diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2021-11-13 13:10:48 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-11-13 13:10:48 +0100 |
commit | 8f3fb743ee57964594b36fdffb7b8fc5e3ca3371 (patch) | |
tree | 7ed656fefe7ed96a7c8484d774d901d625a420ae /test/system/011-image.bats | |
parent | 78bc2390f4d03ef4b179b129c69b5332c30692ce (diff) | |
parent | 6762d5e2381d79c26ecabac8c83d31d1f49e1325 (diff) | |
download | podman-8f3fb743ee57964594b36fdffb7b8fc5e3ca3371.tar.gz podman-8f3fb743ee57964594b36fdffb7b8fc5e3ca3371.tar.bz2 podman-8f3fb743ee57964594b36fdffb7b8fc5e3ca3371.zip |
Merge pull request #12270 from rhatdan/auth
--authfile command line argument for image sign command.
Diffstat (limited to 'test/system/011-image.bats')
-rw-r--r-- | test/system/011-image.bats | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/test/system/011-image.bats b/test/system/011-image.bats new file mode 100644 index 000000000..5150e875e --- /dev/null +++ b/test/system/011-image.bats @@ -0,0 +1,54 @@ +#!/usr/bin/env bats + +load helpers + +function setup() { + skip_if_remote "--sign-by does not work with podman-remote" + + basic_setup + + export _GNUPGHOME_TMP=$PODMAN_TMPDIR/.gnupg + mkdir --mode=0700 $_GNUPGHOME_TMP $PODMAN_TMPDIR/signatures + + cat >$PODMAN_TMPDIR/keydetails <<EOF + %echo Generating a basic OpenPGP key + Key-Type: RSA + Key-Length: 2048 + Subkey-Type: RSA + Subkey-Length: 2048 + Name-Real: Foo + Name-Comment: Foo + Name-Email: foo@bar.com + Expire-Date: 0 + %no-ask-passphrase + %no-protection + # Do a commit here, so that we can later print "done" :-) + %commit + %echo done +EOF + GNUPGHOME=$_GNUPGHOME_TMP gpg --verbose --batch --gen-key $PODMAN_TMPDIR/keydetails +} + +function check_signature() { + local sigfile=$1 + ls -laR $PODMAN_TMPDIR/signatures + run_podman inspect --format '{{.Digest}}' $PODMAN_TEST_IMAGE_FQN + local repodigest=${output/:/=} + + local dir="$PODMAN_TMPDIR/signatures/libpod/${PODMAN_TEST_IMAGE_NAME}@${repodigest}" + test -d $dir || die "Missing signature directory $dir" + test -e "$dir/$sigfile" || die "Missing signature file '$sigfile'" + + # Confirm good signature + run env GNUPGHOME=$_GNUPGHOME_TMP gpg --verify "$dir/$sigfile" + is "$output" ".*Good signature from .Foo.*<foo@bar.com>" \ + "gpg --verify $sigfile" +} + + +@test "podman image - sign with no sigfile" { + GNUPGHOME=$_GNUPGHOME_TMP run_podman image sign --sign-by foo@bar.com --directory $PODMAN_TMPDIR/signatures "docker://$PODMAN_TEST_IMAGE_FQN" + check_signature "signature-1" +} + +# vim: filetype=sh |