Resolve run USER names in a chroot, change default run group to 0

tests/basic.bats

@@ -110,5 +110,6 @@ load helpers
     buildah rmi $id
   done
   run buildah --debug=false images -q
+  [ "$status" -eq 0 ]
   [ "$output" == "" ]
 }

tests/bud.bats

@@ -9,6 +9,7 @@ load helpers
   buildah rm ${cid}
   buildah rmi $(buildah --debug=false images -q)
   run buildah --debug=false images -q
+  [ "$status" -eq 0 ]
   [ "$output" = "" ]
 }
 
@@ -24,6 +25,7 @@ load helpers
   buildah rm ${cid}
   buildah rmi $(buildah --debug=false images -q)
   run buildah --debug=false images -q
+  [ "$status" -eq 0 ]
   [ "$output" = "" ]
 
   target=alpine-image
@@ -37,6 +39,7 @@ load helpers
   buildah rm ${cid}
   buildah rmi $(buildah --debug=false images -q)
   run buildah --debug=false images -q
+  [ "$status" -eq 0 ]
   [ "$output" = "" ]
 }
 
@@ -52,6 +55,7 @@ load helpers
   buildah rm ${cid}
   buildah rmi $(buildah --debug=false images -q)
   run buildah --debug=false images -q
+  [ "$status" -eq 0 ]
   [ "$output" = "" ]
 
   target=alpine-image
@@ -65,6 +69,7 @@ load helpers
   buildah rm ${cid}
   buildah rmi $(buildah --debug=false images -q)
   run buildah --debug=false images -q
+  [ "$status" -eq 0 ]
   [ "$output" = "" ]
 }
 
@@ -88,6 +93,7 @@ load helpers
   buildah rm ${cid}
   buildah rmi $(buildah --debug=false images -q)
   run buildah --debug=false images -q
+  [ "$status" -eq 0 ]
   [ "$output" = "" ]
 }
 
@@ -100,6 +106,7 @@ load helpers
   buildah rm ${cid}
   buildah rmi $(buildah --debug=false images -q)
   run buildah --debug=false images -q
+  [ "$status" -eq 0 ]
   [ "$output" = "" ]
 }
 
@@ -112,6 +119,7 @@ load helpers
   buildah rm ${cid}
   buildah rmi $(buildah --debug=false images -q)
   run buildah --debug=false images -q
+  [ "$status" -eq 0 ]
   [ "$output" = "" ]
 }
 
@@ -124,6 +132,7 @@ load helpers
   buildah rm ${cid}
   buildah rmi $(buildah --debug=false images -q)
   run buildah --debug=false images -q
+  [ "$status" -eq 0 ]
   [ "$output" = "" ]
 }
 
@@ -136,6 +145,7 @@ load helpers
   buildah rm ${cid}
   buildah rmi $(buildah --debug=false images -q)
   run buildah --debug=false images -q
+  [ "$status" -eq 0 ]
   [ "$output" = "" ]
 }
 
@@ -155,6 +165,7 @@ load helpers
   buildah rm ${cid}
   buildah rmi $(buildah --debug=false images -q)
   run buildah --debug=false images -q
+  [ "$status" -eq 0 ]
   [ "$output" = "" ]
 }
 
@@ -168,6 +179,7 @@ load helpers
   buildah --debug=false images -q
   buildah rmi $(buildah --debug=false images -q)
   run buildah --debug=false images -q
+  [ "$status" -eq 0 ]
   [ "$output" = "" ]
 }
 
@@ -177,6 +189,7 @@ load helpers
   target3=so-many-scratch-images
   buildah bud --signature-policy ${TESTSDIR}/policy.json -t ${target} -t ${target2} -t ${target3} ${TESTSDIR}/bud/from-scratch
   run buildah --debug=false images
+  [ "$status" -eq 0 ]
   cid=$(buildah from ${target})
   buildah rm ${cid}
   cid=$(buildah from library/${target2})
@@ -185,6 +198,7 @@ load helpers
   buildah rm ${cid}
   buildah rmi -f $(buildah --debug=false images -q)
   run buildah --debug=false images -q
+  [ "$status" -eq 0 ]
   [ "$output" = "" ]
 }
 
@@ -200,10 +214,12 @@ load helpers
   run test -s $root/vol/subvol/subvolfile
   [ "$status" -ne 0 ]
   run stat -c %f $root/vol/subvol
+  [ "$status" -eq 0 ]
   [ "$output" = 41ed ]
   buildah rm ${cid}
   buildah rmi $(buildah --debug=false images -q)
   run buildah --debug=false images -q
+  [ "$status" -eq 0 ]
   [ "$output" = "" ]
 }
 
