forked from canonical/snapd
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathspread.yaml
1104 lines (1039 loc) · 42.9 KB
/
spread.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
project: snapd
environment:
GOHOME: /home/gopath
GOPATH: $GOHOME
# on some distros the default GOPROXY setting is 'direct' (eg. Fedora), the
# go import tags of packages such as maze.io/x/crypt (which is one of
# secboot dependencies), cannot be obtained when poking the import URL
# directly, thus we need to force the golang.org hosted proxy to be used
GOPROXY: https://proxy.golang.org,direct
REUSE_PROJECT: '$(HOST: echo "$REUSE_PROJECT")'
PROJECT_PATH: $GOHOME/src/github.com/snapcore/snapd
PATH: $GOHOME/bin:/snap/bin:$PATH:/var/lib/snapd/snap/bin:$PROJECT_PATH/tests/bin
TESTSLIB: $PROJECT_PATH/tests/lib
TESTSTOOLS: $PROJECT_PATH/tests/lib/tools
TESTSTMP: /var/tmp/snapd-tools
# turn debug off so that we don't get errant debug messages while running
# tests, and in some cases like on UC20 we have the kernel command line
# parameter, snapd.debug=1 turned on to enable early boot debugging before
# we have a shell, but then once we get a shell and run spread tests, we
# want debug messages to be off for commands we run as part of tests, unless
# tests explicitly turn the messages on
SNAPD_DEBUG: 0
SNAPPY_TESTING: 1
# we run the entire suite with re-exec on (the default) and modify
# the core snap so that it contains our new code. So we run new
# snapd from the deb that re-execs into new snapd in core. To
# test purely from the deb, set "export SPREAD_SNAP_REEXEC=0"
SNAP_REEXEC: '$(HOST: echo "${SPREAD_SNAP_REEXEC:-}")'
MODIFY_CORE_SNAP_FOR_REEXEC: '$(HOST: echo "${SPREAD_MODIFY_CORE_SNAP_FOR_REEXEC:-1}")'
SPREAD_STORE_USER: '$(HOST: echo "$SPREAD_STORE_USER")'
SPREAD_STORE_PASSWORD: '$(HOST: echo "$SPREAD_STORE_PASSWORD")'
SPREAD_STORE_EXPIRED_MACAROON: '$(HOST: echo "$SPREAD_STORE_EXPIRED_MACAROON")'
SPREAD_STORE_EXPIRED_DISCHARGE: '$(HOST: echo "$SPREAD_STORE_EXPIRED_DISCHARGE")'
SPREAD_DEBUG_EACH: '$(HOST: echo "${SPREAD_DEBUG_EACH:-1}")'
LANG: "C.UTF-8"
LANGUAGE: "en"
# important to ensure adhoc and linode/qemu behave the same
SUDO_USER: ""
SUDO_UID: ""
TRUST_TEST_KEYS: '$(HOST: echo "${SPREAD_TRUST_TEST_KEYS:-true}")'
# a global setting for LXD channel to use in the tests
LXD_SNAP_CHANNEL: "latest/candidate"
UBUNTU_IMAGE_SNAP_CHANNEL: "latest/candidate"
# controls whether ubuntu-image is built using the current snapd tree as a
# dependency or the one listed in its go.mod
UBUNTU_IMAGE_ALLOW_API_BREAK: '$(HOST: echo "${SPREAD_UBUNTU_IMAGE_ALLOW_API_BREAK:-true}")'
CORE_CHANNEL: '$(HOST: echo "${SPREAD_CORE_CHANNEL:-edge}")'
BASE_CHANNEL: '$(HOST: echo "${SPREAD_BASE_CHANNEL:-edge}")'
KERNEL_CHANNEL: '$(HOST: echo "${SPREAD_KERNEL_CHANNEL:-edge}")'
GADGET_CHANNEL: '$(HOST: echo "${SPREAD_GADGET_CHANNEL:-edge}")'
SNAPD_CHANNEL: '$(HOST: echo "${SPREAD_SNAPD_CHANNEL:-edge}")'
REMOTE_STORE: '$(HOST: echo "${SPREAD_REMOTE_STORE:-production}")'
SNAPPY_USE_STAGING_STORE: '$(HOST: if [ "$SPREAD_REMOTE_STORE" = staging ]; then echo 1; else echo 0; fi)'
DELTA_REF: 2.52
DELTA_PREFIX: snapd-$DELTA_REF/
REPACK_KEEP_VENDOR: '$(HOST: echo "${REPACK_KEEP_VENDOR:-n}")'
SNAPD_PUBLISHED_VERSION: '$(HOST: echo "$SPREAD_SNAPD_PUBLISHED_VERSION")'
HTTP_PROXY: '$(HOST: echo "$SPREAD_HTTP_PROXY")'
HTTPS_PROXY: '$(HOST: echo "$SPREAD_HTTPS_PROXY")'
