fix(container): make sqlite e2e runner work under rootless podman

Bring the SQLite end-to-end runner up against
`podman 5.8.2` / `podman-compose 1.5.0` without regressing
the Docker-Compose-v2 path. The five issues fixed here all
surface only when the harness is driven by something other
than the upstream Docker daemon, which is why they slipped
past Phase 8's bring-up against the operator workflow.

Containerfile:

- Copy `entry_script_lib_sh` into the release runtime base
  alongside `entry.sh`. The file is sourced unconditionally
  at start-up; without it the container exits immediately
  with `can't open /usr/local/lib/torrust/entry_script_lib_sh`.
  The debug runtime base already pulled it directly from the
  build context — the release base routed everything via the
  `runtime_assets` collector and this one path was missed.

E2E `e2e-env-up.sh` (public + private SQLite modes):

- Export `BUILDAH_FORMAT=docker` so the Containerfile's
  `HEALTHCHECK` directive survives the build under podman.
  The default OCI format silently drops it, leaving
  `torrust-index-1` permanently un-healthy and tripping
  the wait-for-healthy gate downstream.
- Pre-create the `./storage/{index,tracker}/{lib/database,log,etc}`
  bind-mount sources. Docker auto-creates missing host paths;
  podman does not, and combined with `:Z` SELinux relabel the
  failure mode is an opaque `getxattr ... no such file or
  directory` rather than the friendlier "bind source path does
  not exist".
- Replace `docker compose up --pull always` with a standalone
  `docker compose pull || true` followed by a plain `up`.
  `podman-compose` rejects the Compose-v2 `--pull=always`
  syntax (it accepts a boolean `--pull` paired with
  `--pull-always`); `compose pull` works under both. The
  `|| true` keeps the script resilient to transient registry
  hiccups and to images that only exist locally
  (e.g. `localhost/torrust_index`).

E2E `run-e2e-tests.sh`:

- Guard against being run outside the repo root: require a
  git checkout, refuse if `pwd` is not the toplevel, and
  identify the repo by `Cargo.toml` package name rather than
  remote URL so forks and renamed clones still work. The
  script does destructive things (`rm -rf ./storage`,
  overwrites `.env`) that are only safe inside the project
  root.
- Prepend `$HOME/.cargo/bin` to `PATH` so rustup-managed
  toolchains are visible regardless of the invoking shell's
  setup. `~/.cargo/env` is only sourced in interactive login
  shells, which CI runners and `bash -c` invocations are not.
- Wipe `./storage` before each run, routing through
  `podman unshare rm -rf` when the active engine is podman.
  Files written from inside a rootless container are owned by
  a sub-UID from `/etc/subuid`, which a host-side `rm -rf`
  cannot remove. The engine is detected via
  `docker --version | grep -qi podman` so the `podman-docker`
  shim is handled correctly.
- Skip `cargo install imdl` when `imdl` is already on PATH,
  and pass `--locked` when it is not — the install dominated
  the script's wall-clock time on every re-run.
- Probe whether containers come up named with `-` (Compose v2)
  or `_` (podman-compose v1.x) and compose the
  `wait_for_container_to_be_healthy.sh` arguments from the
  detected separator. The probe runs once per phase and
  defaults to `-` when nothing matches.

`wait_for_container_to_be_healthy.sh`:

- Treat a `null` `.State.Health` (image declares no
  `HEALTHCHECK`) the same as `{}` and fall back to the plain
  `.State.Status == "running"` check. Without this the loop
  spins until the retry budget runs out for any image without
  a healthcheck — common for upstream images such as
  `docker.io/torrust/tracker`, and for any locally-built image
  whose layers ended up in OCI format.

No changes to the application or to the production compose
flow; this is purely the e2e-harness portability fix that
unblocks the SQLite suite under podman.

Author: peer-cat

Containerfile

@@ -258,6 +258,13 @@ COPY --from=runtime_assets /etc/profile /etc/profile
 COPY --from=runtime_assets /bin/busybox            /usr/bin/busybox
 COPY --from=runtime_assets /bin/su-exec            /usr/bin/su-exec
 COPY --from=runtime_assets /usr/local/bin/entry.sh /usr/local/bin/entry.sh
+# `entry.sh` sources its pure-function library from this path
+# at start-up; without it the container exits immediately with
+# "can't open /usr/local/lib/torrust/entry_script_lib_sh".
+# The debug runtime base copies the file directly from the
+# build context (see further down); the release base goes via
+# `runtime_assets` to keep the per-path copy list explicit.
+COPY --from=runtime_assets /usr/local/lib/torrust/entry_script_lib_sh /usr/local/lib/torrust/entry_script_lib_sh
 COPY --from=preflight_gate /tmp/.adduser-ok /tmp/.preflight-sentinel
 # Pin PATH so a future base-image change cannot silently break
 # the entry script's bare-name lookups.

