sha256:882a20ee0df7399a445285361d38b711c299ca09
s390x) IMAGE_LIST_EXPECTED_INSTANCE_DIGEST=${IMAGE_LIST_S390X_INSTANCE_DIGEST} ;;
*) skip "current arch \"$(go env GOARCH 2> /dev/null)\" not present in manifest list" ;;
esac
run grep ${IMAGE_LIST_EXPECTED_INSTANCE_DIGEST##sha256} ${TESTDIR}/pushed/manifest.json
run grep ${IMAGE_LIST_EXPECTED_INSTANCE_DIGEST##sha256} ${TEST_SCRATCH_DIR}/pushed/manifest.json
[ $status -eq 0 ]
}
@test "manifest-push-all" {
run_buildah manifest create foo
run_buildah manifest add --all foo ${IMAGE_LIST}
run_buildah manifest push $WITH_POLICY_JSON --all foo dir:${TESTDIR}/pushed
run sha256sum ${TESTDIR}/pushed/*
run_buildah manifest push $WITH_POLICY_JSON --all foo dir:${TEST_SCRATCH_DIR}/pushed
run sha256sum ${TEST_SCRATCH_DIR}/pushed/*
expect_output --substring ${IMAGE_LIST_AMD64_INSTANCE_DIGEST##sha256:}
expect_output --substring ${IMAGE_LIST_ARM_INSTANCE_DIGEST##sha256:}
expect_output --substring ${IMAGE_LIST_ARM64_INSTANCE_DIGEST##sha256:}
@ -115,7 +115,7 @@ IMAGE_LIST_S390X_INSTANCE_DIGEST=sha256:882a20ee0df7399a445285361d38b711c299ca09
run_buildah manifest create foo
run_buildah manifest add --arch=arm64 foo ${IMAGE_LIST}
run_buildah manifest inspect foo
run_buildah manifest push $WITH_POLICY_JSON --purge foo dir:${TESTDIR}/pushed
run_buildah manifest push $WITH_POLICY_JSON --purge foo dir:${TEST_SCRATCH_DIR}/pushed
run_buildah 125 manifest inspect foo
}
@ -123,7 +123,7 @@ IMAGE_LIST_S390X_INSTANCE_DIGEST=sha256:882a20ee0df7399a445285361d38b711c299ca09
run_buildah manifest create foo
run_buildah manifest add --arch=arm64 foo ${IMAGE_LIST}
run_buildah manifest inspect foo
run_buildah manifest push $WITH_POLICY_JSON --rm foo dir:${TESTDIR}/pushed
run_buildah manifest push $WITH_POLICY_JSON --rm foo dir:${TEST_SCRATCH_DIR}/pushed
run_buildah 125 manifest inspect foo
}
@ -131,7 +131,7 @@ IMAGE_LIST_S390X_INSTANCE_DIGEST=sha256:882a20ee0df7399a445285361d38b711c299ca09
run_buildah manifest create foo
run_buildah manifest add --arch=arm64 foo ${IMAGE_LIST}
run_buildah manifest inspect foo
run_buildah 125 manifest push --authfile /tmp/nonexistent $WITH_POLICY_JSON --purge foo dir:${TESTDIR}/pushed
run_buildah 125 manifest push --authfile /tmp/nonexistent $WITH_POLICY_JSON --purge foo dir:${TEST_SCRATCH_DIR}/pushed
}
@ -172,13 +172,13 @@ IMAGE_LIST_S390X_INSTANCE_DIGEST=sha256:882a20ee0df7399a445285361d38b711c299ca09
archinstance=$(jq -r '.manifests|map(select(.platform.architecture=="'$arch'"))[].digest' <<< "$output")
run_buildah manifest remove test-list $archinstance
# Try to build using the build cache.
mkdir ${TESTDIR}/build
echo 'much content, wow.' > ${TESTDIR}/build/content.txt
echo 'FROM scratch' > ${TESTDIR}/build/Dockerfile
echo 'ADD content.txt /' >> ${TESTDIR}/build/Dockerfile
run_buildah bud --layers --iidfile ${TESTDIR}/image-id.txt ${TESTDIR}/build
mkdir ${TEST_SCRATCH_DIR}/build
echo 'much content, wow.' > ${TEST_SCRATCH_DIR}/build/content.txt
echo 'FROM scratch' > ${TEST_SCRATCH_DIR}/build/Dockerfile
echo 'ADD content.txt /' >> ${TEST_SCRATCH_DIR}/build/Dockerfile
run_buildah bud --layers --iidfile ${TEST_SCRATCH_DIR}/image-id.txt ${TEST_SCRATCH_DIR}/build
# Make sure we can add the new image to the list.
run_buildah manifest add test-list $(< ${TESTDIR}/image-id.txt)
run_buildah manifest add test-list $(< ${TEST_SCRATCH_DIR}/image-id.txt)
}
@test "manifest-add-to-list-from-storage" {

38
tests/namespaces.bats
View File

@ -21,8 +21,8 @@ load helpers
skip_if_chroot
skip_if_rootless
mkdir -p $TESTDIR/no-cni-configs
RUNOPTS="--cni-config-dir=${TESTDIR}/no-cni-configs ${RUNC_BINARY:+--runtime $RUNC_BINARY}"
mkdir -p $TEST_SCRATCH_DIR/no-cni-configs
RUNOPTS="--cni-config-dir=${TEST_SCRATCH_DIR}/no-cni-configs ${RUNC_BINARY:+--runtime $RUNC_BINARY}"
# Check if we're running in an environment that can even test this.
run readlink /proc/self/ns/user
echo "readlink /proc/self/ns/user -> $output"
@ -103,8 +103,8 @@ idmapping_check_permission() {
@test "idmapping" {
skip_if_rootless_environment
mkdir -p $TESTDIR/no-cni-configs
RUNOPTS="--cni-config-dir=${TESTDIR}/no-cni-configs ${RUNC_BINARY:+--runtime $RUNC_BINARY}"
mkdir -p $TEST_SCRATCH_DIR/no-cni-configs
RUNOPTS="--cni-config-dir=${TEST_SCRATCH_DIR}/no-cni-configs ${RUNC_BINARY:+--runtime $RUNC_BINARY}"
# Check if we're running in an environment that can even test this.
run readlink /proc/self/ns/user
@ -178,11 +178,11 @@ idmapping_check_permission() {
fi
fi
touch ${TESTDIR}/somefile
mkdir ${TESTDIR}/somedir
touch ${TESTDIR}/somedir/someotherfile
chmod 700 ${TESTDIR}/somedir/someotherfile
chmod u+s ${TESTDIR}/somedir/someotherfile
touch ${TEST_SCRATCH_DIR}/somefile
mkdir ${TEST_SCRATCH_DIR}/somedir
touch ${TEST_SCRATCH_DIR}/somedir/someotherfile
chmod 700 ${TEST_SCRATCH_DIR}/somedir/someotherfile
chmod u+s ${TEST_SCRATCH_DIR}/somedir/someotherfile
for i in $(seq 0 "$((${#uidmaps[*]}-1))") ; do
# local helper function for checking /proc/self/ns/user
@ -220,11 +220,11 @@ idmapping_check_permission() {
rootgid=$rootxid
# Check that if we copy a file into the container, it gets the right permissions.
run_buildah copy --chown 1:1 "$ctr" ${TESTDIR}/somefile /
run_buildah copy --chown 1:1 "$ctr" ${TEST_SCRATCH_DIR}/somefile /
run_buildah run $RUNOPTS "$ctr" stat -c '%u:%g' /somefile
output_file_stat="$output"
# Check that if we copy a directory into the container, its contents get the right permissions.
run_buildah copy "$ctr" ${TESTDIR}/somedir /somedir
run_buildah copy "$ctr" ${TEST_SCRATCH_DIR}/somedir /somedir
run_buildah run $RUNOPTS "$ctr" stat -c '%u:%g' /somedir
output_dir_stat="$output"
idmapping_check_permission "$output_file_stat" "$output_dir_stat"
@ -247,7 +247,7 @@ idmapping_check_permission() {
# Build an image using these mappings.
echo "Building image with ${uidmapargs[$i]} ${gidmapargs[$i]}"
run_buildah bud ${uidmapargs[$i]} ${gidmapargs[$i]} $RUNOPTS $WITH_POLICY_JSON \
-t localhost/alpine-bud:$i -f $BUDFILES/namespaces/Containerfile $TESTDIR
-t localhost/alpine-bud:$i -f $BUDFILES/namespaces/Containerfile $TEST_SCRATCH_DIR
# If we specified mappings, expect to be in a different namespace by default.
output_namespace="$(grep -A1 'ReadlinkResult' <<< "$output" | tail -n1)"
idmapping_check_namespace "${output_namespace}" "bud"
@ -271,9 +271,9 @@ idmapping_check_permission() {
}
general_namespace() {
mkdir -p $TESTDIR/no-cni-configs
RUNOPTS="--cni-config-dir=${TESTDIR}/no-cni-configs ${RUNC_BINARY:+--runtime $RUNC_BINARY}"
mytmpdir=$TESTDIR/my-dir
mkdir -p $TEST_SCRATCH_DIR/no-cni-configs
RUNOPTS="--cni-config-dir=${TEST_SCRATCH_DIR}/no-cni-configs ${RUNC_BINARY:+--runtime $RUNC_BINARY}"
mytmpdir=$TEST_SCRATCH_DIR/my-dir
mkdir -p ${mytmpdir}
# The name of the /proc/self/ns/$link.
@ -440,11 +440,11 @@ _EOF
@test "idmapping-and-squash" {
skip_if_rootless_environment
createrandom ${TESTDIR}/randomfile
createrandom ${TEST_SCRATCH_DIR}/randomfile
run_buildah from --userns-uid-map 0:32:16 --userns-gid-map 0:48:16 scratch
cid=$output
run_buildah copy "$cid" ${TESTDIR}/randomfile /
run_buildah copy --chown 1:1 "$cid" ${TESTDIR}/randomfile /randomfile2
run_buildah copy "$cid" ${TEST_SCRATCH_DIR}/randomfile /
run_buildah copy --chown 1:1 "$cid" ${TEST_SCRATCH_DIR}/randomfile /randomfile2
run_buildah commit --squash $WITH_POLICY_JSON --rm "$cid" squashed
run_buildah from --quiet squashed
cid=$output
@ -486,7 +486,7 @@ _EOF
skip_if_chroot
_prefetch alpine
containers_conf_file="$TESTDIR/containers-namespaces.conf"
containers_conf_file="$TEST_SCRATCH_DIR/containers-namespaces.conf"
for mode in host private; do
cat > "$containers_conf_file" << EOF

