Move integration tests to Ubuntu Focal

Signed-off-by: Renaud Gaubert <[email protected]>
opencontainers · Aug 9, 2020 · cdd1508 · cdd1508
1 parent a340fa9
commit cdd1508
Show file tree

Hide file tree

Showing 35 changed files with 533 additions and 676 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -20,6 +20,10 @@ jobs:
         - RUNC_USE_SYSTEMD=1
       script:
         - make all
+        - sudo curl -o /usr/local/bin/umoci -fsSL https://github.com/opencontainers/umoci/releases/download/v0.4.5/umoci.amd64
+        - sudo chmod +x /usr/local/bin/umoci
+        - . /etc/os-release && sudo sh -c "echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/x${NAME}_${VERSION_ID}/ /' > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list" && wget -nv https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/x${NAME}_${VERSION_ID}/Release.key -O- | sudo apt-key add -
+        - sudo apt-get update -qq && sudo apt-get install skopeo
         - sudo PATH="$PATH" make localintegration RUNC_USE_SYSTEMD=1
     - name: "fedora32"
       before_install:

diff --git a/Dockerfile b/Dockerfile
@@ -1,6 +1,7 @@
 ARG GO_VERSION=1.13
 ARG BATS_VERSION=v1.2.0
 ARG CRIU_VERSION=v3.14
+ARG UMOCI_VERSION=v0.4.6
 
 FROM golang:${GO_VERSION}-buster
 ARG DEBIAN_FRONTEND=noninteractive
@@ -76,8 +77,10 @@ RUN echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontain
     && apt-get clean \
     && rm -rf /var/cache/apt /var/lib/apt/lists/*;
 
-# install umoci
-RUN curl -o /usr/local/bin/umoci -fsSL https://github.com/opencontainers/umoci/releases/download/v0.4.5/umoci.amd64 \
+# install umoci, retry with an exponential backoff strategy
+ARG UMOCI_VERSION
+RUN curl --connect-timeout 5 --max-time 10 --retry 5 --retry-delay 0 --retry-max-time 40 -o /usr/local/bin/umoci \
+         -fsSL "https://github.com/opencontainers/umoci/releases/download/$UMOCI_VERSION/umoci.amd64" \
     && chmod +x /usr/local/bin/umoci
 
 COPY script/tmpmount /
@@ -86,12 +89,9 @@ ENTRYPOINT ["/tmpmount"]
 
 # setup a playground for us to spawn containers in
 COPY tests/integration/multi-arch.bash tests/integration/
-ENV ROOTFS /busybox
+ENV ROOTFS /ubuntu
 RUN mkdir -p "${ROOTFS}"
-RUN . tests/integration/multi-arch.bash \
-    && curl -fsSL `get_busybox` | tar xfJC - "${ROOTFS}"
+RUN /bin/bash -c '. tests/integration/multi-arch.bash \
+    && get_and_extract_ubuntu "$ROOTFS"'
 
-ENV DEBIAN_ROOTFS /debian
-RUN mkdir -p "${DEBIAN_ROOTFS}"
-RUN . tests/integration/multi-arch.bash \
-    && get_and_extract_debian "$DEBIAN_ROOTFS"
+COPY . .
diff --git a/Vagrantfile.centos7 b/Vagrantfile.centos7
@@ -28,7 +28,7 @@ Vagrant.configure("2") do |config|
     curl -fsSL "https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz" | tar Cxz /usr/local
 
     # Install umoci
-    curl -o /usr/local/bin/umoci -fsSL https://github.com/opencontainers/umoci/releases/download/v0.4.5/umoci.amd64
+    curl -o /usr/local/bin/umoci -fsSL https://github.com/opencontainers/umoci/releases/download/v0.4.6/umoci.amd64
     chmod +x /usr/local/bin/umoci
 
     # install bats
@@ -51,9 +51,9 @@ EOF
     # Add a user for rootless tests
     useradd -u2000 -m -d/home/rootless -s/bin/bash rootless
 