contrib/dev-tools/container/e2e/sqlite/mode/private/e2e-env-up.sh

@@ -1,8 +1,26 @@
 #!/bin/bash
 
+# See the public-mode counterpart for the rationale behind
+# `BUILDAH_FORMAT=docker` and `--pull=always` (rather than
+# `--pull always`).
+export BUILDAH_FORMAT=docker
+
+# See the public-mode counterpart for why we pre-create these.
+mkdir -p \
+    ./storage/index/lib/database \
+    ./storage/index/log \
+    ./storage/index/etc \
+    ./storage/tracker/lib/database \
+    ./storage/tracker/log \
+    ./storage/tracker/etc
+
 TORRUST_INDEX_CONFIG_TOML=$(cat ./share/default/config/index.private.e2e.container.sqlite3.toml) \
     docker compose build
 
+# See the public-mode counterpart for why we pull separately
+# rather than passing `--pull=always` to `docker compose up`.
+docker compose pull || true
+
 USER_ID=${USER_ID:-1000} \
     TORRUST_INDEX_CONFIG_TOML=$(cat ./share/default/config/index.private.e2e.container.sqlite3.toml) \
     TORRUST_INDEX_DATABASE="e2e_testing_sqlite3" \
@@ -13,4 +31,4 @@ USER_ID=${USER_ID:-1000} \
     TORRUST_TRACKER_DATABASE="e2e_testing_sqlite3" \
     TORRUST_TRACKER_CONFIG_OVERRIDE_CORE__DATABASE__DRIVER="sqlite3" \
     TORRUST_TRACKER_CONFIG_OVERRIDE_HTTP_API__ACCESS_TOKENS__ADMIN="MyAccessToken" \
-    docker compose up --detach --pull always --remove-orphans
+    docker compose up --detach --remove-orphans

contrib/dev-tools/container/e2e/sqlite/mode/public/e2e-env-up.sh

@@ -1,8 +1,39 @@
 #!/bin/bash
 
+# `BUILDAH_FORMAT=docker` keeps the Containerfile's `HEALTHCHECK`
+# directive when the build runs under podman: the default OCI image
+# format silently drops it (`WARN ... HEALTHCHECK is not supported
+# for OCI image format and will be ignored`), which would leave
+# `torrust-index-1` permanently un-healthy and break the
+# `wait_for_container_to_be_healthy.sh` gate downstream.
+export BUILDAH_FORMAT=docker
+
+# Pre-create the bind-mount source directories. Docker's daemon will
+# auto-create missing host paths, but podman does not — and with the
+# `:Z` SELinux relabel suffix in `compose.yaml`, a missing source path
+# fails the container start with `getxattr ... no such file or
+# directory` rather than the friendlier "bind source path does not
+# exist" error. Creating them up front keeps the script portable.
+mkdir -p \
+    ./storage/index/lib/database \
+    ./storage/index/log \
+    ./storage/index/etc \
+    ./storage/tracker/lib/database \
+    ./storage/tracker/log \
+    ./storage/tracker/etc
+
 TORRUST_INDEX_CONFIG_TOML=$(cat ./share/default/config/index.public.e2e.container.toml) \
     docker compose build
 
+# Pull externally-sourced service images up front. We deliberately
+# avoid `docker compose up --pull=always`: under podman-compose,
+# `--pull` is a boolean flag (paired with a separate `--pull-always`),
+# so the Compose-v2 `--pull=always` syntax is rejected. A standalone
+# `docker compose pull` is accepted by both implementations; the
+# `|| true` keeps the script resilient to transient registry hiccups
+# and to images that only exist locally (e.g. `localhost/torrust_index`).
+docker compose pull || true
+
 USER_ID=${USER_ID:-1000} \
     TORRUST_INDEX_CONFIG_TOML=$(cat ./share/default/config/index.public.e2e.container.toml) \
     TORRUST_INDEX_DATABASE="e2e_testing_sqlite3" \
@@ -13,4 +44,4 @@ USER_ID=${USER_ID:-1000} \
     TORRUST_TRACKER_DATABASE="e2e_testing_sqlite3" \
     TORRUST_TRACKER_CONFIG_OVERRIDE_CORE__DATABASE__DRIVER="sqlite3" \
     TORRUST_TRACKER_CONFIG_OVERRIDE_HTTP_API__ACCESS_TOKENS__ADMIN="MyAccessToken" \
-    docker compose up --detach --pull always --remove-orphans
+    docker compose up --detach --remove-orphans

