Standardize on OCI images in test-suite #2733
Conversation
|
OK, fixed a few typos and thinkos in the commit messages 😄 |
|
Hmm. I'm getting a LOT of failures when running this as "make check" locally on F38, before and after doing an 'rm -rf *' of the entire build tree:
Stuff like:
Hmm okay, that happens when you build with Another random observation: mktree.docker seems to be suffering from a minor schizophrenia, because it mostly talks about Podman inside 😅 Maybe it should be mktree.oci instead? |
Ugh, I haven't tested the non-default (
The symlink really is meant as just a silly "shortcut" for something like (in the CI): But I agree, |
|
BTW, we could just use Podman in the CI now, too. The Ubuntu version deployed there is recent enough to have Podman in a recent-ish version, too, and is even installed by default. The only "advantage" (or rather a side effect) of Docker is that it must run with root privileges, in which case we get that one test covered which is normally disabled in unprivileged containers because it needs to create devices (or something like that, don't remember exactly). But we could do the same with Podman, I believe, just running it as root in that VM. |
|
Hmm, so I just tried a build with |
|
Could you please try a completely new build in a separate build dir? Just to rule out any local build configuration. |
|
Oh, you mentioned you recreated the entire build tree (not just |
|
Hmm, I'll retest after lunch. I also have |
|
I guess you need to do that 'rm -rf *' of the build tree for the prefix to really take effect - that way I can reliably reproduce the failures. Looking at the build log makes it kinda obvious what is going on. With a ...but then the build itself is expecting to be in /usr prefix due to the "outside" configuration, and at that point its no wonder it fails. |
|
I actually did precisely that, removed the whole build dir and created it from scratch, and yet, it works 😆 But, one important difference perhaps is that I did not configure anything besides the prefix, i.e: Did you use some other cmake options too? |
|
OK, tried with a couple more config options, namely: ... and it worked for me, too. Strange, strange... |
|
Okay with offline debugging with @dmnks , the difference came from me not having
After installing buildah that changes to ON, and the test-suite passes. So the apparent configuration leakage is an issue only in the non-native mode. |
|
Indeed, sorry for not pointing that (new requirement) out in the beginning, somehow that didn't even cross my mind 😄 I can now reproduce this in non-native mode with a different prefix. Something is leaking into the image even if it shouldn't. Will fix. Meanwhile, I'm thinking if we shouldn't just use Podman to apply the RPM layer on top of the base layer, instead of Buildah. Podman allows that too, just needs one extra step or so. |
|
In general, less build dependencies is better but only if skipping buildah is truly trivial. I don't want us to sink yet more time into that. |
|
Just FTR, culprit found, it's because the |
Don't symlink rpmtests itself, we can run it directly from the installation directory in the test tree. This eliminates some extra cd-ing. No functional change.
This invokes an interactive shell in a dummy test where all the usual test commands work, and is meant as a replacement for what mktree.fedora currently does for its shell/atshell commands. This feature basically emulates a single test so it really belongs to the rpmtests wrapper, not mktree. For consistency, also do the permission fixup for rpmtests.dir (just like in mktree.fedora), this will be needed once we drop mktree.fedora.
Log mode is mostly useful in the CI environment so don't enable it by default. This is another step towards the unified OCI backend. No functional change.
This is another step towards the unified OCI backend, no functional change yet.
Right now, we build and tag a new image on each mktree.podman run. This causes an unnecessary buildup of images over time that needs to be manually cleaned with podman-image-prune(1). Instead, tag the base layer and then only rebuild the RPM layer.
Rename the existing Dockerfile and add a symlink for the original filename. This will allow for supporting other, non-Fedora, Linux distros in the future and is a prerequisite for the next commits.
Instead of building RPM from scratch as part of the image, allow for reusing the existing build artifacts on the host to produce the final image. This ensures we test the actual local build, not just the sources, and speeds up the whole process, allowing it to be used for local development as well. No immediate effect, we'll hook this up to cmake in the next commit.
Instead of manually bootstrapping our own base "image" using a host specific script, just use the official, prebuilt OCI images with Podman/Docker. This has several advantages: - Standard, ubiquitous OCI images (easy support for other distros) - No manual setup of DNF, RPM macros, user namespaces and whatnot - Single recipe (Dockerfile) for both the local and CI purposes - Outsourced image caching (Podman/Docker storage) - Faster (just downloads the prebuilt image) - Less dependencies on the host Now that we've prepared mktree.podman for local use, just switch to it in cmake and drop the Fedora backend. Update the docs and comments accordingly, too, those should explain the details. Fixes: rpm-software-management#2643
Commit 09e4720 moved the snapshot function to mktree.common so that we could later use it in non-cmake mode (outside of the build directory) too, to containerize rpmtests itself. In the end, however, we've decided to just use Podman/Docker for the outer container as it simplifies things. Therefore, the snapshot function is no longer needed outside of the test-suite, it's an internal implementation detail at this point which doesn't have anything to do with mktree, so move it back to atlocal where it really belongs. As a bonus, the rpmtests wrapper can now be simplified a bit more, too. No functional change.
These are bashism, not really needed.
Turns out the docker command in CI is set up such that it doesn't need an explicit sudo, so remove it. This will also allow us to easily pass environment variables to mktree in the next commit (as otherwise we'd have to use the ugly -E, --preserve-env option). No functional change.
This name is a better fit as it puts more emphasis on the format of the resulting tree, not as much on the actual container engine used (which can be swapped, and currently is in the CI where we use docker instead of podman). Also drop the awkward .docker symlink now and instead pass the container engine through the MKTREE_ENGINE environment variable.
|
Fixed version pushed:
|
|
Works for me 👍 |
This replaces per-distro backends (currently only
mktree.fedora) with a universal OCI-based backend. It's based on the originalmktree.podmanbut enhanced to work for native development, too. Related refactorings are included.See the commit messages for details.
Fixes: #2643