30
tests/overlay.bats
View File

@ -9,10 +9,10 @@ load helpers
skip "skipping overlay test because \$STORAGE_DRIVER = $STORAGE_DRIVER"
fi
image=alpine
mkdir ${TESTDIR}/lower
touch ${TESTDIR}/lower/foo
mkdir ${TEST_SCRATCH_DIR}/lower
touch ${TEST_SCRATCH_DIR}/lower/foo
run_buildah from --quiet -v ${TESTDIR}/lower:/lower:O --quiet $WITH_POLICY_JSON $image
run_buildah from --quiet -v ${TEST_SCRATCH_DIR}/lower:/lower:O --quiet $WITH_POLICY_JSON $image
cid=$output
# This should succeed
@ -27,7 +27,7 @@ load helpers
run_buildah 1 run $cid ls /lower/bar
# This should fail
run ls ${TESTDIR}/lower/bar
run ls ${TEST_SCRATCH_DIR}/lower/bar
[ "$status" -ne 0 ]
}
@ -38,10 +38,10 @@ load helpers
skip "skipping overlay test because \$STORAGE_DRIVER = $STORAGE_DRIVER"
fi
image=alpine
mkdir -m 770 ${TESTDIR}/lower
chown 1:1 ${TESTDIR}/lower
permission=$(stat -c "%a %u %g" ${TESTDIR}/lower)
run_buildah from --quiet -v ${TESTDIR}/lower:/tmp/test:O --quiet $WITH_POLICY_JSON $image
mkdir -m 770 ${TEST_SCRATCH_DIR}/lower
chown 1:1 ${TEST_SCRATCH_DIR}/lower
permission=$(stat -c "%a %u %g" ${TEST_SCRATCH_DIR}/lower)
run_buildah from --quiet -v ${TEST_SCRATCH_DIR}/lower:/tmp/test:O --quiet $WITH_POLICY_JSON $image
cid=$output
# This should succeed
@ -49,7 +49,7 @@ load helpers
expect_output "$permission"
# Create and remove content in the overlay directory, should succeed
touch ${TESTDIR}/lower/foo
touch ${TEST_SCRATCH_DIR}/lower/foo
run_buildah run $cid touch /tmp/test/bar
run_buildah run $cid rm /tmp/test/foo
@ -57,7 +57,7 @@ load helpers
run_buildah 1 run $cid ls /tmp/test/bar
# This should fail since /tmp/test was an overlay, not a bind mount
run ls ${TESTDIR}/lower/bar
run ls ${TEST_SCRATCH_DIR}/lower/bar
[ "$status" -ne 0 ]
}
@ -68,19 +68,19 @@ load helpers
skip "skipping overlay test because \$STORAGE_DRIVER = $STORAGE_DRIVER"
fi
image=alpine
mkdir ${TESTDIR}/a:lower
touch ${TESTDIR}/a:lower/foo
mkdir ${TEST_SCRATCH_DIR}/a:lower
touch ${TEST_SCRATCH_DIR}/a:lower/foo
# This should succeed.
# Add double backslash, because shell will escape.
run_buildah from --quiet -v ${TESTDIR}/a\\:lower:/a\\:lower:O --quiet $WITH_POLICY_JSON $image
run_buildah from --quiet -v ${TEST_SCRATCH_DIR}/a\\:lower:/a\\:lower:O --quiet $WITH_POLICY_JSON $image
cid=$output
# This should succeed
run_buildah run $cid ls /a:lower/foo
# Mount volume when run
run_buildah run -v ${TESTDIR}/a\\:lower:/b\\:lower:O $cid ls /b:lower/foo
run_buildah run -v ${TEST_SCRATCH_DIR}/a\\:lower:/b\\:lower:O $cid ls /b:lower/foo
# Create and remove content in the overlay directory, should succeed,
# resetting the contents between each run.
@ -91,6 +91,6 @@ load helpers
run_buildah 1 run $cid ls /a:lower/bar
# This should fail
run ls ${TESTDIR}/a:lower/bar
run ls ${TEST_SCRATCH_DIR}/a:lower/bar
[ "$status" -ne 0 ]
}

