diff --git a/contrib/cirrus/prebuild.sh b/contrib/cirrus/prebuild.sh index 10f799f575..228593b3b3 100755 --- a/contrib/cirrus/prebuild.sh +++ b/contrib/cirrus/prebuild.sh @@ -28,6 +28,11 @@ msg "Checking Cirrus YAML" # shellcheck disable=SC2154 showrun $SCRIPT_BASE/cirrus_yaml_test.py +msg "Checking for leading tabs in system tests" +if grep -n ^$'\t' test/system/*; then + die "Found leading tabs in system tests. Use spaces to indent, not tabs." +fi + # Defined by CI config. # shellcheck disable=SC2154 if [[ "${DISTRO_NV}" =~ fedora ]]; then diff --git a/test/system/020-tag.bats b/test/system/020-tag.bats index 945781afd1..5fbbf6bdd9 100644 --- a/test/system/020-tag.bats +++ b/test/system/020-tag.bats @@ -14,41 +14,41 @@ function _tag_and_check() { } @test "podman tag/untag" { - # Test a fully-qualified image reference. - _tag_and_check registry.com/image:latest registry.com/image:latest + # Test a fully-qualified image reference. + _tag_and_check registry.com/image:latest registry.com/image:latest - # Test a reference without tag and make sure ":latest" is appended. - _tag_and_check registry.com/image registry.com/image:latest + # Test a reference without tag and make sure ":latest" is appended. + _tag_and_check registry.com/image registry.com/image:latest - # Test a tagged short image and make sure "localhost/" is prepended. - _tag_and_check image:latest localhost/image:latest + # Test a tagged short image and make sure "localhost/" is prepended. + _tag_and_check image:latest localhost/image:latest - # Test a short image without tag and make sure "localhost/" is - # prepended and ":latest" is appended. - _tag_and_check image localhost/image:latest + # Test a short image without tag and make sure "localhost/" is + # prepended and ":latest" is appended. + _tag_and_check image localhost/image:latest - # Test error case. - run_podman 125 untag $IMAGE registry.com/foo:bar - is "$output" "Error: registry.com/foo:bar: tag not known" + # Test error case. + run_podman 125 untag $IMAGE registry.com/foo:bar + is "$output" "Error: registry.com/foo:bar: tag not known" } @test "podman untag all" { - # First get the image ID - run_podman inspect --format '{{.ID}}' $IMAGE - iid=$output + # First get the image ID + run_podman inspect --format '{{.ID}}' $IMAGE + iid=$output - # Add a couple of tags - run_podman tag $IMAGE registry.com/1:latest registry.com/2:latest registry.com/3:latest + # Add a couple of tags + run_podman tag $IMAGE registry.com/1:latest registry.com/2:latest registry.com/3:latest - # Untag with arguments to for all tags to be removed - run_podman untag $iid + # Untag with arguments to for all tags to be removed + run_podman untag $iid - # Now make sure all tags are removed - run_podman image inspect $iid --format "{{.RepoTags}}" - is "$output" "\[\]" "untag by ID leaves empty set of tags" + # Now make sure all tags are removed + run_podman image inspect $iid --format "{{.RepoTags}}" + is "$output" "\[\]" "untag by ID leaves empty set of tags" - # Restore image - run_podman tag $iid $IMAGE + # Restore image + run_podman tag $iid $IMAGE } # vim: filetype=sh diff --git a/test/system/030-run.bats b/test/system/030-run.bats index d60329a86b..753ec012e1 100644 --- a/test/system/030-run.bats +++ b/test/system/030-run.bats @@ -639,10 +639,10 @@ json-file | f run_podman run --name=$randomname --rootfs $romount:O echo "Hello world" is "$output" "Hello world" - run_podman container inspect $randomname --format "{{.ImageDigest}}" - is "$output" "" "Empty image digest for --rootfs container" + run_podman container inspect $randomname --format "{{.ImageDigest}}" + is "$output" "" "Empty image digest for --rootfs container" - run_podman rm -f -t0 $randomname + run_podman rm -f -t0 $randomname run_podman image unmount $IMAGE fi } diff --git a/test/system/055-rm.bats b/test/system/055-rm.bats index a8028ee440..831e6aac59 100644 --- a/test/system/055-rm.bats +++ b/test/system/055-rm.bats @@ -178,7 +178,7 @@ function __run_healthcheck_container() { break fi - sleep 0.5 + sleep 0.5 done run_podman rm -f $cname diff --git a/test/system/065-cp.bats b/test/system/065-cp.bats index e712810a27..250a8d0361 100644 --- a/test/system/065-cp.bats +++ b/test/system/065-cp.bats @@ -275,7 +275,7 @@ load helpers run_podman exec $destcontainer cat "/$dest_fullname" is "$output" "${randomcontent[$id]}" "$description (cp ctr:$src to /$dest)" - # To CREATED container + # To CREATED container run_podman create $IMAGE sleep infinity destcontainer="$output" destcontainers+=($destcontainer) @@ -303,7 +303,7 @@ load helpers run_podman cp cpcontainer:$src $destcontainer:"/$dest" run_podman exec $destcontainer cat "/$dest_fullname" is "$output" "${randomcontent[$id]}" "$description (cp ctr:$src to /$dest)" - # To CREATED container + # To CREATED container run_podman create $IMAGE sleep infinity destcontainer="$output" destcontainers+=($destcontainer) @@ -518,7 +518,7 @@ load helpers is "$output" "${randomcontent[0]} ${randomcontent[1]}" "$description" - # To CREATED container + # To CREATED container run_podman create $IMAGE sleep infinity destcontainer="$output" destcontainers+=($destcontainer) @@ -545,7 +545,7 @@ ${randomcontent[1]}" "$description" unset dest_fullname fi - # To RUNNING container + # To RUNNING container run_podman run -d $IMAGE sleep infinity destcontainer="$output" destcontainers+=($destcontainer) @@ -554,7 +554,7 @@ ${randomcontent[1]}" "$description" is "$output" "${randomcontent[0]} ${randomcontent[1]}" "$description" - # To CREATED container + # To CREATED container run_podman create $IMAGE sleep infinity destcontainer="$output" destcontainers+=($destcontainer) diff --git a/test/system/070-build.bats b/test/system/070-build.bats index cfa7799371..96c7cb91eb 100644 --- a/test/system/070-build.bats +++ b/test/system/070-build.bats @@ -397,7 +397,7 @@ EOF if is_remote; then ENVHOST="" else - ENVHOST="--env-host" + ENVHOST="--env-host" fi # Run without args - should run the above script. Verify its output. @@ -584,7 +584,7 @@ EOF # Build an image. For .dockerignore local -a ignoreflag - unset ignoreflag + unset ignoreflag if [[ $ignorefile != ".dockerignore" ]]; then ignoreflag="--ignorefile $tmpdir/$ignorefile" fi @@ -1029,14 +1029,14 @@ EOF touch $tmpdir/empty-file.txt if is_remote && ! is_rootless ; then - # TODO: set this file's owner to a UID:GID that will not be mapped - # in the context where the remote server is running, which generally - # requires us to be root (or running with more mapped IDs) on the - # client, but not root (or running with fewer mapped IDs) on the - # remote server - # 4294967292:4294967292 (0xfffffffc:0xfffffffc) isn't that, but - # it will catch errors where a remote server doesn't apply the right - # default as it copies content into the container + # TODO: set this file's owner to a UID:GID that will not be mapped + # in the context where the remote server is running, which generally + # requires us to be root (or running with more mapped IDs) on the + # client, but not root (or running with fewer mapped IDs) on the + # remote server + # 4294967292:4294967292 (0xfffffffc:0xfffffffc) isn't that, but + # it will catch errors where a remote server doesn't apply the right + # default as it copies content into the container chown 4294967292:4294967292 $tmpdir/empty-file.txt fi cat >$tmpdir/Dockerfile <$mnt/$myfile + echo $mytext >$mnt/$myfile run_podman run -v ${myvolume}:/vol:z $IMAGE cat /vol/$myfile - is "$output" "$mytext" "$myfile should exist within the containers volume and contain $mytext" + is "$output" "$mytext" "$myfile should exist within the containers volume and contain $mytext" run_podman volume unmount ${myvolume} else run_podman 125 volume mount ${myvolume} - is "$output" "Error: cannot run command \"podman volume mount\" in rootless mode, must execute.*podman unshare.*first" "Should fail and complain about unshare" + is "$output" "Error: cannot run command \"podman volume mount\" in rootless mode, must execute.