-
Notifications
You must be signed in to change notification settings - Fork 75
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #505 from cgwalters/install-to-filesystem-warning-…
…more install: Add prominent warning+timeout when targeting host root
- Loading branch information
Showing
3 changed files
with
53 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -111,7 +111,7 @@ jobs: | |
- name: Install | ||
run: sudo tar -C / -xvf bootc.tar.zst | ||
- name: Integration tests | ||
run: sudo podman run --rm -ti --privileged -v /run/systemd:/run/systemd -v /:/run/host -v /usr/bin/bootc:/usr/bin/bootc --pid=host quay.io/fedora/fedora-coreos:testing-devel bootc internal-tests run-privileged-integration | ||
run: sudo podman run --rm --privileged -v /run/systemd:/run/systemd -v /:/run/host -v /usr/bin/bootc:/usr/bin/bootc --pid=host quay.io/fedora/fedora-coreos:testing-devel bootc internal-tests run-privileged-integration | ||
container-tests: | ||
if: ${{ !contains(github.event.pull_request.labels.*.name, 'control/skip-ci') }} | ||
name: "Container testing" | ||
|
@@ -146,18 +146,18 @@ jobs: | |
set -xeuo pipefail | ||
image=quay.io/centos-bootc/centos-bootc-dev:stream9 | ||
echo 'ssh-ed25519 ABC0123 [email protected]' > test_authorized_keys | ||
sudo podman run --rm -ti --privileged -v ./test_authorized_keys:/test_authorized_keys --env RUST_LOG=debug -v /:/target -v /var/lib/containers:/var/lib/containers -v ./usr/bin/bootc:/usr/bin/bootc --pid=host --security-opt label=disable \ | ||
${image} bootc install to-filesystem \ | ||
sudo podman run --rm --privileged -v ./test_authorized_keys:/test_authorized_keys --env RUST_LOG=debug -v /:/target -v /var/lib/containers:/var/lib/containers -v ./usr/bin/bootc:/usr/bin/bootc --pid=host --security-opt label=disable \ | ||
${image} bootc install to-filesystem --acknowledge-destructive \ | ||
--karg=foo=bar --disable-selinux --replace=alongside --root-ssh-authorized-keys=/test_authorized_keys /target | ||
ls -al /boot/loader/ | ||
sudo grep foo=bar /boot/loader/entries/*.conf | ||
grep authorized_keys /ostree/deploy/default/deploy/*/etc/tmpfiles.d/bootc-root-ssh.conf | ||
# TODO fix https://github.com/containers/bootc/pull/137 | ||
sudo chattr -i /ostree/deploy/default/deploy/* | ||
sudo rm /ostree/deploy/default -rf | ||
sudo podman run --rm -ti --privileged --env RUST_LOG=debug -v /:/target -v /var/lib/containers:/var/lib/containers -v ./usr/bin/bootc:/usr/bin/bootc --pid=host --security-opt label=disable \ | ||
${image} bootc install to-existing-root | ||
sudo podman run --rm -ti --privileged -v /:/target -v ./usr/bin/bootc:/usr/bin/bootc --pid=host --security-opt label=disable ${image} bootc internal-tests verify-selinux /target/ostree --warn | ||
sudo podman run --rm --privileged --env RUST_LOG=debug -v /:/target -v /var/lib/containers:/var/lib/containers -v ./usr/bin/bootc:/usr/bin/bootc --pid=host --security-opt label=disable \ | ||
${image} bootc install to-existing-root --acknowledge-destructive | ||
sudo podman run --rm --privileged -v /:/target -v ./usr/bin/bootc:/usr/bin/bootc --pid=host --security-opt label=disable ${image} bootc internal-tests verify-selinux /target/ostree --warn | ||
install-to-existing-root: | ||
if: ${{ !contains(github.event.pull_request.labels.*.name, 'control/skip-ci') }} | ||
name: "Test install-to-existing-root" | ||
|
@@ -177,7 +177,7 @@ jobs: | |
# so we bind mount an empty directory over /usr/lib/bootc/install. | ||
empty=$(mktemp -d) | ||
image=quay.io/centos-bootc/centos-bootc-dev:stream9 | ||
sudo podman run --rm -ti --privileged --env RUST_LOG=debug -v /:/target -v /var/lib/containers:/var/lib/containers -v ./usr/bin/bootc:/usr/bin/bootc -v ${empty}:/usr/lib/bootc/install --pid=host --security-opt label=disable \ | ||
sudo podman run --rm --privileged --env RUST_LOG=debug -v /:/target -v /var/lib/containers:/var/lib/containers -v ./usr/bin/bootc:/usr/bin/bootc -v ${empty}:/usr/lib/bootc/install --pid=host --security-opt label=disable \ | ||
${image} bootc install to-existing-root | ||
install-to-loopback: | ||
if: ${{ !contains(github.event.pull_request.labels.*.name, 'control/skip-ci') }} | ||
|
@@ -197,5 +197,5 @@ jobs: | |
image=quay.io/centos-bootc/centos-bootc-dev:stream9 | ||
tmpdisk=$(mktemp -p /var/tmp) | ||
truncate -s 20G ${tmpdisk} | ||
sudo podman run --rm -ti --privileged --env RUST_LOG=debug -v /dev:/dev -v /:/target -v /var/lib/containers:/var/lib/containers -v ./usr/bin/bootc:/usr/bin/bootc --pid=host --security-opt label=disable \ | ||
sudo podman run --rm --privileged --env RUST_LOG=debug -v /dev:/dev -v /:/target -v /var/lib/containers:/var/lib/containers -v ./usr/bin/bootc:/usr/bin/bootc --pid=host --security-opt label=disable \ | ||
-v ${tmpdisk}:/disk ${image} bootc install to-disk --via-loopback /disk |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters