Skip to content

[rhaos-maint] Manual Backports #357

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
Feb 26, 2025
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 8 additions & 4 deletions .packit.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -46,24 +46,28 @@ jobs:
enable_net: true
# container-selinux is noarch so we only need to test on one arch
targets: &fedora_copr_targets
- fedora-all
- fedora-all-x86_64
- fedora-all-aarch64

- job: copr_build
trigger: pull_request
packages: [container-selinux-eln]
notifications: *copr_build_failure_notification
enable_net: true
targets:
- fedora-eln
- fedora-eln-x86_64
- fedora-eln-aarch64

- job: copr_build
trigger: pull_request
packages: [container-selinux-centos]
notifications: *copr_build_failure_notification
enable_net: true
targets: &centos_copr_targets
- centos-stream-9
- centos-stream-10
- centos-stream-9-x86_64
- centos-stream-9-aarch64
- centos-stream-10-x86_64
- centos-stream-10-aarch64

# Run on commit to main branch
# Build targets managed in copr settings
Expand Down
6 changes: 6 additions & 0 deletions OWNERS
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
approvers:
- haircommander
- lsm5
- rhatdan
- wrabcak
- zpytela
1 change: 1 addition & 0 deletions container.fc
Original file line number Diff line number Diff line change
Expand Up @@ -143,6 +143,7 @@ HOME_DIR/\.local/share/containers/storage/volumes/[^/]*/.* gen_context(system_u:
/var/lib/docker-latest/overlay2(/.*)? gen_context(system_u:object_r:container_ro_file_t,s0)

/var/lib/cni(/.*)? gen_context(system_u:object_r:container_var_lib_t,s0)
/var/lib/crio(/.*)? gen_context(system_u:object_r:container_var_lib_t,s0)
/run/flannel(/.*)? gen_context(system_u:object_r:container_var_run_t,s0)
/var/log/containers(/.*)? gen_context(system_u:object_r:container_log_t,s0)
/var/log/pods(/.*)? gen_context(system_u:object_r:container_log_t,s0)
Expand Down
33 changes: 15 additions & 18 deletions plans/main.fmf
Original file line number Diff line number Diff line change
Expand Up @@ -3,21 +3,18 @@ discover:
execute:
how: tmt
prepare:
how: feature
epel: enabled

/upstream:
summary: Run SELinux specific Podman tests on upstream PRs
discover+:
filter: tag:upstream
adjust+:
enabled: false
when: initiator is not defined or initiator != packit

/downstream:
summary: Run SELinux specific Podman tests on bodhi / errata and dist-git PRs
discover+:
filter: tag:downstream
adjust+:
enabled: false
when: initiator == packit
- when: distro == centos-stream or distro == rhel
how: shell
script: |
dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-$(rpm --eval '%{?rhel}').noarch.rpm
dnf -y config-manager --set-enabled epel
order: 10
- when: initiator == packit
how: shell
script: |
COPR_REPO_FILE="/etc/yum.repos.d/*podman-next*.repo"
if compgen -G $COPR_REPO_FILE > /dev/null; then
sed -i -n '/^priority=/!p;$apriority=1' $COPR_REPO_FILE
fi
dnf -y upgrade --allowerasing
order: 20
4 changes: 3 additions & 1 deletion rpm/gating.yaml
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
--- !Policy
product_versions:
- fedora-*
decision_context: bodhi_update_push_stable
decision_context:
- bodhi_update_push_stable
- bodhi_update_push_testing
rules:
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}

Expand Down
16 changes: 0 additions & 16 deletions test/Makefile

This file was deleted.

