Fix spread tests preventing Ubuntu 16.04 i386 from passing

spread-tests/main/mount-ns-layout/process.py

@@ -99,15 +99,15 @@ def main():
     entries = parse_mountinfo(sys.stdin)
     # Get rid of the core snap as it is not certain that we'll see one and we want determinism
     entries = [entry for entry in entries if not re.match("/snap/core/\d+", entry.mount_point)]
-    # Fix random directories and nondeterministic revisions
+    # Fix random directories and non-deterministic revisions
     fix_initial_nondeterminism(entries)
     # Sort by just the mount point,
     entries.sort(key=lambda entry: (entry.mount_point))
     # Fix remainder of the non-determinism
     fix_remaining_nondeterminism(entries)
     # Make entries nicely deterministic, by sorting them by mount location
     entries.sort(key=lambda entry: (entry.mount_point, entry.mount_src, entry.root_dir))
-    # Export everyrging
+    # Export everything
     json.dump([entry.as_json() for entry in entries],
               sys.stdout, sort_keys=True, indent=2, separators=(',', ': '))
     sys.stdout.write('\n')

spread-tests/main/mount-ns-layout/snap-arch.py

@@ -0,0 +1,22 @@
+#!/usr/bin/env python3
+import os
+import sys
+
+def main():
+    kernel_arch = os.uname().machine
+    # Because off by one bugs and naming ...
+    snap_arch_map = {
+        'aarch64': 'arm64',
+        'armv7l': 'armhf',
+        'x86_64': 'amd64',
+        'i686': 'i386',
+    }
+    try:
+        print(snap_arch_map[kernel_arch])
+    except KeyError:
+        print("unsupported kernel architecture: {!a}".format(kernel_arch), file=sys.stderr)
+        return 1
+
+
+if __name__ == '__main__':
+    main()

spread-tests/main/mount-ns-layout/task.yaml

@@ -1,21 +1,43 @@
-summary: This task ensures that the mount namespace has a given layout
+summary: Ensure that the mount namespace a given layout
+details: |
+    This test analyzes /proc/self/mountinfo which contains a representation of
+    the mount table of the current process. The mount table is a very sensitive
+    part of the confinement design. This test measures the effective table,
+    normalizes it (to remove some inherent randomness of certain identifiers
+    and make it uniform regardless of particular names of block devices, snap
+    revisions, etc.) and then compares it to a canned copy.
+
+    There are several reference tables, one for core (aka all-snap system) and
+    one for classic. At this time only classic systems are measured and tested.
+    The classic systems are further divided into those using the core snap and
+    those using the older ubuntu-core snap. Lastly, they are divided by
+    architectures to take account any architecture specific differences.
 prepare: |
+    echo "Having installed a busybox"
     snap install snapd-hacker-toolbelt
 execute: |
+    echo "We can map the kernel architecture name to snap architecture name"
+    arch=$(./snap-arch.py)
+    echo "We can run busybox true so that snap-confine creates a mount namespace"
     snapd-hacker-toolbelt.busybox true
+    echo "Using nsenter we can move to that namespace, inspect and normalize the mount table"
     nsenter -m/run/snapd/ns/snapd-hacker-toolbelt.mnt \
         cat /proc/self/mountinfo | ./process.py > observed.json
+    echo "We can now compare the obtained mount table to expected values"
     if [ -e /snap/core/current ]; then
-        cmp observed.json expected.classic.core.json
+        cmp observed.json expected.classic.core.$arch.json
     else
-        cmp observed.json expected.classic.ubuntu-core.json
+        cmp observed.json expected.classic.ubuntu-core.$arch.json
     fi
 debug: |
+    echo "When something goes wrong we can display a human-readable diff"
+    arch=$(./snap-arch.py)
     if [ -e /snap/core/current ]; then
-        diff -u observed.json expected.classic.core.json || :
+        diff -u observed.json expected.classic.core.$arch.json || :
     else
-        diff -u observed.json expected.classic.ubuntu-core.json || :
+        diff -u observed.json expected.classic.ubuntu-core.$arch.json || :
     fi
+    echo "And pastebin the raw table for analysis"
     apt-get install pastebinit
     nsenter -m/run/snapd/ns/snapd-hacker-toolbelt.mnt \
         cat /proc/self/mountinfo | pastebinit

spread-tests/main/test-seccomp-compat/task.yaml

@@ -1,6 +1,9 @@
 summary: Check that basic install works
 # This is blacklisted on debian because we first have to get the dpkg-vendor patches
-systems: [-debian-8]
+#
+# This test only makes sense on x86_64 as it can execute i386 code in addition
+# to native x86_64 code).
+systems: [-debian-8, -ubuntu-16.04-32]
 prepare: |
     snap install --edge test-seccomp-compat
 execute: |

spread.yaml

@@ -8,8 +8,10 @@ backends:
     linode:
         key: "$(HOST: echo $SPREAD_LINODE_KEY)"
         systems:
-            - ubuntu-16.04-64-grub
-            # - ubuntu-16.04-32-grub
+            - ubuntu-16.04-64:
+                kernel: GRUB 2
+            - ubuntu-16.04-32:
+                kernel: GRUB 2
     qemu:
         systems:
             - ubuntu-16.04-64: