From 0669a8594a607c75a1994b2d59676ac5bed2a10c Mon Sep 17 00:00:00 2001
From: Debarshi Ray <rishi@fedoraproject.org>
Date: Thu, 8 Feb 2024 22:18:33 +0100
Subject: [PATCH 1/2] test/system: Ensure that the user is part of a group with
 the same name

https://github.com/containers/toolbox/pull/1447
---
 test/system/206-user.bats | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/test/system/206-user.bats b/test/system/206-user.bats
index 956ba47d0..a09125eaf 100644
--- a/test/system/206-user.bats
+++ b/test/system/206-user.bats
@@ -434,6 +434,7 @@ teardown() {
   run --keep-empty-lines --separate-stderr "$TOOLBX" run cat /etc/group
 
   assert_success
+  assert_line --regexp "^$USER:x:[[:digit:]]+:$USER$"
   assert_line --regexp "^(sudo|wheel):x:[[:digit:]]+:$USER$"
   assert [ ${#lines[@]} -gt 1 ]
 
@@ -447,6 +448,7 @@ teardown() {
   run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro arch cat /etc/group
 
   assert_success
+  assert_line --regexp "^$USER:x:[[:digit:]]+:$USER$"
   assert_line --regexp "^wheel:x:[[:digit:]]+:$USER$"
   assert [ ${#lines[@]} -gt 1 ]
 
@@ -460,6 +462,7 @@ teardown() {
   run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro fedora --release 34 cat /etc/group
 
   assert_success
+  assert_line --regexp "^$USER:x:[[:digit:]]+:$USER$"
   assert_line --regexp "^wheel:x:[[:digit:]]+:$USER$"
   assert [ ${#lines[@]} -gt 1 ]
 
@@ -473,6 +476,7 @@ teardown() {
   run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro rhel --release 8.9 cat /etc/group
 
   assert_success
+  assert_line --regexp "^$USER:x:[[:digit:]]+:$USER$"
   assert_line --regexp "^wheel:x:[[:digit:]]+:$USER$"
   assert [ ${#lines[@]} -gt 1 ]
 
@@ -486,6 +490,7 @@ teardown() {
   run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro ubuntu --release 16.04 cat /etc/group
 
   assert_success
+  assert_line --regexp "^$USER:x:[[:digit:]]+:$USER$"
   assert_line --regexp "^sudo:x:[[:digit:]]+:$USER$"
   assert [ ${#lines[@]} -gt 1 ]
 
@@ -499,6 +504,7 @@ teardown() {
   run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro ubuntu --release 18.04 cat /etc/group
 
   assert_success
+  assert_line --regexp "^$USER:x:[[:digit:]]+:$USER$"
   assert_line --regexp "^sudo:x:[[:digit:]]+:$USER$"
   assert [ ${#lines[@]} -gt 1 ]
 
@@ -512,6 +518,7 @@ teardown() {
   run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro ubuntu --release 20.04 cat /etc/group
 
   assert_success
+  assert_line --regexp "^$USER:x:[[:digit:]]+:$USER$"
   assert_line --regexp "^sudo:x:[[:digit:]]+:$USER$"
   assert [ ${#lines[@]} -gt 1 ]
 

From 641b04aa837c75153a7ac9ed82934da99f522ee3 Mon Sep 17 00:00:00 2001
From: Debarshi Ray <rishi@fedoraproject.org>
Date: Thu, 8 Feb 2024 22:51:43 +0100
Subject: [PATCH 2/2] test/system: Ensure that process started by 'podman exec'
 has all groups
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Commit 15173f8c25c81244 exposed a bug in crun(1) [1] where the process
started directly by 'podman exec --user ...' inside the Toolbx container
would not have the supplementary groups attached to the user by the
entry point.

This could be observed by differences in id(1):
  ⬢$ id
  uid=1000(user) gid=1000(user) groups=1000(user)
  ⬢$ id user
  uid=1000(user) gid=1000(user) groups=1000(user),10(wheel)

... and could be worked around by starting a new session with sudo(8).

