diff --git a/integration-cli/build_tests/TestBuildForceRm/Dockerfile b/integration-cli/build_tests/TestBuildForceRm/Dockerfile deleted file mode 100644 index 8468edd4ce..0000000000 --- a/integration-cli/build_tests/TestBuildForceRm/Dockerfile +++ /dev/null @@ -1,3 +0,0 @@ -FROM busybox -RUN true -RUN thiswillfail diff --git a/integration-cli/build_tests/TestBuildHistory/Dockerfile b/integration-cli/build_tests/TestBuildHistory/Dockerfile deleted file mode 100644 index 56c47105cc..0000000000 --- a/integration-cli/build_tests/TestBuildHistory/Dockerfile +++ /dev/null @@ -1,28 +0,0 @@ -FROM busybox - -RUN echo "A" -RUN echo "B" -RUN echo "C" -RUN echo "D" -RUN echo "E" -RUN echo "F" -RUN echo "G" -RUN echo "H" -RUN echo "I" -RUN echo "J" -RUN echo "K" -RUN echo "L" -RUN echo "M" -RUN echo "N" -RUN echo "O" -RUN echo "P" -RUN echo "Q" -RUN echo "R" -RUN echo "S" -RUN echo "T" -RUN echo "U" -RUN echo "V" -RUN echo "W" -RUN echo "X" -RUN echo "Y" -RUN echo "Z" diff --git a/integration-cli/build_tests/TestBuildRm/Dockerfile b/integration-cli/build_tests/TestBuildRm/Dockerfile deleted file mode 100644 index 190eacf117..0000000000 --- a/integration-cli/build_tests/TestBuildRm/Dockerfile +++ /dev/null @@ -1,4 +0,0 @@ -FROM busybox -ADD foo / -ADD foo / - diff --git a/integration-cli/build_tests/TestBuildRm/foo b/integration-cli/build_tests/TestBuildRm/foo deleted file mode 100644 index 5716ca5987..0000000000 --- a/integration-cli/build_tests/TestBuildRm/foo +++ /dev/null @@ -1 +0,0 @@ -bar diff --git a/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/ignoredinaccessible/.dockerignore b/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/ignoredinaccessible/.dockerignore deleted file mode 100644 index fb1fad86ff..0000000000 --- a/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/ignoredinaccessible/.dockerignore +++ /dev/null @@ -1 +0,0 @@ -directoryWeCantStat diff --git a/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/ignoredinaccessible/Dockerfile b/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/ignoredinaccessible/Dockerfile deleted file mode 100644 index 0964b8e87c..0000000000 --- a/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/ignoredinaccessible/Dockerfile +++ /dev/null @@ -1,2 +0,0 @@ -FROM busybox -ADD . /foo/ diff --git a/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/ignoredinaccessible/directoryWeCantStat/bar b/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/ignoredinaccessible/directoryWeCantStat/bar deleted file mode 100644 index 257cc5642c..0000000000 --- a/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/ignoredinaccessible/directoryWeCantStat/bar +++ /dev/null @@ -1 +0,0 @@ -foo diff --git a/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/inaccessibledirectory/Dockerfile b/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/inaccessibledirectory/Dockerfile deleted file mode 100644 index 0964b8e87c..0000000000 --- a/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/inaccessibledirectory/Dockerfile +++ /dev/null @@ -1,2 +0,0 @@ -FROM busybox -ADD . /foo/ diff --git a/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/inaccessibledirectory/directoryWeCantStat/bar b/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/inaccessibledirectory/directoryWeCantStat/bar deleted file mode 100644 index 257cc5642c..0000000000 --- a/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/inaccessibledirectory/directoryWeCantStat/bar +++ /dev/null @@ -1 +0,0 @@ -foo diff --git a/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/inaccessiblefile/Dockerfile b/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/inaccessiblefile/Dockerfile deleted file mode 100644 index 0964b8e87c..0000000000 --- a/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/inaccessiblefile/Dockerfile +++ /dev/null @@ -1,2 +0,0 @@ -FROM busybox -ADD . /foo/ diff --git