From d6d72931bc34318d598bbe05ab433ae97736b0a9 Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Wed, 1 May 2024 13:52:02 -0400 Subject: [PATCH 01/13] images/alpine: `s/secure_boot/secureboot/` Signed-off-by: Simon Deziel --- images/alpine.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/alpine.yaml b/images/alpine.yaml index 482242e3e..4274447db 100644 --- a/images/alpine.yaml +++ b/images/alpine.yaml @@ -4,7 +4,7 @@ image: simplestream: requirements: - requirements: - secure_boot: false + secureboot: false source: downloader: alpinelinux-http From 4877b3114d43783f8f562c56dd0d4e6b75eda1f6 Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Wed, 1 May 2024 13:52:09 -0400 Subject: [PATCH 02/13] images/archlinux: `s/secure_boot/secureboot/` Signed-off-by: Simon Deziel --- images/archlinux.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/archlinux.yaml b/images/archlinux.yaml index c9881fa0e..99dcae2dc 100644 --- a/images/archlinux.yaml +++ b/images/archlinux.yaml @@ -5,7 +5,7 @@ simplestream: distro_name: Arch Linux requirements: - requirements: - secure_boot: false + secureboot: false source: downloader: archlinux-http From 879bdef758f1b6311f9ac9ce5b3d2ee3bf6917b3 Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Wed, 1 May 2024 13:52:17 -0400 Subject: [PATCH 03/13] images/gentoo: `s/secure_boot/secureboot/` Signed-off-by: Simon Deziel --- images/gentoo.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/gentoo.yaml b/images/gentoo.yaml index f83ff3c6f..6575d800b 100644 --- a/images/gentoo.yaml +++ b/images/gentoo.yaml @@ -4,7 +4,7 @@ image: simplestream: requirements: - requirements: - secure_boot: false + secureboot: false source: downloader: gentoo-http From 2ad73ed88c287b5fc252ce912636482ad51c31c2 Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Wed, 1 May 2024 13:52:25 -0400 Subject: [PATCH 04/13] images/nixos: `s/secure_boot/secureboot/` Signed-off-by: Simon Deziel --- images/nixos.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/nixos.yaml b/images/nixos.yaml index 418b6181c..f49e4e50b 100644 --- a/images/nixos.yaml +++ b/images/nixos.yaml @@ -5,7 +5,7 @@ simplestream: distro_name: NixOS requirements: - requirements: - secure_boot: false + secureboot: false source: downloader: nixos-http From 554e170b64e86f043f8b9ba3ea099164af2aa46a Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Wed, 1 May 2024 13:55:14 -0400 Subject: [PATCH 05/13] bin/test-image: use GiB instead of GB Signed-off-by: Simon Deziel --- bin/test-image | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/test-image b/bin/test-image index f358c5b08..7e89ec616 100755 --- a/bin/test-image +++ b/bin/test-image @@ -72,7 +72,7 @@ if [ "${TYPE}" = "vm" ]; then lxc init "${TEST_IMAGE}" "${TEST_IMAGE}" \ --vm \ -c limits.cpu=4 \ - -c limits.memory=4GB \ + -c limits.memory=4GiB \ -c security.secureboot=false INSTANCES="${TEST_IMAGE}" From 3a4a8067eb4bbd732f28200bcebffe39d6366cca Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Wed, 1 May 2024 20:00:51 -0400 Subject: [PATCH 06/13] bin/test-image: `s/DIST/DISTRO/` for consistency Signed-off-by: Simon Deziel --- bin/test-image | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/bin/test-image b/bin/test-image index 7e89ec616..82d439be0 100755 --- a/bin/test-image +++ b/bin/test-image @@ -11,7 +11,7 @@ if [ "${1:-}" = "" ] || [ "${2:-}" = "" ] || [ "${3:-}" = "" ] || [ "${4:-}" = " fi TYPE=${1} -DIST=${2} +DISTRO=${2} RELEASE=${3} VARIANT=${4} TARGET=${5} @@ -30,7 +30,7 @@ fi # Setup the test environment. TEST_DIR="${HOME}/build-test" -TEST_IMAGE="${TYPE}-${DIST}-${VARIANT}" +TEST_IMAGE="${TYPE}-${DISTRO}-${VARIANT}" rm -Rf "${TEST_DIR}" mkdir -p "${TEST_DIR}" @@ -96,7 +96,7 @@ EOF fi else for PRIV in "priv" "unpriv"; do - if [ "${PRIV}" = "priv" ] && [ "${DIST}" = "nixos" ] && [ "${RELEASE}" = "23.11" ]; then + if [ "${PRIV}" = "priv" ] && [ "${DISTRO}" = "nixos" ] && [ "${RELEASE}" = "23.11" ]; then # NixOS 23.11 will never support privileged containers, but future versions do. continue fi @@ -111,12 +111,12 @@ else lxc config set "${TEST_IMAGE}-${PRIV}" security.privileged=true fi - if [ "${DIST}" = "voidlinux" ]; then + if [ "${DISTRO}" = "voidlinux" ]; then # Workaround weird init system. lxc config set "${TEST_IMAGE}-${PRIV}" raw.lxc lxc.signal.halt=SIGCONT fi - if [ "${DIST}" = "slackware" ]; then + if [ "${DISTRO}" = "slackware" ]; then # Workaround weird init system. lxc config set "${TEST_IMAGE}-${PRIV}" raw.lxc lxc.signal.halt=SIGKILL fi @@ -150,12 +150,12 @@ done # Wait for things to settle. echo "==> Waiting for instances to start" for i in ${INSTANCES}; do - if [ "${DIST}" == "busybox" ]; then + if [ "${DISTRO}" == "busybox" ]; then # Busybox has only 1 process running when ready. MIN_PROC_COUNT=1 fi - if [ "${DIST}" == "centos" ]; then + if [ "${DISTRO}" == "centos" ]; then # Give CentOS a bit more time to boot. MAX_WAIT_SECONDS=180 fi @@ -174,13 +174,13 @@ for url in $(lxc query "/1.0/instances" | jq -r .[] | grep "${TEST_IMAGE}"); do name=$(echo "${url}" | cut -d/ -f4) # Skip busybox as it wouldn't pass any test - if [ "${DIST}" = "busybox" ]; then + if [ "${DISTRO}" = "busybox" ]; then echo "===> SKIP: Busybox is untestable" continue fi # Skip CentOS 7 VMs due to racy agent - if [ "${TYPE}" = "vm" ] && [ "${DIST}" = "centos" ] && [ "${RELEASE}" = "7" ]; then + if [ "${TYPE}" = "vm" ] && [ "${DISTRO}" = "centos" ] && [ "${RELEASE}" = "7" ]; then echo "===> SKIP: CentOS 7 has an unstable agent: ${name}" continue fi From 1eeea4a4b5bb4f37921131ffbe1de943fdfb8574 Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Wed, 1 May 2024 20:07:44 -0400 Subject: [PATCH 07/13] bin/test-image: only disable secureboot on known incompat distros Signed-off-by: Simon Deziel --- bin/test-image | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/bin/test-image b/bin/test-image index 82d439be0..e9b0a6c76 100755 --- a/bin/test-image +++ b/bin/test-image @@ -72,8 +72,14 @@ if [ "${TYPE}" = "vm" ]; then lxc init "${TEST_IMAGE}" "${TEST_IMAGE}" \ --vm \ -c limits.cpu=4 \ - -c limits.memory=4GiB \ - -c security.secureboot=false + -c limits.memory=4GiB + + # Some distros don't support secure boot. + case "${DISTRO}" in + alpine|archlinux|gentoo|nixos) + lxc config set "${TEST_IMAGE}" security.secureboot=false + ;; + esac INSTANCES="${TEST_IMAGE}" From b166b4228a85f84a66dd2f0d32740442b0eb7865 Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Wed, 1 May 2024 20:17:32 -0400 Subject: [PATCH 08/13] bin/test-image: no need to copy image files around While copying even 1GiB worth of a desktop