NO_PROXY: "127.0.0.1"
NEW_CORE_CHANNEL: '$(HOST: echo "$SPREAD_NEW_CORE_CHANNEL")'
SRU_VALIDATION: '$(HOST: echo "${SPREAD_SRU_VALIDATION:-0}")'
# use the ppa_validation_name to install snapd from a public ppa
PPA_VALIDATION_NAME: '$(HOST: echo "${SPREAD_PPA_VALIDATION_NAME:-}")'
# use the ppa_source_line and ppa_gpg_key to install snapd from a private ppa
PPA_SOURCE_LINE: '$(HOST: echo "${SPREAD_PPA_SOURCE_LINE:-}")'
PPA_GPG_KEY: '$(HOST: echo "${SPREAD_PPA_GPG_KEY:-}")'
# List the snaps which are cached
PRE_CACHE_SNAPS: test-snapd-tools test-snapd-sh jq
# always skip removing the rsync snap
SKIP_REMOVE_SNAPS: '$(HOST: echo "${SPREAD_SKIP_REMOVE_SNAPS:-}") test-snapd-rsync test-snapd-rsync-core18 test-snapd-rsync-core20 test-snapd-rsync-core22'
# Use the installed snapd and reset the systems without removing snapd
REUSE_SNAPD: '$(HOST: echo "${SPREAD_REUSE_SNAPD:-0}")'
EXPERIMENTAL_FEATURES: '$(HOST: echo "${SPREAD_EXPERIMENTAL_FEATURES:-}")'
# Directory where the nested images and test assets are stored
NESTED_WORK_DIR: '$(HOST: echo "${NESTED_WORK_DIR:-/tmp/work-dir}")'
# Channel used to create the nested vm
NESTED_CORE_CHANNEL: '$(HOST: echo "${NESTED_CORE_CHANNEL:-edge}")'
# Use cloud init to make initial system configuration instead of user assertion
NESTED_CORE_REFRESH_CHANNEL: '$(HOST: echo "${NESTED_CORE_REFRESH_CHANNEL:-edge}")'
# Use cloud init to make initial system configuration instead of user assertion
NESTED_USE_CLOUD_INIT: '$(HOST: echo "${NESTED_USE_CLOUD_INIT:-true}")'
# Build and use snapd from current branch
NESTED_BUILD_SNAPD_FROM_CURRENT: '$(HOST: echo "${NESTED_BUILD_SNAPD_FROM_CURRENT:-true}")'
# Download and use an custom image from this url
NESTED_CUSTOM_IMAGE_URL: '$(HOST: echo "${NESTED_CUSTOM_IMAGE_URL:-}")'
# Configure nested images to be reused on the following tests
NESTED_CONFIGURE_IMAGES: '$(HOST: echo "${NESTED_CONFIGURE_IMAGES:-false}")'
# Indicates if the snap has to be repacked in case NESTED_BUILD_SNAPD_FROM_CURRENT is true
NESTED_REPACK_KERNEL_SNAP: '$(HOST: echo "${NESTED_REPACK_KERNEL_SNAP:-true}")'
NESTED_REPACK_GADGET_SNAP: '$(HOST: echo "${NESTED_REPACK_GADGET_SNAP:-true}")'
NESTED_REPACK_BASE_SNAP: '$(HOST: echo "${NESTED_REPACK_BASE_SNAP:-true}")'
backends:
google:
key: '$(HOST: echo "$SPREAD_GOOGLE_KEY")'
location: snapd-spread/us-east1-b
halt-timeout: 2h
systems:
- ubuntu-14.04-64:
workers: 6
- ubuntu-16.04-64:
workers: 8
storage: 12G
- ubuntu-18.04-32:
workers: 6
- ubuntu-18.04-64:
workers: 8
- ubuntu-20.04-64:
storage: 12G
workers: 8
- ubuntu-core-16-64:
image: ubuntu-16.04-64
workers: 6
- ubuntu-core-18-64:
image: ubuntu-18.04-64
workers: 6
- ubuntu-core-20-64:
image: ubuntu-20.04-64
workers: 6
storage: 20G
- ubuntu-core-22-64:
image: ubuntu-22.04-64
workers: 6
storage: 20G
- ubuntu-secboot-20.04-64:
image: ubuntu-20.04-64
workers: 1
secure-boot: true
- ubuntu-21.10-64:
storage: 12G
workers: 8
- ubuntu-22.04-64:
storage: 12G
workers: 8
- debian-10-64:
workers: 6
- debian-11-64:
workers: 6
- debian-sid-64:
workers: 6
- fedora-35-64:
workers: 6
- fedora-36-64:
workers: 6
- arch-linux-64:
workers: 6
- amazon-linux-2-64:
workers: 6
storage: preserve-size
- centos-7-64:
workers: 6
storage: preserve-size
image: centos-7-64
- centos-8-64:
workers: 6
storage: preserve-size
image: centos-8-64
- centos-9-64:
workers: 6
storage: preserve-size
image: centos-9-64