a/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/inaccessiblefile/fileWithoutReadAccess b/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/inaccessiblefile/fileWithoutReadAccess deleted file mode 100644 index b25f9a2a19..0000000000 --- a/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/inaccessiblefile/fileWithoutReadAccess +++ /dev/null @@ -1 +0,0 @@ -should make `docker build` throw an error diff --git a/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/linksdirectory/Dockerfile b/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/linksdirectory/Dockerfile deleted file mode 100644 index 0964b8e87c..0000000000 --- a/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/linksdirectory/Dockerfile +++ /dev/null @@ -1,2 +0,0 @@ -FROM busybox -ADD . /foo/ diff --git a/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/linksdirectory/g b/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/linksdirectory/g deleted file mode 120000 index 5fc3f33923..0000000000 --- a/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/linksdirectory/g +++ /dev/null @@ -1 +0,0 @@ -../../../../../../../../../../../../../../../../../../../azA \ No newline at end of file diff --git a/integration-cli/build_tests/TestContextTar/Dockerfile b/integration-cli/build_tests/TestContextTar/Dockerfile deleted file mode 100644 index 41380570c1..0000000000 --- a/integration-cli/build_tests/TestContextTar/Dockerfile +++ /dev/null @@ -1,3 +0,0 @@ -FROM busybox -ADD foo /foo -CMD ["cat", "/foo"] diff --git a/integration-cli/build_tests/TestContextTar/foo b/integration-cli/build_tests/TestContextTar/foo deleted file mode 100644 index 257cc5642c..0000000000 --- a/integration-cli/build_tests/TestContextTar/foo +++ /dev/null @@ -1 +0,0 @@ -foo diff --git a/integration-cli/docker_cli_build_test.go b/integration-cli/docker_cli_build_test.go index b68044e682..9e75d0cb51 100644 --- a/integration-cli/docker_cli_build_test.go +++ b/integration-cli/docker_cli_build_test.go @@ -488,31 +488,23 @@ func TestBuildCopyDisallowRemote(t *testing.T) { // Issue #5270 - ensure we throw a better error than "unexpected EOF" // when we can't access files in the context. func TestBuildWithInaccessibleFilesInContext(t *testing.T) { - testDirName := "TestBuildWithInaccessibleFilesInContext" - - sourceDirectory := filepath.Join(workingDirectory, "build_tests", testDirName) - buildDirectory, err := ioutil.TempDir("", "test-build-inaccessible-directory") - defer os.RemoveAll(buildDirectory) - - err = copyWithCP(sourceDirectory, buildDirectory) - if err != nil { - t.Fatalf("failed to copy files to temporary directory: %s", err) - } - - buildDirectory = filepath.Join(buildDirectory, testDirName) { + name := "testbuildinaccessiblefiles" + defer deleteImages(name) + ctx, err := fakeContext("FROM scratch\nADD . /foo/", map[string]string{"fileWithoutReadAccess": "foo"}) + if err != nil { + t.Fatal(err) + } + defer ctx.Close() // This is used to ensure we detect inaccessible files early during build in the cli client - pathToInaccessibleFileBuildDirectory := filepath.Join(buildDirectory, "inaccessiblefile") - pathToFileWithoutReadAccess := filepath.Join(pathToInaccessibleFileBuildDirectory, "fileWithoutReadAccess") + pathToFileWithoutReadAccess := filepath.Join(ctx.Dir, "fileWithoutReadAccess") - err := os.Chown(pathToFileWithoutReadAccess, 0, 0) + err = os.Chown(pathToFileWithoutReadAccess, 0, 0) errorOut(err, t, fmt.Sprintf("failed to chown file to root: %s", err)) err = os.Chmod(pathToFileWithoutReadAccess, 0700) errorOut(err, t, fmt.Sprintf("failed to chmod file to 700: %s", err)) - - buildCommandStatement := fmt.Sprintf("%s build -t inaccessiblefiles .", dockerBinary) - buildCmd := exec.Command("su", "unprivilegeduser", "-c", buildCommandStatement) - buildCmd.Dir = pathToInaccessibleFileBuildDirectory + buildCmd := exec.Command("su", "unprivilegeduser", "-c", fmt.Sprintf("%s build -t %s .", dockerBinary, name)) + buildCmd.Dir = ctx.Dir