9 files changed, 119 insertions, 21 deletions

diff --git a/test/e2e/image_sign_test.go b/test/e2e/image_sign_test.go
new file mode 100644
index 000000000..c54cf433d
--- /dev/null
+++ b/test/e2e/image_sign_test.go
@@ -0,0 +1,62 @@
+// +build !remote
+
+package integration
+
+import (
+	"os"
+	"os/exec"
+	"path/filepath"
+
+	. "github.com/containers/podman/v2/test/utils"
+	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/gomega"
+)
+
+var _ = Describe("Podman image sign", func() {
+	var (
+		origGNUPGHOME string
+		tempdir       string
+		err           error
+		podmanTest    *PodmanTestIntegration
+	)
+
+	BeforeEach(func() {
+		tempdir, err = CreateTempDirInTempDir()
+		if err != nil {
+			os.Exit(1)
+		}
+		podmanTest = PodmanTestCreate(tempdir)
+		podmanTest.Setup()
+		podmanTest.SeedImages()
+
+		tempGNUPGHOME := filepath.Join(podmanTest.TempDir, "tmpGPG")
+		err := os.Mkdir(tempGNUPGHOME, os.ModePerm)
+		Expect(err).To(BeNil())
+
+		origGNUPGHOME = os.Getenv("GNUPGHOME")
+		err = os.Setenv("GNUPGHOME", tempGNUPGHOME)
+		Expect(err).To(BeNil())
+
+	})
+
+	AfterEach(func() {
+		podmanTest.Cleanup()
+		f := CurrentGinkgoTestDescription()
+		processTestResult(f)
+		os.Setenv("GNUPGHOME", origGNUPGHOME)
+	})
+
+	It("podman sign image", func() {
+		cmd := exec.Command("gpg", "--import", "sign/secret-key.asc")
+		err := cmd.Run()
+		Expect(err).To(BeNil())
+		sigDir := filepath.Join(podmanTest.TempDir, "test-sign")
+		err = os.MkdirAll(sigDir, os.ModePerm)
+		Expect(err).To(BeNil())
+		session := podmanTest.Podman([]string{"image", "sign", "--directory", sigDir, "--sign-by", "foo@bar.com", "docker://library/alpine"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+		_, err = os.Stat(filepath.Join(sigDir, "library"))
+		Expect(err).To(BeNil())
+	})
+})
diff --git a/test/e2e/sign/secret-key.asc b/test/e2e/sign/secret-key.asc
new file mode 100644
index 000000000..23c0d05c3
--- /dev/null
+++ b/test/e2e/sign/secret-key.asc
@@ -0,0 +1,57 @@
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+lQOYBF8kNqwBCAC0x3Kog+WlDNwcR6rWIP8Gj2T6LrQ2/3knSyAWzTgC/OBB6Oh0
+KAokXLjy8J3diG3EaSltE7erGG/bZCz8jYvMiwDJScON4zzidotqjoY80E+NeRDg
+CC0gqvqmh0ftJIjYNBHzSxqrGRQwzwZU+u6ezlE8+0dvsHcHY+MRnxXJQrdM07EP
+Prp85kKckChDlJ1tyGUB/YHieFQmOW5+TERA7ZqQOAQ12Vviv6V4kNfEJJq3MS2c
+csZpO323tcHt3oebqsZCIElhX7uVw6GAeCw1tm4NZXs4g1yIC21Of/hzPeC18F72
+splCgKaAOiE9w/nMGLNEYy2NzgEclZLs2Y7jABEBAAEAB/9VOcwHvvrWN3xThsP2
+5CJmxNZtjfQfE4zZ5fRwW3pjCjVtTTC9hhzV7LKysZYzGPzqwksp5chKjKA7VXxR
+6ic0nHmX68MaEr2i5BExAJUveWNvxloazC/+PS0ishdKKNWs28t0n/0oGZAnvIn3
+KT+ytYCeF7ajZJWQ8dncdlvuf86I8GdmqP2Og9A67LUpJfH2rtpBjzH25nLSZ3Qz
+QbHoUIv318Wwb1sIidkmPsZufZG3pMsYjtFtJjkWt0lRsJQnSE9AQOpQTkLsVsh2
+FYQZ2ODhH8+NE86UNAAr2JiMZHoTrEUL2SLwpXEthFIR78N009dOS4nw8CLB61BL
+pr6lBADH6yoF95rI0LR3jphfr7e8K3BViTPK97wke6EqwTlVo0TCdR785sa8T8O8
+HvlYx4a+h3e6D4D0vjDPzxtevjdTjYmxqI3cwE2N3NFALgGBwHs01qRRIw4qxZlC
+1L1byJ8rUVi5z3YMO7X4RcXSAtg3fM2fx2x+sdpyH30jafuKPwQA533PVRo/Rlgt
+pOak9Fs+3KOIb+oO8ypy7RRQcnsTKajts0sUE9scBhT4tSDeSa/HaDvzLiE8KKCK