contrib/dev-tools/container/e2e/sqlite/run-e2e-tests.sh

@@ -1,25 +1,105 @@
 #!/bin/bash
 
+# Guard: refuse to run unless we are at the top of a `torrust-index`
+# git checkout. The script does destructive things (wipes `./storage`,
+# overwrites `.env`, builds container images tagged `torrust_index`)
+# that are only safe inside the project root, and the bind-mount
+# paths in `compose.yaml` are all relative to it.
+if ! command -v git >/dev/null 2>&1; then
+    echo "error: 'git' is required to verify the working directory" >&2
+    exit 1
+fi
+GIT_TOPLEVEL="$(git rev-parse --show-toplevel 2>/dev/null)" || {
+    echo "error: not inside a git repository" >&2
+    exit 1
+}
+if [ "$GIT_TOPLEVEL" != "$PWD" ]; then
+    echo "error: must be run from the repository root ($GIT_TOPLEVEL), not $PWD" >&2
+    exit 1
+fi
+# Identify the repo by the presence of the root crate's Cargo.toml
+# rather than by remote URL — that keeps forks and local clones
+# (with arbitrary remote names) working.
+if ! grep -qE '^name = "torrust-index"$' Cargo.toml 2>/dev/null; then
+    echo "error: this does not look like the torrust-index repository (Cargo.toml package name mismatch)" >&2
+    exit 1
+fi
+
 CURRENT_USER_NAME=$(whoami)
 CURRENT_USER_ID=$(id -u)
 echo "User name: $CURRENT_USER_NAME"
 echo "User   id: $CURRENT_USER_ID"
 
+# Make rustup-managed toolchains visible. Distros that ship rust as
+# a system package put `cargo` on the default PATH; rustup installs
+# (the upstream-recommended path) put it under `~/.cargo/bin`, which
+# is only added to PATH by `~/.cargo/env` — and that's only sourced
+# in interactive login shells. Prepend it unconditionally so the
+# script works regardless of the invoking shell's setup.
+if [ -d "$HOME/.cargo/bin" ]; then
+    PATH="$HOME/.cargo/bin:$PATH"
+    export PATH
+fi
+if ! command -v cargo >/dev/null 2>&1; then
+    echo "error: 'cargo' not found on PATH (looked in \$PATH and \$HOME/.cargo/bin)" >&2
+    exit 1
+fi
+
 USER_ID=$CURRENT_USER_ID
 export USER_ID
 
 export TORRUST_INDEX_DATABASE="e2e_testing_sqlite3"
 export TORRUST_TRACKER_DATABASE="e2e_testing_sqlite3"
 
+# Wipe any storage left over from a previous run.
+#
+# Under rootless podman, files written from inside a container are
+# owned by a sub-UID from /etc/subuid (e.g. host-UID 525287 for
+# container-UID 1000), which a plain `rm -rf` cannot remove from the
+# host shell. `podman unshare` re-enters that user namespace where
+# we *are* root and can delete freely. Detect the actual provider
+# behind the `docker` CLI rather than trusting the binary name —
+# `podman-docker` ships a `docker` shim that wraps podman.
+if [ -d ./storage ]; then
+    if command -v podman >/dev/null 2>&1 && \
+       { ! command -v docker >/dev/null 2>&1 || \
+         docker --version 2>/dev/null | grep -qi podman; }; then
+        echo "Cleaning ./storage via 'podman unshare' (rootless userns)"
+        podman unshare rm -rf ./storage || exit 1
+    else
+        echo "Cleaning ./storage"
+        rm -rf ./storage || exit 1
+    fi
+fi
+
 # Install tool to create torrent files.
 # It's needed by some tests to generate and parse test torrent files.
-cargo install imdl || exit 1
+# Skip the (slow) `cargo install` when `imdl` is already on PATH.
+if ! command -v imdl >/dev/null 2>&1; then
+    cargo install --locked imdl || exit 1
+fi
 
 # Install app (no docker) that will run the test suite against the E2E testing
 # environment (in docker).
 cp .env.local .env || exit 1
 ./contrib/dev-tools/container/e2e/sqlite/install.sh || exit 1
 