# unstable systems below
- opensuse-15.3-64:
workers: 6
- opensuse-15.4-64:
workers: 6
- opensuse-tumbleweed-64:
workers: 6
manual: true
google-sru:
type: google
key: '$(HOST: echo "$SPREAD_GOOGLE_KEY")'
location: snapd-spread/us-east1-b
halt-timeout: 2h
systems:
- ubuntu-18.04-64:
workers: 6
- ubuntu-20.04-64:
workers: 6
- ubuntu-21.10-64:
workers: 6
google-nested:
type: google
key: '$(HOST: echo "$SPREAD_GOOGLE_KEY")'
location: snapd-spread/us-east1-b
plan: n2-standard-2
halt-timeout: 2h
cpu-family: "Intel Cascade Lake"
systems:
- ubuntu-16.04-64:
image: ubuntu-1604-64-virt-enabled
storage: 20G
workers: 3
- ubuntu-18.04-64:
image: ubuntu-1804-64-virt-enabled
storage: 20G
workers: 3
- ubuntu-20.04-64:
image: ubuntu-2004-64-virt-enabled
storage: 20G
workers: 7
- ubuntu-21.10-64:
image: ubuntu-2110-64-virt-enabled
storage: 20G
workers: 3
- ubuntu-22.04-64:
image: ubuntu-2204-64-virt-enabled
storage: 20G
workers: 6
qemu-nested:
memory: 4G
type: qemu
systems:
- ubuntu-16.04-64:
username: ubuntu
password: ubuntu
- ubuntu-18.04-64:
username: ubuntu
password: ubuntu
- ubuntu-20.04-64:
username: ubuntu
password: ubuntu
- ubuntu-22.04-64:
username: ubuntu
password: ubuntu
qemu:
systems:
- ubuntu-14.04-32:
username: ubuntu
password: ubuntu
- ubuntu-14.04-64:
username: ubuntu
password: ubuntu
- ubuntu-16.04-32:
username: ubuntu
password: ubuntu
- ubuntu-16.04-64:
username: ubuntu
password: ubuntu
- ubuntu-core-16-64:
image: ubuntu-16.04-64
username: ubuntu
password: ubuntu
- ubuntu-core-18-64:
image: ubuntu-18.04-64
username: ubuntu
password: ubuntu
- ubuntu-core-20-64:
image: ubuntu-20.04-64
username: ubuntu
password: ubuntu
bios: uefi
# TODO: remove once everyone switch to official spread
flags: [virtio]
- ubuntu-core-22-64:
image: ubuntu-22.04-64
username: ubuntu
password: ubuntu
bios: uefi
# TODO: remove once everyone switch to official spread
flags: [virtio]
- ubuntu-18.04-64:
username: ubuntu
password: ubuntu
- ubuntu-18.04-32:
username: ubuntu
password: ubuntu
- ubuntu-20.04-64:
username: ubuntu
password: ubuntu
- ubuntu-20.04-32:
username: ubuntu
password: ubuntu
- ubuntu-21.10-64:
username: ubuntu
password: ubuntu
- ubuntu-22.04-64:
username: ubuntu
password: ubuntu
- debian-10-64:
username: debian
password: debian
- debian-11-64:
username: debian
password: debian
- debian-sid-64:
username: debian
password: debian
- centos-7-64:
username: centos
password: centos
- amazon-linux-2-64:
username: ec2-user
password: ec2-user
- opensuse-tumbleweed-64:
username: opensuse
password: opensuse
autopkgtest:
type: adhoc
allocate: |
echo "Allocating ad-hoc $SPREAD_SYSTEM"
if [ -z "${ADT_ARTIFACTS}" ]; then
FATAL "adhoc only works inside autopkgtest"
exit 1
fi
echo 'ubuntu ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/99-spread-users
ADDRESS localhost:22
discard: |
echo "Discarding ad-hoc $SPREAD_SYSTEM"
systems:
# Trusty
- ubuntu-14.04-amd64:
username: ubuntu
password: ubuntu
- ubuntu-14.04-i386:
username: ubuntu
password: ubuntu
# Xenial
- ubuntu-16.04-amd64:
username: ubuntu
password: ubuntu
- ubuntu-16.04-i386:
username: ubuntu
password: ubuntu
- ubuntu-16.04-ppc64el:
username: ubuntu
password: ubuntu
- ubuntu-16.04-armhf:
username: ubuntu
password: ubuntu
- ubuntu-16.04-s390x:
username: ubuntu
password: ubuntu
# Artful
- ubuntu-17.10-amd64:
username: ubuntu
password: ubuntu
- ubuntu-17.10-i386:
username: ubuntu