+3rhn8ZKLTW1fvKNZBj6oGlIRyfOFjtN/jMRjo0WVHSUDJ59Zr8C0khpP5J73yhTr
+fDhcuTPWiCjlDYeSFHV/a4Z45GG2Kl0EAL1I31kxnSQR9bN5ZmvV+aOhTRKOuHDm
+6nISF/XnVwuGHCvMbFRKsTxGkGrPO5VQZflFOqVab9umIQkOIcrzeKj+slYlm5VA
+zKfCQ1vZ2f74QYCNP8oeRa1r3D46fszcElZJQxtZZewYRKX63bvU4F+hql8dJTqe
+e3wVq8QD657yRwC0FGZvb2JhciA8Zm9vQGJhci5jb20+iQFUBBMBCAA+FiEERyT4
+ac7LLibByeabqaoHAy6P2bIFAl8kNqwCGwMFCQPCZwAFCwkIBwIGFQoJCAsCBBYC
+AwECHgECF4AACgkQqaoHAy6P2bKtuggAgv54/F8wgi+uMrtFr8rqNtZMDyXRxfXa
+XUy5uGNfqHD83yqxweEqxiA8lmFkRHixPWtgZ2MniFXMVc9kVmg8GNIIuzewXrPq
+tXztvuURQo9phK68v8fXEqqT6K25wtq8TiQZ0J3mQIJPPTMe3pCCOyR6+W3iMtQp
+2AmitxKbzLP3J3GG2i0rG5S147A2rPnzTeMYhds819+JE7jNMD7FkV+TcQlOVl4w
+yOQhNEJcjb6rA6EUe5+s85pIFTBSyPMJpJ03Y0dLdcSGpKdncGTK2X9+hS96G1+F
+P/t8hRIDblqUHtBRXe3Ozz6zSqpqu1DbAQSMbIrLYxXfnZEN+ro0dJ0DmARfJDas
+AQgAncvLLZUHZkJWDPka3ocysJ7+/lmrXyAjT3D4r7UM4oaLBOMKjvaKSDw1uW5q
+YmTxnnsqFDI0O5+XJxD1/0qEf6l2oUpnILdxVruf28FuvymbsyhDgs+MBoHz0jLW
+WPHUW2oWLIqcvaF0BePQ1GS6UoZlmZejsLwwcSpbaAHJng7An/iLuqOBr5EdUA5X
+MXqmdMFDrjh0uZezImJ2Eacu/hshBdu3IY49J5XP18GWrSdUnP27cv3tOii9j5Lf
+l8QAvCN89vkALIU3eZtnMlWZqLgl5o6COVFmzpyx+iHOoCznQBt0aGoSNmE/dAqW
+IQS/xCSFqMHI6kNd9N0oR0rEHwARAQABAAf+L3mAhBLJ2qDLrfSGenv3qr7zXggR
+cLnFFeIZ2BdjLIYpLku2wgN34DrJOSR4umi/bxyEMPZX07Z0rgrC0E+VpKkSKX2u
+oF/AqEUj1+SPEtGMaC8NfL4/1Tdk6ZFk/vanGufEixsbBEyekSUVD8nMawbHa5n9
+ZC+CbZG+VYDwLW6u0Pb26CIhqpFNQL3E88uLeVNhnE+nNJfgB2Nyo8gUQszovUxk
+hv64UlXYA3wt49mpc9ORs9qKMZkuKdJfYmJkmvqLE35YpRRz6i1+hg71doj7Sjel
+naBV3qIrIbcN6I2/9ZUwVwCzttpeHDfKOxQk5szWFop6H79TZGRsrV6boQQAwnFO
+v5pjsZLhqHIZPty3zXz7Tv3LmaatwA260n6NcLBuQFiuEoh2QsMfVtLU8bBzyuC8
+Znx3kPlGCCognSjkEis+aEjsZgvCzR3aP+FWejkhnZnFiSJDvgEftODLF3gSPVp3
+dhc6q5GLysc0iN/gkBZN8Qm1lL/kEyeri4mbWT8EAM/AczrXL0tPEV3YzyeyM972
+HP9OnIYoyIkCa4M0PA0qhUPJ+vBHl/1+p5WZD/eokXqJ2M8IqNSlinuou3azbg+r
+N3xTaB0a+Vx6O/RRI73+4UK2fyN9gYRH437eliNBRTkZeZCQ6Dd5eYcABaL2DbSs
+1dyGXzRWfzdvGVu/r/0hBACER5u/uac+y9sXr79imoLVya25XkjvswGrDxmrlmNg
+cfn/bix9Z93TXScYPiyxzLwlDDd7ovlpv1+mbHNgj6krSGG+R+uLQ2+nm+9glMmz
+KupEYF59lzOgEYScJaHQWBULPRGUy/7HmZGpsDmz8zpj8lHaFNLlqDzrxw3MNKxO
+F0NFiQE8BBgBCAAmFiEERyT4ac7LLibByeabqaoHAy6P2bIFAl8kNqwCGwwFCQPC
+ZwAACgkQqaoHAy6P2bJfjQgAje6YR+p1QaNlTN9l4t2kGzy9RhkfYMrTgI2fEqbS
+9bFJUy3Y3mH+vj/r2gN/kaN8LHH4K1d7fAohBsFqSI0flzHHIx2rfti9zAlbXcAE
+rbnG+f0fk0AaqU7KelU35vjPfNe6Vn7ky6G9CC6jW04NkLZDNFA2GusdYf1aM0LW
+ew5t4WZaquLVFhL36q9eHaogO/fcPR/quvQefHokk+b541ytwMN9l/g43rTbCvAj
+rUDHwipbGbw91Wg2XjbecRiCXDKWds2M149BpxUzY5xHFtD5t5WSEE/SkkryGTMm
+TxS3tuQZ9PdtCPGrNDO6Ts/amORF04Tf+YMJgfv3IWxMeQ==
+=6kcB
+-----END PGP PRIVATE KEY BLOCK-----
diff --git a/test/system/030-run.bats b/test/system/030-run.bats
index e2199335f..41863ba04 100644
--- a/test/system/030-run.bats
+++ b/test/system/030-run.bats
@@ -95,8 +95,6 @@ echo $rand        |   0 | $rand
     # Believe it or not, 'sh -c' resulted in different behavior
     run_podman 0 run --rm $IMAGE sh -c /bin/true
     run_podman 1 run --rm $IMAGE sh -c /bin/false
-
-    if is_remote; then sleep 2;fi   # FIXME: pending #7119
 }
 