*podman unshare.*first" "Should fail and complain about unshare" fi } diff --git a/test/system/220-healthcheck.bats b/test/system/220-healthcheck.bats index 1ff26f2e6a..811f07709a 100644 --- a/test/system/220-healthcheck.bats +++ b/test/system/220-healthcheck.bats @@ -113,12 +113,12 @@ Log[-1].Output | \"Uh-oh on stdout!\\\nUh-oh on stderr!\" img="healthcheck_i" for policy in none kill restart stop;do - if [[ $policy == "none" ]];then - # Do not remove the /uh-oh file for `none` as we want to - # demonstrate that no action was taken - _build_health_check_image $img + if [[ $policy == "none" ]];then + # Do not remove the /uh-oh file for `none` as we want to + # demonstrate that no action was taken + _build_health_check_image $img else - _build_health_check_image $img cleanfile + _build_health_check_image $img cleanfile fi # Run that healthcheck image. @@ -140,19 +140,19 @@ Log[-1].Output | \"Uh-oh on stdout!\\\nUh-oh on stderr!\" is "$output" "unhealthy" "output from 'podman healthcheck run' (policy: $policy)" run_podman inspect $ctr --format "{{.State.Status}} {{.Config.HealthcheckOnFailureAction}}" - if [[ $policy == "restart" ]];then - # Container has been restarted and health check works again - is "$output" "running $policy" "container has been restarted" - run_podman container inspect $ctr --format "{{.State.Healthcheck.FailingStreak}}" - is "$output" "0" "Failing streak of restarted container should be 0 again" - run_podman healthcheck run $ctr + if [[ $policy == "restart" ]];then + # Container has been restarted and health check works again + is "$output" "running $policy" "container has been restarted" + run_podman container inspect $ctr --format "{{.State.Healthcheck.FailingStreak}}" + is "$output" "0" "Failing streak of restarted container should be 0 again" + run_podman healthcheck run $ctr elif [[ $policy == "none" ]];then # Container is still running and health check still broken is "$output" "running $policy" "container continued running" run_podman 1 healthcheck run $ctr is "$output" "unhealthy" "output from 'podman healthcheck run' (policy: $policy)" - else - # kill and stop yield the container into a non-running state + else + # kill and stop yield the container into a non-running state is "$output" ".* $policy" "container was stopped/killed (policy: $policy)" assert "$output" != "running $policy" # also make sure that it's not stuck in the stopping state diff --git a/test/system/250-systemd.bats b/test/system/250-systemd.bats index b3d8f82af0..6c00e4dafe 100644 --- a/test/system/250-systemd.bats +++ b/test/system/250-systemd.bats @@ -189,10 +189,10 @@ function check_listen_env() { local stdenv="$1" local context="$2" if is_remote; then - is "$output" "$stdenv" "LISTEN Environment did not pass: $context" + is "$output" "$stdenv" "LISTEN Environment did not pass: $context" else - out=$(for o in $output; do echo $o; done| sort) - std=$(echo "$stdenv + out=$(for o in $output; do echo $o; done| sort) + std=$(echo "$stdenv LISTEN_PID=1 LISTEN_FDS=1 LISTEN_FDNAMES=listen_fdnames" | sort) diff --git a/test/system/410-selinux.bats b/test/system/410-selinux.bats index 71e253476a..d23e687b29 100644 --- a/test/system/410-selinux.bats +++ b/test/system/410-selinux.bats @@ -27,9 +27,9 @@ function check_label() { is "$type" "$1" "SELinux type" if [ -n "$2" ]; then - # e.g. from the above example -> "s0:c45,c745" - range=$(cut -d: -f4,5 <<<"$context") - is "$range" "$2^@" "SELinux range" + # e.g. from the above example -> "s0:c45,c745" + range=$(cut -d: -f4,5 <<<"$context") + is "$range" "$2^@" "SELinux range" fi } @@ -66,9 +66,9 @@ function check_label() { # FIXME this test fails when run rootless with runc: # Error: container_linux.go:367: starting container process caused: process_linux.go:495: container init caused: readonly path /proc/asound: operation not permitted: OCI permission denied if is_rootless; then - runtime=$(podman_runtime) - test "$runtime" == "crun" \ - || skip "runtime