94
tests/pull.bats
View File

@ -42,7 +42,7 @@ load helpers
expect_output --substring "busybox:glibc"
expect_output --substring "busybox:latest"
# We need to see if this file is created after first pull in at least one test
[ -f ${TESTDIR}/root/defaultNetworkBackend ]
[ -f ${TEST_SCRATCH_DIR}/root/defaultNetworkBackend ]
run_buildah --retry pull --registries-conf ${TEST_SOURCES}/registries.conf $WITH_POLICY_JSON quay.io/libpod/alpine_nginx:latest
run_buildah images --format "{{.Name}}:{{.Tag}}"
@ -61,32 +61,32 @@ load helpers
@test "pull-from-docker-archive" {
run_buildah --retry pull $WITH_POLICY_JSON alpine
run_buildah push $WITH_POLICY_JSON docker.io/library/alpine:latest docker-archive:${TESTDIR}/alp.tar:alpine:latest
run_buildah push $WITH_POLICY_JSON docker.io/library/alpine:latest docker-archive:${TEST_SCRATCH_DIR}/alp.tar:alpine:latest
run_buildah rmi alpine
run_buildah --retry pull $WITH_POLICY_JSON docker-archive:${TESTDIR}/alp.tar
run_buildah --retry pull $WITH_POLICY_JSON docker-archive:${TEST_SCRATCH_DIR}/alp.tar
run_buildah images --format "{{.Name}}:{{.Tag}}"
expect_output --substring "alpine"
run_buildah 125 pull --all-tags $WITH_POLICY_JSON docker-archive:${TESTDIR}/alp.tar
run_buildah 125 pull --all-tags $WITH_POLICY_JSON docker-archive:${TEST_SCRATCH_DIR}/alp.tar
expect_output --substring "pulling all tags is not supported for docker-archive transport"
}
@test "pull-from-oci-archive" {
run_buildah --retry pull $WITH_POLICY_JSON alpine
run_buildah push $WITH_POLICY_JSON docker.io/library/alpine:latest oci-archive:${TESTDIR}/alp.tar:alpine
run_buildah push $WITH_POLICY_JSON docker.io/library/alpine:latest oci-archive:${TEST_SCRATCH_DIR}/alp.tar:alpine
run_buildah rmi alpine
run_buildah pull $WITH_POLICY_JSON oci-archive:${TESTDIR}/alp.tar
run_buildah pull $WITH_POLICY_JSON oci-archive:${TEST_SCRATCH_DIR}/alp.tar
run_buildah images --format "{{.Name}}:{{.Tag}}"
expect_output --substring "alpine"
run_buildah 125 pull --all-tags $WITH_POLICY_JSON oci-archive:${TESTDIR}/alp.tar
run_buildah 125 pull --all-tags $WITH_POLICY_JSON oci-archive:${TEST_SCRATCH_DIR}/alp.tar
expect_output --substring "pulling all tags is not supported for oci-archive transport"
}
@test "pull-from-local-directory" {
mkdir ${TESTDIR}/buildahtest
mkdir ${TEST_SCRATCH_DIR}/buildahtest
run_buildah --retry pull $WITH_POLICY_JSON alpine
run_buildah push $WITH_POLICY_JSON docker.io/library/alpine:latest dir:${TESTDIR}/buildahtest
run_buildah push $WITH_POLICY_JSON docker.io/library/alpine:latest dir:${TEST_SCRATCH_DIR}/buildahtest
run_buildah rmi alpine
run_buildah pull --quiet $WITH_POLICY_JSON dir:${TESTDIR}/buildahtest
run_buildah pull --quiet $WITH_POLICY_JSON dir:${TEST_SCRATCH_DIR}/buildahtest
imageID="$output"
# Images pulled via the dir transport are untagged.
run_buildah images --format "{{.Name}}:{{.Tag}}"
@ -150,12 +150,12 @@ load helpers
@test "pull-from-oci-directory" {
run_buildah --retry pull $WITH_POLICY_JSON alpine
run_buildah push $WITH_POLICY_JSON docker.io/library/alpine:latest oci:${TESTDIR}/alpine
run_buildah push $WITH_POLICY_JSON docker.io/library/alpine:latest oci:${TEST_SCRATCH_DIR}/alpine
run_buildah rmi alpine
run_buildah pull $WITH_POLICY_JSON oci:${TESTDIR}/alpine
run_buildah pull $WITH_POLICY_JSON oci:${TEST_SCRATCH_DIR}/alpine
run_buildah images --format "{{.Name}}:{{.Tag}}"
expect_output --substring "localhost${TESTDIR}/alpine:latest"
run_buildah 125 pull --all-tags $WITH_POLICY_JSON oci:${TESTDIR}/alpine
expect_output --substring "localhost${TEST_SCRATCH_DIR}/alpine:latest"
run_buildah 125 pull --all-tags $WITH_POLICY_JSON oci:${TEST_SCRATCH_DIR}/alpine
expect_output --substring "pulling all tags is not supported for oci transport"
}
@ -183,76 +183,76 @@ load helpers
@test "pull encrypted local image" {
_prefetch busybox
mkdir ${TESTDIR}/tmp
openssl genrsa -out ${TESTDIR}/tmp/mykey.pem 1024
openssl genrsa -out ${TESTDIR}/tmp/mykey2.pem 1024
openssl rsa -in ${TESTDIR}/tmp/mykey.pem -pubout > ${TESTDIR}/tmp/mykey.pub
run_buildah push $WITH_POLICY_JSON --encryption-key jwe:${TESTDIR}/tmp/mykey.pub busybox oci:${TESTDIR}/tmp/busybox_enc
mkdir ${TEST_SCRATCH_DIR}/tmp
openssl genrsa -out ${TEST_SCRATCH_DIR}/tmp/mykey.pem 1024
openssl genrsa -out ${TEST_SCRATCH_DIR}/tmp/mykey2.pem 1024
openssl rsa -in ${TEST_SCRATCH_DIR}/tmp/mykey.pem -pubout > ${TEST_SCRATCH_DIR}/tmp/mykey.pub
run_buildah push $WITH_POLICY_JSON --encryption-key jwe:${TEST_SCRATCH_DIR}/tmp/mykey.pub busybox oci:${TEST_SCRATCH_DIR}/tmp/busybox_enc
# Try to pull encrypted image without key should fail
run_buildah 125 pull $WITH_POLICY_JSON oci:${TESTDIR}/tmp/busybox_enc
run_buildah 125 pull $WITH_POLICY_JSON oci:${TEST_SCRATCH_DIR}/tmp/busybox_enc
expect_output --substring "decrypting layer .* missing private key needed for decryption"
# Try to pull encrypted image with wrong key should fail
run_buildah 125 pull $WITH_POLICY_JSON --decryption-key ${TESTDIR}/tmp/mykey2.pem oci:${TESTDIR}/tmp/busybox_enc
run_buildah 125 pull $WITH_POLICY_JSON --decryption-key ${TEST_SCRATCH_DIR}/tmp/mykey2.pem oci:${TEST_SCRATCH_DIR}/tmp/busybox_enc
expect_output --substring "decrypting layer .* no suitable key unwrapper found or none of the private keys could be used for decryption"
# Providing the right key should succeed
run_buildah pull $WITH_POLICY_JSON --decryption-key ${TESTDIR}/tmp/mykey.pem oci:${TESTDIR}/tmp/busybox_enc
run_buildah pull $WITH_POLICY_JSON --decryption-key ${TEST_SCRATCH_DIR}/tmp/mykey.pem oci:${TEST_SCRATCH_DIR}/tmp/busybox_enc
rm -rf ${TESTDIR}/tmp
rm -rf ${TEST_SCRATCH_DIR}/tmp
}
@test "pull encrypted registry image" {
_prefetch busybox
start_registry
mkdir ${TESTDIR}/tmp
openssl genrsa -out ${TESTDIR}/tmp/mykey.pem 1024
openssl genrsa -out ${TESTDIR}/tmp/mykey2.pem 1024
openssl rsa -in ${TESTDIR}/tmp/mykey.pem -pubout > ${TESTDIR}/tmp/mykey.pub
run_buildah push $WITH_POLICY_JSON --tls-verify=false --creds testuser:testpassword --encryption-key jwe:${TESTDIR}/tmp/mykey.pub busybox docker://localhost:${REGISTRY_PORT}/buildah/busybox_encrypted:latest
mkdir ${TEST_SCRATCH_DIR}/tmp
openssl genrsa -out ${TEST_SCRATCH_DIR}/tmp/mykey.pem 1024
openssl genrsa -out ${TEST_SCRATCH_DIR}/tmp/mykey2.pem 1024
openssl rsa -in ${TEST_SCRATCH_DIR}/tmp/mykey.pem -pubout > ${TEST_SCRATCH_DIR}/tmp/mykey.pub
run_buildah push $WITH_POLICY_JSON --tls-verify=false --creds testuser:testpassword --encryption-key jwe:${TEST_SCRATCH_DIR}/tmp/mykey.pub busybox docker://localhost:${REGISTRY_PORT}/buildah/busybox_encrypted:latest
# Try to pull encrypted image without key should fail
run_buildah 125 pull $WITH_POLICY_JSON --tls-verify=false --creds testuser:testpassword docker://localhost:${REGISTRY_PORT}/buildah/busybox_encrypted:latest
expect_output --substring "decrypting layer .* missing private key needed for decryption"
# Try to pull encrypted image with wrong key should fail, with diff. msg
run_buildah 125 pull $WITH_POLICY_JSON --tls-verify=false --creds testuser:testpassword --decryption-key ${TESTDIR}/tmp/mykey2.pem docker://localhost:${REGISTRY_PORT}/buildah/busybox_encrypted:latest
run_buildah 125 pull $WITH_POLICY_JSON --tls-verify=false --creds testuser:testpassword --decryption-key ${TEST_SCRATCH_DIR}/tmp/mykey2.pem docker://localhost:${REGISTRY_PORT}/buildah/busybox_encrypted:latest
expect_output --substring "decrypting layer .* no suitable key unwrapper found or none of the private keys could be used for decryption"
# Providing the right key should succeed
run_buildah pull $WITH_POLICY_JSON --tls-verify=false --creds testuser:testpassword --decryption-key ${TESTDIR}/tmp/mykey.pem docker://localhost:${REGISTRY_PORT}/buildah/busybox_encrypted:latest
run_buildah pull $WITH_POLICY_JSON --tls-verify=false --creds testuser:testpassword --decryption-key ${TEST_SCRATCH_DIR}/tmp/mykey.pem docker://localhost:${REGISTRY_PORT}/buildah/busybox_encrypted:latest
run_buildah rmi localhost:${REGISTRY_PORT}/buildah/busybox_encrypted:latest
rm -rf ${TESTDIR}/tmp
rm -rf ${TEST_SCRATCH_DIR}/tmp
}
@test "pull encrypted registry image from commit" {
_prefetch busybox
start_registry
mkdir ${TESTDIR}/tmp
openssl genrsa -out ${TESTDIR}/tmp/mykey.pem 1024
openssl genrsa -out ${TESTDIR}/tmp/mykey2.pem 1024
openssl rsa -in ${TESTDIR}/tmp/mykey.pem -pubout > ${TESTDIR}/tmp/mykey.pub
mkdir ${TEST_SCRATCH_DIR}/tmp
openssl genrsa -out ${TEST_SCRATCH_DIR}/tmp/mykey.pem 1024
openssl genrsa -out ${TEST_SCRATCH_DIR}/tmp/mykey2.pem 1024
openssl rsa -in ${TEST_SCRATCH_DIR}/tmp/mykey.pem -pubout > ${TEST_SCRATCH_DIR}/tmp/mykey.pub
run_buildah from --quiet --pull=false $WITH_POLICY_JSON busybox
cid=$output
run_buildah commit --iidfile /dev/null --tls-verify=false --creds testuser:testpassword $WITH_POLICY_JSON --encryption-key jwe:${TESTDIR}/tmp/mykey.pub -q $cid docker://localhost:${REGISTRY_PORT}/buildah/busybox_encrypted:latest
run_buildah commit --iidfile /dev/null --tls-verify=false --creds testuser:testpassword $WITH_POLICY_JSON --encryption-key jwe:${TEST_SCRATCH_DIR}/tmp/mykey.pub -q $cid docker://localhost:${REGISTRY_PORT}/buildah/busybox_encrypted:latest
# Try to pull encrypted image without key should fail
run_buildah 125 pull $WITH_POLICY_JSON --tls-verify=false --creds testuser:testpassword docker://localhost:${REGISTRY_PORT}/buildah/busybox_encrypted:latest
expect_output --substring "decrypting layer .* missing private key needed for decryption"
# Try to pull encrypted image with wrong key should fail
run_buildah 125 pull $WITH_POLICY_JSON --tls-verify=false --creds testuser:testpassword --decryption-key ${TESTDIR}/tmp/mykey2.pem docker://localhost:${REGISTRY_PORT}/buildah/busybox_encrypted:latest
run_buildah 125 pull $WITH_POLICY_JSON --tls-verify=false --creds testuser:testpassword --decryption-key ${TEST_SCRATCH_DIR}/tmp/mykey2.pem docker://localhost:${REGISTRY_PORT}/buildah/busybox_encrypted:latest
expect_output --substring "decrypting layer .* no suitable key unwrapper found or none of the private keys could be used for decryption"
# Providing the right key should succeed
run_buildah pull $WITH_POLICY_JSON --tls-verify=false --creds testuser:testpassword --decryption-key ${TESTDIR}/tmp/mykey.pem docker://localhost:${REGISTRY_PORT}/buildah/busybox_encrypted:latest
run_buildah pull $WITH_POLICY_JSON --tls-verify=false --creds testuser:testpassword --decryption-key ${TEST_SCRATCH_DIR}/tmp/mykey.pem docker://localhost:${REGISTRY_PORT}/buildah/busybox_encrypted:latest
run_buildah rmi localhost:${REGISTRY_PORT}/buildah/busybox_encrypted:latest
rm -rf ${TESTDIR}/tmp
rm -rf ${TEST_SCRATCH_DIR}/tmp
}
@test "pull image into a full storage" {
@ -269,13 +269,13 @@ load helpers
@test "pull with authfile" {
_prefetch busybox
start_registry
mkdir ${TESTDIR}/tmp
mkdir ${TEST_SCRATCH_DIR}/tmp
run_buildah push --creds testuser:testpassword --tls-verify=false busybox docker://localhost:${REGISTRY_PORT}/buildah/busybox:latest
run_buildah login --authfile ${TESTDIR}/tmp/test.auth --username testuser --password testpassword --tls-verify=false localhost:${REGISTRY_PORT}
run_buildah pull --authfile ${TESTDIR}/tmp/test.auth --tls-verify=false docker://localhost:${REGISTRY_PORT}/buildah/busybox:latest
run_buildah login --authfile ${TEST_SCRATCH_DIR}/tmp/test.auth --username testuser --password testpassword --tls-verify=false localhost:${REGISTRY_PORT}
run_buildah pull --authfile ${TEST_SCRATCH_DIR}/tmp/test.auth --tls-verify=false docker://localhost:${REGISTRY_PORT}/buildah/busybox:latest
run_buildah rmi localhost:${REGISTRY_PORT}/buildah/busybox:latest
rm -rf ${TESTDIR}/tmp
rm -rf ${TEST_SCRATCH_DIR}/tmp
}
@test "pull quietly" {
@ -285,7 +285,7 @@ load helpers
}
@test "pull-policy" {
mkdir ${TESTDIR}/buildahtest
mkdir ${TEST_SCRATCH_DIR}/buildahtest
run_buildah 125 pull $WITH_POLICY_JSON --policy bogus alpine
expect_output --substring "unsupported pull policy \"bogus\""
@ -329,7 +329,7 @@ load helpers
}
@test "pull --arch" {
mkdir ${TESTDIR}/buildahtest
mkdir ${TEST_SCRATCH_DIR}/buildahtest
run_buildah 125 pull $WITH_POLICY_JSON --arch bogus alpine
expect_output --substring "no image found in manifest list"
@ -346,7 +346,7 @@ load helpers
}
@test "pull --platform" {
mkdir ${TESTDIR}/buildahtest
mkdir ${TEST_SCRATCH_DIR}/buildahtest
run_buildah 125 pull $WITH_POLICY_JSON --platform linux/bogus alpine
expect_output --substring "no image found in manifest list"
@ -364,7 +364,7 @@ load helpers
@test "pull image with TMPDIR set" {
skip_if_rootless_environment
testdir=${TESTDIR}/buildah-test
testdir=${TEST_SCRATCH_DIR}/buildah-test
mkdir -p $testdir
mount -t tmpfs -o size=1M tmpfs $testdir

