From 8f169eea272e43794aa1f8d63d14b560b7eda6aa Mon Sep 17 00:00:00 2001 From: Dalibor Kricka Date: Fri, 15 Aug 2025 13:05:52 +0200 Subject: [PATCH 1/6] cmd/create, cmd/run: Warning message when using non-Toolbx image Prompt users if they want to continue creating or running a Toolbox container with an image that is not Toolbox-verified. Verified images are guaranteed to work with Toolbx because they were previously tested. Such an image contains at least one of these labels (see https://containertoolbx.org/doc/): - com.github.containers.toolbox="true" - com.github.debarshiray.toolbox="true" https://github.com/containers/toolbox/issues/1622 --- src/cmd/create.go | 11 +++++++++++ src/cmd/run.go | 19 +++++++++++++++++++ 2 files changed, 30 insertions(+) diff --git a/src/cmd/create.go b/src/cmd/create.go index 531721b60..de40626ac 100644 --- a/src/cmd/create.go +++ b/src/cmd/create.go @@ -241,6 +241,17 @@ func createContainer(container, image, release, authFile string, showCommandToEn } } + if !rootFlags.assumeYes { + if isToolboxImage, err := podman.IsToolboxImage(imageFull); err != nil { + return fmt.Errorf("failed to verify image compatibility: %w", err) + } else if !isToolboxImage { + prompt := fmt.Sprintf("Image '%s' is not a Toolbx image and may not work properly (see https://containertoolbx.org/doc/). Continue anyway? [y/N]:", imageFull) + if !askForConfirmation(prompt) { + return nil + } + } + } + var toolbxDelayEntryPointEnv []string if toolbxDelayEntryPoint, ok := os.LookupEnv("TOOLBX_DELAY_ENTRY_POINT"); ok { diff --git a/src/cmd/run.go b/src/cmd/run.go index 389ea1615..3bcfbd853 100644 --- a/src/cmd/run.go +++ b/src/cmd/run.go @@ -183,6 +183,8 @@ func runCommand(container string, } } + checkImageCompatibility := true + logrus.Debugf("Checking if container %s exists", container) if _, err := podman.ContainerExists(container); err != nil { @@ -225,6 +227,10 @@ func runCommand(container string, if err := createContainer(container, image, release, "", false); err != nil { return err } + + // set to false -> check was already made when creating container during toolbx enter + checkImageCompatibility = false + } else if containersCount == 1 && defaultContainer { fmt.Fprintf(os.Stderr, "Error: container %s not found\n", container) @@ -249,6 +255,19 @@ func runCommand(container string, return fmt.Errorf("failed to inspect container %s", container) } + if checkImageCompatibility && !rootFlags.assumeYes { + imageFull := containerObj.Image() + + if isToolboxImage, err := podman.IsToolboxImage(imageFull); err != nil { + logrus.Debugf("Failed to verify image '%s' compatibility for container '%s': %s", imageFull, container, err) + } else if !isToolboxImage { + prompt := fmt.Sprintf("Container '%s' uses a non-Toolbx image '%s' and may not work properly (see https://containertoolbx.org/doc/). Continue anyway? [y/N]:", container, imageFull) + if !askForConfirmation(prompt) { + return nil + } + } + } + entryPoint := containerObj.EntryPoint() entryPointPID := containerObj.EntryPointPID() logrus.Debugf("Entry point of container %s is %s (PID=%d)", container, entryPoint, entryPointPID) From ada55ebc2eacddd02d53e0566fcdb74dca3da105 Mon Sep 17 00:00:00 2001 From: Dalibor Kricka Date: Fri, 15 Aug 2025 13:11:29 +0200 Subject: [PATCH 2/6] pkg/podman/podman, cmd/rmi: Change return values of IsToolboxImage() The original version of the IsToolboxImage() function in pkg/podman/podman.go returned an error when an image was not compatible with Toolbx. The new version returns 'false' without error on a non-Toolbx container, so it can be distinguished when the image inspection actually fails. This new behavior is used in detecting such images when creating or running Toolbx containers: f06a819 --- src/cmd/rmi.go | 5 ++++- src/pkg/podman/podman.go | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/src/cmd/rmi.go b/src/cmd/rmi.go index f10b33da2..50bcffef3 100644 --- a/src/cmd/rmi.go +++ b/src/cmd/rmi.go @@ -90,9 +90,12 @@ func rmi(cmd *cobra.Command, args []string) error { } for _, image := range args { - if _, err := podman.IsToolboxImage(image); err != nil { + if isToolboxImage, err := podman.IsToolboxImage(image); err != nil { fmt.Fprintf(os.Stderr, "Error: %s\n", err) continue + } else if !isToolboxImage { + fmt.Fprintf(os.Stderr, "Error: %s is not a Toolbx image\n", image) + continue } if err := podman.RemoveImage(image, rmiFlags.forceDelete); err != nil { diff --git a/src/pkg/podman/podman.go b/src/pkg/podman/podman.go index 4711b8b5c..297e903b0 100644 --- a/src/pkg/podman/podman.go +++ b/src/pkg/podman/podman.go @@ -352,12 +352,12 @@ func IsToolboxImage(image string) (bool, error) { } if info["Labels"] == nil { - return false, fmt.Errorf("%s is not a Toolbx image", image) + return false, nil } labels := info["Labels"].(map[string]interface{}) if labels["com.github.containers.toolbox"] != "true" && labels["com.github.debarshiray.toolbox"] != "true" { - return false, fmt.Errorf("%s is not a Toolbx image", image) + return false, nil } return true, nil From d516223346af1dab1525de5108e14f463b2a078c Mon Sep 17 00:00:00 2001 From: Dalibor Kricka Date: Fri, 15 Aug 2025 13:18:14 +0200 Subject: [PATCH 3/6] test/system: Added test cases for non-Toolbx image usage warning Test cases for non-Toolbx image usage warning added in the commit f06a819 --- test/system/101-create.bats | 53 +++++++++++++++++++++++++++++++++++ test/system/104-run.bats | 47 +++++++++++++++++++++++++++++++ test/system/105-enter.bats | 47 +++++++++++++++++++++++++++++++ test/system/libs/helpers.bash | 37 ++++++++++++++++++++++++ 4 files changed, 184 insertions(+) diff --git a/test/system/101-create.bats b/test/system/101-create.bats index db7c7651e..689bc604b 100644 --- a/test/system/101-create.bats +++ b/test/system/101-create.bats @@ -1009,3 +1009,56 @@ teardown() { assert [ ${#lines[@]} -eq 2 ] assert [ ${#stderr_lines[@]} -eq 0 ] } + +@test "create: With a non-Toolbx image and prompt for confirmation - Yes" { + image="$(build_non_toolbx_image)" + containerName="test-container-non-toolbx" + + run --keep-empty-lines --separate-stderr "$TOOLBX" create --image "$image" "$containerName" <<< "y" + + assert_success + assert_line --index 0 "Image '$image' is not a Toolbx image and may not work properly (see https://containertoolbx.org/doc/). Continue anyway? [y/N]: Created container: $containerName" + assert_line --index 1 "Enter with: toolbox enter $containerName" + assert [ ${#lines[@]} -eq 2 ] + assert [ ${#stderr_lines[@]} -eq 0 ] + + run podman ps --all + + assert_success + assert_output --regexp "Created[[:blank:]]+$containerName" +} + +@test "create: With a non-Toolbx image and prompt for confirmation - No" { + image="$(build_non_toolbx_image)" + containerName="test-container-non-toolbx" + + run --keep-empty-lines --separate-stderr "$TOOLBX" create --image "$image" "$containerName" <<< "n" + + assert_success + assert_line --index 0 "Image '$image' is not a Toolbx image and may not work properly (see https://containertoolbx.org/doc/). Continue anyway? [y/N]: " + assert [ ${#lines[@]} -eq 1 ] + assert [ ${#stderr_lines[@]} -eq 0 ] + + run podman ps --all + + assert_success + assert [ ${#lines[@]} -eq 1 ] +} + +@test "create: With a non-Toolbx image and prompt for confirmation - assumeyes" { + image="$(build_non_toolbx_image)" + containerName="test-container-non-toolbx" + + run --keep-empty-lines --separate-stderr "$TOOLBX" create --assumeyes --image "$image" "$containerName" + + assert_success + assert_line --index 0 "Created container: $containerName" + assert_line --index 1 "Enter with: toolbox enter $containerName" + assert [ ${#lines[@]} -eq 2 ] + assert [ ${#stderr_lines[@]} -eq 0 ] + + run podman ps --all + + assert_success + assert_output --regexp "Created[[:blank:]]+$containerName" +} diff --git a/test/system/104-run.bats b/test/system/104-run.bats index 3883deeb5..32d18b4de 100644 --- a/test/system/104-run.bats +++ b/test/system/104-run.bats @@ -863,3 +863,50 @@ teardown() { assert_line --index 1 "Recreate it with Toolbx version 0.0.17 or newer." assert [ ${#stderr_lines[@]} -eq 2 ] } + +@test "run: With a non-Toolbx image and prompt for confirmation - Yes" { + containerName="test-container-non-toolbx" + image="$(build_non_toolbx_image)" + + create_image_container "$image" "$containerName" + + run --keep-empty-lines --separate-stderr "$TOOLBX" run --container "$containerName" true <<< "y" + + assert_failure + assert_line --index 0 "Container '$containerName' uses a non-Toolbx image '$image' and may not work properly (see https://containertoolbx.org/doc/). Continue anyway? [y/N]: " + assert [ ${#lines[@]} -eq 1 ] + + lines=("${stderr_lines[@]}") + assert_line --index 0 "Error: failed to start container $containerName" + assert [ ${#stderr_lines[@]} -eq 1 ] +} + +@test "run: With a non-Toolbx image and prompt for confirmation - No" { + containerName="test-container-non-toolbx" + image="$(build_non_toolbx_image)" + + create_image_container "$image" "$containerName" + + run --keep-empty-lines --separate-stderr "$TOOLBX" run --container "$containerName" true <<< "n" + + assert_success + assert_line --index 0 "Container '$containerName' uses a non-Toolbx image '$image' and may not work properly (see https://containertoolbx.org/doc/). Continue anyway? [y/N]: " + assert [ ${#lines[@]} -eq 1 ] + assert [ ${#stderr_lines[@]} -eq 0 ] +} + +@test "run: With a non-Toolbx image and prompt for confirmation - assumeyes" { + containerName="test-container-non-toolbx" + image="$(build_non_toolbx_image)" + + create_image_container "$image" "$containerName" + + run --keep-empty-lines --separate-stderr "$TOOLBX" --assumeyes run --container "$containerName" true + + assert_failure + assert [ ${#lines[@]} -eq 0 ] + + lines=("${stderr_lines[@]}") + assert_line --index 0 "Error: failed to start container $containerName" + assert [ ${#stderr_lines[@]} -eq 1 ] +} diff --git a/test/system/105-enter.bats b/test/system/105-enter.bats index 6ff900e47..c56e7449a 100644 --- a/test/system/105-enter.bats +++ b/test/system/105-enter.bats @@ -147,6 +147,53 @@ teardown() { assert [ ${#lines[@]} -eq 3 ] } +@test "enter: With a non-Toolbx image and prompt for confirmation - Yes" { + containerName="test-container-non-toolbx" + image="$(build_non_toolbx_image)" + + create_image_container "$image" "$containerName" + + run --keep-empty-lines --separate-stderr "$TOOLBX" enter --container "$containerName" <<< "y" + + assert_failure + assert_line --index 0 "Container '$containerName' uses a non-Toolbx image '$image' and may not work properly (see https://containertoolbx.org/doc/). Continue anyway? [y/N]: " + assert [ ${#lines[@]} -eq 1 ] + + lines=("${stderr_lines[@]}") + assert_line --index 0 "Error: failed to start container $containerName" + assert [ ${#stderr_lines[@]} -eq 1 ] +} + +@test "enter: With a non-Toolbx image and prompt for confirmation - No" { + containerName="test-container-non-toolbx" + image="$(build_non_toolbx_image)" + + create_image_container "$image" "$containerName" + + run --keep-empty-lines --separate-stderr "$TOOLBX" enter --container "$containerName" <<< "n" + + assert_success + assert_line --index 0 "Container '$containerName' uses a non-Toolbx image '$image' and may not work properly (see https://containertoolbx.org/doc/). Continue anyway? [y/N]: " + assert [ ${#lines[@]} -eq 1 ] + assert [ ${#stderr_lines[@]} -eq 0 ] +} + +@test "enter: With a non-Toolbx image and prompt for confirmation - assumeyes" { + containerName="test-container-non-toolbx" + image="$(build_non_toolbx_image)" + + create_image_container "$image" "$containerName" + + run --keep-empty-lines --separate-stderr "$TOOLBX" --assumeyes enter --container "$containerName" + + assert_failure + assert [ ${#lines[@]} -eq 0 ] + + lines=("${stderr_lines[@]}") + assert_line --index 0 "Error: failed to start container $containerName" + assert [ ${#stderr_lines[@]} -eq 1 ] +} + # TODO: Write the test @test "enter: Enter the default Toolbx" { skip "Testing of entering Toolbxes is not implemented" diff --git a/test/system/libs/helpers.bash b/test/system/libs/helpers.bash index 33b42eaf6..4446eb3bc 100644 --- a/test/system/libs/helpers.bash +++ b/test/system/libs/helpers.bash @@ -255,6 +255,25 @@ function build_image_without_name() { } +function