[buildstream] 09/10: .gitlab-ci.yml: Add job to test buildbox-run-userchroot

Tue, 29 Dec 2020 04:37:37 -0800 

This is an automated email from the ASF dual-hosted git repository.

not-in-ldap pushed a commit to branch tlater/buildbox-run-userchroot
in repository https://gitbox.apache.org/repos/asf/buildstream.git

commit 15cb07dd6f97a31751057a80f6e8610d26e789fb
Author: Jürg Billeter <[email protected]>
AuthorDate: Thu Nov 7 11:23:36 2019 +0100

    .gitlab-ci.yml: Add job to test buildbox-run-userchroot
---
 .gitlab-ci.yml | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 10cec8f..82fa7d3 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -124,6 +124,40 @@ tests-buildbox-run:
   variables:
     BST_FORCE_SANDBOX: "buildbox-run"
 
+tests-userchroot:
+  image: 
registry.gitlab.com/buildstream/buildstream-docker-images/testsuite-fedora:31-${DOCKER_IMAGE_VERSION}
+  <<: *tests
+  variables:
+    BST_FORCE_SANDBOX: "buildbox-run"
+    BST_CAS_STAGING_ROOT: "/builds/userchroot"
+
+  script:
+    - mkdir -p "${INTEGRATION_CACHE}"
+    - useradd -Um buildstream
+
+    # Use buildbox-run-userchroot and hardlinking
+    - ln -svf buildbox-run-userchroot /usr/local/bin/buildbox-run
+    - rm -vf /usr/local/bin/buildbox-fuse
+
+    # When using userchroot, buildbox-casd must run as a separate user
+    - useradd -g buildstream buildbox-casd
+    - chown buildbox-casd:buildstream /usr/local/bin/buildbox-casd
+    - chmod u+s /usr/local/bin/buildbox-casd
+
+    # Set up staging root with permissions required by userchroot,
+    # must be on same filesystem as current directory to support hardlinks
+    - mkdir -p "${BST_CAS_STAGING_ROOT}"
+    - chown -R buildbox-casd:buildstream "${BST_CAS_STAGING_ROOT}"
+    # userchroot doesn't allow group/world-writable base directory
+    - chmod go-w /builds
+    - echo buildbox-casd:${BST_CAS_STAGING_ROOT} > /etc/userchroot.conf
+
+    - chown -R buildstream:buildstream .
+
+    # Run the tests as a simple user to test for permission issues
+    - su buildstream -c "umask 002 && ${TEST_COMMAND}"
+    - su buildstream -c "umask 002 && ${EXTERNAL_TESTS_COMMAND}"
+
 tests-fedora-missing-deps:
   # Ensure that tests behave nicely while missing bwrap and ostree
   image: 
registry.gitlab.com/buildstream/buildstream-docker-images/testsuite-fedora:31-${DOCKER_IMAGE_VERSION}
@@ -415,6 +449,7 @@ coverage:
   - tests-remote-execution
   - tests-ubuntu-18.04
   - tests-unix
+  - tests-userchroot
   except:
   - schedules
   artifacts:

Reply via email to