Commit graph

1137 commits

Author SHA1 Message Date
Debarshi Ray
7375be82d0 test/system: Remove stray (possibly for debugging) 'podman images'
This was making it difficult to read the Bats assertions on test
failures, by polluting it with unexpected and irrelevant output from
'podman images'.  For example [1]:
  not ok 39 list: Images with and without names in 12332ms
  # (from function `assert' in file test/system/libs/bats-assert/src/assert.bash, line 46,
  #  in test file test/system/102-list.bats, line 126)
  #   `assert [ ${#stderr_lines[@]} -eq 0 ]' failed
  # REPOSITORY                                 TAG         IMAGE ID      CREATED      SIZE
  # registry.fedoraproject.org/fedora-toolbox  35          862705390e8b  4 weeks ago  332 MB
  # REPOSITORY                                 TAG         IMAGE ID      CREATED       SIZE
  # registry.fedoraproject.org/fedora-toolbox  35          862705390e8b  4 weeks ago   332 MB
  # registry.fedoraproject.org/fedora-toolbox  34          70cbe2ce60ca  7 months ago  354 MB
  #
  # -- assertion failed --
  # expression : [ 1 -eq 0 ]
  # --
  #

Fallout from 7973181136

[1] https://github.com/containers/toolbox/pull/1192

https://github.com/containers/toolbox/pull/1193
2022-12-08 00:32:12 +01:00
Debarshi Ray
5f324d537e cmd/list, pkg/podman: Limit access to the raw 'podman images' JSON
This builds on top of commit 0465d78fd9034ce9.

The toolboxImage type has been renamed to Image and moved into the
podman package.

There is nothing Toolbx specific about the type - it represents any
image returned by 'podman images'.  The images are only later filtered
for Toolbx images.

Secondly, having the Image type inside the podman package makes it
possible to encapsulate the unmarshalling of the JSON within the package
without exposing the raw JSON to outside consumers.  This is desirable
because the unmarshalling involves tracking changes in the JSON output
by different Podman versions, and it's better to limit such details to
the podman package.

https://github.com/containers/toolbox/pull/1190
2022-12-07 13:06:20 +01:00
Debarshi Ray
5baf3162a9 cmd/list: Style fixes
This will make the subsequent commit easier to read.

https://github.com/containers/toolbox/pull/1190
2022-12-07 13:06:20 +01:00
Debarshi Ray
e1ead145fc cmd/list: Rename a variable for ease of grepping
It's better to avoid single letter variables in general, because they
are so hard to grep for.

This will make the subsequent commit easier to read.

https://github.com/containers/toolbox/pull/1190
2022-12-07 13:06:20 +01:00
Debarshi Ray
2486e25601 cmd/list, pkg/podman: Don't unmarshal the 'podman images' JSON twice
This builds on top of commit e772207831.

Currently, the JSON from 'podman images --format json' gets unmarshalled
into a []map[string]interface{} in podman.GetImages, where the maps in
the slice represent images.  Each map is then marshalled back into JSON
and then again unmarshalled into a toolboxImage type.

This is wasteful.  The toolboxImage type already implements the
json.Unmarshaler interface [1], since commit e772207831.  Hence,
the entire JSON from 'podman images --format json' can be directly
unmarshalled into a slice of toolboxImages without involving the
[]map[string]interface{}.

A subsequent commit will move the toolboxImage type into the podman
package to more tightly encapsulate the unmarshalling of the JSON.  So,
as an intermediate step in that direction, the podman.GetImages function
has been temporarily changed to return the entire JSON.

[1] https://pkg.go.dev/encoding/json#Unmarshaler

https://github.com/containers/toolbox/pull/1190
2022-12-07 13:06:20 +01:00
Debarshi Ray
aeb5d8ec1a test/system: Test a container with an old forward incompatible runtime
Commit ae43560d45 had added a test with a similar intention.  When
the test suite is run on a Fedora Rawhide host, it tests whether the
containers for the two previous stable Fedora releases start or not.
Fedora N-2 reaches End of Life 4 weeks after Fedora N is released [1].
So, testing the containers for Fedora Rawhide and the two previous
stable releases on a Fedora Rawhide host is a decent test of general
backwards compatibility.

