Skip to content

Commit 0b527f5

Browse files
cypharcyphar
committed
test: add oci-image-validate to all steps
This is necessary in order to sanely ensure that all of our image modifications are in accordance with the spec. Signed-off-by: Aleksa Sarai <[email protected]>
1 parent 713fda4 commit 0b527f5

File tree

10 files changed

+169
-2
lines changed

10 files changed

+169
-2
lines changed

Dockerfile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@ RUN zypper ar -f -p 10 -g obs://Virtualization:containers obs-vc && \
2323
zypper ar -f -p 10 -g obs://home:cyphar obs-cyphar && \
2424
zypper --gpg-auto-import-keys -n ref && \
2525
zypper -n up
26-
RUN zypper -n in 'go>=1.6' git make skopeo go-mtree bats jq
26+
RUN zypper -n in 'go>=1.6' git make skopeo go-mtree bats jq oci-image-tools
2727

2828
ENV GOPATH /go
2929
ENV PATH $GOPATH/bin:$PATH

test/config.bats

Lines changed: 67 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,8 @@ function teardown() {
2828
BUNDLE_A="$(setup_bundle)"
2929
BUNDLE_B="$(setup_bundle)"
3030

31+
verify "$IMAGE"
32+
3133
# Unpack the image.
3234
umoci unpack --image "$IMAGE" --from "$TAG" --bundle "$BUNDLE_A"
3335
[ "$status" -eq 0 ]
@@ -38,6 +40,7 @@ function teardown() {
3840
# Modify none of the configuration.
3941
umoci config --image "$IMAGE" --from "$TAG" --tag "${TAG}-new"
4042
[ "$status" -eq 0 ]
43+
verify "$IMAGE"
4144

4245
# Unpack the image again.
4346
umoci unpack --image "$IMAGE" --from "${TAG}-new" --bundle "$BUNDLE_B"
@@ -64,12 +67,16 @@ function teardown() {
6467
[ "$numLinesB" -gt "$numLinesA" ]
6568
# The final layer should be an empty_layer now.
6669
[[ "$(echo "$output" | jq -SM '.history[-1].empty_layer')" == "true" ]]
70+
71+
verify "$IMAGE"
6772
}
6873

6974
@test "umoci config --config.user 'user'" {
7075
BUNDLE_A="$(setup_bundle)"
7176
BUNDLE_B="$(setup_bundle)"
7277

78+
verify "$IMAGE"
79+
7380
# Unpack the image.
7481
umoci unpack --image "$IMAGE" --from "${TAG}" --bundle "$BUNDLE_A"
7582
[ "$status" -eq 0 ]
@@ -82,10 +89,12 @@ function teardown() {
8289
# Repack the image.
8390
umoci repack --image "$IMAGE" --bundle "$BUNDLE_A" --tag "${TAG}"
8491
[ "$status" -eq 0 ]
92+
verify "$IMAGE"
8593

8694
# Modify the user.
8795
umoci config --image "$IMAGE" --from "$TAG" --tag "${TAG}" --config.user="testuser"
8896
[ "$status" -eq 0 ]
97+
verify "$IMAGE"
8998

9099
# Unpack the image.
91100
umoci unpack --image "$IMAGE" --from "${TAG}" --bundle "$BUNDLE_B"
@@ -115,12 +124,16 @@ function teardown() {
115124
[ "$status" -eq 0 ]
116125
export $output
117126
[[ "$HOME" == "/my home dir " ]]
127+
128+
verify "$IMAGE"
118129
}
119130

120131
@test "umoci config --config.user 'user:group'" {
121132
BUNDLE_A="$(setup_bundle)"
122133
BUNDLE_B="$(setup_bundle)"
123134

135+
verify "$IMAGE"
136+
124137
# Unpack the image.
125138
umoci unpack --image "$IMAGE" --from "${TAG}" --bundle "$BUNDLE_A"
126139
[ "$status" -eq 0 ]
@@ -134,10 +147,12 @@ function teardown() {
134147
# Repack the image.
135148
umoci repack --image "$IMAGE" --bundle "$BUNDLE_A" --tag "${TAG}"
136149
[ "$status" -eq 0 ]
150+
verify "$IMAGE"
137151

138152
# Modify the user.
139153
umoci config --image "$IMAGE" --from "$TAG" --tag "${TAG}" --config.user="testuser:emptygroup"
140154
[ "$status" -eq 0 ]
155+
verify "$IMAGE"
141156

142157
# Unpack the image.
143158
umoci unpack --image "$IMAGE" --from "${TAG}" --bundle "$BUNDLE_B"
@@ -163,13 +178,17 @@ function teardown() {
163178
[ "$status" -eq 0 ]
164179
export $output
165180
[[ "$HOME" == "/my home dir " ]]
181+
182+
verify "$IMAGE"
166183
}
167184

