blob: 5150e875ead1e7f231b86f4fd630aea40a2f0447 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
#!/usr/bin/env bats
load helpers
function setup() {
skip_if_remote "--sign-by does not work with podman-remote"
basic_setup
export _GNUPGHOME_TMP=$PODMAN_TMPDIR/.gnupg
mkdir --mode=0700 $_GNUPGHOME_TMP $PODMAN_TMPDIR/signatures
cat >$PODMAN_TMPDIR/keydetails <<EOF
%echo Generating a basic OpenPGP key
Key-Type: RSA
Key-Length: 2048
Subkey-Type: RSA
Subkey-Length: 2048
Name-Real: Foo
Name-Comment: Foo
Name-Email: foo@bar.com
Expire-Date: 0
%no-ask-passphrase
%no-protection
# Do a commit here, so that we can later print "done" :-)
%commit
%echo done
EOF
GNUPGHOME=$_GNUPGHOME_TMP gpg --verbose --batch --gen-key $PODMAN_TMPDIR/keydetails
}
function check_signature() {
local sigfile=$1
ls -laR $PODMAN_TMPDIR/signatures
run_podman inspect --format '{{.Digest}}' $PODMAN_TEST_IMAGE_FQN
local repodigest=${output/:/=}
local dir="$PODMAN_TMPDIR/signatures/libpod/${PODMAN_TEST_IMAGE_NAME}@${repodigest}"
test -d $dir || die "Missing signature directory $dir"
test -e "$dir/$sigfile" || die "Missing signature file '$sigfile'"
# Confirm good signature
run env GNUPGHOME=$_GNUPGHOME_TMP gpg --verify "$dir/$sigfile"
is "$output" ".*Good signature from .Foo.*<foo@bar.com>" \
"gpg --verify $sigfile"
}
@test "podman image - sign with no sigfile" {
GNUPGHOME=$_GNUPGHOME_TMP run_podman image sign --sign-by foo@bar.com --directory $PODMAN_TMPDIR/signatures "docker://$PODMAN_TEST_IMAGE_FQN"
check_signature "signature-1"
}
# vim: filetype=sh
|