76
tests/push.bats
View File

@ -18,28 +18,28 @@ load helpers
@test "push" {
skip_if_rootless_environment
touch ${TESTDIR}/reference-time-file
touch ${TEST_SCRATCH_DIR}/reference-time-file
for source in scratch scratch-image; do
run_buildah from --quiet --pull=false $WITH_POLICY_JSON ${source}
cid=$output
for format in "" docker oci ; do
mkdir -p ${TESTDIR}/committed${format:+.${format}}
mkdir -p ${TEST_SCRATCH_DIR}/committed${format:+.${format}}
# Force no compression to generate what we push.
run_buildah commit -D ${format:+--format ${format}} --reference-time ${TESTDIR}/reference-time-file $WITH_POLICY_JSON "$cid" scratch-image${format:+-${format}}
run_buildah commit -D ${format:+--format ${format}} --reference-time ${TESTDIR}/reference-time-file $WITH_POLICY_JSON "$cid" dir:${TESTDIR}/committed${format:+.${format}}
mkdir -p ${TESTDIR}/pushed${format:+.${format}}
run_buildah push -D $WITH_POLICY_JSON scratch-image${format:+-${format}} dir:${TESTDIR}/pushed${format:+.${format}}
run_buildah commit -D ${format:+--format ${format}} --reference-time ${TEST_SCRATCH_DIR}/reference-time-file $WITH_POLICY_JSON "$cid" scratch-image${format:+-${format}}
run_buildah commit -D ${format:+--format ${format}} --reference-time ${TEST_SCRATCH_DIR}/reference-time-file $WITH_POLICY_JSON "$cid" dir:${TEST_SCRATCH_DIR}/committed${format:+.${format}}
mkdir -p ${TEST_SCRATCH_DIR}/pushed${format:+.${format}}
run_buildah push -D $WITH_POLICY_JSON scratch-image${format:+-${format}} dir:${TEST_SCRATCH_DIR}/pushed${format:+.${format}}
# Re-encode the manifest to lose variations due to different encoders or definitions of structures.
imgtype -expected-manifest-type "*" -rebuild-manifest -show-manifest dir:${TESTDIR}/committed${format:+.${format}} > ${TESTDIR}/manifest.committed${format:+.${format}}
imgtype -expected-manifest-type "*" -rebuild-manifest -show-manifest dir:${TESTDIR}/pushed${format:+.${format}} > ${TESTDIR}/manifest.pushed${format:+.${format}}
diff -u ${TESTDIR}/manifest.committed${format:+.${format}} ${TESTDIR}/manifest.pushed${format:+.${format}}
imgtype -expected-manifest-type "*" -rebuild-manifest -show-manifest dir:${TEST_SCRATCH_DIR}/committed${format:+.${format}} > ${TEST_SCRATCH_DIR}/manifest.committed${format:+.${format}}
imgtype -expected-manifest-type "*" -rebuild-manifest -show-manifest dir:${TEST_SCRATCH_DIR}/pushed${format:+.${format}} > ${TEST_SCRATCH_DIR}/manifest.pushed${format:+.${format}}
diff -u ${TEST_SCRATCH_DIR}/manifest.committed${format:+.${format}} ${TEST_SCRATCH_DIR}/manifest.pushed${format:+.${format}}
done
run_buildah rm "$cid"
done
}
@test "push with manifest type conversion" {
mytmpdir=${TESTDIR}/my-dir
mytmpdir=${TEST_SCRATCH_DIR}/my-dir
mkdir -p $mytmpdir
_prefetch alpine
@ -55,7 +55,7 @@ load helpers
}
@test "push with imageid" {
mytmpdir=${TESTDIR}/my-dir
mytmpdir=${TEST_SCRATCH_DIR}/my-dir
mkdir -p $mytmpdir
_prefetch alpine
@ -67,7 +67,7 @@ load helpers
}
@test "push with imageid and digest file" {
mytmpdir=${TESTDIR}/my-dir
mytmpdir=${TEST_SCRATCH_DIR}/my-dir
mkdir -p $mytmpdir
_prefetch alpine
@ -75,9 +75,9 @@ load helpers
cid=$output
run_buildah images -q
imageid=$output
run_buildah push --digestfile=${TESTDIR}/digest.txt $WITH_POLICY_JSON $imageid dir:$mytmpdir
cat ${TESTDIR}/digest.txt
test -s ${TESTDIR}/digest.txt
run_buildah push --digestfile=${TEST_SCRATCH_DIR}/digest.txt $WITH_POLICY_JSON $imageid dir:$mytmpdir
cat ${TEST_SCRATCH_DIR}/digest.txt
test -s ${TEST_SCRATCH_DIR}/digest.txt
}
@test "push without destination" {
@ -93,7 +93,7 @@ load helpers
cid=$output
run_buildah images -q
imageid=$output
run_buildah 125 push $WITH_POLICY_JSON --authfile /tmp/nonexistent $imageid dir:${TESTDIR}/my-tmp-dir
run_buildah 125 push $WITH_POLICY_JSON --authfile /tmp/nonexistent $imageid dir:${TEST_SCRATCH_DIR}/my-tmp-dir
}
@test "push-denied-by-registry-sources" {
@ -132,10 +132,10 @@ load helpers
@test "buildah push image to docker-archive and oci-archive" {
_prefetch busybox
for dest in docker-archive oci-archive; do
mkdir ${TESTDIR}/tmp
run_buildah push $WITH_POLICY_JSON busybox $dest:${TESTDIR}/tmp/busybox.tar:latest
ls ${TESTDIR}/tmp/busybox.tar
rm -rf ${TESTDIR}/tmp
mkdir ${TEST_SCRATCH_DIR}/tmp
run_buildah push $WITH_POLICY_JSON busybox $dest:${TEST_SCRATCH_DIR}/tmp/busybox.tar:latest
ls ${TEST_SCRATCH_DIR}/tmp/busybox.tar
rm -rf ${TEST_SCRATCH_DIR}/tmp
done
}
@ -161,24 +161,24 @@ load helpers
@test "buildah oci encrypt and push local oci" {
skip_if_rootless_environment
_prefetch busybox
mkdir ${TESTDIR}/tmp
openssl genrsa -out ${TESTDIR}/tmp/mykey.pem 1024
openssl rsa -in ${TESTDIR}/tmp/mykey.pem -pubout > ${TESTDIR}/tmp/mykey.pub
run_buildah push $WITH_POLICY_JSON --encryption-key jwe:${TESTDIR}/tmp/mykey.pub busybox oci:${TESTDIR}/tmp/busybox_enc
imgtype -show-manifest oci:${TESTDIR}/tmp/busybox_enc | grep "+encrypted"
rm -rf ${TESTDIR}/tmp
mkdir ${TEST_SCRATCH_DIR}/tmp
openssl genrsa -out ${TEST_SCRATCH_DIR}/tmp/mykey.pem 1024
openssl rsa -in ${TEST_SCRATCH_DIR}/tmp/mykey.pem -pubout > ${TEST_SCRATCH_DIR}/tmp/mykey.pub
run_buildah push $WITH_POLICY_JSON --encryption-key jwe:${TEST_SCRATCH_DIR}/tmp/mykey.pub busybox oci:${TEST_SCRATCH_DIR}/tmp/busybox_enc
imgtype -show-manifest oci:${TEST_SCRATCH_DIR}/tmp/busybox_enc | grep "+encrypted"
rm -rf ${TEST_SCRATCH_DIR}/tmp
}
@test "buildah oci encrypt and push registry" {
_prefetch busybox
mkdir ${TESTDIR}/tmp
mkdir ${TEST_SCRATCH_DIR}/tmp
start_registry
openssl genrsa -out ${TESTDIR}/tmp/mykey.pem 1024
openssl rsa -in ${TESTDIR}/tmp/mykey.pem -pubout > ${TESTDIR}/tmp/mykey.pub
run_buildah push $WITH_POLICY_JSON --tls-verify=false --creds testuser:testpassword --encryption-key jwe:${TESTDIR}/tmp/mykey.pub busybox docker://localhost:${REGISTRY_PORT}/buildah/busybox_encrypted:latest
openssl genrsa -out ${TEST_SCRATCH_DIR}/tmp/mykey.pem 1024
openssl rsa -in ${TEST_SCRATCH_DIR}/tmp/mykey.pem -pubout > ${TEST_SCRATCH_DIR}/tmp/mykey.pub
run_buildah push $WITH_POLICY_JSON --tls-verify=false --creds testuser:testpassword --encryption-key jwe:${TEST_SCRATCH_DIR}/tmp/mykey.pub busybox docker://localhost:${REGISTRY_PORT}/buildah/busybox_encrypted:latest
# this test, just checks the ability to push an image
# there is no good way to test the details of the image unless with ./buildah pull, test will be in pull.bats
rm -rf ${TESTDIR}/tmp
rm -rf ${TEST_SCRATCH_DIR}/tmp
}
@test "buildah push to registry allowed by BUILD_REGISTRY_SOURCES" {
@ -189,20 +189,20 @@ load helpers
run_buildah 125 push --creds testuser:testpassword $WITH_POLICY_JSON --tls-verify=true busybox docker://localhost:${REGISTRY_PORT}/buildah/busybox:latest
expect_output --substring "certificate signed by unknown authority"
run_buildah push --creds testuser:testpassword $WITH_POLICY_JSON --cert-dir ${TESTDIR}/registry busybox docker://localhost:${REGISTRY_PORT}/buildah/busybox:latest
run_buildah push --creds testuser:testpassword $WITH_POLICY_JSON --cert-dir ${TEST_SCRATCH_DIR}/registry busybox docker://localhost:${REGISTRY_PORT}/buildah/busybox:latest
}
@test "push with authfile" {
_prefetch busybox
mkdir ${TESTDIR}/tmp
mkdir ${TEST_SCRATCH_DIR}/tmp
start_registry
run_buildah login --authfile ${TESTDIR}/tmp/test.auth --username testuser --password testpassword --tls-verify=false localhost:${REGISTRY_PORT}
run_buildah push --authfile ${TESTDIR}/tmp/test.auth $WITH_POLICY_JSON --tls-verify=false busybox docker://localhost:${REGISTRY_PORT}/buildah/busybox:latest
run_buildah login --authfile ${TEST_SCRATCH_DIR}/tmp/test.auth --username testuser --password testpassword --tls-verify=false localhost:${REGISTRY_PORT}
run_buildah push --authfile ${TEST_SCRATCH_DIR}/tmp/test.auth $WITH_POLICY_JSON --tls-verify=false busybox docker://localhost:${REGISTRY_PORT}/buildah/busybox:latest
expect_output --substring "Copying"
}
@test "push with --quiet" {
mytmpdir=${TESTDIR}/my-dir
mytmpdir=${TEST_SCRATCH_DIR}/my-dir
mkdir -p $mytmpdir
_prefetch alpine
@ -216,7 +216,7 @@ load helpers
cid=$output
run_buildah images -q
imageid=$output
run_buildah push --format oci --compression-format zstd:chunked $imageid dir:${TESTDIR}/zstd
run_buildah push --format oci --compression-format zstd:chunked $imageid dir:${TEST_SCRATCH_DIR}/zstd
# Verify there is some zstd compressed layer.
grep application/vnd.oci.image.layer.v1.tar+zstd ${TESTDIR}/zstd/manifest.json
grep application/vnd.oci.image.layer.v1.tar+zstd ${TEST_SCRATCH_DIR}/zstd/manifest.json
}