However, as seen recently [2], this isn't enough to catch some known
ABI compatibility issues [3,4].  These involve toolbox binaries built
on hosts with newer toolchains that aren't meant to be run against
containers with older runtimes.  A targeted test is needed to defend
against these scenarios.

The fedora-toolbox:34 image has glibc-2.33, which is old enough to be
unable to run binaries compiled on Fedora 35 with glibc-2.34 and newer.

[1] https://docs.fedoraproject.org/en-US/releases/

[2] https://github.com/containers/toolbox/pull/1180

[3] Commit 6063eb27b9
    https://github.com/containers/toolbox/issues/821

[4] Commit 6ad9c63180
    https://github.com/containers/toolbox/issues/529

https://github.com/containers/toolbox/pull/1187
2022-12-07 13:03:09 +01:00
Debarshi Ray
7ab2f9b866 test/system: Replace fedora-toolbox:32 with fedora-toolbox:34
Fedora 32 reached End of Life on 25th May 2021:
https://docs.fedoraproject.org/en-US/releases/eol/

That's quite old because right now Fedora 35 is nearing its End of Life.

Since the tests are intended for Toolbx, not the Fedora infrastructure,
it will be better to use a newer image, because images that are too old
can get lost from registry.fedoraproject.org.  The fedora-toolbox:34
image can be a drop-in replacement for the fedora-toolbox:32 image for
the purposes of this test suite, and has the advantage of being newer.

Note that fedora-toolbox:34 is also old enough to test that the toolbox
binary runs against it's build-time ABI from the host, and not the
Toolbx container's ABI, when it's invoked as the entry point of the
container [1,2].  This is important because the subsequent commit will
add a test to ensure that.

[1] Commit 6063eb27b9
    https://github.com/containers/toolbox/issues/821

[2] Commit 6ad9c63180
    https://github.com/containers/toolbox/issues/529

https://github.com/containers/toolbox/pull/1187
2022-12-07 12:56:41 +01:00
Debarshi Ray
67e210378e cmd/list: Simplify code
Fallout from 2369da5d31

https://github.com/containers/toolbox/pull/1189
2022-12-06 00:27:55 +01:00
Debarshi Ray
71f73a4b31 cmd/list: Remove redundant initializations
Fallout from 2369da5d31

https://github.com/containers/toolbox/pull/1188
2022-12-05 22:21:09 +01:00
Debarshi Ray
9e1cc2afaf build: Reduce the verbosity of 'go test'
Otherwise, there's so much spew from 'go test', including the successful
tests, that the actual failures don't stand out.

Note that, the different steps involved in building the code base are a
lot more interdependent on each other.  Hence, some extra verbosity
can help understand what caused a build failure on non-interactive build
environments.  In contrast, the runtime outputs from each test case are
a lot more isolated and independent from one another.  The additional
verbosity from successful tests doesn't really help understand why a
particular test failed.

https://github.com/containers/toolbox/pull/1186
2022-12-02 13:05:29 +01:00
Debarshi Ray
f695012faf build: Enforce all the default 'go vet' checks on all Go sources
Currently, only a so-called high-confidence subset of the default checks
in 'go vet' are being run by 'go test' [1].  Since 'go vet' is part of
the core Go tools, it's worth trying to use more of it.  After all,
golangci-lint, which is currently being run through a GitHub Action,
is running the default 'go vet' checks as one of its linters [2].

It's good to have as much of the testing wrapped inside 'meson test', as
possible, because it's easier to run locally and on other non-GitHub CI
environments like those of downstream distributors.

[1] https://pkg.go.dev/cmd/go/internal/test

[2] https://golangci-lint.run/usage/linters/
    https://golangci-lint.run/usage/linters/#govet

https://github.com/containers/toolbox/pull/1186
2022-12-02 11:39:03 +01:00
Debarshi Ray
f0425d4240 build: Rename the 'go test' test for consistency
https://github.com/containers/toolbox/pull/1186
2022-12-02 11:12:21 +01:00
Debarshi Ray
fa1b7e26a2 cmd/initContainer: Limit the scope of the error
Fallout from d323143c46

https://github.com/containers/toolbox/pull/1185
2022-12-01 18:24:59 +01:00
Debarshi Ray
b85ab0a4f1 cmd/initContainer, cmd/run: Restore hints about unreachable code
In the past, before commit d323143c46, there was either had a
dummy 'return' statement or a self-documenting 'panic' that said that
the code should not be reached.  Since neither golangci-lint nor
'go vet' likes those, a comment is the only option left.

