Tests: CI: Add script_scenario_arbitrary_uid for #175

Author: elgalu

.travis.yml

@@ -40,6 +40,11 @@ jobs:
         - travis_retry ./test/script_scenario_basic
         - travis_retry ./test/script_scenario_restart
 
+    # - env: test=scenario_arbitrary_uid
+    #   script:
+    #     - travis_retry ./test/before_install_pull
+    #     - travis_retry ./test/script_scenario_arbitrary_uid
+
     - env: test=scenario_node_dies
       script:
         - travis_retry ./test/before_install_pull

CHANGELOG.md

@@ -7,6 +7,31 @@ Note image ids also change after scm-source.json has being updated which trigger
 ###### To get container versions
     docker exec grid versions
 
+## TBD_DOCKER_TAG
+ + **Changes:** https://github.com/elgalu/docker-selenium/compare/3.5.3-p9...3.5.3-p10 (TBD_DATE)
+    + Upgrade Firefox major from 55.0.3 to 56 @diemol
+    + Improve resiliency for non-sudo environments #175
+    + Tests: CI: Add script_scenario_arbitrary_uid for #175
+ + **Image tag details:**
+    + Selenium version: TBD_SELENIUM_3_VERSION (TBD_SELENIUM_3_REVISION)
+    + Chrome stable:  TBD_CHROME_STABLE
+    + Firefox stable: TBD_FIREFOX_FOR_SEL3
+    + Geckodriver: TBD_GECKO_DRIVER
+    + Chromedriver: TBD_CHROME_DRIVER (TBD_CHROMEDRIVER_COMMIT)
+    + Java: TBD_JAVA_VENDOR Java TBD_JAVA_BUILD
+    + Timezone: TBD_TIME_ZONE
+    + FROM ubuntu:UBUNTU_FLAVOR-UBUNTU_DATE
+    + Python: TBD_PYTHON_VERSION
+    + Tested on kernel dev host: 4.4.0-96-generic x86_64
+    + Tested on kernel CI  host: TBD_HOST_UNAME
+    + Built at dev host with: Docker version 17.07.0-ce, build 8784753
+    + Built at CI  host with: Docker version TBD_DOCKER_VERS, build TBD_DOCKER_BUILD
+    + Built at dev host with: Docker Compose version 1.16.1, build 6d1ac21
+    + Built at CI  host with: Docker Compose version TBD_DOCKER_COMPOSE_VERS, build TBD_DOCKER_COMPOSE_BUILD
+    + Image size: TBD_IMAGE_SIZE
+    + Digest: TBD_DIGEST
+    + Image ID: TBD_IMAGE_ID
+
 ## 3.5.3-p9
  + **Changes:** https://github.com/elgalu/docker-selenium/compare/3.5.3-p8...3.5.3-p9 (2017-09-26)
     + Tests: CI: Add logic for untrusted PRs

CONTRIBUTING.md

@@ -4,7 +4,7 @@
 For pull requests or local commits:
 
     git checkout -b tmp-`cat VERSION`
-    time (./test/bef && ./test/script_start && ./test/script_archive)
+    time (./test/bef && ./test/script_run_all_tests && ./test/script_archive)
     open ./images/grid3_console.png && open ./videos/mobile_emulation/*.mp4
     git checkout scm-source.json && docker exec grid versions && ./test/after_script
     #git add ... git commit ... git push ... open pull request

Dockerfile

@@ -974,15 +974,9 @@ RUN mkdir -p /home/seluser/.vnc \
   && cp /capabilities.json /home/seluser/caps \
   && mkdir -p ${VIDEOS_DIR} \
   && sudo ln -s ${VIDEOS_DIR} /videos \
-  && sudo chown seluser:seluser /videos \
   && sudo mkdir -p ${LOGS_DIR} \
-  && sudo chown -R seluser:seluser ${LOGS_DIR} \
   && sudo mkdir -p ${RUN_DIR} \
-  && sudo chown -R seluser:seluser ${RUN_DIR} \
-  && sudo chown -R seluser:seluser /etc/supervisor \
-  && sudo chown -R seluser:seluser /test \
   && sudo mkdir -p /tmp/.X11-unix /tmp/.ICE-unix \
-  && sudo chmod 1777 /tmp/.X11-unix /tmp/.ICE-unix \
   && echo ""
 
