Split copyWithSignedIdentity from TestCopyVerifyingMirroredSignatures

... because we will add another user. Also remove an obsolete FIXME. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2025-04-28 11:14:08 +00:00 · 2020-12-02 17:43:18 +01:00 · 2020-12-02 17:43:18 +01:00 · f94d85aa8e
commit f94d85aa8e
parent b0da05656d
1 changed files with 23 additions and 11 deletions
--- a/integration/copy_test.go
+++ b/integration/copy_test.go
@ -1068,6 +1068,24 @@ func (s *CopySuite) TestCopyAtomicExtension(c *check.C) {
 	assertDirImagesAreEqual(c, filepath.Join(topDir, "dirDA"), filepath.Join(topDir, "dirDD"))
 }

+// copyWithSignedIdentity creates a copy of an unsigned image, adding a signature for an unrelated identity
+// This should be easier than using standalone-sign.
+func copyWithSignedIdentity(c *check.C, src, dest, signedIdentity, signBy, registriesDir string) {
+	topDir, err := ioutil.TempDir("", "copyWithSignedIdentity")
+	c.Assert(err, check.IsNil)
+	defer os.RemoveAll(topDir)
+
+	signingDir := filepath.Join(topDir, "signing-temp")
+	assertSkopeoSucceeds(c, "", "copy", "--src-tls-verify=false", src, "dir:"+signingDir)
+	// Unknown error in Travis: https://github.com/containers/skopeo/issues/1093
+	//	c.Logf("%s", combinedOutputOfCommand(c, "ls", "-laR", signingDir))
+	assertSkopeoSucceeds(c, "^$", "standalone-sign", "-o", filepath.Join(signingDir, "signature-1"),
+		filepath.Join(signingDir, "manifest.json"), signedIdentity, signBy)
+	// Unknown error in Travis: https://github.com/containers/skopeo/issues/1093
+	//	c.Logf("%s", combinedOutputOfCommand(c, "ls", "-laR", signingDir))
+	assertSkopeoSucceeds(c, "", "--registries.d", registriesDir, "copy", "--dest-tls-verify=false", "dir:"+signingDir, destDir)
+}
+
 func (s *CopySuite) TestCopyVerifyingMirroredSignatures(c *check.C) {
 	const regPrefix = "docker://localhost:5006/myns/mirroring-"

@ -1078,7 +1096,7 @@ func (s *CopySuite) TestCopyVerifyingMirroredSignatures(c *check.C) {
 		c.Skip(fmt.Sprintf("Signing not supported: %v", err))
 	}

-	topDir, err := ioutil.TempDir("", "mirrored-signatures") // FIXME: Will this be used?
+	topDir, err := ioutil.TempDir("", "mirrored-signatures")
 	c.Assert(err, check.IsNil)
 	defer os.RemoveAll(topDir)
 	registriesDir := filepath.Join(topDir, "registries.d") // An empty directory to disable sigstore use
@ -1112,16 +1130,10 @@ func (s *CopySuite) TestCopyVerifyingMirroredSignatures(c *check.C) {
 	assertSkopeoFails(c, ".*Source image rejected: None of the signatures were accepted, reasons: Signature for identity localhost:5006/myns/mirroring-primary:direct is not accepted; Signature for identity localhost:5006/myns/mirroring-mirror:mirror-signed is not accepted.*",
 		"--policy", policy, "--registries.d", registriesDir, "--registries-conf", "fixtures/registries.conf", "copy", "--src-tls-verify=false", regPrefix+"primary:mirror-signed", dirDest)

-	// Create a signature for mirroring-primary:primary-signed without pushing there. This should be easier than using standalone-sign.
-	signingDir := filepath.Join(topDir, "signing-temp")
-	assertSkopeoSucceeds(c, "", "copy", "--src-tls-verify=false", regPrefix+"primary:unsigned", "dir:"+signingDir)
-	// Unknown error in Travis: https://github.com/containers/skopeo/issues/1093
-	//	c.Logf("%s", combinedOutputOfCommand(c, "ls", "-laR", signingDir))
-	assertSkopeoSucceeds(c, "^$", "standalone-sign", "-o", filepath.Join(signingDir, "signature-1"),
-		filepath.Join(signingDir, "manifest.json"), "localhost:5006/myns/mirroring-primary:primary-signed", "personal@example.com")
-	// Unknown error in Travis: https://github.com/containers/skopeo/issues/1093
-	//	c.Logf("%s", combinedOutputOfCommand(c, "ls", "-laR", signingDir))
-	assertSkopeoSucceeds(c, "", "--registries.d", registriesDir, "copy", "--dest-tls-verify=false", "dir:"+signingDir, regPrefix+"mirror:primary-signed")
+	// Create a signature for mirroring-primary:primary-signed without pushing there.
+	copyWithSignedIdentity(c, regPrefix+"primary:unsigned", regPrefix+"mirror:primary-signed",
+		"localhost:5006/myns/mirroring-primary:primary-signed", "personal@example.com",
+		registriesDir)
 	// Verify that a correctly signed image for the primary is accessible using the primary's reference
 	assertSkopeoSucceeds(c, "", "--policy", policy, "--registries.d", registriesDir, "--registries-conf", "fixtures/registries.conf", "copy", "--src-tls-verify=false", regPrefix+"primary:primary-signed", dirDest)
 	// … but verify that while it is accessible using the mirror location