From 37eb694bd073b8dff265be137ae75eac81e9d769 Mon Sep 17 00:00:00 2001
From: Chris Evich <cevich@redhat.com>
Date: Mon, 18 Mar 2019 15:17:46 -0400
Subject: [PATCH] Cirrus: Various fixes for rootless testing

* Randomize the user's UID and GID
* Simplify `setup_environment.sh`
* Support new "-r" option for `hack/get_ci_vm.sh` setting up rootless
* Connect as $ROOTLESS_USER when using "-r" with `hack/get_ci_vm.sh`

Signed-off-by: Chris Evich <cevich@redhat.com>
---
 .cirrus.yml                         |  6 +-----
 contrib/cirrus/lib.sh               | 26 +++++++++++++++++---------
 contrib/cirrus/setup_environment.sh |  9 +--------
 hack/get_ci_vm.sh                   | 11 +++++++++--
 4 files changed, 28 insertions(+), 24 deletions(-)

diff --git a/.cirrus.yml b/.cirrus.yml
index 01689971ae..29606d1451 100644
--- a/.cirrus.yml
+++ b/.cirrus.yml
@@ -70,8 +70,6 @@ env:
     #### Default to NOT running in rootless-testing mode
     ####
     ROOTLESS_USER: ""
-    ROOTLESS_UID: ""
-    ROOTLESS_GID: ""
 
     ####
     #### Credentials and other secret-sauces, decrypted at runtime when authorized.
@@ -101,7 +99,7 @@ env:
         CIRRUS_TASK_ID CIRRUS_REPO_NAME CIRRUS_REPO_OWNER CIRRUS_REPO_FULL_NAME
         CIRRUS_REPO_CLONE_URL CIRRUS_SHELL CIRRUS_USER_COLLABORATOR CIRRUS_USER_PERMISSION
         CIRRUS_WORKING_DIR CIRRUS_HTTP_CACHE_HOST PACKER_BUILDS BUILT_IMAGE_SUFFIX
-        XDG_DATA_DIRS XDG_RUNTIME_DIR XDG_SESSION_ID ROOTLESS_USER ROOTLESS_UID ROOTLESS_GID
+        XDG_DATA_DIRS XDG_RUNTIME_DIR XDG_SESSION_ID ROOTLESS_USER
 
 
 # Every *_task runs in parallel in separate VMsd. The name prefix only for reference
@@ -252,8 +250,6 @@ rootless_testing_task:
 
     env:
         ROOTLESS_USER: "olympiclongjumpingwithjesus"
-        ROOTLESS_UID: 123456
-        ROOTLESS_GID: 123456
 
     timeout_in: 120m
 
diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh
index fe5fe72384..e941610e23 100644
--- a/contrib/cirrus/lib.sh
+++ b/contrib/cirrus/lib.sh
@@ -54,8 +54,6 @@ show_env_vars() {
 BUILDTAGS $BUILDTAGS
 BUILT_IMAGE_SUFFIX $BUILT_IMAGE_SUFFIX
 ROOTLESS_USER $ROOTLESS_USER
-ROOTLESS_UID $ROOTLESS_UID
-ROOTLESS_GID $ROOTLESS_GID
 CI $CI
 CIRRUS_CI $CIRRUS_CI
 CI_NODE_INDEX $CI_NODE_INDEX
@@ -130,7 +128,7 @@ bad_os_id_ver() {
 }
 
 run_rootless() {
-    if [[ -z "$ROOTLESS_USER" ]] && [[ -z "$ROOTLESS_UID" ]] && [[ -z "$ROOTLESS_GID" ]]
+    if [[ -z "$ROOTLESS_USER" ]]
     then
         return 1
     else
@@ -170,15 +168,23 @@ record_timestamp() {
 setup_rootless() {
     req_env_var "
         ROOTLESS_USER $ROOTLESS_USER
-        #ROOTLESS_UID $ROOTLESS_UID
-        #ROOTLESS_GID $ROOTLESS_GID
         GOSRC $GOSRC
         ENVLIB $ENVLIB
     "
+
+    if passwd --status $ROOTLESS_USER
+    then
+        echo "Updating $ROOTLESS_USER user permissions on possibly changed libpod code"
+        chown -R $ROOTLESS_USER:$ROOTLESS_USER "$GOSRC"
+        return 0
+    fi
+
+    # Guarantee independence from specific values
+    ROOTLESS_UID=$[RANDOM+1000]
+    ROOTLESS_GID=$[RANDOM+1000]
     echo "creating $ROOTLESS_UID:$ROOTLESS_GID $ROOTLESS_USER user"
-    #groupadd -g $ROOTLESS_GID $ROOTLESS_USER
-    #useradd -g $ROOTLESS_GID -u $ROOTLESS_UID --no-user-group --create-home $ROOTLESS_USER
-    useradd --create-home $ROOTLESS_USER
+    groupadd -g $ROOTLESS_GID $ROOTLESS_USER
+    useradd -g $ROOTLESS_GID -u $ROOTLESS_UID --no-user-group --create-home $ROOTLESS_USER
     chown -R $ROOTLESS_USER:$ROOTLESS_USER "$GOSRC"
 
