Skip to content

feat: add TESTING environment variable feature gate for microvm-init #2264

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
antitree merged 2 commits into from
Dec 10, 2025
Merged

feat: add TESTING environment variable feature gate for microvm-init #2264

antitree merged 2 commits into from
Dec 10, 2025

Conversation

@antitree
Copy link
Contributor

@antitree antitree commented Dec 9, 2025
edited
Loading

Summary

Add support for TESTING environment variable that gets passed to the kernel command line as melange.testing=<value>. This allows us to feature within staging to test things. In particular, we'd like to make some changes to microvm-init.

Changes

  • Modified pkg/container/qemu_runner.go to read TESTING environment variable
  • Validates that TESTING is a number (or empty string) to prevent injection issues
  • Passes the value to kernel command line as melange.testing=<value>
  • Adds debug/warning logging for the feature gate

Usage

TESTING=1 melange build mypackage.yaml

Security

The implementation validates that TESTING only accepts numeric values (or empty string) to prevent kernel command line injection attacks. String values are rejected with a warning message.

Test plan

  • Set TESTING=1 and verify melange.testing=1 appears in kernel cmdline
  • Set TESTING=foo and verify warning is logged and value is not passed
  • Set TESTING= and verify melange.testing= is passed to kernel
  • Run without TESTING env var and verify no changes to existing behavior

@antitree
feat: add TESTING environment variable feature gate for microvm-init
f3a7e9c 
Add support for TESTING environment variable that gets passed to the
kernel command line as melange.testing=<value>. This allows microvm-init
to conditionally enable/disable features during testing and development.

The TESTING variable must be a number (0-9, etc.) or empty string.
String values are rejected with a warning to prevent injection issues.

Usage:
  TESTING=1 melange build mypackage.yaml

In microvm-init, the value can be read from /proc/cmdline as melange.testing
@antitree antitree requested a review from egibs December 9, 2025 14:48
egibs
egibs reviewed Dec 9, 2025
View reviewed changes
stevebeattie
stevebeattie reviewed Dec 9, 2025
View reviewed changes
stevebeattie
stevebeattie reviewed Dec 10, 2025
View reviewed changes
@stevebeattie
Copy link
Member

stevebeattie commented Dec 10, 2025

Modulo the comments, this looks good and works as expected. Thanks!

@antitree @claude
fix: address PR feedback on TESTING env var logging
9abc19c 
- Change log level from DEBUG to INFO for better visibility
- Remove empty string handling to simplify logic
- Update comment to clarify expected values (0 for disabled, non-zero for enabled)

Addresses feedback from PR chainguard-dev#2264

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
@antitree antitree merged commit 32f19ae into chainguard-dev:main Dec 10, 2025
57 checks passed
@antitree antitree mentioned this pull request Dec 10, 2025
Closed
8 tasks
@BrewTestBot BrewTestBot mentioned this pull request Dec 15, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@stevebeattie stevebeattie stevebeattie left review comments

@egibs egibs egibs approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@antitree @stevebeattie @egibs