From 62712d758904934845ee1ff909d3b60e327c4747 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Wed, 30 Apr 2025 23:57:45 +0200 Subject: [PATCH 1/5] pkg/utils: Style fixes Fallout from the following: * f5bf741f8619348bae79c60cc1da5c95351f2d69 * 2edc30836b2f86a98eb0debf94a4254f6541e47d * 872eba41a9a736e2f4929e0109655530e0645f28 * 8b6418d8aa6b1573a413e084e83bd1f695475406 * b166a1f13fd7dabf29bea7a12eb6cdc52fdbee99 * 0000cb01514f4cd5d4e502137c8975cea60fecc3 https://github.com/containers/toolbox/pull/1677 --- src/pkg/utils/utils.go | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/src/pkg/utils/utils.go b/src/pkg/utils/utils.go index e914f292c..8b859f14b 100644 --- a/src/pkg/utils/utils.go +++ b/src/pkg/utils/utils.go @@ -295,7 +295,6 @@ func ForwardToHost() (int, error) { // https://github.com/containers/libpod/tree/master/pkg/cgroups func GetCgroupsVersion() (int, error) { var st syscall.Statfs_t - if err := syscall.Statfs("/sys/fs/cgroup", &st); err != nil { return -1, err } @@ -477,7 +476,6 @@ func GetInitializedStamp(entryPointPID int, targetUser *user.User) (string, erro // GetMountPoint returns the mount point of a target. func GetMountPoint(target string) (string, error) { var stdout strings.Builder - if err := shell.Run("df", nil, &stdout, nil, "--output=target", target); err != nil { return "", err } @@ -503,7 +501,6 @@ func GetMountOptions(target string) (string, error) { output := stdout.String() options := strings.Split(output, "\n") - mountOptions := strings.TrimSpace(options[0]) return mountOptions, nil } @@ -579,6 +576,7 @@ func GetSupportedDistros() []string { for d := range supportedDistros { distros = append(distros, d) } + return distros } @@ -596,12 +594,12 @@ func ImageReferenceCanBeID(image string) bool { if err != nil { panic("regular expression for ID reference matching is invalid") } + return matched } func ImageReferenceGetBasename(image string) string { var i int - if ImageReferenceHasDomain(image) { i = strings.IndexRune(image, '/') } @@ -629,7 +627,6 @@ func ImageReferenceGetDomain(image string) string { func ImageReferenceGetTag(image string) string { var i int - if ImageReferenceHasDomain(image) { i = strings.IndexRune(image, '/') } From fb43d3e06e2d70fe2d2c44bcb58c3bed331a5575 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Fri, 4 Jul 2025 21:03:24 +0200 Subject: [PATCH 2/5] pkg/utils: Remove unused functions Fallout from d323143c468e5e59dba4d209a4e4767d88dfc19e https://github.com/containers/toolbox/pull/1677 --- src/pkg/utils/utils.go | 32 -------------------------------- 1 file changed, 32 deletions(-) diff --git a/src/pkg/utils/utils.go b/src/pkg/utils/utils.go index 8b859f14b..a80cea436 100644 --- a/src/pkg/utils/utils.go +++ b/src/pkg/utils/utils.go @@ -473,38 +473,6 @@ func GetInitializedStamp(entryPointPID int, targetUser *user.User) (string, erro return initializedStamp, nil } -// GetMountPoint returns the mount point of a target. -func GetMountPoint(target string) (string, error) { - var stdout strings.Builder - if err := shell.Run("df", nil, &stdout, nil, "--output=target", target); err != nil { - return "", err - } - - output := stdout.String() - options := strings.Split(output, "\n") - if len(options) != 3 { - return "", errors.New("unexpected output from df(1)") - } - - mountPoint := strings.TrimSpace(options[1]) - return mountPoint, nil -} - -// GetMountOptions returns the mount options of a target. -func GetMountOptions(target