Replace Ubuntu -> Debian SID

.cirrus.yml

@@ -26,20 +26,20 @@ env:
     ####
     #### Cache-image names to test with (double-quotes around names are critical)
     ####
-    FEDORA_NAME: "fedora-37" ### c20230120t152650z-f37f36u2204
-    FEDORA_AARCH64_NAME: "${FEDORA_NAME}-aarch64" ### c20230120t152650z-f37f36u2204
-    PRIOR_FEDORA_NAME: "fedora-36" ### c20230120t152650z-f37f36u2204
-    #UBUNTU_NAME: "ubuntu-2204"  ### c20230120t152650z-f37f36u2204
+    FEDORA_NAME: "fedora-37"
+    FEDORA_AARCH64_NAME: "${FEDORA_NAME}-aarch64"
+    PRIOR_FEDORA_NAME: "fedora-36"
+    DEBIAN_NAME: "debian-12"
 
     # Image identifiers
-    IMAGE_SUFFIX: "c20230120t152650z-f37f36u2204"
+    IMAGE_SUFFIX: "c20230221t162829z-f37f36d12"
     # EC2 images
     FEDORA_AMI: "fedora-aws-${IMAGE_SUFFIX}"
     FEDORA_AARCH64_AMI: "fedora-podman-aws-arm64-${IMAGE_SUFFIX}"
     # GCP Images
     FEDORA_CACHE_IMAGE_NAME: "fedora-${IMAGE_SUFFIX}"
     PRIOR_FEDORA_CACHE_IMAGE_NAME: "prior-fedora-${IMAGE_SUFFIX}"
-    #UBUNTU_CACHE_IMAGE_NAME: "ubuntu-${IMAGE_SUFFIX}"
+    DEBIAN_CACHE_IMAGE_NAME: "debian-${IMAGE_SUFFIX}"
     # Container FQIN's
     FEDORA_CONTAINER_FQIN: "quay.io/libpod/fedora_podman:${IMAGE_SUFFIX}"
     PRIOR_FEDORA_CONTAINER_FQIN: "quay.io/libpod/prior-fedora_podman:${IMAGE_SUFFIX}"
@@ -52,7 +52,7 @@ env:
     TEST_ENVIRON: host       # 'host', or 'container'
     PODBIN_NAME: podman      # 'podman' or 'remote'
     PRIV_NAME: root          # 'root' or 'rootless'
-    DISTRO_NV:               # any {PRIOR_,}{FEDORA,UBUNTU}_NAME value
+    DISTRO_NV:               # any {PRIOR_,}{FEDORA,DEBIAN}_NAME value
     VM_IMAGE_NAME:           # One of the "Google-cloud VM Images" (above)
     CTR_FQIN:                # One of the "Container FQIN's" (above)
 
@@ -109,12 +109,11 @@ build_task:
               CTR_FQIN: ${PRIOR_FEDORA_CONTAINER_FQIN}
               CI_DESIRED_RUNTIME: crun
               CI_DESIRED_NETWORK: cni
-        #- env: &ubuntu_envvars
-        #      DISTRO_NV: ${UBUNTU_NAME}
-        #      VM_IMAGE_NAME: ${UBUNTU_CACHE_IMAGE_NAME}
-        #      CTR_FQIN: ${UBUNTU_CONTAINER_FQIN}
-        #      CI_DESIRED_RUNTIME: runc
-        #      CI_DESIRED_NETWORK: whatever
+        - env: &debian_envvars
+              DISTRO_NV: ${DEBIAN_NAME}
+              VM_IMAGE_NAME: ${DEBIAN_CACHE_IMAGE_NAME}
+              CI_DESIRED_RUNTIME: runc
+              CI_DESIRED_NETWORK: netavark
     env:
         TEST_FLAVOR: build
     # NOTE: The default way Cirrus-CI clones is *NOT* compatible with
@@ -943,11 +942,10 @@ meta_task:
         image: quay.io/libpod/imgts:latest
     env:
         # Space-separated list of images used by this repository state
-        # DISABLED:
-        #   ${UBUNTU_CACHE_IMAGE_NAME}
         IMGNAMES: >-
             ${FEDORA_CACHE_IMAGE_NAME}
             ${PRIOR_FEDORA_CACHE_IMAGE_NAME}
+            ${DEBIAN_CACHE_IMAGE_NAME}
             build-push-${IMAGE_SUFFIX}
         EC2IMGNAMES: >-
           ${FEDORA_AARCH64_AMI}