build_non_toolbx_image() { + local image_name="localhost/non-toolbx:test-$$" + + echo -e "FROM scratch\n\nLABEL test=\"non-toolbx\"" > "$BATS_TEST_TMPDIR"/Containerfile + + run podman build --quiet --tag "$image_name" "$BATS_TEST_TMPDIR" + + assert_success + assert_line --index 0 --regexp "^[a-f0-9]{64}$" + + # shellcheck disable=SC2154 + assert [ ${#lines[@]} -eq 1 ] + + rm -f "$BATS_TEST_TMPDIR"/Containerfile + + echo "$image_name" +} + + function check_bats_version() { local required_version required_version="$1" @@ -422,6 +441,24 @@ function create_default_container() { } +# Creates a container with specific name and image +# +# Parameters: +# =========== +# - image - name of the image +# - container_name - name of the container +function create_image_container() { + local image + local container_name + + image="$1" + container_name="$2" + + "$TOOLBX" --assumeyes create --container "${container_name}" --image "${image}" >/dev/null \ + || fail "Toolbx couldn't create container '$container_name'" +} + + function start_container() { local container_name container_name="$1" From e7bef55c47f143719879ef03873a0d98144f711f Mon Sep 17 00:00:00 2001 From: Dalibor Kricka Date: Thu, 4 Sep 2025 12:53:22 +0200 Subject: [PATCH 4/6] pkg/podman/podman: Add DoesImageFulfillRequirements() function Add unified image validation function that checks multiple compatibility requirements including Toolbx labels, LD_PRELOAD environment variable, and image entrypoint. Returns boolean compatibility status along with detailed warning messages for any detected issues. Signed-off-by: Dalibor Kricka --- src/pkg/podman/podman.go | 103 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 103 insertions(+) diff --git a/src/pkg/podman/podman.go b/src/pkg/podman/podman.go index 297e903b0..643b4bbad 100644 --- a/src/pkg/podman/podman.go +++ b/src/pkg/podman/podman.go @@ -24,6 +24,7 @@ import ( "fmt" "io" "strconv" + "strings" "time" "github.com/HarryMichal/go-version" @@ -363,6 +364,73 @@ func IsToolboxImage(image string) (bool, error) { return true, nil } +func IsLDPRELOADEnvSet(image string) (bool, error) { + info, err := InspectImage(image) + if err != nil { + return false, fmt.Errorf("failed to inspect image %s: %s", image, err) + } + + if info["Config"] == nil { + return false, nil + } + + config := info["Config"].(map[string]interface{}) + if config["Env"] == nil { + return false, nil + } + + env := config["Env"] + switch envVars := env.(type) { + case []interface{}: + for _, envVar := range envVars { + if envVarStr, ok := envVar.(string); ok { + envVarStrTrimmed := strings.TrimSpace(envVarStr) + if strings.HasPrefix(envVarStrTrimmed, "LD_PRELOAD=") { + return true, nil + } + } + } + case []string: + for _, envVar := range envVars { + envVarTrimmed := strings.TrimSpace(envVar) + if strings.HasPrefix(envVarTrimmed, "LD_PRELOAD=") { + return true, nil + } + } + default: + return false, fmt.Errorf("unexpected type '%T' of environment variables in image %s", env, image) + } + + return false, nil +} + +func HasImageEntrypoint(image string) (bool, error) { + info, err := InspectImage(image) + if err != nil { + return false, fmt.Errorf("failed to inspect image %s: %s", image, err) + } + + if info["Config"] == nil { + return false, nil + } + + config := info["Config"].(map[string]interface{}) + if config["Entrypoint"] == nil { + return false, nil + } + + entrypoint := config["Entrypoint"] + + switch ep := entrypoint.(type) { + case []interface{}: + return len(ep) > 0, nil + case []string: + return len(ep) > 0, nil + default: + return false, fmt.Errorf("unexpected type '%T' of entrypoint of image %s", entrypoint, image) + } +} + func Logs(container string, since time.Time, stderr io.Writer) error { ctx := context.Background() err := LogsContext(ctx, container, false, since, stderr) @@ -506,3 +574,38 @@ func SystemMigrate(ociRuntimeRequired string) error { return nil } + +func DoesImageFulfillRequirements(image string) (bool, string, error) { + var warnings []string + + isToolboxImage, err := IsToolboxImage(image) + if err != nil { + return false, "", fmt.Errorf("failed to verify image compatibility: %w", err) + } + if !isToolboxImage { + warnings = append(warnings, fmt.Sprintf("Warning: Image '%s' does not contain either of the labels 'com.github.containers.toolbox=true' and 'com.github.debarshiray.toolbox=true'", image)) + } + + isLDPRELOADEnvSet, err := IsLDPRELOADEnvSet(image) + if err != nil { + return false, "", fmt.Errorf("failed to validate LD_PRELOAD variable settings: %w", err) + } + if isLDPRELOADEnvSet { + warnings = append(warnings, fmt.Sprintf("Warning: Image '%s' has environment variable LD_PRELOAD set, which may cause container vulnerability (Container Escape)", image)) + } + + hasEntrypoint, err := HasImageEntrypoint(image) + if err != nil { + return false, "", fmt.Errorf("failed to check image entrypoint: %w", err) + } + if hasEntrypoint { + warnings = append(warnings, fmt.Sprintf("Warning: Image '%s' has an entrypoint defined", image)) + } + + if len(warnings) > 0 { + warningMessage := strings.Join(warnings, "\n") + return false, warningMessage, nil + } + + return true, "", nil +} From dfaed7060f0478dabd11b01a7a41028b2e5fbe7a Mon Sep 17 00:00:00 2001 From: Dalibor Kricka Date: Thu, 4 Sep 2025 12:57:03 +0200 Subject: [PATCH 5/6] cmd/create, cmd/run: Warning message when using non-Toolbx image Display compatibility warnings for images that don't meet Toolbx requirements. Only prompt for confirmation when assumeyes is not set. Update both create and run commands to use unified DoesImageFulfillRequirements() function inctroduced in commit e7bef55. Signed-off-by: Dalibor Kricka --- src/cmd/create.go | 17 +++++++++-------- src/cmd/run.go | 19 +++++++++---------- 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/src/cmd/create.go b/src/cmd/create.go index de40626ac..6de0ac4b0 100644 --- a/src/cmd/create.go +++ b/src/cmd/create.go @@ -241,14 +241,15 @@ func createContainer(container, image, release, authFile string, showCommandToEn } } - if !rootFlags.assumeYes { - if isToolboxImage, err := podman.IsToolboxImage(imageFull); err != nil { - return fmt.Errorf("failed to verify image compatibility: %w", err) - } else if !isToolboxImage { - prompt := fmt.Sprintf("Image '%s' is not a Toolbx image and may not work properly (see https://containertoolbx.org/doc/). Continue anyway? [y/N]:", imageFull) - if !askForConfirmation(prompt) { - return nil - } + isImageCompatible, warningMessage, err := podman.DoesImageFulfillRequirements(imageFull) + if err != nil { + return fmt.Errorf("%w", err) + } + + if !isImageCompatible { + fmt.Fprintf(os.Stderr, "%s\n", warningMessage) + if !rootFlags.assumeYes && !askForConfirmation("One or more of the image's requirements are not met. Continue anyway? [y/N]:") { + return nil } } diff --git a/src/cmd/run.go b/src/cmd/run.go index 3bcfbd853..fbc04e034 100644 --- a/src/cmd/run.go +++ b/src/cmd/run.go @@ -255,16 +255,15 @@ func runCommand(container string, return fmt.Errorf("failed to inspect container %s", container) } - if checkImageCompatibility && !rootFlags.assumeYes { - imageFull := containerObj.Image() - - if isToolboxImage, err := podman.IsToolboxImage(imageFull); err != nil { - logrus.Debugf("Failed to verify image '%s' compatibility for container '%s': %s", imageFull, container, err) - } else if !isToolboxImage { - prompt := fmt.Sprintf("Container '%s' uses a non-Toolbx image '%s' and may not work properly (see https://containertoolbx.org/doc/). Continue anyway? [y/N]:", container, imageFull) - if !askForConfirmation(prompt) { - return nil - } + isImageCompatible, warningMessage, err := podman.DoesImageFulfillRequirements(containerObj.Image()) + if err != nil { + return fmt.Errorf("%w", err) + } + + if !isImageCompatible && checkImageCompatibility { + fmt.Fprintf(os.Stderr, "%s\n", warningMessage) + if !rootFlags.assumeYes && !askForConfirmation("One or more of the image's requirements are not met. Continue anyway? [y/N]:") { + return nil } } From c9215d4bc64f3e84ab1df07c20185f2051863c9e Mon Sep 17 00:00:00 2001 From: Dalibor Kricka Date: Thu, 4 Sep 2025 13:06:10 +0200 Subject: [PATCH 6/6] test/system: Added test cases for non-Toolbx image usage warning Add test coverage for image compatibility warnings displayed during container creation and execution with various image types. dfaed70 Signed-off-by: Dalibor Kricka --- test/system/101-create.bats | 217 ++++++++++++++++++++++++++++++++-- test/system/104-run.bats | 179 +++++++++++++++++++++++++++- test/system/105-enter.bats | 179 +++++++++++++++++++++++++++- test/system/libs/helpers.bash | 78 +++++++++++- 4 files changed, 628 insertions(+), 25 deletions(-) diff --git a/test/system/101-create.bats b/test/system/101-create.bats index 689bc604b..a2d99a1fc 100644 --- a/test/system/101-create.bats +++ b/test/system/101-create.bats @@ -1017,10 +1017,13 @@ teardown() { run --keep-empty-lines --separate-stderr "$TOOLBX" create --image "$image" "$containerName" <<< "y" assert_success - assert_line --index 0 "Image '$image' is not a Toolbx image and may not work properly (see https://containertoolbx.org/doc/). Continue anyway? [y/N]: Created container: $containerName" - assert_line --index 1 "Enter with: toolbox enter $containerName" + assert_line --index 0 "${MSG_CONFIRMATION_PROMPT}$(created_container_message "$containerName")" + assert_line --index 1 "$(enter_with_message "$containerName")" assert [ ${#lines[@]} -eq 2 ] - assert [ ${#stderr_lines[@]} -eq 0 ] + + lines=("${stderr_lines[@]}") + assert_line --index 0 "$(warning_non_toolbx_image "$image")" + assert [ ${#stderr_lines[@]} -eq 1 ] run podman ps --all @@ -1035,9 +1038,12 @@ teardown() { run --keep-empty-lines --separate-stderr "$TOOLBX" create --image "$image" "$containerName" <<< "n" assert_success - assert_line --index 0 "Image '$image' is not a Toolbx image and may not work properly (see https://containertoolbx.org/doc/). Continue anyway? [y/N]: " + assert_line --index 0 "${MSG_CONFIRMATION_PROMPT}" assert [ ${#lines[@]} -eq 1 ] - assert [ ${#stderr_lines[@]} -eq 0 ] + + lines=("${stderr_lines[@]}") + assert_line --index 0 "$(warning_non_toolbx_image "$image")" + assert [ ${#stderr_lines[@]} -eq 1 ] run podman ps --all @@ -1052,10 +1058,205 @@ teardown() { run --keep-empty-lines --separate-stderr "$TOOLBX" create --assumeyes --image "$image" "$containerName" assert_success - assert_line --index 0 "Created container: $containerName" - assert_line --index 1 "Enter with: toolbox enter $containerName" + assert_line --index 0 "$(created_container_message "$containerName")" + assert_line --index 1 "$(enter_with_message "$containerName")" assert [ ${#lines[@]} -eq 2 ] - assert [ ${#stderr_lines[@]} -eq 0 ] + + lines=("${stderr_lines[@]}") + assert_line --index 0 "$(warning_non_toolbx_image "$image")" + assert [ ${#stderr_lines[@]} -eq 1 ] + + run podman ps --all + + assert_success + assert_output --regexp "Created[[:blank:]]+$containerName" +} + +@test "create: With an image with LD_PRELOAD set and prompt for confirmation - Yes" { + containerName="test-container-ld-preload" + image="$(build_image_with_ld_preload)" + + run --keep-empty-lines --separate-stderr "$TOOLBX" create --image "$image" "$containerName" <<< "y" + + assert_success + assert_line --index 0 "${MSG_CONFIRMATION_PROMPT}$(created_container_message "$containerName")" + assert_line --index 1 "$(enter_with_message "$containerName")" + assert [ ${#lines[@]} -eq 2 ] + + lines=("${stderr_lines[@]}") + assert_line --index 0 "$(warning_ld_preload_image "$image")" + assert [ ${#stderr_lines[@]} -eq 1 ] + + run podman ps --all + + assert_success + assert_output --regexp "Created[[:blank:]]+$containerName" +} + +@test "create: With an image with LD_PRELOAD set and prompt for confirmation - No" { + containerName="test-container-ld-preload" + image="$(build_image_with_ld_preload)" + + run --keep-empty-lines --separate-stderr "$TOOLBX" create --image "$image" "$containerName" <<< "n" + + assert_success + assert_line --index 0 "${MSG_CONFIRMATION_PROMPT}" + assert [ ${#lines[@]} -eq 1 ] + + lines=("${stderr_lines[@]}") + assert_line --index 0 "$(warning_ld_preload_image "$image")" + assert [ ${#stderr_lines[@]} -eq 1 ] + + run podman ps --all + + assert_success + assert [ ${#lines[@]} -eq 1 ] +} + +@test "create: With an image with LD_PRELOAD set and prompt for confirmation - assumeyes" { + containerName="test-container-ld-preload" + image="$(build_image_with_ld_preload)" + + run --keep-empty-lines --separate-stderr "$TOOLBX" --assumeyes create --image "$image" "$containerName" + + assert_success + assert_line --index 0 "$(created_container_message "$containerName")" + assert_line --index 1 "$(enter_with_message "$containerName")" + assert [ ${#lines[@]} -eq 2 ] + + lines=("${stderr_lines[@]}") + assert_line --index 0 "$(warning_ld_preload_image "$image")" + assert [ ${#stderr_lines[@]} -eq 1 ] + + run podman ps --all + + assert_success + assert_output --regexp "Created[[:blank:]]+$containerName" +} + +@test "create: With an image with an entrypoint set and prompt for confirmation - Yes" { + containerName="test-container-entrypoint" + image="$(build_image_with_entrypoint)" + + run --keep-empty-lines --separate-stderr "$TOOLBX" create --image "$image" "$containerName" <<< "y" + + assert_success + assert_line --index 0 "${MSG_CONFIRMATION_PROMPT}$(created_container_message "$containerName")" + assert_line --index 1 "$(enter_with_message "$containerName")" + assert [ ${#lines[@]} -eq 2 ] + + lines=("${stderr_lines[@]}") + assert_line --index 0 "$(warning_entrypoint_image "$image")" + assert [ ${#stderr_lines[@]} -eq 1 ] + + run podman ps --all + + assert_success + assert_output --regexp "Created[[:blank:]]+$containerName" +} + +@test "create: With an image with an entrypoint set and prompt for confirmation - No" { + containerName="test-container-entrypoint" + image="$(build_image_with_entrypoint)" + + run --keep-empty-lines --separate-stderr "$TOOLBX" create --image "$image" "$containerName" <<< "n" + + assert_success + assert_line --index 0 "${MSG_CONFIRMATION_PROMPT}" + assert [ ${#lines[@]} -eq 1 ] + + lines=("${stderr_lines[@]}") + assert_line --index 0 "$(warning_entrypoint_image "$image")" + assert [ ${#stderr_lines[@]} -eq 1 ] + + run podman ps --all + + assert_success + assert [ ${#lines[@]} -eq 1 ] +} + +@test "create: With an image with an entrypoint set and prompt for confirmation - assumeyes" { + containerName="test-container-entrypoint" + image="$(build_image_with_entrypoint)" + + run --keep-empty-lines --separate-stderr "$TOOLBX" --assumeyes create --image "$image" "$containerName" + + assert_success + assert_line --index 0 "$(created_container_message "$containerName")" + assert_line --index 1 "$(enter_with_message "$containerName")" + assert [ ${#lines[@]} -eq 2 ] + + lines=("${stderr_lines[@]}") + assert_line --index 0 "$(warning_entrypoint_image "$image")" + assert [ ${#stderr_lines[@]} -eq 1 ] + + run podman ps --all + + assert_success + assert_output --regexp "Created[[:blank:]]+$containerName" +} + +@test "create: With an image having all warnings and prompt for confirmation - Yes" { + containerName="test-container-all-warnings" + image="$(build_image_with_all_warnings)" + + run --keep-empty-lines --separate-stderr "$TOOLBX" create --image "$image" "$containerName" <<< "y" + + assert_success + assert_line --index 0 "${MSG_CONFIRMATION_PROMPT}$(created_container_message "$containerName")" + assert_line --index 1 "$(enter_with_message "$containerName")" + assert [ ${#lines[@]} -eq 2 ] + + lines=("${stderr_lines[@]}") + assert_line --index 0 "$(warning_non_toolbx_image "$image")" + assert_line --index 1 "$(warning_ld_preload_image "$image")" + assert_line --index 2 "$(warning_entrypoint_image "$image")" + assert [ ${#stderr_lines[@]} -eq 3 ] + + run podman ps --all + + assert_success + assert_output --regexp "Created[[:blank:]]+$containerName" +} + +@test "create: With an image having all warnings and prompt for confirmation - No" { + containerName="test-container-all-warnings" + image="$(build_image_with_all_warnings)" + + run --keep-empty-lines --separate-stderr "$TOOLBX" create --image "$image" "$containerName" <<< "n" + + assert_success + assert_line --index 0 "${MSG_CONFIRMATION_PROMPT}" + assert [ ${#lines[@]} -eq 1 ] + + lines=("${stderr_lines[@]}") + assert_line --index 0 "$(warning_non_toolbx_image "$image")" + assert_line --index 1 "$(warning_ld_preload_image "$image")" + assert_line --index 2 "$(warning_entrypoint_image "$image")" + assert [ ${#stderr_lines[@]} -eq 3 ] + + run podman ps --all + + assert_success + assert [ ${#lines[@]} -eq 1 ] +} + +@test "create: With an image having all warnings and prompt for confirmation - assumeyes" { + containerName="test-container-all-warnings" + image="$(build_image_with_all_warnings)" + + run --keep-empty-lines --separate-stderr "$TOOLBX" create --assumeyes --image "$image" "$containerName" + + assert_success + assert_line --index 0 "$(created_container_message "$containerName")" + assert_line --index 1 "$(enter_with_message "$containerName")" + assert [ ${#lines[@]} -eq 2 ] + + lines=("${stderr_lines[@]}") + assert_line --index 0 "$(warning_non_toolbx_image "$image")" + assert_line --index 1 "$(warning_ld_preload_image "$image")" + assert_line --index 2 "$(warning_entrypoint_image "$image")" + assert [ ${#stderr_lines[@]} -eq 3 ] run podman ps --all diff --git a/test/system/104-run.bats b/test/system/104-run.bats index 32d18b4de..245481d97 100644 --- a/test/system/104-run.bats +++ b/test/system/104-run.bats @@ -873,12 +873,13 @@ teardown() { run --keep-empty-lines --separate-stderr "$TOOLBX" run --container "$containerName" true <<< "y" assert_failure - assert_line --index 0 "Container '$containerName' uses a non-Toolbx image '$image' and may not work properly (see https://containertoolbx.org/doc/). Continue anyway? [y/N]: " + assert_line --index 0 "${MSG_CONFIRMATION_PROMPT}" assert [ ${#lines[@]} -eq 1 ] lines=("${stderr_lines[@]}") - assert_line --index 0 "Error: failed to start container $containerName" - assert [ ${#stderr_lines[@]} -eq 1 ] + assert_line --index 0 "$(warning_non_toolbx_image "$image")" + assert_line --index 1 "$(failed_start_error_message "$containerName")" + assert [ ${#stderr_lines[@]} -eq 2 ] } @test "run: With a non-Toolbx image and prompt for confirmation - No" { @@ -890,9 +891,12 @@ teardown() { run --keep-empty-lines --separate-stderr "$TOOLBX" run --container "$containerName" true <<< "n" assert_success - assert_line --index 0 "Container '$containerName' uses a non-Toolbx image '$image' and may not work properly (see https://containertoolbx.org/doc/). Continue anyway? [y/N]: " + assert_line --index 0 "${MSG_CONFIRMATION_PROMPT}" assert [ ${#lines[@]} -eq 1 ] - assert [ ${#stderr_lines[@]} -eq 0 ] + + lines=("${stderr_lines[@]}") + assert_line --index 0 "$(warning_non_toolbx_image "$image")" + assert [ ${#stderr_lines[@]} -eq 1 ] } @test "run: With a non-Toolbx image and prompt for confirmation - assumeyes" { @@ -907,6 +911,169 @@ teardown() { assert [ ${#lines[@]} -eq 0 ] lines=("${stderr_lines[@]}") - assert_line --index 0 "Error: failed to start container $containerName" + assert_line --index 0 "$(warning_non_toolbx_image "$image")" + assert_line --index 1 "$(failed_start_error_message "$containerName")" + assert [ ${#stderr_lines[@]} -eq 2 ] +} + +@test "run: With an image with LD_PRELOAD set and prompt for confirmation - Yes" { + containerName="test-container-ld-preload" + image="$(build_image_with_ld_preload)" + + create_image_container "$image" "$containerName" + + run --keep-empty-lines --separate-stderr "$TOOLBX" run --container "$containerName" true <<< "y" + + assert_failure + assert_line --index 0 "${MSG_CONFIRMATION_PROMPT}" + assert [ ${#lines[@]} -eq 1 ] + + lines=("${stderr_lines[@]}") + assert_line --index 0 "$(warning_ld_preload_image "$image")" + assert_line --index 1 "$(failed_start_error_message "$containerName")" + assert [ ${#stderr_lines[@]} -eq 2 ] +} + +@test "run: With an image with LD_PRELOAD set and prompt for confirmation - No" { + containerName="test-container-ld-preload" + image="$(build_image_with_ld_preload)" + + create_image_container "$image" "$containerName" + + run --keep-empty-lines --separate-stderr "$TOOLBX" run --container "$containerName" true <<< "n" + + assert_success + assert_line --index 0 "${MSG_CONFIRMATION_PROMPT}" + assert [ ${#lines[@]} -eq 1 ] + + lines=("${stderr_lines[@]}") + assert_line --index 0 "$(warning_ld_preload_image "$image")" + assert [ ${#stderr_lines[@]} -eq 1 ] +} + +@test "run: With an image with LD_PRELOAD set and prompt for confirmation - assumeyes" { + containerName="test-container-ld-preload" + image="$(build_image_with_ld_preload)" + + create_image_container "$image" "$containerName" + + run --keep-empty-lines --separate-stderr "$TOOLBX" --assumeyes run --container "$containerName" true + + assert_failure + assert [ ${#lines[@]} -eq 0 ] + + lines=("${stderr_lines[@]}") + assert_line --index 0 "$(warning_ld_preload_image "$image")" + assert_line --index 1 "$(failed_start_error_message "$containerName")" + assert [ ${#stderr_lines[@]} -eq 2 ] +} + +@test "run: With an image with an entrypoint set and prompt for confirmation - Yes" { + containerName="test-container-entrypoint" + image="$(build_image_with_entrypoint)" + + create_image_container "$image" "$containerName" + + run --keep-empty-lines --separate-stderr "$TOOLBX" run --container "$containerName" true <<< "y" + + assert_failure + assert_line --index 0 "${MSG_CONFIRMATION_PROMPT}" + assert [ ${#lines[@]} -eq 1 ] + + lines=("${stderr_lines[@]}") + assert_line --index 0 "$(warning_entrypoint_image "$image")" + assert_line --index 1 "$(failed_start_error_message "$containerName")" + assert [ ${#stderr_lines[@]} -eq 2 ] +} + +@test "run: With an image with an entrypoint set and prompt for confirmation - No" { + containerName="test-container-entrypoint" + image="$(build_image_with_entrypoint)" + + create_image_container "$image" "$containerName" + + run --keep-empty-lines --separate-stderr "$TOOLBX" run --container "$containerName" true <<< "n" + + assert_success + assert_line --index 0 "${MSG_CONFIRMATION_PROMPT}" + assert [ ${#lines[@]} -eq 1 ] + + lines=("${stderr_lines[@]}") + assert_line --index 0 "$(warning_entrypoint_image "$image")" assert [ ${#stderr_lines[@]} -eq 1 ] } + +@test "run: With an image with an entrypoint set and prompt for confirmation - assumeyes" { + containerName="test-container-entrypoint" + image="$(build_image_with_entrypoint)" + + create_image_container "$image" "$containerName" + + run --keep-empty-lines --separate-stderr "$TOOLBX" --assumeyes run --container "$containerName" true + + assert_failure + assert [ ${#lines[@]} -eq 0 ] + + lines=("${stderr_lines[@]}") + assert_line --index 0 "$(warning_entrypoint_image "$image")" + assert_line --index 1 "$(failed_start_error_message "$containerName")" + assert [ ${#stderr_lines[@]} -eq 2 ] +} + +@test "run: With an image having all warnings and prompt for confirmation - Yes" { + containerName="test-container-all-warnings" + image="$(build_image_with_all_warnings)" + + create_image_container "$image" "$containerName" + + run --keep-empty-lines --separate-stderr "$TOOLBX" run --container "$containerName" true <<< "y" + + assert_failure + assert_line --index 0 "${MSG_CONFIRMATION_PROMPT}" + assert [ ${#lines[@]} -eq 1 ] + + lines=("${stderr_lines[@]}") + assert_line --index 0 "$(warning_non_toolbx_image "$image")" + assert_line --index 1 "$(warning_ld_preload_image "$image")" + assert_line --index 2 "$(warning_entrypoint_image "$image")" + assert_line --index 3 "$(failed_start_error_message "$containerName")" + assert [ ${#stderr_lines[@]} -eq 4 ] +} + +@test "run: With an image having all warnings and prompt for confirmation - No" { + containerName="test-container-all-warnings" + image="$(build_image_with_all_warnings)" + + create_image_container "$image" "$containerName" + + run --keep-empty-lines --separate-stderr "$TOOLBX" run --container "$containerName" true <<< "n" + + assert_success + assert_line --index 0 "${MSG_CONFIRMATION_PROMPT}" + assert [ ${#lines[@]} -eq 1 ] + + lines=("${stderr_lines[@]}") + assert_line --index 0 "$(warning_non_toolbx_image "$image")" + assert_line --index 1 "$(warning_ld_preload_image "$image")" + assert_line --index 2 "$(warning_entrypoint_image "$image")" + assert [ ${#stderr_lines[@]} -eq 3 ] +} + +@test "run: With an image having all warnings and prompt for