is $runtime; this test requires crun" + runtime=$(podman_runtime) + test "$runtime" == "crun" \ + || skip "runtime is $runtime; this test requires crun" fi check_label "--pid=host" "spc_t" @@ -96,10 +96,10 @@ function check_label() { skip_if_no_selinux run_podman run -d --name myc \ - --security-opt seccomp=unconfined \ - --security-opt label=type:spc_t \ - --security-opt label=level:s0 \ - $IMAGE sh -c 'while test ! -e /stop; do sleep 0.1; done' + --security-opt seccomp=unconfined \ + --security-opt label=type:spc_t \ + --security-opt label=level:s0 \ + $IMAGE sh -c 'while test ! -e /stop; do sleep 0.1; done' run_podman inspect --format='{{ .HostConfig.SecurityOpt }}' myc is "$output" "[label=type:spc_t,label=level:s0 seccomp=unconfined]" \ "'podman inspect' preserves all --security-opts" @@ -118,7 +118,7 @@ function check_label() { skip_if_rootless_cgroupsv1 if [[ $(podman_runtime) == "runc" ]]; then - skip "some sort of runc bug, not worth fixing (#11784)" + skip "some sort of runc bug, not worth fixing (#11784)" fi run_podman run -d --name myctr $IMAGE top @@ -136,7 +136,7 @@ function check_label() { # net NS: do not share context run_podman run --rm --net container:myctr $IMAGE cat -v /proc/self/attr/current assert "$output" != "$context_c1" \ - "run --net : context should != context of running container" + "run --net : context should != context of running container" # The 'myctr2' above was not run with --rm, so it still exists, and # we can't remove the original container until this one is gone. @@ -157,8 +157,8 @@ function check_label() { # We don't need a fullblown pause container; avoid pulling the k8s one run_podman pod create --name myselinuxpod \ - --infra-image $IMAGE \ - --infra-command /home/podman/pause + --infra-image $IMAGE \ + --infra-command /home/podman/pause # Get baseline run_podman run --rm --pod myselinuxpod $IMAGE cat -v /proc/self/attr/current @@ -189,7 +189,7 @@ function check_label() { # Even after #7902, labels (':c123,c456') should be different run_podman run --rm --pod myselinuxpod $IMAGE cat -v /proc/self/attr/current assert "$output" != "$context_c1" \ - "context of two separate containers should be different" + "context of two separate containers should be different" run_podman pod rm myselinuxpod } @@ -201,16 +201,16 @@ function check_label() { # runc and crun emit different diagnostics runtime=$(podman_runtime) case "$runtime" in - # crun 0.20.1 changes the error message - # from /proc/thread-self/attr/exec`: .* unable to assign - # to /proc/self/attr/keycreate`: .* unable to process - crun) expect="\`/proc/.*\`: OCI runtime error: unable to \(assign\|process\) security attribute" ;; - # runc 1.1 changed the error message because of new selinux pkg that uses standard os.PathError, see - # https://github.com/opencontainers/selinux/pull/148/commits/a5dc47f74c56922d58ead05d1fdcc5f7f52d5f4e - # from failed to set /proc/self/attr/keycreate on procfs - # to write /proc/self/attr/keycreate: invalid argument - runc) expect=".*: \(failed to set\|write\) /proc/self/attr/keycreate.*" ;; - *) skip "Unknown runtime '$runtime'";; + # crun 0.20.1 changes the error message + # from /proc/thread-self/attr/exec`: .* unable to assign + # to /proc/self/attr/keycreate`: .* unable to process + crun) expect="\`/proc/.*\`: OCI runtime error: unable to \(assign\|process\) security attribute" ;; + # runc 1.1 changed the error message because of new selinux pkg that uses standard os.PathError, see + # https://github.com/opencontainers/selinux/pull/148/commits/a5dc47f74c56922d58ead05d1fdcc5f7f52d5f4e + # from failed to set /proc/self/attr/keycreate on procfs + # to write /proc/self/attr/keycreate: invalid argument + runc) expect=".*: \(failed to set\|write\) /proc/self/attr/keycreate.*" ;; + *) skip "Unknown runtime '$runtime'";; esac # The '.