From be8db87800c751a3ecc505444f88d0824320270a Mon Sep 17 00:00:00 2001 From: Miroslav Vadkerti Date: Fri, 20 Sep 2024 00:36:01 +0200 Subject: [PATCH 1/7] Support container provisioner in toolbox For Fedora Silverblue users it is common to run podman via `flatpak-spawn --host` which runs podman on the host system itself. This requires to pass the toolbox container name when running `podman cp` to correctly copy stuff from the toolbox container, where `tmt` is installed to the provisioned container. Fixes #1020 Signed-off-by: Miroslav Vadkerti --- docs/releases.rst | 5 ++ tests/provision/container/toolbox/main.fmf | 11 +++ .../container/toolbox/podman_wrapper | 2 + tests/provision/container/toolbox/test.sh | 71 +++++++++++++++++++ tmt/steps/provision/__init__.py | 45 ++++++++++++ tmt/steps/provision/podman.py | 16 ++++- 6 files changed, 148 insertions(+), 2 deletions(-) create mode 100644 tests/provision/container/toolbox/main.fmf create mode 100755 tests/provision/container/toolbox/podman_wrapper create mode 100755 tests/provision/container/toolbox/test.sh diff --git a/docs/releases.rst b/docs/releases.rst index 099a066b1e..3fb92a6c80 100644 --- a/docs/releases.rst +++ b/docs/releases.rst @@ -28,6 +28,11 @@ contrast to the :ref:`/spec/core/contact` key, this field is not supposed to be updated and can be useful when trying to track down the original author for consultation. +The ``container`` executor now works in `Fedora Toolbx`__ when Podman is run +using ``flatpak-spawn --host`` on the host system. + +__ https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox/ + tmt-1.41.0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/tests/provision/container/toolbox/main.fmf b/tests/provision/container/toolbox/main.fmf new file mode 100644 index 0000000000..8760e96c76 --- /dev/null +++ b/tests/provision/container/toolbox/main.fmf @@ -0,0 +1,11 @@ +summary: Test container provisioner in toolbox +description: + Make sure that container provisioner works well + in a toolbox container. +require: + - toolbox +tag+: + - provision-only + - provision-container +require+: + - toolbox diff --git a/tests/provision/container/toolbox/podman_wrapper b/tests/provision/container/toolbox/podman_wrapper new file mode 100755 index 0000000000..a1792117bf --- /dev/null +++ b/tests/provision/container/toolbox/podman_wrapper @@ -0,0 +1,2 @@ +#!/bin/bash +flatpak-spawn --host podman "$@" diff --git a/tests/provision/container/toolbox/test.sh b/tests/provision/container/toolbox/test.sh new file mode 100755 index 0000000000..791c1d1a9a --- /dev/null +++ b/tests/provision/container/toolbox/test.sh @@ -0,0 +1,71 @@ +#!/bin/bash +. /usr/share/beakerlib/beakerlib.sh || exit 1 + +rlJournalStart + rlPhaseStartSetup + rlRun "toolbox_container_name=\$(uuidgen)" 0 "Generate toolbox container name" + rlPhaseEnd + + rlPhaseStartTest "Create toolbox container" + rlRun "toolbox create -y $toolbox_container_name" + rlPhaseEnd + + toolbox_run() { + local command="toolbox run --container $toolbox_container_name $*" + echo "Command: $command" + eval "$command" + } + + # https://packit.dev/docs/configuration/upstream/tests#environment-variables + if env | grep -q PACKIT_COPR_PROJECT; then + rlPhaseStartTest "Packit execution: Install tmt in from copr repository" + TMT_COMMAND=tmt + + rlRun "type toolbox_run" + + # Install tmt from the copr repository, we need only the container provisioner + rlRun "toolbox_run sudo dnf -y install dnf-plugins-core" + rlRun "toolbox_run sudo dnf -y copr enable $PACKIT_COPR_PROJECT" + rlRun "toolbox_run sudo dnf -y install tmt-provision-container" + rlPhaseEnd + else + rlPhaseStartTest "Local execution: install tmt via hatch" + TOOLBOX_TREE="/var/tmp/tree" + TMT_COMMAND="env -C ${TOOLBOX_TREE} hatch -e dev run env -C /tmp tmt" + rlRun "type toolbox_run" + + # install all dependencies needed for hatch installation + rlRun "toolbox_run sudo dnf -y install gcc hatch krb5-devel libpq-devel libvirt-devel python-devel" + + # if running in toolbox, we will copy TMT_TREE from the toolbox container + if [ -e "/run/.toolboxenv" ]; then + COPY_FROM="$(grep name= /run/.containerenv | sed 's/name="\(.*\)"/\1/'):" + fi + + # get tmt project root directory + TMT_TREE=$(git rev-parse --show-toplevel) + + # copy tmt project into the toolbox container + rlRun "podman cp ${COPY_FROM}${TMT_TREE} $toolbox_container_name:${TOOLBOX_TREE}" + rlPhaseEnd + fi + + rlPhaseStartTest "Print tmt version installed in toolbox" + rlRun "toolbox_run $TMT_COMMAND --version" + rlPhaseEnd + + rlPhaseStartTest "Add podman wrapper" + rlRun "podman cp podman_wrapper $toolbox_container_name:/usr/bin/podman" + rlRun "toolbox_run podman --version" + rlPhaseEnd + + rlPhaseStartTest "Verify container provisioner works from toolbox" + rlRun RUNID="$(mktemp -u)" + rlRun -s "toolbox_run env -C /tmp ${TMT_COMMAND} run -i ${RUNID} -a -vvv provision -h container -i fedora execute -h tmt -s \\\"echo hello from container\\\"" + rlAssertGrep "content: hello from container" $rlRun_LOG + rlPhaseEnd + + rlPhaseStartCleanup + rlRun "toolbox rm -f $toolbox_container_name" 0 "Remove toolbox container" + rlPhaseEnd +rlJournalEnd diff --git a/tmt/steps/provision/__init__.py b/tmt/steps/provision/__init__.py index 3dc92e517a..c35f53a8b4 100644 --- a/tmt/steps/provision/__init__.py +++ b/tmt/steps/provision/__init__.py @@ -329,6 +329,8 @@ class GuestFacts(SerializableContainer): has_selinux: Optional[bool] = None is_superuser: Optional[bool] = None is_ostree: Optional[bool] = None + is_toolbox: Optional[bool] = None + toolbox_container_name: Optional[str] = None #: Various Linux capabilities and whether they are permitted to #: commands executed on this guest. @@ -589,6 +591,47 @@ def _query_is_ostree(self, guest: 'Guest') -> Optional[bool]: return output.stdout.strip() == 'yes' + def _query_is_toolbox(self, guest: 'Guest') -> Optional[bool]: + # https://www.reddit.com/r/Fedora/comments/g6flgd/toolbox_specific_environment_variables/ + output = self._execute( + guest, + Command( + tmt.utils.DEFAULT_SHELL, + '-c', + 'if [ -e /run/.toolboxenv ]; then echo yes; else echo no; fi')) + + if output is None or output.stdout is None: + return None + + return output.stdout.strip() == 'yes' + + def _query_toolbox_container_name(self, guest: 'Guest') -> Optional[str]: + output = self._execute( + guest, + Command( + tmt.utils.DEFAULT_SHELL, + '-c', + 'if [ -e /run/.containerenv ]; then echo yes; else echo no; fi')) + + if output is None or output.stdout is None: + return None + + if output.stdout.strip() == 'no': + return None + + output = self._execute( + guest, + Command('cat', '/run/.containerenv')) + + if output is None or output.stdout is None: + return None + + for line in output.stdout.splitlines(): + if line.startswith('name="'): + return line[6:-1] + + return None + def _query_capabilities(self, guest: 'Guest') -> dict[GuestCapability, bool]: # TODO: there must be a canonical way of getting permitted capabilities. # For now, we're interested in whether we can access kernel message buffer. @@ -610,6 +653,8 @@ def sync(self, guest: 'Guest') -> None: self.has_selinux = self._query_has_selinux(guest) self.is_superuser = self._query_is_superuser(guest) self.is_ostree = self._query_is_ostree(guest) + self.is_toolbox = self._query_is_toolbox(guest) + self.toolbox_container_name = self._query_toolbox_container_name(guest) self.capabilities = self._query_capabilities(guest) self.in_sync = True diff --git a/tmt/steps/provision/podman.py b/tmt/steps/provision/podman.py index c5838e794a..ac1b2661ba 100644 --- a/tmt/steps/provision/podman.py +++ b/tmt/steps/provision/podman.py @@ -382,10 +382,22 @@ def push( self._run_guest_command(Command( "chcon", "--recursive", "--type=container_file_t", self.parent.plan.workdir ), shell=False, silent=True) + # In case explicit destination is given, use `podman cp` to copy data - # to the container + # to the container. If running in toolbox, make sure to copy from the toolbox + # container instead of localhost. if source and destination: - self.podman(Command("cp", source, f"{self.container}:{destination}")) + container_name: Optional[str] = None + if self.parent.plan.my_run.runner.facts.is_toolbox: + container_name = self.parent.plan.my_run.runner.facts.toolbox_container_name + self.podman( + Command( + "cp", + f"{container_name}:{source}" + if container_name else source, + f"{self.container}:{destination}" + ) + ) def pull( self, From ed8281a31e6ee2817c03c20e8cdaddfd39a209a9 Mon Sep 17 00:00:00 2001 From: Miroslav Vadkerti Date: Wed, 29 Jan 2025 13:47:01 +0100 Subject: [PATCH 2/7] Fix tests in CI Signed-off-by: Miroslav Vadkerti --- tests/provision/container/toolbox/test.sh | 106 ++++++++++++++++++++-- 1 file changed, 97 insertions(+), 9 deletions(-) diff --git a/tests/provision/container/toolbox/test.sh b/tests/provision/container/toolbox/test.sh index 791c1d1a9a..9130cbb1e1 100755 --- a/tests/provision/container/toolbox/test.sh +++ b/tests/provision/container/toolbox/test.sh @@ -1,21 +1,70 @@ #!/bin/bash . /usr/share/beakerlib/beakerlib.sh || exit 1 +# +# The test works in 3 auto-detected modes: +# +# 1. Run via `tmt` in Packit environment +# +# 2. Run locally, e.g. via `tmt try` +# +# 3. Running directly the test script `./test.sh` as a non-root user +# +# Running toolbox under root user does not work well, so in case of 1. and 2. a separate +# account `toolbox` is created. The user needs to have a working dbus session available, +# so additional steps are taken to activate systemd user session and set required environment +# variables. +# +# In case of 1. the tmt is installed from the copr repository created by Packit. +# +# In case of 2. and 3. we need to install tmt from the sources in the toolbox container. +# For 2. the sources are copied `TMT_TREE` and in case of 3. from the current git repository. +# + rlJournalStart rlPhaseStartSetup rlRun "toolbox_container_name=\$(uuidgen)" 0 "Generate toolbox container name" + + # When running via tmt, we will use a new user to run toolbox + if env | grep -Eq "(PACKIT_COPR_PROJECT|TMT_TREE)"; then + rlRun "toolbox_user=toolbox" 0 "Generate toolbox container name" + fi rlPhaseEnd rlPhaseStartTest "Create toolbox container" - rlRun "toolbox create -y $toolbox_container_name" + # When run via tmt, we will use a test user, toolbox under root does not work well + if env | grep -Eq "(PACKIT_COPR_PROJECT|TMT_TREE)"; then + + # Add a toolbox user + rlRun "useradd $toolbox_user" + rlRun "toolbox_user_id=$(id -u $toolbox_user)" + + # Make sure systemd user session runs for the new user + rlRun "loginctl enable-linger $toolbox_user" + + # Add required environment variables to the user + rlRun "echo export XDG_RUNTIME_DIR=/run/user/$toolbox_user_id >> /home/$toolbox_user/.bashrc" + rlRun "echo export DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/$toolbox_user_id/bus >> /home/$toolbox_user/.bashrc" + + rlRun "sudo -iu $toolbox_user toolbox create -y $toolbox_container_name" + + # When running manually ./test.sh, just create the toolbox, no additional setup needed + else + rlRun "toolbox create -y $toolbox_container_name" + fi rlPhaseEnd toolbox_run() { - local command="toolbox run --container $toolbox_container_name $*" + if [ -n "$toolbox_user" ]; then + local command="sudo -iu $toolbox_user toolbox run --container $toolbox_container_name $*" + else + local command="toolbox run --container $toolbox_container_name $*" + fi echo "Command: $command" eval "$command" } + # Execution in Packit via tmt # https://packit.dev/docs/configuration/upstream/tests#environment-variables if env | grep -q PACKIT_COPR_PROJECT; then rlPhaseStartTest "Packit execution: Install tmt in from copr repository" @@ -26,26 +75,53 @@ rlJournalStart # Install tmt from the copr repository, we need only the container provisioner rlRun "toolbox_run sudo dnf -y install dnf-plugins-core" rlRun "toolbox_run sudo dnf -y copr enable $PACKIT_COPR_PROJECT" - rlRun "toolbox_run sudo dnf -y install tmt-provision-container" + rlRun "toolbox_run sudo dnf -y install tmt+provision-container" rlPhaseEnd + + # Execution locally via tmt + elif env | grep -q TMT_TREE; then + rlPhaseStartTest "Local execution via tmt: Install tmt from TMT_TREE" + TOOLBOX_TREE="/var/tmp/tree" + TMT_COMMAND="env -C ${TOOLBOX_TREE} hatch -e dev run env -C /tmp tmt" + + rlRun "type toolbox_run" + + # Install all dependencies needed for hatch installation + rlRun "toolbox_run sudo dnf -y install git gcc hatch krb5-devel libpq-devel libvirt-devel python-devel" + + # Create a copy of the tmt tree, to mitigate possible permission issues + rlRun "cp -Rf ${TMT_TREE} ${TOOLBOX_TREE}" + + # Copy tmt project into the toolbox container + rlRun "sudo -iu ${toolbox_user} podman cp ${TOOLBOX_TREE} $toolbox_container_name:${TOOLBOX_TREE}" + + # Fix permissions for the toolbox user + rlRun "toolbox_run sudo chown -Rf ${toolbox_user}:${toolbox_user} ${TOOLBOX_TREE}" + + # Initialize git in tmt tree, it is required for development installation + # and the tmt tree is not a git repository. + rlRun "toolbox_run git -C ${TOOLBOX_TREE} init" + rlPhaseEnd + + # Execution locally via ./test.sh else rlPhaseStartTest "Local execution: install tmt via hatch" TOOLBOX_TREE="/var/tmp/tree" TMT_COMMAND="env -C ${TOOLBOX_TREE} hatch -e dev run env -C /tmp tmt" rlRun "type toolbox_run" - # install all dependencies needed for hatch installation + # Install all dependencies needed for hatch installation rlRun "toolbox_run sudo dnf -y install gcc hatch krb5-devel libpq-devel libvirt-devel python-devel" - # if running in toolbox, we will copy TMT_TREE from the toolbox container + # If running in toolbox, we will copy TMT_TREE from the toolbox container if [ -e "/run/.toolboxenv" ]; then COPY_FROM="$(grep name= /run/.containerenv | sed 's/name="\(.*\)"/\1/'):" fi - # get tmt project root directory + # Get tmt project root directory TMT_TREE=$(git rev-parse --show-toplevel) - # copy tmt project into the toolbox container + # Copy tmt project into the toolbox container rlRun "podman cp ${COPY_FROM}${TMT_TREE} $toolbox_container_name:${TOOLBOX_TREE}" rlPhaseEnd fi @@ -55,17 +131,29 @@ rlJournalStart rlPhaseEnd rlPhaseStartTest "Add podman wrapper" - rlRun "podman cp podman_wrapper $toolbox_container_name:/usr/bin/podman" + # Copy the wrapper from the toolbox user, the containers are local to the user. + # Need to use a copy of the wrapper, the