system test image: bump to 20220615

Changes:
 - use --timestamp option to produce 'created' stamps
   that can be reliably tested in the image-history test

 - podman now supports manifest & multiarch run, so we
   no longer need buildah

 - bump up base alpine & busybox images

This turned out to be WAY more complicated than it should've been,
because:

 - alpine 3.14 fixed 'date -Iseconds' to include a colon in
   the TZ offset ("-07:00", was "-0700"). This is now consistent
   with GNU date's --iso-8601 format, yay, so we can eliminate
   a minor workaround.

 - with --timestamp, all ADDed files are set to that timestamp,
   including the custom-reference-timestamp file that many tests
   rely on. So we need to split the build into two steps. But:

 - ...with a two-step build I need to use --squash-all, not --squash, but:

 - ... (deep sigh) --squash-all doesn't work with --timestamp (#14536)
   so we need to alter existing tests to deal with new image layers.

 - And, long and sordid story relating to --rootfs. TL;DR that option
   only worked by a miracle relating to something special in one
   specific test image; it doesn't work with any other images. Fix
   seems to be complicated, so we're bypassing with a FIXME (#14505).

And, unrelated:

 - remove obsolete skip and workaround in run-basic test (dating
   back to varlink days)
 - add a pause-image cleanup to avoid icky red warnings in logs

Fixes: #14456

Signed-off-by: Ed Santiago <santiago@redhat.com>

test/system/010-images.bats

@@ -158,6 +158,11 @@ Labels.created_at | 20[0-9-]\\\+T[0-9:]\\\+Z
     # start here because this is the first one, fix this problem.
     # You can (probably) ignore any subsequent failures showing '@sha'
     # in the error output.
+    #
+    # WARNING! This test is likely to fail for an hour or so after
+    # building a new testimage (via build-testimage script), because
+    # two consecutive 'podman images' may result in a one-minute
+    # difference in the "XX minutes ago" output. This is OK to ignore.
     run_podman images -a
     is "$output" "$images_baseline" "images -a, after pull: same as before"
 

test/system/030-run.bats

@@ -34,12 +34,8 @@ echo $rand        |   0 | $rand
         # FIXME: The </dev/null is a hack, necessary because as of 2019-09
         #        podman-remote has a bug in which it silently slurps up stdin,
         #        including the output of parse_table (i.e. tests to be run).
-        run_podman $expected_rc run $IMAGE "$@" </dev/null
+        run_podman $expected_rc run $IMAGE "$@"
-
-        # FIXME: remove conditional once podman-remote issue #4096 is fixed
-        if ! is_remote; then
         is "$output" "$expected_output" "podman run $cmd - output"
-        fi
 
         tests_run=$(expr $tests_run + 1)
     done < <(parse_table "$tests")
@@ -470,10 +466,10 @@ json-file | f
     # dependent, we pick an obscure zone (+1245) that is unlikely to
     # collide with any of our testing environments.
     #
-    # To get a reference timestamp we run 'date' locally; note the explicit
+    # To get a reference timestamp we run 'date' locally. This requires
-    # strftime() format. We can't use --iso=seconds because GNU date adds
+    # that GNU date output matches that of alpine; this seems to be true
-    # a colon to the TZ offset (eg -07:00) whereas alpine does not (-0700).
+    # as of testimage:20220615.
-    run date --date=@1600000000 +%Y-%m-%dT%H:%M:%S%z
+    run date --date=@1600000000 --iso=seconds
     expect="$output"
     TZ=Pacific/Chatham run_podman run --rm --tz=local $IMAGE date -Iseconds -r $testfile
     is "$output" "$expect" "podman run with --tz=local, matches host"
@@ -628,7 +624,8 @@ json-file | f
         run_podman image mount $IMAGE
         romount="$output"
 
-        run_podman run --rm --rootfs $romount echo "Hello world"
+        # FIXME FIXME FIXME: Remove :O once (if) #14504 is fixed!
+        run_podman run --rm --rootfs $romount:O echo "Hello world"
         is "$output" "Hello world"
 
