diff --git a/buildah.spec b/buildah.spec
index 08c0c4e..945a4cb 100644
--- a/buildah.spec
+++ b/buildah.spec
@@ -21,7 +21,7 @@ go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl
 Epoch: 1
 Name: buildah
 Version: 1.24.0
-Release: 0.42%{?dist}
+Release: 0.43%{?dist}
 Summary: A command line tool used for creating OCI Images
 License: ASL 2.0
 URL: https://%{name}.io
@@ -131,6 +131,10 @@ make DESTDIR=%{buildroot} PREFIX=%{_prefix} -C docs install
 %{_datadir}/%{name}/test
 
 %changelog
+* Thu Jan 06 2022 Jindrich Novy <jnovy@redhat.com> - 1:1.24.0-0.43
+- add required test files
+- Related: #2000051
+
 * Thu Jan 06 2022 Jindrich Novy <jnovy@redhat.com> - 1:1.24.0-0.42
 - basically, bring in from RHEL8 container-tools module,
   remove podman & skopeo, and bang at it until it works. (Ed Santiago)
diff --git a/tests/roles/bats_installed/tasks/main.yml b/tests/roles/bats_installed/tasks/main.yml
new file mode 100644
index 0000000..00010b6
--- /dev/null
+++ b/tests/roles/bats_installed/tasks/main.yml
@@ -0,0 +1,12 @@
+---
+# Sigh; RHEL8 doesn't have BATS
+- name: bats | fetch and unpack tarball
+  unarchive:
+    src: https://github.com/bats-core/bats-core/archive/v1.5.0.tar.gz
+    dest: /root
+    remote_src: true
+
+- name: bats | install
+  command: ./install.sh /usr/local
+  args:
+    chdir: /root/bats-core-1.5.0
diff --git a/tests/roles/run_bats_tests/files/helper.buildah-root.sh b/tests/roles/run_bats_tests/files/helper.buildah-root.sh
new file mode 100644
index 0000000..118c193
--- /dev/null
+++ b/tests/roles/run_bats_tests/files/helper.buildah-root.sh
@@ -0,0 +1,38 @@
+#!/bin/bash
+#
+# setup and teardown helpers for buildah test
+#
+
+function setup() {
+    REGISTRY_FQIN=quay.io/libpod/registry:2
+
+    AUTHDIR=/tmp/buildah-tests-auth.$$
+    mkdir -p $AUTHDIR
+
+    CERT=$AUTHDIR/domain.crt
+    if [ ! -e $CERT ]; then
+        openssl req -newkey rsa:4096 -nodes -sha256 \
+                -keyout $AUTHDIR/domain.key -x509 -days 2 \
+                -out $AUTHDIR/domain.crt \
+                -subj "/C=US/ST=Foo/L=Bar/O=Red Hat, Inc./CN=registry host certificate" \
+                -addext subjectAltName=DNS:localhost
+    fi
+
+    if [ ! -e $AUTHDIR/htpasswd ]; then
+        htpasswd -Bbn testuser testpassword > $AUTHDIR/htpasswd
+    fi
+
+    podman run -d -p 5000:5000 \
+           --name registry \
+           -v $AUTHDIR:/auth:Z \
+           -e "REGISTRY_AUTH=htpasswd" \
+           -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
+           -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
+           -e REGISTRY_HTTP_TLS_CERTIFICATE=/auth/domain.crt \
+           -e REGISTRY_HTTP_TLS_KEY=/auth/domain.key \
+           $REGISTRY_FQIN
+}
+
+function teardown() {
+    podman rm -f registry
+}
diff --git a/tests/roles/run_bats_tests/files/run_bats_tests.sh b/tests/roles/run_bats_tests/files/run_bats_tests.sh
new file mode 100755
index 0000000..d5ed4ff
--- /dev/null
+++ b/tests/roles/run_bats_tests/files/run_bats_tests.sh
@@ -0,0 +1,103 @@
+#!/bin/bash
+#
+# Run bats tests for a given $TEST_PACKAGE, e.g. buildah, podman
+#
+# This is invoked by the 'run_bats_tests' role; we assume that
+# the package foo has a foo-tests subpackage which provides the
+# directory /usr/share/foo/test/system, containing one or more .bats
+# test files.
