This is the exception type raised by OSTree if the checkout fails. I've
observed while running out of space on /var and the installation left
the incomplete checkout for the container.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1116
Approved by: ashcrow
Fix test failures after updating papr to test with f26 atomic/cloud
images instead of f25, with the following changes:
1. Remove dependency on docker hub tester image. Instead, mimic
what ostree/rpm-ostree does and use a recursive .papr.sh script
to install the necessary packages to the base f26 image in the
fedora registry. This fixes tests on the atomic host since python3.6
is being used, and prevents future tests from testing the wrong
version. (Note this is slightly slower due to having to install
packages during the test rather than using a pre-built image).
2. Fix some pylint errors, and mask others for now
3. Fix failing integration tests due to inter-test interference
4. Remove unnecessary deepcopy in container filter
5. Add compatibility for both c-s-s and d-s-s in storage
6. Update expected sha256 values for dockertar test
Remaining issues:
1. test_storage should possibly be reworked. The current test
setup is conflicting with the new default of overlay as a driver.
For now, the test for generated d-s-s is disabled.
2. some storage commands are still using "docker-storage-setup"
instead of "container-storage-setup". There is a backward
compatible check in place that should be reworked in the future
3. some masked pylint errors should be further investigated
4. keep the dockerfile for the project atomic tester image for now
(bump to 26), since its a little easier and faster to set up with
Signed-off-by: Yu Qi Zhang <jerzhang@redhat.com>
Closes: #1076
Approved by: baude
Sometimes I don't want to wait for pylint to complete. Add a new
makefile rule that launches directly the tests suite.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #949
Approved by: baude
Making it easier for dev and test to be able to build and
install from git on an atomic os.
sudo make install-on-atomicos
Closes: #854
Approved by: baude
now that we store the raw manifest, there are two "digest" fields both
lowercase. Replace the sed script with a python script that parses
the JSON document.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #779
Approved by: rhatdan
Run tests in a vagrant session (w/libvirt for now). This allows
the tests to occur similar to the way our jenkins tests work. Run
make vagrant-check and we created an F24 session and install
the proper deps. We then call the .redhat-ci.sh script inside
the vagrant session and the tests are executed. At this time, you
will need to vagrant halt to shutdown the session when comlete.
By default, the tests will exeute on an instance of fedora-24-atomic.
You can test on Colin's CAHC centos-atomic by:
make vagrant-check BOX=centos_atomic
Closes: #736
Approved by: rhatdan
The default.yaml is useful for out of the box
experience. It allows the user to begin signing
once atomic is install (and they have the proper
gpg requirements).
Note the .spec file will need to be updated to
handle /etc/containers/registries.d/default.yaml.
Closes: #633
Approved by: rhatdan
Doing things this way isn't "reproducible" - it won't work inside a
build system requires offline sources only, like current CAHC does.
gomtree needs to be packaged separately.
Closes: #547
Approved by: rhatdan
Also breakout images handling into a separate python file.
Atomic/images.py
I have switched atomic images generate to generate an images
mtree file for each image in the system.
Closes: #534
Approved by: giuseppe
Integrate go-mtree tool into atomic CLI command, `atomic verify -V <imagename>`.
(Note that `gomtree` is still in development and thus we would need some way of
obtaining updated gomtree binaries) When a user does an atomic pull,
validation manifests for that system image's layers are created and stored in
/var/lib/atomic. When user does `atomic verify -V <system image>`, these manifests
are then validated against the image that is on disk (which would be stored in ostree).
Signed-off-by: Stephen Chung <schung@redhat.com>
Closes: #531
Approved by: rhatdan
Use "$PYTHON -m pylint" rather than harcoding a pylint path, which is
more generic and will work regardless of whether pylint was installed by
dnf or pip.
Otherwise you can get nasty issues like pip and RPM stepping on each
other's toes trying to own /usr/bin/pylint. Also,
/usr/bin/python3-pylint is only installed by the RPM package, not by the
pip package.
Closes: #490
Approved by: cgwalters
I don't feel comfortable with running test_storage.sh on my
development machine, so enable it only with ENABLE_DESTRUCTIVE=1.
Tests are marked to be destructive with an inline tag ":destructive-test".
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #392
Approved by: jlebon
Eventually we will not ship any default scanner configurations. Previous
code relied on there always being one (default) defined so improved
error messages and a conditional check was in order.
Closes: #380
Approved by: rhatdan
As more scanners besides openscap become available, atomic
can now begin to leverage them. The new scan function has
been broken out into its on file (scan.py).
The scan command itself now defaults to openscap but can
also be switched to blackduck with --scanner.
Atomic now can use a configuration file which is stored
in /etc/atomic.conf. The location of the atomic conf
file can be overriden with the environment variable
'ATOMIC_CONF'. In the case of the scan function,
we need the scanner defined in the configuration file
as well as the fully qualified image name and the
scan arguments. Optionally, you can provide additional
custom docker arguments for the scanner as well
Also added a touch invocation to allow users to do:
GO_MD2MAN=/bin/true make
This skips building the manuals which helps on systems where getting
the md2man tool is difficult. This is similar to the trick that can be
used for PYLINT:
`PYLINT=/bin/true GO_MD2MAN=/bin/true make` now works.
The `python-build` target lists `atomic` as a prerequisite target.
However, there is no explicit target named 'atomic', so `make` tries to
find any implicit rules that apply. One of the rules that it tries is
whether the unprocessed file is called `atomic.sh`. Since that file
exists, it proceeds by copying `atomic.sh` to `atomic` if e.g.
`atomic.sh` is newer than `atomic`:
Considering target file 'python-build'.
File 'python-build' does not exist.
Considering target file 'atomic'.
<snip>
Found an implicit rule for 'atomic'.
Considering target file 'atomic.sh'.
<snip>
Finished prerequisites of target file 'atomic.sh'.
No need to remake target 'atomic.sh'.
Finished prerequisites of target file 'atomic'.
Prerequisite 'atomic.sh' is newer than target 'atomic'.
Must remake target 'atomic'.
cat atomic.sh >atomic
This patch removes the `atomic` target which does not exist, and also
explicitly makes all the other non-file targets phonies to make sure no
name collisions will happen again (and as a plus, improve performance).
We were only scanning the ./atomic file with pylint. This patch adds all
the other python files to the list. We also add some pylint directives
to suppress some benign errors.
