summaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
Diffstat (limited to 'test')
-rw-r--r--test/e2e/run_networking_test.go10
-rw-r--r--test/e2e/run_security_labels.go4
-rw-r--r--test/e2e/save_test.go69
-rw-r--r--test/e2e/sign/key.gpg30
-rw-r--r--test/e2e/sign/policy.json18
-rw-r--r--test/system/030-run.bats19
6 files changed, 147 insertions, 3 deletions
diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go
index bd04e3090..9f6fd8602 100644
--- a/test/e2e/run_networking_test.go
+++ b/test/e2e/run_networking_test.go
@@ -584,6 +584,14 @@ var _ = Describe("Podman run networking", func() {
run := podmanTest.Podman([]string{"run", "--net=host", "--hostname", hostname, ALPINE, "hostname"})
run.WaitWithDefaultTimeout()
Expect(run.ExitCode()).To(BeZero())
- Expect(strings.Contains(run.OutputToString(), "testctr")).To(BeTrue())
+ Expect(strings.Contains(run.OutputToString(), hostname)).To(BeTrue())
+ })
+
+ It("podman run with --net=none adds hostname to /etc/hosts", func() {
+ hostname := "testctr"
+ run := podmanTest.Podman([]string{"run", "--net=none", "--hostname", hostname, ALPINE, "hostname"})
+ run.WaitWithDefaultTimeout()
+ Expect(run.ExitCode()).To(BeZero())
+ Expect(strings.Contains(run.OutputToString(), hostname)).To(BeTrue())
})
})
diff --git a/test/e2e/run_security_labels.go b/test/e2e/run_security_labels.go
index 2a0b0467d..0c5621e3f 100644
--- a/test/e2e/run_security_labels.go
+++ b/test/e2e/run_security_labels.go
@@ -94,7 +94,7 @@ var _ = Describe("Podman generate kube", func() {
test1.WaitWithDefaultTimeout()
Expect(test1.ExitCode()).To(BeZero())
- commit := podmanTest.Podman([]string{"commit", "-c", "label=io.containers.capabilities=sys_chroot,net_raw", "test1", "image1"})
+ commit := podmanTest.Podman([]string{"commit", "-c", "label=io.containers.capabilities=sys_chroot,setuid", "test1", "image1"})
commit.WaitWithDefaultTimeout()
Expect(commit.ExitCode()).To(BeZero())
@@ -108,7 +108,7 @@ var _ = Describe("Podman generate kube", func() {
ctr := inspect.InspectContainerToJSON()
caps := strings.Join(ctr[0].EffectiveCaps, ",")
- Expect(caps).To(Equal("CAP_SYS_CHROOT,CAP_NET_RAW"))
+ Expect(caps).To(Equal("CAP_SYS_CHROOT,CAP_SETUID"))
})
diff --git a/test/e2e/save_test.go b/test/e2e/save_test.go
index 1f1258be3..79fc4d737 100644
--- a/test/e2e/save_test.go
+++ b/test/e2e/save_test.go
@@ -1,8 +1,12 @@
package integration
import (
+ "io/ioutil"
"os"
+ "os/exec"
"path/filepath"
+ "strconv"
+ "strings"
"github.com/containers/podman/v2/pkg/rootless"
. "github.com/containers/podman/v2/test/utils"
@@ -116,6 +120,71 @@ var _ = Describe("Podman save", func() {
Expect(save).To(ExitWithError())
})
+ It("podman save remove signature", func() {
+ SkipIfRootless("FIXME: Need get in rootless push sign")
+ if podmanTest.Host.Arch == "ppc64le" {
+ Skip("No registry image for ppc64le")
+ }
+ tempGNUPGHOME := filepath.Join(podmanTest.TempDir, "tmpGPG")
+ err := os.Mkdir(tempGNUPGHOME, os.ModePerm)
+ Expect(err).To(BeNil())
+ origGNUPGHOME := os.Getenv("GNUPGHOME")
+ err = os.Setenv("GNUPGHOME", tempGNUPGHOME)
+ Expect(err).To(BeNil())
+ defer os.Setenv("GNUPGHOME", origGNUPGHOME)
+
+ port := 5000
+ session := podmanTest.Podman([]string{"run", "-d", "--name", "registry", "-p", strings.Join([]string{strconv.Itoa(port), strconv.Itoa(port)}, ":"), "docker.io/registry:2.6"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ if !WaitContainerReady(podmanTest, "registry", "listening on", 20, 1) {
+ Skip("Cannot start docker registry.")