+#
+
+export PATH=/usr/local/bin:/usr/sbin:/usr/bin
+
+# Keep all logs in /tmp/artifacts - this seems to be an undocumented
+# (and therefore dangerous and unreliable) convention of the Standard
+# Test Roles package. As of 2020-05 we have to coexist with cockpit
+# which uses standard-test-basic, which means we need to conform to
+# its conventions.
+# We rely on our parent playbook to create /tmp/artifacts and make it
+# world-writable so nonroot tests can use it.
+TEST_LOG_TXT=/tmp/artifacts/test.log
+TEST_LOG_YML=/tmp/artifacts/results.yml
+
+# "podman root" -> "podman-root"
+testname_oneword=${TEST_NAME// /-}
+
+FULL_LOG=/tmp/artifacts/test.${testname_oneword}.debug.log
+BATS_LOG=/tmp/artifacts/test.${testname_oneword}.bats.log
+rm -f $FULL_LOG $BATS_LOG
+touch $FULL_LOG $BATS_LOG
+
+exec &> $FULL_LOG
+
+# Log program versions
+echo "Packages:"
+(
+    uname -r
+    rpm -qa |\
+        egrep 'buildah|conmon|container|crun|iptable|podman|runc|skopeo|slirp|systemd' |\
+        sort
+) | sed -e 's/^/  /'
+
+echo "------------------------------"
+printenv | sort
+
+testdir=/usr/share/${TEST_PACKAGE}/test/system
+
+if ! cd $testdir; then
+    echo "FAIL ${TEST_NAME} : cd $testdir"      >> $TEST_LOG_TXT
+    echo "- { test: '${TEST_NAME}', result: error, logs: [ $(basename $FULL_LOG) ] }" >> $TEST_LOG_YML
+    exit 0
+fi
+
+if [ -e /tmp/helper.sh ]; then
+    echo "------------------------------"
+    echo ". /tmp/helper.sh"
+    . /tmp/helper.sh
+fi
+
+if [ "$(type -t setup)" = "function" ]; then
+    echo "------------------------------"
+    echo "\$ setup"
+    setup
+    if [ $? -ne 0 ]; then
+        echo "FAIL ${TEST_NAME} : setup"       >> $TEST_LOG_TXT
+        echo "- { test: '${TEST_NAME}', result: error, logs: [ $(basename $FULL_LOG) ] }" >> $TEST_LOG_YML
+        exit 0
+    fi
+fi
+
+echo "------------------------------"
+echo "\$ bats ."
+bats . &> $BATS_LOG
+rc=$?
+
+echo "------------------------------"
+echo "bats completed with status $rc"
+
+status=PASS
+if [ $rc -ne 0 ]; then
+    status=FAIL
+fi
+
+echo "${status} ${TEST_NAME}" >> $TEST_LOG_TXT
+
+# Append a stanza to results.yml
+(
+    echo "- test: ${TEST_NAME}"
+    # pass/fail - the ',,' (comma comma) converts to lower-case
+    echo "  result: ${status,,}"
+    echo "  logs:"
+    echo "  - $(basename $BATS_LOG)"
+    echo "  - $(basename $FULL_LOG)"
+)  >> $TEST_LOG_YML
+
+
+if [ "$(type -t teardown)" = "function" ]; then
+    echo "------------------------------"
+    echo "\$ teardown"
+    teardown
+fi
+
+# FIXME: for CI purposes, always exit 0. This allows subsequent tests.
