From 51a56399f6384decee03a7e1aa56a3f46cb7c63f Mon Sep 17 00:00:00 2001
From: Alexandr Morozov <lk4d4@docker.com>
Date: Wed, 24 Sep 2014 16:42:17 +0400
Subject: [PATCH] Rewrite TestBuildWithInaccessibleFilesInContext to not use
 fixtures

Signed-off-by: Alexandr Morozov <lk4d4@docker.com>
---
 .../ignoredinaccessible/.dockerignore         |  1 -
 .../ignoredinaccessible/Dockerfile            |  2 -
 .../directoryWeCantStat/bar                   |  1 -
 .../inaccessibledirectory/Dockerfile          |  2 -
 .../directoryWeCantStat/bar                   |  1 -
 .../inaccessiblefile/Dockerfile               |  2 -
 .../inaccessiblefile/fileWithoutReadAccess    |  1 -
 .../linksdirectory/Dockerfile                 |  2 -
 .../linksdirectory/g                          |  1 -
 integration-cli/docker_cli_build_test.go      | 90 ++++++++++---------
 integration-cli/docker_utils.go               |  3 +
 11 files changed, 52 insertions(+), 54 deletions(-)
 delete mode 100644 integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/ignoredinaccessible/.dockerignore
 delete mode 100644 integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/ignoredinaccessible/Dockerfile
 delete mode 100644 integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/ignoredinaccessible/directoryWeCantStat/bar
 delete mode 100644 integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/inaccessibledirectory/Dockerfile
 delete mode 100644 integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/inaccessibledirectory/directoryWeCantStat/bar
 delete mode 100644 integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/inaccessiblefile/Dockerfile
 delete mode 100644 integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/inaccessiblefile/fileWithoutReadAccess
 delete mode 100644 integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/linksdirectory/Dockerfile
 delete mode 120000 integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/linksdirectory/g

diff --git a/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/ignoredinaccessible/.dockerignore b/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/ignoredinaccessible/.dockerignore
deleted file mode 100644
index fb1fad86ff..0000000000
--- a/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/ignoredinaccessible/.dockerignore
+++ /dev/null
@@ -1 +0,0 @@
-directoryWeCantStat
diff --git a/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/ignoredinaccessible/Dockerfile b/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/ignoredinaccessible/Dockerfile
deleted file mode 100644
index 0964b8e87c..0000000000
--- a/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/ignoredinaccessible/Dockerfile
+++ /dev/null
@@ -1,2 +0,0 @@
-FROM busybox
-ADD . /foo/
diff --git a/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/ignoredinaccessible/directoryWeCantStat/bar b/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/ignoredinaccessible/directoryWeCantStat/bar
deleted file mode 100644
index 257cc5642c..0000000000
--- a/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/ignoredinaccessible/directoryWeCantStat/bar
+++ /dev/null
@@ -1 +0,0 @@
-foo
diff --git a/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/inaccessibledirectory/Dockerfile b/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/inaccessibledirectory/Dockerfile
deleted file mode 100644
index 0964b8e87c..0000000000
--- a/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/inaccessibledirectory/Dockerfile
+++ /dev/null
@@ -1,2 +0,0 @@
-FROM busybox
-ADD . /foo/
diff --git a/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/inaccessibledirectory/directoryWeCantStat/bar b/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/inaccessibledirectory/directoryWeCantStat/bar
deleted file mode 100644
index 257cc5642c..0000000000
--- a/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/inaccessibledirectory/directoryWeCantStat/bar
+++ /dev/null
@@ -1 +0,0 @@
-foo
diff --git a/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/inaccessiblefile/Dockerfile b/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/inaccessiblefile/Dockerfile
deleted file mode 100644
index 0964b8e87c..0000000000
--- a/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/inaccessiblefile/Dockerfile
+++ /dev/null
@@ -1,2 +0,0 @@
-FROM busybox
-ADD . /foo/
diff --git a/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/inaccessiblefile/fileWithoutReadAccess b/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/inaccessiblefile/fileWithoutReadAccess
deleted file mode 100644
index b25f9a2a19..0000000000
--- a/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/inaccessiblefile/fileWithoutReadAccess
+++ /dev/null
@@ -1 +0,0 @@
-should make `docker build` throw an error
diff --git a/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/linksdirectory/Dockerfile b/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/linksdirectory/Dockerfile
deleted file mode 100644
index 0964b8e87c..0000000000
--- a/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/linksdirectory/Dockerfile
+++ /dev/null
@@ -1,2 +0,0 @@
-FROM busybox
-ADD . /foo/
diff --git a/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/linksdirectory/g b/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/linksdirectory/g
deleted file mode 120000
index 5fc3f33923..0000000000
--- a/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/linksdirectory/g
+++ /dev/null
@@ -1 +0,0 @@
-../../../../../../../../../../../../../../../../../../../azA
\ No newline at end of file
diff --git a/integration-cli/docker_cli_build_test.go b/integration-cli/docker_cli_build_test.go
index 817990cc50..9ae4ce94c6 100644
--- a/integration-cli/docker_cli_build_test.go
+++ b/integration-cli/docker_cli_build_test.go
@@ -488,31 +488,23 @@ func TestBuildCopyDisallowRemote(t *testing.T) {
 // Issue #5270 - ensure we throw a better error than "unexpected EOF"
 // when we can't access files in the context.
 func TestBuildWithInaccessibleFilesInContext(t *testing.T) {
-	testDirName := "TestBuildWithInaccessibleFilesInContext"
-
-	sourceDirectory := filepath.Join(workingDirectory, "build_tests", testDirName)
-	buildDirectory, err := ioutil.TempDir("", "test-build-inaccessible-directory")
-	defer os.RemoveAll(buildDirectory)
-
-	err = copyWithCP(sourceDirectory, buildDirectory)
-	if err != nil {
-		t.Fatalf("failed to copy files to temporary directory: %s", err)
-	}
-
-	buildDirectory = filepath.Join(buildDirectory, testDirName)
 	{
+		name := "testbuildinaccessiblefiles"
+		defer deleteImages(name)
+		ctx, err := fakeContext("FROM scratch\nADD . /foo/", map[string]string{"fileWithoutReadAccess": "foo"})
+		if err != nil {
+			t.Fatal(err)
+		}
+		defer ctx.Close()
 		// This is used to ensure we detect inaccessible files early during build in the cli client
-		pathToInaccessibleFileBuildDirectory := filepath.Join(buildDirectory, "inaccessiblefile")
-		pathToFileWithoutReadAccess := filepath.Join(pathToInaccessibleFileBuildDirectory, "fileWithoutReadAccess")
+		pathToFileWithoutReadAccess := filepath.Join(ctx.Dir, "fileWithoutReadAccess")
 