18
tests/rmi.bats
View File

@ -76,8 +76,8 @@ load helpers
@test "use prune to remove dangling images" {
_prefetch busybox
createrandom ${TESTDIR}/randomfile
createrandom ${TESTDIR}/other-randomfile
createrandom ${TEST_SCRATCH_DIR}/randomfile
createrandom ${TEST_SCRATCH_DIR}/other-randomfile
run_buildah from --pull=false --quiet $WITH_POLICY_JSON busybox
cid=$output
@ -87,7 +87,7 @@ load helpers
run_buildah mount $cid
root=$output
cp ${TESTDIR}/randomfile $root/randomfile
cp ${TEST_SCRATCH_DIR}/randomfile $root/randomfile
run_buildah unmount $cid
run_buildah commit $WITH_POLICY_JSON $cid containers-storage:new-image
@ -96,7 +96,7 @@ load helpers
run_buildah mount $cid
root=$output
cp ${TESTDIR}/other-randomfile $root/other-randomfile
cp ${TEST_SCRATCH_DIR}/other-randomfile $root/other-randomfile
run_buildah unmount $cid
run_buildah commit $WITH_POLICY_JSON $cid containers-storage:new-image
@ -114,8 +114,8 @@ load helpers
}
@test "use prune to remove dangling images with parent" {
createrandom ${TESTDIR}/randomfile
createrandom ${TESTDIR}/other-randomfile
createrandom ${TEST_SCRATCH_DIR}/randomfile
createrandom ${TEST_SCRATCH_DIR}/other-randomfile
run_buildah from --quiet $WITH_POLICY_JSON scratch
cid=$output
@ -125,7 +125,7 @@ load helpers
run_buildah mount $cid
root=$output
cp ${TESTDIR}/randomfile $root/randomfile
cp ${TEST_SCRATCH_DIR}/randomfile $root/randomfile
run_buildah unmount $cid
run_buildah commit --quiet $WITH_POLICY_JSON $cid
image=$output
@ -138,7 +138,7 @@ load helpers
cid=$output
run_buildah mount $cid
root=$output
cp ${TESTDIR}/other-randomfile $root/other-randomfile
cp ${TEST_SCRATCH_DIR}/other-randomfile $root/other-randomfile
run_buildah unmount $cid
run_buildah commit $WITH_POLICY_JSON $cid
run_buildah rm $cid
@ -157,7 +157,7 @@ load helpers
@test "attempt to prune non-dangling empty images" {
# Regression test for containers/podman/issues/10832
ctxdir=${TESTDIR}/bud
ctxdir=${TEST_SCRATCH_DIR}/bud
mkdir -p $ctxdir
cat >$ctxdir/Dockerfile <<EOF
FROM scratch