Note that the core Go tools like 'go vet' [1], but also 'go lint' [2],
explicitly don't intend to add fine-grained configuration options,
including inline directives or pragmas, to silence specific warnings.
That's something golangci-lint offers [3], to the extent that it's
supported by its linters [4].  However, golangci-lint also uses 'go vet'
as one of those linters, so it's the same problem all over again.

Therefore, between the two extremes of leaving the code difficult to
read and using a very big hammer to disable a needlessly big chuck of
'go vet', a comment is the least worst option.

[1] https://github.com/golang/go/issues/17058
    https://github.com/golang/go/issues/18432

[2] https://github.com/golang/lint/issues/263

[3] https://golangci-lint.run/usage/false-positives/

[4] https://golangci-lint.run/usage/linters/

Fallout from d323143c46

https://github.com/containers/toolbox/pull/1185
2022-12-01 18:24:15 +01:00
Debarshi Ray
d0fe8c45f7 README.md: Clarify that Toolbx isn't a security mechanism
Using the word 'containerized' gives the false impression of heightened
security.  As if it's a mechanism to run untrusted software in a
sandboxed environment without access to the user's private data (such as
$HOME), hardware peripherals (such as cameras and microphones), etc..
That's not what Toolbx is for.

Toolbx aims to offer an interactive command line environment for
development and troubleshooting the host operating system, without
having to install software on the host.  That's all.  It makes no
promise about security beyond what's already available in the usual
command line environment on the host that everybody is familiar with.

https://github.com/containers/toolbox/issues/1020
2022-11-29 17:46:34 +01:00
Debarshi Ray
f5057d782e README.md: Tweak
Mention that Toolbx is meant for system administrators to troubleshoot
the host operating system.  The word 'debugging' is often used in the
context of software development, and hence most readers might not
interpret it as 'troubleshooting'.

https://github.com/containers/toolbox/pull/1182
2022-11-29 17:46:25 +01:00
Debarshi Ray
11d3c6bda5 README.md: Remove trailing newline
Fallout from bafbbe81c9

https://github.com/containers/toolbox/pull/1182
2022-11-29 17:01:06 +01:00
Debarshi Ray
021053716e test/system: Add copyright and license notices
https://github.com/containers/toolbox/pull/1179
2022-11-29 13:54:13 +01:00
Debarshi Ray
ca966e377c .zuul, playbooks: Add copyright and license notices
https://github.com/containers/toolbox/pull/1179
2022-11-28 22:47:15 +01:00
Debarshi Ray
630792e0a1 Update copyright notices
https://github.com/containers/toolbox/pull/1179
2022-11-28 21:01:18 +01:00
Debarshi Ray
f392a69a4b profile.d: Restore compatibility with Z shell
Otherwise, every zsh instance on Fedora Kinoite and Silverblue was
running into:
  /etc/profile.d/toolbox.sh:30: bad substitution

... because case modification with "${VARIANT_ID^}" is undefined in
POSIX shell [1], and doesn't work with Z shell.

Fedora Silverblue got its own PRETTY_NAME (and VARIANT and VARIANT_ID)
starting from Fedora 32 [2].  Therefore, it's better to use PRETTY_NAME
and let the downstream distributor of the host operating system decide
how it should be presented to the user, instead of coming up with a
custom string.  eg., PRETTY_NAME isn't the same as "Fedora $VARIANT" on
Fedora Silverblue.

One nice side-effect of this is that while VARIANT and VARIANT_ID are
optional fields, PRETTY_NAME has a well-defined fallback value of
'Linux' [3].  This makes this a little less specific to Fedora Kinoite
and Silverblue.

The rest of the welcome text was reformatted to prevent it from getting
too wide depending on the contents of PRETTY_NAME.

Fallout from 3641a0032f

[1] https://www.shellcheck.net/wiki/SC3059

[2] https://pagure.io/workstation-ostree-config/c/c18ef957d11862d32f362722931dbfdf1f5beb0d

[3] https://www.freedesktop.org/software/systemd/man/os-release.html

https://github.com/containers/toolbox/issues/1017
2022-11-25 18:36:31 +01:00
Debarshi Ray
5249bf229f profile.d: Don't leak ID and VARIANT_ID into the shell
Commit dcdfa3a1f5 ensured that the rest of the os-release(5)
fields don't get injected into the shell as environment variables, but
missed ID and VARIANT_ID.

