Skip to content

Commit b258da2

Browse files
mtrmacmtrmac
committed
Update conditions for signing tests
NewEphemeralSigningMechanism() may, with Sequoia, return a mechanism which !SupportsSigning(); so, to determine that, test with a non-ephemeral mechanism instead. (That's likely actually faster, because we create a GNUPGHOME in these tests anyway, so we avoid creating an deleting a separate temporary directory.) Signed-off-by: Miloslav Trmač <[email protected]>
1 parent 99e3d91 commit b258da2

File tree

3 files changed

+8
-11
lines changed

3 files changed

+8
-11
lines changed

cmd/skopeo/signing_test.go

Lines changed: 2 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,8 @@ func assertTestFailed(t *testing.T, stdout string, err error, substring string)
2929
}
3030

3131
func TestStandaloneSign(t *testing.T) {
32-
mech, _, err := signature.NewEphemeralGPGSigningMechanism([]byte{})
32+
t.Setenv("GNUPGHOME", "fixtures")
33+
mech, err := signature.NewGPGSigningMechanism()
3334
require.NoError(t, err)
3435
defer mech.Close()
3536
if err := mech.SupportsSigning(); err != nil {
@@ -38,7 +39,6 @@ func TestStandaloneSign(t *testing.T) {
3839

3940
manifestPath := "fixtures/image.manifest.json"
4041
dockerReference := "testing/manifest"
41-
t.Setenv("GNUPGHOME", "fixtures")
4242

4343
// Invalid command-line arguments
4444
for _, args := range [][]string{
@@ -87,9 +87,6 @@ func TestStandaloneSign(t *testing.T) {
8787
require.NoError(t, err)
8888
manifest, err := os.ReadFile(manifestPath)
8989
require.NoError(t, err)
90-
mech, err = signature.NewGPGSigningMechanism()
91-
require.NoError(t, err)
92-
defer mech.Close()
9390
verified, err := signature.VerifyDockerManifestSignature(sig, manifest, dockerReference, mech, fixturesTestKeyFingerprint)
9491
require.NoError(t, err)
9592
assert.Equal(t, dockerReference, verified.DockerReference)

integration/copy_test.go

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -745,7 +745,7 @@ func (s *copySuite) TestCopyOCIRoundTrip() {
745745
// --sign-by and --policy copy, primarily using atomic:
746746
func (s *copySuite) TestCopySignatures() {
747747
t := s.T()
748-
mech, _, err := signature.NewEphemeralGPGSigningMechanism([]byte{})
748+
mech, err := signature.NewGPGSigningMechanism()
749749
require.NoError(t, err)
750750
defer mech.Close()
751751
if err := mech.SupportsSigning(); err != nil { // FIXME? Test that verification and policy enforcement works, using signatures from fixtures
@@ -801,7 +801,7 @@ func (s *copySuite) TestCopySignatures() {
801801
// --policy copy for dir: sources
802802
func (s *copySuite) TestCopyDirSignatures() {
803803
t := s.T()
804-
mech, _, err := signature.NewEphemeralGPGSigningMechanism([]byte{})
804+
mech, err := signature.NewGPGSigningMechanism()
805805
require.NoError(t, err)
806806
defer mech.Close()
807807
if err := mech.SupportsSigning(); err != nil { // FIXME? Test that verification and policy enforcement works, using signatures from fixtures
@@ -902,7 +902,7 @@ func findRegularFiles(t *testing.T, root string) []string {
902902
// --sign-by and policy use for docker: with lookaside
903903
func (s *copySuite) TestCopyDockerLookaside() {
904904
t := s.T()
905-
mech, _, err := signature.NewEphemeralGPGSigningMechanism([]byte{})
905+
mech, err := signature.NewGPGSigningMechanism()
906906
require.NoError(t, err)
907907
defer mech.Close()
908908
if err := mech.SupportsSigning(); err != nil { // FIXME? Test that verification and policy enforcement works, using signatures from fixtures
@@ -971,7 +971,7 @@ func (s *copySuite) TestCopyDockerLookaside() {
971971
// atomic: and docker: X-Registry-Supports-Signatures works and interoperates
972972
func (s *copySuite) TestCopyAtomicExtension() {
973973
t := s.T()
974-
mech, _, err := signature.NewEphemeralGPGSigningMechanism([]byte{})
974+
mech, err := signature.NewGPGSigningMechanism()
975975
require.NoError(t, err)
976976
defer mech.Close()
977977
if err := mech.SupportsSigning(); err != nil { // FIXME? Test that the reading/writing works using signatures from fixtures
@@ -1031,7 +1031,7 @@ func (s *copySuite) TestCopyVerifyingMirroredSignatures() {
10311031
t := s.T()
10321032
const regPrefix = "docker://localhost:5006/myns/mirroring-"
10331033

1034-
mech, _, err := signature.NewEphemeralGPGSigningMechanism([]byte{})
1034+
mech, err := signature.NewGPGSigningMechanism()
10351035
require.NoError(t, err)
10361036
defer mech.Close()
10371037
if err := mech.SupportsSigning(); err != nil { // FIXME? Test that verification and policy enforcement works, using signatures from fixtures

integration/signing_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -57,7 +57,7 @@ func (s *signingSuite) SetupSuite() {
5757

5858
func (s *signingSuite) TestSignVerifySmoke() {
5959
t := s.T()
60-
mech, _, err := signature.NewEphemeralGPGSigningMechanism([]byte{})
60+
mech, err := signature.NewGPGSigningMechanism()
6161
require.NoError(t, err)
6262
defer mech.Close()
6363
if err := mech.SupportsSigning(); err != nil { // FIXME? Test that verification and policy enforcement works, using signatures from fixtures

0 commit comments

Comments
 (0)