70
tests/run.bats
View File

@ -7,7 +7,7 @@ load helpers
_prefetch alpine
${OCI} --version
createrandom ${TESTDIR}/randomfile
createrandom ${TEST_SCRATCH_DIR}/randomfile
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
cid=$output
run_buildah mount $cid
@ -18,10 +18,10 @@ load helpers
run_buildah config --workingdir /root $cid
run_buildah run $cid pwd
expect_output "/root"
cp ${TESTDIR}/randomfile $root/tmp/
cp ${TEST_SCRATCH_DIR}/randomfile $root/tmp/
run_buildah run $cid cp /tmp/randomfile /tmp/other-randomfile
test -s $root/tmp/other-randomfile
cmp ${TESTDIR}/randomfile $root/tmp/other-randomfile
cmp ${TEST_SCRATCH_DIR}/randomfile $root/tmp/other-randomfile
seq 100000 | buildah run $cid -- sh -c 'while read i; do echo $i; done'
}
@ -285,20 +285,20 @@ function configure_and_check_user() {
_prefetch alpine
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
cid=$output
mkdir -p ${TESTDIR}/was-empty
mkdir -p ${TEST_SCRATCH_DIR}/was-empty
# As a baseline, this should succeed.
run_buildah run -v ${TESTDIR}/was-empty:/var/not-empty${zflag:+:${zflag}} $cid touch /var/not-empty/testfile
run_buildah run -v ${TEST_SCRATCH_DIR}/was-empty:/var/not-empty${zflag:+:${zflag}} $cid touch /var/not-empty/testfile
# Parsing options that with comma, this should succeed.
run_buildah run -v ${TESTDIR}/was-empty:/var/not-empty:rw,rshared${zflag:+,${zflag}} $cid touch /var/not-empty/testfile
run_buildah run -v ${TEST_SCRATCH_DIR}/was-empty:/var/not-empty:rw,rshared${zflag:+,${zflag}} $cid touch /var/not-empty/testfile
# If we're parsing the options at all, this should be read-only, so it should fail.
run_buildah 1 run -v ${TESTDIR}/was-empty:/var/not-empty:ro${zflag:+,${zflag}} $cid touch /var/not-empty/testfile
run_buildah 1 run -v ${TEST_SCRATCH_DIR}/was-empty:/var/not-empty:ro${zflag:+,${zflag}} $cid touch /var/not-empty/testfile
# Even if the parent directory doesn't exist yet, this should succeed.
run_buildah run -v ${TESTDIR}/was-empty:/var/multi-level/subdirectory $cid touch /var/multi-level/subdirectory/testfile
run_buildah run -v ${TEST_SCRATCH_DIR}/was-empty:/var/multi-level/subdirectory $cid touch /var/multi-level/subdirectory/testfile
# And check the same for file volumes.
run_buildah run -v ${TESTDIR}/was-empty/testfile:/var/different-multi-level/subdirectory/testfile $cid touch /var/different-multi-level/subdirectory/testfile
run_buildah run -v ${TEST_SCRATCH_DIR}/was-empty/testfile:/var/different-multi-level/subdirectory/testfile $cid touch /var/different-multi-level/subdirectory/testfile
# And check the same for file volumes.
# Make sure directories show up inside of container on builtin mounts
run_buildah run -v ${TESTDIR}/was-empty:/run/secrets/testdir $cid ls -ld /run/secrets/testdir
run_buildah run -v ${TEST_SCRATCH_DIR}/was-empty:/run/secrets/testdir $cid ls -ld /run/secrets/testdir
}
@test "run overlay --volume with custom upper and workdir" {
@ -314,19 +314,19 @@ function configure_and_check_user() {
_prefetch alpine
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
cid=$output
mkdir -p ${TESTDIR}/upperdir
mkdir -p ${TESTDIR}/workdir
mkdir -p ${TESTDIR}/lower
mkdir -p ${TEST_SCRATCH_DIR}/upperdir
mkdir -p ${TEST_SCRATCH_DIR}/workdir
mkdir -p ${TEST_SCRATCH_DIR}/lower
echo 'hello' >> ${TESTDIR}/lower/hello
echo 'hello' >> ${TEST_SCRATCH_DIR}/lower/hello
# As a baseline, this should succeed.
run_buildah run -v ${TESTDIR}/lower:/test:O,upperdir=${TESTDIR}/upperdir,workdir=${TESTDIR}/workdir${zflag:+:${zflag}} $cid cat /test/hello
run_buildah run -v ${TEST_SCRATCH_DIR}/lower:/test:O,upperdir=${TEST_SCRATCH_DIR}/upperdir,workdir=${TEST_SCRATCH_DIR}/workdir${zflag:+:${zflag}} $cid cat /test/hello
expect_output "hello"
run_buildah run -v ${TESTDIR}/lower:/test:O,upperdir=${TESTDIR}/upperdir,workdir=${TESTDIR}/workdir${zflag:+:${zflag}} $cid sh -c 'echo "world" > /test/world'
run_buildah run -v ${TEST_SCRATCH_DIR}/lower:/test:O,upperdir=${TEST_SCRATCH_DIR}/upperdir,workdir=${TEST_SCRATCH_DIR}/workdir${zflag:+:${zflag}} $cid sh -c 'echo "world" > /test/world'
#upper dir should persist content
result="$(cat ${TESTDIR}/upperdir/world)"
result="$(cat ${TEST_SCRATCH_DIR}/upperdir/world)"
test "$result" == "world"
}
@ -334,7 +334,7 @@ function configure_and_check_user() {
skip_if_no_runtime
# Create source volume.
mkdir ${TESTDIR}/testdata
mkdir ${TEST_SCRATCH_DIR}/testdata
# Create the container.
_prefetch alpine
@ -342,10 +342,10 @@ function configure_and_check_user() {
ctr="$output"
# Test user can create file in the mounted volume.
run_buildah run --user 888:888 --volume ${TESTDIR}/testdata:/mnt:z,U "$ctr" touch /mnt/testfile1.txt
run_buildah run --user 888:888 --volume ${TEST_SCRATCH_DIR}/testdata:/mnt:z,U "$ctr" touch /mnt/testfile1.txt
# Test created file has correct UID and GID ownership.
run_buildah run --user 888:888 --volume ${TESTDIR}/testdata:/mnt:z,U "$ctr" stat -c "%u:%g" /mnt/testfile1.txt
run_buildah run --user 888:888 --volume ${TEST_SCRATCH_DIR}/testdata:/mnt:z,U "$ctr" stat -c "%u:%g" /mnt/testfile1.txt
expect_output "888:888"
}
@ -377,16 +377,16 @@ function configure_and_check_user() {
_prefetch alpine
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
cid=$output
mkdir -p ${TESTDIR}/was:empty
mkdir -p ${TEST_SCRATCH_DIR}/was:empty
# As a baseline, this should succeed.
run_buildah run --mount type=tmpfs,dst=/var/tmpfs-not-empty $cid touch /var/tmpfs-not-empty/testfile
run_buildah run --mount type=bind,src=${TESTDIR}/was:empty,dst=/var/not-empty,rw${zflag:+,${zflag}} $cid touch /var/not-empty/testfile
run_buildah run --mount type=bind,src=${TEST_SCRATCH_DIR}/was:empty,dst=/var/not-empty,rw${zflag:+,${zflag}} $cid touch /var/not-empty/testfile
# If we're parsing the options at all, this should be read-only, so it should fail.
run_buildah 1 run --mount type=bind,src=${TESTDIR}/was:empty,dst=/var/not-empty,ro${zflag:+,${zflag}} $cid touch /var/not-empty/testfile
run_buildah 1 run --mount type=bind,src=${TEST_SCRATCH_DIR}/was:empty,dst=/var/not-empty,ro${zflag:+,${zflag}} $cid touch /var/not-empty/testfile
# Even if the parent directory doesn't exist yet, this should succeed.
run_buildah run --mount type=bind,src=${TESTDIR}/was:empty,dst=/var/multi-level/subdirectory,rw $cid touch /var/multi-level/subdirectory/testfile
run_buildah run --mount type=bind,src=${TEST_SCRATCH_DIR}/was:empty,dst=/var/multi-level/subdirectory,rw $cid touch /var/multi-level/subdirectory/testfile
# And check the same for file volumes.
run_buildah run --mount type=bind,src=${TESTDIR}/was:empty/testfile,dst=/var/different-multi-level/subdirectory/testfile,rw $cid touch /var/different-multi-level/subdirectory/testfile
run_buildah run --mount type=bind,src=${TEST_SCRATCH_DIR}/was:empty/testfile,dst=/var/different-multi-level/subdirectory/testfile,rw $cid touch /var/different-multi-level/subdirectory/testfile
}
@test "run --mount=type=bind with from like buildkit" {
@ -429,9 +429,9 @@ function configure_and_check_user() {
_prefetch alpine
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
cid=$output
mkdir -p ${TESTDIR}/tmp
ln -s tmp ${TESTDIR}/tmp2
export TMPDIR=${TESTDIR}/tmp2
mkdir -p ${TEST_SCRATCH_DIR}/tmp
ln -s tmp ${TEST_SCRATCH_DIR}/tmp2
export TMPDIR=${TEST_SCRATCH_DIR}/tmp2
run_buildah run $cid id
}
@ -469,9 +469,9 @@ function configure_and_check_user() {
# we need to not use the list of limits that are set in our default
# ${TEST_SOURCES}/containers.conf for the sake of other tests, and override
# any that might be picked up from system-wide configuration
echo '[containers]' > ${TESTDIR}/containers.conf
echo 'default_ulimits = []' >> ${TESTDIR}/containers.conf
export CONTAINERS_CONF=${TESTDIR}/containers.conf
echo '[containers]' > ${TEST_SCRATCH_DIR}/containers.conf
echo 'default_ulimits = []' >> ${TEST_SCRATCH_DIR}/containers.conf
export CONTAINERS_CONF=${TEST_SCRATCH_DIR}/containers.conf
_prefetch alpine
maxpids=$(cat /proc/sys/kernel/pid_max)
@ -618,9 +618,9 @@ function configure_and_check_user() {
hosts="127.0.0.5 host1
127.0.0.6 host2"
base_hosts_file="$TESTDIR/base_hosts"
base_hosts_file="$TEST_SCRATCH_DIR/base_hosts"
echo "$hosts" > "$base_hosts_file"
containers_conf_file="$TESTDIR/containers.conf"
containers_conf_file="$TEST_SCRATCH_DIR/containers.conf"
echo -e "[containers]\nbase_hosts_file = \"$base_hosts_file\"" > "$containers_conf_file"
CONTAINERS_CONF="$containers_conf_file" run_buildah run --hostname $hostname $cid cat /etc/hosts
expect_output --substring "127.0.0.5[[:blank:]]host1"
@ -757,7 +757,7 @@ $output"
_prefetch alpine
# Use seccomp to make crun output a warning message because crun writes few logs.
cat > ${TESTDIR}/seccomp.json << _EOF
cat > ${TEST_SCRATCH_DIR}/seccomp.json << _EOF
{
"defaultAction": "SCMP_ACT_ALLOW",
"syscalls": [
@ -768,7 +768,7 @@ $output"
]
}
_EOF
run_buildah from --security-opt seccomp=${TESTDIR}/seccomp.json --quiet --pull=false $WITH_POLICY_JSON alpine
run_buildah from --security-opt seccomp=${TEST_SCRATCH_DIR}/seccomp.json --quiet --pull=false $WITH_POLICY_JSON alpine
cid=$output
local found_runtime=