Fallout from c6e37cdef3

https://github.com/containers/toolbox/pull/1176
2022-11-24 17:26:03 +01:00
Debarshi Ray
76ef9b3abf profile.d: Style fix
Fallout from 88f2916822 and
dcdfa3a1f5

https://github.com/containers/toolbox/pull/1176
2022-11-24 17:25:59 +01:00
Debarshi Ray
2e437d69db playbooks: Remove unnecessary parameter
The documentation for Ansible's built-in 'package' module [1] says this
about the 'use' parameter:
  You should only use this field if the automatic selection is not
  working for some reason.

[1] https://docs.ansible.com/ansible/latest/collections/ansible/builtin/package_module.html

https://github.com/containers/toolbox/pull/1173
2022-11-19 15:46:46 +01:00
Nieves Montero
9438db2f79 build, playbooks: Add a test that runs codespell
https://github.com/containers/toolbox/issues/1146

Signed-off-by: Nieves Montero <nmontero@redhat.com>
2022-11-19 15:32:13 +01:00
Debarshi Ray
9204d90da4 playbooks: Don't worry about runc(8)
... because it was replaced by crun(1) as Podman's default OCI runtime
during the migration to cgroups v2 in Fedora 31 [1].  eg., on Fedora 36:
  # repoquery --whatrequires runc
  ...
  containerd-0:1.6.1-1.fc36.x86_64
  containerd-0:1.6.9-3.fc36.x86_64
  containers-common-4:1-53.fc36.noarch
  containers-common-extra-4:1-62.fc36.noarch
  moby-engine-0:20.10.12-3.fc36.x86_64
  moby-engine-0:20.10.20-1.fc36.x86_64

... and it doesn't get installed on Fedora 35 either:
  TASK [Check versions of crucial packages]
  ci-node-35 | glibc-gconv-extra-2.34-43.fc35.x86_64
  ci-node-35 | glibc-2.34-43.fc35.x86_64
  ci-node-35 | glibc-common-2.34-43.fc35.x86_64
  ci-node-35 | glibc-langpack-en-2.34-43.fc35.x86_64
  ci-node-35 | kernel-core-6.0.5-100.fc35.x86_64
  ci-node-35 | kernel-core-6.0.7-100.fc35.x86_64
  ci-node-35 | kernel-core-6.0.8-100.fc35.x86_64
  ci-node-35 | kernel-headers-6.0.5-100.fc35.x86_64
  ci-node-35 | glibc-headers-x86-2.34-43.fc35.noarch
  ci-node-35 | glibc-devel-2.34-43.fc35.x86_64
  ci-node-35 | kernel-srpm-macros-1.0-6.fc35.noarch
  ci-node-35 | containernetworking-plugins-1.1.0-1.fc35.x86_64
  ci-node-35 | container-selinux-2.189.0-1.fc35.noarch
  ci-node-35 | conmon-2.1.0-2.fc35.x86_64
  ci-node-35 | golang-1.16.15-3.fc35.x86_64
  ci-node-35 | crun-1.6-2.fc35.x86_64
  ci-node-35 | fuse-overlayfs-1.9-1.fc35.x86_64
  ci-node-35 | containers-common-1-45.fc35.noarch
  ci-node-35 | podman-3.4.7-2.fc35.x86_64
  ci-node-35 | flatpak-session-helper-1.12.7-2.fc35.x86_64
  ci-node-35 | ok: Runtime: 0:00:00.139573

[1] https://fedoraproject.org/wiki/Changes/CGroupsV2

https://github.com/containers/toolbox/pull/1170
2022-11-18 19:21:50 +01:00
Debarshi Ray
c1ac8bc102 playbooks: Build the shell completions for fish
https://github.com/containers/toolbox/pull/1169
2022-11-18 18:51:52 +01:00
Debarshi Ray
6439b147d3 Revert ".zuul: Run tests only for relevant files"
On a couple of occasions the relevant tests didn't get triggered because
some files weren't listed [1], and on another a commit forgot to update
the list of files [2].

