Update for the renames of sigstore to lookaside

I left systemtest unmodified, to have _something_ that exercises the compatibility path. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2025-04-28 03:10:18 +00:00 · 2022-07-11 22:19:49 +02:00 · 2022-07-11 22:19:49 +02:00 · b000ada3f3
commit b000ada3f3
parent f2b4071b1f
4 changed files with 33 additions and 33 deletions
--- a/4
+++ b/4
@ -11,7 +11,7 @@ else
 CONTAINERSCONFDIR ?= /etc/containers
 endif
 REGISTRIESDDIR ?= ${CONTAINERSCONFDIR}/registries.d
-SIGSTOREDIR ?= /var/lib/containers/sigstore
+LOOKASIDEDIR ?= /var/lib/containers/sigstore
 BINDIR ?= ${PREFIX}/bin
 MANDIR ?= ${PREFIX}/share/man
@ -163,7 +163,7 @@ clean:
 	rm -rf bin docs/*.1 completions/
 install: install-binary install-docs install-completions
-	install -d -m 755 ${DESTDIR}${SIGSTOREDIR}
+	install -d -m 755 ${DESTDIR}${LOOKASIDEDIR}
 	install -d -m 755 ${DESTDIR}${CONTAINERSCONFDIR}
 	install -m 644 default-policy.json ${DESTDIR}${CONTAINERSCONFDIR}/policy.json
 	install -d -m 755 ${DESTDIR}${REGISTRIESDDIR}
--- a/default.yaml
+++ b/default.yaml
@ -1,19 +1,19 @@
 # This is a default registries.d configuration file.  You may
 # add to this file or create additional files in registries.d/.
 #
-# sigstore: indicates a location that is read and write
+# lookaside: indicates a location that is read and write
-# sigstore-staging: indicates a location that is only for write
+# lookaside-staging: indicates a location that is only for write
 #
-# sigstore and sigstore-staging take a value of the following:
+# lookaside and lookaside-staging take a value of the following:
-#   sigstore:  {schema}://location
+#   lookaside:  {schema}://location
 #
 # For reading signatures, schema may be http, https, or file.
 # For writing signatures, schema may only be file.
 # This is the default signature write location for docker registries.
 default-docker:
-#  sigstore: file:///var/lib/containers/sigstore
+#  lookaside: file:///var/lib/containers/sigstore
-  sigstore-staging: file:///var/lib/containers/sigstore
+  lookaside-staging: file:///var/lib/containers/sigstore
 # The 'docker' indicator here is the start of the configuration
 # for docker registries.
@ -21,6 +21,6 @@ default-docker:
 # docker:
 #
 #   privateregistry.com:
-#    sigstore: http://privateregistry.com/sigstore/
+#    lookaside: http://privateregistry.com/sigstore/
-#    sigstore-staging: /mnt/nfs/privateregistry/sigstore
+#    lookaside-staging: /mnt/nfs/privateregistry/sigstore
--- a/integration/copy_test.go
+++ b/integration/copy_test.go
@ -845,8 +845,8 @@ func findRegularFiles(c *check.C, root string) []string {
 	return result
 }
-// --sign-by and policy use for docker: with sigstore
+// --sign-by and policy use for docker: with lookaside
-func (s *CopySuite) TestCopyDockerSigstore(c *check.C) {
+func (s *CopySuite) TestCopyDockerLookaside(c *check.C) {
 	mech, _, err := signature.NewEphemeralGPGSigningMechanism([]byte{})
 	c.Assert(err, check.IsNil)
 	defer mech.Close()
@ -861,14 +861,14 @@ func (s *CopySuite) TestCopyDockerSigstore(c *check.C) {
 	err = os.Mkdir(copyDest, 0755)
 	c.Assert(err, check.IsNil)
 	dirDest := "dir:" + copyDest
-	plainSigstore := filepath.Join(tmpDir, "sigstore")
+	plainLookaside := filepath.Join(tmpDir, "lookaside")
-	splitSigstoreStaging := filepath.Join(tmpDir, "sigstore-staging")
+	splitLookasideStaging := filepath.Join(tmpDir, "lookaside-staging")
-	splitSigstoreReadServerHandler := http.NotFoundHandler()
+	splitLookasideReadServerHandler := http.NotFoundHandler()
-	splitSigstoreReadServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+	splitLookasideReadServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		splitSigstoreReadServerHandler.ServeHTTP(w, r)
+		splitLookasideReadServerHandler.ServeHTTP(w, r)
 	}))
-	defer splitSigstoreReadServer.Close()
+	defer splitLookasideReadServer.Close()
 	policy := fileFromFixture(c, "fixtures/policy.json", map[string]string{"@keydir@": s.gpgHome})
 	defer os.Remove(policy)
@ -876,20 +876,20 @@ func (s *CopySuite) TestCopyDockerSigstore(c *check.C) {
 	err = os.Mkdir(registriesDir, 0755)
 	c.Assert(err, check.IsNil)
 	registriesFile := fileFromFixture(c, "fixtures/registries.yaml",
-		map[string]string{"@sigstore@": plainSigstore, "@split-staging@": splitSigstoreStaging, "@split-read@": splitSigstoreReadServer.URL})
+		map[string]string{"@lookaside@": plainLookaside, "@split-staging@": splitLookasideStaging, "@split-read@": splitLookasideReadServer.URL})
 	err = os.Symlink(registriesFile, filepath.Join(registriesDir, "registries.yaml"))
 	c.Assert(err, check.IsNil)
-	// Get an image to work with.  Also verifies that we can use Docker repositories with no sigstore configured.