+exit 0
diff --git a/tests/roles/run_bats_tests/tasks/main.yml b/tests/roles/run_bats_tests/tasks/main.yml
new file mode 100644
index 0000000..ef97d3a
--- /dev/null
+++ b/tests/roles/run_bats_tests/tasks/main.yml
@@ -0,0 +1,50 @@
+---
+# Create a directory for artifacts on remote host
+- name: create remote artifacts directory
+  file:
+    path: /tmp/artifacts
+    state: directory
+    mode: 0777
+
+# Create empty results file, world-writable so rootless test can log to it
+- name: initialize test.log file
+  copy: dest=/tmp/artifacts/test.log content='' force=yes mode=0666
+
+# Same with results.yml file
+- name: initialize results.yml file
+  copy: dest=/tmp/artifacts/results.yml content='results:\n' force=yes mode=0666
+
+- name: execute tests
+  include: run_one_test.yml
+  with_items: "{{ tests }}"
+  loop_control:
+    loop_var: test
+
+- name: pull test.log and results.yml
+  fetch:
+    src: "{{ item }}"
+    dest: "{{ artifacts }}/"
+    flat: yes
+  with_items:
+    - /tmp/artifacts/test.log
+    - /tmp/artifacts/results.yml
+
+# Copied from standard-test-basic
+- name: check results
+  shell: grep "^FAIL" /tmp/artifacts/test.log
+  register: test_fails
+  # Never fail at this step. Just store result of tests.
+  failed_when: False
+
+- name: preserve results
+  set_fact:
+    role_result_failed: "{{ (test_fails.stdout|d|length > 0) or (test_fails.stderr|d|length > 0) }}"
+    role_result_msg: "{{ test_fails.stdout|d('tests failed.') }}"
+
+- name: display results
+  vars:
+    msg: |
+       Tests failed: {{ role_result_failed|d('Undefined') }}
+       Tests msg: {{ role_result_msg|d('None') }}
+  debug:
+    msg: "{{ msg.split('\n') }}"
diff --git a/tests/roles/run_bats_tests/tasks/run_one_test.yml b/tests/roles/run_bats_tests/tasks/run_one_test.yml
new file mode 100644
index 0000000..00d5291
--- /dev/null
+++ b/tests/roles/run_bats_tests/tasks/run_one_test.yml
@@ -0,0 +1,52 @@
+---
+- name: "{{ test.name }} | install test packages"
+  dnf: name="{{ test.package }}-tests" state=installed
+
+- name: "{{ test.name }} | define helper variables"
+  set_fact:
+    test_name_oneword: "{{ test.name | replace(' ','-') }}"
+
+# UGH. This is necessary because our caller sets some environment variables
+# and we need to set a few more based on other caller variables; then we
+# need to combine the two dicts when running the test. This seems to be
+# the only way to do it in ansible.
+- name: "{{ test.name }} | define local environment"
+  set_fact:
+    local_environment:
+      TEST_NAME:    "{{ test.name }}"
+      TEST_PACKAGE: "{{ test.package }}"
+      TEST_ENV:     "{{ test.environment }}"
+
+- name: "{{ test.name }} | setup/teardown helper | see if exists"
+  local_action: stat path={{ role_path }}/files/helper.{{ test_name_oneword }}.sh
+  register: helper
+
+- name: "{{ test.name }} | setup/teardown helper | install"
+  copy: src=helper.{{ test_name_oneword }}.sh dest=/tmp/helper.sh
+  when: helper.stat.exists
+
+- name: "{{ test.name }} | run test"
+  script: ./run_bats_tests.sh
+  args:
+    chdir: /usr/share/{{ test.package }}/test/system
+  become: "{{ true if test.become is defined else false }}"
+  become_user: testuser
+  environment: "{{ local_environment | combine(test.environment) }}"
+
+- name: "{{ test.name }} | pull logs"
+  fetch:
+    src: "/tmp/artifacts/test.{{ test_name_oneword }}.{{ item }}.log"
+    dest: "{{ artifacts }}/"
+    flat: yes
+  with_items:
+    - bats
+    - debug
+
+- name: "{{ test.name }} | remove remote logs and helpers"
+  file:
+    dest=/tmp/{{ item }}
+    state=absent
+  with_items:
+    - artifacts/test.{{ test_name_oneword }}.bats.log
+    - artifacts/test.{{ test_name_oneword }}.debug.log
+    - helper.sh