The objective of the CI is to reduce stress for the maintainers, and
make it easy for contributors to find out if their changes work or not.
Missing tests don't help with that, and there's no need to optimize the
tests like this unless there's a real problem to be solved.

[1] Commit deca452b27
    Commit 5c27d73021

[2] Commit b1743c4927

This reverts commit c28d902089.

https://github.com/containers/toolbox/pull/1168
2022-11-18 18:25:45 +01:00
Andre Moreira Magalhaes
34505fd475 profile.d: Give precedence to /etc/os-release over /usr/lib/os-release
Some OSTree based systems, such as Endless OS, don't ship with
/usr/lib/os-release, and the os-release(5) manual says [1]:
  The file /etc/os-release takes precedence over /usr/lib/os-release.
  Applications should check for the former, and exclusively use its data
  if it exists, and only fall back to /usr/lib/os-release if it is
  missing.

[1] https://www.freedesktop.org/software/systemd/man/os-release.html

https://github.com/containers/toolbox/pull/692
2022-11-18 16:41:47 +01:00
Andre Moreira Magalhaes
ac46f54357 profile.d: Hide the Fedora-specific welcome on non-Fedora containers
https://github.com/containers/toolbox/pull/692
2022-11-18 16:39:16 +01:00
Debarshi Ray
deca452b27 .zuul: Trigger ShellCheck when profile.d/toolbox.sh changes
https://github.com/containers/toolbox/pull/692
2022-11-18 16:39:16 +01:00
Nieves Montero
f2b7e440e1 Fix spelling mistakes using codespell
https://github.com/containers/toolbox/pull/1166
https://github.com/containers/toolbox/pull/1149

Signed-off-by: Nieves Montero <nmontero@redhat.com>
2022-11-17 11:56:58 +01:00
Debarshi Ray
ed9f8cd0d9 cmd/completion: Style fixes
https://github.com/containers/toolbox/pull/1165
2022-11-17 11:34:42 +01:00
Debarshi Ray
1b85f711e4 test/system: Test 'completion'
https://github.com/containers/toolbox/pull/1165
2022-11-17 11:34:42 +01:00
Debarshi Ray
685f1f794d test/system: Be more strict when checking the version
https://github.com/containers/toolbox/pull/1165
2022-11-17 11:28:00 +01:00
Ondřej Míchal
fe63222916 cmd/completion: Use RunE instead of Run as elsewhere
Fallout from d69ce6794b

https://github.com/containers/toolbox/pull/1055
https://github.com/containers/toolbox/pull/840
2022-11-17 10:20:01 +01:00
Debarshi Ray
9b7793bd76 cmd/create: Fix typo
Fallout from e935ed893d

https://github.com/containers/toolbox/pull/1164
2022-11-16 23:01:25 +01:00
Debarshi Ray
68d63bf09e test/system: Ensure that the right containers are run
https://github.com/containers/toolbox/pull/1163
2022-11-16 20:46:47 +01:00
Debarshi Ray
a61f88d7b2 test/system: Ensure that /run/.containerenv and /run/.toolboxenv exist
This is a precursor to verifying the names of the containers and
ensuring that the right ones are getting used.

https://github.com/containers/toolbox/pull/1163
2022-11-16 20:46:47 +01:00
Debarshi Ray
0000c68ee6 test/system: Ensure that 'toolbox run false' has exit code 1
This is a precursor to checking that higher valued exit codes from the
command running inside the container are retained, and commands like
test(1) can be used with 'toolbox run ...' in subsequent test cases.

https://github.com/containers/toolbox/pull/1163
2022-11-16 20:46:40 +01:00
Debarshi Ray
78683b38ae test/system: Use long options, instead of their shorter aliases
The long options are easier to grep(1) for in the sources than their
shorter aliases.

https://github.com/containers/toolbox/pull/1162
2022-11-16 19:56:24 +01:00
Debarshi Ray
220164b396 test/system: Shorten the names of the tests and use consistent wording
Currently, some of the names of the tests were too long, and had
inconsistent and verbose wording.  This made it difficult to look at
them and get a gist of all the scenarios being tested.  The names are
like headings.  They shouldn't be too long, should capture the primary
objective of the test and be consistent in their wording.

https://github.com/containers/toolbox/pull/1161
2022-11-16 19:49:56 +01:00
Debarshi Ray
8ec03ab85f test/system: Order the tests by increasing order of the exit code
This is another step towards making it easy to look at the file and get
a gist of all the scenarios being tested.

https://github.com/containers/toolbox/pull/1161
2022-11-16 13:41:43 +01:00
Debarshi Ray
485489867b test/system: Simplify the exit code checks by relying on Bats >= 1.5.0
Commit 978bb524e4 already added a dependency on Bats >= 1.5.0,
which is present in Fedora >= 35.  Therefore, it should be exploited
wherever possible to simplify things.