[1] crun commit 9effaebb429a1aed
    https://github.com/containers/crun/commit/9effaebb429a1aed
    https://github.com/containers/crun/issues/644
    https://github.com/containers/podman/issues/9986

https://github.com/containers/toolbox/issues/608
---
 test/system/206-user.bats | 231 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 231 insertions(+)

diff --git a/test/system/206-user.bats b/test/system/206-user.bats
index a09125eaf..421b43ffe 100644
--- a/test/system/206-user.bats
+++ b/test/system/206-user.bats
@@ -525,3 +525,234 @@ teardown() {
   # shellcheck disable=SC2154
   assert [ ${#stderr_lines[@]} -eq 0 ]
 }
+
+@test "user: id(1) for $USER inside the default container" {
+  create_default_container
+
+  run --keep-empty-lines --separate-stderr "$TOOLBX" run id
+
+  assert_success
+
+  if check_bats_version 1.10.0; then
+    assert [ ${#lines[@]} -eq 1 ]
+  else
+    assert [ ${#lines[@]} -eq 2 ]
+  fi
+
+  local output_id="${lines[0]}"
+
+  # shellcheck disable=SC2154
+  assert [ ${#stderr_lines[@]} -eq 0 ]
+
+  run --keep-empty-lines --separate-stderr "$TOOLBX" run id "$USER"
+
+  assert_success
+  assert_line --index 0 "$output_id"
+
+  if check_bats_version 1.10.0; then
+    assert [ ${#lines[@]} -eq 1 ]
+  else
+    assert [ ${#lines[@]} -eq 2 ]
+  fi
+
+  # shellcheck disable=SC2154
+  assert [ ${#stderr_lines[@]} -eq 0 ]
+}
+
+@test "user: id(1) for $USER inside Arch Linux" {
+  create_distro_container arch latest arch-toolbox-latest
+
+  run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro arch id
+
+  assert_success
+
+  if check_bats_version 1.10.0; then
+    assert [ ${#lines[@]} -eq 1 ]
+  else
+    assert [ ${#lines[@]} -eq 2 ]
+  fi
+
+  local output_id="${lines[0]}"
+
+  # shellcheck disable=SC2154
+  assert [ ${#stderr_lines[@]} -eq 0 ]
+
+  run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro arch id "$USER"
+
+  assert_success
+  assert_line --index 0 "$output_id"
+
+  if check_bats_version 1.10.0; then
+    assert [ ${#lines[@]} -eq 1 ]
+  else
+    assert [ ${#lines[@]} -eq 2 ]
+  fi
+
+  # shellcheck disable=SC2154
+  assert [ ${#stderr_lines[@]} -eq 0 ]
+}
+
+@test "user: id(1) for $USER inside Fedora 34" {
+  create_distro_container fedora 34 fedora-toolbox-34
+
+  run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro fedora --release 34 id
+
+  assert_success
+
+  if check_bats_version 1.10.0; then
+    assert [ ${#lines[@]} -eq 1 ]
+  else
+    assert [ ${#lines[@]} -eq 2 ]
+  fi
+
+  local output_id="${lines[0]}"
+
+  # shellcheck disable=SC2154
+  assert [ ${#stderr_lines[@]} -eq 0 ]
+
+  run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro fedora --release 34 id "$USER"
+
+  assert_success
+  assert_line --index 0 "$output_id"
+
+  if check_bats_version 1.10.0; then
+    assert [ ${#lines[@]} -eq 1 ]
+  else
+    assert [ ${#lines[@]} -eq 2 ]
+  fi
+
+  # shellcheck disable=SC2154
+  assert [ ${#stderr_lines[@]} -eq 0 ]
+}
+
+@test "user: id(1) for $USER inside RHEL 8.9" {
+  create_distro_container rhel 8.9 rhel-toolbox-8.9
+