168185
@test "umoci config --config.user 'user:group' [parsed from rootfs]" {
169186
BUNDLE_A="$(setup_bundle)"
170187
BUNDLE_B="$(setup_bundle)"
171188
BUNDLE_C="$(setup_bundle)"
172189

190+
verify "$IMAGE"
191+
173192
# Unpack the image.
174193
umoci unpack --image "$IMAGE" --from "${TAG}" --bundle "$BUNDLE_A"
175194
[ "$status" -eq 0 ]
@@ -183,10 +202,12 @@ function teardown() {
183202
# Repack the image.
184203
umoci repack --image "$IMAGE" --bundle "$BUNDLE_A" --tag "${TAG}"
185204
[ "$status" -eq 0 ]
205+
verify "$IMAGE"
186206

187207
# Modify the user.
188208
umoci config --image "$IMAGE" --from "$TAG" --tag "${TAG}" --config.user="testuser:emptygroup"
189209
[ "$status" -eq 0 ]
210+
verify "$IMAGE"
190211

191212
# Unpack the image.
192213
umoci unpack --image "$IMAGE" --from "${TAG}" --bundle "$BUNDLE_B"
@@ -215,6 +236,7 @@ function teardown() {
215236
# Repack the image.
216237
umoci repack --image "$IMAGE" --bundle "$BUNDLE_B" --tag "${TAG}"
217238
[ "$status" -eq 0 ]
239+
verify "$IMAGE"
218240

219241
# Unpack the image.
220242
umoci unpack --image "$IMAGE" --from "${TAG}" --bundle "$BUNDLE_C"
@@ -235,6 +257,8 @@ function teardown() {
235257
[ "$status" -eq 0 ]
236258
export $output
237259
[[ "$HOME" == "/another home" ]]
260+
261+
verify "$IMAGE"
238262
}
239263

240264
@test "umoci config --config.user 'user:group' [non-existent user]" {
@@ -243,10 +267,13 @@ function teardown() {
243267
# Modify the user.
244268
umoci config --image "$IMAGE" --from "$TAG" --tag "${TAG}" --config.user="testuser:emptygroup"
245269
[ "$status" -eq 0 ]
270+
verify "$IMAGE"
246271

247272
# Unpack the image.
248273
umoci unpack --image "$IMAGE" --from "${TAG}" --bundle "$BUNDLE"
249274
[ "$status" -ne 0 ]
275+
276+
verify "$IMAGE"
250277
}
251278

252279
@test "umoci config --config.user [numeric]" {
@@ -255,6 +282,7 @@ function teardown() {
255282
# Modify none of the configuration.
256283
umoci config --image "$IMAGE" --from "$TAG" --tag "${TAG}-new" --config.user="1337:8888"
257284
[ "$status" -eq 0 ]
285+
verify "$IMAGE"
258286

259287
# Unpack the image again.
260288
umoci unpack --image "$IMAGE" --from "${TAG}-new" --bundle "$BUNDLE"
@@ -269,6 +297,8 @@ function teardown() {
269297
sane_run jq -SM '.process.user.gid' "$BUNDLE/config.json"
270298
[ "$status" -eq 0 ]
271299
[ "$output" -eq 8888 ]
300+
301+
verify "$IMAGE"
272302
}
273303

274304
# TODO: Add a test to make sure that --config.user is resolved on unpacking.
@@ -280,6 +310,7 @@ function teardown() {
280310
# Modify none of the configuration.
281311
umoci config --image "$IMAGE" --from "$TAG" --tag "${TAG}-new" --config.workingdir "/a/fake/directory"
282312
[ "$status" -eq 0 ]
313+
verify "$IMAGE"
283314

284315
# Unpack the image again.
285316
umoci unpack --image "$IMAGE" --from "${TAG}-new" --bundle "$BUNDLE"
@@ -289,6 +320,8 @@ function teardown() {
289320
sane_run jq -SM '.process.cwd' "$BUNDLE/config.json"
290321
[ "$status" -eq 0 ]
291322
[ "$output" = '"/a/fake/directory"' ]
323+
324+
verify "$IMAGE"
292325
}
293326

294327
@test "umoci config --clear=config.env" {
@@ -297,6 +330,7 @@ function teardown() {
297330
# Modify none of the configuration.
298331
umoci config --image "$IMAGE" --from "$TAG" --tag "${TAG}-new" --clear=config.env
299332
[ "$status" -eq 0 ]
333+
verify "$IMAGE"
300334

301335
# Unpack the image again.
302336
umoci unpack --image "$IMAGE" --from "${TAG}-new" --bundle "$BUNDLE"
@@ -307,6 +341,8 @@ function teardown() {
307341
[ "$status" -eq 0 ]
308342
[[ "${lines[0]}" == *"HOME="* ]]
309343
[ "${#lines[@]}" -eq 1 ]
344+
345+
verify "$IMAGE"
310346
}
311347