 # Moved from entry.sh
@@ -991,15 +985,14 @@ ENV SUPERVISOR_PIDFILE="${RUN_DIR}/supervisord.pid" \
     VNC_TRYOUT_ERR_LOG="${LOGS_DIR}/vnc-tryouts-stderr" \
     VNC_TRYOUT_OUT_LOG="${LOGS_DIR}/vnc-tryouts-stdout"
 
-RUN  touch ${SUPERVISOR_PIDFILE} \
-  && touch ${DOCKER_SELENIUM_STATUS} \
-  && touch ${VNC_TRYOUT_ERR_LOG} \
-  && touch ${VNC_TRYOUT_OUT_LOG} \
-  && sudo chown -R seluser:seluser ${LOGS_DIR}
-
 # Include current version
 COPY VERSION /home/seluser/
 
+######################################################################
+# Relaxing permissions for OpenShift and other non-sudo environments #
+######################################################################
+RUN sudo fixperms.sh
+
 #=====================================================
 # Meta JSON file to hold commit info of current build
 #=====================================================

VERSION

@@ -1 +1 @@
-3.5.3-p9
+3.5.3-p10

bin/entry.sh

@@ -28,6 +28,18 @@ if [ "${REMOVE_SELUSER_FROM_SUDOERS_FOR_TESTING}" == "true" ]; then
   fi
 fi
 
+CURRENT_UID="$(id -u)"
+CURRENT_GID="$(id -g)"
+
+# Ensure that assigned uid has entry in /etc/passwd.
+if [ ${CURRENT_UID} -ne 1000 ]; then
+  echo "${USER}:x:${CURRENT_UID}:${CURRENT_GID}:,,,:/home/seluser:/bin/bash" >> /tmp/passwd
+  # cat /etc/passwd | sed -e "s/^${USER}:/builder:/" > /tmp/passwd
+  cat /etc/passwd | sed -e "s/^${USER}:/seluser:/" > /tmp/passwd
+  cat /tmp/passwd > /etc/passwd
+  rm /tmp/passwd
+fi
+
 # Flag to know if we have sudo acess
 if sudo pwd >/dev/null 2>&1; then
   export WE_HAVE_SUDO_ACCESS="true"
@@ -36,13 +48,26 @@ else
   warn "We don't have sudo"
 fi
 
+# if [ ${CURRENT_UID} -ne 1000 ]; then
+#   if [ "${WE_HAVE_SUDO_ACCESS}" == "true" ]; then
+#     warn 1
+#     sudo groupadd --gid ${CURRENT_GID} selgroup
+#     warn 2
+#     sudo gpasswd -a ${USER} seluser
+#     warn 3
+#     sudo gpasswd -a ${USER} selgroup
+#   fi
+# fi
+
 #==============================================
 # Java blocks until kernel have enough entropy
 # to generate the /dev/random seed
 #==============================================
 # See: SeleniumHQ/docker-selenium/issues/14
 # Added a non-sudo conditional so this works on non-sudo environments like K8s
 if [ "${WE_HAVE_SUDO_ACCESS}" == "true" ]; then
+  # We found that, for better entropy, running haveged
+  # with --privileged and sudo here works more reliable
   sudo -E haveged
 else
   haveged || true
@@ -54,21 +79,18 @@ fi
 #  - still unclear if this helps: `-v /var/run/dbus:/var/run/dbus`
 #  - this works generates errors: DBUS_SESSION_BUS_ADDRESS="/dev/null"
 #  - this gives less erros: DBUS_SESSION_BUS_ADDRESS="unix:abstract=/dev/null"
-# Added a non-sudo conditional so this works on non-sudo environments like K8s
-if [ "${WE_HAVE_SUDO_ACCESS}" == "true" ]; then
-  sudo rm -f /var/lib/dbus/machine-id
-  sudo mkdir -p /var/run/dbus
-  sudo service dbus restart >dbus_service.log
-
-  # Test dbus works
-  service dbus status >dbus_service_status.log
-  export $(dbus-launch)
-  export NSS_USE_SHARED_DB=ENABLED
-  # echo "-- INFO: DBUS_SESSION_BUS_ADDRESS=${DBUS_SESSION_BUS_ADDRESS}"
-  #=> e.g. DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-APZO4BE4TJ,guid=6e9c098d053d3038cb0756ae57ecc885
-  # echo "-- INFO: DBUS_SESSION_BUS_PID=${DBUS_SESSION_BUS_PID}"
-  #=> e.g. DBUS_SESSION_BUS_PID=44
-fi
+rm -f /var/lib/dbus/machine-id
+mkdir -p /var/run/dbus
+service dbus restart >dbus_service.log
+
+# Test dbus works
+service dbus status >dbus_service_status.log
+export $(dbus-launch)
+export NSS_USE_SHARED_DB=ENABLED
+# echo "-- INFO: DBUS_SESSION_BUS_ADDRESS=${DBUS_SESSION_BUS_ADDRESS}"
+#=> e.g. DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-APZO4BE4TJ,guid=6e9c098d053d3038cb0756ae57ecc885
+# echo "-- INFO: DBUS_SESSION_BUS_PID=${DBUS_SESSION_BUS_PID}"
+#=> e.g. DBUS_SESSION_BUS_PID=44
 
