Merge f926b5db05 into 36e8f213b7

.packit.yaml

@@ -66,8 +66,8 @@ jobs:
     targets: &centos_copr_targets
       - centos-stream-9-x86_64
       - centos-stream-9-aarch64
-      - centos-stream-10-x86_64
+    #  - centos-stream-10-x86_64
-      - centos-stream-10-aarch64
+    #  - centos-stream-10-aarch64
 
   # Run on commit to main branch
   # Build targets managed in copr settings

plans/main.fmf

@@ -6,8 +6,10 @@ prepare:
     - when: distro == centos-stream or distro == rhel
       how: shell
       script: |
-        dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-$(rpm --eval '%{?rhel}').noarch.rpm
+        BATS_VERSION=1.12.0
-        dnf -y config-manager --set-enabled epel
+        curl -L https://github.com/bats-core/bats-core/archive/refs/tags/v"$BATS_VERSION".tar.gz | tar -xz
+        cd bats-core-"$BATS_VERSION"
+        ./install.sh /usr
       order: 10
     - when: initiator == packit
       how: shell
@@ -18,3 +20,15 @@ prepare:
         fi
         dnf -y upgrade --allowerasing
       order: 20
+
+/basic_check:
+    discover+:
+        filter: 'tag:basic'
+
+/podman_e2e_test:
+    discover+:
+        filter: 'tag:podman_e2e'
+
+/podman_system_test:
+    discover+:
+        filter: 'tag:podman_system'

test/Makefile

@@ -0,0 +1,16 @@
+.PHONY: basic_check
+basic_check:
+	semodule --list=full | grep container
+	semodule -B
+	rpm -Vqf /var/lib/selinux/*/active/modules/200/container
+
+.PHONY: podman_e2e_test
+podman_e2e_test:
+	bash ./podman-tests.sh e2e
+
+.PHONY: podman_system_test
+podman_system_test:
+	bash ./podman-tests.sh system
+
+clean:
+	rm -rf podman-*dev* podman.spec

test/main.fmf

@@ -1,17 +1,30 @@
+# Only common dependencies that are NOT required to run podman-tests.sh are
+# specified here. Everything else is in podman-tests.sh.
 require:
-    - attr
+    - make
-    - bats
-    - container-selinux
-    - podman-tests
-    - policycoreutils
 
 /basic_check:
     summary: Run basic checks
-    test: |
+    tag: [ basic ]
-        semodule --list=full | grep container
+    test: make basic_check
-        semodule -B
+    require+:
-        rpm -Vqf /var/lib/selinux/*/active/modules/200/container
+        - policycoreutils
+
+/podman_e2e_test:
+    summary: Run SELinux specific Podman e2e tests
+    tag: [ podman_e2e ]
+    test: make podman_e2e_test
+    require+:
+        - btrfs-progs-devel
+        - cpio
+        - golang
+        - gpgme-devel
+        - podman
+        - zstd
 
 /podman_system_test:
+    tag: [ podman_system ]
     summary: Run SELinux specific Podman system tests
-    test: bash ./podman-tests.sh
+    test: make podman_system_test
+    require+:
+        - podman-tests

test/podman-tests.sh

@@ -9,8 +9,80 @@ if [[ "$(id -u)" -ne 0 ]];then
     exit 1
 fi
 
-# Print versions of distro and installed packages
+if [[ -z "$1" ]]; then
-rpm -q bats container-selinux podman podman-tests policycoreutils selinux-policy
+    echo -e "Usage: $(basename "${BASH_SOURCE[0]}") TEST_TYPE\nTEST_TYPE can be 'e2e' or 'system'\n"
+    exit 1
+fi
 
-# Run podman system tests
+TEST_TYPE=$1
-bats /usr/share/podman/test/system/410-selinux.bats
+
+export PODMAN_BINARY=/usr/bin/podman
+
+# Remove testing-farm repos if they exist as these interfere with the packages
+# we want to install, especially when podman-next copr is involved
+rm -f /etc/yum.repos.d/tag-repository.repo
+
+# Disable tracing mode for cleaner rpm -q output
+set +x
+for pkg in container-selinux criu crun golang podman podman-tests selinux-policy; do
+    if ! rpm -q "$pkg"; then
+        continue
+    fi
+done
+set -x
+
+fetch_selinux_denials() {
+    echo "Fetching AVC denials..."
+    ausearch -m AVC,USER_AVC,SELINUX_ERR,USER_SELINUX_ERR -ts recent
+}
+
+if [[ "$TEST_TYPE" == "e2e" ]]; then
+    # /tmp is often unsufficient
+    export TMPDIR=/var/tmp
+
+    # Fetch and extract latest podman source from the highest priority dnf repo
+    # NOTE: On upstream pull-requests, the srpm will be fetched from the
+    # podman-next copr while on bodhi updates, it will be fetched from Fedora's
+    # official repos.
+    PODMAN_DIR=$(mktemp -d)
+    pushd "$PODMAN_DIR"
+
+    # Download srpm, srpm opts differ between dnf and dnf5
+    if ! rpm -q dnf5; then
+        dnf download --source podman
+    else
+        dnf download --srpm podman
+    fi
+
+    # Extract and untar podman source from srpm
+    rpm2cpio "$(ls podman*.src.rpm)" | cpio -di
+    tar zxf ./*.tar.gz
+
+    popd
+
+    if [[ "$(arch)" == "x86_64" ]]; then
+        ARCH=amd64
+    else
+        ARCH=arm64
+    fi
+
+    # Run podman e2e tests
+    pushd "$PODMAN_DIR"/podman-*/test/e2e
+    if ! go test -v config.go config_test.go config_"$ARCH".go common_test.go libpod_suite_test.go run_selinux_test.go; then
+        fetch_selinux_denials
+    fi
+    if ! go test -v config.go config_test.go config_"$ARCH".go common_test.go libpod_suite_test.go checkpoint_test.go; then
+        fetch_selinux_denials
+    fi
+    popd
+fi
+
+if [[ "$TEST_TYPE" == "system" ]]; then
+    # Run podman system tests
+    if ! bats /usr/share/podman/test/system/410-selinux.bats; then
+        fetch_selinux_denials
+    fi
+    if ! bats /usr/share/podman/test/system/520-checkpoint.bats; then
+        fetch_selinux_denials
+    fi
+fi