 @test "podman run --name" {
@@ -265,8 +263,6 @@ echo $rand        |   0 | $rand
             done
         done
     done
-
-    if is_remote; then sleep 2;fi   # FIXME: pending #7119
 }
 
 # #6829 : add username to /etc/passwd inside container if --userns=keep-id
@@ -291,8 +287,6 @@ echo $rand        |   0 | $rand
     run_podman run --rm --privileged --userns=keep-id --user=0 $IMAGE id -un
     remove_same_dev_warning      # grumble
     is "$output" "root" "--user=0 overrides keep-id"
-
-    if is_remote; then sleep 2;fi   # FIXME: pending #7119
 }
 
 # #6991 : /etc/passwd is modifiable
diff --git a/test/system/070-build.bats b/test/system/070-build.bats
index 481e1759b..d2ef9f0f9 100644
--- a/test/system/070-build.bats
+++ b/test/system/070-build.bats
@@ -91,7 +91,6 @@ ADD https://github.com/containers/podman/blob/master/README.md /tmp/
 EOF
     run_podman build -t add_url $tmpdir
     run_podman run --rm add_url stat /tmp/README.md
-    if is_remote; then sleep 2;fi   # FIXME: pending #7119
     run_podman rmi -f add_url
 
     # Now test COPY. That should fail.
diff --git a/test/system/160-volumes.bats b/test/system/160-volumes.bats
index ef38b2a68..3f50bd3c4 100644
--- a/test/system/160-volumes.bats
+++ b/test/system/160-volumes.bats
@@ -93,7 +93,6 @@ Labels.l       | $mylabel
     is "$(<$mountpoint/myfile)" "$rand" "we see content created in container"
 
     # Clean up
-    if is_remote; then sleep 2;fi   # FIXME: pending #7119
     run_podman volume rm $myvolume
 }
 
@@ -135,15 +134,12 @@ EOF
     is "$output" "got here -$rand-" "script in volume is runnable with default (exec)"
 