         run_podman image unmount $IMAGE

test/system/070-build.bats

@@ -496,7 +496,12 @@ Labels.$label_name | $label_value
        "image tree: third line"
     is "${lines[3]}" "Image Layers" \
        "image tree: fourth line"
-    is "${lines[4]}" ".* ID: [0-9a-f]\{12\} Size: .* Top Layer of: \[$IMAGE]" \
+    # FIXME: if #14536 is ever fixed, rebuild testimage & s/5/4/ below.
+    # Summary: this should be ${lines[4]}, not [5], and prior to 2022-06-15
+    # it was. Unfortunately, a nightmarish bug interaction makes it impossible
+    # for us to use --squash-all on our testimage. Unless/until that bug is
+    # fixed, we have an extra layer that all we can do is ignore.
+    is "${lines[5]}" ".* ID: [0-9a-f]\{12\} Size: .* Top Layer of: \[$IMAGE]" \
        "image tree: first layer line"
     is "${lines[-1]}"  ".* ID: [0-9a-f]\{12\} Size: .* Top Layer of: \[localhost/build_test:latest]" \
        "image tree: last layer line"

test/system/500-networking.bats

@@ -165,6 +165,9 @@ load helpers
 
     run_podman pod rm $pod_name
     is "$output" "$pid" "Only ID in output (no extra errors)"
+
+    # Clean up
+    run_podman rmi $(pause_image)
 }
 
 @test "podman run with slirp4ns assigns correct addresses to /etc/hosts" {

test/system/build-testimage

@@ -12,8 +12,8 @@
 # still need a fedora image for that.
 #
 
-# Buildah binary
+# Podman binary to use
-BUILDAH=${BUILDAH:-buildah}
+PODMAN=${PODMAN:-$(pwd)/bin/podman}
 
 # Tag for this new image
 YMD=$(date +%Y%m%d)
@@ -25,7 +25,8 @@ if [ -z "$create_script" ]; then
 fi
 
 # Creation timestamp, Zulu time
-create_time_z=$(env TZ=UTC date +'%Y-%m-%dT%H:%M:%SZ')
+create_time_t=$(date +%s)
+create_time_z=$(env TZ=UTC date --date=@$create_time_t +'%Y-%m-%dT%H:%M:%SZ')
 
 set -ex
 
@@ -60,19 +61,33 @@ chmod 755 pause
 # alpine because it's small and light and reliable
 #    - check for updates @ https://hub.docker.com/_/alpine
 # busybox-extras provides httpd needed in 500-networking.bats
-cat >Containerfile <<EOF
+#
+# Two Containerfiles, because we have to do the image build in two parts,
+# which I think are easier to describe in reverse order:
+#    2) The second build has to be run with --timestamp=CONSTANT, otherwise
+#       the Created test in 110-history.bats may fail (#14456); but
+#    1) the timestamp of the testimage-id file must be preserved (see above),
+#       and 'build --timestamp' clobbers all file timestamps.
+#
+cat >Containerfile1 <<EOF
 ARG REPO=please-override-repo
-FROM docker.io/\${REPO}/alpine:3.13.5
+FROM docker.io/\${REPO}/alpine:3.16.0
 RUN apk add busybox-extras
 ADD testimage-id pause /home/podman/
+EOF
+
+cat >Containerfile2 <<EOF
+FROM localhost/interim-image:latest
 LABEL created_by=$create_script
 LABEL created_at=$create_time_z
 WORKDIR /home/podman
 CMD ["/bin/echo", "This container is intended for podman CI testing"]
 EOF
 
-# --squash-all    : needed by 'tree' test in 070-build.bats
+# Start from scratch
-podman rmi -f testimage &> /dev/null || true
+testimg_base=quay.io/libpod/testimage
+testimg=${testimg_base}:$YMD
+$PODMAN rmi -f $testimg &> /dev/null || true
 
 # There should always be a testimage tagged ':0000000<X>' (eight digits,
 # zero-padded sequence ID) in the same location; this is used by tests
@@ -80,7 +95,7 @@ podman rmi -f testimage &> /dev/null || true
 # if ever need to change, nor in fact does it even have to be a copy of
 # this testimage since all we use it for is 'true'.
 # However, it does need to be multiarch :-(
-zerotag_latest=$(skopeo list-tags docker://quay.io/libpod/testimage |\
+zerotag_latest=$(skopeo list-tags docker://${testimg_base} |\
                      jq -r '.Tags[]' |\
                      sort --version-sort |\
                      grep '^000' |\
@@ -88,12 +103,9 @@ zerotag_latest=$(skopeo list-tags docker://quay.io/libpod/testimage |\
 zerotag_next=$(printf "%08d" $((zerotag_latest + 1)))
 
