it appears tide (The merge robot) from does not have permission to set contexts on this repo https://github.com/GoogleCloudPlatform/oss-test-infra

cc @fejta

When we built the daisy-builder image, we didn't have a standard for finding the bucket with appropriate permissions with package outputs. So as interim, we parsed the daisy scratch dir from its stdout. We have now updated all the packagebuild workflows to take destination paths as input, so daisy-builder:main.sh should now:

• Check if GCS_OUT variable is set in metadata
• If so, set the appropriate variable when running the workflow
• If so, copy artifacts out of $GCS_OUT to artifacts/
  and, as today:
• If postsubmit, also copy artifacts to new package bucket to trigger package repo updates.

It would be really neat if we could pass in an optional flag to specify a test string to be used as a tag or label applied to any resource created by the test suite, VM, disks etc.

This will help with tracking usage per test run and also help with cleanup after a test run should there be any resources remaining after the test suite has been completed or if the tests are interrupted.

The build is failing with:

Step 4/10 : RUN bash /build_semodule_utils.sh
 ---> Running in f74689f7936f
Installing dependencies..
fetch http://dl-cdn.alpinelinux.org/alpine/edge/testing/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.12/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.12/community/x86_64/APKINDEX.tar.gz
(1/19) Installing libcap-ng (0.7.10-r0)
(2/19) Installing audit-libs (2.8.5-r0)
(3/19) Installing libbz2 (1.0.8-r1)
(4/19) Installing fts (1.2.7-r1)
(5/19) Installing pcre (8.44-r0)
(6/19) Installing libselinux (2.8-r0)
(7/19) Installing libsepol (2.8-r0)
(8/19) Installing libsemanage (2.8-r0)
(9/19) Installing libpcre16 (8.44-r0)
(10/19) Installing libpcre32 (8.44-r0)
(11/19) Installing libgcc (9.3.0-r2)
(12/19) Installing libstdc++ (9.3.0-r2)
(13/19) Installing libpcrecpp (8.44-r0)
(14/19) Installing pkgconf (1.7.2-r0)
(15/19) Installing pcre-dev (8.44-r0)
(16/19) Installing bsd-compat-headers (0.7.2-r3)
(17/19) Installing libsepol-dev (2.8-r0)
(18/19) Installing libselinux-dev (2.8-r0)
(19/19) Installing libsemanage-dev (2.8-r0)
Executing busybox-1.31.1-r16.trigger
OK: 17 MiB in 37 packages
ERROR: unsatisfiable constraints:
  python (missing):
    required by: world[python]
The command '/bin/sh -c bash /build_semodule_utils.sh' returned a non-zero code: 1

Example: https://pantheon.corp.google.com/cloud-build/builds/dca33b8d-53d2-4b61-b07d-bd0a56cf723f;step=4?organizationId=433637338589&project=gcp-guest

Hey all!

We've had this test suite in our internal pipelines for a while now when building/testing Ubuntu cloud images for GCE. However, there are a few tests that repeatedly fail, and on further inspection I believe they're either false positives or "not applicable" to Ubuntu. What we're doing internally at the moment is skipping these tests (using the --exclude flag on docker run gcr.io/gcp-guest/cloud-image-tests...) but the issue with this is that it skips the whole suite, which is a shame as there are good tests in these suites that are also being skipped. I've added details below of the failing tests - please let me know if you need any more info.

All the best!
Chlo

• verifySSHConfig() fails due to PermitRootLogin apparently not being set (image_security_test.go:133: "PermitRootLogin" was not set to "no" or "without-password"). However, in Ubuntu the
  default is prohibit-password?

• TestHostsFile() fails due to /etc/hosts does not contain host record but I think this test should be skipped for Ubuntu? FWIW here's an example GCE Ubuntu /etc/hosts file:

  ubuntu@kajiya-testing:~$ cat /etc/hosts
  127.0.0.1 localhost
  # The following lines are desirable for IPv6 capable hosts
  ::1 ip6-localhost ip6-loopback
  fe00::0 ip6-localnet
  ff00::0 ip6-mcastprefix
  ff02::1 ip6-allnodes
  ff02::2 ip6-allrouters
  ff02::3 ip6-allhosts
  169.254.169.254 metadata.google.internal metadata
  

• TestArePackagesLegal() surfaces a couple of errors: /usr/share/doc/libcanberra0/copyright,
  /usr/share/doc/libnspr4/copyright and /usr/share/doc/python3-serial/copyright - we may need to increase the scope of the var licenses strings globs?

• TestGetentPasswdOsloginUser() and TestGetentPasswdOsloginUID() both surface: getent command failed exit status 2
  while TestGetentPasswdAllUsers() returns: getent passwd output does not contain sa_105020877179577573373:*:3651018652:3651018652::/home/sa_105020877179577573373 - I'll be honest I'm not sure
  why this one is failing at first glace, but FWIW we do test getent internally on GCE images 😄 (We verify "getent passwd {} | cut -d: -f6".format(user) for each user in the instance's metadata ssh keys).

• testShutdownScriptTimeLinux() returns shut down time is 89 which is less than 110 seconds - I understand the sentiment for this test but we also test this internally as well. We run an instance with a shutdown-script and check that the correct file was created. However, our internal cutoff time is 30 seconds instead.