Update CI images

... from https://github.com/containers/automation_images/pull/416 That requires updating tests to also work with rust-podman-sequoia 0.2.0: d41fefaa1f changed how the error is reported. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2025-09-17 15:30:38 +00:00 · 2025-09-10 16:13:38 +02:00
parent b258da23c2
commit cba2164671
3 changed files with 11 additions and 6 deletions
--- a/.cirrus.yml
+++ b/.cirrus.yml
@@ -21,7 +21,7 @@ env:
    SCRIPT_BASE: "./contrib/cirrus"

    # Google-cloud VM Images
-    IMAGE_SUFFIX: "c20250721t181111z-f42f41d13"
+    IMAGE_SUFFIX: "c20250910t092246z-f42f41d13"
    FEDORA_CACHE_IMAGE_NAME: "fedora-${IMAGE_SUFFIX}"

    # Container FQIN's
--- a/integration/copy_test.go
+++ b/integration/copy_test.go
@@ -776,9 +776,10 @@ func (s *copySuite) TestCopySignatures() {
 	// Verify that mis-signed images are rejected
 	assertSkopeoSucceeds(t, "", "--tls-verify=false", "copy", "atomic:localhost:5006/myns/personal:personal", "atomic:localhost:5006/myns/official:attack")
 	assertSkopeoSucceeds(t, "", "--tls-verify=false", "copy", "atomic:localhost:5006/myns/official:official", "atomic:localhost:5006/myns/personal:attack")
-	assertSkopeoFails(t, ".*Source image rejected: (Invalid GPG signature|.* was not found).*",
+	// "Invalid GPG signature" is reported by the gpgme mechanism; "Missing key: $fingerprint" by Sequoia.
+	assertSkopeoFails(t, ".*Source image rejected: (Invalid GPG signature|Missing key:).*",
 		"--tls-verify=false", "--policy", policy, "copy", "atomic:localhost:5006/myns/personal:attack", dirDest)
-	assertSkopeoFails(t, ".*Source image rejected: (Invalid GPG signature|.* was not found).*",
+	assertSkopeoFails(t, ".*Source image rejected: (Invalid GPG signature|Missing key:).*",
 		"--tls-verify=false", "--policy", policy, "copy", "atomic:localhost:5006/myns/official:attack", dirDest)

 	// Verify that signed identity is verified.
@@ -791,7 +792,8 @@ func (s *copySuite) TestCopySignatures() {

 	// Verify that cosigning requirements are enforced
 	assertSkopeoSucceeds(t, "", "--tls-verify=false", "copy", "atomic:localhost:5006/myns/official:official", "atomic:localhost:5006/myns/cosigned:cosigned")
-	assertSkopeoFails(t, ".*Source image rejected: (Invalid GPG signature|.* was not found).*",
+	// "Invalid GPG signature" is reported by the gpgme mechanism; "Missing key: $fingerprint" by Sequoia.
+	assertSkopeoFails(t, ".*Source image rejected: (Invalid GPG signature|Missing key:).*",
 		"--tls-verify=false", "--policy", policy, "copy", "atomic:localhost:5006/myns/cosigned:cosigned", dirDest)

 	assertSkopeoSucceeds(t, "", "--tls-verify=false", "copy", "--sign-by", "personal@example.com", "atomic:localhost:5006/myns/official:official", "atomic:localhost:5006/myns/cosigned:cosigned")
@@ -836,7 +838,8 @@ func (s *copySuite) TestCopyDirSignatures() {
 	// Verify that correct images are accepted
 	assertSkopeoSucceeds(t, "", "--policy", policy, "copy", topDirDest+"/restricted/official", topDirDest+"/dest")
 	// ... and that mis-signed images are rejected.
-	assertSkopeoFails(t, ".*Source image rejected: (Invalid GPG signature|.* was not found).*",
+	// "Invalid GPG signature" is reported by the gpgme mechanism; "Missing key: $fingerprint" by Sequoia.
+	assertSkopeoFails(t, ".*Source image rejected: (Invalid GPG signature|Missing key:).*",
 		"--policy", policy, "copy", topDirDest+"/restricted/personal", topDirDest+"/dest")

 	// Verify that the signed identity is verified.
--- a/systemtest/050-signing.bats
+++ b/systemtest/050-signing.bats
@@ -136,6 +136,8 @@ END_PUSH
    # Done pushing. Now try to fetch. From here on we use the --policy option.
    # The table below lists the paths to fetch, and the expected errors (or
    # none, if we expect them to pass).
+    #
+    # "Invalid GPG signature" is reported by the gpgme mechanism; "Missing key: $fingerprint" by Sequoia.
    while read path expected_error; do
        expected_rc=
        if [[ -n $expected_error ]]; then
@@ -154,7 +156,7 @@ END_PUSH
        fi
    done <<END_TESTS
 /myns/alice:signed
-/myns/bob:signedbyalice    (Invalid GPG signature|.* not found)
+/myns/bob:signedbyalice    (Invalid GPG signature|Missing key:)
 /myns/alice:unsigned       Signature for identity \\\\\\\\"localhost:5000/myns/alice:signed\\\\\\\\" is not accepted
 /myns/carol:latest         Running image docker://localhost:5000/myns/carol:latest is rejected by policy.
 /open/forall:latest