From 68a6bb0b0fd2128822a7aa969562f283a153d37d Mon Sep 17 00:00:00 2001 From: Landon Cox Date: Sat, 30 May 2026 08:11:09 -0700 Subject: [PATCH 1/2] fix: make DinD staging test platform-agnostic for identity synthesis The ARC/DinD bootstrap test expected /etc/passwd and /etc/group to be staged at a predictable path (stageRoot/etc/passwd). However, when the host UID is not found in the staged passwd file (always the case on macOS, and on minimal ARC containers), the identity synthesis path creates the file at a random identity-XXXXX/passwd path instead. Update the test to: - Find passwd/group volumes by mount target suffix instead of exact path - Verify the staged file is within the stageRoot (not the exact subpath) - Assert the staged passwd contains the host UID (synthesis guarantee) - Remove macOS-incompatible assertion that staged content equals raw host file Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- src/services/agent-volumes-mounts.test.ts | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/src/services/agent-volumes-mounts.test.ts b/src/services/agent-volumes-mounts.test.ts index 643b6d1e7..e3340a0fd 100644 --- a/src/services/agent-volumes-mounts.test.ts +++ b/src/services/agent-volumes-mounts.test.ts @@ -145,19 +145,27 @@ describe('agent service', () => { const result = generateDockerCompose(configWithTmpPrefix, mockNetworkConfig); const volumes = result.services.agent.volumes as string[]; const stageRoot = path.join(sharedTmpPrefix, 'awf-docker-host-stage'); - const stagedPasswdPath = path.join(stageRoot, 'etc/passwd'); - const stagedGroupPath = path.join(stageRoot, 'etc/group'); const stagedBinaryPath = path.join(stageRoot, 'bin/copilot'); const hostsVolume = volumes.find((v: string) => v.endsWith(':/host/etc/hosts:ro')); - - expect(volumes).toContain(`${stagedPasswdPath}:/host/etc/passwd:ro`); - expect(volumes).toContain(`${stagedGroupPath}:/host/etc/group:ro`); + const passwdVolume = volumes.find((v: string) => v.endsWith(':/host/etc/passwd:ro')); + const groupVolume = volumes.find((v: string) => v.endsWith(':/host/etc/group:ro')); + + // passwd and group are staged under stageRoot — either at etc/passwd (direct copy) + // or identity-XXXXX/passwd (synthesized when host UID not found in staged file) + expect(passwdVolume).toBeDefined(); + expect(passwdVolume?.startsWith(stageRoot)).toBe(true); + expect(groupVolume).toBeDefined(); + expect(groupVolume?.startsWith(stageRoot)).toBe(true); expect(volumes).toContain(`${stagedBinaryPath}:/tmp/awf-runner-bin/copilot:ro`); expect(hostsVolume).toBeDefined(); expect(hostsVolume?.startsWith(`${stageRoot}/chroot-`)).toBe(true); - expect(fs.readFileSync(stagedPasswdPath, 'utf8')).toBe(fs.readFileSync('/etc/passwd', 'utf8')); - expect(fs.readFileSync(stagedGroupPath, 'utf8')).toBe(fs.readFileSync('/etc/group', 'utf8')); + const stagedPasswdPath = passwdVolume!.split(':')[0]; + const stagedGroupPath = groupVolume!.split(':')[0]; + // Staged passwd must contain the host UID (either copied or synthesized) + const uid = String(process.getuid?.() ?? 1000); + expect(fs.readFileSync(stagedPasswdPath, 'utf8')).toMatch(new RegExp(`^[^:]*:[^:]*:${uid}:`, 'm')); + expect(fs.existsSync(stagedGroupPath)).toBe(true); expect(fs.readFileSync(stagedBinaryPath, 'utf8')).toContain('echo copilot'); expect(fs.statSync(stagedBinaryPath).mode & 0o111).not.toBe(0); From 03030aa9827a2ae8f7258998e7e4ff47545d479f Mon Sep 17 00:00:00 2001 From: Landon Cox Date: Sat, 30 May 2026 08:35:13 -0700 Subject: [PATCH 2/2] Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- src/services/agent-volumes-mounts.test.ts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/services/agent-volumes-mounts.test.ts b/src/services/agent-volumes-mounts.test.ts index e3340a0fd..08e956c8b 100644 --- a/src/services/agent-volumes-mounts.test.ts +++ b/src/services/agent-volumes-mounts.test.ts @@ -163,7 +163,8 @@ describe('agent service', () => { const stagedPasswdPath = passwdVolume!.split(':')[0]; const stagedGroupPath = groupVolume!.split(':')[0]; // Staged passwd must contain the host UID (either copied or synthesized) - const uid = String(process.getuid?.() ?? 1000); + const { getSafeHostUid } = jest.requireActual('../host-identity') as typeof import('../host-identity'); + const uid = getSafeHostUid(); expect(fs.readFileSync(stagedPasswdPath, 'utf8')).toMatch(new RegExp(`^[^:]*:[^:]*:${uid}:`, 'm')); expect(fs.existsSync(stagedGroupPath)).toBe(true); expect(fs.readFileSync(stagedBinaryPath, 'utf8')).toContain('echo copilot');