*' in the error below is for dealing with podman-remote, which @@ -249,28 +249,28 @@ function check_label() { # podman-remote has no 'unshare' if is_rootless && ! is_remote; then - run_podman unshare touch $tmpdir/test1 - # Relabel entire directory - run_podman unshare chcon system_u:object_r:usr_t:s0 $tmpdir - run_podman start --attach label - newlevel=$(secon -l $output) - is "$level" "$newlevel" "start should relabel with same SELinux labels" - run ls -dZ $tmpdir - is "$output" "system_u:object_r:container_file_t:$level $tmpdir" \ - "Confined Relabel Correctly" - run ls -dZ $tmpdir/test1 - is "$output" "system_u:object_r:container_file_t:$level $tmpdir/test1" \ - "Start did not Relabel" - - # Relabel only file in subdir - run_podman unshare chcon system_u:object_r:usr_t:s0 $tmpdir/test1 - run_podman start --attach label - newlevel=$(secon -l $output) - is "$level" "$newlevel" "start should use same SELinux labels" - - run ls -dZ $tmpdir/test1 - is "$output" "system_u:object_r:usr_t:s0 $tmpdir/test1" \ - "Start did not Relabel" + run_podman unshare touch $tmpdir/test1 + # Relabel entire directory + run_podman unshare chcon system_u:object_r:usr_t:s0 $tmpdir + run_podman start --attach label + newlevel=$(secon -l $output) + is "$level" "$newlevel" "start should relabel with same SELinux labels" + run ls -dZ $tmpdir + is "$output" "system_u:object_r:container_file_t:$level $tmpdir" \ + "Confined Relabel Correctly" + run ls -dZ $tmpdir/test1 + is "$output" "system_u:object_r:container_file_t:$level $tmpdir/test1" \ + "Start did not Relabel" + + # Relabel only file in subdir + run_podman unshare chcon system_u:object_r:usr_t:s0 $tmpdir/test1 + run_podman start --attach label + newlevel=$(secon -l $output) + is "$level" "$newlevel" "start should use same SELinux labels" + + run ls -dZ $tmpdir/test1 + is "$output" "system_u:object_r:usr_t:s0 $tmpdir/test1" \ + "Start did not Relabel" fi run_podman run -v $tmpdir:/test:z $IMAGE cat /proc/self/attr/current run ls -dZ $tmpdir diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats index 3b797be089..d832b33a7e 100644 --- a/test/system/500-networking.bats +++ b/test/system/500-networking.bats @@ -226,7 +226,7 @@ load helpers.network "sdfsdf" run_podman run -d --network $mynetname -p 127.0.0.1:$myport:$myport \ - $IMAGE nc -l -n -v -p $myport + $IMAGE nc -l -n -v -p $myport cid="$output" # FIXME: debugging for #11871 @@ -663,9 +663,9 @@ EOF is "$output" "search example.com.*" "correct search domain" local store=$output if is_netavark; then - is "$store" ".*nameserver $subnet.1.*" "integrated dns nameserver is set" + is "$store" ".*nameserver $subnet.1.*" "integrated dns nameserver is set" else - is "$store" ".*nameserver 1.1.1.1${nl}nameserver $searchIP${nl}nameserver 1.0.0.1${nl}nameserver 8.8.8.8" "nameserver order is correct" + is "$store" ".*nameserver 1.1.1.1${nl}nameserver $searchIP${nl}nameserver 1.0.0.1${nl}nameserver 8.8.8.8" "nameserver order is correct" fi # we should use the integrated dns server run_podman run --network $netname --rm $IMAGE cat /etc/resolv.conf diff --git a/test/system/700-play.bats b/test/system/700-play.bats index ad7873f81a..01c6ef59c8 100644 --- a/test/system/700-play.bats +++ b/test/system/700-play.bats @@ -567,7 +567,7 @@ EOF run_podman kube play $YAML if selinux_enabled; then run_podman inspect pod1-test1 --format "{{ .MountLabel }}" - is "$output" "system_u:object_r:usr_t:s0:c1,c2" "Generated container should use filetype usr_t" + is "$output" "system_u:object_r:usr_t:s0:c1,c2" "Generated container should use filetype usr_t" fi run_podman kube down $YAML } diff --git a/test/system/800-config.bats b/test/system/800-config.bats index f5b4e95709..72b69cd20e 100644 --- a/test/system/800-config.bats +++ b/test/system/800-config.bats @@ -62,7 +62,7 @@ EOF # container" errors from podman wait. CONTAINERS_CONF="$conf_tmp" run_podman '?' wait "$cid" if [[ $status != 0 ]]; then - is "$output" "Error:.*no such container" "unexpected error from podman wait" + is "$output" "Error:.*no such container" "unexpected error from podman wait" fi # The --rm option means the container should no longer exist.