-    # Add busybox for libcontainer/integration tests
+    # Add ubuntu for libcontainer/integration tests
     . /vagrant/tests/integration/multi-arch.bash \
-        && mkdir /busybox \
-        && curl -fsSL $(get_busybox) | tar xfJC - /busybox
+        && mkdir /ubuntu \
+        && get_and_extract_ubuntu /ubuntu
   SHELL
 end
diff --git a/Vagrantfile.fedora32 b/Vagrantfile.fedora32
@@ -37,14 +37,13 @@ EOF
     chown -R rootless.rootless /home/rootless
 
     # Install umoci
-    curl -o /usr/local/bin/umoci -fsSL https://github.com/opencontainers/umoci/releases/download/v0.4.5/umoci.amd64
+    curl -o /usr/local/bin/umoci -fsSL https://github.com/opencontainers/umoci/releases/download/v0.4.6/umoci.amd64
     chmod +x /usr/local/bin/umoci
 
-    # Add busybox for libcontainer/integration tests
+    # Add ubuntu for libcontainer/integration tests
     . /vagrant/tests/integration/multi-arch.bash \
-        && mkdir /busybox /debian \
-        && curl -fsSL $(get_busybox) | tar xfJC - /busybox \
-        && get_and_extract_debian /debian
+        && mkdir /ubuntu \
+        && get_and_extract_ubuntu /ubuntu
 
     # Delegate cgroup v2 controllers to rootless user via --systemd-cgroup
     mkdir -p /etc/systemd/system/[email protected]

diff --git a/libcontainer/integration/exec_test.go b/libcontainer/integration/exec_test.go
@@ -480,7 +480,7 @@ func TestAdditionalGroups(t *testing.T) {
 		Env:              standardEnvironment,
 		Stdin:            nil,
 		Stdout:           &stdout,
-		AdditionalGroups: []string{"plugdev", "audio"},
+		AdditionalGroups: []string{"video", "audio"},
 		Init:             true,
 	}
 	err = container.Run(&pconfig)
@@ -496,8 +496,8 @@ func TestAdditionalGroups(t *testing.T) {
 		t.Fatalf("Listed groups do not contain the audio group as expected: %v", outputGroups)
 	}
 
-	if !strings.Contains(outputGroups, "plugdev") {
-		t.Fatalf("Listed groups do not contain the plugdev group as expected: %v", outputGroups)
+	if !strings.Contains(outputGroups, "video") {
+		t.Fatalf("Listed groups do not contain the video group as expected: %v", outputGroups)
 	}
 }
 
@@ -665,12 +665,8 @@ func testPids(t *testing.T, systemd bool) {
 	if err != nil && strings.Contains(err.Error(), "no such directory for pids.max") {
 		t.Skip("PIDs cgroup is unsupported")
 	}
-	if err != nil && !strings.Contains(out.String(), "sh: can't fork") {
-		ok(t, err)
-	}
-
-	if err == nil {
-		t.Fatalf("expected fork() to fail with restrictive pids limit")
+	if !strings.Contains(out.String(), "/bin/sh: 0: Cannot fork") {
+		t.Fatalf("expected fork() to fail with restrictive pids limit, stdout: %q", out.String())
 	}
 
 	// Minimal restrictions are not really supported, due to quirks in using Go

diff --git a/libcontainer/integration/execin_test.go b/libcontainer/integration/execin_test.go
@@ -179,7 +179,7 @@ func TestExecInAdditionalGroups(t *testing.T) {
 		Env:              standardEnvironment,
 		Stdin:            nil,
 		Stdout:           &stdout,
-		AdditionalGroups: []string{"plugdev", "audio"},
+		AdditionalGroups: []string{"video", "audio"},
 	}
 	err = container.Run(&pconfig)
 	ok(t, err)
@@ -197,8 +197,8 @@ func TestExecInAdditionalGroups(t *testing.T) {
 		t.Fatalf("Listed groups do not contain the audio group as expected: %v", outputGroups)
 	}
 
-	if !strings.Contains(outputGroups, "plugdev") {
-		t.Fatalf("Listed groups do not contain the plugdev group as expected: %v", outputGroups)
+	if !strings.Contains(outputGroups, "video") {
+		t.Fatalf("Listed groups do not contain the video group as expected: %v", outputGroups)
 	}
 }
 
@@ -285,7 +285,7 @@ func TestExecInTTY(t *testing.T) {
 	var stdout bytes.Buffer
 	ps := &libcontainer.Process{
 		Cwd:  "/",
-		Args: []string{"ps"},
+		Args: []string{"ps", "x"},
 		Env:  standardEnvironment,
 	}
 	parent, child, err := utils.NewSockPair("console")
@@ -345,7 +345,7 @@ func TestExecInTTY(t *testing.T) {
 
 	out := stdout.String()
 	if !strings.Contains(out, "cat") || !strings.Contains(out, "ps") {
-		t.Fatalf("unexpected running process, output %q", out)
+		t.Fatalf("unexpected running process, output:\n%q", out)
 	}
 	if strings.Contains(out, "\r") {
 		t.Fatalf("unexpected carriage-return in output")

diff --git a/libcontainer/integration/init_test.go b/libcontainer/integration/init_test.go
@@ -11,7 +11,7 @@ import (
 	"github.com/sirupsen/logrus"
 )
 
-// init runs the libcontainer initialization code because of the busybox style needs
+// init runs the libcontainer initialization code because of the need
 // to work around the go runtime and the issues with forking
 func init() {
 	if len(os.Args) < 2 || os.Args[1] != "init" {

diff --git a/libcontainer/integration/seccomp_test.go b/libcontainer/integration/seccomp_test.go
@@ -46,7 +46,7 @@ func TestSeccompDenyGetcwdWithErrno(t *testing.T) {
 	buffers := newStdBuffers()
 	pwd := &libcontainer.Process{
 		Cwd:    "/",
-		Args:   []string{"pwd"},
+		Args:   []string{"/bin/sh", "-c", "pwd"},
 		Env:    standardEnvironment,
 		Stdin:  buffers.Stdin,
 		Stdout: buffers.Stdout,
@@ -58,29 +58,12 @@ func TestSeccompDenyGetcwdWithErrno(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	ps, err := pwd.Wait()
-	if err == nil {
-		t.Fatal("Expecting error (negative return code); instead exited cleanly!")
-	}
-
-	var exitCode int
-	status := ps.Sys().(syscall.WaitStatus)
-	if status.Exited() {
-		exitCode = status.ExitStatus()
-	} else if status.Signaled() {
-		exitCode = -int(status.Signal())
-	} else {
-		t.Fatalf("Unrecognized exit reason!")
-	}
-
-	if exitCode == 0 {
-		t.Fatalf("Getcwd should fail with negative exit code, instead got %d!", exitCode)
-	}
+	pwd.Wait()
 
-	expected := "pwd: getcwd: No such process"
+	expected := "getcwd() failed: No such process"
 	actual := strings.Trim(buffers.Stderr.String(), "\n")
-	if actual != expected {
-		t.Fatalf("Expected output %s but got %s\n", expected, actual)
+	if !strings.Contains(actual, expected) {
+		t.Fatalf("Expected output to contain %q but got %q\n", expected, actual)
 	}
 }
 
@@ -115,7 +98,7 @@ func TestSeccompDenyGetcwd(t *testing.T) {
 	buffers := newStdBuffers()
 	pwd := &libcontainer.Process{
 		Cwd:    "/",
-		Args:   []string{"pwd"},
+		Args:   []string{"/bin/sh", "-c", "pwd"},
 		Env:    standardEnvironment,
 		Stdin:  buffers.Stdin,
 		Stdout: buffers.Stdout,
@@ -127,29 +110,12 @@ func TestSeccompDenyGetcwd(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	ps, err := pwd.Wait()
-	if err == nil {
-		t.Fatal("Expecting error (negative return code); instead exited cleanly!")
-	}
+	pwd.Wait()
 
