func importImageAndFetchHashAsGid(t *testing.T, ctx *testutils.RktRunCtx, img string, fetchArgs string, gid int) string {
// Import the test image into store manually.
cmd := fmt.Sprintf("%s --insecure-options=image,tls fetch %s %s", ctx.Cmd(), fetchArgs, img)
// TODO(jonboulle): non-root user breaks trying to read root-written
// config directories. Should be a better way to approach this. Should
// config directories be readable by the rkt group too?
if gid != 0 {
cmd = fmt.Sprintf("%s --insecure-options=image,tls fetch %s %s", ctx.CmdNoConfig(), fetchArgs, img)
}
child, err := gexpect.Command(cmd)
if err != nil {
t.Fatalf("cannot create rkt command: %v", err)
}
if gid != 0 {
child.Cmd.SysProcAttr = &syscall.SysProcAttr{}
child.Cmd.SysProcAttr.Credential = &syscall.Credential{Uid: uint32(nobodyUid), Gid: uint32(gid)}
}
err = child.Start()
if err != nil {
t.Fatalf("cannot exec rkt: %v", err)
}
// Read out the image hash.
result, out, err := expectRegexWithOutput(child, "sha512-[0-9a-f]{32,64}")
if err != nil || len(result) != 1 {
t.Fatalf("Error: %v\nOutput: %v", err, out)
}
waitOrFail(t, child, 0)
return result[0]
}
func runRktAsUidGidAndCheckOutput(t *testing.T, rktCmd, expectedLine string, expectError bool, uid, gid int) {
child, err := gexpect.Command(rktCmd)
if err != nil {
t.Fatalf("cannot exec rkt: %v", err)
}
if gid != 0 {
child.Cmd.SysProcAttr = &syscall.SysProcAttr{}
child.Cmd.SysProcAttr.Credential = &syscall.Credential{Uid: uint32(uid), Gid: uint32(gid)}
}
err = child.Start()
if err != nil {
t.Fatalf("cannot start rkt: %v", err)
}
expectedStatus := 0
if expectError {
expectedStatus = 1
}
defer waitOrFail(t, child, expectedStatus)
if expectedLine != "" {
if err := expectWithOutput(child, expectedLine); err != nil {
t.Fatalf("didn't receive expected output %q: %v", expectedLine, err)
}
}
}
func runRkt(t *testing.T, rktCmd string, uid, gid int) (string, int) {
child, err := gexpect.Command(rktCmd)
if err != nil {
t.Fatalf("cannot exec rkt: %v", err)
}
if gid != 0 {
child.Cmd.SysProcAttr = &syscall.SysProcAttr{}
child.Cmd.SysProcAttr.Credential = &syscall.Credential{Uid: uint32(uid), Gid: uint32(gid)}
}
err = child.Start()
if err != nil {
t.Fatalf("cannot start rkt: %v", err)
}
_, linesChan := child.AsyncInteractChannels()
var buf bytes.Buffer
for line := range linesChan {
buf.WriteString(line + "\n") // reappend newline
}
status, _ := common.GetExitStatus(child.Wait())
return buf.String(), status
}
func startRktAsGidAndCheckOutput(t *testing.T, rktCmd, expectedLine string, gid int) *gexpect.ExpectSubprocess {
child, err := gexpect.Command(rktCmd)
if err != nil {
t.Fatalf("cannot exec rkt: %v", err)
}
if gid != 0 {
child.Cmd.SysProcAttr = &syscall.SysProcAttr{}
child.Cmd.SysProcAttr.Credential = &syscall.Credential{Uid: uint32(nobodyUid), Gid: uint32(gid)}
}
if err := child.Start(); err != nil {
t.Fatalf("cannot exec rkt: %v", err)
}
if expectedLine != "" {
if err := expectWithOutput(child, expectedLine); err != nil {
t.Fatalf("didn't receive expected output %q: %v", expectedLine, err)
}
}
return child
}