TMT_TREE is a volume mount and thus + # it is not accessible to the toolbox user. + if [ -n "${toolbox_user}" ]; then + rlRun "cp podman_wrapper /tmp/podman_wrapper" + rlRun "sudo -iu ${toolbox_user} podman cp /tmp/podman_wrapper $toolbox_container_name:/usr/bin/podman" + # No dedicated user for toolbox, copy it directly + else + rlRun "podman cp podman_wrapper $toolbox_container_name:/usr/bin/podman" + fi rlRun "toolbox_run podman --version" rlPhaseEnd rlPhaseStartTest "Verify container provisioner works from toolbox" rlRun RUNID="$(mktemp -u)" - rlRun -s "toolbox_run env -C /tmp ${TMT_COMMAND} run -i ${RUNID} -a -vvv provision -h container -i fedora execute -h tmt -s \\\"echo hello from container\\\"" + rlRun -s "toolbox_run env -C /tmp ${TMT_COMMAND} run -i ${RUNID} -a -vvv provision -h container -i registry.fedoraproject.org/fedora:latest execute -h tmt -s \\\"echo hello from container\\\"" rlAssertGrep "content: hello from container" $rlRun_LOG rlPhaseEnd rlPhaseStartCleanup rlRun "toolbox rm -f $toolbox_container_name" 0 "Remove toolbox container" + if [ -n "$toolbox_user" ]; then + rlRun "userdel -rf toolbox" + fi rlPhaseEnd rlJournalEnd From 35b1540c98533948b68f5042d85c14002534dac4 Mon Sep 17 00:00:00 2001 From: Miroslav Vadkerti Date: Wed, 29 Jan 2025 15:55:03 +0100 Subject: [PATCH 3/7] Simplify the test, use make develop to install additional deps Signed-off-by: Miroslav Vadkerti --- tests/provision/container/toolbox/main.fmf | 7 +- tests/provision/container/toolbox/test.sh | 149 +++++---------------- 2 files changed, 42 insertions(+), 114 deletions(-) diff --git a/tests/provision/container/toolbox/main.fmf b/tests/provision/container/toolbox/main.fmf index 8760e96c76..39145d9634 100644 --- a/tests/provision/container/toolbox/main.fmf +++ b/tests/provision/container/toolbox/main.fmf @@ -1,7 +1,10 @@ summary: Test container provisioner in toolbox description: - Make sure that container provisioner works well - in a toolbox container. + Verify that container provisioner works well when tmt is run from + a toolbox container and podman is run on the host system using + `flatpak-spawn --host`. This is a common setup used in Fedora + Silverblue. + require: - toolbox tag+: diff --git a/tests/provision/container/toolbox/test.sh b/tests/provision/container/toolbox/test.sh index 9130cbb1e1..087ba7a62d 100755 --- a/tests/provision/container/toolbox/test.sh +++ b/tests/provision/container/toolbox/test.sh @@ -1,130 +1,62 @@ #!/bin/bash . /usr/share/beakerlib/beakerlib.sh || exit 1 -# -# The test works in 3 auto-detected modes: -# -# 1. Run via `tmt` in Packit environment -# -# 2. Run locally, e.g. via `tmt try` -# -# 3. Running directly the test script `./test.sh` as a non-root user -# -# Running toolbox under root user does not work well, so in case of 1. and 2. a separate -# account `toolbox` is created. The user needs to have a working dbus session available, -# so additional steps are taken to activate systemd user session and set required environment -# variables. -# -# In case of 1. the tmt is installed from the copr repository created by Packit. -# -# In case of 2. and 3. we need to install tmt from the sources in the toolbox container. -# For 2. the sources are copied `TMT_TREE` and in case of 3. from the current git repository. -# +# Use `tmt try` to run this test locally, running directly the script will not work. rlJournalStart rlPhaseStartSetup rlRun "toolbox_container_name=\$(uuidgen)" 0 "Generate toolbox container name" - - # When running via tmt, we will use a new user to run toolbox - if env | grep -Eq "(PACKIT_COPR_PROJECT|TMT_TREE)"; then - rlRun "toolbox_user=toolbox" 0 "Generate toolbox container name" - fi + rlRun "toolbox_user=toolbox" 0 "Set user for running toolbox" rlPhaseEnd rlPhaseStartTest "Create toolbox container" - # When run via tmt, we will use a test user, toolbox under root does not work well - if env | grep -Eq "(PACKIT_COPR_PROJECT|TMT_TREE)"; then - - # Add a toolbox user - rlRun "useradd $toolbox_user" - rlRun "toolbox_user_id=$(id -u $toolbox_user)" - - # Make sure systemd user session runs for the new user - rlRun "loginctl enable-linger $toolbox_user" + # Add a toolbox user. Running toolbox under root user does not work well, + # so a separate user account is created. + rlRun "useradd $toolbox_user" + rlRun "toolbox_user_id=$(id -u $toolbox_user)" - # Add required environment variables to the user - rlRun "echo export XDG_RUNTIME_DIR=/run/user/$toolbox_user_id >> /home/$toolbox_user/.bashrc" - rlRun "echo export DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/$toolbox_user_id/bus >> /home/$toolbox_user/.bashrc" + # Make sure systemd user session runs for the new user. The user session + # hosts a dbus session, which is required for toolbox. + rlRun "loginctl enable-linger $toolbox_user" - rlRun "sudo -iu $toolbox_user toolbox create -y $toolbox_container_name" + # Add required environment variables for toolbox to the user's environment. + rlRun "echo export XDG_RUNTIME_DIR=/run/user/$toolbox_user_id >> /home/$toolbox_user/.bashrc" + rlRun "echo export DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/$toolbox_user_id/bus >> /home/$toolbox_user/.bashrc" - # When running manually ./test.sh, just create the toolbox, no additional setup needed - else - rlRun "toolbox create -y $toolbox_container_name" - fi + rlRun "sudo -iu $toolbox_user toolbox create -y $toolbox_container_name" rlPhaseEnd toolbox_run() { - if [ -n "$toolbox_user" ]; then - local command="sudo -iu $toolbox_user toolbox run --container $toolbox_container_name $*" - else - local command="toolbox run --container $toolbox_container_name $*" - fi - echo "Command: $command" - eval "$command" + local command="sudo -iu $toolbox_user toolbox run --container $toolbox_container_name $*" + echo "Command: $command" + eval "$command" } - # Execution in Packit via tmt - # https://packit.dev/docs/configuration/upstream/tests#environment-variables - if env | grep -q PACKIT_COPR_PROJECT; then - rlPhaseStartTest "Packit execution: Install tmt in from copr repository" - TMT_COMMAND=tmt - - rlRun "type toolbox_run" - - # Install tmt from the copr repository, we need only the container provisioner - rlRun "toolbox_run sudo dnf -y install dnf-plugins-core" - rlRun "toolbox_run sudo dnf -y copr enable $PACKIT_COPR_PROJECT" - rlRun "toolbox_run sudo dnf -y install tmt+provision-container" - rlPhaseEnd - - # Execution locally via tmt - elif env | grep -q TMT_TREE; then - rlPhaseStartTest "Local execution via tmt: Install tmt from TMT_TREE" - TOOLBOX_TREE="/var/tmp/tree" - TMT_COMMAND="env -C ${TOOLBOX_TREE} hatch -e dev run env -C /tmp tmt" + rlPhaseStartTest "Local execution via tmt: Install tmt from TMT_TREE" + TOOLBOX_TREE="/var/tmp/tree" + TMT_COMMAND="env -C ${TOOLBOX_TREE} hatch -e dev run env -C /tmp tmt" - rlRun "type toolbox_run" + rlRun "type toolbox_run" - # Install all dependencies needed for hatch installation - rlRun "toolbox_run sudo dnf -y install git gcc hatch krb5-devel libpq-devel libvirt-devel python-devel" + # Install make and hatch + rlRun "toolbox_run sudo dnf -y make hatch" - # Create a copy of the tmt tree, to mitigate possible permission issues - rlRun "cp -Rf ${TMT_TREE} ${TOOLBOX_TREE}" + # Create a copy of the tmt tree, to mitigate possible permission issues + rlRun "cp -Rf ${TMT_TREE} ${TOOLBOX_TREE}" - # Copy tmt project into the toolbox container - rlRun "sudo -iu ${toolbox_user} podman cp ${TOOLBOX_TREE} $toolbox_container_name:${TOOLBOX_TREE}" + # Copy tmt project into the toolbox container + rlRun "sudo -iu ${toolbox_user} podman cp ${TOOLBOX_TREE} $toolbox_container_name:${TOOLBOX_TREE}" - # Fix permissions for the toolbox user - rlRun "toolbox_run sudo chown -Rf ${toolbox_user}:${toolbox_user} ${TOOLBOX_TREE}" + # Fix permissions for the toolbox user + rlRun "toolbox_run sudo chown -Rf ${toolbox_user}:${toolbox_user} ${TOOLBOX_TREE}" - # Initialize git in tmt tree, it is required for development installation - # and the tmt tree is not a git repository. - rlRun "toolbox_run git -C ${TOOLBOX_TREE} init" - rlPhaseEnd + # Initialize git in tmt tree, it is required for development installation + # and the tmt tree is not a git repository. + rlRun "toolbox_run git -C ${TOOLBOX_TREE} init" - # Execution locally via ./test.sh - else - rlPhaseStartTest "Local execution: install tmt via hatch" - TOOLBOX_TREE="/var/tmp/tree" - TMT_COMMAND="env -C ${TOOLBOX_TREE} hatch -e dev run env -C /tmp tmt" - rlRun "type toolbox_run" - - # Install all dependencies needed for hatch installation - rlRun "toolbox_run sudo dnf -y install gcc hatch krb5-devel libpq-devel libvirt-devel python-devel" - - # If running in toolbox, we will copy TMT_TREE from the toolbox container - if [ -e "/run/.toolboxenv" ]; then - COPY_FROM="$(grep name= /run/.containerenv | sed 's/name="\(.*\)"/\1/'):" - fi - - # Get tmt project root directory - TMT_TREE=$(git rev-parse --show-toplevel) - - # Copy tmt project into the toolbox container - rlRun "podman cp ${COPY_FROM}${TMT_TREE} $toolbox_container_name:${TOOLBOX_TREE}" - rlPhaseEnd - fi + # Install additional development dependencies + rlRun "toolbox_run make -C ${TOOLBOX_TREE} develop" + rlPhaseEnd rlPhaseStartTest "Print tmt version installed in toolbox" rlRun "toolbox_run $TMT_COMMAND --version" @@ -134,13 +66,8 @@ rlJournalStart # Copy the wrapper from the toolbox user, the containers are local to the user. # Need to use a copy of the wrapper, the TMT_TREE is a volume mount and thus # it is not accessible to the toolbox user. - if [ -n "${toolbox_user}" ]; then - rlRun "cp podman_wrapper /tmp/podman_wrapper" - rlRun "sudo -iu ${toolbox_user} podman cp /tmp/podman_wrapper $toolbox_container_name:/usr/bin/podman" - # No dedicated user for toolbox, copy it directly - else - rlRun "podman cp podman_wrapper $toolbox_container_name:/usr/bin/podman" - fi + rlRun "cp podman_wrapper /tmp/podman_wrapper" + rlRun "sudo -iu ${toolbox_user} podman cp /tmp/podman_wrapper $toolbox_container_name:/usr/bin/podman" rlRun "toolbox_run podman --version" rlPhaseEnd @@ -152,8 +79,6 @@ rlJournalStart rlPhaseStartCleanup rlRun "toolbox rm -f $toolbox_container_name" 0 "Remove toolbox container" - if [ -n "$toolbox_user" ]; then - rlRun "userdel -rf toolbox" - fi + rlRun "userdel -rf toolbox" rlPhaseEnd rlJournalEnd From 28678ab8bd27f72783587893b5f08a363b20dadb Mon Sep 17 00:00:00 2001 From: Miroslav Vadkerti Date: Wed, 29 Jan 2025 15:58:29 +0100 Subject: [PATCH 4/7] Fix dnf install call Signed-off-by: Miroslav Vadkerti --- tests/provision/container/toolbox/test.