diff --git a/cmd/skopeo/signing_test.go b/cmd/skopeo/signing_test.go index d2d03cdedf..9d9dd0a010 100644 --- a/cmd/skopeo/signing_test.go +++ b/cmd/skopeo/signing_test.go @@ -31,6 +31,13 @@ func assertTestFailed(t *testing.T, stdout string, err error, substring string) } func TestStandaloneSign(t *testing.T) { + mech, _, err := signature.NewEphemeralGPGSigningMechanism([]byte{}) + require.NoError(t, err) + defer mech.Close() + if err := mech.SupportsSigning(); err != nil { + t.Skipf("Signing not supported: %v", err) + } + manifestPath := "fixtures/image.manifest.json" dockerReference := "testing/manifest" os.Setenv("GNUPGHOME", "fixtures") @@ -76,18 +83,18 @@ func TestStandaloneSign(t *testing.T) { defer os.Remove(sigOutput.Name()) out, err = runSkopeo("standalone-sign", "-o", sigOutput.Name(), manifestPath, dockerReference, fixturesTestKeyFingerprint) - assert.NoError(t, err) + require.NoError(t, err) assert.Empty(t, out) sig, err := ioutil.ReadFile(sigOutput.Name()) require.NoError(t, err) manifest, err := ioutil.ReadFile(manifestPath) require.NoError(t, err) - mech, err := signature.NewGPGSigningMechanism() + mech, err = signature.NewGPGSigningMechanism() require.NoError(t, err) defer mech.Close() verified, err := signature.VerifyDockerManifestSignature(sig, manifest, dockerReference, mech, fixturesTestKeyFingerprint) - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, dockerReference, verified.DockerReference) assert.Equal(t, fixturesTestImageManifestDigest, verified.DockerManifestDigest) } diff --git a/integration/copy_test.go b/integration/copy_test.go index 1c250ce941..e4e343c8db 100644 --- a/integration/copy_test.go +++ b/integration/copy_test.go @@ -12,6 +12,7 @@ import ( "strings" "github.com/containers/image/manifest" + "github.com/containers/image/signature" "github.com/go-check/check" "github.com/opencontainers/go-digest" "github.com/opencontainers/image-tools/image" @@ -237,6 +238,13 @@ func (s *CopySuite) TestCopyOCIRoundTrip(c *check.C) { // --sign-by and --policy copy, primarily using atomic: func (s *CopySuite) TestCopySignatures(c *check.C) { + mech, _, err := signature.NewEphemeralGPGSigningMechanism([]byte{}) + c.Assert(err, check.IsNil) + defer mech.Close() + if err := mech.SupportsSigning(); err != nil { // FIXME? Test that verification and policy enforcement works, using signatures from fixtures + c.Skip(fmt.Sprintf("Signing not supported: %v", err)) + } + dir, err := ioutil.TempDir("", "signatures-dest") c.Assert(err, check.IsNil) defer os.RemoveAll(dir) @@ -286,6 +294,13 @@ func (s *CopySuite) TestCopySignatures(c *check.C) { // --policy copy for dir: sources func (s *CopySuite) TestCopyDirSignatures(c *check.C) { + mech, _, err := signature.NewEphemeralGPGSigningMechanism([]byte{}) + c.Assert(err, check.IsNil) + defer mech.Close() + if err := mech.SupportsSigning(); err != nil { // FIXME? Test that verification and policy enforcement works, using signatures from fixtures + c.Skip(fmt.Sprintf("Signing not supported: %v", err)) + } + topDir, err := ioutil.TempDir("", "dir-signatures-top") c.Assert(err, check.IsNil) defer os.RemoveAll(topDir) @@ -385,6 +400,13 @@ func findRegularFiles(c *check.C, root string) []string { // --sign-by and policy use for docker: with sigstore func (s *CopySuite) TestCopyDockerSigstore(c *check.C) { + mech, _, err := signature.NewEphemeralGPGSigningMechanism([]byte{}) + c.Assert(err, check.IsNil) + defer mech.Close() + if err := mech.SupportsSigning(); err != nil { // FIXME? Test that verification and policy enforcement works, using signatures from fixtures + c.Skip(fmt.Sprintf("Signing not supported: %v", err)) + } + const ourRegistry = "docker://" + v2DockerRegistryURL + "/" tmpDir, err := ioutil.TempDir("", "signatures-sigstore") diff --git a/integration/signing_test.go b/integration/signing_test.go index 6ea1e30849..a0a32afdae 100644 --- a/integration/signing_test.go +++ b/integration/signing_test.go @@ -8,6 +8,7 @@ import ( "os/exec" "strings" + "github.com/containers/image/signature" "github.com/go-check/check" ) @@ -36,7 +37,14 @@ func findFingerprint(lineBytes []byte) (string, error) { } func (s *SigningSuite) SetUpTest(c *check.C) { - _, err := exec.LookPath(skopeoBinary) + mech, _, err := signature.NewEphemeralGPGSigningMechanism([]byte{}) + c.Assert(err, check.IsNil) + defer mech.Close() + if err := mech.SupportsSigning(); err != nil { // FIXME? Test that verification and policy enforcement works, using signatures from fixtures + c.Skip(fmt.Sprintf("Signing not supported: %v", err)) + } + + _, err = exec.LookPath(skopeoBinary) c.Assert(err, check.IsNil) s.gpgHome, err = ioutil.TempDir("", "skopeo-gpg")