Split copyWithSignedIdentity from TestCopyVerifyingMirroredSignatures

... because we will add another user.

Also remove an obsolete FIXME.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

integration/copy_test.go

@@ -1068,6 +1068,24 @@ func (s *CopySuite) TestCopyAtomicExtension(c *check.C) {
 	assertDirImagesAreEqual(c, filepath.Join(topDir, "dirDA"), filepath.Join(topDir, "dirDD"))
 }
 
+// copyWithSignedIdentity creates a copy of an unsigned image, adding a signature for an unrelated identity
+// This should be easier than using standalone-sign.
+func copyWithSignedIdentity(c *check.C, src, dest, signedIdentity, signBy, registriesDir string) {
+	topDir, err := ioutil.TempDir("", "copyWithSignedIdentity")
+	c.Assert(err, check.IsNil)
+	defer os.RemoveAll(topDir)
+
+	signingDir := filepath.Join(topDir, "signing-temp")
+	assertSkopeoSucceeds(c, "", "copy", "--src-tls-verify=false", src, "dir:"+signingDir)
+	// Unknown error in Travis: https://github.com/containers/skopeo/issues/1093
+	//	c.Logf("%s", combinedOutputOfCommand(c, "ls", "-laR", signingDir))
+	assertSkopeoSucceeds(c, "^$", "standalone-sign", "-o", filepath.Join(signingDir, "signature-1"),
+		filepath.Join(signingDir, "manifest.json"), signedIdentity, signBy)
+	// Unknown error in Travis: https://github.com/containers/skopeo/issues/1093
+	//	c.Logf("%s", combinedOutputOfCommand(c, "ls", "-laR", signingDir))
+	assertSkopeoSucceeds(c, "", "--registries.d", registriesDir, "copy", "--dest-tls-verify=false", "dir:"+signingDir, destDir)
+}
+
 func (s *CopySuite) TestCopyVerifyingMirroredSignatures(c *check.C) {
 	const regPrefix = "docker://localhost:5006/myns/mirroring-"
 
@@ -1078,7 +1096,7 @@ func (s *CopySuite) TestCopyVerifyingMirroredSignatures(c *check.C) {
 		c.Skip(fmt.Sprintf("Signing not supported: %v", err))
 	}
 
-	topDir, err := ioutil.TempDir("", "mirrored-signatures") // FIXME: Will this be used?
+	topDir, err := ioutil.TempDir("", "mirrored-signatures")
 	c.Assert(err, check.IsNil)
 	defer os.RemoveAll(topDir)
 	registriesDir := filepath.Join(topDir, "registries.d") // An empty directory to disable sigstore use
@@ -1112,16 +1130,10 @@ func (s *CopySuite) TestCopyVerifyingMirroredSignatures(c *check.C) {
 	assertSkopeoFails(c, ".*Source image rejected: None of the signatures were accepted, reasons: Signature for identity localhost:5006/myns/mirroring-primary:direct is not accepted; Signature for identity localhost:5006/myns/mirroring-mirror:mirror-signed is not accepted.*",
 		"--policy", policy, "--registries.d", registriesDir, "--registries-conf", "fixtures/registries.conf", "copy", "--src-tls-verify=false", regPrefix+"primary:mirror-signed", dirDest)
 
-	// Create a signature for mirroring-primary:primary-signed without pushing there. This should be easier than using standalone-sign.
+	// Create a signature for mirroring-primary:primary-signed without pushing there.
-	signingDir := filepath.Join(topDir, "signing-temp")
+	copyWithSignedIdentity(c, regPrefix+"primary:unsigned", regPrefix+"mirror:primary-signed",
-	assertSkopeoSucceeds(c, "", "copy", "--src-tls-verify=false", regPrefix+"primary:unsigned", "dir:"+signingDir)
+		"localhost:5006/myns/mirroring-primary:primary-signed", "personal@example.com",
-	// Unknown error in Travis: https://github.com/containers/skopeo/issues/1093
+		registriesDir)
-	//	c.Logf("%s", combinedOutputOfCommand(c, "ls", "-laR", signingDir))
-	assertSkopeoSucceeds(c, "^$", "standalone-sign", "-o", filepath.Join(signingDir, "signature-1"),
-		filepath.Join(signingDir, "manifest.json"), "localhost:5006/myns/mirroring-primary:primary-signed", "personal@example.com")
-	// Unknown error in Travis: https://github.com/containers/skopeo/issues/1093
-	//	c.Logf("%s", combinedOutputOfCommand(c, "ls", "-laR", signingDir))
-	assertSkopeoSucceeds(c, "", "--registries.d", registriesDir, "copy", "--dest-tls-verify=false", "dir:"+signingDir, regPrefix+"mirror:primary-signed")
 	// Verify that a correctly signed image for the primary is accessible using the primary's reference
 	assertSkopeoSucceeds(c, "", "--policy", policy, "--registries.d", registriesDir, "--registries-conf", "fixtures/registries.conf", "copy", "--src-tls-verify=false", regPrefix+"primary:primary-signed", dirDest)
 	// … but verify that while it is accessible using the mirror location