+# Compose v2 (`docker compose`) names containers with hyphens
+# (`torrust-mysql-1`); `podman-compose` v1.x preserves the legacy
+# `_` separator (`torrust_mysql_1`). Probe once and let downstream
+# wait-for-healthy calls reuse the result.
+detect_container_name_sep() {
+    local svc=mysql
+    if docker ps --format '{{.Names}}' | grep -q "^torrust-${svc}-1$"; then
+        echo '-'
+    elif docker ps --format '{{.Names}}' | grep -q "^torrust_${svc}_1$"; then
+        echo '_'
+    else
+        # Sensible default for Compose v2.
+        echo '-'
+    fi
+}
+
 # TEST USING SQLITE
 echo "Running E2E tests using SQLite ..."
 
@@ -29,10 +109,12 @@ echo "Running E2E tests with a public tracker ..."
 # Start E2E testing environment
 ./contrib/dev-tools/container/e2e/sqlite/mode/public/e2e-env-up.sh || exit 1
 
+SEP=$(detect_container_name_sep)
+
 # Wait for conatiners to be healthy
-./contrib/dev-tools/container/functions/wait_for_container_to_be_healthy.sh torrust-mysql-1 10 3 || exit 1
-./contrib/dev-tools/container/functions/wait_for_container_to_be_healthy.sh torrust-tracker-1 10 3 || exit 1
-./contrib/dev-tools/container/functions/wait_for_container_to_be_healthy.sh torrust-index-1 10 3 || exit 1
+./contrib/dev-tools/container/functions/wait_for_container_to_be_healthy.sh "torrust${SEP}mysql${SEP}1" 10 3 || exit 1
+./contrib/dev-tools/container/functions/wait_for_container_to_be_healthy.sh "torrust${SEP}tracker${SEP}1" 10 3 || exit 1
+./contrib/dev-tools/container/functions/wait_for_container_to_be_healthy.sh "torrust${SEP}index${SEP}1" 10 3 || exit 1
 
 # Just to make sure that everything is up and running
 docker ps
@@ -63,10 +145,12 @@ echo "Running E2E tests with a private tracker ..."
 # Start E2E testing environment
 ./contrib/dev-tools/container/e2e/sqlite/mode/private/e2e-env-up.sh || exit 1
 
+SEP=$(detect_container_name_sep)
+
 # Wait for conatiners to be healthy
-./contrib/dev-tools/container/functions/wait_for_container_to_be_healthy.sh torrust-mysql-1 10 3 || exit 1
-./contrib/dev-tools/container/functions/wait_for_container_to_be_healthy.sh torrust-tracker-1 10 3 || exit 1
-./contrib/dev-tools/container/functions/wait_for_container_to_be_healthy.sh torrust-index-1 10 3 || exit 1
+./contrib/dev-tools/container/functions/wait_for_container_to_be_healthy.sh "torrust${SEP}mysql${SEP}1" 10 3 || exit 1
+./contrib/dev-tools/container/functions/wait_for_container_to_be_healthy.sh "torrust${SEP}tracker${SEP}1" 10 3 || exit 1
+./contrib/dev-tools/container/functions/wait_for_container_to_be_healthy.sh "torrust${SEP}index${SEP}1" 10 3 || exit 1
 
 # Just to make sure that everything is up and running
 docker ps

contrib/dev-tools/container/functions/wait_for_container_to_be_healthy.sh

@@ -8,12 +8,24 @@ wait_for_container_to_be_healthy() {
 
     while [ $retry_count -lt "$max_retries" ]; do
         container_health="$(docker inspect --format='{{json .State.Health}}' "$container_name")"
-        if [ "$container_health" != "{}" ]; then
+        if [ "$container_health" != "{}" ] && [ "$container_health" != "null" ]; then
             container_status="$(echo "$container_health" | jq -r '.Status')"
             if [ "$container_status" == "healthy" ]; then
                 echo "Container $container_name is healthy"
                 return 0
             fi
+        else
+            # The image declares no HEALTHCHECK (common for upstream
+            # images such as `docker.io/torrust/tracker`, and for any
+            # locally-built image when podman emits OCI-format layers
+            # — OCI silently drops the directive). Fall back to the
+            # plain runtime status so we don't loop forever waiting
+            # on a probe that will never report.
+            container_status="$(docker inspect --format='{{.State.Status}}' "$container_name")"
+            if [ "$container_status" == "running" ]; then
+                echo "Container $container_name is running (no healthcheck declared)"
+                return 0
+            fi
         fi
 
         retry_count=$((retry_count + 1))