     echo "creating ssh keypair for $USER"
@@ -193,7 +199,9 @@ setup_rootless() {
     cat /root/.ssh/authorized_keys >> "/home/$ROOTLESS_USER/.ssh/authorized_keys"
 
     echo "Configuring subuid and subgid"
-    echo "${ROOTLESS_USER}:$[ROOTLESS_UID * 100]:65536" | tee -a /etc/subuid >> /etc/subgid
+    grep -q "${ROOTLESS_USER}" /etc/subuid || \
+        echo "${ROOTLESS_USER}:$[ROOTLESS_UID * 100]:65536" | \
+            tee -a /etc/subuid >> /etc/subgid
 
     echo "Setting permissions on automation files"
     chmod 666 "$TIMESTAMPS_FILEPATH"
diff --git a/contrib/cirrus/setup_environment.sh b/contrib/cirrus/setup_environment.sh
index 7ba6965baf..96d0e1b550 100755
--- a/contrib/cirrus/setup_environment.sh
+++ b/contrib/cirrus/setup_environment.sh
@@ -44,8 +44,6 @@ then
         "export OS_RELEASE_VER=\"$(os_release_ver)\"" \
         "export OS_REL_VER=\"$(os_release_id)-$(os_release_ver)\"" \
         "export ROOTLESS_USER=$ROOTLESS_USER" \
-        "export ROOTLESS_UID=$ROOTLESS_UID" \
-        "export ROOTLESS_GID=$ROOTLESS_GID" \
         "export BUILT_IMAGE_SUFFIX=\"-$CIRRUS_REPO_NAME-${CIRRUS_CHANGE_IN_REPO:0:8}\"" \
         "export GOPATH=\"/var/tmp/go\"" \
         'export PATH="$HOME/bin:$GOPATH/bin:/usr/local/bin:$PATH"' \
@@ -74,6 +72,7 @@ then
     esac
 
     cd "${GOSRC}/"
+    # Reload to incorporate any changes from above
     source "$SCRIPT_BASE/lib.sh"
 
     if run_rootless
@@ -83,12 +82,6 @@ then
         go get github.com/onsi/ginkgo/ginkgo
         go get github.com/onsi/gomega/...
         dnf -y update runc
-    else
-        # Includes some $HOME relative details
-        go env | while read envline
-        do
-            X=$(echo "export $envline" | tee -a "$HOME/$ENVLIB") && eval "$X" && echo "$X"
-        done
     fi
 fi
 
diff --git a/hack/get_ci_vm.sh b/hack/get_ci_vm.sh
index 70fe93eb5d..071b62434b 100755
--- a/hack/get_ci_vm.sh
+++ b/hack/get_ci_vm.sh
@@ -19,6 +19,7 @@ PROJECT="libpod-218412"
 GOSRC="/var/tmp/go/src/github.com/containers/libpod"
 GCLOUD_IMAGE=${GCLOUD_IMAGE:-quay.io/cevich/gcloud_centos:latest}
 GCLOUD_SUDO=${GCLOUD_SUDO-sudo}
+ROOTLESS_USER="madcowdog"
 
 # Shared tmp directory between container and us
 TMPDIR=$(mktemp -d --tmpdir $(basename $0)_tmpdir_XXXXXX)
@@ -69,7 +70,9 @@ image_hints() {
 
 show_usage() {
     echo -e "\n${RED}ERROR: $1${NOR}"
-    echo -e "${YEL}Usage: $(basename $0) [-s | -p] <image_name>${NOR}\n"
+    echo -e "${YEL}Usage: $(basename $0) [-s | -p | -r] <image_name>${NOR}"
+    echo "Use -s / -p to select source or package based dependencies"
+    echo -e "Use -r to setup and run tests as a regular user.\n"
     if [[ -r ".cirrus.yml" ]]
     then
         echo -e "${YEL}Some possible image_name values (from .cirrus.yml):${NOR}"
@@ -106,7 +109,7 @@ parse_args(){
         IMAGE_NAME="$2"
     elif [[ "$1" == "-r" ]]
     then
-        DEPS="ROOTLESS_USER=madcowdog ROOTLESS_UID=3210 ROOTLESS_GID=3210"
+        DEPS="ROOTLESS_USER=$ROOTLESS_USER"
         IMAGE_NAME="$2"
     else  # no -s or -p
         DEPS="$(get_env_vars)"
@@ -213,4 +216,8 @@ echo -e "\n${YEL}Executing environment setup${NOR}"
 showrun $SSH_CMD --command "$SETUP_CMD"
 
 echo -e "\n${YEL}Connecting to $VMNAME ${RED}(option to delete VM upon logout).${NOR}\n"
+if [[ "$1" == "-r" ]]
+then
+    SSH_CMD="$PGCLOUD compute ssh $ROOTLESS_USER@$VMNAME"
+fi
 showrun $SSH_CMD -- -t "cd $GOSRC && exec env $DEPS bash -il"