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/provision/container/toolbox/test.sh b/tests/provision/container/toolbox/test.sh index 087ba7a62d..a1d7e3a452 100755 --- a/tests/provision/container/toolbox/test.sh +++ b/tests/provision/container/toolbox/test.sh @@ -39,7 +39,7 @@ rlJournalStart rlRun "type toolbox_run" # Install make and hatch - rlRun "toolbox_run sudo dnf -y make hatch" + rlRun "toolbox_run sudo dnf -y install make hatch" # Create a copy of the tmt tree, to mitigate possible permission issues rlRun "cp -Rf ${TMT_TREE} ${TOOLBOX_TREE}" From 4630ce1c45a19042d7d476ad80fc4e124b171f41 Mon Sep 17 00:00:00 2001 From: Miroslav Vadkerti Date: Wed, 29 Jan 2025 20:23:11 +0100 Subject: [PATCH 5/7] Disable on non-Fedora distros, expect avc failures Signed-off-by: Miroslav Vadkerti --- tests/provision/container/toolbox/main.fmf | 9 +++++++++ tests/provision/container/toolbox/test.sh | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/tests/provision/container/toolbox/main.fmf b/tests/provision/container/toolbox/main.fmf index 39145d9634..55574a8cf0 100644 --- a/tests/provision/container/toolbox/main.fmf +++ b/tests/provision/container/toolbox/main.fmf @@ -12,3 +12,12 @@ tag+: - provision-container require+: - toolbox +adjust+: + - enabled: false + when: distro != fedora + because: Setting up toolbox on CS9 with default UBI9 toolbox image is a pain. + - check: + - how: avc + result: xfail + because: | + We are not interested in AVCs for this test due to complicated setup. diff --git a/tests/provision/container/toolbox/test.sh b/tests/provision/container/toolbox/test.sh index a1d7e3a452..b5b9ea61bf 100755 --- a/tests/provision/container/toolbox/test.sh +++ b/tests/provision/container/toolbox/test.sh @@ -23,7 +23,7 @@ rlJournalStart rlRun "echo export XDG_RUNTIME_DIR=/run/user/$toolbox_user_id >> /home/$toolbox_user/.bashrc" rlRun "echo export DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/$toolbox_user_id/bus >> /home/$toolbox_user/.bashrc" - rlRun "sudo -iu $toolbox_user toolbox create -y $toolbox_container_name" + rlRun "sudo -iu $toolbox_user toolbox create -i ${TOOLBOX_IMAGE} -y $toolbox_container_name" rlPhaseEnd toolbox_run() { From 59a1b1fc7f3e674909da93195c8618e0caccaa98 Mon Sep 17 00:00:00 2001 From: Miroslav Vadkerti Date: Wed, 29 Jan 2025 20:26:57 +0100 Subject: [PATCH 6/7] Update tests/provision/container/toolbox/test.sh --- tests/provision/container/toolbox/test.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/provision/container/toolbox/test.sh b/tests/provision/container/toolbox/test.sh index b5b9ea61bf..a1d7e3a452 100755 --- a/tests/provision/container/toolbox/test.sh +++ b/tests/provision/container/toolbox/test.sh @@ -23,7 +23,7 @@ rlJournalStart rlRun "echo export XDG_RUNTIME_DIR=/run/user/$toolbox_user_id >> /home/$toolbox_user/.bashrc" rlRun "echo export DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/$toolbox_user_id/bus >> /home/$toolbox_user/.bashrc" - rlRun "sudo -iu $toolbox_user toolbox create -i ${TOOLBOX_IMAGE} -y $toolbox_container_name" + rlRun "sudo -iu $toolbox_user toolbox create -y $toolbox_container_name" rlPhaseEnd toolbox_run() { From 02287e916322fc55acbc2983bba41e6649e25fa4 Mon Sep 17 00:00:00 2001 From: Miroslav Vadkerti Date: Wed, 29 Jan 2025 21:53:12 +0100 Subject: [PATCH 7/7] Ignore AVC only on Fedora-41 and later --- tests/provision/container/toolbox/main.fmf | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/provision/container/toolbox/main.fmf b/tests/provision/container/toolbox/main.fmf index 55574a8cf0..5dc7b4f4f4 100644 --- a/tests/provision/container/toolbox/main.fmf +++ b/tests/provision/container/toolbox/main.fmf @@ -19,5 +19,6 @@ adjust+: - check: - how: avc result: xfail + when: distro >= fedora-41 because: | We are not interested in AVCs for this test due to complicated setup.