password: ubuntu
- ubuntu-17.10-ppc64el:
username: ubuntu
password: ubuntu
- ubuntu-17.10-armhf:
username: ubuntu
password: ubuntu
- ubuntu-17.10-s390x:
username: ubuntu
password: ubuntu
# Bionic
- ubuntu-18.04-amd64:
username: ubuntu
password: ubuntu
- ubuntu-18.04-i386:
username: ubuntu
password: ubuntu
- ubuntu-18.04-ppc64el:
username: ubuntu
password: ubuntu
- ubuntu-18.04-armhf:
username: ubuntu
password: ubuntu
- ubuntu-18.04-s390x:
username: ubuntu
password: ubuntu
- ubuntu-18.04-arm64:
username: ubuntu
password: ubuntu
# Focal
- ubuntu-20.04-amd64:
username: ubuntu
password: ubuntu
- ubuntu-20.04-i386:
username: ubuntu
password: ubuntu
- ubuntu-20.04-ppc64el:
username: ubuntu
password: ubuntu
- ubuntu-20.04-armhf:
username: ubuntu
password: ubuntu
- ubuntu-20.04-s390x:
username: ubuntu
password: ubuntu
- ubuntu-20.04-arm64:
username: ubuntu
password: ubuntu
external:
type: adhoc
environment:
SPREAD_EXTERNAL_ADDRESS: '$(HOST: echo "${SPREAD_EXTERNAL_ADDRESS:-localhost:8022}")'
TRUST_TEST_KEYS: "false"
allocate: |
ADDRESS $SPREAD_EXTERNAL_ADDRESS
systems:
- ubuntu-core-16-64:
username: external
password: ubuntu
- ubuntu-core-16-32:
username: external
password: ubuntu
- ubuntu-core-16-arm-64:
username: external
password: ubuntu
- ubuntu-core-16-arm-32:
username: external
password: ubuntu
- ubuntu-core-18-64:
username: external
password: ubuntu
- ubuntu-core-18-32:
username: external
password: ubuntu
- ubuntu-core-18-arm-64:
username: external
password: ubuntu
- ubuntu-core-18-arm-32:
username: external
password: ubuntu
- ubuntu-core-20-64:
username: external
password: ubuntu
- ubuntu-core-20-arm-64:
username: external
password: ubuntu
- ubuntu-core-20-arm-32:
username: external
password: ubuntu
- ubuntu-core-22-64:
username: external
password: ubuntu
- ubuntu-core-22-arm-64:
username: external
password: ubuntu
- ubuntu-core-22-arm-32:
username: external
password: ubuntu
path: /home/gopath/src/github.com/snapcore/snapd
exclude:
- .git
- cmd/snap/snap
- cmd/snapd/snapd
- cmd/snapctl/snapctl
- cmd/snap-exec/snap-exec
- cmd/autom4te.cache
- "*.o"
- "*.a"
- ./vendor
- "*.snap"
debug-each: |
if [ "$SPREAD_DEBUG_EACH" != 1 ]; then
exit
fi
#shellcheck source=tests/lib/state.sh
. "$TESTSLIB/state.sh"
#shellcheck source=tests/lib/systems.sh
. "$TESTSLIB/systems.sh"
echo '# System information'
cat /etc/os-release || true
echo '# Kernel information'
uname -a
echo '# Go information'
go version || true
if tests.nested is-nested; then
echo '# nested VM status'
tests.nested vm status
tests.nested get serial-log
# add another echo in case the serial log is missing a newline
echo
tests.nested exec "sudo journalctl --no-pager -u snapd" || true
fi
echo "# definition of snapd.service"
systemctl cat snapd.service || true
echo "# status of snapd service"
systemctl status snapd.service || true
echo "# memory limits of snapd service that systemd uses"
systemctl show snapd.service | grep -e MemoryMax= -e MemoryLimit= || true
echo "# memory limits of snapd service that are actually set"
cat /sys/fs/cgroup/memory/system.slice/snapd.service/memory.limit_in_bytes || true
echo '# journal messages for snapd'
"$TESTSTOOLS"/journal-state get-log -u snapd
echo '# user sessions information'
journalctl --user -u snapd.session-agent.service || true
systemctl status --user snapd.session-agent || true
if ! is_cgroupv2; then
