Fix container tests, unify RPM install path, and ensure Nix TLS truststore detection

Changes included: • GitHub Actions workflow: rename job from 'test-unit' to 'test-container' to match intent. • RPM packaging: replace %{_libdir}/package-manager with a fixed /usr/lib/package-manager to avoid lib/lib64 divergence on CentOS and ensure pkgmgr + Nix flake resolution works consistently across distros. • Docker entrypoint: add automatic CA-bundle detection and set NIX_SSL_CERT_FILE to fix TLS issues on CentOS ('unable to get local issuer certificate') when Nix fetches flake inputs. These updates stabilize container-based tests and unify the runtime environment for Fedora, CentOS, and other distributions. Reference: ChatGPT conversation: https://chatgpt.com/share/6937aa72-d33c-800f-a63f-c353e92de6b3
2025-12-09 05:50:08 +01:00
parent f9943fafae
commit da9d5cfa6b
3 changed files with 40 additions and 21 deletions
--- a/.github/workflows/test-container.yml
+++ b/.github/workflows/test-container.yml
@@ -10,7 +10,7 @@ on:
  pull_request:
 jobs:
-  test-unit:
+  test-container:
    runs-on: ubuntu-latest
    timeout-minutes: 30
--- a/package-manager.spec
+++ b/package-manager.spec
@@ -35,35 +35,36 @@ available on the system.
 %install
 rm -rf %{buildroot}
 install -d %{buildroot}%{_bindir}
-install -d %{buildroot}%{_libdir}/package-manager
+# Install project tree into a fixed, architecture-independent location.
 install -d %{buildroot}/usr/lib/package-manager
 # Copy full project source into /usr/lib/package-manager
-cp -a . %{buildroot}%{_libdir}/package-manager/
+cp -a . %{buildroot}/usr/lib/package-manager/
 # Wrapper
 install -m0755 scripts/pkgmgr-wrapper.sh %{buildroot}%{_bindir}/pkgmgr
 # Shared Nix init script (ensure it is executable in the installed tree)
-install -m0755 scripts/init-nix.sh %{buildroot}%{_libdir}/package-manager/init-nix.sh
+install -m0755 scripts/init-nix.sh %{buildroot}/usr/lib/package-manager/init-nix.sh
 # Remove packaging-only and development artefacts from the installed tree
 rm -rf \
-  %{buildroot}%{_libdir}/package-manager/PKGBUILD \
+  %{buildroot}/usr/lib/package-manager/PKGBUILD \
-  %{buildroot}%{_libdir}/package-manager/Dockerfile \
+  %{buildroot}/usr/lib/package-manager/Dockerfile \
-  %{buildroot}%{_libdir}/package-manager/debian \
+  %{buildroot}/usr/lib/package-manager/debian \
-  %{buildroot}%{_libdir}/package-manager/.git \
+  %{buildroot}/usr/lib/package-manager/.git \
-  %{buildroot}%{_libdir}/package-manager/.github \
+  %{buildroot}/usr/lib/package-manager/.github \
-  %{buildroot}%{_libdir}/package-manager/tests \
+  %{buildroot}/usr/lib/package-manager/tests \
-  %{buildroot}%{_libdir}/package-manager/.gitignore \
+  %{buildroot}/usr/lib/package-manager/.gitignore \
-  %{buildroot}%{_libdir}/package-manager/__pycache__ \
+  %{buildroot}/usr/lib/package-manager/__pycache__ \
-  %{buildroot}%{_libdir}/package-manager/.gitkeep || true
+  %{buildroot}/usr/lib/package-manager/.gitkeep || true
 %post
 # Initialize Nix (if needed) after installing the package-manager files.
-if [ -x %{_libdir}/package-manager/init-nix.sh ]; then
+if [ -x /usr/lib/package-manager/init-nix.sh ]; then
-    %{_libdir}/package-manager/init-nix.sh || true
+    /usr/lib/package-manager/init-nix.sh || true
 else
-    echo ">>> Warning: %{_libdir}/package-manager/init-nix.sh not found or not executable."
+    echo ">>> Warning: /usr/lib/package-manager/init-nix.sh not found or not executable."
 fi
 %postun
@@ -73,7 +74,7 @@ echo ">>> package-manager removed. Nix itself was not removed."
 %doc README.md
 %license LICENSE
 %{_bindir}/pkgmgr
-%{_libdir}/package-manager/
+/usr/lib/package-manager/
 %changelog
 * Sat Dec 06 2025 Kevin Veen-Birkenbach <info@veen.world> - 0.1.1-1
--- a/scripts/docker/entry.sh
+++ b/scripts/docker/entry.sh
@@ -1,23 +1,41 @@
 #!/usr/bin/env bash
 set -euo pipefail
 # ---------------------------------------------------------------------------
 # Ensure Nix has access to a valid CA bundle (TLS trust store)
 # ---------------------------------------------------------------------------
 if [[ -z "${NIX_SSL_CERT_FILE:-}" ]]; then
  if [[ -f /etc/ssl/certs/ca-certificates.crt ]]; then
    # Debian/Ubuntu-style path
    export NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
    echo "[docker] Using CA bundle: ${NIX_SSL_CERT_FILE}"
  elif [[ -f /etc/pki/tls/certs/ca-bundle.crt ]]; then
    # Fedora/RHEL/CentOS-style path
    export NIX_SSL_CERT_FILE=/etc/pki/tls/certs/ca-bundle.crt
    echo "[docker] Using CA bundle: ${NIX_SSL_CERT_FILE}"
  else
    echo "[docker] WARNING: No CA bundle found for Nix (NIX_SSL_CERT_FILE not set)."
    echo "[docker] HTTPS access for Nix flakes may fail."
  fi
 fi
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 echo "[docker] Starting package-manager container"
-# Distro-Info nur für Logging
+# Distro info for logging
 if [[ -f /etc/os-release ]]; then
  # shellcheck disable=SC1091
  . /etc/os-release
  echo "[docker] Detected distro: ${ID:-unknown} (like: ${ID_LIKE:-})"
 fi
-# Wir arbeiten immer aus /src (vom Host gemountet)
+# Always use /src (mounted from host) as working directory
 echo "[docker] Using /src as working directory"
 cd /src
 # ------------------------------------------------------------
-# DEV-Mode: aus dem aktuellen /src heraus Paket bauen/installieren
+# DEV mode: build/install package-manager from current /src
 # ------------------------------------------------------------
 if [[ "${PKGMGR_DEV:-0}" == "1" ]]; then
  echo "[docker] DEV mode enabled (PKGMGR_DEV=1)"
@@ -32,7 +50,7 @@ if [[ "${PKGMGR_DEV:-0}" == "1" ]]; then
 fi
 # ------------------------------------------------------------
-# Hand-off zu pkgmgr / beliebigem Kommando
+# Hand-off to pkgmgr / arbitrary command
 # ------------------------------------------------------------
 if [[ $# -eq 0 ]]; then
  echo "[docker] No arguments provided. Showing pkgmgr help..."