func importImageAndFetchHashAsGid(t *testing.T, ctx *testutils.RktRunCtx, img string, gid int) string { // Import the test image into store manually. cmd := fmt.Sprintf("%s --insecure-skip-verify fetch %s", ctx.Cmd(), img) // TODO(jonboulle): non-root user breaks trying to read root-written // config directories. Should be a better way to approach this. Should // config directories be readable by the rkt group too? if gid != 0 { cmd = fmt.Sprintf("%s --insecure-skip-verify fetch %s", ctx.CmdNoConfig(), img) } child, err := gexpect.Command(cmd) if err != nil { t.Fatalf("cannot create rkt command: %v", err) } if gid != 0 { child.Cmd.SysProcAttr = &syscall.SysProcAttr{} child.Cmd.SysProcAttr.Credential = &syscall.Credential{Uid: nobodyUid, Gid: uint32(gid)} } err = child.Start() if err != nil { t.Fatalf("cannot exec rkt: %v", err) } // Read out the image hash. result, out, err := expectRegexWithOutput(child, "sha512-[0-9a-f]{32}") if err != nil || len(result) != 1 { t.Fatalf("Error: %v\nOutput: %v", err, out) } waitOrFail(t, child, true) return result[0] }
func importImageAndFetchHashAsGid(t *testing.T, ctx *testutils.RktRunCtx, img string, fetchArgs string, gid int) (string, error) { // Import the test image into store manually. cmd := fmt.Sprintf("%s --insecure-options=image,tls fetch %s %s", ctx.Cmd(), fetchArgs, img) // TODO(jonboulle): non-root user breaks trying to read root-written // config directories. Should be a better way to approach this. Should // config directories be readable by the rkt group too? if gid != 0 { cmd = fmt.Sprintf("%s --insecure-options=image,tls fetch %s %s", ctx.CmdNoConfig(), fetchArgs, img) } child, err := gexpect.Command(cmd) if err != nil { t.Fatalf("cannot create rkt command: %v", err) } if gid != 0 { child.Cmd.SysProcAttr = &syscall.SysProcAttr{} child.Cmd.SysProcAttr.Credential = &syscall.Credential{Uid: uint32(nobodyUid), Gid: uint32(gid)} } err = child.Start() if err != nil { t.Fatalf("cannot exec rkt: %v", err) } // Read out the image hash. result, out, err := expectRegexWithOutput(child, "sha512-[0-9a-f]{32,64}") if err != nil || len(result) != 1 { t.Fatalf("Error: %v\nOutput: %v", err, out) } err = child.Wait() status := getExitStatus(err) if status != 0 { t.Logf("rkt terminated with unexpected status %d, expected %d\nOutput:\n%s", status, 0, child.Collect()) return "", fmt.Errorf("fetching of %q failed", img) } return result[0], nil }