-		err := os.Chown(pathToFileWithoutReadAccess, 0, 0)
+		err = os.Chown(pathToFileWithoutReadAccess, 0, 0)
 		errorOut(err, t, fmt.Sprintf("failed to chown file to root: %s", err))
 		err = os.Chmod(pathToFileWithoutReadAccess, 0700)
 		errorOut(err, t, fmt.Sprintf("failed to chmod file to 700: %s", err))
-
-		buildCommandStatement := fmt.Sprintf("%s build -t inaccessiblefiles .", dockerBinary)
-		buildCmd := exec.Command("su", "unprivilegeduser", "-c", buildCommandStatement)
-		buildCmd.Dir = pathToInaccessibleFileBuildDirectory
+		buildCmd := exec.Command("su", "unprivilegeduser", "-c", fmt.Sprintf("%s build -t %s .", dockerBinary, name))
+		buildCmd.Dir = ctx.Dir
 		out, exitCode, err := runCommandWithOutput(buildCmd)
 		if err == nil || exitCode == 0 {
 			t.Fatalf("build should have failed: %s %s", err, out)
@@ -528,21 +520,26 @@ func TestBuildWithInaccessibleFilesInContext(t *testing.T) {
 		}
 	}
 	{
+		name := "testbuildinaccessibledirectory"
+		defer deleteImages(name)
+		ctx, err := fakeContext("FROM scratch\nADD . /foo/", map[string]string{"directoryWeCantStat/bar": "foo"})
+		if err != nil {
+			t.Fatal(err)
+		}
+		defer ctx.Close()
 		// This is used to ensure we detect inaccessible directories early during build in the cli client
-		pathToInaccessibleDirectoryBuildDirectory := filepath.Join(buildDirectory, "inaccessibledirectory")
-		pathToDirectoryWithoutReadAccess := filepath.Join(pathToInaccessibleDirectoryBuildDirectory, "directoryWeCantStat")
+		pathToDirectoryWithoutReadAccess := filepath.Join(ctx.Dir, "directoryWeCantStat")
 		pathToFileInDirectoryWithoutReadAccess := filepath.Join(pathToDirectoryWithoutReadAccess, "bar")
 
-		err := os.Chown(pathToDirectoryWithoutReadAccess, 0, 0)
+		err = os.Chown(pathToDirectoryWithoutReadAccess, 0, 0)
 		errorOut(err, t, fmt.Sprintf("failed to chown directory to root: %s", err))
 		err = os.Chmod(pathToDirectoryWithoutReadAccess, 0444)
 		errorOut(err, t, fmt.Sprintf("failed to chmod directory to 755: %s", err))
 		err = os.Chmod(pathToFileInDirectoryWithoutReadAccess, 0700)
 		errorOut(err, t, fmt.Sprintf("failed to chmod file to 444: %s", err))
 