However, bats_require_minimum_version can't be used, because it's
only available from Bats 1.7.0 [1], which is new enough that it's absent
from Fedora 35.

[1] Bats commit 71d6b71cebc3d32b
    https://github.com/bats-core/bats-core/issues/556
    https://bats-core.readthedocs.io/en/stable/warnings/BW02.html

https://github.com/containers/toolbox/pull/1161
2022-11-16 13:41:39 +01:00
Debarshi Ray
80f9ac754d test/system: Remove redundant assertion
Fallout from 978bb524e4

https://github.com/containers/toolbox/pull/1161
2022-11-16 13:40:36 +01:00
Debarshi Ray
04e94868e0 test/system: Check the line count in the standard error & output streams
https://github.com/containers/toolbox/pull/1160
2022-11-16 12:51:35 +01:00
Debarshi Ray
e8ad1eaad0 test/system: Ensure that error messages go to the standard error stream
Currently, there's no way to get assert_line to use the stderr_lines
array [1].  This is worked around by assigning stderr_lines to the
'lines' array.

[1] https://github.com/bats-core/bats-assert/issues/42

https://github.com/containers/toolbox/pull/1160
2022-11-16 12:36:46 +01:00
Debarshi Ray
8b7511ab6f playbooks/dependencies: Improve the names of the tasks
https://github.com/containers/toolbox/pull/1158
2022-11-16 11:11:18 +01:00
Debarshi Ray
03922893af playbooks: Highlight failures from 'meson compile' and 'meson install'
Currently, 'meson compile' and 'meson install' were being invoked from
pre-run playbooks.  This meant that a genuine build failure from either
of those commands would be shown as a RETRY_LIMIT failure by the CI.

This was misleading.  It made it look as if the failure was caused by
some transient networking problem or that the CI node was too slow due
to momentary heavy load, whereas the failure was actually due to a
problem in the Toolbx sources.  A genuine problem in the sources should
be reflected as a FAILURE, not RETRY_LIMIT.

However, it's worth noting that 'meson compile' invokes 'go build',
which downloads all the Go modules required by the Toolbx sources.  This
is worth retaining in the pre-run playbooks since it primarily depends
on Internet infrastructure beyond the Toolbx sources.

As a nice side-effect, the CI no longer gets mysteriously stuck like
this while the Go modules are being downloaded:
  TASK [Build Toolbox]
  ci-node-36 | ninja: Entering directory
    `/home/zuul-worker/src/github.com/containers/toolbox/builddir'
  ...
  ci-node-36 | [8/13] Generating doc/toolbox-rmi.1 with a custom command
  ci-node-36 | [9/13] Generating doc/toolbox-run.1 with a custom command
  ci-node-36 | [10/13] Generating doc/toolbox.conf.5 with a custom
    command
  ci-node-36 | [11/13] Generating src/toolbox with a custom command

https://github.com/containers/toolbox/pull/1158
2022-11-16 11:11:01 +01:00
Debarshi Ray
9bf9f97e2c test/system: Ensure that 'toolbox run --preserve-fds ...' works
Note that file descriptors 3 and 4 are reserved by Bats.  The former is
used for adding custom text to the Test Anything Protocol (or TAP)
stream [1] and the latter for tracing [2].

[1] https://bats-core.readthedocs.io/en/stable/writing-tests.html#file-descriptor-3-read-this-if-bats-hangs
    https://bats-core.readthedocs.io/en/stable/writing-tests.html#printing-to-the-terminal

[2] Bats commit 635700cd2282b754
    https://github.com/bats-core/bats-core/pull/467
    https://github.com/bats-core/bats-core/pull/488

https://github.com/containers/toolbox/issues/1066
2022-11-14 23:10:29 +01:00