VM image is quick, it wastes disks and is not needed as `lxc image import` is only reading from the source files. Signed-off-by: Simon Deziel --- bin/test-image | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/bin/test-image b/bin/test-image index e9b0a6c76..386492e25 100755 --- a/bin/test-image +++ b/bin/test-image @@ -37,11 +37,11 @@ mkdir -p "${TEST_DIR}" echo "==> Fetching the image" if [ "${TYPE}" = "container" ]; then - cp "${TARGET}/lxd.tar.xz" "${TEST_DIR}/meta" - cp "${TARGET}/rootfs.squashfs" "${TEST_DIR}/root" + TEST_IMAGE_META="${TARGET}/lxd.tar.xz" + TEST_IMAGE_ROOT="${TARGET}/rootfs.squashfs" elif [ "${TYPE}" = "vm" ]; then - cp "${TARGET}/lxd.tar.xz" "${TEST_DIR}/meta" - cp "${TARGET}/disk.qcow2" "${TEST_DIR}/root" + TEST_IMAGE_META="${TARGET}/lxd.tar.xz" + TEST_IMAGE_ROOT="${TARGET}/disk.qcow2" else echo "==> FAIL: Invalid instance type '${TYPE}'. Valid types: [container, vm]" exit 1 @@ -64,7 +64,7 @@ cleanup() { FAIL=1 trap cleanup EXIT HUP INT TERM -lxc image import "${TEST_DIR}/meta" "${TEST_DIR}/root" --alias "${TEST_IMAGE}" +lxc image import "${TEST_IMAGE_META}" "${TEST_IMAGE_ROOT}" --alias "${TEST_IMAGE}" echo "==> Creating the instances" INSTANCES="" From 96864ff2c13e33dbbb6aa344750d23d0d739d1cd Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Wed, 1 May 2024 20:22:52 -0400 Subject: [PATCH 09/13] bin/test-image: improve systemd detection https://www.freedesktop.org/software/systemd/man/latest/sd_booted.html: > Internally, this function checks whether the directory /run/systemd/system/ > exists. A simple check like this can also be implemented trivially in shell > or any other language. Signed-off-by: Simon Deziel --- bin/test-image | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/test-image b/bin/test-image index 386492e25..d0fcd317c 100755 --- a/bin/test-image +++ b/bin/test-image @@ -192,7 +192,7 @@ for url in $(lxc query "/1.0/instances" | jq -r .[] | grep "${TEST_IMAGE}"); do fi # Systemd cleanliness. - if lxc exec "${name}" -- sh -c "type systemctl" >/dev/null 2>&1; then + if lxc exec "${name}" -- test -d /run/systemd/system/; then if lxc exec "${name}" -- systemctl --failed 2>&1 | grep -q '\sfailed\s'; then echo "===> FAIL: systemd clean: ${name}" From 4fdba9e00c1a9b1d1e317a79b12aba476eb0f777 Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Wed, 1 May 2024 20:32:29 -0400 Subject: [PATCH 10/13] bin/test-image: improve grep patterns Signed-off-by: Simon Deziel --- bin/test-image | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/bin/test-image b/bin/test-image index d0fcd317c..3207e1d35 100755 --- a/bin/test-image +++ b/bin/test-image @@ -193,7 +193,7 @@ for url in $(lxc query "/1.0/instances" | jq -r .[] | grep "${TEST_IMAGE}"); do # Systemd cleanliness. if lxc exec "${name}" -- test -d /run/systemd/system/; then - if lxc exec "${name}" -- systemctl --failed 2>&1 | grep -q '\sfailed\s'; then + if lxc exec "${name}" -- systemctl --failed 2>&1 | grep -qwF 'failed'; then echo "===> FAIL: systemd clean: ${name}" # Show the systemd failures. @@ -224,7 +224,7 @@ for url in $(lxc query "/1.0/instances" | jq -r .[] | grep "${TEST_IMAGE}"); do fi # IPv4 address - if echo "${address}" | grep "\." -q; then + if echo "${address}" | grep -qF "."; then echo "===> PASS: IPv4 address: ${name}" else echo "===> FAIL: IPv4 address: ${name}" @@ -232,7 +232,7 @@ for url in $(lxc query "/1.0/instances" | jq -r .