Build and use a newer systemd image

test/system/255-auto-update.bats

@@ -31,8 +31,7 @@ function teardown() {
             quay.io/libpod/busybox:latest          \
             quay.io/libpod/localtest:latest        \
             quay.io/libpod/autoupdatebroken:latest \
-            quay.io/libpod/test:latest             \
-            quay.io/libpod/fedora:31
+            quay.io/libpod/test:latest
 
     # The rollback tests may leave some dangling images behind, so let's prune
     # them to leave a clean state.
@@ -267,7 +266,7 @@ function _confirm_update() {
 
     dockerfile1=$PODMAN_TMPDIR/Dockerfile.1
     cat >$dockerfile1 <<EOF
-FROM quay.io/libpod/fedora:31
+FROM $SYSTEMD_IMAGE
 RUN echo -e "#!/bin/sh\n\
 printenv NOTIFY_SOCKET; echo READY; systemd-notify --ready;\n\
 trap 'echo Received SIGTERM, finishing; exit' SIGTERM; echo WAITING; while :; do sleep 0.1; done" \
@@ -277,7 +276,7 @@ EOF
 
     dockerfile2=$PODMAN_TMPDIR/Dockerfile.2
     cat >$dockerfile2 <<EOF
-FROM quay.io/libpod/fedora:31
+FROM $SYSTEMD_IMAGE
 RUN echo -e "#!/bin/sh\n\
 exit 1" >> /runme
 RUN chmod +x /runme
@@ -446,7 +445,7 @@ EOF
 
     dockerfile1=$PODMAN_TMPDIR/Dockerfile.1
     cat >$dockerfile1 <<EOF
-FROM quay.io/libpod/fedora:31
+FROM $SYSTEMD_IMAGE
 RUN echo -e "#!/bin/sh\n\
 printenv NOTIFY_SOCKET; echo READY; systemd-notify --ready;\n\
 trap 'echo Received SIGTERM, finishing; exit' SIGTERM; echo WAITING; while :; do sleep 0.1; done" \
@@ -456,7 +455,7 @@ EOF
 
     dockerfile2=$PODMAN_TMPDIR/Dockerfile.2
     cat >$dockerfile2 <<EOF
-FROM quay.io/libpod/fedora:31
+FROM $SYSTEMD_IMAGE
 RUN echo -e "#!/bin/sh\n\
 exit 1" >> /runme
 RUN chmod +x /runme

test/system/260-sdnotify.bats

@@ -144,20 +144,15 @@ READY=1" "sdnotify sent MAINPID and READY"
 # These tests can fail in dev. environment because of SELinux.
 # quick fix: chcon -t container_runtime_exec_t ./bin/podman
 @test "sdnotify : container" {
-    # Sigh... we need to pull a humongous image because it has systemd-notify.
-    # (IMPORTANT: fedora:32 and above silently removed systemd-notify; this
-    # caused CI to hang. That's why we explicitly require fedora:31)
-    # FIXME: is there a smaller image we could use?
-    local _FEDORA="$PODMAN_TEST_IMAGE_REGISTRY/$PODMAN_TEST_IMAGE_USER/fedora:31"
-    # Pull that image. Retry in case of flakes.
-    run_podman pull $_FEDORA || \
-        run_podman pull $_FEDORA || \
-        run_podman pull $_FEDORA
+    # Pull our systemd image. Retry in case of flakes.
+    run_podman pull $SYSTEMD_IMAGE || \
+        run_podman pull $SYSTEMD_IMAGE || \
+        run_podman pull $SYSTEMD_IMAGE
 
     export NOTIFY_SOCKET=$PODMAN_TMPDIR/container.sock
     _start_socat
 
-    run_podman run -d --sdnotify=container $_FEDORA \
+    run_podman run -d --sdnotify=container $SYSTEMD_IMAGE \
                sh -c 'printenv NOTIFY_SOCKET; echo READY; while ! test -f /stop;do sleep 0.1;done;systemd-notify --ready'
     cid="$output"
     wait_for_ready $cid
@@ -191,7 +186,6 @@ READY=1" "sdnotify sent MAINPID and READY"
 READY=1"
 
     run_podman rm $cid
-    run_podman rmi $_FEDORA
     _stop_socat
 }
 
@@ -250,15 +244,10 @@ READY=1" "sdnotify sent MAINPID and READY"
 }
 
 @test "sdnotify : play kube - with policies" {
-    # Sigh... we need to pull a humongous image because it has systemd-notify.
-    # (IMPORTANT: fedora:32 and above silently removed systemd-notify; this
-    # caused CI to hang. That's why we explicitly require fedora:31)
-    # FIXME: is there a smaller image we could use?
-    local _FEDORA="$PODMAN_TEST_IMAGE_REGISTRY/$PODMAN_TEST_IMAGE_USER/fedora:31"
     # Pull that image. Retry in case of flakes.
-    run_podman pull $_FEDORA || \
-        run_podman pull $_FEDORA || \
-        run_podman pull $_FEDORA
+    run_podman pull $SYSTEMD_IMAGE || \
+        run_podman pull $SYSTEMD_IMAGE || \
+        run_podman pull $SYSTEMD_IMAGE
 
     # Create the YAMl file
     yaml_source="$PODMAN_TMPDIR/test.yaml"
@@ -279,7 +268,7 @@ spec:
     - /bin/sh
     - -c
     - 'printenv NOTIFY_SOCKET; while ! test -f /stop;do sleep 0.1;done'
-    image: $_FEDORA
+    image: $SYSTEMD_IMAGE
     name: a
   - command:
     - /bin/sh
@@ -360,7 +349,7 @@ READY=1" "sdnotify sent MAINPID and READY"
 
     # Clean up pod and pause image
     run_podman play kube --down $yaml_source
-    run_podman rmi $_FEDORA $(pause_image)
+    run_podman rmi $(pause_image)
 }
 
 # vim: filetype=sh

test/system/320-system-df.bats

@@ -5,6 +5,15 @@
 
 load helpers
 
+function setup() {
+    # Depending on which tests have been run prior to getting here, there
+    # may be one or two images loaded. We want only '$IMAGE', not the
+    # systemd one.
+    run_podman rmi -f $SYSTEMD_IMAGE
+
+    basic_setup
+}
+
 function teardown() {
     basic_teardown
 
@@ -30,10 +39,45 @@ function teardown() {
 }
 
 @test "podman system df --format json functionality" {
+    # Run two dummy containers, one which exits, one which stays running
+    run_podman run    --name stoppedcontainer $IMAGE true
+    run_podman run -d --name runningcontainer $IMAGE top
     run_podman system df --format json
-    is "$output" '.*"TotalCount": 1'       "Exactly one image"
-    is "$output" '.*"RawSize": 0' "RawSize reported"
-    is "$output" '.*"Size": "0B"' "Size reported"
+    local results="$output"
+
+    # FIXME: we can't check exact RawSize or Size because every CI system
+    # computes a different value: 12701526, 12702113, 12706209... and
+    # those are all amd64. aarch64 gets 12020148, 12019561.
+    #
+    # WARNING: RawSize and Size tests may fail if $IMAGE is updated. Since
+    # that tends to be done yearly or less, and only by Ed, that's OK.
+    local tests='
+Type           | Images    | Containers | Local Volumes
+Total          |         1 |          2 |             0
+Active         |         1 |          1 |             0
+RawSize        | ~12...... |          0 |             0
+RawReclaimable |         0 |          0 |             0
+TotalCount     |         1 |          2 |             0
+Size           |   ~12.*MB |         0B |            0B
+'
+    while read -a fields; do
+        for i in 0 1 2;do
+            expect="${fields[$((i+1))]}"
+            actual=$(jq -r ".[$i].${fields[0]}" <<<"$results")
+
+            # Do exact-match check, unless the expect term starts with ~
+            op='='
+            if [[ "$expect" =~ ^~ ]]; then
+                op='=~'
+                expect=${expect##\~}
+            fi
+
+            assert "$actual" "$op" "$expect" "system df[$i].${fields[0]}"
+        done
+    done < <(parse_table "$tests")
+
+    # Clean up
+    run_podman rm -f -t 0 stoppedcontainer runningcontainer
 }
 
