diff --git a/tests/NEW-IMAGES b/tests/NEW-IMAGES index 2096017c77e..c8f0d9d3e25 100644 --- a/tests/NEW-IMAGES +++ b/tests/NEW-IMAGES @@ -13,3 +13,5 @@ # # Format is one FQIN per line. Enumerate them below: # +quay.io/hummingbird/git +registry.access.redhat.com/ubi10 diff --git a/tests/chroot.bats b/tests/chroot.bats index 652ea3b0081..9a1adc592b9 100644 --- a/tests/chroot.bats +++ b/tests/chroot.bats @@ -22,7 +22,7 @@ load helpers # chosen because its rootfs doesn't have any uid/gid ownership above # $rangesize, because the nested namespace needs to be able to represent all # of them - baseimage=registry.access.redhat.com/ubi9-micro:latest + baseimage=registry.access.redhat.com/ubi10:latest _prefetch $baseimage baseimagef=$(tr -c a-zA-Z0-9.- - <<< "$baseimage") # create the directories that we need diff --git a/tests/conformance/README.md b/tests/conformance/README.md index 0bd09a78749..964d1fb8fc3 100644 --- a/tests/conformance/README.md +++ b/tests/conformance/README.md @@ -21,10 +21,11 @@ bash docker pull mirror.gcr.io/golang docker pull mirror.gcr.io/alpine docker pull mirror.gcr.io/busybox +docker pull quay.io/fedora/python-311:latest docker pull quay.io/libpod/centos:7 -docker pull registry.fedoraproject.org/fedora-minimal:42-aarch64 -docker pull registry.fedoraproject.org/fedora-minimal:42-x86_64 -docker pull registry.fedoraproject.org/fedora-minimal +docker pull quay.io/libpod/ubuntu:latest +docker pull quay.io/libpod/busybox@sha256:32968e717e29f79e5b889721908b3be6d1573992e1f3ba4c9a41718e2728458c +docker pull quay.io/libpod/busybox@sha256:1faaf7a75319417261267b3dcef6a2b14c8c5122d7fcc7abeb07a32bc19728fd ``` This test program is used as input in a few of the conformance tests: diff --git a/tests/conformance/testdata/header-builtin/Dockerfile b/tests/conformance/testdata/header-builtin/Dockerfile index 31ca816ef9d..01816b3920c 100644 --- a/tests/conformance/testdata/header-builtin/Dockerfile +++ b/tests/conformance/testdata/header-builtin/Dockerfile @@ -1,15 +1,15 @@ -# if TARGETARCH is defined, we'l pull the x86_64 image -FROM registry.fedoraproject.org/fedora-minimal:42${TARGETARCH:+-x86_64} AS amd64 -# if TARGETARCH is defined, we'l pull the aarch64 image -FROM registry.fedoraproject.org/fedora-minimal:42${TARGETARCH:+-aarch64} AS arm64 +# if TARGETARCH is defined, we'll pull the amd64 image from quay.io/libpod/busybox:glibc, otherwise we'll get the native one +FROM quay.io/libpod/busybox${TARGETARCH:+@sha256:32968e717e29f79e5b889721908b3be6d1573992e1f3ba4c9a41718e2728458c} AS amd64 +# if TARGETARCH is defined, we'll pull the arm64 image from quay.io/libpod/busybox:glibc, otherwise we'll get the native one +FROM quay.io/libpod/busybox${TARGETARCH:+@sha256:1faaf7a75319417261267b3dcef6a2b14c8c5122d7fcc7abeb07a32bc19728fd} AS arm64 -# run "file" against both shared libraries -FROM registry.fedoraproject.org/fedora-minimal AS native +# run "readelf" against both shared libraries from any image that comes with it +FROM quay.io/fedora/python-311:latest AS native +USER 0:0 COPY --from=amd64 /lib64/libc.so.6 /libc-amd64 COPY --from=arm64 /lib64/libc.so.6 /libc-arm64 -RUN microdnf -y install file && microdnf -y clean all -RUN file /libc-* | tee /libc-types.txt && touch -d @0 /libc-types.txt +RUN readelf -h /libc-* | grep -i machine: | sort -u | tee /libc-types.txt && touch -d @0 /libc-types.txt -# expect them to have different target architectures listed in their ELF headers -FROM registry.fedoraproject.org/fedora-minimal +# expect to have read two different "Machine:" values from library headers +FROM scratch COPY --from=native /libc-types.txt / diff --git a/tests/copy.bats b/tests/copy.bats index 40a7a3e0165..abd39d5cbc4 100644 --- a/tests/copy.bats +++ b/tests/copy.bats @@ -534,8 +534,8 @@ parents/y/b.txt" @test "copy-preserving-extended-attributes" { createrandom ${TEST_SCRATCH_DIR}/randomfile - # if we need to change which image we use, any image that can provide a working setattr/setcap/getfattr will do - image="quay.io/libpod/ubuntu" + # if we need to change which image we use, any image that includes working setattr/setcap/getfattr will do + image=registry.access.redhat.com/ubi10 if ! which setfattr > /dev/null 2> /dev/null; then skip "setfattr not available, unable to check if it'll work in filesystem at ${TEST_SCRATCH_DIR}" fi @@ -549,8 +549,6 @@ parents/y/b.txt" _prefetch $image run_buildah from --quiet $WITH_POLICY_JSON $image first="$output" - run_buildah run $first apt-get -y update - run_buildah run $first apt-get -y install attr libcap2-bin run_buildah copy $first ${TEST_SCRATCH_DIR}/randomfile / # set security.capability run_buildah run $first setcap cap_setuid=ep /randomfile @@ -559,8 +557,6 @@ parents/y/b.txt" # copy the file to a second container run_buildah from --quiet $WITH_POLICY_JSON $image second="$output" - run_buildah run $second apt-get -y update - run_buildah run $second apt-get -y install attr run_buildah copy --from $first $second /randomfile / # compare what the extended attributes look like. if we're on a system with SELinux, there's a label in here, too run_buildah run $first sh -c "getfattr -d -m . --absolute-names /randomfile | grep -v ^security.selinux | sort"