@@ -217,5 +233,6 @@ load helpers
   buildah rm ${cid}
   buildah rmi $(buildah --debug=false images -q)
   run buildah --debug=false images -q
+  [ "$status" -eq 0 ]
   [ "$output" = "" ]
 }

tests/run.bats

@@ -74,26 +74,32 @@ load helpers
 	buildah config $cid --entrypoint ""
 	buildah config $cid --cmd pwd
 	run buildah --debug=false run $cid
+	[ "$status" -eq 0 ]
 	[ "$output" = /tmp ]
 
 	buildah config $cid --entrypoint echo
 	run buildah --debug=false run $cid
+	[ "$status" -eq 0 ]
 	[ "$output" = pwd ]
 
 	buildah config $cid --cmd ""
 	run buildah --debug=false run $cid
+	[ "$status" -eq 0 ]
 	[ "$output" = "" ]
 
 	buildah config $cid --entrypoint ""
 	run buildah --debug=false run $cid echo that-other-thing
+	[ "$status" -eq 0 ]
 	[ "$output" = that-other-thing ]
 
 	buildah config $cid --cmd echo
 	run buildah --debug=false run $cid echo that-other-thing
+	[ "$status" -eq 0 ]
 	[ "$output" = that-other-thing ]
 
 	buildah config $cid --entrypoint echo
 	run buildah --debug=false run $cid echo that-other-thing
+	[ "$status" -eq 0 ]
 	[ "$output" = that-other-thing ]
 
 	buildah rm $cid
@@ -112,8 +118,10 @@ load helpers
 	root=$(buildah mount $cid)
 
 	testuser=jimbo
+	testbogususer=nosuchuser
 	testgroup=jimbogroup
 	testuid=$RANDOM
+	testotheruid=$RANDOM
 	testgid=$RANDOM
 	testgroupid=$RANDOM
 	echo "$testuser:x:$testuid:$testgid:Jimbo Jenkins:/home/$testuser:/bin/sh" >> $root/etc/passwd
@@ -122,52 +130,99 @@ load helpers
 	buildah config $cid -u ""
 	buildah run -- $cid id
 	run buildah --debug=false run -- $cid id -u
+	[ "$status" -eq 0 ]
 	[ "$output" = 0 ]
 	run buildah --debug=false run -- $cid id -g
+	[ "$status" -eq 0 ]
 	[ "$output" = 0 ]
 
 	buildah config $cid -u ${testuser}
 	buildah run -- $cid id
 	run buildah --debug=false run -- $cid id -u
+	[ "$status" -eq 0 ]
 	[ "$output" = $testuid ]
 	run buildah --debug=false run -- $cid id -g
+	[ "$status" -eq 0 ]
 	[ "$output" = $testgid ]
 
 	buildah config $cid -u ${testuid}
 	buildah run -- $cid id
 	run buildah --debug=false run -- $cid id -u
+	[ "$status" -eq 0 ]
 	[ "$output" = $testuid ]
 	run buildah --debug=false run -- $cid id -g
+	[ "$status" -eq 0 ]
 	[ "$output" = $testgid ]
 
 	buildah config $cid -u ${testuser}:${testgroup}
 	buildah run -- $cid id
 	run buildah --debug=false run -- $cid id -u
+	[ "$status" -eq 0 ]
 	[ "$output" = $testuid ]
 	run buildah --debug=false run -- $cid id -g
+	[ "$status" -eq 0 ]
 	[ "$output" = $testgroupid ]
 
 	buildah config $cid -u ${testuid}:${testgroup}
 	buildah run -- $cid id
 	run buildah --debug=false run -- $cid id -u
+	[ "$status" -eq 0 ]
 	[ "$output" = $testuid ]
 	run buildah --debug=false run -- $cid id -g
+	[ "$status" -eq 0 ]
 	[ "$output" = $testgroupid ]
 
