1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
|
package main
import (
"fmt"
"os"
"os/exec"
"path/filepath"
"runtime"
"strings"
"testing"
"github.com/docker/docker/testutil/fixtures/load"
"gotest.tools/v3/assert"
)
func ensureSyscallTest(c *testing.T) {
defer testEnv.ProtectImage(c, "syscall-test:latest")
// If the image already exists, there's nothing left to do.
if testEnv.HasExistingImage(c, "syscall-test:latest") {
return
}
// if no match, must build in docker, which is significantly slower
// (slower mostly because of the vfs graphdriver)
if testEnv.OSType != runtime.GOOS {
ensureSyscallTestBuild(c)
return
}
tmp, err := os.MkdirTemp("", "syscall-test-build")
assert.NilError(c, err, "couldn't create temp dir")
defer os.RemoveAll(tmp)
gcc, err := exec.LookPath("gcc")
assert.NilError(c, err, "could not find gcc")
tests := []string{"userns", "ns", "acct", "setuid", "setgid", "socket", "raw"}
for _, test := range tests {
out, err := exec.Command(gcc, "-g", "-Wall", "-static", fmt.Sprintf("../contrib/syscall-test/%s.c", test), "-o", fmt.Sprintf("%s/%s-test", tmp, test)).CombinedOutput()
assert.NilError(c, err, string(out))
}
if runtime.GOOS == "linux" && runtime.GOARCH == "amd64" {
out, err := exec.Command(gcc, "-s", "-m32", "-nostdlib", "-static", "../contrib/syscall-test/exit32.s", "-o", tmp+"/"+"exit32-test").CombinedOutput()
assert.NilError(c, err, string(out))
}
dockerFile := filepath.Join(tmp, "Dockerfile")
content := []byte(`
FROM debian:bullseye-slim
COPY . /usr/bin/
`)
err = os.WriteFile(dockerFile, content, 0600)
assert.NilError(c, err)
var buildArgs []string
if arg := os.Getenv("DOCKER_BUILD_ARGS"); strings.TrimSpace(arg) != "" {
buildArgs = strings.Split(arg, " ")
}
buildArgs = append(buildArgs, []string{"-q", "-t", "syscall-test", tmp}...)
buildArgs = append([]string{"build"}, buildArgs...)
dockerCmd(c, buildArgs...)
}
func ensureSyscallTestBuild(c *testing.T) {
err := load.FrozenImagesLinux(testEnv.APIClient(), "debian:bullseye-slim")
assert.NilError(c, err)
var buildArgs []string
if arg := os.Getenv("DOCKER_BUILD_ARGS"); strings.TrimSpace(arg) != "" {
buildArgs = strings.Split(arg, " ")
}
buildArgs = append(buildArgs, []string{"-q", "-t", "syscall-test", "../contrib/syscall-test"}...)
buildArgs = append([]string{"build"}, buildArgs...)
dockerCmd(c, buildArgs...)
}
func ensureNNPTest(c *testing.T) {
defer testEnv.ProtectImage(c, "nnp-test:latest")
// If the image already exists, there's nothing left to do.
if testEnv.HasExistingImage(c, "nnp-test:latest") {
return
}
// if no match, must build in docker, which is significantly slower
// (slower mostly because of the vfs graphdriver)
if testEnv.OSType != runtime.GOOS {
ensureNNPTestBuild(c)
return
}
tmp, err := os.MkdirTemp("", "docker-nnp-test")
assert.NilError(c, err)
gcc, err := exec.LookPath("gcc")
assert.NilError(c, err, "could not find gcc")
out, err := exec.Command(gcc, "-g", "-Wall", "-static", "../contrib/nnp-test/nnp-test.c", "-o", filepath.Join(tmp, "nnp-test")).CombinedOutput()
assert.NilError(c, err, string(out))
dockerfile := filepath.Join(tmp, "Dockerfile")
content := `
FROM debian:bullseye-slim
COPY . /usr/bin
RUN chmod +s /usr/bin/nnp-test
`
err = os.WriteFile(dockerfile, []byte(content), 0600)
assert.NilError(c, err, "could not write Dockerfile for nnp-test image")
var buildArgs []string
if arg := os.Getenv("DOCKER_BUILD_ARGS"); strings.TrimSpace(arg) != "" {
buildArgs = strings.Split(arg, " ")
}
buildArgs = append(buildArgs, []string{"-q", "-t", "nnp-test", tmp}...)
buildArgs = append([]string{"build"}, buildArgs...)
dockerCmd(c, buildArgs...)
}
func ensureNNPTestBuild(c *testing.T) {
err := load.FrozenImagesLinux(testEnv.APIClient(), "debian:bullseye-slim")
assert.NilError(c, err)
var buildArgs []string
if arg := os.Getenv("DOCKER_BUILD_ARGS"); strings.TrimSpace(arg) != "" {
buildArgs = strings.Split(arg, " ")
}
buildArgs = append(buildArgs, []string{"-q", "-t", "npp-test", "../contrib/nnp-test"}...)
buildArgs = append([]string{"build"}, buildArgs...)
dockerCmd(c, buildArgs...)
}
|
