diff --git a/.github/workflows/ca-container-migration-test.yml b/.github/workflows/ca-container-migration-test.yml index 38facf2ee3b..5f12cd2a345 100644 --- a/.github/workflows/ca-container-migration-test.yml +++ b/.github/workflows/ca-container-migration-test.yml @@ -97,8 +97,30 @@ jobs: - name: Install Podman run: | - docker exec pki dnf install -y podman - docker exec pki podman info + docker exec pki dnf install -y podman sqlite + docker exec pki ls -lR /usr/share/containers + docker exec pki cat /usr/share/containers/containers.conf + docker exec pki cat /usr/share/containers/storage.conf + + - name: Configure Podman + run: | + OS_VERSION=$(lsb_release -r -s | sed 's/\..*$//') + echo "OS_VERSION: $OS_VERSION" + + # workaround for Podman issue on Ubuntu 24 + # https://github.com/containers/podman/issues/21683 + if [ "$OS_VERSION" -ge "24" ]; then + docker exec -i pki sqlite3 /var/lib/containers/storage/db.sql << EOF + update DBConfig set GraphDriver = 'overlay' where GraphDriver = ''; + EOF + fi + + docker exec pki podman info --format=json | tee output + + # rootless should be disabled + echo "false" > expected + jq -r '.host.security.rootless' output > actual + diff expected actual - name: Load PKI images into root user's space run: | diff --git a/.github/workflows/ca-container-system-service-test.yml b/.github/workflows/ca-container-system-service-test.yml index 2d11461de89..cc895d8ed05 100644 --- a/.github/workflows/ca-container-system-service-test.yml +++ b/.github/workflows/ca-container-system-service-test.yml @@ -46,7 +46,30 @@ jobs: - name: Install Podman run: | - docker exec pki dnf install -y podman + docker exec pki dnf install -y podman sqlite + docker exec pki ls -lR /usr/share/containers + docker exec pki cat /usr/share/containers/containers.conf + docker exec pki cat /usr/share/containers/storage.conf + + - name: Configure Podman + run: | + OS_VERSION=$(lsb_release -r -s | sed 's/\..*$//') + echo "OS_VERSION: $OS_VERSION" + + # workaround for Podman issue on Ubuntu 24 + # https://github.com/containers/podman/issues/21683 + if [ "$OS_VERSION" -ge "24" ]; then + docker exec -i pki sqlite3 /var/lib/containers/storage/db.sql << EOF + update DBConfig set GraphDriver = 'overlay' where GraphDriver = ''; + EOF + fi + + docker exec pki podman info --format=json | tee output + + # rootless should be disabled + echo "false" > expected + jq -r '.host.security.rootless' output > actual + diff expected actual - name: Load PKI images into root user's space run: | diff --git a/.github/workflows/ca-container-user-service-test.yml b/.github/workflows/ca-container-user-service-test.yml index 004938d7456..fa5d0e80fe7 100644 --- a/.github/workflows/ca-container-user-service-test.yml +++ b/.github/workflows/ca-container-user-service-test.yml @@ -8,7 +8,9 @@ env: jobs: test: name: Test - runs-on: ubuntu-latest + # workaround for Podman issue on Ubuntu 24 + # https://github.com/containers/podman/issues/21683 + runs-on: ubuntu-22.04 env: SHARED: /tmp/workdir/pki steps: @@ -51,10 +53,12 @@ jobs: - name: Install Podman run: | - docker exec pki dnf install -y podman fuse-overlayfs - docker exec pki podman info + docker exec pki dnf install -y podman sqlite fuse-overlayfs + docker exec pki ls -lR /usr/share/containers + docker exec pki cat /usr/share/containers/containers.conf + docker exec pki cat /usr/share/containers/storage.conf - - name: Configure rootless container + - name: Configure Podman run: | # enable SETUID and SETGID capabilities # https://github.com/containers/podman/discussions/21739 @@ -86,7 +90,7 @@ jobs: mount_program = "/usr/bin/fuse-overlayfs" EOF - docker exec -u pkiuser pki podman system info --format=json | tee output + docker exec -u pkiuser pki podman info --format=json | tee output # rootless should be enabled echo "true" > expected