 #-----------------------------------------------
 # Perform cleanup to support `docker restart`

bin/fixperms.sh

@@ -0,0 +1,32 @@
+#!/usr/bin/env bash
+
+# set +e: don't exit if a command exits with a non-zero status
+set +e
+
+# List of directories in which we need to fix perms:
+DIR_LIST="/usr/share/images/fluxbox /var/lib/dbus /tmp /var/run /run /var/log /etc/supervisor"
+DIR_LIST="${DIR_LIST} /videos /test /home/seluser"
+
+# Relaxing permissions for OpenShift and other non-sudo environments
+chmod 777 /etc/passwd
+
+# Permissions related to the X system
+chmod 1777 /tmp/.X11-unix /tmp/.ICE-unix
+
+for d in ${DIR_LIST}; do
+
+  chown -R seluser:seluser ${d}
+
+  # Give full acess to everything (easier)
+  # chmod -R 777 ${d}
+
+  # Give 666 to files that were not executable
+  find ${d} ! -executable -type f -exec chmod 666 "{}" \;
+
+  # Give 777 to directories
+  find ${d} -type d -exec chmod 777 "{}" \;
+
+  # Give 777 to files that were already executable
+  find ${d} -executable -type f -exec chmod 777 "{}" \;
+
+done

capabilities.json

@@ -7,7 +7,7 @@
     },
     {
       "BROWSER_NAME": "firefox",
-      "VERSION": "55.0.3",
+      "VERSION": "56.0",
       "PLATFORM": "LINUX"
     }
   ]

images/grid3_console.png

@@ -3,7 +3,10 @@ Miscellaneous internal notes, do not read!
 ## Build
 
     time (docker build -t selenium . ;echo $?;beep)
-    docker run --rm -ti --name=grid --privileged -e SELENIUM_HUB_PORT=4444 -p=4444:4444 -p=5900:25900 -e VIDEO=true -e CHROME=false -e FIREFOX=false --shm-size=1g selenium
+    docker run --rm -ti --name=grid --privileged -e SELENIUM_HUB_PORT=4444 -p=4444:4444 -p=5900:25900 -e VIDEO=true -e CHROME=true -e FIREFOX=true -e DEBUG=bash --shm-size=1g selenium
+
+### Uid
+    docker run --rm -ti -u 1000060000:1000060000 --name=grid --privileged -e SELENIUM_HUB_PORT=4444 -p=4444:4444 -p=5900:25900 -e VIDEO=true -e CHROME=false -e FIREFOX=false --shm-size=1g selenium
 
 ### Wait
 Wait and get versions