From 60c0b6fac89858f408168f435fcea779bf224cea Mon Sep 17 00:00:00 2001
From: Michael Vogt <michael.vogt@gmail.com>
Date: Tue, 5 Nov 2024 17:42:59 +0100
Subject: [PATCH] container: add nested RHSM rpm test

---
 bib/internal/container/container.go   |  6 +++
 bib/internal/container/export_test.go |  5 +++
 bib/internal/container/solver_test.go | 59 ++++++++++++++++++++++++++-
 3 files changed, 68 insertions(+), 2 deletions(-)
 create mode 100644 bib/internal/container/export_test.go

diff --git a/bib/internal/container/container.go b/bib/internal/container/container.go
index 454ec710..f989538d 100644
--- a/bib/internal/container/container.go
+++ b/bib/internal/container/container.go
@@ -34,9 +34,15 @@ func New(ref string) (*Container, error) {
 		"--rm",
 		"--init", // If sleep infinity is run as PID 1, it doesn't get signals, thus we cannot easily stop the container
 		"--detach",
+		// XXX: ONLY NEEDED TO FOR TestDNFJsonWorkWithSubscribedContentNestedContainers
+		// DO NOT MERGE BUT INSTEAD extract helper in the test that
+		// runs a priv contianer
+		"--privileged",
 		"--net", "host", // Networking in a nested container doesn't work without re-using this container's network
 		"--entrypoint", "sleep", // The entrypoint might be arbitrary, so let's just override it with sleep, we don't want to run anything
 	}
+	// XXX:
+	args = append(args, testExtraArgs)
 
 	// Re-mount the secret directory if it exists
 	if _, err := os.Stat(secretDir); err == nil {
diff --git a/bib/internal/container/export_test.go b/bib/internal/container/export_test.go
new file mode 100644
index 00000000..f75a205e
--- /dev/null
+++ b/bib/internal/container/export_test.go
@@ -0,0 +1,5 @@
+package container
+
+func (c *Container) ID() string {
+	return c.id
+}
diff --git a/bib/internal/container/solver_test.go b/bib/internal/container/solver_test.go
index 83489921..b19a9c9b 100644
--- a/bib/internal/container/solver_test.go
+++ b/bib/internal/container/solver_test.go
@@ -18,8 +18,9 @@ import (
 )
 
 const (
-	dnfTestingImageRHEL   = "registry.access.redhat.com/ubi9:latest"
-	dnfTestingImageCentos = "quay.io/centos/centos:stream9"
+	dnfTestingImageRHEL         = "registry.access.redhat.com/ubi9:latest"
+	dnfTestingImageCentos       = "quay.io/centos/centos:stream9"
+	dnfTestingImageFedoraLatest = "registry.fedoraproject.org/fedora:latest"
 )
 
 func TestDNFJsonWorks(t *testing.T) {
@@ -136,3 +137,57 @@ func TestDNFJsonWorkWithSubscribedContent(t *testing.T) {
 	require.NoError(t, err)
 	assert.True(t, len(res.Packages) > 0)
 }
+
+func TestDNFJsonWorkWithSubscribedContentNestedContainers(t *testing.T) {
+	// XXX: lots of duplication to TestDNFJsonWorkWithSubscribedContent
+	if os.Geteuid() != 0 {
+		t.Skip("skipping test; not running as root")
+	}
+	if runtime.GOARCH != "amd64" {
+		t.Skip("skipping test; only runs on x86_64")
+	}
+	if _, err := os.Stat("/usr/libexec/osbuild-depsolve-dnf"); err != nil {
+		t.Skip("cannot find /usr/libexec/osbuild-depsolve-dnf")
+	}
+	tmpdir := t.TempDir()
+
+	restore := subscribeMachine(t)
+	defer restore()
+
+	// use a fedora container as intermediate so that we always have
+	// the latest glibc (we cannot fully static link the test)
+	cnt, err := container.New(dnfTestingImageFedoraLatest)
+	require.NoError(t, err)
+	defer cnt.Stop()
+
+	// build a test binary from the existing
+	// TestDNFJsonWorkWithSubscribedContent that is then
+	// transfered and run *inside* the centos container
+	testBinary := filepath.Join(tmpdir, "dnftest")
+	cmd := exec.Command(
+		"go", "test",
+		"-c",
+		"-o", testBinary,
+		"-run", "^TestDNFJsonWorkWithSubscribedContent$")
+	cmd.Stdout = os.Stdout
+	cmd.Stderr = os.Stderr
+	err = cmd.Run()
+	require.NoError(t, err)
+	err = cnt.CopyInto(testBinary, "/dnftest")
+	require.NoError(t, err)
+
+	// XXX: simplify
+	cmd = exec.Command("podman", "exec", cnt.ID(), "dnf", "install", "-y", "gpgme", "podman")
+	cmd.Stdout = os.Stdout
+	cmd.Stderr = os.Stderr
+	err = cmd.Run()
+	require.NoError(t, err)
+
+	cmd = exec.Command(
+		"podman", "exec",
+		cnt.ID(), "/dnftest")
+	cmd.Stdout = os.Stdout
+	cmd.Stderr = os.Stderr
+	err = cmd.Run()
+	assert.NoError(t, err)
+}