string) (string, error) { - var stdout strings.Builder - findMntArgs := []string{"--noheadings", "--output", "OPTIONS", target} - - if err := shell.Run("findmnt", nil, &stdout, nil, findMntArgs...); err != nil { - return "", err - } - - output := stdout.String() - options := strings.Split(output, "\n") - mountOptions := strings.TrimSpace(options[0]) - return mountOptions, nil -} - func GetP11KitServerSocket(targetUser *user.User) (string, error) { toolbxRuntimeDirectory, err := GetRuntimeDirectory(targetUser) if err != nil { From 2099190211ad3362857f1f0c70cdac8b9ce9da27 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Fri, 4 Jul 2025 21:25:35 +0200 Subject: [PATCH 3/5] playbooks: Use the same commands as mentioned in the documentation ... at https://containertoolbx.org/install/ This should have been part of commit df22010e4f6098cf. https://github.com/containers/toolbox/pull/1678 --- playbooks/setup-env-migration-path-for-coreos-toolbox.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/playbooks/setup-env-migration-path-for-coreos-toolbox.yaml b/playbooks/setup-env-migration-path-for-coreos-toolbox.yaml index 6fe33129e..3fad2fb0d 100644 --- a/playbooks/setup-env-migration-path-for-coreos-toolbox.yaml +++ b/playbooks/setup-env-migration-path-for-coreos-toolbox.yaml @@ -1,5 +1,5 @@ # -# Copyright © 2022 – 2024 Red Hat, Inc. +# Copyright © 2022 – 2025 Red Hat, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,6 +20,6 @@ - include_tasks: dependencies-centos-9-stream.yaml - name: Set up build directory - command: meson -Dmigration_path_for_coreos_toolbox=true builddir + command: meson setup -Dmigration_path_for_coreos_toolbox=true builddir args: chdir: '{{ zuul.project.src_dir }}' From fdce5e4f52204ab13b70f4cf6e0b8b5f5155f662 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Tue, 13 May 2025 01:04:34 +0200 Subject: [PATCH 4/5] Isolate the host's XDG_RUNTIME_DIR from the system tests XDG_RUNTIME_DIR is needed for two groups of reasons when Toolbx is used rootless. First, it's important for toolbox(1) itself to work rootless because it needs to place several files: * The 'lock' file to synchronize Podman migrations. * The initialization stamp file to synchronize the container's entry point with the user-facing 'enter' and 'run' commands running on the host operating system. * The generated Container Device Interface specification. These files need to be separate for the toolbox(1) processes run by the system tests, those run by the user for 'normal' use, and concurrent invocations of the tests. Therefore, it's better to use a custom XDG_RUNTIME_DIR that's within the sandbox offered by Bats [1]. The sandbox is clearly labelled as being used by Bats, is unique for each invocation, and Bats takes care of cleaning everything up once it has finished running. Note that XDG_RUNTIME_DIR's Unix access mode MUST be 0700 [2]. eg., Ubuntu 22.04 and 24.04 Desktop have a umask of 0002, and if an access mode is not explicitly specified, XDG_RUNTIME_DIR will be created with 0775. That will cause dbus-daemon(1) to fail with: Unable to set up transient service directory: XDG_RUNTIME_DIR "/var/tmp/bats-run-4XQL6i/suite/xdg-runtime-dir" can be written by others (mode 040775) Second, XDG_RUNTIME_DIR is used to propagate things like the user D-Bus, Pipewire and Wayland sockets from the host to the container. These don't need to be separated. However, if a custom XDG_RUNTIME_DIR is used then those sockets