#!/bin/sh

# GNU Guix --- Functional package management for GNU
# Copyright © 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019 Ludovic Courtès <ludo@gnu.org>
#
# This file is part of GNU Guix.
#
# GNU Guix is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or (at
# your option) any later version.
#
# GNU Guix is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

# Usage: ./test-env COMMAND ARG...
#
# Run the daemon in the build directory, and run COMMAND within
# `pre-inst-env'.  This is used to run unit tests with the just-built
# daemon, unless</td></tr></table>
<table class='tabs'><tr><td>
<a class='active' href='/guix/about/'>about</a><a href='/guix/'>summary</a><a href='/guix/refs/?id=c469a8b09e6cb54d0d7e76f1baac9591c9dc958b'>refs</a><a href='/guix/log/'>log</a><a href='/guix/tree/?id=c469a8b09e6cb54d0d7e76f1baac9591c9dc958b'>tree</a><a href='/guix/commit/?id=c469a8b09e6cb54d0d7e76f1baac9591c9dc958b'>commit</a><a href='/guix/diff/?id=c469a8b09e6cb54d0d7e76f1baac9591c9dc958b'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/'>
<input type='hidden' name='id' value='c469a8b09e6cb54d0d7e76f1baac9591c9dc958b'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='content'><div id='summary'><pre>
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2019, 2021 Ludovic Courtès &lt;ludo@gnu.org&gt;
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see &lt;http://www.gnu.org/licenses/&gt;.

(define-module (gnu tests singularity)
  #:use-module (gnu tests)
  #:use-module (gnu system)
  #:use-module (gnu system vm)
  #:use-module (gnu system shadow)
  #:use-module (gnu services)
  #:use-module (gnu services docker)
  #:use-module (gnu packages bash)
  #:use-module (gnu packages guile)
  #:use-module (gnu packages linux)               ;singularity
  #:use-module (guix gexp)
  #:use-module (guix store)
  #:use-module (guix grafts)
  #:use-module (guix monads)
  #:use-module (guix packages)
  #:use-module (guix profiles)
  #:use-module (guix scripts pack)
  #:export (%test-singularity))

(define %singularity-os
  (simple-operating-system
   (service singularity-service-type)
   (simple-service &apos;guest-account
                   account-service-type
                   (list (user-account (name &quot;guest&quot;) (uid 1000) (group &quot;guest&quot;))
                         (user-group (name &quot;guest&quot;) (id 1000))))))

(define (run-singularity-test image)
  &quot;Load IMAGE, a Squashfs image, as a Singularity image and run it inside
%SINGULARITY-OS.&quot;
  (define os
    (marionette-operating-system %singularity-os))

  (define singularity-exec
    #~(begin
        (use-modules (ice-9 popen) (rnrs io ports))

        (let* ((pipe (open-pipe* OPEN_READ
                                 #$(file-append singularity
                                                &quot;/bin/singularity&quot;)
                                 &quot;exec&quot; #$image &quot;/bin/guile&quot;
                                 &quot;-c&quot; &quot;(display \&quot;hello, world\&quot;)&quot;))
               (str  (get-string-all pipe))
               (status (close-pipe pipe)))
          (and (zero? status)
               (string=? str &quot;hello, world&quot;)))))

  (define test
    (with-imported-modules &apos;((gnu build marionette))
      #~(begin
          (use-modules (srfi srfi-11) (srfi srfi-64)
                       (gnu build marionette))

          (define marionette
            (make-marionette (list #$(virtual-machine os))))

          (test-runner-current (system-test-runner #$output))
          (test-begin &quot;singularity&quot;)

          (test-assert &quot;singularity exec /bin/guile (as root)&quot;
            (marionette-eval &apos;#$singularity-exec
                             marionette))

          (test-equal &quot;singularity exec /bin/guile (unprivileged)&quot;
            0
            (marionette-eval
             `(begin
                (use-modules (ice-9 match))

                (match (primitive-fork)
                  (0
                   (dynamic-wind
                     (const #f)
                     (lambda ()
                       (setgid 1000)
                       (setuid 1000)
                       (execl #$(program-file &quot;singularity-exec-test&quot;
                                              #~(exit #$singularity-exec))