+	buildah config $cid -u ${testotheruid}:${testgroup}
+	buildah run -- $cid id
+	run buildah --debug=false run -- $cid id -u
+	[ "$status" -eq 0 ]
+	[ "$output" = $testotheruid ]
+	run buildah --debug=false run -- $cid id -g
+	[ "$status" -eq 0 ]
+	[ "$output" = $testgroupid ]
+
+	buildah config $cid -u ${testotheruid}
+	buildah run -- $cid id
+	run buildah --debug=false run -- $cid id -u
+	[ "$status" -eq 0 ]
+	[ "$output" = $testotheruid ]
+	run buildah --debug=false run -- $cid id -g
+	[ "$status" -eq 0 ]
+	[ "$output" = 0 ]
+
 	buildah config $cid -u ${testuser}:${testgroupid}
 	buildah run -- $cid id
 	run buildah --debug=false run -- $cid id -u
+	[ "$status" -eq 0 ]
 	[ "$output" = $testuid ]
 	run buildah --debug=false run -- $cid id -g
+	[ "$status" -eq 0 ]
 	[ "$output" = $testgroupid ]
 
 	buildah config $cid -u ${testuid}:${testgroupid}
 	buildah run -- $cid id
 	run buildah --debug=false run -- $cid id -u
+	[ "$status" -eq 0 ]
 	[ "$output" = $testuid ]
 	run buildah --debug=false run -- $cid id -g
+	[ "$status" -eq 0 ]
 	[ "$output" = $testgroupid ]
 
+	buildah config $cid -u ${testbogususer}
+	run buildah --debug=false run -- $cid id -u
+	[ "$status" -ne 0 ]
+	[[ "$output" =~ "unknown user" ]]
+	run buildah --debug=false run -- $cid id -g
+	[ "$status" -ne 0 ]
+	[[ "$output" =~ "unknown user" ]]
+
+	ln -vsf /etc/passwd $root/etc/passwd
+	buildah config $cid -u ${testuser}:${testgroup}
+	run buildah --debug=false run -- $cid id -u
+	echo "$output"
+	[ "$status" -ne 0 ]
+	[[ "$output" =~ "unknown user" ]]
+
 	buildah unmount $cid
 	buildah rm $cid
 }

tests/version.bats

@@ -10,6 +10,7 @@ load helpers
 
 @test "buildah version up to date in .spec file" {
 	run buildah version
+	[ "$status" -eq 0 ]
 	bversion=$(echo "$output" | awk '/^Version:/ { print $NF }')
 	rversion=$(cat ${TESTSDIR}/../contrib/rpm/buildah.spec | awk '/^Version:/ { print $NF }')
 	test "$bversion" = "$rversion"

user.go

@@ -26,39 +26,34 @@ func getUser(rootdir, userspec string) (specs.User, error) {
 	uid64, uerr := strconv.ParseUint(userspec, 10, 32)
 	if uerr == nil && groupspec == "" {
 		// We parsed the user name as a number, and there's no group
-		// component, so we need to look up the user's primary GID.
+		// component, so try to look up the primary GID of the user who
+		// has this UID.
 		var name string
 		name, gid64, gerr = lookupGroupForUIDInContainer(rootdir, uid64)
 		if gerr == nil {
 			userspec = name
 		} else {
-			if userrec, err := user.LookupId(userspec); err == nil {
-				gid64, gerr = strconv.ParseUint(userrec.Gid, 10, 32)
-				userspec = userrec.Name
-			}
+			// Leave userspec alone, but swallow the error and just
+			// use GID 0.
+			gid64 = 0
+			gerr = nil
 		}
 	}
 	if uerr != nil {
+		// The user ID couldn't be parsed as a number, so try to look
+		// up the user's UID and primary GID.
 		uid64, gid64, uerr = lookupUserInContainer(rootdir, userspec)
 		gerr = uerr
 	}
-	if uerr != nil {
-		if userrec, err := user.Lookup(userspec); err == nil {
-			uid64, uerr = strconv.ParseUint(userrec.Uid, 10, 32)
-			gid64, gerr = strconv.ParseUint(userrec.Gid, 10, 32)
-		}
-	}
 
 	if groupspec != "" {
+		// We have a group name or number, so parse it.
 		gid64, gerr = strconv.ParseUint(groupspec, 10, 32)
 		if gerr != nil {
+			// The group couldn't be parsed as a number, so look up
+			// the group's GID.
 			gid64, gerr = lookupGroupInContainer(rootdir, groupspec)
 		}
-		if gerr != nil {
-			if group, err := user.LookupGroup(groupspec); err == nil {
-				gid64, gerr = strconv.ParseUint(group.Gid, 10, 32)
-			}
-		}
 	}
 
 	if uerr == nil && gerr == nil {

user_basic.go

@@ -1,4 +1,4 @@
-// +build !cgo !linux
+// +build !linux
 
 package buildah