CI: rootless user: also create in some root tests

viz, rootful system tests. The rootless account will be
used by image-scp tests.

Unfortunately, having ssh available means the system-connection
tests will start running, which is very bad because they will
fail, because system connection doesn't actually work (long story).
Add a few more checks to prevent this test from running.

Signed-off-by: Ed Santiago <santiago@redhat.com>

contrib/cirrus/lib.sh

@@ -138,7 +138,9 @@ passthrough_envars(){
 }
 
 setup_rootless() {
-    req_env_vars ROOTLESS_USER GOPATH GOSRC SECRET_ENV_RE
+    req_env_vars GOPATH GOSRC SECRET_ENV_RE
+
+    ROOTLESS_USER="${ROOTLESS_USER:-some${RANDOM}dude}"
 
     local rootless_uid
     local rootless_gid
@@ -150,10 +152,12 @@ setup_rootless() {
     # shellcheck disable=SC2154
     if passwd --status $ROOTLESS_USER
     then
+        if [[ $PRIV_NAME = "rootless" ]]; then
             msg "Updating $ROOTLESS_USER user permissions on possibly changed libpod code"
             chown -R $ROOTLESS_USER:$ROOTLESS_USER "$GOPATH" "$GOSRC"
             return 0
         fi
+    fi
     msg "************************************************************"
     msg "Setting up rootless user '$ROOTLESS_USER'"
     msg "************************************************************"
@@ -164,7 +168,11 @@ setup_rootless() {
     msg "creating $rootless_uid:$rootless_gid $ROOTLESS_USER user"
     groupadd -g $rootless_gid $ROOTLESS_USER
     useradd -g $rootless_gid -u $rootless_uid --no-user-group --create-home $ROOTLESS_USER
+
+    # We also set up rootless user for image-scp tests (running as root)
+    if [[ $PRIV_NAME = "rootless" ]]; then
         chown -R $ROOTLESS_USER:$ROOTLESS_USER "$GOPATH" "$GOSRC"
+    fi
     echo "$ROOTLESS_USER ALL=(root) NOPASSWD: ALL" > /etc/sudoers.d/ci-rootless
 
     mkdir -p "$HOME/.ssh" "/home/$ROOTLESS_USER/.ssh"

contrib/cirrus/setup_environment.sh

@@ -177,19 +177,26 @@ esac
 
 # Required to be defined by caller: Are we testing as root or a regular user
 case "$PRIV_NAME" in
-    root) ;;
+    root)
+        if [[ "$TEST_FLAVOR" = "sys" ]]; then
+            # Used in local image-scp testing
+            setup_rootless
+            echo "PODMAN_ROOTLESS_USER=$ROOTLESS_USER" >> /etc/ci_environment
+        fi
+        ;;
     rootless)
         # load kernel modules since the rootless user has no permission to do so
         modprobe ip6_tables || :
         modprobe ip6table_nat || :
-        # Needs to exist for setup_rootless()
-        ROOTLESS_USER="${ROOTLESS_USER:-some${RANDOM}dude}"
-        echo "ROOTLESS_USER=$ROOTLESS_USER" >> /etc/ci_environment
         setup_rootless
         ;;
     *) die_unknown PRIV_NAME
 esac
 
+if [[ -n "$ROOTLESS_USER" ]]; then
+    echo "ROOTLESS_USER=$ROOTLESS_USER" >> /etc/ci_environment
+fi
+
 # Required to be defined by caller: Are we testing podman or podman-remote client
 # shellcheck disable=SC2154
 case "$PODBIN_NAME" in

test/system/272-system-connection.bats

@@ -124,10 +124,14 @@ $c2[ ]\+tcp://localhost:54321[ ]\+true" \
 
 # If we have ssh access to localhost (unlikely in CI), test that.
 @test "podman system connection - ssh" {
-    rand=$(random_string 20)
+    # system connection only really works if we have an agent
-    echo $rand >$PODMAN_TMPDIR/testfile
+    run ssh-add -l
+    test "$status"      -eq 0 || skip "Not running under ssh-agent"
+    test "${#lines[@]}" -ge 1 || skip "ssh agent has no identities"
 
     # Can we actually ssh to localhost?
+    rand=$(random_string 20)
+    echo $rand >$PODMAN_TMPDIR/testfile
     run ssh -q -o BatchMode=yes \
         -o UserKnownHostsFile=/dev/null \
         -o StrictHostKeyChecking=no \