diff --git a/integration/fixtures/image.manifest.json b/integration/fixtures/image.manifest.json new file mode 100644 index 00000000..198da23f --- /dev/null +++ b/integration/fixtures/image.manifest.json @@ -0,0 +1,26 @@ +{ + "schemaVersion": 2, + "mediaType": "application/vnd.docker.distribution.manifest.v2+json", + "config": { + "mediaType": "application/vnd.docker.container.image.v1+json", + "size": 7023, + "digest": "sha256:b5b2b2c507a0944348e0303114d8d93aaaa081732b86451d9bce1f432a537bc7" + }, + "layers": [ + { + "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", + "size": 32654, + "digest": "sha256:e692418e4cbaf90ca69d05a66403747baa33ee08806650b51fab815ad7fc331f" + }, + { + "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", + "size": 16724, + "digest": "sha256:3c3a4604a545cdc127456d94e421cd355bca5b528f4a9c1905b15da2eb4a4c6b" + }, + { + "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", + "size": 73109, + "digest": "sha256:ec4b8955958665577945c89419d1af06b5f7636b4ac3da7f12184802ad867736" + } + ] +} \ No newline at end of file diff --git a/integration/fixtures_info_test.go b/integration/fixtures_info_test.go new file mode 100644 index 00000000..d1048168 --- /dev/null +++ b/integration/fixtures_info_test.go @@ -0,0 +1,6 @@ +package main + +const ( + // TestImageManifestDigest is the Docker manifest digest of "fixtures/image.manifest.json" + TestImageManifestDigest = "sha256:20bf21ed457b390829cdbeec8795a7bea1626991fda603e0d01b4e7f60427e55" +) diff --git a/integration/signing_test.go b/integration/signing_test.go index 47de0dcd..672299c5 100644 --- a/integration/signing_test.go +++ b/integration/signing_test.go @@ -9,7 +9,6 @@ import ( "strings" "github.com/go-check/check" - "github.com/projectatomic/skopeo/signature/fixtures" ) const ( @@ -97,7 +96,7 @@ func (s *SigningSuite) TearDownTest(c *check.C) { } func (s *SigningSuite) TestSignVerifySmoke(c *check.C) { - manifestPath := "../signature/fixtures/image.manifest.json" + manifestPath := "fixtures/image.manifest.json" dockerReference := "testing/smoketest" sigOutput, err := ioutil.TempFile("", "sig") @@ -111,5 +110,5 @@ func (s *SigningSuite) TestSignVerifySmoke(c *check.C) { out, err = exec.Command(skopeoBinary, "standalone-verify", manifestPath, dockerReference, s.fingerprint, sigOutput.Name()).CombinedOutput() c.Assert(err, check.IsNil, check.Commentf("%s", out)) - c.Assert(string(out), check.Equals, "Signature verified, digest "+fixtures.TestImageManifestDigest+"\n") + c.Assert(string(out), check.Equals, "Signature verified, digest "+TestImageManifestDigest+"\n") } diff --git a/signature/docker_test.go b/signature/docker_test.go index 205d74ff..ec4c858d 100644 --- a/signature/docker_test.go +++ b/signature/docker_test.go @@ -4,7 +4,6 @@ import ( "io/ioutil" "testing" - "github.com/projectatomic/skopeo/signature/fixtures" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) @@ -16,26 +15,26 @@ func TestSignDockerManifest(t *testing.T) { require.NoError(t, err) // Successful signing - signature, err := SignDockerManifest(manifest, fixtures.TestImageSignatureReference, mech, fixtures.TestKeyFingerprint) + signature, err := SignDockerManifest(manifest, TestImageSignatureReference, mech, TestKeyFingerprint) require.NoError(t, err) - verified, err := VerifyDockerManifestSignature(signature, manifest, fixtures.TestImageSignatureReference, mech, fixtures.TestKeyFingerprint) + verified, err := VerifyDockerManifestSignature(signature, manifest, TestImageSignatureReference, mech, TestKeyFingerprint) assert.NoError(t, err) - assert.Equal(t, fixtures.TestImageSignatureReference, verified.DockerReference) - assert.Equal(t, fixtures.TestImageManifestDigest, verified.DockerManifestDigest) + assert.Equal(t, TestImageSignatureReference, verified.DockerReference) + assert.Equal(t, TestImageManifestDigest, verified.DockerManifestDigest) // Error computing Docker manifest invalidManifest, err := ioutil.ReadFile("fixtures/v2s1-invalid-signatures.manifest.json") require.NoError(t, err) - _, err = SignDockerManifest(invalidManifest, fixtures.TestImageSignatureReference, mech, fixtures.TestKeyFingerprint) + _, err = SignDockerManifest(invalidManifest, TestImageSignatureReference, mech, TestKeyFingerprint) assert.Error(t, err) // Error creating blob to sign - _, err = SignDockerManifest(manifest, "", mech, fixtures.TestKeyFingerprint) + _, err = SignDockerManifest(manifest, "", mech, TestKeyFingerprint) assert.Error(t, err) // Error signing - _, err = SignDockerManifest(manifest, fixtures.TestImageSignatureReference, mech, "this fingerprint doesn't exist") + _, err = SignDockerManifest(manifest, TestImageSignatureReference, mech, "this fingerprint doesn't exist") assert.Error(t, err) } @@ -48,33 +47,33 @@ func TestVerifyDockerManifestSignature(t *testing.T) { require.NoError(t, err) // Successful verification - sig, err := VerifyDockerManifestSignature(signature, manifest, fixtures.TestImageSignatureReference, mech, fixtures.TestKeyFingerprint) + sig, err := VerifyDockerManifestSignature(signature, manifest, TestImageSignatureReference, mech, TestKeyFingerprint) require.NoError(t, err) - assert.Equal(t, fixtures.TestImageSignatureReference, sig.DockerReference) - assert.Equal(t, fixtures.TestImageManifestDigest, sig.DockerManifestDigest) + assert.Equal(t, TestImageSignatureReference, sig.DockerReference) + assert.Equal(t, TestImageManifestDigest, sig.DockerManifestDigest) // For extra paranoia, test that we return nil data on error. // Error computing Docker manifest invalidManifest, err := ioutil.ReadFile("fixtures/v2s1-invalid-signatures.manifest.json") require.NoError(t, err) - sig, err = VerifyDockerManifestSignature(signature, invalidManifest, fixtures.TestImageSignatureReference, mech, fixtures.TestKeyFingerprint) + sig, err = VerifyDockerManifestSignature(signature, invalidManifest, TestImageSignatureReference, mech, TestKeyFingerprint) assert.Error(t, err) assert.Nil(t, sig) // Error verifying signature corruptSignature, err := ioutil.ReadFile("fixtures/corrupt.signature") - sig, err = VerifyDockerManifestSignature(corruptSignature, manifest, fixtures.TestImageSignatureReference, mech, fixtures.TestKeyFingerprint) + sig, err = VerifyDockerManifestSignature(corruptSignature, manifest, TestImageSignatureReference, mech, TestKeyFingerprint) assert.Error(t, err) assert.Nil(t, sig) // Key fingerprint mismatch - sig, err = VerifyDockerManifestSignature(signature, manifest, fixtures.TestImageSignatureReference, mech, "unexpected fingerprint") + sig, err = VerifyDockerManifestSignature(signature, manifest, TestImageSignatureReference, mech, "unexpected fingerprint") assert.Error(t, err) assert.Nil(t, sig) // Docker manifest digest mismatch - sig, err = VerifyDockerManifestSignature(signature, []byte("unexpected manifest"), fixtures.TestImageSignatureReference, mech, fixtures.TestKeyFingerprint) + sig, err = VerifyDockerManifestSignature(signature, []byte("unexpected manifest"), TestImageSignatureReference, mech, TestKeyFingerprint) assert.Error(t, err) assert.Nil(t, sig) } diff --git a/signature/fixtures/info.go b/signature/fixtures_info_test.go similarity index 96% rename from signature/fixtures/info.go rename to signature/fixtures_info_test.go index fedbde77..2ffbbe21 100644 --- a/signature/fixtures/info.go +++ b/signature/fixtures_info_test.go @@ -1,4 +1,4 @@ -package fixtures +package signature const ( // TestImageManifestDigest is the Docker manifest digest of "image.manifest.json" diff --git a/signature/mechanism_test.go b/signature/mechanism_test.go index 72ee042e..f9c69756 100644 --- a/signature/mechanism_test.go +++ b/signature/mechanism_test.go @@ -4,7 +4,6 @@ import ( "io/ioutil" "testing" - "github.com/projectatomic/skopeo/signature/fixtures" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) @@ -32,13 +31,13 @@ func TestGPGSigningMechanismSign(t *testing.T) { // Successful signing content := []byte("content") - signature, err := mech.Sign(content, fixtures.TestKeyFingerprint) + signature, err := mech.Sign(content, TestKeyFingerprint) require.NoError(t, err) signedContent, signingFingerprint, err := mech.Verify(signature) require.NoError(t, err) assert.EqualValues(t, content, signedContent) - assert.Equal(t, fixtures.TestKeyFingerprint, signingFingerprint) + assert.Equal(t, TestKeyFingerprint, signingFingerprint) // Error signing _, err = mech.Sign(content, "this fingerprint doesn't exist") @@ -62,7 +61,7 @@ func TestGPGSigningMechanismVerify(t *testing.T) { content, signingFingerprint, err := mech.Verify(signature) require.NoError(t, err) assert.Equal(t, []byte("This is not JSON\n"), content) - assert.Equal(t, fixtures.TestKeyFingerprint, signingFingerprint) + assert.Equal(t, TestKeyFingerprint, signingFingerprint) // For extra paranoia, test that we return nil data on error. diff --git a/signature/signature_test.go b/signature/signature_test.go index fd258548..471e8b9f 100644 --- a/signature/signature_test.go +++ b/signature/signature_test.go @@ -5,7 +5,6 @@ import ( "io/ioutil" "testing" - "github.com/projectatomic/skopeo/signature/fixtures" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) @@ -147,16 +146,16 @@ func TestSign(t *testing.T) { } // Successful signing - signature, err := sig.sign(mech, fixtures.TestKeyFingerprint) + signature, err := sig.sign(mech, TestKeyFingerprint) require.NoError(t, err) - verified, err := verifyAndExtractSignature(mech, signature, fixtures.TestKeyFingerprint, sig.DockerReference) + verified, err := verifyAndExtractSignature(mech, signature, TestKeyFingerprint, sig.DockerReference) require.NoError(t, err) assert.Equal(t, sig.Signature, *verified) // Error creating blob to sign - _, err = privateSignature{}.sign(mech, fixtures.TestKeyFingerprint) + _, err = privateSignature{}.sign(mech, TestKeyFingerprint) assert.Error(t, err) // Error signing @@ -172,36 +171,36 @@ func TestVerifyAndExtractSignature(t *testing.T) { require.NoError(t, err) // Successful verification - sig, err := verifyAndExtractSignature(mech, signature, fixtures.TestKeyFingerprint, fixtures.TestImageSignatureReference) + sig, err := verifyAndExtractSignature(mech, signature, TestKeyFingerprint, TestImageSignatureReference) require.NoError(t, err) - assert.Equal(t, fixtures.TestImageSignatureReference, sig.DockerReference) - assert.Equal(t, fixtures.TestImageManifestDigest, sig.DockerManifestDigest) + assert.Equal(t, TestImageSignatureReference, sig.DockerReference) + assert.Equal(t, TestImageManifestDigest, sig.DockerManifestDigest) // For extra paranoia, test that we return a nil signature object on error. // Completely invalid signature. - sig, err = verifyAndExtractSignature(mech, []byte{}, fixtures.TestKeyFingerprint, fixtures.TestImageSignatureReference) + sig, err = verifyAndExtractSignature(mech, []byte{}, TestKeyFingerprint, TestImageSignatureReference) assert.Error(t, err) assert.Nil(t, sig) - sig, err = verifyAndExtractSignature(mech, []byte("invalid signature"), fixtures.TestKeyFingerprint, fixtures.TestImageSignatureReference) + sig, err = verifyAndExtractSignature(mech, []byte("invalid signature"), TestKeyFingerprint, TestImageSignatureReference) assert.Error(t, err) assert.Nil(t, sig) // Valid signature of non-JSON invalidBlobSignature, err := ioutil.ReadFile("./fixtures/invalid-blob.signature") require.NoError(t, err) - sig, err = verifyAndExtractSignature(mech, invalidBlobSignature, fixtures.TestKeyFingerprint, fixtures.TestImageSignatureReference) + sig, err = verifyAndExtractSignature(mech, invalidBlobSignature, TestKeyFingerprint, TestImageSignatureReference) assert.Error(t, err) assert.Nil(t, sig) // Valid signature with a wrong key - sig, err = verifyAndExtractSignature(mech, signature, "unexpected fingerprint", fixtures.TestImageSignatureReference) + sig, err = verifyAndExtractSignature(mech, signature, "unexpected fingerprint", TestImageSignatureReference) assert.Error(t, err) assert.Nil(t, sig) // Valid signature with a wrong image reference - sig, err = verifyAndExtractSignature(mech, signature, fixtures.TestKeyFingerprint, "unexpected docker reference") + sig, err = verifyAndExtractSignature(mech, signature, TestKeyFingerprint, "unexpected docker reference") assert.Error(t, err) assert.Nil(t, sig) }