-	var exitCode int
-	status := ps.Sys().(syscall.WaitStatus)
-	if status.Exited() {
-		exitCode = status.ExitStatus()
-	} else if status.Signaled() {
-		exitCode = -int(status.Signal())
-	} else {
-		t.Fatalf("Unrecognized exit reason!")
-	}
-
-	if exitCode == 0 {
-		t.Fatalf("Getcwd should fail with negative exit code, instead got %d!", exitCode)
-	}
-
-	expected := "pwd: getcwd: Operation not permitted"
+	expected := "getcwd() failed: Operation not permitted"
 	actual := strings.Trim(buffers.Stderr.String(), "\n")
-	if actual != expected {
-		t.Fatalf("Expected output %s but got %s\n", expected, actual)
+	if !strings.Contains(actual, expected) {
+		t.Fatalf("Expected output to contain %q but got %q\n", expected, actual)
 	}
 }
 
@@ -191,7 +157,7 @@ func TestSeccompPermitWriteConditional(t *testing.T) {
 	buffers := newStdBuffers()
 	dmesg := &libcontainer.Process{
 		Cwd:    "/",
-		Args:   []string{"busybox", "ls", "/"},
+		Args:   []string{"ls", "/"},
 		Env:    standardEnvironment,
 		Stdin:  buffers.Stdin,
 		Stdout: buffers.Stdout,
@@ -253,7 +219,7 @@ func TestSeccompDenyWriteConditional(t *testing.T) {
 	buffers := newStdBuffers()
 	dmesg := &libcontainer.Process{
 		Cwd:    "/",
-		Args:   []string{"busybox", "ls", "does_not_exist"},
+		Args:   []string{"ls", "does_not_exist"},
 		Env:    standardEnvironment,
 		Stdin:  buffers.Stdin,
 		Stdout: buffers.Stdout,
@@ -433,11 +399,11 @@ func TestSeccompMultipleConditionSameArgDeniesStdout(t *testing.T) {
 	}
 
 	buffers, exitCode, err := runContainer(config, "", "ls", "/")
-	if err != nil {
-		t.Fatalf("%s: %s", buffers, err)
+	if err == nil {
+		t.Fatalf("Container returned without error when we expected an error, code: %d, stdout: %q, stderr: %q", exitCode, buffers.Stdout.String(), buffers.Stderr.String())
 	}
-	if exitCode != 0 {
-		t.Fatalf("exit code not 0. code %d buffers %s", exitCode, buffers)
+	if exitCode != -1 {
+		t.Fatalf("exit code not -1. code: %d, stdout: %q, stderr: %q", exitCode, buffers.Stdout.String(), buffers.Stderr.String())
 	}
 	// Verify that nothing was printed
 	if len(buffers.Stdout.String()) != 0 {

diff --git a/libcontainer/integration/utils_test.go b/libcontainer/integration/utils_test.go
@@ -92,7 +92,7 @@ func newTestBundle() (string, error) {
 	return dir, nil
 }
 
-// newRootfs creates a new tmp directory and copies the busybox root filesystem
+// newRootfs creates a new tmp directory and copies the ubuntu root filesystem
 func newRootfs() (string, error) {
 	dir, err := ioutil.TempDir("", "")
 	if err != nil {
@@ -101,7 +101,7 @@ func newRootfs() (string, error) {
 	if err := os.MkdirAll(dir, 0700); err != nil {
 		return "", err
 	}
-	if err := copyBusybox(dir); err != nil {
+	if err := copyUbuntu(dir); err != nil {
 		return "", err
 	}
 	return dir, nil
@@ -111,10 +111,10 @@ func remove(dir string) {
 	os.RemoveAll(dir)
 }
 
-// copyBusybox copies the rootfs for a busybox container created for the test image
+// copyUbuntu copies the rootfs for an Ubuntu container created for the test image
 // into the new directory for the specific test
-func copyBusybox(dest string) error {
-	out, err := exec.Command("sh", "-c", fmt.Sprintf("cp -a /busybox/* %s/", dest)).CombinedOutput()
+func copyUbuntu(dest string) error {
+	out, err := exec.Command("sh", "-c", fmt.Sprintf("cp -a /ubuntu/rootfs/* %s/", dest)).CombinedOutput()
 	if err != nil {
 		return fmt.Errorf("copy error %q: %q", err, out)
 	}