+ }
+
+ cmd := exec.Command("gpg", "--import", "sign/secret-key.asc")
+ err = cmd.Run()
+ Expect(err).To(BeNil())
+
+ cmd = exec.Command("cp", "/etc/containers/registries.d/default.yaml", "default.yaml")
+ if err = cmd.Run(); err != nil {
+ Skip("no signature store to verify")
+ }
+ defer func() {
+ cmd = exec.Command("cp", "default.yaml", "/etc/containers/registries.d/default.yaml")
+ cmd.Run()
+ }()
+
+ cmd = exec.Command("cp", "sign/key.gpg", "/tmp/key.gpg")
+ Expect(cmd.Run()).To(BeNil())
+ sigstore := `
+default-docker:
+ sigstore: file:///var/lib/containers/sigstore
+ sigstore-staging: file:///var/lib/containers/sigstore
+`
+ Expect(ioutil.WriteFile("/etc/containers/registries.d/default.yaml", []byte(sigstore), 0755)).To(BeNil())
+
+ session = podmanTest.Podman([]string{"tag", ALPINE, "localhost:5000/alpine"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+
+ session = podmanTest.Podman([]string{"push", "--tls-verify=false", "--sign-by", "foo@bar.com", "localhost:5000/alpine"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+
+ session = podmanTest.Podman([]string{"rmi", ALPINE, "localhost:5000/alpine"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+
+ session = podmanTest.Podman([]string{"pull", "--tls-verify=false", "--signature-policy=sign/policy.json", "localhost:5000/alpine"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+
+ outfile := filepath.Join(podmanTest.TempDir, "temp.tar")
+ save := podmanTest.Podman([]string{"save", "remove-signatures=true", "-o", outfile, "localhost:5000/alpine"})
+ save.WaitWithDefaultTimeout()
+ Expect(save).To(ExitWithError())
+ })
+
It("podman save image with digest reference", func() {
// pull a digest reference
session := podmanTest.PodmanNoCache([]string{"pull", ALPINELISTDIGEST})
diff --git a/test/e2e/sign/key.gpg b/test/e2e/sign/key.gpg
new file mode 100644
index 000000000..32968fc04
--- /dev/null
+++ b/test/e2e/sign/key.gpg
@@ -0,0 +1,30 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQENBF8kNqwBCAC0x3Kog+WlDNwcR6rWIP8Gj2T6LrQ2/3knSyAWzTgC/OBB6Oh0
+KAokXLjy8J3diG3EaSltE7erGG/bZCz8jYvMiwDJScON4zzidotqjoY80E+NeRDg
+CC0gqvqmh0ftJIjYNBHzSxqrGRQwzwZU+u6ezlE8+0dvsHcHY+MRnxXJQrdM07EP
+Prp85kKckChDlJ1tyGUB/YHieFQmOW5+TERA7ZqQOAQ12Vviv6V4kNfEJJq3MS2c
+csZpO323tcHt3oebqsZCIElhX7uVw6GAeCw1tm4NZXs4g1yIC21Of/hzPeC18F72
+splCgKaAOiE9w/nMGLNEYy2NzgEclZLs2Y7jABEBAAG0FGZvb2JhciA8Zm9vQGJh
+ci5jb20+iQFUBBMBCAA+FiEERyT4ac7LLibByeabqaoHAy6P2bIFAl8kNqwCGwMF
+CQPCZwAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQqaoHAy6P2bKtuggAgv54
+/F8wgi+uMrtFr8rqNtZMDyXRxfXaXUy5uGNfqHD83yqxweEqxiA8lmFkRHixPWtg
+Z2MniFXMVc9kVmg8GNIIuzewXrPqtXztvuURQo9phK68v8fXEqqT6K25wtq8TiQZ
+0J3mQIJPPTMe3pCCOyR6+W3iMtQp2AmitxKbzLP3J3GG2i0rG5S147A2rPnzTeMY
+hds819+JE7jNMD7FkV+TcQlOVl4wyOQhNEJcjb6rA6EUe5+s85pIFTBSyPMJpJ03
+Y0dLdcSGpKdncGTK2X9+hS96G1+FP/t8hRIDblqUHtBRXe3Ozz6zSqpqu1DbAQSM
+bIrLYxXfnZEN+ro0dLkBDQRfJDasAQgAncvLLZUHZkJWDPka3ocysJ7+/lmrXyAj
+T3D4r7UM4oaLBOMKjvaKSDw1uW5qYmTxnnsqFDI0O5+XJxD1/0qEf6l2oUpnILdx
+Vruf28FuvymbsyhDgs+MBoHz0jLWWPHUW2oWLIqcvaF0BePQ1GS6UoZlmZejsLww
+cSpbaAHJng7An/iLuqOBr5EdUA5XMXqmdMFDrjh0uZezImJ2Eacu/hshBdu3IY49
+J5XP18GWrSdUnP27cv3tOii9j5Lfl8QAvCN89vkALIU3eZtnMlWZqLgl5o6COVFm
+zpyx+iHOoCznQBt0aGoSNmE/dAqWIQS/xCSFqMHI6kNd9N0oR0rEHwARAQABiQE8
+BBgBCAAmFiEERyT4ac7LLibByeabqaoHAy6P2bIFAl8kNqwCGwwFCQPCZwAACgkQ
+qaoHAy6P2bJfjQgAje6YR+p1QaNlTN9l4t2kGzy9RhkfYMrTgI2fEqbS9bFJUy3Y
+3mH+vj/r2gN/kaN8LHH4K1d7fAohBsFqSI0flzHHIx2rfti9zAlbXcAErbnG+f0f
+k0AaqU7KelU35vjPfNe6Vn7ky6G9CC6jW04NkLZDNFA2GusdYf1aM0LWew5t4WZa
+quLVFhL36q9eHaogO/fcPR/quvQefHokk+b541ytwMN9l/g43rTbCvAjrUDHwipb
+Gbw91Wg2XjbecRiCXDKWds2M149BpxUzY5xHFtD5t5WSEE/SkkryGTMmTxS3tuQZ
+9PdtCPGrNDO6Ts/amORF04Tf+YMJgfv3IWxMeQ==
+=y0uZ
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/test/e2e/sign/policy.json b/test/e2e/sign/policy.json
new file mode 100644
index 000000000..ab01137bf
--- /dev/null
+++ b/test/e2e/sign/policy.json
@@ -0,0 +1,18 @@
+{
+ "default": [
+ {
+ "type": "insecureAcceptAnything"
+ }
+ ],
+ "transports": {
+ "docker": {
+ "localhost:5000": [
+ {
+ "type": "signedBy",
+ "keyType": "GPGKeys",
+ "keyPath": "/tmp/key.gpg"
+ }
+ ]
+ }
+ }
+}
diff --git a/test/system/030-run.bats b/test/system/030-run.bats
index 9f4037730..8712dc72d 100644
--- a/test/system/030-run.bats
+++ b/test/system/030-run.bats
@@ -473,4 +473,23 @@ json-file | f
run_podman kill $cid
}
+# Regression test for issue #8082
+@test "podman run : look up correct image name" {
+ # Create a 2nd tag for the local image.
+ local name="localhost/foo/bar"
+ run_podman tag $IMAGE $name
+
+ # Create a container with the 2nd tag and make sure that it's being
+ # used. #8082 always inaccurately used the 1st tag.
+ run_podman create $name
+ cid="$output"
+
+ run_podman inspect --format "{{.ImageName}}" $cid
+ is "$output" "$name"
+
+ # Clean up.
+ run_podman rm $cid
+ run_podman untag $IMAGE $name
+}
+
# vim: filetype=sh