mirror of
				https://github.com/containers/skopeo.git
				synced 2025-10-24 21:35:38 +00:00 
			
		
		
		
	Split copyWithSignedIdentity from TestCopyVerifyingMirroredSignatures
... because we will add another user. Also remove an obsolete FIXME. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This commit is contained in:
		| @@ -1068,6 +1068,24 @@ func (s *CopySuite) TestCopyAtomicExtension(c *check.C) { | |||||||
| 	assertDirImagesAreEqual(c, filepath.Join(topDir, "dirDA"), filepath.Join(topDir, "dirDD")) | 	assertDirImagesAreEqual(c, filepath.Join(topDir, "dirDA"), filepath.Join(topDir, "dirDD")) | ||||||
| } | } | ||||||
|  |  | ||||||
|  | // copyWithSignedIdentity creates a copy of an unsigned image, adding a signature for an unrelated identity | ||||||
|  | // This should be easier than using standalone-sign. | ||||||
|  | func copyWithSignedIdentity(c *check.C, src, dest, signedIdentity, signBy, registriesDir string) { | ||||||
|  | 	topDir, err := ioutil.TempDir("", "copyWithSignedIdentity") | ||||||
|  | 	c.Assert(err, check.IsNil) | ||||||
|  | 	defer os.RemoveAll(topDir) | ||||||
|  |  | ||||||
|  | 	signingDir := filepath.Join(topDir, "signing-temp") | ||||||
|  | 	assertSkopeoSucceeds(c, "", "copy", "--src-tls-verify=false", src, "dir:"+signingDir) | ||||||
|  | 	// Unknown error in Travis: https://github.com/containers/skopeo/issues/1093 | ||||||
|  | 	//	c.Logf("%s", combinedOutputOfCommand(c, "ls", "-laR", signingDir)) | ||||||
|  | 	assertSkopeoSucceeds(c, "^$", "standalone-sign", "-o", filepath.Join(signingDir, "signature-1"), | ||||||
|  | 		filepath.Join(signingDir, "manifest.json"), signedIdentity, signBy) | ||||||
|  | 	// Unknown error in Travis: https://github.com/containers/skopeo/issues/1093 | ||||||
|  | 	//	c.Logf("%s", combinedOutputOfCommand(c, "ls", "-laR", signingDir)) | ||||||
|  | 	assertSkopeoSucceeds(c, "", "--registries.d", registriesDir, "copy", "--dest-tls-verify=false", "dir:"+signingDir, destDir) | ||||||
|  | } | ||||||
|  |  | ||||||
| func (s *CopySuite) TestCopyVerifyingMirroredSignatures(c *check.C) { | func (s *CopySuite) TestCopyVerifyingMirroredSignatures(c *check.C) { | ||||||
| 	const regPrefix = "docker://localhost:5006/myns/mirroring-" | 	const regPrefix = "docker://localhost:5006/myns/mirroring-" | ||||||
|  |  | ||||||
| @@ -1078,7 +1096,7 @@ func (s *CopySuite) TestCopyVerifyingMirroredSignatures(c *check.C) { | |||||||
| 		c.Skip(fmt.Sprintf("Signing not supported: %v", err)) | 		c.Skip(fmt.Sprintf("Signing not supported: %v", err)) | ||||||
| 	} | 	} | ||||||
|  |  | ||||||
| 	topDir, err := ioutil.TempDir("", "mirrored-signatures") // FIXME: Will this be used? | 	topDir, err := ioutil.TempDir("", "mirrored-signatures") | ||||||
| 	c.Assert(err, check.IsNil) | 	c.Assert(err, check.IsNil) | ||||||
| 	defer os.RemoveAll(topDir) | 	defer os.RemoveAll(topDir) | ||||||
| 	registriesDir := filepath.Join(topDir, "registries.d") // An empty directory to disable sigstore use | 	registriesDir := filepath.Join(topDir, "registries.d") // An empty directory to disable sigstore use | ||||||
| @@ -1112,16 +1130,10 @@ func (s *CopySuite) TestCopyVerifyingMirroredSignatures(c *check.C) { | |||||||
| 	assertSkopeoFails(c, ".*Source image rejected: None of the signatures were accepted, reasons: Signature for identity localhost:5006/myns/mirroring-primary:direct is not accepted; Signature for identity localhost:5006/myns/mirroring-mirror:mirror-signed is not accepted.*", | 	assertSkopeoFails(c, ".*Source image rejected: None of the signatures were accepted, reasons: Signature for identity localhost:5006/myns/mirroring-primary:direct is not accepted; Signature for identity localhost:5006/myns/mirroring-mirror:mirror-signed is not accepted.*", | ||||||
| 		"--policy", policy, "--registries.d", registriesDir, "--registries-conf", "fixtures/registries.conf", "copy", "--src-tls-verify=false", regPrefix+"primary:mirror-signed", dirDest) | 		"--policy", policy, "--registries.d", registriesDir, "--registries-conf", "fixtures/registries.conf", "copy", "--src-tls-verify=false", regPrefix+"primary:mirror-signed", dirDest) | ||||||
|  |  | ||||||
| 	// Create a signature for mirroring-primary:primary-signed without pushing there. This should be easier than using standalone-sign. | 	// Create a signature for mirroring-primary:primary-signed without pushing there. | ||||||
| 	signingDir := filepath.Join(topDir, "signing-temp") | 	copyWithSignedIdentity(c, regPrefix+"primary:unsigned", regPrefix+"mirror:primary-signed", | ||||||
| 	assertSkopeoSucceeds(c, "", "copy", "--src-tls-verify=false", regPrefix+"primary:unsigned", "dir:"+signingDir) | 		"localhost:5006/myns/mirroring-primary:primary-signed", "personal@example.com", | ||||||
| 	// Unknown error in Travis: https://github.com/containers/skopeo/issues/1093 | 		registriesDir) | ||||||
| 	//	c.Logf("%s", combinedOutputOfCommand(c, "ls", "-laR", signingDir)) |  | ||||||
| 	assertSkopeoSucceeds(c, "^$", "standalone-sign", "-o", filepath.Join(signingDir, "signature-1"), |  | ||||||
| 		filepath.Join(signingDir, "manifest.json"), "localhost:5006/myns/mirroring-primary:primary-signed", "personal@example.com") |  | ||||||
| 	// Unknown error in Travis: https://github.com/containers/skopeo/issues/1093 |  | ||||||
| 	//	c.Logf("%s", combinedOutputOfCommand(c, "ls", "-laR", signingDir)) |  | ||||||
| 	assertSkopeoSucceeds(c, "", "--registries.d", registriesDir, "copy", "--dest-tls-verify=false", "dir:"+signingDir, regPrefix+"mirror:primary-signed") |  | ||||||
| 	// Verify that a correctly signed image for the primary is accessible using the primary's reference | 	// Verify that a correctly signed image for the primary is accessible using the primary's reference | ||||||
| 	assertSkopeoSucceeds(c, "", "--policy", policy, "--registries.d", registriesDir, "--registries-conf", "fixtures/registries.conf", "copy", "--src-tls-verify=false", regPrefix+"primary:primary-signed", dirDest) | 	assertSkopeoSucceeds(c, "", "--policy", policy, "--registries.d", registriesDir, "--registries-conf", "fixtures/registries.conf", "copy", "--src-tls-verify=false", regPrefix+"primary:primary-signed", dirDest) | ||||||
| 	// … but verify that while it is accessible using the mirror location | 	// … but verify that while it is accessible using the mirror location | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user