-		buildCommandStatement := fmt.Sprintf("%s build -t inaccessiblefiles .", dockerBinary)
-		buildCmd := exec.Command("su", "unprivilegeduser", "-c", buildCommandStatement)
-		buildCmd.Dir = pathToInaccessibleDirectoryBuildDirectory
+		buildCmd := exec.Command("su", "unprivilegeduser", "-c", fmt.Sprintf("%s build -t %s .", dockerBinary, name))
+		buildCmd.Dir = ctx.Dir
 		out, exitCode, err := runCommandWithOutput(buildCmd)
 		if err == nil || exitCode == 0 {
 			t.Fatalf("build should have failed: %s %s", err, out)
@@ -559,41 +556,52 @@ func TestBuildWithInaccessibleFilesInContext(t *testing.T) {
 
 	}
 	{
+		name := "testlinksok"
+		defer deleteImages(name)
+		ctx, err := fakeContext("FROM scratch\nADD . /foo/", nil)
+		if err != nil {
+			t.Fatal(err)
+		}
+		defer ctx.Close()
+		if err := os.Symlink(filepath.Join(ctx.Dir, "g"), "../../../../../../../../../../../../../../../../../../../azA"); err != nil {
+			t.Fatal(err)
+		}
 		// This is used to ensure we don't follow links when checking if everything in the context is accessible
 		// This test doesn't require that we run commands as an unprivileged user
-		pathToDirectoryWhichContainsLinks := filepath.Join(buildDirectory, "linksdirectory")
-
-		out, exitCode, err := dockerCmdInDir(t, pathToDirectoryWhichContainsLinks, "build", "-t", "testlinksok", ".")
-		if err != nil || exitCode != 0 {
-			t.Fatalf("build should have worked: %s %s", err, out)
+		if _, err := buildImageFromContext(name, ctx, true); err != nil {
+			t.Fatal(err)
 		}
-
-		deleteImages("testlinksok")
-
 	}
 	{
+		name := "testbuildignoredinaccessible"
+		defer deleteImages(name)
+		ctx, err := fakeContext("FROM scratch\nADD . /foo/",
+			map[string]string{
+				"directoryWeCantStat/bar": "foo",
+				".dockerignore":           "directoryWeCantStat",
+			})
+		if err != nil {
+			t.Fatal(err)
+		}
+		defer ctx.Close()
 		// This is used to ensure we don't try to add inaccessible files when they are ignored by a .dockerignore pattern
-		pathToInaccessibleDirectoryBuildDirectory := filepath.Join(buildDirectory, "ignoredinaccessible")
-		pathToDirectoryWithoutReadAccess := filepath.Join(pathToInaccessibleDirectoryBuildDirectory, "directoryWeCantStat")
+		pathToDirectoryWithoutReadAccess := filepath.Join(ctx.Dir, "directoryWeCantStat")
 		pathToFileInDirectoryWithoutReadAccess := filepath.Join(pathToDirectoryWithoutReadAccess, "bar")
-		err := os.Chown(pathToDirectoryWithoutReadAccess, 0, 0)
+		err = os.Chown(pathToDirectoryWithoutReadAccess, 0, 0)
 		errorOut(err, t, fmt.Sprintf("failed to chown directory to root: %s", err))
 		err = os.Chmod(pathToDirectoryWithoutReadAccess, 0444)
 		errorOut(err, t, fmt.Sprintf("failed to chmod directory to 755: %s", err))
 		err = os.Chmod(pathToFileInDirectoryWithoutReadAccess, 0700)
 		errorOut(err, t, fmt.Sprintf("failed to chmod file to 444: %s", err))
 
-		buildCommandStatement := fmt.Sprintf("%s build -t ignoredinaccessible .", dockerBinary)
-		buildCmd := exec.Command("su", "unprivilegeduser", "-c", buildCommandStatement)
-		buildCmd.Dir = pathToInaccessibleDirectoryBuildDirectory
+		buildCmd := exec.Command("su", "unprivilegeduser", "-c", fmt.Sprintf("%s build -t %s .", dockerBinary, name))
+		buildCmd.Dir = ctx.Dir
 		out, exitCode, err := runCommandWithOutput(buildCmd)
 		if err != nil || exitCode != 0 {
 			t.Fatalf("build should have worked: %s %s", err, out)
 		}
-		deleteImages("ignoredinaccessible")
 
 	}
-	deleteImages("inaccessiblefiles")
 	logDone("build - ADD from context with inaccessible files must fail")
 	logDone("build - ADD from context with accessible links must work")
 	logDone("build - ADD from context with ignored inaccessible files must work")
diff --git a/integration-cli/docker_utils.go b/integration-cli/docker_utils.go
index 91418ea0a4..17c164fd06 100644
--- a/integration-cli/docker_utils.go
+++ b/integration-cli/docker_utils.go
@@ -440,6 +440,9 @@ func fakeContext(dockerfile string, files map[string]string) (*FakeContext, erro
 	if err != nil {
 		return nil, err
 	}
+	if err := os.Chmod(tmp, 0755); err != nil {
+		return nil, err
+	}
 	ctx := &FakeContext{tmp}
 	for file, content := range files {
 		if err := ctx.Add(file, content); err != nil {