312348
@test "umoci config --config.env" {
@@ -315,6 +351,7 @@ function teardown() {
315351
# Modify none of the configuration.
316352
umoci config --image "$IMAGE" --from "$TAG" --tag "${TAG}-new" --config.env "VARIABLE1=test" --config.env "VARIABLE2=what"
317353
[ "$status" -eq 0 ]
354+
verify "$IMAGE"
318355

319356
# Unpack the image again.
320357
umoci unpack --image "$IMAGE" --from "${TAG}-new" --bundle "$BUNDLE"
@@ -328,6 +365,8 @@ function teardown() {
328365
export $output
329366
[[ "$VARIABLE1" == "test" ]]
330367
[[ "$VARIABLE2" == "what" ]]
368+
369+
verify "$IMAGE"
331370
}
332371

333372
@test "umoci config --config.memory.*" {
@@ -336,6 +375,7 @@ function teardown() {
336375
# Modify none of the configuration.
337376
umoci config --image "$IMAGE" --from "$TAG" --tag "${TAG}-new" --config.memory.limit 1000 --config.memory.swap 2000
338377
[ "$status" -eq 0 ]
378+
verify "$IMAGE"
339379

340380
# Unpack the image again.
341381
umoci unpack --image "$IMAGE" --from "${TAG}-new" --bundle "$BUNDLE"
@@ -361,6 +401,8 @@ function teardown() {
361401
[ "$status" -eq 0 ]
362402
[ "$output" -eq 2000 ]
363403
fi
404+
405+
verify "$IMAGE"
364406
}
365407

366408
@test "umoci config --config.cpu.shares" {
@@ -369,6 +411,7 @@ function teardown() {
369411
# Modify none of the configuration.
370412
umoci config --image "$IMAGE" --from "$TAG" --tag "${TAG}-new" --config.cpu.shares 1024
371413
[ "$status" -eq 0 ]
414+
verify "$IMAGE"
372415

373416
# Unpack the image again.
374417
umoci unpack --image "$IMAGE" --from "${TAG}-new" --bundle "$BUNDLE"
@@ -386,6 +429,8 @@ function teardown() {
386429
[ "$status" -eq 0 ]
387430
[ "$output" -eq 1024 ]
388431
fi
432+
433+
verify "$IMAGE"
389434
}
390435

391436
@test "umoci config --config.cmd" {
@@ -394,6 +439,7 @@ function teardown() {
394439
# Modify none of the configuration.
395440
umoci config --image "$IMAGE" --from "$TAG" --tag "${TAG}" --config.cmd "cat" --config.cmd "/this is a file with spaces" --config.cmd "-v"
396441
[ "$status" -eq 0 ]
442+
verify "$IMAGE"
397443

398444
# Unpack the image again.
399445
umoci unpack --image "$IMAGE" --from "${TAG}" --bundle "$BUNDLE"
@@ -403,6 +449,8 @@ function teardown() {
403449
sane_run jq -SMr 'reduce .process.args[] as $arg (""; . + $arg + ";")' "$BUNDLE/config.json"
404450
[ "$status" -eq 0 ]
405451
[[ "$output" == "cat;/this is a file with spaces;-v;" ]]
452+
453+
verify "$IMAGE"
406454
}
407455

408456
@test "umoci config --config.[entrypoint+cmd]" {
@@ -411,6 +459,7 @@ function teardown() {
411459
# Modify none of the configuration.
412460
umoci config --image "$IMAGE" --from "$TAG" --tag "${TAG}" --config.entrypoint "sh" --config.cmd "-c" --config.cmd "ls -la"
413461
[ "$status" -eq 0 ]
462+
verify "$IMAGE"
414463

415464
# Unpack the image again.
416465
umoci unpack --image "$IMAGE" --from "${TAG}" --bundle "$BUNDLE"
@@ -420,6 +469,8 @@ function teardown() {
420469
sane_run jq -SMr 'reduce .process.args[] as $arg (""; . + $arg + ";")' "$BUNDLE/config.json"
421470
[ "$status" -eq 0 ]
422471
[[ "$output" == "sh;-c;ls -la;" ]]
472+
473+
verify "$IMAGE"
423474
}
424475

425476
# XXX: This test is somewhat dodgy (since we don't actually set anything other than the destination for a volume).
@@ -431,6 +482,7 @@ function teardown() {
431482
# Modify none of the configuration.
432483
umoci config --image "$IMAGE" --from "$TAG" --tag "${TAG}" --config.volume /volume --config.volume "/some nutty/path name/ here"
433484
[ "$status" -eq 0 ]
485+
verify "$IMAGE"
434486

