github/skopeo
1
0
Fork 0
mirror of https://github.com/containers/skopeo.git synced 2025-08-17 22:17:10 +00:00
Code Issues Projects Releases Wiki Activity

Update conditions for signing tests

Browse Source 
NewEphemeralSigningMechanism() may, with Sequoia, return
a mechanism which !SupportsSigning(); so, to determine that,
test with a non-ephemeral mechanism instead. (That's likely
actually faster, because we create a GNUPGHOME in these tests
anyway, so we avoid creating an deleting a separate temporary
directory.)

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This commit is contained in:
Miloslav Trmač 2025-07-25 22:14:23 +02:00
parent d6d2c975d4
commit 013ba490f1
3 changed files with 8 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
cmd/skopeo/signing_test.go
View File

@ -29,7 +29,8 @@ func assertTestFailed(t *testing.T, stdout string, err error, substring string)
} }
func TestStandaloneSign(t *testing.T) { func TestStandaloneSign(t *testing.T) {
mech, _, err := signature.NewEphemeralGPGSigningMechanism([]byte{}) t.Setenv("GNUPGHOME", "fixtures")
mech, err := signature.NewGPGSigningMechanism()
require.NoError(t, err) require.NoError(t, err)
defer mech.Close() defer mech.Close()
if err := mech.SupportsSigning(); err != nil { if err := mech.SupportsSigning(); err != nil {
@ -38,7 +39,6 @@ func TestStandaloneSign(t *testing.T) {
manifestPath := "fixtures/image.manifest.json" manifestPath := "fixtures/image.manifest.json"
dockerReference := "testing/manifest" dockerReference := "testing/manifest"
t.Setenv("GNUPGHOME", "fixtures")
// Invalid command-line arguments // Invalid command-line arguments
for _, args := range [][]string{ for _, args := range [][]string{
@ -87,9 +87,6 @@ func TestStandaloneSign(t *testing.T) {
require.NoError(t, err) require.NoError(t, err)
manifest, err := os.ReadFile(manifestPath) manifest, err := os.ReadFile(manifestPath)
require.NoError(t, err) require.NoError(t, err)
mech, err = signature.NewGPGSigningMechanism()
require.NoError(t, err)
defer mech.Close()
verified, err := signature.VerifyDockerManifestSignature(sig, manifest, dockerReference, mech, fixturesTestKeyFingerprint) verified, err := signature.VerifyDockerManifestSignature(sig, manifest, dockerReference, mech, fixturesTestKeyFingerprint)
require.NoError(t, err) require.NoError(t, err)
assert.Equal(t, dockerReference, verified.DockerReference) assert.Equal(t, dockerReference, verified.DockerReference)

10
integration/copy_test.go
View File

@ -745,7 +745,7 @@ func (s *copySuite) TestCopyOCIRoundTrip() {
// --sign-by and --policy copy, primarily using atomic: // --sign-by and --policy copy, primarily using atomic:
func (s *copySuite) TestCopySignatures() { func (s *copySuite) TestCopySignatures() {
t := s.T() t := s.T()
mech, _, err := signature.NewEphemeralGPGSigningMechanism([]byte{}) mech, err := signature.NewGPGSigningMechanism()
require.NoError(t, err) require.NoError(t, err)
defer mech.Close() defer mech.Close()
if err := mech.SupportsSigning(); err != nil { // FIXME? Test that verification and policy enforcement works, using signatures from fixtures if err := mech.SupportsSigning(); err != nil { // FIXME? Test that verification and policy enforcement works, using signatures from fixtures
@ -801,7 +801,7 @@ func (s *copySuite) TestCopySignatures() {
// --policy copy for dir: sources // --policy copy for dir: sources
func (s *copySuite) TestCopyDirSignatures() { func (s *copySuite) TestCopyDirSignatures() {
t := s.T() t := s.T()
mech, _, err := signature.NewEphemeralGPGSigningMechanism([]byte{}) mech, err := signature.NewGPGSigningMechanism()
require.NoError(t, err) require.NoError(t, err)
defer mech.Close() defer mech.Close()
if err := mech.SupportsSigning(); err != nil { // FIXME? Test that verification and policy enforcement works, using signatures from fixtures if err := mech.SupportsSigning(); err != nil { // FIXME? Test that verification and policy enforcement works, using signatures from fixtures
@ -902,7 +902,7 @@ func findRegularFiles(t *testing.T, root string) []string {
// --sign-by and policy use for docker: with lookaside // --sign-by and policy use for docker: with lookaside
func (s *copySuite) TestCopyDockerLookaside() { func (s *copySuite) TestCopyDockerLookaside() {
t := s.T() t := s.T()
mech, _, err := signature.NewEphemeralGPGSigningMechanism([]byte{}) mech, err := signature.NewGPGSigningMechanism()
require.NoError(t, err) require.NoError(t, err)
defer mech.Close() defer mech.Close()
if err := mech.SupportsSigning(); err != nil { // FIXME? Test that verification and policy enforcement works, using signatures from fixtures if err := mech.SupportsSigning(); err != nil { // FIXME? Test that verification and policy enforcement works, using signatures from fixtures
@ -971,7 +971,7 @@ func (s *copySuite) TestCopyDockerLookaside() {
// atomic: and docker: X-Registry-Supports-Signatures works and interoperates // atomic: and docker: X-Registry-Supports-Signatures works and interoperates
func (s *copySuite) TestCopyAtomicExtension() { func (s *copySuite) TestCopyAtomicExtension() {
t := s.T() t := s.T()
mech, _, err := signature.NewEphemeralGPGSigningMechanism([]byte{}) mech, err := signature.NewGPGSigningMechanism()
require.NoError(t, err) require.NoError(t, err)
defer mech.Close() defer mech.Close()
if err := mech.SupportsSigning(); err != nil { // FIXME? Test that the reading/writing works using signatures from fixtures if err := mech.SupportsSigning(); err != nil { // FIXME? Test that the reading/writing works using signatures from fixtures
@ -1031,7 +1031,7 @@ func (s *copySuite) TestCopyVerifyingMirroredSignatures() {
t := s.T() t := s.T()
const regPrefix = "docker://localhost:5006/myns/mirroring-" const regPrefix = "docker://localhost:5006/myns/mirroring-"
mech, _, err := signature.NewEphemeralGPGSigningMechanism([]byte{}) mech, err := signature.NewGPGSigningMechanism()
require.NoError(t, err) require.NoError(t, err)
defer mech.Close() defer mech.Close()
if err := mech.SupportsSigning(); err != nil { // FIXME? Test that verification and policy enforcement works, using signatures from fixtures if err := mech.SupportsSigning(); err != nil { // FIXME? Test that verification and policy enforcement works, using signatures from fixtures

2
integration/signing_test.go
View File

@ -57,7 +57,7 @@ func (s *signingSuite) SetupSuite() {
func (s *signingSuite) TestSignVerifySmoke() { func (s *signingSuite) TestSignVerifySmoke() {
t := s.T() t := s.T()
mech, _, err := signature.NewEphemeralGPGSigningMechanism([]byte{}) mech, err := signature.NewGPGSigningMechanism()
require.NoError(t, err) require.NoError(t, err)
defer mech.Close() defer mech.Close()
if err := mech.SupportsSigning(); err != nil { // FIXME? Test that verification and policy enforcement works, using signatures from fixtures if err := mech.SupportsSigning(); err != nil { // FIXME? Test that verification and policy enforcement works, using signatures from fixtures