From a7dd44c7826205a9de2ddcc84470b9caf226a2b7 Mon Sep 17 00:00:00 2001 From: Manuel Naranjo Date: Wed, 24 Nov 2021 12:31:34 +0100 Subject: [PATCH 1/4] [deps] bump rules_docker We need newer rules_docker if we want to run the tests against upstream Bazel --- WORKSPACE | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/WORKSPACE b/WORKSPACE index 7d838a6..817fd13 100644 --- a/WORKSPACE +++ b/WORKSPACE @@ -2,9 +2,9 @@ load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive", "http_file" http_archive( name = "io_bazel_rules_docker", - sha256 = "aed1c249d4ec8f703edddf35cbe9dfaca0b5f5ea6e4cd9e83e99f3b0d1136c3d", - strip_prefix = "rules_docker-0.7.0", - urls = ["https://github.com/bazelbuild/rules_docker/archive/v0.7.0.tar.gz"], + sha256 = "4349f2b0b45c860dd2ffe18802e9f79183806af93ce5921fb12cbd6c07ab69a8", + strip_prefix = "rules_docker-0.21.0", + urls = ["https://github.com/bazelbuild/rules_docker/releases/download/v0.21.0/rules_docker-v0.21.0.tar.gz"], ) load( @@ -14,6 +14,10 @@ load( container_repositories() +load("@io_bazel_rules_docker//repositories:deps.bzl", container_deps = "deps") + +container_deps() + http_file( name = "glibc", sha256 = "573ceb6ad74b919b06bddd7684a29ef75bc9f3741e067fac1414e05c0087d0b6", From 1c2c638700832be2b14fe757fb6665641d17547a Mon Sep 17 00:00:00 2001 From: Manuel Naranjo Date: Wed, 24 Nov 2021 12:47:47 +0100 Subject: [PATCH 2/4] [tests] update dependencies rpms used for tests are archived, updating the URLs --- WORKSPACE | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/WORKSPACE b/WORKSPACE index 817fd13..42db498 100644 --- a/WORKSPACE +++ b/WORKSPACE @@ -21,11 +21,11 @@ container_deps() http_file( name = "glibc", sha256 = "573ceb6ad74b919b06bddd7684a29ef75bc9f3741e067fac1414e05c0087d0b6", - urls = ["https://dl.fedoraproject.org/pub/fedora/linux/releases/28/Everything/x86_64/os/Packages/g/glibc-2.27-8.fc28.x86_64.rpm"], + urls = ["https://archives.fedoraproject.org/pub/archive/fedora/linux/releases/28/Everything/x86_64/os/Packages/g/glibc-2.27-8.fc28.x86_64.rpm"], ) http_file( name = "ca_certificates", sha256 = "dfc3d2bf605fbea7db7f018af53fe0563628f788a40cb1e7f84434606b7b6a12", - urls = ["https://dl.fedoraproject.org/pub/fedora/linux/releases/28/Everything/x86_64/os/Packages/c/ca-certificates-2018.2.22-3.fc28.noarch.rpm"], + urls = ["https://archives.fedoraproject.org/pub/archive/fedora/linux/releases/28/Everything/x86_64/os/Packages/c/ca-certificates-2018.2.22-3.fc28.noarch.rpm"], ) From eb5fd6ffd0b7a3745cc331632ce25d2a4d7ce43f Mon Sep 17 00:00:00 2001 From: Manuel Naranjo Date: Wed, 24 Nov 2021 13:14:33 +0100 Subject: [PATCH 3/4] [tests] check file permissions rpms will have all of it's filed owned by root:root, so let's test for that --- test/configs/allinone.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/test/configs/allinone.yaml b/test/configs/allinone.yaml index 62dd68c..31ef436 100644 --- a/test/configs/allinone.yaml +++ b/test/configs/allinone.yaml @@ -4,14 +4,22 @@ fileExistenceTests: path: '/sbin/ldconfig' shouldExist: true permissions: '-rwxr-xr-x' + uid: 0 + gid: 0 - name: 'rpm database file' path: '/var/lib/rpm/Packages' shouldExist: true permissions: '-rw-r--r--' + uid: 0 + gid: 0 - name: 'readme from ca-certificates' path: '/usr/share/pki/ca-trust-source/README' shouldExist: true permissions: '-rw-r--r--' + uid: 0 + gid: 0 - name: '/etc/test/foo should be there' path: '/etc/test/foo' shouldExist: false + uid: 0 + gid: 0 From a94fc27e229e60bc67945ebe2dacda9eb935044b Mon Sep 17 00:00:00 2001 From: Manuel Naranjo Date: Wed, 24 Nov 2021 13:16:22 +0100 Subject: [PATCH 4/4] [permissions] install through fakeroot Decompressing rpms through fakeroot to preserve file ownership and permissions properly --- rpm/rpm.bzl | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/rpm/rpm.bzl b/rpm/rpm.bzl index df97a33..cb20d77 100644 --- a/rpm/rpm.bzl +++ b/rpm/rpm.bzl @@ -16,17 +16,18 @@ def _rpms_impl(ctx, rpms = None): parent_parts = _get_layers(ctx, ctx.label.name, ctx.attr.base) uncompressed_blobs = parent_parts.get("unzipped_layer", []) uncompressed_layer_args = ["--uncompressed_layer=" + f.path for f in uncompressed_blobs] - rpm_args = ["--rpm=" + f.path for f in rpms] + rpm_args = ["--", rpm_installer.path] + ["--rpm=" + f.path for f in rpms] finaltar = ctx.actions.declare_file(ctx.label.name + "-installed-rpms.tar") target = "--output=%s" % finaltar.path ctx.actions.run( - executable = rpm_installer, + executable = 'fakeroot', arguments = rpm_args + uncompressed_layer_args + [target], inputs = rpms + uncompressed_blobs, outputs = [finaltar], use_default_shell_env = True, progress_message = "Install RPMs inside a container", mnemonic = "installrpms", + tools = [rpm_installer], ) tars = [finaltar] if ctx.attr.tars: