diff --git a/.cirrus.yml b/.cirrus.yml index ee21557f27..4a185b92fa 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -26,20 +26,20 @@ env: #### #### Cache-image names to test with (double-quotes around names are critical) #### - FEDORA_NAME: "fedora-37" ### c20230120t152650z-f37f36u2204 - FEDORA_AARCH64_NAME: "${FEDORA_NAME}-aarch64" ### c20230120t152650z-f37f36u2204 - PRIOR_FEDORA_NAME: "fedora-36" ### c20230120t152650z-f37f36u2204 - #UBUNTU_NAME: "ubuntu-2204" ### c20230120t152650z-f37f36u2204 + FEDORA_NAME: "fedora-37" + FEDORA_AARCH64_NAME: "${FEDORA_NAME}-aarch64" + PRIOR_FEDORA_NAME: "fedora-36" + DEBIAN_NAME: "debian-12" # Image identifiers - IMAGE_SUFFIX: "c20230120t152650z-f37f36u2204" + IMAGE_SUFFIX: "c20230221t162829z-f37f36d12" # EC2 images FEDORA_AMI: "fedora-aws-${IMAGE_SUFFIX}" FEDORA_AARCH64_AMI: "fedora-podman-aws-arm64-${IMAGE_SUFFIX}" # GCP Images FEDORA_CACHE_IMAGE_NAME: "fedora-${IMAGE_SUFFIX}" PRIOR_FEDORA_CACHE_IMAGE_NAME: "prior-fedora-${IMAGE_SUFFIX}" - #UBUNTU_CACHE_IMAGE_NAME: "ubuntu-${IMAGE_SUFFIX}" + DEBIAN_CACHE_IMAGE_NAME: "debian-${IMAGE_SUFFIX}" # Container FQIN's FEDORA_CONTAINER_FQIN: "quay.io/libpod/fedora_podman:${IMAGE_SUFFIX}" PRIOR_FEDORA_CONTAINER_FQIN: "quay.io/libpod/prior-fedora_podman:${IMAGE_SUFFIX}" @@ -52,7 +52,7 @@ env: TEST_ENVIRON: host # 'host', or 'container' PODBIN_NAME: podman # 'podman' or 'remote' PRIV_NAME: root # 'root' or 'rootless' - DISTRO_NV: # any {PRIOR_,}{FEDORA,UBUNTU}_NAME value + DISTRO_NV: # any {PRIOR_,}{FEDORA,DEBIAN}_NAME value VM_IMAGE_NAME: # One of the "Google-cloud VM Images" (above) CTR_FQIN: # One of the "Container FQIN's" (above) @@ -109,12 +109,11 @@ build_task: CTR_FQIN: ${PRIOR_FEDORA_CONTAINER_FQIN} CI_DESIRED_RUNTIME: crun CI_DESIRED_NETWORK: cni - #- env: &ubuntu_envvars - # DISTRO_NV: ${UBUNTU_NAME} - # VM_IMAGE_NAME: ${UBUNTU_CACHE_IMAGE_NAME} - # CTR_FQIN: ${UBUNTU_CONTAINER_FQIN} - # CI_DESIRED_RUNTIME: runc - # CI_DESIRED_NETWORK: whatever + - env: &debian_envvars + DISTRO_NV: ${DEBIAN_NAME} + VM_IMAGE_NAME: ${DEBIAN_CACHE_IMAGE_NAME} + CI_DESIRED_RUNTIME: runc + CI_DESIRED_NETWORK: netavark env: TEST_FLAVOR: build # NOTE: The default way Cirrus-CI clones is *NOT* compatible with @@ -943,11 +942,10 @@ meta_task: image: quay.io/libpod/imgts:latest env: # Space-separated list of images used by this repository state - # DISABLED: - # ${UBUNTU_CACHE_IMAGE_NAME} IMGNAMES: >- ${FEDORA_CACHE_IMAGE_NAME} ${PRIOR_FEDORA_CACHE_IMAGE_NAME} + ${DEBIAN_CACHE_IMAGE_NAME} build-push-${IMAGE_SUFFIX} EC2IMGNAMES: >- ${FEDORA_AARCH64_AMI} diff --git a/Makefile b/Makefile index b1aaf8d5ed..7bb75a6747 100644 --- a/Makefile +++ b/Makefile @@ -20,6 +20,8 @@ ### Variables & Definitions ### +# Default shell `/bin/sh` has different meanings depending on the platform. +SHELL := /bin/bash GO ?= go GO_LDFLAGS:= $(shell if $(GO) version|grep -q gccgo ; then echo "-gccgoflags"; else echo "-ldflags"; fi) GOCMD = CGO_ENABLED=$(CGO_ENABLED) GOOS=$(GOOS) GOARCH=$(GOARCH) $(GO) diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh index 6adec80add..edac709170 100644 --- a/contrib/cirrus/lib.sh +++ b/contrib/cirrus/lib.sh @@ -204,6 +204,14 @@ install_test_configs() { } use_cni() { + req_env_vars OS_RELEASE_ID PACKAGE_DOWNLOAD_DIR SCRIPT_BASE + # Defined by common automation library + # shellcheck disable=SC2154 + if [[ "$OS_RELEASE_ID" =~ "debian" ]]; then + # Supporting it involves swapping the rpm & dnf commands below + die "Testing debian w/ CNI networking currently not supported" + fi + msg "Unsetting NETWORK_BACKEND for all subsequent environments." echo "export -n NETWORK_BACKEND" >> /etc/ci_environment echo "unset NETWORK_BACKEND" >> /etc/ci_environment @@ -238,6 +246,7 @@ use_cni() { } use_netavark() { + req_env_vars OS_RELEASE_ID PRIOR_FEDORA_NAME DISTRO_NV local magickind repokind msg "Forcing NETWORK_BACKEND=netavark for all subsequent environments." echo "NETWORK_BACKEND=netavark" >> /etc/ci_environment @@ -251,7 +260,9 @@ use_netavark() { # See ./contrib/cirrus/CIModes.md. # Vars defined by cirrus-ci # shellcheck disable=SC2154 - if [[ "$CIRRUS_CHANGE_TITLE" =~ CI:[AN]V[AN]V= ]]; then + if [[ ! "$OS_RELEASE_ID" =~ "debian" ]] && \ + [[ "$CIRRUS_CHANGE_TITLE" =~ CI:[AN]V[AN]V= ]] + then # shellcheck disable=SC2154 if [[ "$CIRRUS_PR_DRAFT" != "true" ]]; then die "Magic 'CI:NVAV=*' string can only be used on DRAFT PRs" @@ -306,7 +317,7 @@ remove_packaged_podman_files() { # OS_RELEASE_ID is defined by automation-library # shellcheck disable=SC2154 - if [[ "$OS_RELEASE_ID" =~ "ubuntu" ]] + if [[ "$OS_RELEASE_ID" =~ "debian" ]] then LISTING_CMD="dpkg-query -L podman" else diff --git a/contrib/cirrus/logcollector.sh b/contrib/cirrus/logcollector.sh index 0a2edfa7ab..4d7567426a 100755 --- a/contrib/cirrus/logcollector.sh +++ b/contrib/cirrus/logcollector.sh @@ -25,7 +25,7 @@ showrun() { case $1 in audit) case $OS_RELEASE_ID in - ubuntu) showrun cat /var/log/kern.log ;; + debian) showrun cat /var/log/kern.log ;; fedora) showrun cat /var/log/audit/audit.log ;; *) bad_os_id_ver ;; esac @@ -34,7 +34,7 @@ case $1 in journal) showrun journalctl -b ;; podman) showrun ./bin/podman system info ;; packages) - # These names are common to Fedora and Ubuntu + # These names are common to Fedora and Debian PKG_NAMES=(\ conmon containernetworking-plugins @@ -59,7 +59,7 @@ case $1 in passt ) ;; - ubuntu) + debian) cat /etc/issue PKG_LST_CMD='dpkg-query --show --showformat=${Package}-${Version}-${Architecture}\n' PKG_NAMES+=(\ diff --git a/contrib/cirrus/setup_environment.sh b/contrib/cirrus/setup_environment.sh index 566dc87343..dcdb65bf5e 100755 --- a/contrib/cirrus/setup_environment.sh +++ b/contrib/cirrus/setup_environment.sh @@ -56,9 +56,13 @@ echo -e "\n# Begin single-use VM global variables (${BASH_SOURCE[0]})" \ done <<<"$(passthrough_envars)" ) >> "/etc/ci_environment" -# This is a possible manual maintenance gaff, check to be sure everything matches. +# This is a possible manual maintenance gaff, i.e. forgetting to update a +# *_NAME variable in .cirrus.yml. check to be sure at least one comparison +# matches the actual OS being run. Ignore details, such as debian point-release +# number and/or '-aarch64' suffix. # shellcheck disable=SC2154 -[[ "$DISTRO_NV" =~ $OS_REL_VER ]] || \ +grep -q "$DISTRO_NV" <<<"$OS_REL_VER" || \ + grep -q "$OS_REL_VER" <<<"$DISTRO_NV" || \ die "Automation spec. '$DISTRO_NV'; actual host '$OS_REL_VER'" # Only allow this script to execute once @@ -118,7 +122,7 @@ fi # Which distribution are we testing on. case "$OS_RELEASE_ID" in - ubuntu) ;; + debian) ;; fedora) if ((CONTAINER==0)); then # All SELinux distros need this for systemd-in-a-container @@ -352,64 +356,6 @@ case "$TEST_FLAVOR" in make install PREFIX=/usr ETCDIR=/etc install_test_configs ;; - gitlab) - # ***WARNING*** ***WARNING*** ***WARNING*** ***WARNING*** - # This sets up a special ubuntu environment exclusively for - # running the upstream gitlab-runner unit tests through - # podman as a drop-in replacement for the Docker daemon. - # Test and setup