 @test "podman system df - with active containers and volumes" {

test/system/build-systemd-image

@@ -0,0 +1,67 @@
+#!/bin/bash
+#
+# build-systemd-image - script for producing a test image with systemd
+#
+# Based on the build-testimage script. This script builds a fedora-based
+# image with systemd in it, for use in systemd-based tests.
+#
+
+# Podman binary to use
+PODMAN=${PODMAN:-$(pwd)/bin/podman}
+
+# Tag for this new image
+YMD=$(date +%Y%m%d)
+
+# git-relative path to this script
+create_script=$(cd $(dirname $0) && git ls-files --full-name $(basename $0))
+if [ -z "$create_script" ]; then
+    create_script=$0
+fi
+
+# Creation timestamp, Zulu time
+create_time_t=$(date +%s)
+create_time_z=$(env TZ=UTC date --date=@$create_time_t +'%Y-%m-%dT%H:%M:%SZ')
+
+set -ex
+
+# We'll need to create a Containerfile plus various other files to add in
+tmpdir=$(mktemp -t -d $(basename $0).tmp.XXXXXXX)
+cd $tmpdir
+echo $YMD >testimage-id
+
+cat >Containerfile <<EOF
+FROM registry.fedoraproject.org/fedora-minimal:37
+LABEL created_by=$create_script
+LABEL created_at=$create_time_z
+RUN microdnf install -y systemd && microdnf clean all
+ADD testimage-id /home/podman/
+WORKDIR /home/podman
+CMD ["/bin/echo", "This image is intended for podman CI testing"]
+EOF
+
+# Start from scratch
+testimg_base=quay.io/libpod/systemd-image
+testimg=${testimg_base}:$YMD
+$PODMAN rmi -f $testimg &> /dev/null || true
+
+# Arch emulation on Fedora requires the qemu-user-static package.
+for arch in amd64 arm64 ppc64le s390x;do
+    $PODMAN build \
+            --arch=$arch \
+            --squash-all \
+            --timestamp=$create_time_t \
+            --manifest=$testimg \
+            .
+done
+
+# Clean up
+cd /tmp
+rm -rf $tmpdir
+
+# Tag image and push (all arches) to quay.
+cat <<EOF
+
+If you're happy with this image, run:
+
+   podman manifest push --all  ${testimg} docker://${testimg}
+EOF

test/system/helpers.bash

@@ -12,6 +12,11 @@ PODMAN_TEST_IMAGE_TAG=${PODMAN_TEST_IMAGE_TAG:-"20221018"}
 PODMAN_TEST_IMAGE_FQN="$PODMAN_TEST_IMAGE_REGISTRY/$PODMAN_TEST_IMAGE_USER/$PODMAN_TEST_IMAGE_NAME:$PODMAN_TEST_IMAGE_TAG"
 PODMAN_TEST_IMAGE_ID=
 
+# Larger image containing systemd tools.
+PODMAN_SYSTEMD_IMAGE_NAME=${PODMAN_SYSTEMD_IMAGE_NAME:-"systemd-image"}
+PODMAN_SYSTEMD_IMAGE_TAG=${PODMAN_SYSTEMD_IMAGE_TAG:-"20221206"}
+PODMAN_SYSTEMD_IMAGE_FQN="$PODMAN_TEST_IMAGE_REGISTRY/$PODMAN_TEST_IMAGE_USER/$PODMAN_SYSTEMD_IMAGE_NAME:$PODMAN_SYSTEMD_IMAGE_TAG"
+
 # Remote image that we *DO NOT* fetch or keep by default; used for testing pull
 # This has changed in 2021, from 0 through 3, various iterations of getting
 # multiarch to work. It should change only very rarely.
@@ -20,6 +25,7 @@ PODMAN_NONLOCAL_IMAGE_FQN="$PODMAN_TEST_IMAGE_REGISTRY/$PODMAN_TEST_IMAGE_USER/$
 
 # Because who wants to spell that out each time?
 IMAGE=$PODMAN_TEST_IMAGE_FQN
+SYSTEMD_IMAGE=$PODMAN_SYSTEMD_IMAGE_FQN
 
 # Default timeout for a podman command.
 PODMAN_TIMEOUT=${PODMAN_TIMEOUT:-120}
@@ -55,12 +61,15 @@ function basic_setup() {
     run_podman images --all --format '{{.Repository}}:{{.Tag}} {{.ID}}'
     for line in "${lines[@]}"; do
         set $line
-        if [ "$1" == "$PODMAN_TEST_IMAGE_FQN" ]; then
+        if [[ "$1" == "$PODMAN_TEST_IMAGE_FQN" ]]; then
             if [[ -z "$PODMAN_TEST_IMAGE_ID" ]]; then
                 # This will probably only trigger the 2nd time through setup
                 PODMAN_TEST_IMAGE_ID=$2
             fi
             found_needed_image=1
+        elif [[ "$1" == "$PODMAN_SYSTEMD_IMAGE_FQN" ]]; then
+            # This is a big image, don't force unnecessary pulls
+            :
         else
             # Always remove image that doesn't match by name
             echo "# setup(): removing stray image $1" >&3