Makefile

@@ -20,6 +20,8 @@
 ### Variables & Definitions
 ###
 
+# Default shell `/bin/sh` has different meanings depending on the platform.
+SHELL := /bin/bash
 GO ?= go
 GO_LDFLAGS:= $(shell if $(GO) version|grep -q gccgo ; then echo "-gccgoflags"; else echo "-ldflags"; fi)
 GOCMD = CGO_ENABLED=$(CGO_ENABLED) GOOS=$(GOOS) GOARCH=$(GOARCH) $(GO)

contrib/cirrus/lib.sh

@@ -204,6 +204,14 @@ install_test_configs() {
 }
 
 use_cni() {
+    req_env_vars OS_RELEASE_ID PACKAGE_DOWNLOAD_DIR SCRIPT_BASE
+    # Defined by common automation library
+    # shellcheck disable=SC2154
+    if [[ "$OS_RELEASE_ID" =~ "debian" ]]; then
+        # Supporting it involves swapping the rpm & dnf commands below
+        die "Testing debian w/ CNI networking currently not supported"
+    fi
+
     msg "Unsetting NETWORK_BACKEND for all subsequent environments."
     echo "export -n NETWORK_BACKEND" >> /etc/ci_environment
     echo "unset NETWORK_BACKEND" >> /etc/ci_environment
@@ -238,6 +246,7 @@ use_cni() {
 }
 
 use_netavark() {
+    req_env_vars OS_RELEASE_ID PRIOR_FEDORA_NAME DISTRO_NV
     local magickind repokind
     msg "Forcing NETWORK_BACKEND=netavark for all subsequent environments."
     echo "NETWORK_BACKEND=netavark" >> /etc/ci_environment
@@ -251,7 +260,9 @@ use_netavark() {
     # See ./contrib/cirrus/CIModes.md.
     # Vars defined by cirrus-ci
     # shellcheck disable=SC2154
-    if [[ "$CIRRUS_CHANGE_TITLE" =~ CI:[AN]V[AN]V= ]]; then
+    if [[ ! "$OS_RELEASE_ID" =~ "debian" ]] && \
+       [[ "$CIRRUS_CHANGE_TITLE" =~ CI:[AN]V[AN]V= ]]
+    then
         # shellcheck disable=SC2154
         if [[ "$CIRRUS_PR_DRAFT" != "true" ]]; then
             die "Magic 'CI:NVAV=*' string can only be used on DRAFT PRs"
@@ -306,7 +317,7 @@ remove_packaged_podman_files() {
 
     # OS_RELEASE_ID is defined by automation-library
     # shellcheck disable=SC2154
-    if [[ "$OS_RELEASE_ID" =~ "ubuntu" ]]
+    if [[ "$OS_RELEASE_ID" =~ "debian" ]]
     then
         LISTING_CMD="dpkg-query -L podman"
     else

contrib/cirrus/logcollector.sh

@@ -25,7 +25,7 @@ showrun() {
 case $1 in
     audit)
         case $OS_RELEASE_ID in
-            ubuntu) showrun cat /var/log/kern.log ;;
+            debian) showrun cat /var/log/kern.log ;;
             fedora) showrun cat /var/log/audit/audit.log ;;
             *) bad_os_id_ver ;;
         esac
@@ -34,7 +34,7 @@ case $1 in
     journal) showrun journalctl -b ;;
     podman) showrun ./bin/podman system info ;;
     packages)
-        # These names are common to Fedora and Ubuntu
+        # These names are common to Fedora and Debian
         PKG_NAMES=(\
                     conmon
                     containernetworking-plugins
@@ -59,7 +59,7 @@ case $1 in
                     passt
                 )
                 ;;
-            ubuntu)
+            debian)
                 cat /etc/issue
                 PKG_LST_CMD='dpkg-query --show --showformat=${Package}-${Version}-${Architecture}\n'
                 PKG_NAMES+=(\

contrib/cirrus/setup_environment.sh

@@ -56,9 +56,13 @@ echo -e "\n# Begin single-use VM global variables (${BASH_SOURCE[0]})" \
     done <<<"$(passthrough_envars)"
 ) >> "/etc/ci_environment"
 
