Merge branch 'dusty-drop-iptables' into 'main'

rework testing; drop iptables exclude; add test

See merge request fedora/bootc/base-images!171

minimal/bootc.yaml

@@ -7,10 +7,6 @@ packages:
  - xfsprogs e2fsprogs dosfstools
 
 exclude-packages:
-  # bootc pulls in podman, which pulls in containers-common, which wants
-  # `iptables`. That may pull in iptables-legacy which we don't want;
-  # we want iptables-nft to win the Provides by default
-  - iptables-legacy
   # Exclude kernel-debug-core to make sure that it doesn't somehow get
   # chosen as the package to satisfy the `kernel-core` dependency from
   # the kernel package.

tests/rootfs/Dockerfile

@@ -1,6 +1,4 @@
 # This should always be replaced with podman build --from.
-FROM localhost/image-to-test as rootfs
-
-FROM quay.io/centos/centos:stream10
+FROM localhost/image-to-test
 COPY . /src
-RUN --mount=type=bind,from=rootfs,target=/target-rootfs /src/run /target-rootfs
+RUN /src/run /

tests/rootfs/README.md

@@ -2,3 +2,10 @@
 
 This is a set of scripts that sanity check the target
 rootfs in a read-only fashion.
+
+To run the tests:
+
+```
+podman build --from localhost/fedora-bootc:latest -t localhost/test-bootc .
+podman rmi localhost/test-bootc:latest # Clean up any created images
+```

tests/rootfs/cases/no-iptables-legacy

@@ -0,0 +1,4 @@
+#!/bin/bash
+set -xeuo pipefail
+output=$(rpm -q iptables-legacy || true)
+grep "is not installed" <<< "$output"