From 919db96bc5ab041423879c9d6e9d478f9055b816 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata@redhat.com>
Date: Mon, 13 Jan 2025 16:22:33 -0600
Subject: [PATCH] Temporary workaround for Podman issue on Ubuntu 24

To avoid a known issue in Podman on Ubuntu 24 the non-rootless
container tests have been modified to update the graph driver in
the SQLite backend manually. However, this method does not work
for the rootless container test so it has has been hard-coded to
use Ubuntu 22 for now.

https://github.com/containers/podman/issues/21683
---
 .../workflows/ca-container-migration-test.yml | 26 +++++++++++++++++--
 .../ca-container-system-service-test.yml      | 25 +++++++++++++++++-
 .../ca-container-user-service-test.yml        | 14 ++++++----
 3 files changed, 57 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/ca-container-migration-test.yml b/.github/workflows/ca-container-migration-test.yml
index 38facf2ee3b..5f12cd2a345 100644
--- a/.github/workflows/ca-container-migration-test.yml
+++ b/.github/workflows/ca-container-migration-test.yml
@@ -97,8 +97,30 @@ jobs:
 
       - name: Install Podman
         run: |
-          docker exec pki dnf install -y podman
-          docker exec pki podman info
+          docker exec pki dnf install -y podman sqlite
+          docker exec pki ls -lR /usr/share/containers
+          docker exec pki cat /usr/share/containers/containers.conf
+          docker exec pki cat /usr/share/containers/storage.conf
+
+      - name: Configure Podman
+        run: |
+          OS_VERSION=$(lsb_release -r -s | sed 's/\..*$//')
+          echo "OS_VERSION: $OS_VERSION"
+
+          # workaround for Podman issue on Ubuntu 24
+          # https://github.com/containers/podman/issues/21683
+          if [ "$OS_VERSION" -ge "24" ]; then
+              docker exec -i pki sqlite3 /var/lib/containers/storage/db.sql << EOF
+          update DBConfig set GraphDriver = 'overlay' where GraphDriver = '';
+          EOF
+          fi
+
+          docker exec pki podman info --format=json | tee output
+
+          # rootless should be disabled
+          echo "false" > expected
+          jq -r '.host.security.rootless' output > actual
+          diff expected actual
 
       - name: Load PKI images into root user's space
         run: |
diff --git a/.github/workflows/ca-container-system-service-test.yml b/.github/workflows/ca-container-system-service-test.yml
index 2d11461de89..cc895d8ed05 100644
--- a/.github/workflows/ca-container-system-service-test.yml
+++ b/.github/workflows/ca-container-system-service-test.yml
@@ -46,7 +46,30 @@ jobs:
 
       - name: Install Podman
         run: |
-          docker exec pki dnf install -y podman
+          docker exec pki dnf install -y podman sqlite
+          docker exec pki ls -lR /usr/share/containers
+          docker exec pki cat /usr/share/containers/containers.conf
+          docker exec pki cat /usr/share/containers/storage.conf
+
+      - name: Configure Podman
+        run: |
+          OS_VERSION=$(lsb_release -r -s | sed 's/\..*$//')
+          echo "OS_VERSION: $OS_VERSION"
+
+          # workaround for Podman issue on Ubuntu 24
+          # https://github.com/containers/podman/issues/21683
+          if [ "$OS_VERSION" -ge "24" ]; then
+              docker exec -i pki sqlite3 /var/lib/containers/storage/db.sql << EOF
+          update DBConfig set GraphDriver = 'overlay' where GraphDriver = '';
+          EOF
+          fi
+
+          docker exec pki podman info --format=json | tee output
+
+          # rootless should be disabled
+          echo "false" > expected
+          jq -r '.host.security.rootless' output > actual
+          diff expected actual
 
       - name: Load PKI images into root user's space
         run: |
diff --git a/.github/workflows/ca-container-user-service-test.yml b/.github/workflows/ca-container-user-service-test.yml
index 004938d7456..fa5d0e80fe7 100644
--- a/.github/workflows/ca-container-user-service-test.yml
+++ b/.github/workflows/ca-container-user-service-test.yml
@@ -8,7 +8,9 @@ env:
 jobs:
   test:
     name: Test
-    runs-on: ubuntu-latest
+    # workaround for Podman issue on Ubuntu 24
+    # https://github.com/containers/podman/issues/21683
+    runs-on: ubuntu-22.04
     env:
       SHARED: /tmp/workdir/pki
     steps:
@@ -51,10 +53,12 @@ jobs:
 
       - name: Install Podman
         run: |
-          docker exec pki dnf install -y podman fuse-overlayfs
-          docker exec pki podman info
+          docker exec pki dnf install -y podman sqlite fuse-overlayfs
+          docker exec pki ls -lR /usr/share/containers
+          docker exec pki cat /usr/share/containers/containers.conf
+          docker exec pki cat /usr/share/containers/storage.conf
 
-      - name: Configure rootless container
+      - name: Configure Podman
         run: |
           # enable SETUID and SETGID capabilities
           # https://github.com/containers/podman/discussions/21739
@@ -86,7 +90,7 @@ jobs:
           mount_program = "/usr/bin/fuse-overlayfs"
           EOF
 
-          docker exec -u pkiuser pki podman system info --format=json | tee output
+          docker exec -u pkiuser pki podman info --format=json | tee output
 
           # rootless should be enabled
           echo "true" > expected