out, exitCode, err := runCommandWithOutput(buildCmd) if err == nil || exitCode == 0 { t.Fatalf("build should have failed: %s %s", err, out) @@ -528,21 +520,26 @@ func TestBuildWithInaccessibleFilesInContext(t *testing.T) { } } { + name := "testbuildinaccessibledirectory" + defer deleteImages(name) + ctx, err := fakeContext("FROM scratch\nADD . /foo/", map[string]string{"directoryWeCantStat/bar": "foo"}) + if err != nil { + t.Fatal(err) + } + defer ctx.Close() // This is used to ensure we detect inaccessible directories early during build in the cli client - pathToInaccessibleDirectoryBuildDirectory := filepath.Join(buildDirectory, "inaccessibledirectory") - pathToDirectoryWithoutReadAccess := filepath.Join(pathToInaccessibleDirectoryBuildDirectory, "directoryWeCantStat") + pathToDirectoryWithoutReadAccess := filepath.Join(ctx.Dir, "directoryWeCantStat") pathToFileInDirectoryWithoutReadAccess := filepath.Join(pathToDirectoryWithoutReadAccess, "bar") - err := os.Chown(pathToDirectoryWithoutReadAccess, 0, 0) + err = os.Chown(pathToDirectoryWithoutReadAccess, 0, 0) errorOut(err, t, fmt.Sprintf("failed to chown directory to root: %s", err)) err = os.Chmod(pathToDirectoryWithoutReadAccess, 0444) errorOut(err, t, fmt.Sprintf("failed to chmod directory to 755: %s", err)) err = os.Chmod(pathToFileInDirectoryWithoutReadAccess, 0700) errorOut(err, t, fmt.Sprintf("failed to chmod file to 444: %s", err)) - buildCommandStatement := fmt.Sprintf("%s build -t inaccessiblefiles .", dockerBinary) - buildCmd := exec.Command("su", "unprivilegeduser", "-c", buildCommandStatement) - buildCmd.Dir = pathToInaccessibleDirectoryBuildDirectory + buildCmd := exec.Command("su", "unprivilegeduser", "-c", fmt.Sprintf("%s build -t %s .", dockerBinary, name)) + buildCmd.Dir = ctx.Dir out, exitCode, err := runCommandWithOutput(buildCmd) if err == nil || exitCode == 0 { t.Fatalf("build should have failed: %s %s", err, out) @@ -559,41 +556,52 @@ func TestBuildWithInaccessibleFilesInContext(t *testing.T) { } { + name := "testlinksok" + defer deleteImages(name) + ctx, err := fakeContext("FROM scratch\nADD . /foo/", nil) + if err != nil { + t.Fatal(err) + } + defer ctx.Close() + if err := os.Symlink(filepath.Join(ctx.Dir, "g"), "../../../../../../../../../../../../../../../../../../../azA"); err != nil { + t.Fatal(err) + } // This is used to ensure we don't follow links when checking if everything in the context is accessible // This test doesn't require that we run commands as an unprivileged user - pathToDirectoryWhichContainsLinks := filepath.Join(buildDirectory, "linksdirectory") - - out, exitCode, err := dockerCmdInDir(t, pathToDirectoryWhichContainsLinks, "build", "-t", "testlinksok", ".") - if err != nil || exitCode != 0 { - t.Fatalf("build should have worked: %s %s", err, out) + if _, err := buildImageFromContext(name, ctx, true); err != nil { + t.Fatal(err) } - - deleteImages("testlinksok") - } { + name := "testbuildignoredinaccessible" + defer deleteImages(name) + ctx, err := fakeContext("FROM scratch\nADD . /foo/", + map[string]string{ + "directoryWeCantStat/bar": "foo", + ".dockerignore": "directoryWeCantStat", + }) + if err != nil { + t.Fatal(err) + } + defer ctx.Close() // This is used to ensure we don't try to add inaccessible files when they are ignored by a .dockerignore pattern - pathToInaccessibleDirectoryBuildDirectory := filepath.Join(buildDirectory, "ignoredinaccessible") - pathToDirectoryWithoutReadAccess := filepath.Join(pathToInaccessibleDirectoryBuildDirectory, "directoryWeCantStat") + pathToDirectoryWithoutReadAccess := filepath.Join(ctx.Dir, "directoryWeCantStat") pathToFileInDirectoryWithoutReadAccess := filepath.Join(pathToDirectoryWithoutReadAccess, "bar") - err := os.Chown(pathToDirectoryWithoutReadAccess, 0, 0) + err = os.Chown(pathToDirectoryWithoutReadAccess, 0, 0) errorOut(err, t, fmt.Sprintf("failed to chown directory to root: %s", err)) err = os.Chmod(pathToDirectoryWithoutReadAccess, 0444) errorOut(err, t, fmt.Sprintf("failed to chmod directory to 755: %s", err)) err = os.Chmod(pathToFileInDirectoryWithoutReadAccess, 0700) errorOut(err, t, fmt.Sprintf("failed to chmod file to 444: %s", err)) - buildCommandStatement := fmt.Sprintf("%s build -t ignoredinaccessible .", dockerBinary) - buildCmd := exec.Command("su", "unprivilegeduser", "-c", buildCommandStatement) - buildCmd.Dir = pathToInaccessibleDirectoryBuildDirectory + buildCmd := exec.Command("su", "unprivilegeduser", "-c", fmt.Sprintf("%s build -t %s .", dockerBinary, name)) + buildCmd.Dir = ctx.Dir out, exitCode, err := runCommandWithOutput(buildCmd) if err != nil || exitCode != 0 { t.Fatalf("build should have worked: %s %s", err, out) } - deleteImages("ignoredinaccessible") } - deleteImages("inaccessiblefiles") logDone("build - ADD from context with inaccessible files must fail") logDone("build - ADD from context with accessible links must work") logDone("build - ADD from context with ignored inaccessible files must work") @@ -604,10 +612,16 @@ func TestBuildForceRm(t *testing.T) { if err != nil { t.Fatalf("failed to get the container count: %s", err) } + name := "testbuildforcerm" + defer deleteImages(name) + ctx, err := fakeContext("FROM scratch\nRUN true\nRUN thiswillfail", nil) + if err != nil { + t.Fatal(err) + } + defer ctx.Close() - buildDirectory := filepath.Join(workingDirectory, "build_tests", "TestBuildForceRm") - buildCmd := exec.Command(dockerBinary, "build", "--force-rm", ".") - buildCmd.Dir = buildDirectory + buildCmd := exec.Command(dockerBinary, "build", "-t", name, "--force-rm", ".") + buildCmd.Dir = ctx.Dir _, exitCode, err := runCommandWithOutput(buildCmd) if err == nil || exitCode == 0 { @@ -627,17 +641,23 @@ func TestBuildForceRm(t *testing.T) { } func TestBuildRm(t *testing.T) { + name := "testbuildrm" + defer deleteImages(name) + ctx, err := fakeContext("FROM scratch\nADD foo /\nADD foo /", map[string]string{"foo": "bar"}) + if err != nil { + t.Fatal(err) + } + defer ctx.Close() { containerCountBefore, err := getContainerCount() if err != nil { t.Fatalf("failed to get the container count: %s", err) } - buildDirectory := filepath.Join(workingDirectory, "build_tests", "TestBuildRm") - _, exitCode, err := dockerCmdInDir(t, buildDirectory, "build", "--rm", "-t", "testbuildrm", ".") + out, exitCode, err := dockerCmdInDir(t, ctx.Dir, "build", "--rm", "-t", name, ".") if err != nil || exitCode != 0 { - t.Fatal("failed to build the image") + t.Fatal("failed to build the image", out) } containerCountAfter, err := getContainerCount() @@ -648,7 +668,7 @@ func TestBuildRm(t *testing.T) { if containerCountBefore != containerCountAfter { t.Fatalf("-rm shouldn't have left containers behind") } - deleteImages("testbuildrm") + deleteImages(name) } { @@ -657,11 +677,10 @@ func TestBuildRm(t *testing.T) { t.Fatalf("failed to get the container count: %s", err) } - buildDirectory := filepath.Join(workingDirectory, "build_tests", "TestBuildRm") - _, exitCode, err := dockerCmdInDir(t, buildDirectory, "build", "-t", "testbuildrm", ".") + out, exitCode, err := dockerCmdInDir(t, ctx.Dir, "build", "-t", name, ".") if err != nil || exitCode != 0 { - t.Fatal("failed to build the image") + t.Fatal("failed to build the image", out) } containerCountAfter, err := getContainerCount() @@ -672,7 +691,7 @@ func TestBuildRm(t *testing.T) { if containerCountBefore != containerCountAfter { t.Fatalf("--rm shouldn't have left containers behind") } - deleteImages("testbuildrm") + deleteImages(name) } { @@ -681,11 +700,10 @@ func TestBuildRm(t *testing.T) { t.Fatalf("failed to get the container count: %s", err) } - buildDirectory := filepath.Join(workingDirectory, "build_tests", "TestBuildRm") - _, exitCode, err := dockerCmdInDir(t, buildDirectory, "build", "--rm=false", "-t", "testbuildrm", ".") + out, exitCode, err := dockerCmdInDir(t, ctx.Dir, "build", "--rm=false", "-t", name, ".") if err != nil || exitCode != 0 { - t.Fatal("failed to build the image") + t.Fatal("failed to build the image", out) } containerCountAfter, err := getContainerCount() @@ -697,7 +715,7 @@ func TestBuildRm(t *testing.T) { t.Fatalf("--rm=false should have left containers behind") } deleteAllContainers() - deleteImages("testbuildrm") + deleteImages(name) } @@ -1396,20 +1414,31 @@ func TestBuildADDLocalAndRemoteFilesWithCache(t *testing.T) { } func testContextTar(t *testing.T, compression archive.Compression) { - contextDirectory := filepath.Join(workingDirectory, "build_tests", "TestContextTar") - context, err := archive.Tar(contextDirectory, compression) - + ctx, err := fakeContext( + `FROM busybox +ADD foo /foo +CMD ["cat", "/foo"]`, + map[string]string{ + "foo": "bar", + }, + ) + defer ctx.Close() + if err != nil { + t.Fatal(err) + } + context, err := archive.Tar(ctx.Dir, compression) if err != nil { t.Fatalf("failed to build context tar: %v", err) } - buildCmd := exec.Command(dockerBinary, "build", "-t", "contexttar", "-") + name := "contexttar" + buildCmd := exec.Command(dockerBinary, "build", "-t", name, "-") + defer deleteImages(name) buildCmd.Stdin = context out, exitCode, err := runCommandWithOutput(buildCmd) if err != nil || exitCode != 0 { t.Fatalf("build failed to complete: %v %v", out, err) } - deleteImages("contexttar") logDone(fmt.Sprintf("build - build an image with a context tar, compression: %v", compression)) } diff --git a/integration-cli/docker_cli_history_test.go b/integration-cli/docker_cli_history_test.go index c76c3a2fbf..18e882d205 100644 --- a/integration-cli/docker_cli_history_test.go +++ b/integration-cli/docker_cli_history_test.go @@ -3,7 +3,6 @@ package main import ( "fmt" "os/exec" - "path/filepath" "strings" "testing" ) @@ -11,17 +10,42 @@ import ( // This is a heisen-test. Because the created timestamp of images and the behavior of // sort is not predictable it doesn't always fail. func TestBuildHistory(t *testing.T) { - buildDirectory := filepath.Join(workingDirectory, "build_tests", "TestBuildHistory") - buildCmd := exec.Command(dockerBinary, "build", "-t", "testbuildhistory", ".") + name := "testbuildhistory" + defer deleteImages(name) + _, err := buildImage(name, `FROM busybox +RUN echo "A" +RUN echo "B" +RUN echo "C" +RUN echo "D" +RUN echo "E" +RUN echo "F" +RUN echo "G" +RUN echo "H" +RUN echo "I" +RUN echo "J" +RUN echo "K" +RUN echo "L" +RUN echo "M" +RUN echo "N" +RUN echo "O" +RUN echo "P" +RUN echo "Q" +RUN echo "R" +RUN echo "S" +RUN echo "T" +RUN echo "U" +RUN echo "V" +RUN echo "W" +RUN echo "X" +RUN echo "Y" +RUN echo "Z"`, + true) - buildCmd.Dir = buildDirectory - out, exitCode, err := runCommandWithOutput(buildCmd) - errorOut(err, t, fmt.Sprintf("build failed to complete: %v %v", out, err)) - if err != nil || exitCode != 0 { - t.Fatal("failed to build the image") + if err != nil { + t.Fatal(err) } - out, exitCode, err = runCommandWithOutput(exec.Command(dockerBinary, "history", "testbuildhistory")) + out, exitCode, err := runCommandWithOutput(exec.Command(dockerBinary, "history", "testbuildhistory")) errorOut(err, t, fmt.Sprintf("image history failed: %v %v", out, err)) if err != nil || exitCode != 0 { t.Fatal("failed to get image history") @@ -39,8 +63,6 @@ func TestBuildHistory(t *testing.T) { } } - deleteImages("testbuildhistory") - logDone("history - build history") } diff --git a/integration-cli/docker_utils.go b/integration-cli/docker_utils.go index 91418ea0a4..17c164fd06 100644 --- a/integration-cli/docker_utils.go +++ b/integration-cli/docker_utils.go @@ -440,6 +440,9 @@ func fakeContext(dockerfile string, files map[string]string) (*FakeContext, erro if err != nil { return nil, err } + if err := os.Chmod(tmp, 0755); err != nil { + return nil, err + } ctx := &FakeContext{tmp} for file, content := range files { if err := ctx.Add(file, content); err != nil {