22 changes: 8 additions & 14 deletions test/main.fmf
Original file line number Diff line number Diff line change
@@ -1,23 +1,17 @@
# Only common dependencies that are NOT required to run podman-tests.sh are
# specified here. Everything else is in podman-tests.sh.
require:
- attr
- bats
- cpio
- golang
- make
- container-selinux
- podman-tests
- policycoreutils

/basic_check:
tag: [ upstream, downstream ]
summary: Run basic checks
test: make basic_check

/podman_e2e_test:
tag: [ upstream, downstream ]
summary: Run SELinux specific Podman e2e tests
test: make podman_e2e_test
test: |
semodule --list=full | grep container
semodule -B
rpm -Vqf /var/lib/selinux/*/active/modules/200/container

/podman_system_test:
tag: [ upstream, downstream ]
summary: Run SELinux specific Podman system tests
test: make podman_system_test
test: bash ./podman-tests.sh
65 changes: 3 additions & 62 deletions test/podman-tests.sh
Original file line number Diff line number Diff line change
Expand Up @@ -9,67 +9,8 @@ if [[ "$(id -u)" -ne 0 ]];then
exit 1
fi

if [[ -z "$1" ]]; then
echo -e "Usage: $(basename ${BASH_SOURCE[0]}) TEST_TYPE\nTEST_TYPE can be 'e2e' or 'system'\n"
exit 1
fi

TEST_TYPE=$1

# Remove testing-farm repos if they exist as these interfere with the packages
# we want to install, especially when podman-next copr is involved
rm -f /etc/yum.repos.d/tag-repository.repo

# Fetch and extract latest podman source from the highest priority dnf repo
# NOTE: On upstream pull-requests, the srpm will be fetched from the
# podman-next copr while on bodhi updates, it will be fetched from Fedora's
# official repos.
PODMAN_DIR=$(mktemp -d)
pushd $PODMAN_DIR

# Download podman and podman-tests rpms, along with podman srpm
dnf download podman podman-tests
# Download srpm, srpm opts differ between dnf and dnf5
rpm -q dnf5 && dnf download --srpm podman || dnf download --source podman

# Ensure podman-tests RPM and podman SRPM version-release match
# NOTE: podman RPM and podman-tests RPM matching is ensured by podman.spec so
# matching podman-tests and podman srpm is sufficient here.
PODMAN_TESTS_VERSION=$(ls podman-tests* | sed -e "s/.$(uname -m).rpm//" -e "s/podman-tests-//")
PODMAN_SRPM_VERSION=$(ls podman*.src.rpm | sed -e "s/.src.rpm//" -e "s/podman-//")
if [[ "$PODMAN_TESTS_VERSION" != "$PODMAN_SRPM_VERSION" ]]; then
echo "podman-tests and podman srpm version-release don't match"
exit 1
fi

# Install downloaded podman and podman-tests rpms
dnf -y install ./podman*.$(uname -m).rpm

# Extract and untar podman source from srpm
rpm2cpio $(ls podman*.src.rpm) | cpio -di
tar zxf *.tar.gz

popd

# Print versions of distro and installed packages
rpm -q bats container-selinux golang podman podman-tests selinux-policy

if [[ "$TEST_TYPE" == "e2e" ]]; then
# /tmp is often unsufficient
export TMPDIR=/var/tmp
rpm -q bats container-selinux podman podman-tests policycoreutils selinux-policy

# dnf5 contains breaking changes
# Either of `dnf` OR `dnf5` will be installed, never both.
# To fetch srpm, dnf uses `--source`, dnf5 uses `--srpm`.
#rpm -q dnf5 && SRPM_OPTS="--srpm" || SRPM_OPTS="--source"

# Run podman e2e tests
pushd $PODMAN_DIR/podman-*/test/e2e
PODMAN_BINARY=/usr/bin/podman go test -v config.go config_amd64.go common_test.go libpod_suite_test.go run_selinux_test.go
popd
fi

if [[ "$TEST_TYPE" == "system" ]]; then
# Run podman system tests
bats /usr/share/podman/test/system/410-selinux.bats
fi
# Run podman system tests
bats /usr/share/podman/test/system/410-selinux.bats