44
tests/sign.bats
View File

@ -7,7 +7,7 @@ function _gpg_setup() {
skip 'gpg command not found in $PATH'
fi
export GNUPGHOME=${TESTDIR}/.gnupg
export GNUPGHOME=${TEST_SCRATCH_DIR}/.gnupg
mkdir -p --mode=0700 $GNUPGHOME
# gpg on f30 and above needs this, otherwise:
@ -18,7 +18,7 @@ function _gpg_setup() {
GPGOPTS=
fi
cat > ${TESTDIR}/genkey-answers <<- EOF
cat > ${TEST_SCRATCH_DIR}/genkey-answers <<- EOF
%echo Generating a basic OpenPGP key
Key-Type: RSA
Key-Length: 2048
@ -28,7 +28,7 @@ function _gpg_setup() {
%commit
%echo done
EOF
gpg --batch $GPGOPTS --gen-key --passphrase '' < ${TESTDIR}/genkey-answers
gpg --batch $GPGOPTS --gen-key --passphrase '' < ${TEST_SCRATCH_DIR}/genkey-answers
}
@ -36,25 +36,25 @@ function _gpg_setup() {
_gpg_setup
_prefetch alpine
mkdir -p ${TESTDIR}/signed-image ${TESTDIR}/unsigned-image
mkdir -p ${TEST_SCRATCH_DIR}/signed-image ${TEST_SCRATCH_DIR}/unsigned-image
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
cid=$output
run_buildah commit $WITH_POLICY_JSON --sign-by amanda@localhost $cid signed-alpine-image
# Pushing should preserve the signature.
run_buildah push $WITH_POLICY_JSON signed-alpine-image dir:${TESTDIR}/signed-image
ls -l ${TESTDIR}/signed-image/
test -s ${TESTDIR}/signed-image/signature-1
run_buildah push $WITH_POLICY_JSON signed-alpine-image dir:${TEST_SCRATCH_DIR}/signed-image
ls -l ${TEST_SCRATCH_DIR}/signed-image/
test -s ${TEST_SCRATCH_DIR}/signed-image/signature-1
# Pushing with --remove-signatures should remove the signature.
run_buildah push $WITH_POLICY_JSON --remove-signatures signed-alpine-image dir:${TESTDIR}/unsigned-image
ls -l ${TESTDIR}/unsigned-image/
! test -s ${TESTDIR}/unsigned-image/signature-1
run_buildah push $WITH_POLICY_JSON --remove-signatures signed-alpine-image dir:${TEST_SCRATCH_DIR}/unsigned-image
ls -l ${TEST_SCRATCH_DIR}/unsigned-image/
! test -s ${TEST_SCRATCH_DIR}/unsigned-image/signature-1
run_buildah commit $WITH_POLICY_JSON $cid unsigned-alpine-image
# Pushing with --sign-by should fail add the signature to a dir: location, if it tries to add them.
run_buildah 125 push $WITH_POLICY_JSON --sign-by amanda@localhost unsigned-alpine-image dir:${TESTDIR}/signed-image
run_buildah 125 push $WITH_POLICY_JSON --sign-by amanda@localhost unsigned-alpine-image dir:${TEST_SCRATCH_DIR}/signed-image
expect_output --substring "Cannot determine canonical Docker reference"
# Clear out images, so that we don't have leftover signatures when we pull in an image that will end up
@ -62,24 +62,24 @@ function _gpg_setup() {
run_buildah rmi -a -f
# Pulling with --remove-signatures should remove signatures, and pushing should have none to keep.
run_buildah pull $WITH_POLICY_JSON --quiet dir:${TESTDIR}/signed-image
run_buildah pull $WITH_POLICY_JSON --quiet dir:${TEST_SCRATCH_DIR}/signed-image
imageID="$output"
run_buildah push $WITH_POLICY_JSON "$imageID" dir:${TESTDIR}/unsigned-image
ls -l ${TESTDIR}/unsigned-image/
! test -s ${TESTDIR}/unsigned-image/signature-1
run_buildah push $WITH_POLICY_JSON "$imageID" dir:${TEST_SCRATCH_DIR}/unsigned-image
ls -l ${TEST_SCRATCH_DIR}/unsigned-image/
! test -s ${TEST_SCRATCH_DIR}/unsigned-image/signature-1
# Build a manifest list and try to push the list with signatures.
run_buildah manifest create list
run_buildah manifest add list $imageID
run_buildah 125 manifest push $WITH_POLICY_JSON --sign-by amanda@localhost --all list dir:${TESTDIR}/signed-image
run_buildah 125 manifest push $WITH_POLICY_JSON --sign-by amanda@localhost --all list dir:${TEST_SCRATCH_DIR}/signed-image
expect_output --substring "Cannot determine canonical Docker reference"
run_buildah manifest push $WITH_POLICY_JSON --all list dir:${TESTDIR}/unsigned-image
run_buildah manifest push $WITH_POLICY_JSON --all list dir:${TEST_SCRATCH_DIR}/unsigned-image
}
@test "build-with-dockerfile-signatures" {
_gpg_setup
builddir=${TESTDIR}/builddir
builddir=${TEST_SCRATCH_DIR}/builddir
mkdir -p $builddir
cat > ${builddir}/Dockerfile <<- EOF
FROM scratch
@ -89,9 +89,9 @@ function _gpg_setup() {
# We should be able to sign at build-time.
run_buildah bud $WITH_POLICY_JSON --sign-by amanda@localhost -t signed-scratch-image ${builddir}
mkdir -p ${TESTDIR}/signed-image
mkdir -p ${TEST_SCRATCH_DIR}/signed-image
# Pushing should preserve the signature.
run_buildah push $WITH_POLICY_JSON signed-scratch-image dir:${TESTDIR}/signed-image
ls -l ${TESTDIR}/signed-image/
test -s ${TESTDIR}/signed-image/signature-1
run_buildah push $WITH_POLICY_JSON signed-scratch-image dir:${TEST_SCRATCH_DIR}/signed-image
ls -l ${TEST_SCRATCH_DIR}/signed-image/
test -s ${TEST_SCRATCH_DIR}/signed-image/signature-1
}

24
tests/source.bats
View File

@ -4,7 +4,7 @@ load helpers
@test "source create" {
# Create an empty source image and make sure it's properly initialized
srcdir=${TESTDIR}/newsource
srcdir=${TEST_SCRATCH_DIR}/newsource
run_buildah source create --author="Buildah authors" $srcdir
# Inspect the index.json
@ -52,7 +52,7 @@ load helpers
@test "source add" {
# Create an empty source image and make sure it's properly initialized.
srcdir=${TESTDIR}/newsource
srcdir=${TEST_SCRATCH_DIR}/newsource
run_buildah source create $srcdir
# Digest of initial manifest
@ -62,8 +62,8 @@ load helpers
[ "$status" -eq 0 ]
# Add layer 1
echo 111 > ${TESTDIR}/file1
run_buildah source add $srcdir ${TESTDIR}/file1
echo 111 > ${TEST_SCRATCH_DIR}/file1
run_buildah source add $srcdir ${TEST_SCRATCH_DIR}/file1
# Make sure the digest of the manifest changed
run jq -r .manifests[0].digest $srcdir/index.json
manifestDigestFile1=${output//sha256:/} # strip off the sha256 prefix
@ -82,8 +82,8 @@ load helpers
expect_output --substring "$layer1Size"
# Add layer 2
echo 222222aBitLongerForAdifferentSize > ${TESTDIR}/file2
run_buildah source add $srcdir ${TESTDIR}/file2
echo 222222aBitLongerForAdifferentSize > ${TEST_SCRATCH_DIR}/file2
run_buildah source add $srcdir ${TEST_SCRATCH_DIR}/file2
# Make sure the digest of the manifest changed
run jq -r .manifests[0].digest $srcdir/index.json
manifestDigestFile2=${output//sha256:/} # strip off the sha256 prefix
@ -115,20 +115,20 @@ load helpers
@test "source push/pull" {
# Create an empty source image and make sure it's properly initialized.
srcdir=${TESTDIR}/newsource
srcdir=${TEST_SCRATCH_DIR}/newsource
run_buildah source create $srcdir
# Add two layers
echo 111 > ${TESTDIR}/file1
run_buildah source add $srcdir ${TESTDIR}/file1
echo 222... > ${TESTDIR}/file2
run_buildah source add $srcdir ${TESTDIR}/file2
echo 111 > ${TEST_SCRATCH_DIR}/file1
run_buildah source add $srcdir ${TEST_SCRATCH_DIR}/file1
echo 222... > ${TEST_SCRATCH_DIR}/file2
run_buildah source add $srcdir ${TEST_SCRATCH_DIR}/file2
start_registry
run_buildah source push --tls-verify=false --creds testuser:testpassword $srcdir localhost:${REGISTRY_PORT}/source:test
pulldir=${TESTDIR}/pulledsource
pulldir=${TEST_SCRATCH_DIR}/pulledsource
run_buildah source pull --tls-verify=false --creds testuser:testpassword localhost:${REGISTRY_PORT}/source:test $pulldir
run diff -r $srcdir $pulldir