-# This is a possible manual maintenance gaff, check to be sure everything matches.
+# This is a possible manual maintenance gaff, i.e. forgetting to update a
+# *_NAME variable in .cirrus.yml.  check to be sure at least one comparison
+# matches the actual OS being run.  Ignore details, such as debian point-release
+# number and/or '-aarch64' suffix.
 # shellcheck disable=SC2154
-[[ "$DISTRO_NV" =~ $OS_REL_VER ]] || \
+grep -q "$DISTRO_NV" <<<"$OS_REL_VER" || \
+    grep -q "$OS_REL_VER" <<<"$DISTRO_NV" || \
     die "Automation spec. '$DISTRO_NV'; actual host '$OS_REL_VER'"
 
 # Only allow this script to execute once
@@ -118,7 +122,7 @@ fi
 
 # Which distribution are we testing on.
 case "$OS_RELEASE_ID" in
-    ubuntu) ;;
+    debian) ;;
     fedora)
         if ((CONTAINER==0)); then
             # All SELinux distros need this for systemd-in-a-container
@@ -352,64 +356,6 @@ case "$TEST_FLAVOR" in
         make install PREFIX=/usr ETCDIR=/etc
         install_test_configs
         ;;
-    gitlab)
-        # ***WARNING*** ***WARNING*** ***WARNING*** ***WARNING***
-        # This sets up a special ubuntu environment exclusively for
-        # running the upstream gitlab-runner unit tests through
-        # podman as a drop-in replacement for the Docker daemon.
-        # Test and setup information can be found here:
-        # https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27270#note_499585550
-        #
-        # Unless you know what you're doing, and/or are in contact
-        # with the upstream gitlab-runner developers/community,
-        # please don't make changes willy-nilly to this setup.
-        # It's designed to follow upstream gitlab-runner development
-        # and alert us if any podman change breaks their foundation.
-        #
-        # That said, if this task does break in strange ways or requires
-        # updates you're unsure of.  Please consult with the upstream
-        # community through an issue near the one linked above.  If
-        # an extended period of breakage is expected, please un-comment
-        # the related `allow_failures: $CI == $CI` line in `.cirrus.yml`.
-        # ***WARNING*** ***WARNING*** ***WARNING*** ***WARNING***
-
-        if [[ "$OS_RELEASE_ID" != "ubuntu" ]]; then
-            die "This test only runs on Ubuntu due to sheer laziness"
-        fi
-
-        remove_packaged_podman_files
-        make install PREFIX=/usr ETCDIR=/etc
-
-        msg "Installing docker and containerd"
-        # N/B: Tests check/expect `docker info` output, and this `!= podman info`
-        ooe.sh dpkg -i \
-            $PACKAGE_DOWNLOAD_DIR/containerd.io*.deb \
-            $PACKAGE_DOWNLOAD_DIR/docker-ce*.deb
-
-        msg "Disabling docker service and socket activation"
-        systemctl stop docker.service docker.socket
-        systemctl disable docker.service docker.socket
-        rm -rf /run/docker*
-        # Guarantee the docker daemon can't be started, even by accident
-        rm -vf $(type -P dockerd)
-
-        msg "Recursively chowning source to $ROOTLESS_USER"
-        chown -R $ROOTLESS_USER:$ROOTLESS_USER "$GOPATH" "$GOSRC"
-
-        msg "Obtaining necessary gitlab-runner testing bits"
-        slug="gitlab.com/gitlab-org/gitlab-runner"
-        helper_fqin="registry.gitlab.com/gitlab-org/gitlab-runner/gitlab-runner-helper:x86_64-latest-pwsh"
-        ssh="ssh $ROOTLESS_USER@localhost -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o CheckHostIP=no env GOPATH=$GOPATH"
-        showrun $ssh go install github.com/jstemmer/go-junit-report/[email protected]
-        showrun $ssh git clone https://$slug $GOPATH/src/$slug
-        showrun $ssh make -C $GOPATH/src/$slug development_setup
-        showrun $ssh bash -c "'cd $GOPATH/src/$slug && GOPATH=$GOPATH go get .'"
-
-        showrun $ssh podman pull $helper_fqin
-        # Tests expect image with this exact name
-        showrun $ssh podman tag $helper_fqin \
-            docker.io/gitlab/gitlab-runner-helper:x86_64-latest-pwsh
-        ;;
     swagger)
         make .install.swagger
         ;;

test/buildah-bud/apply-podman-deltas

@@ -249,5 +249,12 @@ skip_if_remote "different error messages between podman & podman-remote" \
 
