zishuo/skopeo
1
0
Fork 0
mirror of https://github.com/containers/skopeo.git synced 2025-09-26 20:31:41 +08:00
Code Issues Packages Projects Releases Wiki Activity

Update CI images

Browse Source 
... from https://github.com/containers/automation_images/pull/416

That requires updating tests to also work with rust-podman-sequoia 0.2.0:
d41fefaa1f changed
how the error is reported.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This commit is contained in:
Miloslav Trmač
2025-09-10 16:13:38 +02:00
parent b258da23c2
commit cba2164671
3 changed files with 11 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.cirrus.yml
View File

@@ -21,7 +21,7 @@ env:
SCRIPT_BASE: "./contrib/cirrus" SCRIPT_BASE: "./contrib/cirrus"
# Google-cloud VM Images # Google-cloud VM Images
IMAGE_SUFFIX: "c20250721t181111z-f42f41d13" IMAGE_SUFFIX: "c20250910t092246z-f42f41d13"
FEDORA_CACHE_IMAGE_NAME: "fedora-${IMAGE_SUFFIX}" FEDORA_CACHE_IMAGE_NAME: "fedora-${IMAGE_SUFFIX}"
# Container FQIN's # Container FQIN's

11
integration/copy_test.go
View File

@@ -776,9 +776,10 @@ func (s *copySuite) TestCopySignatures() {
// Verify that mis-signed images are rejected // Verify that mis-signed images are rejected
assertSkopeoSucceeds(t, "", "--tls-verify=false", "copy", "atomic:localhost:5006/myns/personal:personal", "atomic:localhost:5006/myns/official:attack") assertSkopeoSucceeds(t, "", "--tls-verify=false", "copy", "atomic:localhost:5006/myns/personal:personal", "atomic:localhost:5006/myns/official:attack")
assertSkopeoSucceeds(t, "", "--tls-verify=false", "copy", "atomic:localhost:5006/myns/official:official", "atomic:localhost:5006/myns/personal:attack") assertSkopeoSucceeds(t, "", "--tls-verify=false", "copy", "atomic:localhost:5006/myns/official:official", "atomic:localhost:5006/myns/personal:attack")
assertSkopeoFails(t, ".*Source image rejected: (Invalid GPG signature|.* was not found).*", // "Invalid GPG signature" is reported by the gpgme mechanism; "Missing key: $fingerprint" by Sequoia.
assertSkopeoFails(t, ".*Source image rejected: (Invalid GPG signature|Missing key:).*",
"--tls-verify=false", "--policy", policy, "copy", "atomic:localhost:5006/myns/personal:attack", dirDest) "--tls-verify=false", "--policy", policy, "copy", "atomic:localhost:5006/myns/personal:attack", dirDest)
assertSkopeoFails(t, ".*Source image rejected: (Invalid GPG signature|.* was not found).*", assertSkopeoFails(t, ".*Source image rejected: (Invalid GPG signature|Missing key:).*",
"--tls-verify=false", "--policy", policy, "copy", "atomic:localhost:5006/myns/official:attack", dirDest) "--tls-verify=false", "--policy", policy, "copy", "atomic:localhost:5006/myns/official:attack", dirDest)
// Verify that signed identity is verified. // Verify that signed identity is verified.
@@ -791,7 +792,8 @@ func (s *copySuite) TestCopySignatures() {
// Verify that cosigning requirements are enforced // Verify that cosigning requirements are enforced
assertSkopeoSucceeds(t, "", "--tls-verify=false", "copy", "atomic:localhost:5006/myns/official:official", "atomic:localhost:5006/myns/cosigned:cosigned") assertSkopeoSucceeds(t, "", "--tls-verify=false", "copy", "atomic:localhost:5006/myns/official:official", "atomic:localhost:5006/myns/cosigned:cosigned")
assertSkopeoFails(t, ".*Source image rejected: (Invalid GPG signature|.* was not found).*", // "Invalid GPG signature" is reported by the gpgme mechanism; "Missing key: $fingerprint" by Sequoia.
assertSkopeoFails(t, ".*Source image rejected: (Invalid GPG signature|Missing key:).*",
"--tls-verify=false", "--policy", policy, "copy", "atomic:localhost:5006/myns/cosigned:cosigned", dirDest) "--tls-verify=false", "--policy", policy, "copy", "atomic:localhost:5006/myns/cosigned:cosigned", dirDest)
assertSkopeoSucceeds(t, "", "--tls-verify=false", "copy", "--sign-by", "personal@example.com", "atomic:localhost:5006/myns/official:official", "atomic:localhost:5006/myns/cosigned:cosigned") assertSkopeoSucceeds(t, "", "--tls-verify=false", "copy", "--sign-by", "personal@example.com", "atomic:localhost:5006/myns/official:official", "atomic:localhost:5006/myns/cosigned:cosigned")
@@ -836,7 +838,8 @@ func (s *copySuite) TestCopyDirSignatures() {
// Verify that correct images are accepted // Verify that correct images are accepted
assertSkopeoSucceeds(t, "", "--policy", policy, "copy", topDirDest+"/restricted/official", topDirDest+"/dest") assertSkopeoSucceeds(t, "", "--policy", policy, "copy", topDirDest+"/restricted/official", topDirDest+"/dest")
// ... and that mis-signed images are rejected. // ... and that mis-signed images are rejected.
assertSkopeoFails(t, ".*Source image rejected: (Invalid GPG signature|.* was not found).*", // "Invalid GPG signature" is reported by the gpgme mechanism; "Missing key: $fingerprint" by Sequoia.
assertSkopeoFails(t, ".*Source image rejected: (Invalid GPG signature|Missing key:).*",
"--policy", policy, "copy", topDirDest+"/restricted/personal", topDirDest+"/dest") "--policy", policy, "copy", topDirDest+"/restricted/personal", topDirDest+"/dest")
// Verify that the signed identity is verified. // Verify that the signed identity is verified.

4
systemtest/050-signing.bats
View File

@@ -136,6 +136,8 @@ END_PUSH
# Done pushing. Now try to fetch. From here on we use the --policy option. # Done pushing. Now try to fetch. From here on we use the --policy option.
# The table below lists the paths to fetch, and the expected errors (or # The table below lists the paths to fetch, and the expected errors (or
# none, if we expect them to pass). # none, if we expect them to pass).
#
# "Invalid GPG signature" is reported by the gpgme mechanism; "Missing key: $fingerprint" by Sequoia.
while read path expected_error; do while read path expected_error; do
expected_rc= expected_rc=
if [[ -n $expected_error ]]; then if [[ -n $expected_error ]]; then
@@ -154,7 +156,7 @@ END_PUSH
fi fi
done <<END_TESTS done <<END_TESTS
/myns/alice:signed /myns/alice:signed
/myns/bob:signedbyalice (Invalid GPG signature|.* not found) /myns/bob:signedbyalice (Invalid GPG signature|Missing key:)
/myns/alice:unsigned Signature for identity \\\\\\\\"localhost:5000/myns/alice:signed\\\\\\\\" is not accepted /myns/alice:unsigned Signature for identity \\\\\\\\"localhost:5000/myns/alice:signed\\\\\\\\" is not accepted
/myns/carol:latest Running image docker://localhost:5000/myns/carol:latest is rejected by policy. /myns/carol:latest Running image docker://localhost:5000/myns/carol:latest is rejected by policy.
/open/forall:latest /open/forall:latest