+  run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro rhel --release 8.9 id
+
+  assert_success
+
+  if check_bats_version 1.10.0; then
+    assert [ ${#lines[@]} -eq 1 ]
+  else
+    assert [ ${#lines[@]} -eq 2 ]
+  fi
+
+  local output_id="${lines[0]}"
+
+  # shellcheck disable=SC2154
+  assert [ ${#stderr_lines[@]} -eq 0 ]
+
+  run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro rhel --release 8.9 id "$USER"
+
+  assert_success
+  assert_line --index 0 "$output_id"
+
+  if check_bats_version 1.10.0; then
+    assert [ ${#lines[@]} -eq 1 ]
+  else
+    assert [ ${#lines[@]} -eq 2 ]
+  fi
+
+  # shellcheck disable=SC2154
+  assert [ ${#stderr_lines[@]} -eq 0 ]
+}
+
+@test "user: id(1) for $USER inside Ubuntu 16.04" {
+  create_distro_container ubuntu 16.04 ubuntu-toolbox-16.04
+
+  run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro ubuntu --release 16.04 id
+
+  assert_success
+
+  if check_bats_version 1.10.0; then
+    assert [ ${#lines[@]} -eq 1 ]
+  else
+    assert [ ${#lines[@]} -eq 2 ]
+  fi
+
+  local output_id="${lines[0]}"
+
+  # shellcheck disable=SC2154
+  assert [ ${#stderr_lines[@]} -eq 0 ]
+
+  run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro ubuntu --release 16.04 id "$USER"
+
+  assert_success
+  assert_line --index 0 "$output_id"
+
+  if check_bats_version 1.10.0; then
+    assert [ ${#lines[@]} -eq 1 ]
+  else
+    assert [ ${#lines[@]} -eq 2 ]
+  fi
+
+  # shellcheck disable=SC2154
+  assert [ ${#stderr_lines[@]} -eq 0 ]
+}
+
+@test "user: id(1) for $USER inside Ubuntu 18.04" {
+  create_distro_container ubuntu 18.04 ubuntu-toolbox-18.04
+
+  run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro ubuntu --release 18.04 id
+
+  assert_success
+
+  if check_bats_version 1.10.0; then
+    assert [ ${#lines[@]} -eq 1 ]
+  else
+    assert [ ${#lines[@]} -eq 2 ]
+  fi
+
+  local output_id="${lines[0]}"
+
+  # shellcheck disable=SC2154
+  assert [ ${#stderr_lines[@]} -eq 0 ]
+
+  run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro ubuntu --release 18.04 id "$USER"
+
+  assert_success
+  assert_line --index 0 "$output_id"
+
+  if check_bats_version 1.10.0; then
+    assert [ ${#lines[@]} -eq 1 ]
+  else
+    assert [ ${#lines[@]} -eq 2 ]
+  fi
+
+  # shellcheck disable=SC2154
+  assert [ ${#stderr_lines[@]} -eq 0 ]
+}
+
+@test "user: id(1) for $USER inside Ubuntu 20.04" {
+  create_distro_container ubuntu 20.04 ubuntu-toolbox-20.04
+
+  run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro ubuntu --release 20.04 id
+
+  assert_success
+
+  if check_bats_version 1.10.0; then
+    assert [ ${#lines[@]} -eq 1 ]
+  else
+    assert [ ${#lines[@]} -eq 2 ]
+  fi
+
+  local output_id="${lines[0]}"
+
+  # shellcheck disable=SC2154
+  assert [ ${#stderr_lines[@]} -eq 0 ]
+
+  run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro ubuntu --release 20.04 id "$USER"
+
+  assert_success
+  assert_line --index 0 "$output_id"
+
+  if check_bats_version 1.10.0; then
+    assert [ ${#lines[@]} -eq 1 ]
+  else
+    assert [ ${#lines[@]} -eq 2 ]
+  fi
+
+  # shellcheck disable=SC2154
+  assert [ ${#stderr_lines[@]} -eq 0 ]
+}