 # END   tests which are skipped due to actual podman or podman-remote bugs.
 ###############################################################################
+# BEGIN temporary workarounds that must be reevaluated periodically
+
+skip "Test is completely broken, see buildah issue 4396" \
+     "bud-multiple-platform-values"
+
+# END   temporary workarounds that must be reevaluated periodically
+###############################################################################
 
 exit $RC

test/e2e/common_test.go

@@ -679,6 +679,13 @@ func checkReason(reason string) {
 	}
 }
 
+func SkipIfRunc(p *PodmanTestIntegration, reason string) {
+	checkReason(reason)
+	if p.OCIRuntime == "runc" {
+		Skip("[runc]: " + reason)
+	}
+}
+
 func SkipIfRootlessCgroupsV1(reason string) {
 	checkReason(reason)
 	if isRootless() && !CGROUPSV2 {

test/e2e/play_kube_test.go

@@ -4700,6 +4700,7 @@ ENV OPENJ9_JAVA_OPTIONS=%q
 	})
 
 	It("podman play kube with disabled cgroup", func() {
+		SkipIfRunc(podmanTest, "Test not supported with runc, see issue #17436")
 		conffile := filepath.Join(podmanTest.TempDir, "container.conf")
 		// Disabled ipcns and cgroupfs in the config file
 		// Since shmsize (Inherit from infra container) cannot be set if ipcns is "host", we should remove the default value.

test/e2e/run_userns_test.go

@@ -110,7 +110,7 @@ var _ = Describe("Podman UserNS support", func() {
 
 	It("podman uidmapping and gidmapping with an idmapped volume", func() {
 		Skip("it depends on a breaking change in crun: https://github.com/containers/crun/pull/1147")
-
+		SkipIfRunc(podmanTest, "Test not supported yet with runc, see issue #17433")
 		session := podmanTest.Podman([]string{"run", "--uidmap=0:1:500", "--gidmap=0:200:5000", "-v", "my-foo-volume:/foo:Z,idmap", "alpine", "stat", "-c", "#%u:%g#", "/foo"})
 		session.WaitWithDefaultTimeout()
 		if strings.Contains(session.ErrorToString(), "Operation not permitted") {

test/system/070-build.bats

@@ -30,6 +30,11 @@ EOF
 }
 
 @test "podman buildx - basic test" {
+    run_podman info --format "{{.Store.GraphDriverName}}"
+    if [[ "$output" == "vfs" ]]; then
+        skip "Test not supported with VFS podman storage driver (#17520)"
+    fi
+
     rand_filename=$(random_string 20)
     rand_content=$(random_string 50)
 

test/system/252-quadlet.bats

@@ -15,6 +15,7 @@ function start_time() {
 
 function setup() {
     skip_if_remote "quadlet tests are meaningless over remote"
+    skip_if_rootless_cgroupsv1 "Can't use --cgroups=split w/ CGv1 (#17456)"
 
     test -x "$QUADLET" || die "Cannot run quadlet tests without executable \$QUADLET ($QUADLET)"
 

test/system/505-networking-pasta.bats

@@ -12,6 +12,7 @@ load helpers.network
 
 function setup() {
     basic_setup
+    skip_if_rootless "FIXME: #17598 all pasta tests skipped for new version in new CI VM images."
     skip_if_not_rootless "pasta networking only available in rootless mode"
     skip_if_no_pasta "pasta not found: install pasta(1) to run these tests"
 

test/system/700-play.bats

@@ -237,9 +237,11 @@ EOF
 }
 
 @test "podman kube --network" {
+    skip_if_rootless_cgroupsv1 "Test will never be supported, see #17582."
     TESTDIR=$PODMAN_TMPDIR/testdir
     mkdir -p $TESTDIR
     echo "$testYaml" | sed "s|TESTDIR|${TESTDIR}|g" > $PODMAN_TMPDIR/test.yaml
+
     run_podman kube play --network host $PODMAN_TMPDIR/test.yaml
     is "$output" "Pod:.*" "podman kube play should work with --network host"