|
7 | 7 | // linkme requires unsafe for distributed slices |
8 | 8 | #![allow(unsafe_code)] |
9 | 9 |
|
| 10 | +use std::process::{Command, ExitStatus, Stdio}; |
| 11 | +use std::sync::Arc; |
| 12 | + |
| 13 | +use anyhow::{Context, Result}; |
| 14 | +use composefs::fsverity::Sha256HashValue; |
| 15 | +use composefs::repository::Repository; |
| 16 | +use tempfile::TempDir; |
| 17 | + |
10 | 18 | /// A test function that returns a Result. |
11 | 19 | pub type TestFn = fn() -> anyhow::Result<()>; |
12 | 20 |
|
@@ -50,3 +58,202 @@ macro_rules! integration_test { |
50 | 58 | } |
51 | 59 | }; |
52 | 60 | } |
| 61 | + |
| 62 | +// ============================================================================ |
| 63 | +// Utilities for containers-storage tests |
| 64 | +// ============================================================================ |
| 65 | + |
| 66 | +/// Test label for cleanup |
| 67 | +pub const INTEGRATION_TEST_LABEL: &str = "composefs-rs.integration-test=1"; |
| 68 | + |
| 69 | +/// Get the path to cfsctl binary |
| 70 | +pub fn get_cfsctl_path() -> Result<String> { |
| 71 | + // Check environment first |
| 72 | + if let Ok(path) = std::env::var("CFSCTL_PATH") { |
| 73 | + return Ok(path); |
| 74 | + } |
| 75 | + // Look in common locations |
| 76 | + for path in [ |
| 77 | + "./target/release/cfsctl", |
| 78 | + "./target/debug/cfsctl", |
| 79 | + "/usr/bin/cfsctl", |
| 80 | + ] { |
| 81 | + if std::path::Path::new(path).exists() { |
| 82 | + return Ok(path.to_string()); |
| 83 | + } |
| 84 | + } |
| 85 | + anyhow::bail!("cfsctl not found; set CFSCTL_PATH or build with `cargo build --release`") |
| 86 | +} |
| 87 | + |
| 88 | +/// Get the primary test image |
| 89 | +pub fn get_primary_image() -> String { |
| 90 | + std::env::var("COMPOSEFS_RS_PRIMARY_IMAGE") |
| 91 | + .unwrap_or_else(|_| "quay.io/centos-bootc/centos-bootc:stream10".to_string()) |
| 92 | +} |
| 93 | + |
| 94 | +/// Get all test images |
| 95 | +pub fn get_all_images() -> Vec<String> { |
| 96 | + std::env::var("COMPOSEFS_RS_ALL_IMAGES") |
| 97 | + .unwrap_or_else(|_| get_primary_image()) |
| 98 | + .split_whitespace() |
| 99 | + .map(String::from) |
| 100 | + .collect() |
| 101 | +} |
| 102 | + |
| 103 | +/// Captured command output |
| 104 | +#[derive(Debug)] |
| 105 | +pub struct CapturedOutput { |
| 106 | + /// Exit status |
| 107 | + pub status: ExitStatus, |
| 108 | + /// Captured stdout |
| 109 | + pub stdout: String, |
| 110 | + /// Captured stderr |
| 111 | + pub stderr: String, |
| 112 | +} |
| 113 | + |
| 114 | +impl CapturedOutput { |
| 115 | + /// Assert the command succeeded |
| 116 | + pub fn assert_success(&self) -> Result<()> { |
| 117 | + if !self.status.success() { |
| 118 | + anyhow::bail!( |
| 119 | + "Command failed with status {}\nstdout: {}\nstderr: {}", |
| 120 | + self.status, |
| 121 | + self.stdout, |
| 122 | + self.stderr |
| 123 | + ); |
| 124 | + } |
| 125 | + Ok(()) |
| 126 | + } |
| 127 | +} |
| 128 | + |
| 129 | +/// Run a command and capture output |
| 130 | +pub fn run_command(cmd: &str, args: &[&str]) -> Result<CapturedOutput> { |
| 131 | + let output = Command::new(cmd) |
| 132 | + .args(args) |
| 133 | + .stdout(Stdio::piped()) |
| 134 | + .stderr(Stdio::piped()) |
| 135 | + .output() |
| 136 | + .with_context(|| format!("Failed to execute: {} {:?}", cmd, args))?; |
| 137 | + |
| 138 | + Ok(CapturedOutput { |
| 139 | + status: output.status, |
| 140 | + stdout: String::from_utf8_lossy(&output.stdout).to_string(), |
| 141 | + stderr: String::from_utf8_lossy(&output.stderr).to_string(), |
| 142 | + }) |
| 143 | +} |
| 144 | + |
| 145 | +/// Run cfsctl with arguments |
| 146 | +pub fn run_cfsctl(args: &[&str]) -> Result<CapturedOutput> { |
| 147 | + let cfsctl = get_cfsctl_path()?; |
| 148 | + run_command(&cfsctl, args) |
| 149 | +} |
| 150 | + |
| 151 | +/// Create a test repository in a temporary directory. |
| 152 | +/// |
| 153 | +/// The TempDir is returned alongside the repo to keep it alive. |