435487
# Unpack the image again.
436488
umoci unpack --image "$IMAGE" --from "${TAG}" --bundle "$BUNDLE_A"
@@ -447,6 +499,7 @@ function teardown() {
447499
# Make sure we're appending.
448500
umoci config --image "$IMAGE" --from "$TAG" --tag "${TAG}" --config.volume "/another volume"
449501
[ "$status" -eq 0 ]
502+
verify "$IMAGE"
450503

451504
# Unpack the image again.
452505
umoci unpack --image "$IMAGE" --from "${TAG}" --bundle "$BUNDLE_B"
@@ -464,6 +517,7 @@ function teardown() {
464517
# Now clear the volumes
465518
umoci config --image "$IMAGE" --from "$TAG" --tag "${TAG}" --clear=config.volume --config.volume "/..final_volume"
466519
[ "$status" -eq 0 ]
520+
verify "$IMAGE"
467521

468522
# Unpack the image again.
469523
umoci unpack --image "$IMAGE" --from "${TAG}" --bundle "$BUNDLE_C"
@@ -478,6 +532,8 @@ function teardown() {
478532
! ( printf -- '%s\n' "${lines[*]}" | grep '^/some nutty/path name/ here$' )
479533
! ( printf -- '%s\n' "${lines[*]}" | grep '^/another volume$' )
480534
printf -- '%s\n' "${lines[*]}" | grep '^/\.\.final_volume$'
535+
536+
verify "$IMAGE"
481537
}
482538

483539
@test "umoci config --[os+architecture]" {
@@ -487,6 +543,7 @@ function teardown() {
487543
# XXX: We can't test anything other than --os=linux because our generator bails for non-Linux OSes.
488544
umoci config --image "$IMAGE" --from "$TAG" --tag "${TAG}" --os "linux" --architecture "aarch9001"
489545
[ "$status" -eq 0 ]
546+
verify "$IMAGE"
490547

491548
# Unpack the image again.
492549
umoci unpack --image "$IMAGE" --from "${TAG}" --bundle "$BUNDLE"
@@ -501,6 +558,8 @@ function teardown() {
501558
sane_run jq -SMr '.platform.arch' "$BUNDLE/config.json"
502559
[ "$status" -eq 0 ]
503560
[[ "$output" == "aarch9001" ]]
561+
562+
verify "$IMAGE"
504563
}
505564

506565
# XXX: This doesn't do any actual testing of the results of any of these flags.
@@ -509,12 +568,15 @@ function teardown() {
509568
# Modify everything.
510569
umoci config --image "$IMAGE" --from "$TAG" --tag "${TAG}-new" --author="Aleksa Sarai <[email protected]>" --created="2016-03-25T12:34:02.655002+11:00"
511570
[ "$status" -eq 0 ]
571+
verify "$IMAGE"
512572

513573
# Make sure that --created doesn't work with a random string.
514574
umoci config --image "$IMAGE" --from "$TAG" --tag "${TAG}-new" --created="not a date"
515575
[ "$status" -ne 0 ]
576+
verify "$IMAGE"
516577
umoci config --image "$IMAGE" --from "$TAG" --tag "${TAG}-new" --created="Jan 04 2004"
517578
[ "$status" -ne 0 ]
579+
verify "$IMAGE"
518580

519581
# Make sure that the history was modified and the author is now me.
520582
umoci stat --image "$IMAGE" --tag "$TAG" --json
@@ -531,6 +593,8 @@ function teardown() {
531593
[[ "$(echo "$output" | jq -SMr '.history[-1].empty_layer')" == "true" ]]
532594
# The author should've changed.
533595
[[ "$(echo "$output" | jq -SMr '.history[-1].author')" == "Aleksa Sarai <[email protected]>" ]]
596+
597+
verify "$IMAGE"
534598
}
535599

536600
# XXX: We don't do any testing of --author and that the config is changed properly.
@@ -543,6 +607,7 @@ function teardown() {
543607
--history.created="2016-12-09T04:45:40+11:00" \
544608
--author="Aleksa Sarai <[email protected]>"
545609
[ "$status" -eq 0 ]
610+
verify "$IMAGE"
546611

547612
# Make sure that the history was modified.
548613
umoci stat --image "$IMAGE" --tag "$TAG" --json
@@ -565,4 +630,6 @@ function teardown() {
565630
[[ "$(echo "$output" | jq -SMr '.history[-1].created_by')" == "-- <bats> integration test --" ]]
566631
# The created should be set.
567632
[[ "$(echo "$output" | jq -SMr '.history[-1].created')" == "2016-12-09T04:45:40+11:00" ]]
633+
634+
verify "$IMAGE"
568635
}

0 commit comments

Comments
 (0)