Update conditions for signing tests

NewEphemeralSigningMechanism() may, with Sequoia, return a mechanism which !SupportsSigning(); so, to determine that, test with a non-ephemeral mechanism instead. (That's likely actually faster, because we create a GNUPGHOME in these tests anyway, so we avoid creating an deleting a separate temporary directory.) Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2025-08-17 22:17:10 +00:00 · 2025-07-25 22:14:23 +02:00 · 2025-07-25 22:14:23 +02:00 · 013ba490f1
commit 013ba490f1
parent d6d2c975d4
3 changed files with 8 additions and 11 deletions
--- a/cmd/skopeo/signing_test.go
+++ b/cmd/skopeo/signing_test.go
@ -29,7 +29,8 @@ func assertTestFailed(t *testing.T, stdout string, err error, substring string)
 }

 func TestStandaloneSign(t *testing.T) {
-	mech, _, err := signature.NewEphemeralGPGSigningMechanism([]byte{})
+	t.Setenv("GNUPGHOME", "fixtures")
+	mech, err := signature.NewGPGSigningMechanism()
 	require.NoError(t, err)
 	defer mech.Close()
 	if err := mech.SupportsSigning(); err != nil {
@ -38,7 +39,6 @@ func TestStandaloneSign(t *testing.T) {

 	manifestPath := "fixtures/image.manifest.json"
 	dockerReference := "testing/manifest"
-	t.Setenv("GNUPGHOME", "fixtures")

 	// Invalid command-line arguments
 	for _, args := range [][]string{
@ -87,9 +87,6 @@ func TestStandaloneSign(t *testing.T) {
 	require.NoError(t, err)
 	manifest, err := os.ReadFile(manifestPath)
 	require.NoError(t, err)
-	mech, err = signature.NewGPGSigningMechanism()
-	require.NoError(t, err)
-	defer mech.Close()
 	verified, err := signature.VerifyDockerManifestSignature(sig, manifest, dockerReference, mech, fixturesTestKeyFingerprint)
 	require.NoError(t, err)
 	assert.Equal(t, dockerReference, verified.DockerReference)
--- a/integration/copy_test.go
+++ b/integration/copy_test.go
@ -745,7 +745,7 @@ func (s *copySuite) TestCopyOCIRoundTrip() {
 // --sign-by and --policy copy, primarily using atomic:
 func (s *copySuite) TestCopySignatures() {
 	t := s.T()
-	mech, _, err := signature.NewEphemeralGPGSigningMechanism([]byte{})
+	mech, err := signature.NewGPGSigningMechanism()
 	require.NoError(t, err)
 	defer mech.Close()
 	if err := mech.SupportsSigning(); err != nil { // FIXME? Test that verification and policy enforcement works, using signatures from fixtures
@ -801,7 +801,7 @@ func (s *copySuite) TestCopySignatures() {
 // --policy copy for dir: sources
 func (s *copySuite) TestCopyDirSignatures() {
 	t := s.T()
-	mech, _, err := signature.NewEphemeralGPGSigningMechanism([]byte{})
+	mech, err := signature.NewGPGSigningMechanism()
 	require.NoError(t, err)
 	defer mech.Close()
 	if err := mech.SupportsSigning(); err != nil { // FIXME? Test that verification and policy enforcement works, using signatures from fixtures
@ -902,7 +902,7 @@ func findRegularFiles(t *testing.T, root string) []string {
 // --sign-by and policy use for docker: with lookaside
 func (s *copySuite) TestCopyDockerLookaside() {
 	t := s.T()
-	mech, _, err := signature.NewEphemeralGPGSigningMechanism([]byte{})
+	mech, err := signature.NewGPGSigningMechanism()
 	require.NoError(t, err)
 	defer mech.Close()
 	if err := mech.SupportsSigning(); err != nil { // FIXME? Test that verification and policy enforcement works, using signatures from fixtures
@ -971,7 +971,7 @@ func (s *copySuite) TestCopyDockerLookaside() {
 // atomic: and docker: X-Registry-Supports-Signatures works and interoperates
 func (s *copySuite) TestCopyAtomicExtension() {
 	t := s.T()
-	mech, _, err := signature.NewEphemeralGPGSigningMechanism([]byte{})
+	mech, err := signature.NewGPGSigningMechanism()
 	require.NoError(t, err)
 	defer mech.Close()
 	if err := mech.SupportsSigning(); err != nil { // FIXME? Test that the reading/writing works using signatures from fixtures
@ -1031,7 +1031,7 @@ func (s *copySuite) TestCopyVerifyingMirroredSignatures() {
 	t := s.T()
 	const regPrefix = "docker://localhost:5006/myns/mirroring-"

-	mech, _, err := signature.NewEphemeralGPGSigningMechanism([]byte{})
+	mech, err := signature.NewGPGSigningMechanism()
 	require.NoError(t, err)
 	defer mech.Close()
 	if err := mech.SupportsSigning(); err != nil { // FIXME? Test that verification and policy enforcement works, using signatures from fixtures
--- a/integration/signing_test.go
+++ b/integration/signing_test.go
@ -57,7 +57,7 @@ func (s *signingSuite) SetupSuite() {

 func (s *signingSuite) TestSignVerifySmoke() {
 	t := s.T()
-	mech, _, err := signature.NewEphemeralGPGSigningMechanism([]byte{})
+	mech, err := signature.NewGPGSigningMechanism()
 	require.NoError(t, err)
 	defer mech.Close()
 	if err := mech.SupportsSigning(); err != nil { // FIXME? Test that verification and policy enforcement works, using signatures from fixtures