62
tests/squash.bats
View File

@ -17,13 +17,13 @@ function check_lengths() {
}
@test "squash" {
createrandom ${TESTDIR}/randomfile
createrandom ${TEST_SCRATCH_DIR}/randomfile
run_buildah from scratch
cid=$output
image=stage0
remove=(8 5)
for stage in $(seq 10) ; do
run_buildah copy "$cid" ${TESTDIR}/randomfile /layer${stage}
run_buildah copy "$cid" ${TEST_SCRATCH_DIR}/randomfile /layer${stage}
image=stage${stage}
if test $stage -eq ${remove[0]} ; then
run_buildah mount "$cid"
@ -51,30 +51,30 @@ function check_lengths() {
fi
continue
fi
cmp $mountpoint/layer${stage} ${TESTDIR}/randomfile
cmp $mountpoint/layer${stage} ${TEST_SCRATCH_DIR}/randomfile
done
}
@test "squash-using-dockerfile" {
createrandom ${TESTDIR}/randomfile
createrandom ${TEST_SCRATCH_DIR}/randomfile
image=stage0
from=scratch
for stage in $(seq 10) ; do
mkdir -p ${TESTDIR}/stage${stage}
echo FROM ${from} > ${TESTDIR}/stage${stage}/Dockerfile
cp ${TESTDIR}/randomfile ${TESTDIR}/stage${stage}/
echo COPY randomfile /layer${stage} >> ${TESTDIR}/stage${stage}/Dockerfile
mkdir -p ${TEST_SCRATCH_DIR}/stage${stage}
echo FROM ${from} > ${TEST_SCRATCH_DIR}/stage${stage}/Dockerfile
cp ${TEST_SCRATCH_DIR}/randomfile ${TEST_SCRATCH_DIR}/stage${stage}/
echo COPY randomfile /layer${stage} >> ${TEST_SCRATCH_DIR}/stage${stage}/Dockerfile
image=stage${stage}
from=${image}
run_buildah build-using-dockerfile $WITH_POLICY_JSON -t ${image} ${TESTDIR}/stage${stage}
run_buildah build-using-dockerfile $WITH_POLICY_JSON -t ${image} ${TEST_SCRATCH_DIR}/stage${stage}
check_lengths $image $stage
done
mkdir -p ${TESTDIR}/squashed
echo FROM ${from} > ${TESTDIR}/squashed/Dockerfile
cp ${TESTDIR}/randomfile ${TESTDIR}/squashed/
echo COPY randomfile /layer-squashed >> ${TESTDIR}/stage${stage}/Dockerfile
run_buildah build-using-dockerfile $WITH_POLICY_JSON --squash -t squashed ${TESTDIR}/squashed
mkdir -p ${TEST_SCRATCH_DIR}/squashed
echo FROM ${from} > ${TEST_SCRATCH_DIR}/squashed/Dockerfile
cp ${TEST_SCRATCH_DIR}/randomfile ${TEST_SCRATCH_DIR}/squashed/
echo COPY randomfile /layer-squashed >> ${TEST_SCRATCH_DIR}/stage${stage}/Dockerfile
run_buildah build-using-dockerfile $WITH_POLICY_JSON --squash -t squashed ${TEST_SCRATCH_DIR}/squashed
check_lengths squashed 1
@ -83,46 +83,46 @@ function check_lengths() {
run_buildah mount $cid
mountpoint=$output
for stage in $(seq 10) ; do
cmp $mountpoint/layer${stage} ${TESTDIR}/randomfile
cmp $mountpoint/layer${stage} ${TEST_SCRATCH_DIR}/randomfile
done
run_buildah build-using-dockerfile $WITH_POLICY_JSON --squash --layers -t squashed ${TESTDIR}/squashed
run_buildah build-using-dockerfile $WITH_POLICY_JSON --squash --layers -t squashed ${TEST_SCRATCH_DIR}/squashed
run_buildah inspect -t image -f '{{len .Docker.RootFS.DiffIDs}}' squashed
expect_output "1" "len(DiffIDs) - simple image"
echo FROM ${from} > ${TESTDIR}/squashed/Dockerfile
run_buildah build-using-dockerfile $WITH_POLICY_JSON --squash -t squashed ${TESTDIR}/squashed
echo FROM ${from} > ${TEST_SCRATCH_DIR}/squashed/Dockerfile
run_buildah build-using-dockerfile $WITH_POLICY_JSON --squash -t squashed ${TEST_SCRATCH_DIR}/squashed
run_buildah inspect -t image -f '{{len .Docker.RootFS.DiffIDs}}' squashed
expect_output "1" "len(DiffIDs) - image with FROM"
echo USER root >> ${TESTDIR}/squashed/Dockerfile
run_buildah build-using-dockerfile $WITH_POLICY_JSON --squash -t squashed ${TESTDIR}/squashed
echo USER root >> ${TEST_SCRATCH_DIR}/squashed/Dockerfile
run_buildah build-using-dockerfile $WITH_POLICY_JSON --squash -t squashed ${TEST_SCRATCH_DIR}/squashed
run_buildah inspect -t image -f '{{len .Docker.RootFS.DiffIDs}}' squashed
expect_output "1" "len(DiffIDs) - image with FROM and USER"
echo COPY file / >> ${TESTDIR}/squashed/Dockerfile
echo COPY file / > ${TESTDIR}/squashed/file
run_buildah build-using-dockerfile $WITH_POLICY_JSON --squash -t squashed ${TESTDIR}/squashed
echo COPY file / >> ${TEST_SCRATCH_DIR}/squashed/Dockerfile
echo COPY file / > ${TEST_SCRATCH_DIR}/squashed/file
run_buildah build-using-dockerfile $WITH_POLICY_JSON --squash -t squashed ${TEST_SCRATCH_DIR}/squashed
run_buildah inspect -t image -f '{{len .Docker.RootFS.DiffIDs}}' squashed
expect_output "1" "len(DiffIDs) - image with FROM, USER, and 2xCOPY"
echo FROM ${from} > ${TESTDIR}/squashed/Dockerfile
run_buildah build-using-dockerfile $WITH_POLICY_JSON --squash --layers -t squashed ${TESTDIR}/squashed
echo FROM ${from} > ${TEST_SCRATCH_DIR}/squashed/Dockerfile
run_buildah build-using-dockerfile $WITH_POLICY_JSON --squash --layers -t squashed ${TEST_SCRATCH_DIR}/squashed
run_buildah inspect -t image -f '{{len .Docker.RootFS.DiffIDs}}' squashed
expect_output "1" "len(DiffIDs) - image with FROM (--layers)"
echo USER root >> ${TESTDIR}/squashed/Dockerfile
run_buildah build-using-dockerfile $WITH_POLICY_JSON --squash -t squashed ${TESTDIR}/squashed
echo USER root >> ${TEST_SCRATCH_DIR}/squashed/Dockerfile
run_buildah build-using-dockerfile $WITH_POLICY_JSON --squash -t squashed ${TEST_SCRATCH_DIR}/squashed
run_buildah inspect -t image -f '{{len .Docker.RootFS.DiffIDs}}' squashed
expect_output "1" "len(DiffIDs) - image with FROM and USER (--layers)"
echo COPY file / >> ${TESTDIR}/squashed/Dockerfile
echo COPY file / > ${TESTDIR}/squashed/file
run_buildah build-using-dockerfile $WITH_POLICY_JSON --squash -t squashed ${TESTDIR}/squashed
echo COPY file / >> ${TEST_SCRATCH_DIR}/squashed/Dockerfile
echo COPY file / > ${TEST_SCRATCH_DIR}/squashed/file
run_buildah build-using-dockerfile $WITH_POLICY_JSON --squash -t squashed ${TEST_SCRATCH_DIR}/squashed
run_buildah inspect -t image -f '{{len .Docker.RootFS.DiffIDs}}' squashed
expect_output "1" "len(DiffIDs) - image with FROM, USER, and 2xCOPY (--layers)"
run_buildah build-using-dockerfile $WITH_POLICY_JSON --squash --format docker -t squashed ${TESTDIR}/squashed
run_buildah build-using-dockerfile $WITH_POLICY_JSON --squash --format docker -t squashed ${TEST_SCRATCH_DIR}/squashed
run_buildah inspect -t image -f '{{.Docker.Parent}}' squashed
expect_output "" "should have no parent image set"
}

8
tests/ssh.bats
View File

@ -16,7 +16,7 @@ function teardown(){
@test "bud with ssh key" {
_prefetch alpine
mytmpdir=${TESTDIR}/my-dir1
mytmpdir=${TEST_SCRATCH_DIR}/my-dir1
mkdir -p ${mytmpdir}
ssh-keygen -b 2048 -t rsa -f $mytmpdir/sshkey -q -N ""
fingerprint=$(ssh-keygen -l -f $mytmpdir/sshkey -E md5 | awk '{ print $2; }')
@ -33,7 +33,7 @@ function teardown(){
@test "bud with ssh key secret accessed on second RUN" {
_prefetch alpine
mytmpdir=${TESTDIR}/my-dir1
mytmpdir=${TEST_SCRATCH_DIR}/my-dir1
mkdir -p ${mytmpdir}
ssh-keygen -b 2048 -t rsa -f $mytmpdir/sshkey -q -N ""
fingerprint=$(ssh-keygen -l -f $mytmpdir/sshkey -E md5 | awk '{ print $2; }')
@ -45,7 +45,7 @@ function teardown(){
@test "bud with containerfile ssh options" {
_prefetch alpine
mytmpdir=${TESTDIR}/my-dir1
mytmpdir=${TEST_SCRATCH_DIR}/my-dir1
mkdir -p ${mytmpdir}
ssh-keygen -b 2048 -t rsa -f $mytmpdir/sshkey -q -N ""
fingerprint=$(ssh-keygen -l -f $mytmpdir/sshkey -E md5 | awk '{ print $2; }')
@ -59,7 +59,7 @@ function teardown(){
@test "bud with ssh sock" {
_prefetch alpine
mytmpdir=${TESTDIR}/my-dir1
mytmpdir=${TEST_SCRATCH_DIR}/my-dir1
mkdir -p ${mytmpdir}
ssh-keygen -b 2048 -t rsa -f $mytmpdir/sshkey -q -N ""
fingerprint=$(ssh-keygen -l -f $mytmpdir/sshkey -E md5 | awk '{ print $2; }')

24
tests/subscriptions.bats
View File

@ -6,7 +6,7 @@ load helpers
skip_if_no_runtime
# Setup
SECRETS_DIR=$TESTDIR/rhel/secrets
SECRETS_DIR=$TEST_SCRATCH_DIR/rhel/secrets
mkdir -p $SECRETS_DIR
TESTFILE1=$SECRETS_DIR/test.txt
@ -17,20 +17,20 @@ load helpers
touch $TESTFILE2
chmod 604 $TESTFILE2
TESTDIR1=$SECRETS_DIR/test-dir
mkdir -m704 $TESTDIR1
TEST_SCRATCH_DIR1=$SECRETS_DIR/test-dir
mkdir -m704 $TEST_SCRATCH_DIR1
TESTFILE3=$TESTDIR1/file.txt
TESTFILE3=$TEST_SCRATCH_DIR1/file.txt
touch $TESTFILE3
chmod 777 $TESTFILE3
mkdir -p $TESTDIR/symlink/target
touch $TESTDIR/symlink/target/key.pem
ln -s $TESTDIR/symlink/target $SECRETS_DIR/mysymlink
mkdir -p $TEST_SCRATCH_DIR/symlink/target
touch $TEST_SCRATCH_DIR/symlink/target/key.pem
ln -s $TEST_SCRATCH_DIR/symlink/target $SECRETS_DIR/mysymlink
# prepare the test mounts file
mkdir $TESTDIR/containers
MOUNTS_PATH=$TESTDIR/containers/mounts.conf
mkdir $TEST_SCRATCH_DIR/containers
MOUNTS_PATH=$TEST_SCRATCH_DIR/containers/mounts.conf
# add the mounts entries
echo "$SECRETS_DIR:/run/secrets" > $MOUNTS_PATH
@ -49,7 +49,7 @@ load helpers
expect_output --substring "test.txt"
# test a mount without destination
run_buildah run $cid ls "$TESTDIR"/rhel/secrets
run_buildah run $cid ls "$TEST_SCRATCH_DIR"/rhel/secrets
expect_output --substring "test.txt"
# test a file-based mount
@ -68,14 +68,14 @@ load helpers
run_buildah run $cid stat -c %a /run/secrets/test-dir/file.txt
expect_output 777
cat > $TESTDIR/Containerfile << _EOF
cat > $TEST_SCRATCH_DIR/Containerfile << _EOF
from alpine
run stat -c %a /run/secrets/file.txt
run stat -c %a /run/secrets/test-dir
run stat -c %a /run/secrets/test-dir/file.txt
_EOF
run_buildah --default-mounts-file "$MOUNTS_PATH" bud $TESTDIR
run_buildah --default-mounts-file "$MOUNTS_PATH" bud $TEST_SCRATCH_DIR
expect_output --substring "604"
expect_output --substring "704"
expect_output --substring "777"