| 154 | +pub fn create_test_repository(tempdir: &TempDir) -> Result<Arc<Repository<Sha256HashValue>>> { |
| 155 | + let fd = rustix::fs::open( |
| 156 | + tempdir.path(), |
| 157 | + rustix::fs::OFlags::CLOEXEC | rustix::fs::OFlags::PATH, |
| 158 | + 0.into(), |
| 159 | + )?; |
| 160 | + |
| 161 | + let mut repo = Repository::open_path(&fd, ".")?; |
| 162 | + repo.set_insecure(true); |
| 163 | + Ok(Arc::new(repo)) |
| 164 | +} |
| 165 | + |
| 166 | +/// Check if rootless podman works in this environment. |
| 167 | +/// |
| 168 | +/// In nested container environments (e.g., devcontainers), rootless podman |
| 169 | +/// may fail due to user namespace restrictions. This function detects that |
| 170 | +/// and returns whether we need to use sudo. |
| 171 | +fn needs_sudo_for_podman() -> bool { |
| 172 | + // Try a simple rootless podman command |
| 173 | + let output = Command::new("podman") |
| 174 | + .args(["info", "--format", "{{.Host.RemoteSocket.Exists}}"]) |
| 175 | + .stdout(Stdio::null()) |
| 176 | + .stderr(Stdio::piped()) |
| 177 | + .output(); |
| 178 | + |
| 179 | + match output { |
| 180 | + Ok(o) if o.status.success() => false, |
| 181 | + _ => { |
| 182 | + // Rootless failed, check if sudo podman works |
| 183 | + let sudo_output = Command::new("sudo") |
| 184 | + .args([ |
| 185 | + "podman", |
| 186 | + "info", |
| 187 | + "--format", |
| 188 | + "{{.Host.RemoteSocket.Exists}}", |
| 189 | + ]) |
| 190 | + .stdout(Stdio::null()) |
| 191 | + .stderr(Stdio::null()) |
| 192 | + .output(); |
| 193 | + matches!(sudo_output, Ok(o) if o.status.success()) |
| 194 | + } |
| 195 | + } |
| 196 | +} |
| 197 | + |
| 198 | +/// Get the podman command, using sudo if needed for this environment. |
| 199 | +fn podman_command() -> Command { |
| 200 | + if needs_sudo_for_podman() { |
| 201 | + let mut cmd = Command::new("sudo"); |
| 202 | + cmd.arg("podman"); |
| 203 | + cmd |
| 204 | + } else { |
| 205 | + Command::new("podman") |
| 206 | + } |
| 207 | +} |
| 208 | + |
| 209 | +/// Build a minimal test image using podman and return its ID |
| 210 | +pub fn build_test_image() -> Result<String> { |
| 211 | + let temp_dir = TempDir::new()?; |
| 212 | + let containerfile = temp_dir.path().join("Containerfile"); |
| 213 | + |
| 214 | + // Create a simple Containerfile with various file sizes to test |
| 215 | + // both inline and external storage paths. |
| 216 | + // Use Fedora instead of busybox because busybox has UID 65534 which |
| 217 | + // breaks in nested container environments due to user namespace issues. |
| 218 | + std::fs::write( |
| 219 | + &containerfile, |
| 220 | + r#"FROM quay.io/centos/centos:stream10 |
| 221 | +# Small file (should be inlined) |
| 222 | +RUN echo "small content" > /small.txt |
| 223 | +# Larger file (should be external) |
| 224 | +RUN dd if=/dev/zero of=/large.bin bs=1024 count=100 2>/dev/null |
| 225 | +# Directory with files |
| 226 | +RUN mkdir -p /testdir && echo "file1" > /testdir/a.txt && echo "file2" > /testdir/b.txt |
| 227 | +# Symlink |
| 228 | +RUN ln -s /small.txt /link.txt |
| 229 | +"#, |
| 230 | + )?; |
| 231 | + |
| 232 | + let iid_file = temp_dir.path().join("image.iid"); |
| 233 | + |
| 234 | + let output = podman_command() |
| 235 | + .args([ |
| 236 | + "build", |
| 237 | + "--pull=newer", |
| 238 | + &format!("--iidfile={}", iid_file.display()), |
| 239 | + "-f", |
| 240 | + &containerfile.to_string_lossy(), |
| 241 | + &temp_dir.path().to_string_lossy(), |
| 242 | + ]) |
| 243 | + .output()?; |
| 244 | + |
| 245 | + if !output.status.success() { |
| 246 | + anyhow::bail!( |
| 247 | + "podman build failed: {}", |
| 248 | + String::from_utf8_lossy(&output.stderr) |
| 249 | + ); |
| 250 | + } |
| 251 | + |
| 252 | + let image_id = std::fs::read_to_string(&iid_file)?.trim().to_string(); |
| 253 | + Ok(image_id) |
| 254 | +} |
| 255 | + |
| 256 | +/// Remove a test image |
| 257 | +pub fn cleanup_test_image(image_id: &str) { |
| 258 | + let _ = podman_command().args(["rmi", "-f", image_id]).output(); |
| 259 | +} |
0 commit comments