[] | grep "${TEST_IMAGE}"); do fi # IPv6 address - if echo "${address}" | grep ":" -q; then + if echo "${address}" | grep -qF ":"; then echo "===> PASS: IPv6 address: ${name}" else echo "===> FAIL: IPv6 address: ${name}" @@ -288,7 +288,7 @@ for i in $(seq 10); do STOPPED=1 break else - COUNT="$(lxc list "${TEST_IMAGE}" | grep -c RUNNING)" + COUNT="$(lxc list -f csv -c n,s "${TEST_IMAGE}" | grep -cw 'RUNNING$')" if [ "${COUNT}" = "0" ]; then STOPPED=1 break From ce43865b8fcf672234fbb71b5d2fc87d3386acd4 Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Wed, 1 May 2024 20:34:51 -0400 Subject: [PATCH 11/13] bin/test-image: use _ for unused loop vars Signed-off-by: Simon Deziel --- bin/test-image | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/test-image b/bin/test-image index 3207e1d35..528ef9742 100755 --- a/bin/test-image +++ b/bin/test-image @@ -241,7 +241,7 @@ for url in $(lxc query "/1.0/instances" | jq -r .[] | grep "${TEST_IMAGE}"); do # DNS resolution DNS=0 - for i in $(seq 3); do + for _ in $(seq 3); do if lxc exec "${name}" -- getent hosts canonical.com >/dev/null 2>&1; then DNS=1 break @@ -282,7 +282,7 @@ done # Check that all instances can be stopped. echo "==> Performing shutdown test" STOPPED=0 -for i in $(seq 10); do +for _ in $(seq 10); do # shellcheck disable=SC2086 if lxc stop ${INSTANCES} --timeout=30 >/dev/null 2>&1; then STOPPED=1 From 9d88f289b001b34f057469bba1ef89bc5cf74c74 Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Wed, 1 May 2024 19:54:42 -0400 Subject: [PATCH 12/13] github: add quotes around variable Signed-off-by: Simon Deziel --- .github/actions/image-test/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/image-test/action.yml b/.github/actions/image-test/action.yml index b8c7c803b..f0f3060de 100644 --- a/.github/actions/image-test/action.yml +++ b/.github/actions/image-test/action.yml @@ -36,7 +36,7 @@ runs: echo "==> TEST: ${TEST_ID}" VIRT_ENABLED=$(lxc query /1.0 | jq '.environment.driver | contains("qemu")') - if [ ${TYPE} = "vm" ] && [ "${VIRT_ENABLED}" != "true" ]; then + if [ "${TYPE}" = "vm" ] && [ "${VIRT_ENABLED}" != "true" ]; then echo "==> FAIL: Virtualization is not supported" exit 1 fi From 245ea90d5888e75c0ef96c5d949a879f28c7b1d9 Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Wed, 1 May 2024 20:41:31 -0400 Subject: [PATCH 13/13] github: more elegantly report image-test failures Previously, a failure from `./bin/test-image` would abort immediatly due to `set -e`. Now, we get a chance of echo'ing that it failed. Signed-off-by: Simon Deziel --- .github/actions/image-test/action.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/actions/image-test/action.yml b/.github/actions/image-test/action.yml index f0f3060de..dbfa3eebc 100644 --- a/.github/actions/image-test/action.yml +++ b/.github/actions/image-test/action.yml @@ -41,12 +41,10 @@ runs: exit 1 fi - ./bin/test-image "${TYPE}" "${DISTRO}" "${RELEASE}" "${VARIANT}" "${TARGET}" - - if [ "$?" = "0" ]; then + if ./bin/test-image "${TYPE}" "${DISTRO}" "${RELEASE}" "${VARIANT}" "${TARGET}"; then echo "==> PASS: ${TEST_ID}" exit 0 fi echo "==> FAIL: ${TEST_ID}" - exit 0 + exit 1