information can be found here: - # https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27270#note_499585550 - # - # Unless you know what you're doing, and/or are in contact - # with the upstream gitlab-runner developers/community, - # please don't make changes willy-nilly to this setup. - # It's designed to follow upstream gitlab-runner development - # and alert us if any podman change breaks their foundation. - # - # That said, if this task does break in strange ways or requires - # updates you're unsure of. Please consult with the upstream - # community through an issue near the one linked above. If - # an extended period of breakage is expected, please un-comment - # the related `allow_failures: $CI == $CI` line in `.cirrus.yml`. - # ***WARNING*** ***WARNING*** ***WARNING*** ***WARNING*** - - if [[ "$OS_RELEASE_ID" != "ubuntu" ]]; then - die "This test only runs on Ubuntu due to sheer laziness" - fi - - remove_packaged_podman_files - make install PREFIX=/usr ETCDIR=/etc - - msg "Installing docker and containerd" - # N/B: Tests check/expect `docker info` output, and this `!= podman info` - ooe.sh dpkg -i \ - $PACKAGE_DOWNLOAD_DIR/containerd.io*.deb \ - $PACKAGE_DOWNLOAD_DIR/docker-ce*.deb - - msg "Disabling docker service and socket activation" - systemctl stop docker.service docker.socket - systemctl disable docker.service docker.socket - rm -rf /run/docker* - # Guarantee the docker daemon can't be started, even by accident - rm -vf $(type -P dockerd) - - msg "Recursively chowning source to $ROOTLESS_USER" - chown -R $ROOTLESS_USER:$ROOTLESS_USER "$GOPATH" "$GOSRC" - - msg "Obtaining necessary gitlab-runner testing bits" - slug="gitlab.com/gitlab-org/gitlab-runner" - helper_fqin="registry.gitlab.com/gitlab-org/gitlab-runner/gitlab-runner-helper:x86_64-latest-pwsh" - ssh="ssh $ROOTLESS_USER@localhost -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o CheckHostIP=no env GOPATH=$GOPATH" - showrun $ssh go install github.com/jstemmer/go-junit-report/v2@v2.0.0 - showrun $ssh git clone https://$slug $GOPATH/src/$slug - showrun $ssh make -C $GOPATH/src/$slug development_setup - showrun $ssh bash -c "'cd $GOPATH/src/$slug && GOPATH=$GOPATH go get .'" - - showrun $ssh podman pull $helper_fqin - # Tests expect image with this exact name - showrun $ssh podman tag $helper_fqin \ - docker.io/gitlab/gitlab-runner-helper:x86_64-latest-pwsh - ;; swagger) make .install.swagger ;; diff --git a/test/buildah-bud/apply-podman-deltas b/test/buildah-bud/apply-podman-deltas index 06d69ed034..0d3aef1581 100755 --- a/test/buildah-bud/apply-podman-deltas +++ b/test/buildah-bud/apply-podman-deltas @@ -249,5 +249,12 @@ skip_if_remote "different error messages between podman & podman-remote" \ # END tests which are skipped due to actual podman or podman-remote bugs. ############################################################################### +# BEGIN temporary workarounds that must be reevaluated periodically + +skip "Test is completely broken, see buildah issue 4396" \ + "bud-multiple-platform-values" + +# END temporary workarounds that must be reevaluated periodically +############################################################################### exit $RC diff --git a/test/e2e/common_test.go b/test/e2e/common_test.go index 39011644e4..174f042c90 100644 --- a/test/e2e/common_test.go +++ b/test/e2e/common_test.go @@ -679,6 +679,13 @@ func checkReason(reason string) { } } +func SkipIfRunc(p *PodmanTestIntegration, reason string) { + checkReason(reason) + if p.OCIRuntime == "runc" { + Skip("[runc]: " + reason) + } +} + func SkipIfRootlessCgroupsV1(reason string) { checkReason(reason) if isRootless() && !CGROUPSV2 { diff --git a/test/e2e/play_kube_test.go b/test/e2e/play_kube_test.go index 3b769f6278..eaa29adef4 100644 --- a/test/e2e/play_kube_test.go +++ b/test/e2e/play_kube_test.go @@ -4700,6 +4700,7 @@ ENV OPENJ9_JAVA_OPTIONS=%q }) It("podman play kube with disabled cgroup", func() { + SkipIfRunc(podmanTest, "Test not supported with runc, see issue #17436") conffile := filepath.Join(podmanTest.TempDir, "container.conf") // Disabled ipcns and cgroupfs in the config file // Since shmsize (Inherit from infra container) cannot be set if ipcns is "host", we should remove the default value. diff --git a/test/e2e/run_userns_test.go b/test/e2e/run_userns_test.go index 75ff186ca5..b5c00add5c 100644 --- a/test/e2e/run_userns_test.go +++ b/test/e2e/run_userns_test.go @@ -110,7 +110,7 @@ var _ = Describe("Podman UserNS support", func() { It("podman uidmapping and gidmapping with an idmapped volume", func() { Skip("it depends on a breaking change in crun: https://github.com/containers/crun/pull/1147") - + SkipIfRunc(podmanTest, "Test not supported yet with runc, see issue #17433") session := podmanTest.Podman([]string{"run", "--uidmap=0:1:500", "--gidmap=0:200:5000", "-v", "my-foo-volume:/foo:Z,idmap", "alpine", "stat", "-c", "#%u:%g#", "/foo"}) session.WaitWithDefaultTimeout() if strings.Contains(session.ErrorToString(), "Operation not permitted") { diff --git a/test/system/070-build.bats b/test/system/070-build.bats index 96c7cb91eb..c27186671f 100644 --- a/test/system/070-build.bats +++ b/test/system/070-build.bats @@ -30,6 +30,11 @@ EOF } @test "podman buildx - basic test" { + run_podman info --format "{{.Store.GraphDriverName}}" + if [[ "$output" == "vfs" ]]; then + skip "Test not supported with VFS podman storage driver (#17520)" + fi + rand_filename=$(random_string 20) rand_content=$(random_string 50) diff --git a/test/system/252-quadlet.bats b/test/system/252-quadlet.bats index 03b6497d7d..d094102f98 100644 --- a/test/system/252-quadlet.bats +++ b/test/system/252-quadlet.bats @@ -15,6 +15,7 @@ function start_time() { function setup() { skip_if_remote "quadlet tests are meaningless over remote" + skip_if_rootless_cgroupsv1 "Can't use --cgroups=split w/ CGv1 (#17456)" test -x "$QUADLET" || die "Cannot run quadlet tests without executable \$QUADLET ($QUADLET)" diff --git a/test/system/505-networking-pasta.bats b/test/system/505-networking-pasta.bats index d22e6d66e5..8b4172f4bc 100644 --- a/test/system/505-networking-pasta.bats +++ b/test/system/505-networking-pasta.bats @@ -12,6 +12,7 @@ load helpers.network function setup() { basic_setup + skip_if_rootless "FIXME: #17598 all pasta tests skipped for new version in new CI VM images." skip_if_not_rootless "pasta networking only available in rootless mode" skip_if_no_pasta "pasta not found: install pasta(1) to run these tests" diff --git a/test/system/700-play.bats b/test/system/700-play.bats index 27a85aa57b..7c694aeddf 100644 --- a/test/system/700-play.bats +++ b/test/system/700-play.bats @@ -236,9 +236,11 @@ EOF } @test "podman kube --network" { + skip_if_rootless_cgroupsv1 "Test will never be supported, see #17582." TESTDIR=$PODMAN_TMPDIR/testdir mkdir -p $TESTDIR echo "$testYaml" | sed "s|TESTDIR|${TESTDIR}|g" > $PODMAN_TMPDIR/test.yaml + run_podman kube play --network host $PODMAN_TMPDIR/test.yaml is "$output" "Pod:.*" "podman kube play should work with --network host"