that are used by the system tests, such as the user D-Bus socket, have to be replicated. Therefore, a custom D-Bus instance is run to offer the user D-Bus socket with a configuration similar to that of the host OS. The dbus-daemon(1) implementation is used for the sake of simplicity. It creates the socket itself based on the configuration, unlike dbus-broker-launch(1) where the socket must be separately created and passed to it by its parent. However, Podman can't use systemd as the cgroups manager with this D-Bus instance, as the bus wasn't started by the user systemd instance. So, a custom containers.conf(5) is used to change the cgroups manager to cgroupfs. The only other options in the containers.conf(5) are those that are common across Fedora 41 and 42, and Ubuntu 22.04 and 24.04. [1] https://bats-core.readthedocs.io/en/stable/writing-tests.html [2] https://specifications.freedesktop.org/basedir-spec/latest/ https://github.com/containers/toolbox/pull/1652 --- .github/workflows/ubuntu-tests.yaml | 1 + meson.build | 1 + playbooks/dependencies-centos-9-stream.yaml | 3 +- playbooks/dependencies-fedora-restricted.yaml | 9 ++++++ playbooks/dependencies-fedora.yaml | 3 +- test/system/config/containers.conf | 23 +++++++++++++++ test/system/config/dbus-session.conf | 29 +++++++++++++++++++ test/system/libs/helpers.bash | 10 ++++++- test/system/setup_suite.bash | 7 +++++ 9 files changed, 83 insertions(+), 3 deletions(-) create mode 100644 test/system/config/containers.conf create mode 100644 test/system/config/dbus-session.conf diff --git a/.github/workflows/ubuntu-tests.yaml b/.github/workflows/ubuntu-tests.yaml index 35526be77..71a96c3f7 100644 --- a/.github/workflows/ubuntu-tests.yaml +++ b/.github/workflows/ubuntu-tests.yaml @@ -41,6 +41,7 @@ jobs: apache2-utils \ bash-completion \ codespell \ + dbus \ fish \ flatpak \ gcc \ diff --git a/meson.build b/meson.build index 8f0986b8d..d97730cd6 100644 --- a/meson.build +++ b/meson.build @@ -21,6 +21,7 @@ go_md2man = find_program('go-md2man') bats = find_program('bats', required: false) codespell = find_program('codespell', required: false) +dbus_daemon = find_program('dbus-daemon', required: false) htpasswd = find_program('htpasswd', required: false) openssl = find_program('openssl', required: false) diff --git a/playbooks/dependencies-centos-9-stream.yaml b/playbooks/dependencies-centos-9-stream.yaml index 1c6dd3c18..f06858629 100644 --- a/playbooks/dependencies-centos-9-stream.yaml +++ b/playbooks/dependencies-centos-9-stream.yaml @@ -2,6 +2,7 @@ become: yes package: name: + - dbus-daemon - flatpak-session-helper - gcc - golang @@ -61,7 +62,7 @@ chdir: '{{ zuul.project.src_dir }}' - name: Check versions of crucial packages - command: rpm -qa ShellCheck bash bash-completion bats codespell *kernel* gcc *glibc* golang golang-github-cpuguy83-md2man shadow-utils-subid-devel podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo + command: rpm -qa ShellCheck bash bash-completion bats codespell dbus-daemon *kernel* gcc *glibc* golang golang-github-cpuguy83-md2man shadow-utils-subid-devel podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo - name: Show podman versions command: podman version diff --git a/playbooks/dependencies-fedora-restricted.yaml b/playbooks/dependencies-fedora-restricted.yaml index 4456941df..4a7d62b76 100644 --- a/playbooks/dependencies-fedora-restricted.yaml +++ b/playbooks/dependencies-fedora-restricted.yaml @@ -47,6 +47,15 @@ update_cache: "{{ true if zuul.attempts > 1 else false }}" use: "{{ 'dnf' if zuul.attempts > 1 else 'auto' }}" +- name: Ensure that dbus-daemon(1) is absent + become: yes + package: + name: + - dbus-daemon + state: absent + update_cache: "{{ true if zuul.attempts > 1 else false }}" + use: "{{ 'dnf' if zuul.attempts > 1 else 'auto' }}" + - name: Ensure that 'p11-kit server' is absent become: yes package: diff --git a/playbooks/dependencies-fedora.yaml b/playbooks/dependencies-fedora.yaml index 9e542f537..59915ae94 100644 --- a/playbooks/dependencies-fedora.yaml +++ b/playbooks/dependencies-fedora.yaml @@ -22,6 +22,7 @@ - ShellCheck - bats - codespell + - dbus-daemon - fish - flatpak-session-helper - gcc @@ -64,7 +65,7 @@ chdir: '{{ zuul.project.src_dir }}' - name: Check versions of crucial packages - command: rpm -qa ShellCheck bash bash-completion bats codespell *kernel* gcc *glibc* shadow-utils-subid-devel golang golang-github-cpuguy83-md2man podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo + command: rpm -qa ShellCheck bash bash-completion bats codespell dbus-daemon *kernel* gcc *glibc* shadow-utils-subid-devel golang golang-github-cpuguy83-md2man podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo - name: Show podman versions command: podman version diff --git a/test/system/config/containers.conf b/test/system/config/containers.conf new file mode 100644 index 000000000..17431c9b7 --- /dev/null +++ b/test/system/config/containers.conf @@ -0,0 +1,23 @@ +# +# Copyright © 2025 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +[containers] +default_sysctls = [ + "net.ipv4.ping_group_range=0 0", +] + +[engine] +cgroup_manager = "cgroupfs" diff --git a/test/system/config/dbus-session.conf b/test/system/config/dbus-session.conf new file mode 100644 index 000000000..7fd165bb1 --- /dev/null +++ b/test/system/config/dbus-session.conf @@ -0,0 +1,29 @@ + + + + + + unix:runtime=yes + + + + + + + session + diff --git a/test/system/libs/helpers.bash b/test/system/libs/helpers.bash index 33b42eaf6..b0ef464fc 100644 --- a/test/system/libs/helpers.bash +++ b/test/system/libs/helpers.bash @@ -15,15 +15,21 @@ export XDG_CONFIG_HOME readonly XDG_DATA_HOME="$HOME/.local/share" export XDG_DATA_HOME -readonly XDG_RUNTIME_DIR="${XDG_RUNTIME_DIR:-/run/user/$UID}" +readonly XDG_RUNTIME_DIR="$BATS_SUITE_TMPDIR/xdg-runtime-dir" export XDG_RUNTIME_DIR readonly XDG_STATE_HOME="$HOME/.local/state" export XDG_STATE_HOME +readonly CONTAINERS_CONF="$BATS_TEST_DIRNAME/config/containers.conf" +export CONTAINERS_CONF + readonly CONTAINERS_STORAGE_CONF="$XDG_CONFIG_HOME/containers/storage.conf" export CONTAINERS_STORAGE_CONF +readonly DBUS_SESSION_BUS_ADDRESS="unix:path=$XDG_RUNTIME_DIR/bus" +export DBUS_SESSION_BUS_ADDRESS + # Helpful globals readonly IMAGE_CACHE_DIR="$BATS_SUITE_TMPDIR/image-cache" readonly TOOLBX_ROOTLESS_STORAGE_PATH="$XDG_DATA_HOME/containers/storage" @@ -57,6 +63,8 @@ function cleanup_all() { function _setup_environment() { # shellcheck disable=SC2174 mkdir --mode 700 --parents "$HOME" + mkdir --mode 0700 --parents "$XDG_RUNTIME_DIR" + _setup_containers_storage } diff --git a/test/system/setup_suite.bash b/test/system/setup_suite.bash index f564f7ecb..c73685005 100644 --- a/test/system/setup_suite.bash +++ b/test/system/setup_suite.bash @@ -15,6 +15,7 @@ # limitations under the License. # +dbus_daemon_pid=0 missing_dependencies=false if [ -f "$BATS_TEST_DIRNAME/libs/bats-assert/load.bash" ] && [ -f "$BATS_TEST_DIRNAME/libs/bats-support/load.bash" ]; then @@ -40,6 +41,7 @@ setup_suite() { system_version="$(get_system_version)" _setup_environment + dbus_daemon_pid="$(dbus-daemon --config-file "$BATS_TEST_DIRNAME/config/dbus-session.conf" --print-pid)" if echo "$TOOLBX_TEST_SYSTEM_TAGS" | grep "arch" >/dev/null 2>/dev/null; then _pull_and_cache_distro_image arch latest || false @@ -79,6 +81,11 @@ teardown_suite() { return 0 fi + if [ "$dbus_daemon_pid" != 0 ]; then + kill -s SIGTERM "$dbus_daemon_pid" + dbus_daemon_pid=0 + fi + if echo "$TOOLBX_TEST_SYSTEM_TAGS" | grep "commands-options" >/dev/null 2>/dev/null; then _clean_docker_registry fi From 1c616f04bf5891d115615077c2e190a06404a49b Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Sat, 31 May 2025 02:08:39 +0200 Subject: [PATCH 5/5] debug --- test/system/203-network.bats | 2 +- test/system/libs/helpers.bash | 27 +++++++++++++++++++++++++-- test/system/setup_suite.bash | 8 ++++---- 3 files changed, 30 insertions(+), 7 deletions(-) diff --git a/test/system/203-network.bats b/test/system/203-network.bats index bcba97596..13c23c94a 100644 --- a/test/system/203-network.bats +++ b/test/system/203-network.bats @@ -35,7 +35,7 @@ readonly RESOLVER_SH='resolvectl --legend false --no-pager --type "$0" query "$1 setup_file() { bats_require_minimum_version 1.10.0 - cleanup_all + # cleanup_all pushd "$HOME" || return 1 if echo "$TOOLBX_TEST_SYSTEM_TAGS" | grep "arch" >/dev/null 2>/dev/null; then diff --git a/test/system/libs/helpers.bash b/test/system/libs/helpers.bash index b0ef464fc..3820f045c 100644 --- a/test/system/libs/helpers.bash +++ b/test/system/libs/helpers.bash @@ -55,8 +55,31 @@ declare -Ag IMAGES=([arch]="quay.io/toolbx/arch-toolbox" \ function cleanup_all() { - podman rm --all --force >/dev/null - podman rmi --all --force >/dev/null + ctr_id="$(podman ps --all --format "{{ .ID }}" --no-trunc | head --lines 1)" + cat "$XDG_RUNTIME_DIR/crun/$ctr_id/status" + echo "Container to kill: $ctr_id" + if [ "$ctr_id" != "" ]; then + crun --debug --log-level=debug kill --all "$ctr_id" 15 + echo "Container to kill: crun: $?" + fi + + ctr_id="$(podman ps --all --format "{{ .ID }}" --no-trunc | head --lines 2 | tail --lines 1)" + echo "Container to kill: $ctr_id" + if [ "$ctr_id" != "" ]; then + crun --debug --log-level=debug kill --all "$ctr_id" 15 + echo "Container to kill: crun: $?" + fi + + ctr_id="$(podman ps --all --format "{{ .ID }}" --no-trunc | head --lines 3 | tail --lines 1)" + echo "Container to kill: $ctr_id" + if [ "$ctr_id" != "" ]; then + crun --debug --log-level=debug kill --all "$ctr_id" 15 + echo "Container to kill: crun: $?" + fi + + podman --log-level debug stop --all + podman rm --all + podman rmi --all } diff --git a/test/system/setup_suite.bash b/test/system/setup_suite.bash index c73685005..423d4dc76 100644 --- a/test/system/setup_suite.bash +++ b/test/system/setup_suite.bash @@ -69,7 +69,7 @@ setup_suite() { _pull_and_cache_distro_image fedora "$((system_version-2))" || false fi - _setup_docker_registry + # _setup_docker_registry fi } @@ -86,9 +86,9 @@ teardown_suite() { dbus_daemon_pid=0 fi - if echo "$TOOLBX_TEST_SYSTEM_TAGS" | grep "commands-options" >/dev/null 2>/dev/null; then - _clean_docker_registry - fi + # if echo "$TOOLBX_TEST_SYSTEM_TAGS" | grep "commands-options" >/dev/null 2>/dev/null; then + # _clean_docker_registry + # fi podman system reset --force >/dev/null }