+	// Get an image to work with.  Also verifies that we can use Docker repositories with no lookaside configured.
 	assertSkopeoSucceeds(c, "", "--tls-verify=false", "--registries.d", registriesDir, "copy", testFQIN, ourRegistry+"original/busybox")
 	// Pulling an unsigned image fails.
 	assertSkopeoFails(c, ".*Source image rejected: A signature was required, but no signature exists.*",
 		"--tls-verify=false", "--policy", policy, "--registries.d", registriesDir, "copy", ourRegistry+"original/busybox", dirDest)
-	// Signing with sigstore defined succeeds,
+	// Signing with lookaside defined succeeds,
 	assertSkopeoSucceeds(c, "", "--tls-verify=false", "--registries.d", registriesDir, "copy", "--sign-by", "personal@example.com", ourRegistry+"original/busybox", ourRegistry+"signed/busybox")
 	// a signature file has been created,
-	foundFiles := findRegularFiles(c, plainSigstore)
+	foundFiles := findRegularFiles(c, plainLookaside)
 	c.Assert(foundFiles, check.HasLen, 1)
 	// and pulling a signed image succeeds.
 	assertSkopeoSucceeds(c, "", "--tls-verify=false", "--policy", policy, "--registries.d", registriesDir, "copy", ourRegistry+"signed/busybox", dirDest)
@ -897,19 +897,19 @@ func (s *CopySuite) TestCopyDockerSigstore(c *check.C) {
 	// Deleting the image succeeds,
 	assertSkopeoSucceeds(c, "", "--tls-verify=false", "--registries.d", registriesDir, "delete", ourRegistry+"signed/busybox")
 	// and the signature file has been deleted (but we leave the directories around).
-	foundFiles = findRegularFiles(c, plainSigstore)
+	foundFiles = findRegularFiles(c, plainLookaside)
 	c.Assert(foundFiles, check.HasLen, 0)
-	// Signing with a read/write sigstore split succeeds,
+	// Signing with a read/write lookaside split succeeds,
 	assertSkopeoSucceeds(c, "", "--tls-verify=false", "--registries.d", registriesDir, "copy", "--sign-by", "personal@example.com", ourRegistry+"original/busybox", ourRegistry+"public/busybox")
 	// and a signature file has been created.
-	foundFiles = findRegularFiles(c, splitSigstoreStaging)
+	foundFiles = findRegularFiles(c, splitLookasideStaging)
 	c.Assert(foundFiles, check.HasLen, 1)
-	// Pulling the image fails because the read sigstore URL has not been populated:
+	// Pulling the image fails because the read lookaside URL has not been populated:
 	assertSkopeoFails(c, ".*Source image rejected: A signature was required, but no signature exists.*",
 		"--tls-verify=false", "--policy", policy, "--registries.d", registriesDir, "copy", ourRegistry+"public/busybox", dirDest)
-	// Pulling the image succeeds after the read sigstore URL is available:
+	// Pulling the image succeeds after the read lookaside URL is available:
-	splitSigstoreReadServerHandler = http.FileServer(http.Dir(splitSigstoreStaging))
+	splitLookasideReadServerHandler = http.FileServer(http.Dir(splitLookasideStaging))
 	assertSkopeoSucceeds(c, "", "--tls-verify=false", "--policy", policy, "--registries.d", registriesDir, "copy", ourRegistry+"public/busybox", dirDest)
 }
@ -981,13 +981,13 @@ func (s *CopySuite) TestCopyVerifyingMirroredSignatures(c *check.C) {
 	}
 	topDir := c.MkDir()
-	registriesDir := filepath.Join(topDir, "registries.d") // An empty directory to disable sigstore use
+	registriesDir := filepath.Join(topDir, "registries.d") // An empty directory to disable lookaside use
 	dirDest := "dir:" + filepath.Join(topDir, "unused-dest")
 	policy := fileFromFixture(c, "fixtures/policy.json", map[string]string{"@keydir@": s.gpgHome})
 	defer os.Remove(policy)
-	// We use X-R-S-S for this testing to avoid having to deal with the sigstores.
+	// We use X-R-S-S for this testing to avoid having to deal with the lookasides.
 	// A downside is that OpenShift records signatures per image, so the error messages below
 	// list all signatures for other tags used for the same image as well.
 	// So, make sure to never create a signature that could be considered valid in a different part of the test (i.e. don't reuse tags).
--- a/integration/fixtures/registries.yaml
+++ b/integration/fixtures/registries.yaml
@ -1,6 +1,6 @@
 docker:
   localhost:5555:
-        sigstore: file://@sigstore@
+        lookaside: file://@lookaside@
   localhost:5555/public:
-        sigstore-staging: file://@split-staging@
+        lookaside-staging: file://@split-staging@
-        sigstore: @split-read@
+        lookaside: @split-read@