Remove user namespace functionality

- document how to use unshare instead
microsoft · Sep 16, 2024 · 01a64e7 · 01a64e7
1 parent 43e6032
commit 01a64e7
Show file tree

Hide file tree

Showing 12 changed files with 185 additions and 538 deletions.
diff --git a/.github/actions/test/action.yml b/.github/actions/test/action.yml
@@ -0,0 +1,16 @@
+name: "rpmoci tests"
+runs:
+  using: "composite"
+  steps:
+    - uses: actions-rs/toolchain@v1
+      with:
+        profile: minimal
+        toolchain: stable
+        override: true
+    - name: Setup rootless user
+      run: |
+        useradd -m -s /bin/bash rootless
+    - name: Run tests as non-root user
+      run: |
+        su - rootless
+        cargo test --features test-docker
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -4,7 +4,7 @@ on: [push, pull_request]
 
 jobs:
   check:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     container:
       image: mcr.microsoft.com/cbl-mariner/base/core:2.0
     steps:
@@ -23,42 +23,24 @@ jobs:
         run: cargo clippy -- -D warnings
 
   test:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     container:
       image: mcr.microsoft.com/cbl-mariner/base/core:2.0
       options: --privileged
     steps:
       - name: Install dependencies
         run: unset HOME; tdnf install -y build-essential git openssl-devel python3-devel sudo ca-certificates dnf moby-cli skopeo shadow-utils sqlite-devel
       - uses: actions/checkout@v2
-      - uses: actions-rs/toolchain@v1
-        with:
-          profile: minimal
-          toolchain: stable
-          override: true
-      - uses: oras-project/setup-oras@v1
-        with:
-          version: 1.1.0
-      - name: Run cargo test
-        run: cargo test --features test-docker
-      - name: Setup rootless user
-        run: |
-          useradd -m -s /bin/bash rootless
-          echo "rootless:100000:65536" > /etc/subgid
-          echo "rootless:100000:65536" > /etc/subuid
-      - name: Build in rootless mode
-        run: |
-          su - rootless
-          cargo run -- build -f tests/fixtures/rootless/rpmoci.toml --image rootless --tag test
+      - uses:  ./.github/actions/test.yml
 
   cargo-deny:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@v3
       - uses: EmbarkStudios/cargo-deny-action@v1
 
   build:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     container:
       image: mcr.microsoft.com/cbl-mariner/base/core:2.0
     steps:

diff --git a/.github/workflows/fedora.yml b/.github/workflows/fedora.yml
@@ -0,0 +1,18 @@
+name: fedora
+
+on: [pull_request]
+
+jobs:
+  test:
+    runs-on: ubuntu-24.04
+    container:
+      image: fedora:40
+      options: --privileged
+    steps:
+      - name: Install dependencies
+        run: |
+          dnf install -y openssl-devel python3-devel sqlite-devel dnf-plugins-core
+          dnf config-manager --add-repo https://download.docker.com/linux/fedora/docker-ce.repo
+          dnf install -y docker-ce-cli
+      - uses: actions/checkout@v2
+      - uses:  ./.github/actions/test.yml