|
| 1 | +#!/bin/bash |
| 2 | +# This script is used for initializing the host environment for CI. |
| 3 | +# Supports Fedora and EL-based distributions. |
| 4 | +set -eux -o pipefail |
| 5 | + |
| 6 | +SCRIPTDIR="$(dirname "${BASH_SOURCE[0]}")" |
| 7 | + |
| 8 | +# PLATFORM_ID is not available on Fedora |
| 9 | +PLATFORM_ID= |
| 10 | +grep -q ^PLATFORM_ID /etc/os-release && PLATFORM_ID="$(grep -oP '^PLATFORM_ID="\K[^"]+' /etc/os-release)" |
| 11 | + |
| 12 | +# Initialize DNF |
| 13 | +DNF=(dnf -y --setopt=install_weak_deps=False --setopt=tsflags=nodocs) |
| 14 | +case "$PLATFORM_ID" in |
| 15 | +platform:el8) |
| 16 | + # DNF+=(--exclude="kernel,kernel-core") seems to fail |
| 17 | + "${DNF[@]}" config-manager --set-enabled powertools # for glibc-static |
| 18 | + "${DNF[@]}" install epel-release |
| 19 | + ;; |
| 20 | +platform:el9 | platform:el10) |
| 21 | + DNF+=(--exclude="kernel,kernel-core") |
| 22 | + "${DNF[@]}" config-manager --set-enabled crb # for glibc-static |
| 23 | + "${DNF[@]}" install epel-release |
| 24 | + ;; |
| 25 | +*) |
| 26 | + # Fedora |
| 27 | + DNF+=(--exclude="kernel,kernel-core") |
| 28 | + ;; |
| 29 | +esac |
| 30 | + |
| 31 | +# Install common packages |
| 32 | +RPMS=(cargo container-selinux fuse-sshfs git-core glibc-static golang iptables jq libseccomp-devel lld make policycoreutils wget) |
| 33 | +# Work around dnf mirror failures by retrying a few times. |
| 34 | +for i in $(seq 0 2); do |
| 35 | + sleep "$i" |
| 36 | + "${DNF[@]}" update && "${DNF[@]}" install "${RPMS[@]}" && break |
| 37 | +done |
| 38 | +# shellcheck disable=SC2181 |
| 39 | +[ $? -eq 0 ] # fail if dnf failed |
| 40 | + |
| 41 | +# Install CRIU |
| 42 | +if [ "$PLATFORM_ID" = "platform:el8" ]; then |
| 43 | + # Use newer criu (with https://github.com/checkpoint-restore/criu/pull/2545). |
| 44 | + # Alas we have to disable container-tools for that. |
| 45 | + "${DNF[@]}" module disable container-tools |
| 46 | + "${DNF[@]}" copr enable adrian/criu-el8 |
| 47 | +fi |
| 48 | +"${DNF[@]}" install criu |
| 49 | + |
| 50 | +# Install BATS |
| 51 | +if [ "$PLATFORM_ID" = "platform:el8" ]; then |
| 52 | + # The packaged version of bats is too old: `BATS_ERROR_SUFFIX: unbound variable`, `bats_require_minimum_version: command not found` |
| 53 | + ( |
| 54 | + cd /tmp |
| 55 | + git clone https://github.com/bats-core/bats-core |
| 56 | + ( |
| 57 | + cd bats-core |
| 58 | + BATS_VERSION="v1.12.0" |
| 59 | + git checkout "$BATS_VERSION" |
| 60 | + ./install.sh /usr/local |
| 61 | + cat >/etc/profile.d/sh.local <<'EOF' |
| 62 | +PATH="/usr/local/bin:$PATH" |
| 63 | +export PATH |
| 64 | +EOF |
| 65 | + cat >/etc/sudoers.d/local <<'EOF' |
| 66 | +Defaults secure_path = /usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin" |
| 67 | +EOF |
| 68 | + ) |
| 69 | + rm -rf bats-core |
| 70 | + ) |
| 71 | +else |
| 72 | + "${DNF[@]}" install bats |
| 73 | +fi |
| 74 | + |
| 75 | +# Clean up DNF |
| 76 | +dnf clean all |
| 77 | + |
| 78 | +# Install libpathrs |
| 79 | +LIBPATHRS_VERSION="0.2.4" |
| 80 | +"$SCRIPTDIR"/build-libpathrs.sh "$LIBPATHRS_VERSION" /usr |
| 81 | + |
| 82 | +# Setup rootless user. |
| 83 | +"$SCRIPTDIR"/setup_rootless.sh |
| 84 | + |
| 85 | +# Delegate all cgroup v2 controllers to rootless user via --systemd-cgroup |
| 86 | +if [ -e /sys/fs/cgroup/cgroup.controllers ]; then |
| 87 | + mkdir -p /etc/systemd/system/user@.service.d |
| 88 | + cat >/etc/systemd/system/user@.service.d/delegate.conf <<'EOF' |
| 89 | +[Service] |
| 90 | +# The default (since systemd v252) is "pids memory cpu". |
| 91 | +Delegate=yes |
| 92 | +EOF |
| 93 | + systemctl daemon-reload |
| 94 | +fi |
| 95 | + |
| 96 | +# Allow potentially unsafe tests. |
| 97 | +echo 'export RUNC_ALLOW_UNSAFE_TESTS=yes' >>/root/.bashrc |
0 commit comments