This branch will never receive any security-backports when the
associated RHEL release reaches EOL. Add a condition to force CI to
break with a helpful message, after this RHEL EOL date.
Signed-off-by: Chris Evich <cevich@redhat.com>
- Add a prompt to the skopeo commands.
- Add a "console" identifier to fenced code
blocks which has a prompt, not "sh".
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
Use (podman unshare) as already suggested, it is necessary for an unprivileged
user to remove the temporary c/storage state. OTOH it doesn't work with Docker at all.
Don't use the - prefix, it only works at the _start_ of a rule, not in the middle of
a multi-line shell script.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
- Don't do it at all for the CI VM: We can use the
VM's global Podman configuration, and use faster overlay
instead of vfs, so let's do that.
- For the developer-run (make test-system):
- Add graphroot and runroot paths to make the configuration minimally valid
- Explicitly point CONTAINERS_STORAGE_CONF at the configutation
to be certain it will get used.
Then drop the (podman pull ...) in runner.sh:_podman_reset that seemed to
previously workaround the invalid /etc/containers/storage.conf .
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
The containers/image CI setup reuses the runner script from this repo to
execute the skopeo tests. However, an env. var. is being taken out of
context in that environment, leading to failure. Fix this by
hard-coding an image-name which will always be available in both
environments.
Signed-off-by: Chris Evich <cevich@redhat.com>
This is necessary, since running the skopeo tests modifies the host
environment. This can result in some warning messages the first time
a container is started. These messages can interfere with tests which
are sensitive to stdout/stderr. Since many/most tests require a local
image registry, launch it with `/bin/true` after doing a system reset
to clear away any pesky warning messages.
Signed-off-by: Chris Evich <cevich@redhat.com>
For whatever reasons, the podman configuration in CI results in the
inspect test throwing the following error:
```
not ok 4 inspect: image manifest list w/ diff platform
125
configuration is unset - using hardcoded default graph root
\"/var/lib/containers/storage\""
configuration is unset - using hardcoded default graph root
\"/var/lib/containers/storage\""
StoreOptions
```
Fix this by not using `podman`. It's unnecessary, since all the test
needs is the golang-flavor of the current system's architecture name.
That can easily be obtained by asking the go tool directly.
Signed-off-by: Chris Evich <cevich@redhat.com>
These are already present in the VM images. These instructions only
cause the DNF cache to be refreshed, wasting precious developer time.
Signed-off-by: Chris Evich <cevich@redhat.com>
(skopeo copy) and (skopeo sync) now support --sign-by-sigstore=param-file,
using the containers-sigstore-signing-params.yaml(5) file format.
That notably adds support for Fulcio and Rekor signing.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
