Toolbx's system tests download several images when setting up the test
suite, and cache them for later use by the tests [1]. This saves time
and avoids hitting rate limits imposed by OCI registries by not
downloading the same images repeatedly for several tests, but at the
cost of increased use of storage space to cache the images.
The images are cached under BATS_TMPDIR. It defaults to the TMPDIR
environment variable, and if that's not set then to /tmp [2]. Normally,
TMPDIR isn't set, and the images end up getting cached under /tmp. Now,
/tmp is typically on tmpfs backed by RAM or swap, which means that it
should be used for smaller size-bounded files only, and /var/tmp should
be used for everything else [3].
The images are big enough that a collection of them can't be described
as smaller and size-bounded, and it led to:
1..306
# test suite: Set up
# test suite: Tear down
not ok 1 setup_suite
# (from function `setup_suite' in test file ./setup_suite.bash, line
55)
# `_pull_and_cache_distro_image fedora "$((system_version-1))" ||
false' failed
# Failed to cache image registry.fedoraproject.org/fedora-toolbox:40
to /tmp/bats-run-IPz4Cn/image-cache/fedora-toolbox-40
# time="2024-02-19T11:41:43Z" level=fatal msg="copying system image
from manifest list: writing blob: write
/tmp/bats-run-IPz4Cn/image-cache/fedora-toolbox-40/dir-put-blob607392514:
no space left on device"
# bats warning: Executed 1 instead of expected 306 tests
So, change the default location of the BATS_TMPDIR environment variable
to /var/tmp by setting TMPDIR.
[1] Toolbx commit 50683c9d9a78adc9
https://github.com/containers/toolbox/commit/50683c9d9a78adc9https://github.com/containers/toolbox/pull/375
[2] https://bats-core.readthedocs.io/en/stable/writing-tests.html
[3] https://systemd.io/TEMPORARY_DIRECTORIES/
Resolves: RHEL-61578
It clarifies that %golang_arches_future are meant for RHEL 10, and drops
the custom /etc/containers/toolbox.conf from RHEL 10.
There's no need to do a build just for this.
Resolves: RHEL-19772
There's no need to pass the --buildtype=plain option to the %meson RPM
macro, because it's one of the default options used by the macro.
There's no need to do a build just for this.
Fallout from ca4846e684Resolves: #2165742
This commit resolves both bugs 2116786 and 2126772. However, since the
latter doesn't have all approvals yet, it's not listed below. Else,
the check-gitbz test will fail and block this from getting merged.
Resolves: #2116786
Toolbx doesn't seem to directly use any cryptography, but go.sum does
list golang.org/x/crypto, which indicates that it's present somewhere
in the dependency chain.
Looking inside the vendored sources, there doesn't seem to be any
actual use of golang.org/x/crypto but it's still listed in the go.sum
files of some of the packages.
Interestingly, github.com/godbus/dbus does use crypto/rand and
crypto/sha1, and the former is a cryptographically secure random number
generator [1], but note that these aren't part of golang.org/x/crypto.
Anyway, it's better and easier to just rebuild the package than trying
to decipher if Toolbx is affected by the FIPS-mode memory leak in the
Go toolchain that affects cryptographic code.
[1] https://pkg.go.dev/crypto/randResolves: #2060769
The test suite should use the latest build of the image for any given
RHEL minor release. Otherwise, it won't detect any breakage caused by
changes to the image.
Resolves: #2000807
The RPM installs /etc/containers/toolbox.conf with its permissions set
to 0644, and there's no reason for the test suite to deviate from that.
Resolves: #2000807