# dump any information on device cgroup of current session
cgroup_dev="$(awk -F: '/:devices:/ { print $3}' < /proc/self/cgroup || true)"
if [ -n "$cgroup_dev" ]; then
echo "# device cgroup $cgroup_dev"
cat "/sys/fs/cgroup/devices/$cgroup_dev/devices.list" || true
fi
else
echo "# snap confinement device filtering maps"
ls -l /sys/fs/bpf/snap || true
fi
case "$SPREAD_SYSTEM" in
fedora-*|centos-*|amazon-*)
if [ -e "$RUNTIME_STATE_PATH/audit-stamp" ]; then
ausearch -i -m AVC --checkpoint "$RUNTIME_STATE_PATH/audit-stamp" --start checkpoint || true
else
ausearch -i -m AVC || true
fi
(
find /root/snap -printf '%Z\t%H/%P\n' || true
find /home -regex '/home/[^/]*/snap\(/.*\)?' -printf '%Z\t%H/%P\n' || true
) | grep -v snappy_home_t || true
find /var/snap -printf '%Z\t%H/%P\n' | grep -v snappy_var_t || true
;;
opensuse-*)
echo '# apparmor denials logged by auditd'
ausearch -m AVC | grep DENIED || true
;;
*)
echo '# apparmor denials '
dmesg --ctime | grep DENIED || true
;;
esac
echo '# seccomp denials (kills) '
dmesg --ctime | grep type=1326 || true
echo '# snap connections --all'
snap connections --all || true
echo '# free space'
df -h || true
echo '# mounts'
# use ascii output to prevent travis from messing up the encoding
findmnt --ascii -o+PROPAGATION || true
echo "# processes"
ps axl
echo "# /var/lib/snapd"
find /var/lib/snapd/ -not -path '/var/lib/snapd/snap/*' -ls || true
echo '# system journal messages'
journalctl -e
# Keep it as the last step in debug-each
echo '# tasks executed on system'
# since the runs file does not have a newline at EOF, add one
echo "" | cat "$RUNTIME_STATE_PATH/runs" - || true
rename:
# Move content into a directory, so that deltas computed by repack benefit
# from the content looking similar to codeload.github.com.
- s,^,$DELTA_PREFIX,S
repack: |
# For Linode, compute a delta based on a known git reference that can be
# obtained directly from GitHub. There's nothing special about that reference,
# other than it will often be in the local repository's history already.
# The more recent the reference, the smaller the delta.
if ! echo "$SPREAD_BACKENDS" | grep -e linode -e google; then
cat <&3 >&4
elif ! git show-ref "$DELTA_REF" > /dev/null; then
cat <&3 >&4
else
tmpdir="$(mktemp -d)"
#shellcheck disable=SC2064
trap "rm -rf delta-ref.tar current.delta repacked-current.tar $tmpdir" EXIT
if [ "$REPACK_KEEP_VENDOR" = "n" ]; then
tar -C "$tmpdir" -xvf - <&3
rm -rf "$tmpdir"/$DELTA_PREFIX/vendor/*
tar -C "$tmpdir" -c "$DELTA_PREFIX" --sort=name > repacked-current.tar
else
cat <&3 > repacked-current.tar
fi
git archive -o delta-ref.tar --format=tar --prefix="$DELTA_PREFIX" "$DELTA_REF"
xdelta3 -S none -s delta-ref.tar repacked-current.tar > current.delta
tar c current.delta >&4
fi
kill-timeout: 30m
prepare: |
# NOTE: This part of the code needs to be in spread.yaml as it runs before
# the rest of the source code (including the tests/lib directory) is
# around. The purpose of this code is to fix some connectivity issues and
# then apply the delta of the git repository.
# apt update is hanging on security.ubuntu.com with IPv6, prefer IPv4 over IPv6
cat <<EOF > gai.conf
precedence ::1/128 50
precedence ::/0 40
precedence 2002::/16 30
precedence ::/96 20
precedence ::ffff:0:0/96 100
EOF
if ! mv gai.conf /etc/gai.conf; then
echo "/etc/gai.conf is not writable, ubuntu-core system? apt update won't be affected in that case"
