Mirror of git.yoctoproject.org/meta-virtualization https://git.enea.com/cgit/linux/meta-virtualization.git/atom?h=master 2026-04-29T20:15:34+00:00 2026-04-29T20:15:34+00:00 Tim Orling tim.orling@konsulko.com 2026-04-16T20:31:02+00:00 urn:sha1:002f915a432467dca4a9c61f75947f10f96e63e2 Add a new pytest module (tests/test_vcontainer_auth_config.py) covering the registry-auth-config feature introduced in the previous commit. Split into two tiers: TestAuthConfigStaticPlumbing (40 static/shell-level assertions): - vrunner.sh: AUTH_CONFIG picks up VDKR_CONFIG/VPDMN_CONFIG; --config parsing; validate_auth_config and setup_auth_share definitions; every validator reject rule (symlink / non-regular / unreadable / missing / <2B / >1MiB / mode whitelist 400|600|200 / non-owner WARN); 0700 staging dir and 0400 staged file; readonly=on on the 9p share; dedicated ${TOOL_NAME}_auth tag. Critically also asserts that AUTH_CONFIG, VDKR_CONFIG and VPDMN_CONFIG never appear in KERNEL_APPEND - only the ${CMDLINE_PREFIX}_auth=1 flag does. - vcontainer-common.sh: env-var init, --config parsing, AUTH_CONFIG forwarding via --config to vrunner, and show_usage documentation. - vcontainer-init-common.sh: RUNTIME_AUTH default, cmdline parsing, mount_auth_share/unmount_auth_share presence, dedicated per-runtime ${VCONTAINER_RUNTIME_NAME}_auth tag, and the ro,nosuid,nodev,noexec mount options. - vdkr-init.sh: install_auth_config present, writes to /root/.docker/config.json with 0600 and 0700 parent, mount + unmount pairing, precedence NOTE logged, and ordering after install_registry_ca so --config wins over --registry-user/-pass. - vpdmn-init.sh: writes to /run/containers/0/auth.json with matching modes, exports REGISTRY_AUTH_FILE, mount/unmount pairing, and ordering after verify_podman. - README.md: --config section exists and documents both env vars and both runtime target paths. TestAuthConfigValidator (13 functional cases): - Extracts validate_auth_config() from vrunner.sh with a brace-matching parser, sources it in a bash subshell with a stubbed log() helper, and drives it with real files: accepts modes 0600 / 0400, accepts the 2-byte minimum "{}", rejects missing / symlink / directory / empty / 1-byte / >1 MiB / 0644 (world-readable) / 0640 / 0700 (owner-exec) / 0000 (unreadable, skipped when running as root). Path resolution is resilient: VCONTAINER_FILES_DIR env override first, otherwise repo-relative to the test file, falling back to the /opt/bruce/poky path used elsewhere in the suite. No tests need QEMU, a registry, or network. All 53 tests complete in ~0.1s. Add tests/__pycache__ to .gitignore. AI-Generated: Claude Cowork Opus 4.7 Signed-off-by: Tim Orling <tim.orling@konsulko.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>