diff --git a/lib/src/cli.rs b/lib/src/cli.rs index 8fcc90c6a..d1a181fcb 100644 --- a/lib/src/cli.rs +++ b/lib/src/cli.rs @@ -2,7 +2,6 @@ //! //! Command line tool to manage bootable ostree-based containers. -use anyhow::Ok; use anyhow::{Context, Result}; use camino::Utf8PathBuf; use cap_std_ext::cap_std; @@ -176,6 +175,10 @@ pub(crate) enum TestingOpts { image: String, blockdev: Utf8PathBuf, }, + // Test set of lints on ostree container + TestBuildLint { + image: String, + }, #[clap(name = "verify-selinux")] VerifySELinux { root: String, @@ -624,7 +627,8 @@ fn lint() -> Result<()> { } let root = cap_std::fs::Dir::open_ambient_dir("/", cap_std::ambient_authority())?; - ostree_ext::bootabletree::find_kernel_dir_fs(&root)?; + let result = ostree_ext::bootabletree::find_kernel_dir_fs(&root)?; + tracing::debug!("Found kernel: {:?}", result); return Ok(()); } @@ -749,3 +753,21 @@ fn test_parse_generator() { Opt::Internals(InternalsOpts::SystemdGenerator { .. }) )); } + +#[test] +fn test_linting() { + // linting should only occur in side of a container. + match ostree_ext::container_utils::is_ostree_container() { + Ok(result) => { + if !result { + let expected_error_message = "Not in a ostree container, this command only verifies ostree containers."; + + let result = lint(); + assert_eq!(result.err().unwrap().to_string(), expected_error_message, "Error message mismatch"); + } + + }, + Err(_) =>{ + } + } +} \ No newline at end of file diff --git a/lib/src/privtests.rs b/lib/src/privtests.rs index ea56c077d..05fb26a9c 100644 --- a/lib/src/privtests.rs +++ b/lib/src/privtests.rs @@ -9,7 +9,6 @@ use cap_std_ext::cap_std::fs::Dir; use fn_error_context::context; use rustix::fd::AsFd; use xshell::{cmd, Shell}; - use crate::blockdev::LoopbackDevice; use crate::install::config::InstallConfiguration; @@ -196,6 +195,37 @@ fn verify_selinux_recurse(root: &Dir, path: &mut PathBuf, warn: bool) -> Result< Ok(()) } +#[context("Container tests")] +fn test_build_lint(image: &str) -> Result<()> { + + let sh = Shell::new()?; + + // Smoke test of build_lint + let _test_1_result = cmd!(sh, "podman run --rm --privileged --pid=host --env=RUST_LOG -v /usr/bin/bootc:/usr/bin/bootc {image} bootc build-lint").run(); + + // Setup for multiple kernels lint test + cmd!(sh, "podman run -dt --name test --privileged --pid=host --env=RUST_LOG -v /usr/bin/bootc:/usr/bin/bootc {image} bash").run()?; + let kernel_name = cmd!(sh, "podman exec test bash -c 'ls /usr/lib/modules | tail -n -1'" ).read()?; + Command::new("podman") + .arg("exec") + .arg("test") + .arg("bash") + .arg("-c") + .arg(format!("sudo cp -r /usr/lib/modules/{} /usr/lib/modules/delete-me", kernel_name)) + .output()?; + let more_then_one_kernel_result = cmd!(sh, "podman exec test bash -c 'bootc build-lint'").read_stderr(); + // Container Cleanup + cmd!(sh, "podman rm -f test").run()?; + + _test_1_result?; + if let Err(e) = more_then_one_kernel_result { + assert!(e.to_string().contains("bootc build-lint")); + } else { + assert!(false, "Expected error, got none"); + } + Ok(()) +} + pub(crate) async fn run(opts: TestingOpts) -> Result<()> { match opts { TestingOpts::RunPrivilegedIntegration {} => { @@ -221,5 +251,9 @@ pub(crate) async fn run(opts: TestingOpts) -> Result<()> { tokio::task::spawn_blocking(move || verify_selinux_recurse(&rootfs, &mut path, warn)) .await? } + TestingOpts::TestBuildLint { image } => { + tokio::task::spawn_blocking(move || test_build_lint(&image)).await? + } + } }