script/setup_host.sh - external/github.com/opencontainers/runc - Git at Google

 #!/bin/bash
 # This script is used for initializing the host environment for CI.
 # Supports Fedora and EL-based distributions.
 set -eux -o pipefail

 : "${LIBPATHRS_VERSION:=0.2.4}"

 # BATS_VERSION is only consumed for the EL8 platform as its bats package is too old.
 : "${BATS_VERSION:=v1.12.0}"

 SCRIPTDIR="$(dirname "${BASH_SOURCE[0]}")"

 # PLATFORM_ID is not available on Fedora
 PLATFORM_ID=
 grep -q ^PLATFORM_ID /etc/os-release && PLATFORM_ID="$(grep -oP '^PLATFORM_ID="\K[^"]+' /etc/os-release)"

 # Initialize DNF
 DNF=(dnf -y --setopt=install_weak_deps=False --setopt=tsflags=nodocs)
 case "$PLATFORM_ID" in
 platform:el8)
 	# DNF+=(--exclude="kernel,kernel-core") seems to fail
 	"${DNF[@]}" config-manager --set-enabled powertools # for glibc-static
 	"${DNF[@]}" install epel-release
 	;;
 platform:el9 | platform:el10)
 	DNF+=(--exclude="kernel,kernel-core")
 	"${DNF[@]}" config-manager --set-enabled crb # for glibc-static
 	"${DNF[@]}" install epel-release
 	;;
 *)
 	# Fedora
 	DNF+=(--exclude="kernel,kernel-core")
 	;;
 esac

 # Install common packages
 RPMS=(cargo container-selinux fuse-sshfs git-core glibc-static golang iptables jq libseccomp-devel lld make policycoreutils wget)
 # Work around dnf mirror failures by retrying a few times.
 for i in $(seq 0 2); do
 	sleep "$i"
 	"${DNF[@]}" update && "${DNF[@]}" install "${RPMS[@]}" && break
 done
 # shellcheck disable=SC2181
 [ $? -eq 0 ] # fail if dnf failed

 # Install CRIU
 if [ "$PLATFORM_ID" = "platform:el8" ]; then
 	# Use newer criu (with https://github.com/checkpoint-restore/criu/pull/2545).
 	# Alas we have to disable container-tools for that.
 	"${DNF[@]}" module disable container-tools
 	"${DNF[@]}" copr enable adrian/criu-el8
 fi
 "${DNF[@]}" install criu

 # Install BATS
 if [ "$PLATFORM_ID" = "platform:el8" ]; then
 	# The packaged version of bats is too old: `BATS_ERROR_SUFFIX: unbound variable`, `bats_require_minimum_version: command not found`
 	(
 		cd /tmp
 		git clone https://github.com/bats-core/bats-core
 		(
 			cd bats-core
 			git checkout "$BATS_VERSION"
 			./install.sh /usr/local
 			cat >>/etc/profile.d/sh.local <<'EOF'
 PATH="/usr/local/bin:$PATH"
 export PATH
 EOF
 			cat >/etc/sudoers.d/local <<'EOF'
 Defaults    secure_path = "/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin"
 EOF
 		)
 		rm -rf bats-core
 	)
 else
 	"${DNF[@]}" install bats
 fi

 # Clean up DNF
 dnf clean all

 # Install libpathrs
 "$SCRIPTDIR"/build-libpathrs.sh "$LIBPATHRS_VERSION" /usr

 # Setup rootless user.
 "$SCRIPTDIR"/setup_rootless.sh

 # Delegate all cgroup v2 controllers to rootless user via --systemd-cgroup
 if [ -e /sys/fs/cgroup/cgroup.controllers ]; then
 	mkdir -p /etc/systemd/system/user@.service.d
 	cat >/etc/systemd/system/user@.service.d/delegate.conf <<'EOF'
 [Service]
 # The default (since systemd v252) is "pids memory cpu".
 Delegate=yes
 EOF
 	systemctl daemon-reload
 fi