     # Clean up
-    if is_remote; then sleep 2;fi   # FIXME: pending #7119
     run_podman volume rm $myvolume
 }
 
 
 # Anonymous temporary volumes, and persistent autocreated named ones
 @test "podman volume, implicit creation with run" {
-    skip_if_remote "FIXME: pending #7128"
-
     # No hostdir arg: create anonymous container with random name
     rand=$(random_string)
     run_podman run -v /myvol $IMAGE sh -c "echo $rand >/myvol/myfile"
@@ -175,7 +171,6 @@ EOF
     run_podman run --rm -v $myvol:/myvol:z $IMAGE \
                sh -c "cp /myvol/myfile /myvol/myfile2"
 
-    if is_remote; then sleep 2;fi   # FIXME: pending #7119
     run_podman volume rm $myvol
 
     # Autocreated volumes should also work with keep-id
@@ -184,7 +179,6 @@ EOF
     run_podman run --rm -v $myvol:/myvol:z --userns=keep-id $IMAGE \
                touch /myvol/myfile
 
-    if is_remote; then sleep 2;fi   # FIXME: pending #7119
     run_podman volume rm $myvol
 }
 
diff --git a/test/system/200-pod.bats b/test/system/200-pod.bats
index cbfd7fe03..f3ec8a67c 100644
--- a/test/system/200-pod.bats
+++ b/test/system/200-pod.bats
@@ -93,7 +93,6 @@ function teardown() {
     is "$output" "$message" "message sent from one container to another"
 
     # Clean up. First the nc -l container...
-    if is_remote; then sleep 2;fi   # FIXME: pending #7119
     run_podman rm $cid1
 
     # ...then, from pause container, find the image ID of the pause image...
@@ -104,7 +103,6 @@ function teardown() {
     pause_iid="$output"
 
     # ...then rm the pod, then rmi the pause image so we don't leave strays.
-    if is_remote; then sleep 2;fi   # FIXME: pending #7119
     run_podman pod rm $podname
     run_podman rmi $pause_iid
 
@@ -215,7 +213,6 @@ function random_ip() {
     is "$output" ".*options $dns_opt"        "--dns-opt was added"
 
     # pod inspect
-    if is_remote; then sleep 2;fi   # FIXME: pending #7119
     run_podman pod inspect --format '{{.Name}}: {{.ID}} : {{.NumContainers}} : {{.Labels}}' mypod
     is "$output" "mypod: $pod_id : 1 : map\[${labelname}:${labelvalue}]" \
        "pod inspect --format ..."
diff --git a/test/system/300-cli-parsing.bats b/test/system/300-cli-parsing.bats
index 2abc01bb7..92c073102 100644
--- a/test/system/300-cli-parsing.bats
+++ b/test/system/300-cli-parsing.bats
@@ -10,8 +10,6 @@ load helpers
     #   Error: invalid argument "true=\"false\"" for "-l, --label" \
     #      flag: parse error on line 1, column 5: bare " in non-quoted-field
     run_podman run --rm --label 'true="false"' $IMAGE true
-
-    if is_remote; then sleep 2;fi   # FIXME: pending #7119
 }
 
 # vim: filetype=sh
diff --git a/test/system/400-unprivileged-access.bats b/test/system/400-unprivileged-access.bats
index ebca75f13..1b2d14554 100644
--- a/test/system/400-unprivileged-access.bats
+++ b/test/system/400-unprivileged-access.bats
@@ -165,8 +165,6 @@ EOF
             die "$path: Unknown file type '$type'"
         fi
     done
-
-    if is_remote; then sleep 2;fi   # FIXME: pending #7119
 }
 
 # vim: filetype=sh
diff --git a/test/system/410-selinux.bats b/test/system/410-selinux.bats
index c85fb2563..497e29b3e 100644
--- a/test/system/410-selinux.bats
+++ b/test/system/410-selinux.bats
@@ -16,7 +16,6 @@ function check_label() {
     # FIXME: it'd be nice to specify the command to run, e.g. 'ls -dZ /',
     # but alpine ls (from busybox) doesn't support -Z
     run_podman run --rm $args $IMAGE cat -v /proc/self/attr/current
-    if is_remote; then sleep 2;fi   # FIXME: pending #7119
 
     # FIXME: on some CI systems, 'run --privileged' emits a spurious
     # warning line about dup devices. Ignore it.