rm -f gai.conf
fi
if command -v restorecon ; then
# restore proper context otherwise SELinux may complain
restorecon -v /etc/gai.conf
fi
if [[ "$SPREAD_SYSTEM" == centos-8-* ]]; then
# the default image of CentOS 8 Stream is set up in enforcing mode,
# which may break some tests. Note that there are tests targeting
# SELinux which explicitly enable enforcing mode.
setenforce 0
fi
# Note that os.query or any other tool cannot be used here before the current.delta file is unpacked
if [[ "$SPREAD_SYSTEM" == fedora-* ]]; then
# The Fedora archive mirror seems to be unreliable.
# Switch to the main archive by commenting out metalink and uncommenting
# baseurl with a tweak to go to dl.fedoraproject.org which doens't redirect
# to mirrors again.
#
# https://forum.snapcraft.io/t/issues-with-the-fedora-mirror-network/3489/
sed -i -s -E -e 's@^#?baseurl=http://download.fedoraproject.org/@baseurl=http://dl.fedoraproject.org/@g' -e 's@^metalink=@#metalink@g' /etc/yum.repos.d/fedora*.repo
dnf --refresh -y makecache
# enable audit daemon
systemctl enable --now auditd.service
fi
if [[ "$SPREAD_SYSTEM" == opensuse-* ]]; then
# refresh metadatadata
# Auto import gpg keys needed for could repository added to support google backend
zypper --gpg-auto-import-keys ref
# We seem to be hitting a flaky openSUSE mirror from time to time,
# increase the number of download attempts libzypp will try to
# workaround that.
cat <<-EOF >> /etc/zypp/zypp.conf
# added by spread tests
download.max_silent_tries = 20
EOF
# Make sure docs are installed with the packages
sed 's/rpm.install.excludedocs = yes/rpm.install.excludedocs = no/g' -i /etc/zypp/zypp.conf
fi
if [[ "$SPREAD_SYSTEM" == arch-* ]]; then
# Possible that AppArmor was not started and is not enabled in the
# image, do both now
if systemctl show -p LoadState apparmor.service | MATCH 'LoadState=loaded' ; then
if ! systemctl is-enabled apparmor.service; then
systemctl enable apparmor.service
fi
systemctl start apparmor.service
else
exit 1
fi
fi
if [[ "$SPREAD_SYSTEM" == debian-* ]]; then
apt-get update && apt-get install -y eatmydata
fi
case "$SPREAD_SYSTEM" in
centos-7-*)
# make sure EPEL is enabled
yum install -y epel-release
;;
centos-8-*)
# enable powertools repository
dnf config-manager --set-enabled powertools
# CentOS Stream requires EPEL Next too, see https://docs.fedoraproject.org/en-US/epel/
dnf install -y epel-release epel-next-release
;;
esac
case "$SPREAD_SYSTEM" in
ubuntu-*|debian-*)
# make sure unattended-upgrades does not get in the way
if systemctl is-enabled unattended-upgrades.service; then
systemctl stop unattended-upgrades.service
systemctl mask unattended-upgrades.service
fi
;;
esac
# Unpack delta, or move content out of the prefixed directory (see rename and repack above).
# (needs to be in spread.yaml directly because there's nothing else on the filesystem yet)
if [ -f current.delta ]; then
tf=$(mktemp)
# NOTE: We can't use tests/lib/pkgdb.sh here as it doesn't exist at
# this time when none of the test files is yet in place.
case "$SPREAD_SYSTEM" in
ubuntu-*|debian-*)
apt-get update >& "$tf" || ( cat "$tf"; exit 1 )
apt-get install -y xdelta3 curl eatmydata >& "$tf" || ( cat "$tf"; exit 1 )
;;
amazon-*|centos-7-*)
yum install -y xdelta curl &> "$tf" || (cat "$tf"; exit 1)
;;
fedora-*|centos-*)
dnf install --refresh -y xdelta curl &> "$tf" || (cat "$tf"; exit 1)
;;
opensuse-*)
zypper -q --gpg-auto-import-keys refresh
zypper -q install -y xdelta3 curl &> "$tf" || (cat "$tf"; exit 1)
;;
arch-*)
# there may be a libc upgrade which only -Syu handles;
# ignore linux kernel as we would fail to detect it and handle
# reboot; actual distro upgrade is done later in prepare.
pacman -Syu --noconfirm xdelta3 curl --ignore linux &> "$tf" || (cat "$tf"; exit 1)
;;
esac
rm -f "$tf"
curl -sS -o - "https://codeload.github.com/snapcore/snapd/tar.gz/$DELTA_REF" | gunzip > delta-ref.tar
xdelta3 -q -c -d -s delta-ref.tar current.delta | tar x --strip-components=1
rm -f delta-ref.tar current.delta
elif [ -d "$DELTA_PREFIX" ]; then
find "$DELTA_PREFIX" -mindepth 1 -maxdepth 1 -exec mv {} . \;
rmdir "$DELTA_PREFIX"
fi
# TODO: drop once 21.10 images are fixed
if [[ "$SPREAD_SYSTEM" == ubuntu-21.10-* ]] && [[ -e /home/ubuntu/.ssh ]]; then
chown -R ubuntu:ubuntu /home/ubuntu/.ssh
fi
# Take the MATCH and REBOOT functions from spread and allow our shell
# scripts to use them as shell commands. The replacements are real
# executables in tests/lib/bin (which is on PATH) but they source
# spread-funcs.sh written here, base on the definitions provided by SPREAD.
# This ensures that 1) spread functions define the code 2) both MATCH and
# REBOOT are executables and not functions, and can be called from any
# context.
type MATCH | tail -n +2 > "$TESTSLIB"/spread-funcs.sh
unset MATCH
type NOMATCH | tail -n +2 >> "$TESTSLIB"/spread-funcs.sh
unset NOMATCH
type REBOOT | tail -n +2 >> "$TESTSLIB"/spread-funcs.sh
unset REBOOT
# Copy external tools from the subtree to the "$TESTSLIB"/tools directory
# The idea is to have a single directory with all the testing tools
cp -f "$TESTSLIB"/external/snapd-testing-tools/tools/* "$TESTSTOOLS"
# ensure there are no broken snaps or the invariant test will fail later
if command -v snap; then
BROKEN="$(snap list --all | awk '/,?broken,?/ {print $1,$3}')"
if [ -n "$BROKEN" ]; then
echo "Test system has broken snaps:"