 # Allow potentially unsafe tests.
 echo 'export RUNC_ALLOW_UNSAFE_TESTS=yes' >>/root/.bashrc
	#!/bin/bash
	# This script is used for initializing the host environment for CI.
	# Supports Fedora and EL-based distributions.
	set -eux -o pipefail

	: "${LIBPATHRS_VERSION:=0.2.4}"

	# BATS_VERSION is only consumed for the EL8 platform as its bats package is too old.
	: "${BATS_VERSION:=v1.12.0}"

	SCRIPTDIR="$(dirname "${BASH_SOURCE[0]}")"

	# PLATFORM_ID is not available on Fedora
	PLATFORM_ID=
	grep -q ^PLATFORM_ID /etc/os-release && PLATFORM_ID="$(grep -oP '^PLATFORM_ID="\K[^"]+' /etc/os-release)"

	# Initialize DNF
	DNF=(dnf -y --setopt=install_weak_deps=False --setopt=tsflags=nodocs)
	case "$PLATFORM_ID" in
	platform:el8)
	# DNF+=(--exclude="kernel,kernel-core") seems to fail
	"${DNF[@]}" config-manager --set-enabled powertools # for glibc-static
	"${DNF[@]}" install epel-release
	;;
	platform:el9 \| platform:el10)
	DNF+=(--exclude="kernel,kernel-core")
	"${DNF[@]}" config-manager --set-enabled crb # for glibc-static
	"${DNF[@]}" install epel-release
	;;
	*)
	# Fedora
	DNF+=(--exclude="kernel,kernel-core")
	;;
	esac

	# Install common packages
	RPMS=(cargo container-selinux fuse-sshfs git-core glibc-static golang iptables jq libseccomp-devel lld make policycoreutils wget)
	# Work around dnf mirror failures by retrying a few times.
	for i in $(seq 0 2); do
	sleep "$i"
	"${DNF[@]}" update && "${DNF[@]}" install "${RPMS[@]}" && break
	done
	# shellcheck disable=SC2181
	[ $? -eq 0 ] # fail if dnf failed

	# Install CRIU
	if [ "$PLATFORM_ID" = "platform:el8" ]; then
	# Use newer criu (with https://github.com/checkpoint-restore/criu/pull/2545).
	# Alas we have to disable container-tools for that.
	"${DNF[@]}" module disable container-tools
	"${DNF[@]}" copr enable adrian/criu-el8
	fi
	"${DNF[@]}" install criu

	# Install BATS
	if [ "$PLATFORM_ID" = "platform:el8" ]; then
	# The packaged version of bats is too old: `BATS_ERROR_SUFFIX: unbound variable`, `bats_require_minimum_version: command not found`
	(
	cd /tmp
	git clone https://github.com/bats-core/bats-core
	(
	cd bats-core
	git checkout "$BATS_VERSION"
	./install.sh /usr/local
	cat >>/etc/profile.d/sh.local <<'EOF'
	PATH="/usr/local/bin:$PATH"
	export PATH
	EOF
	cat >/etc/sudoers.d/local <<'EOF'
	Defaults secure_path = "/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin"
	EOF
	)
	rm -rf bats-core
	)
	else
	"${DNF[@]}" install bats
	fi

	# Clean up DNF
	dnf clean all

	# Install libpathrs
	"$SCRIPTDIR"/build-libpathrs.sh "$LIBPATHRS_VERSION" /usr

	# Setup rootless user.
	"$SCRIPTDIR"/setup_rootless.sh

	# Delegate all cgroup v2 controllers to rootless user via --systemd-cgroup
	if [ -e /sys/fs/cgroup/cgroup.controllers ]; then
	mkdir -p /etc/systemd/system/user@.service.d
	cat >/etc/systemd/system/user@.service.d/delegate.conf <<'EOF'
	[Service]
	# The default (since systemd v252) is "pids memory cpu".
	Delegate=yes
	EOF
	systemctl daemon-reload
	fi

	# Allow potentially unsafe tests.
	echo 'export RUNC_ALLOW_UNSAFE_TESTS=yes' >>/root/.bashrc