 # We don't always need to push the :00xx image, but build it anyway.
-zeroimg=quay.io/libpod/testimage:${zerotag_next}
+zeroimg=${testimg_base}:${zerotag_next}
-buildah manifest create $zeroimg
+$PODMAN manifest create $zeroimg
 
-# We need to use buildah because (as of 2021-02-23) only buildah has --manifest
-# and because Dan says arch emulation is not currently working on podman
-# (no further details).
 # Arch emulation on Fedora requires the qemu-user-static package.
 for arch in amd64 arm64 ppc64le s390x;do
     # docker.io repo is usually the same name as the desired arch; except
@@ -104,16 +116,32 @@ for arch in amd64 arm64 ppc64le s390x;do
         repo="${repo}v8"
     fi
 
-    ${BUILDAH} bud \
+    # First build defines REPO, but does not have --timestamp
+    $PODMAN build \
             --arch=$arch \
             --build-arg REPO=$repo \
-               --manifest=testimage \
+            --squash-all \
-               --squash \
+            --file Containerfile1 \
+            -t interim-image \
             .
 
+    # Second build forces --timestamp, and adds to manifest. Unfortunately
+    # we can't use --squash-all with --timestamp: *all* timestamps get
+    # clobbered. This is not fixable (#14536).
+    $PODMAN build \
+            --arch=$arch \
+            --timestamp=$create_time_t \
+            --manifest=$testimg \
+            --squash \
+            --file Containerfile2 \
+            .
+
+    # No longer need the interim image
+    $PODMAN rmi interim-image
+
     # The zero-tag image
-    ${BUILDAH} pull --arch $arch     docker.io/$repo/busybox:1.33.1
+    $PODMAN pull --arch $arch     docker.io/$repo/busybox:1.34.1
-    ${BUILDAH} manifest add $zeroimg docker.io/$repo/busybox:1.33.1
+    $PODMAN manifest add $zeroimg docker.io/$repo/busybox:1.34.1
 done
 
 # Clean up
@@ -121,14 +149,12 @@ cd /tmp
 rm -rf $tmpdir
 
 # Tag image and push (all arches) to quay.
-remote_tag=quay.io/libpod/testimage:$YMD
-podman tag testimage ${remote_tag}
 cat <<EOF
 
 If you're happy with these images, run:
 
-   ${BUILDAH} manifest push --all  ${remote_tag} docker://${remote_tag}
+   podman manifest push --all  ${testimg} docker://${testimg}
-   ${BUILDAH} manifest push --all  ${zeroimg} docker://${zeroimg}
+   podman manifest push --all  ${zeroimg} docker://${zeroimg}
 
 (You do not always need to push the :0000 image)
 

test/system/helpers.bash

@@ -7,14 +7,14 @@ PODMAN=${PODMAN:-podman}
 PODMAN_TEST_IMAGE_REGISTRY=${PODMAN_TEST_IMAGE_REGISTRY:-"quay.io"}
 PODMAN_TEST_IMAGE_USER=${PODMAN_TEST_IMAGE_USER:-"libpod"}
 PODMAN_TEST_IMAGE_NAME=${PODMAN_TEST_IMAGE_NAME:-"testimage"}
-PODMAN_TEST_IMAGE_TAG=${PODMAN_TEST_IMAGE_TAG:-"20210610"}
+PODMAN_TEST_IMAGE_TAG=${PODMAN_TEST_IMAGE_TAG:-"20220615"}
 PODMAN_TEST_IMAGE_FQN="$PODMAN_TEST_IMAGE_REGISTRY/$PODMAN_TEST_IMAGE_USER/$PODMAN_TEST_IMAGE_NAME:$PODMAN_TEST_IMAGE_TAG"
 PODMAN_TEST_IMAGE_ID=
 
 # Remote image that we *DO NOT* fetch or keep by default; used for testing pull
 # This has changed in 2021, from 0 through 3, various iterations of getting
 # multiarch to work. It should change only very rarely.
-PODMAN_NONLOCAL_IMAGE_TAG=${PODMAN_NONLOCAL_IMAGE_TAG:-"00000003"}
+PODMAN_NONLOCAL_IMAGE_TAG=${PODMAN_NONLOCAL_IMAGE_TAG:-"00000004"}
 PODMAN_NONLOCAL_IMAGE_FQN="$PODMAN_TEST_IMAGE_REGISTRY/$PODMAN_TEST_IMAGE_USER/$PODMAN_TEST_IMAGE_NAME:$PODMAN_NONLOCAL_IMAGE_TAG"
 
 # Because who wants to spell that out each time?