snap list --all
exit 1
fi
fi
# NOTE: At this stage the source tree is available and no more special
# considerations apply.
"$TESTSLIB"/prepare-restore.sh --prepare-project
prepare-each: |
"$TESTSLIB"/prepare-restore.sh --prepare-project-each
restore: |
"$TESTSLIB"/prepare-restore.sh --restore-project
restore-each: |
"$TESTSLIB"/prepare-restore.sh --restore-project-each
suites:
tests/lib/tools/suite/:
summary: Tests for tests/lib/tools tools
backends: [google, qemu]
prepare-each: |
"$TESTSLIB"/prepare-restore.sh --prepare-suite-each-minimal-no-snaps
restore-each: |
"$TESTSLIB"/prepare-restore.sh --restore-suite-each-minimal-no-snaps
# The essential tests designed to run inside the autopkgtest
# environment on each platform. On autopkgtest we cannot run all tests
# as this is very slow and we run into timeouts.
#
# These tests are executed on all other plattforms as they
# are designed to run on pristine systems
tests/smoke/:
summary: Essential system level tests for snapd
prepare: |
"$TESTSLIB"/prepare-restore.sh --prepare-suite
prepare-each: |
"$TESTSLIB"/prepare-restore.sh --prepare-suite-each
restore-each: |
"$TESTSLIB"/prepare-restore.sh --restore-suite-each
restore: |
"$TESTSLIB"/prepare-restore.sh --restore-suite
# All other tests run now and will heavily modify the system.
tests/main/:
summary: Full-system tests for snapd
systems: [-ubuntu-secboot-*]
prepare: |
"$TESTSLIB"/prepare-restore.sh --prepare-suite
prepare-each: |
"$TESTSLIB"/prepare-restore.sh --prepare-suite-each
restore-each: |
"$TESTSLIB"/prepare-restore.sh --restore-suite-each
restore: |
"$TESTSLIB"/prepare-restore.sh --restore-suite
debug: |
if [ "$SPREAD_DEBUG_EACH" = 1 ]; then
systemctl status snapd.socket || true
fi
tests/core/:
summary: Subset of Ubuntu Core specific tests
systems: [ubuntu-core-*]
prepare: |
"$TESTSLIB"/prepare-restore.sh --prepare-suite
prepare-each: |
"$TESTSLIB"/prepare-restore.sh --prepare-suite-each
restore-each: |
"$TESTSLIB"/prepare-restore.sh --restore-suite-each
restore: |
"$TESTSLIB"/prepare-restore.sh --restore-suite
tests/completion/:
summary: completion tests
# ppc64el disabled because of https://bugs.launchpad.net/snappy/+bug/1655594
systems: [-ubuntu-core-*, -ubuntu-*-ppc64el, -ubuntu-secboot-*]
prepare: |
"$TESTSLIB"/prepare-restore.sh --prepare-suite
prepare-each: |
"$TESTSLIB"/prepare-restore.sh --prepare-suite-each
restore-each: |
"$TESTSLIB"/prepare-restore.sh --restore-suite-each
restore: |
"$TESTSLIB"/prepare-restore.sh --restore-suite
environment:
_/plain: _
_/plain_plusdirs: _
_/funky: _
_/files: _
# dirs fails on indirection because of (mis)handling of trailing
# slashes. This might be configuration-dependent.
# _/dirs: _
_/hosts: _
_/hosts_n_dirs: _
# twisted fails in travis (but not regular spread).
#_/twisted: _
_/func: _
_/funkyfunc: _
_/funcarg: _
tests/regression/:
summary: Regression tests for snapd
systems: [-ubuntu-secboot-*]
prepare: |
"$TESTSLIB"/prepare-restore.sh --prepare-suite
prepare-each: |
"$TESTSLIB"/prepare-restore.sh --prepare-suite-each
restore-each: |
"$TESTSLIB"/prepare-restore.sh --restore-suite-each
restore: |
"$TESTSLIB"/prepare-restore.sh --restore-suite
tests/upgrade/:
