#!/usr/bin/env bash set -euo pipefail declare -A VERSIONS=( ["cni-plugins"]=v1.3.0 ["runc"]=v1.1.14 ["crun"]=1.17 ["bats"]=v1.9.0 ) main() { set -x prepare_system install_packages install_conmon install_bats install_critools install_runc install_crun install_cni_plugins install_testdeps setup_etc_subid } prepare_system() { sudo systemctl stop docker sudo ufw disable # enable necessary kernel modules sudo ip6tables --list >/dev/null # enable necessary sysctls sudo sysctl -w net.ipv4.conf.all.route_localnet=1 sudo sysctl -w net.ipv4.ip_forward=1 # needed for crictl test sudo modprobe br_netfilter sudo sysctl -w net.bridge.bridge-nf-call-iptables=1 sudo iptables -t nat -I POSTROUTING -s 127.0.0.0/8 ! -d 127.0.0.0/8 -j MASQUERADE } remove_packages() { sudo apt-get remove \ conmon \ containernetworking-plugins } install_packages() { . /etc/os-release CRIU_REPO="https://download.opensuse.org/repositories/devel:/tools:/criu/xUbuntu_$VERSION_ID" curl -fSsL $CRIU_REPO/Release.key | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/criu.gpg echo "deb $CRIU_REPO/ /" | sudo tee /etc/apt/sources.list.d/criu.list sudo apt update sudo apt install -y \ autoconf \ automake \ conntrack \ criu \ libaio-dev \ libapparmor-dev \ libbtrfs-dev \ libcap-dev \ libdevmapper-dev \ libfuse-dev \ libgpgme11-dev \ libglib2.0-dev \ libnet1-dev \ libnl-3-dev \ libprotobuf-c-dev \ libprotobuf-dev \ libseccomp-dev \ libsystemd-dev \ libtool \ libudev-dev \ libyajl-dev \ sed \ socat \ uuid-dev } install_conmon() { sudo make install.bin conmon --version } install_bats() { git clone https://github.com/bats-core/bats-core pushd bats-core git checkout "${VERSIONS["bats"]}" sudo ./install.sh /usr/local popd rm -rf bats-core mkdir -p ~/.parallel touch ~/.parallel/will-cite } install_critools() { URL=https://github.com/kubernetes-sigs/cri-tools git clone $URL pushd cri-tools sudo -E PATH="$PATH" make BINDIR=/usr/bin install popd sudo rm -rf cri-tools sudo critest --version sudo crictl --version } install_cni_plugins() { URL=https://github.com/containernetworking/plugins/releases/download TARBALL=cni-plugins-linux-amd64-${VERSIONS["cni-plugins"]}.tgz CNI_DIR=/opt/cni/bin sudo mkdir -p "$CNI_DIR" wget -O "$TARBALL" $URL/"${VERSIONS["cni-plugins"]}"/"$TARBALL" sudo tar xf "$TARBALL" -C "$CNI_DIR" rm "$TARBALL" ls -lah "$CNI_DIR" } install_runc() { URL=https://github.com/opencontainers/runc/releases/download/"${VERSIONS["runc"]}" BINARY=/usr/sbin/runc sudo wget -O "$BINARY" "$URL"/runc.amd64 sudo chmod +x "$BINARY" # Verify the SHA256 SUMFILE=runc.sha256sum wget "$URL"/$SUMFILE grep -qw "$(sha256sum "$BINARY" | awk '{ print $1 }')" $SUMFILE rm $SUMFILE runc --version } install_crun() { URL=https://github.com/containers/crun/releases/download/"${VERSIONS["crun"]}"/crun-"${VERSIONS["crun"]}"-linux-amd64 BINARY=/usr/bin/crun sudo wget -O "$BINARY" "$URL" sudo chmod +x "$BINARY" crun --version } install_testdeps() { CLONE_PATH=$(go env GOPATH)/src/github.com/cri-o mkdir -p "$CLONE_PATH" pushd "$CLONE_PATH" URL=https://github.com/cri-o/cri-o git clone $URL pushd cri-o make "$(pwd)"/build/bin/ginkgo sudo cp build/bin/ginkgo /usr/bin ginkgo version sudo mkdir -p /etc/containers/registries.d sudo cp test/policy.json /etc/containers sudo cp test/redhat_sigstore.yaml /etc/containers/registries.d/registry.access.redhat.com.yaml sudo cp test/registries.conf /etc/containers/registries.conf popd popd } setup_etc_subid() { echo "containers:200000:65536" | sudo tee -a /etc/subuid echo "containers:200000:65536" | sudo tee -a /etc/subgid } main "$@"