confirmation - assumeyes" { + containerName="test-container-all-warnings" + image="$(build_image_with_all_warnings)" + + create_image_container "$image" "$containerName" + + run --keep-empty-lines --separate-stderr "$TOOLBX" --assumeyes run --container "$containerName" true + + assert_failure + assert [ ${#lines[@]} -eq 0 ] + + lines=("${stderr_lines[@]}") + assert_line --index 0 "$(warning_non_toolbx_image "$image")" + assert_line --index 1 "$(warning_ld_preload_image "$image")" + assert_line --index 2 "$(warning_entrypoint_image "$image")" + assert_line --index 3 "$(failed_start_error_message "$containerName")" + assert [ ${#stderr_lines[@]} -eq 4 ] +} diff --git a/test/system/105-enter.bats b/test/system/105-enter.bats index c56e7449a..7eef5bc54 100644 --- a/test/system/105-enter.bats +++ b/test/system/105-enter.bats @@ -156,12 +156,13 @@ teardown() { run --keep-empty-lines --separate-stderr "$TOOLBX" enter --container "$containerName" <<< "y" assert_failure - assert_line --index 0 "Container '$containerName' uses a non-Toolbx image '$image' and may not work properly (see https://containertoolbx.org/doc/). Continue anyway? [y/N]: " + assert_line --index 0 "${MSG_CONFIRMATION_PROMPT}" assert [ ${#lines[@]} -eq 1 ] lines=("${stderr_lines[@]}") - assert_line --index 0 "Error: failed to start container $containerName" - assert [ ${#stderr_lines[@]} -eq 1 ] + assert_line --index 0 "$(warning_non_toolbx_image "$image")" + assert_line --index 1 "$(failed_start_error_message "$containerName")" + assert [ ${#stderr_lines[@]} -eq 2 ] } @test "enter: With a non-Toolbx image and prompt for confirmation - No" { @@ -173,9 +174,12 @@ teardown() { run --keep-empty-lines --separate-stderr "$TOOLBX" enter --container "$containerName" <<< "n" assert_success - assert_line --index 0 "Container '$containerName' uses a non-Toolbx image '$image' and may not work properly (see https://containertoolbx.org/doc/). Continue anyway? [y/N]: " + assert_line --index 0 "${MSG_CONFIRMATION_PROMPT}" assert [ ${#lines[@]} -eq 1 ] - assert [ ${#stderr_lines[@]} -eq 0 ] + + lines=("${stderr_lines[@]}") + assert_line --index 0 "$(warning_non_toolbx_image "$image")" + assert [ ${#stderr_lines[@]} -eq 1 ] } @test "enter: With a non-Toolbx image and prompt for confirmation - assumeyes" { @@ -190,10 +194,173 @@ teardown() { assert [ ${#lines[@]} -eq 0 ] lines=("${stderr_lines[@]}") - assert_line --index 0 "Error: failed to start container $containerName" + assert_line --index 0 "$(warning_non_toolbx_image "$image")" + assert_line --index 1 "$(failed_start_error_message "$containerName")" + assert [ ${#stderr_lines[@]} -eq 2 ] +} + +@test "enter: With an image with LD_PRELOAD set and prompt for confirmation - Yes" { + containerName="test-container-ld-preload" + image="$(build_image_with_ld_preload)" + + create_image_container "$image" "$containerName" + + run --keep-empty-lines --separate-stderr "$TOOLBX" enter --container "$containerName" <<< "y" + + assert_failure + assert_line --index 0 "${MSG_CONFIRMATION_PROMPT}" + assert [ ${#lines[@]} -eq 1 ] + + lines=("${stderr_lines[@]}") + assert_line --index 0 "$(warning_ld_preload_image "$image")" + assert_line --index 1 "$(failed_start_error_message "$containerName")" + assert [ ${#stderr_lines[@]} -eq 2 ] +} + +@test "enter: With an image with LD_PRELOAD set and prompt for confirmation - No" { + containerName="test-container-ld-preload" + image="$(build_image_with_ld_preload)" + + create_image_container "$image" "$containerName" + + run --keep-empty-lines --separate-stderr "$TOOLBX" enter --container "$containerName" <<< "n" + + assert_success + assert_line --index 0 "${MSG_CONFIRMATION_PROMPT}" + assert [ ${#lines[@]} -eq 1 ] + + lines=("${stderr_lines[@]}") + assert_line --index 0 "$(warning_ld_preload_image "$image")" + assert [ ${#stderr_lines[@]} -eq 1 ] +} + +@test "enter: With an image with LD_PRELOAD set and prompt for confirmation - assumeyes" { + containerName="test-container-ld-preload" + image="$(build_image_with_ld_preload)" + + create_image_container "$image" "$containerName" + + run --keep-empty-lines --separate-stderr "$TOOLBX" --assumeyes enter --container "$containerName" + + assert_failure + assert [ ${#lines[@]} -eq 0 ] + + lines=("${stderr_lines[@]}") + assert_line --index 0 "$(warning_ld_preload_image "$image")" + assert_line --index 1 "$(failed_start_error_message "$containerName")" + assert [ ${#stderr_lines[@]} -eq 2 ] +} + +@test "enter: With an image with an entrypoint set and prompt for confirmation - Yes" { + containerName="test-container-entrypoint" + image="$(build_image_with_entrypoint)" + + create_image_container "$image" "$containerName" + + run --keep-empty-lines --separate-stderr "$TOOLBX" enter --container "$containerName" <<< "y" + + assert_failure + assert_line --index 0 "${MSG_CONFIRMATION_PROMPT}" + assert [ ${#lines[@]} -eq 1 ] + + lines=("${stderr_lines[@]}") + assert_line --index 0 "$(warning_entrypoint_image "$image")" + assert_line --index 1 "$(failed_start_error_message "$containerName")" + assert [ ${#stderr_lines[@]} -eq 2 ] +} + +@test "enter: With an image with an entrypoint set and prompt for confirmation - No" { + containerName="test-container-entrypoint" + image="$(build_image_with_entrypoint)" + + create_image_container "$image" "$containerName" + + run --keep-empty-lines --separate-stderr "$TOOLBX" enter --container "$containerName" <<< "n" + + assert_success + assert_line --index 0 "${MSG_CONFIRMATION_PROMPT}" + assert [ ${#lines[@]} -eq 1 ] + + lines=("${stderr_lines[@]}") + assert_line --index 0 "$(warning_entrypoint_image "$image")" assert [ ${#stderr_lines[@]} -eq 1 ] } +@test "enter: With an image with an entrypoint set and prompt for confirmation - assumeyes" { + containerName="test-container-entrypoint" + image="$(build_image_with_entrypoint)" + + create_image_container "$image" "$containerName" + + run --keep-empty-lines --separate-stderr "$TOOLBX" --assumeyes enter --container "$containerName" + + assert_failure + assert [ ${#lines[@]} -eq 0 ] + + lines=("${stderr_lines[@]}") + assert_line --index 0 "$(warning_entrypoint_image "$image")" + assert_line --index 1 "$(failed_start_error_message "$containerName")" + assert [ ${#stderr_lines[@]} -eq 2 ] +} + +@test "enter: With an image having all warnings and prompt for confirmation - Yes" { + containerName="test-container-all-warnings" + image="$(build_image_with_all_warnings)" + + create_image_container "$image" "$containerName" + + run --keep-empty-lines --separate-stderr "$TOOLBX" enter --container "$containerName" <<< "y" + + assert_failure + assert_line --index 0 "${MSG_CONFIRMATION_PROMPT}" + assert [ ${#lines[@]} -eq 1 ] + + lines=("${stderr_lines[@]}") + assert_line --index 0 "$(warning_non_toolbx_image "$image")" + assert_line --index 1 "$(warning_ld_preload_image "$image")" + assert_line --index 2 "$(warning_entrypoint_image "$image")" + assert_line --index 3 "$(failed_start_error_message "$containerName")" + assert [ ${#stderr_lines[@]} -eq 4 ] +} + +@test "enter: With an image having all warnings and prompt for confirmation - No" { + containerName="test-container-all-warnings" + image="$(build_image_with_all_warnings)" + + create_image_container "$image" "$containerName" + + run --keep-empty-lines --separate-stderr "$TOOLBX" enter --container "$containerName" <<< "n" + + assert_success + assert_line --index 0 "${MSG_CONFIRMATION_PROMPT}" + assert [ ${#lines[@]} -eq 1 ] + + lines=("${stderr_lines[@]}") + assert_line --index 0 "$(warning_non_toolbx_image "$image")" + assert_line --index 1 "$(warning_ld_preload_image "$image")" + assert_line --index 2 "$(warning_entrypoint_image "$image")" + assert [ ${#stderr_lines[@]} -eq 3 ] +} + +@test "enter: With an image having all warnings and prompt for confirmation - assumeyes" { + containerName="test-container-all-warnings" + image="$(build_image_with_all_warnings)" + + create_image_container "$image" "$containerName" + + run --keep-empty-lines --separate-stderr "$TOOLBX" --assumeyes enter --container "$containerName" + + assert_failure + assert [ ${#lines[@]} -eq 0 ] + + lines=("${stderr_lines[@]}") + assert_line --index 0 "$(warning_non_toolbx_image "$image")" + assert_line --index 1 "$(warning_ld_preload_image "$image")" + assert_line --index 2 "$(warning_entrypoint_image "$image")" + assert_line --index 3 "$(failed_start_error_message "$containerName")" + assert [ ${#stderr_lines[@]} -eq 4 ] +} + # TODO: Write the test @test "enter: Enter the default Toolbx" { skip "Testing of entering Toolbxes is not implemented" diff --git a/test/system/libs/helpers.bash b/test/system/libs/helpers.bash index 4446eb3bc..4ed593f3a 100644 --- a/test/system/libs/helpers.bash +++ b/test/system/libs/helpers.bash @@ -39,6 +39,42 @@ readonly TOOLBX="${TOOLBX:-$(command -v toolbox)}" readonly TOOLBX_TEST_SYSTEM_TAGS_ALL="arch-fedora,commands-options,custom-image,runtime-environment,ubuntu" readonly TOOLBX_TEST_SYSTEM_TAGS="${TOOLBX_TEST_SYSTEM_TAGS:-$TOOLBX_TEST_SYSTEM_TAGS_ALL}" + +# Common test messages (used across multiple test suites) +export MSG_CONFIRMATION_PROMPT="One or more of the image's requirements are not met. Continue anyway? [y/N]: " + +# Helper functions for generating common messages +function created_container_message() { + local container_name="$1" + echo "Created container: $container_name" +} + +function enter_with_message() { + local container_name="$1" + echo "Enter with: toolbox enter $container_name" +} + +function failed_start_error_message() { + local container_name="$1" + echo "Error: failed to start container $container_name" +} + +# Helper functions for generating image warning messages +function warning_non_toolbx_image() { + local image="$1" + echo "Warning: Image '$image' does not contain either of the labels 'com.github.containers.toolbox=true' and 'com.github.debarshiray.toolbox=true'" +} + +function warning_ld_preload_image() { + local image="$1" + echo "Warning: Image '$image' has environment variable LD_PRELOAD set, which may cause container vulnerability (Container Escape)" +} + +function warning_entrypoint_image() { + local image="$1" + echo "Warning: Image '$image' has an entrypoint defined" +} + # Images declare -Ag IMAGES=([arch]="quay.io/toolbx/arch-toolbox" \ [busybox]="quay.io/toolbox_tests/busybox" \ @@ -255,12 +291,24 @@ function build_image_without_name() { } -function build_non_toolbx_image() { - local image_name="localhost/non-toolbx:test-$$" +# Generic helper function to build test images with custom Containerfile content +# +# Parameters +# ========== +# - image_name - Used as part of the image name +# - containerfile_content - Complete Containerfile content to build the image +# +# The function creates a temporary Containerfile with the provided content, +# builds the image using Podman, and returns the full image name that was built. +function _build_test_image_generic() { + local image_name="$1" + local containerfile_content="$2" - echo -e "FROM scratch\n\nLABEL test=\"non-toolbx\"" > "$BATS_TEST_TMPDIR"/Containerfile + local image_name_full="localhost/${image_name}:test-$$" - run podman build --quiet --tag "$image_name" "$BATS_TEST_TMPDIR" + echo -e "$containerfile_content" > "$BATS_TEST_TMPDIR"/Containerfile + + run podman build --quiet --tag "$image_name_full" "$BATS_TEST_TMPDIR" assert_success assert_line --index 0 --regexp "^[a-f0-9]{64}$" @@ -270,7 +318,27 @@ function build_non_toolbx_image() { rm -f "$BATS_TEST_TMPDIR"/Containerfile - echo "$image_name" + echo "$image_name_full" +} + + +function build_non_toolbx_image() { + _build_test_image_generic "non-toolbx" "FROM scratch\n\nLABEL test=\"non-toolbx\"" +} + + +function build_image_with_ld_preload() { + _build_test_image_generic "ld-preload" "FROM scratch\n\nENV LD_PRELOAD=foobar.so\n\nLABEL com.github.containers.toolbox=true" +} + + +function build_image_with_entrypoint() { + _build_test_image_generic "entrypoint" "FROM scratch\n\nENTRYPOINT [\"/bin/sh\", \"-c\", \"echo 'Hello, World!'\"]\n\nLABEL com.github.containers.toolbox=true" +} + + +function build_image_with_all_warnings() { + _build_test_image_generic "all-warnings" "FROM scratch\n\nENV LD_PRELOAD=foobar.so\n\nENTRYPOINT [\"/bin/sh\", \"-c\", \"echo 'Multiple warnings!'\"]\n\nLABEL test=\"all-warnings\"" }