summary: Tests for snapd upgrade
# Test cases are not yet ported to openSUSE that is why we keep
# it disabled. A later PR will enable most tests and
# drop the list of excluded systems.
systems: [-ubuntu-core-*, -opensuse-*, -ubuntu-secboot-*]
prepare-each: |
# FIXME: this should really use prepare-restore.sh --prepare-suite-each
# like other suites, needs more investigation
# shellcheck source=tests/lib/state.sh
. "$TESTSLIB"/state.sh
mkdir -p "$RUNTIME_STATE_PATH"
# save the job which is going to be executed in the system
echo -n "$SPREAD_JOB " >> "$RUNTIME_STATE_PATH/runs"
restore: |
if [ "$REMOTE_STORE" = staging ]; then
echo "skip upgrade tests while talking to the staging store"
exit 0
fi
restore-each: |
if [ "$REMOTE_STORE" = staging ]; then
echo "skip upgrade tests while talking to the staging store"
exit 0
fi
#shellcheck source=tests/lib/pkgdb.sh
. "$TESTSLIB"/pkgdb.sh
distro_purge_package snapd
distro_purge_package snapd-xdg-open || true
tests/cross/:
summary: Cross-compile tests
systems: [ubuntu-16.04-64, ubuntu-18.04-64]
tests/unit/:
summary: Suite to run unit tests (non-go and different go runtimes)
# Test cases are not yet ported to Fedora/openSUSE/Arch that is why
# we keep them disabled. A later PR will enable most tests and
# drop the list of excluded systems.
systems:
[
-ubuntu-core-*,
-fedora-*,
-opensuse-*,
-arch-*,
-amazon-*,
-centos-*,
-ubuntu-secboot-*,
]
# unittests are run as part of the autopkgtest build already
backends: [-autopkgtest]
environment:
# env vars required for coverage reporting from a spread task
COVERMODE: '$(HOST: echo "$COVERMODE")'
prepare: |
#shellcheck source=tests/lib/prepare.sh
. "$TESTSLIB"/prepare.sh
prepare_classic
prepare-each: |
"$TESTSLIB"/reset.sh --reuse-core
#shellcheck source=tests/lib/prepare.sh
. "$TESTSLIB"/prepare.sh
prepare_each_classic
restore: |
"$TESTSLIB"/reset.sh --store
#shellcheck source=tests/lib/pkgdb.sh
. "$TESTSLIB"/pkgdb.sh
distro_purge_package snapd
case "$SPREAD_SYSTEM" in
arch-*)
# there is no snap-confine and ubuntu-core-launcher
# in Arch
;;
*)
distro_purge_package snap-confine ubuntu-core-launcher
;;
esac
tests/nightly/:
summary: Suite for nightly, expensive, tests
manual: true
# Test cases are not yet ported to Fedora/openSUSE/Arch/AMZN2 that is why
# we keep them disabled. A later PR will enable most tests and
# drop the list of excluded systems.
prepare: |
"$TESTSLIB"/prepare-restore.sh --prepare-suite
prepare-each: |
"$TESTSLIB"/prepare-restore.sh --prepare-suite-each
restore-each: |
"$TESTSLIB"/prepare-restore.sh --restore-suite-each
restore: |
"$TESTSLIB"/prepare-restore.sh --restore-suite
tests/nested/manual/:
summary: Tests for nested images controlled manually from the tests
backends: [google-nested, qemu-nested]
systems: [ubuntu-16.04-64, ubuntu-18.04-64, ubuntu-20.04-64, ubuntu-21.10-64, ubuntu-22.04-64]
environment:
NESTED_TYPE: "classic"
# Enable kvm in the qemu command line
NESTED_ENABLE_KVM: '$(HOST: echo "${NESTED_ENABLE_KVM:-true}")'
# Enable tpm in the nested vm in case it is supported
NESTED_ENABLE_TPM: '$(HOST: echo "${NESTED_ENABLE_TPM:-}")'
# Enable secure boot in the nested vm in case it is supported
NESTED_ENABLE_SECURE_BOOT: '$(HOST: echo "${NESTED_ENABLE_SECURE_BOOT:-}")'
manual: true
warn-timeout: 10m
kill-timeout: 60m
prepare: |
#shellcheck source=tests/lib/pkgdb.sh
. "$TESTSLIB"/pkgdb.sh
#shellcheck source=tests/lib/image.sh
. "$TESTSLIB"/image.sh
distro_update_package_db
distro_install_package snapd qemu qemu-utils genisoimage sshpass qemu-kvm cloud-image-utils ovmf kpartx xz-utils mtools ca-certificates xdelta3
if os.query is-xenial; then
# the new ubuntu-image expects mkfs to support -d option, which was not
# supported yet by the version of mkfs that shipped with Ubuntu 16.04
snap install ubuntu-image --channel="$UBUNTU_IMAGE_SNAP_CHANNEL" --classic
else
build_ubuntu_image
fi
# Install the snapd built
dpkg -i "$SPREAD_PATH"/../snapd_*.deb
prepare-each: |
"$TESTSLIB"/prepare-restore.sh --prepare-suite-each
tests.nested prepare
if os.query is-xenial && ! command -v ubuntu-image >/dev/null; then
# This is needed because the snap in removed during on restore-each
snap install ubuntu-image --channel="$UBUNTU_IMAGE_SNAP_CHANNEL" --classic
fi