mirror of https://github.com/containers/podman.git
				
				
				
			
		
			
				
	
	
		
			55 lines
		
	
	
		
			1.5 KiB
		
	
	
	
		
			Bash
		
	
	
	
			
		
		
	
	
			55 lines
		
	
	
		
			1.5 KiB
		
	
	
	
		
			Bash
		
	
	
	
| #!/usr/bin/env bats
 | |
| 
 | |
| load helpers
 | |
| 
 | |
| function setup() {
 | |
|     skip_if_remote "--sign-by does not work with podman-remote"
 | |
| 
 | |
|     basic_setup
 | |
| 
 | |
|     export _GNUPGHOME_TMP=$PODMAN_TMPDIR/.gnupg
 | |
|     mkdir --mode=0700 $_GNUPGHOME_TMP $PODMAN_TMPDIR/signatures
 | |
| 
 | |
|     cat >$PODMAN_TMPDIR/keydetails <<EOF
 | |
|     %echo Generating a basic OpenPGP key
 | |
|     Key-Type: RSA
 | |
|     Key-Length: 2048
 | |
|     Subkey-Type: RSA
 | |
|     Subkey-Length: 2048
 | |
|     Name-Real: Foo
 | |
|     Name-Comment: Foo
 | |
|     Name-Email: foo@bar.com
 | |
|     Expire-Date: 0
 | |
|     %no-ask-passphrase
 | |
|     %no-protection
 | |
|     # Do a commit here, so that we can later print "done" :-)
 | |
|     %commit
 | |
|     %echo done
 | |
| EOF
 | |
|     GNUPGHOME=$_GNUPGHOME_TMP gpg --verbose --batch --gen-key $PODMAN_TMPDIR/keydetails
 | |
| }
 | |
| 
 | |
| function check_signature() {
 | |
|     local sigfile=$1
 | |
|     ls -laR $PODMAN_TMPDIR/signatures
 | |
|     run_podman inspect --format '{{.Digest}}' $PODMAN_TEST_IMAGE_FQN
 | |
|     local repodigest=${output/:/=}
 | |
| 
 | |
|     local dir="$PODMAN_TMPDIR/signatures/libpod/${PODMAN_TEST_IMAGE_NAME}@${repodigest}"
 | |
|     test -d $dir || die "Missing signature directory $dir"
 | |
|     test -e "$dir/$sigfile" || die "Missing signature file '$sigfile'"
 | |
| 
 | |
|     # Confirm good signature
 | |
|     run env GNUPGHOME=$_GNUPGHOME_TMP gpg --verify "$dir/$sigfile"
 | |
|     is "$output" ".*Good signature from .Foo.*<foo@bar.com>" \
 | |
|        "gpg --verify $sigfile"
 | |
| }
 | |
| 
 | |
| 
 | |
| @test "podman image - sign with no sigfile" {
 | |
|     GNUPGHOME=$_GNUPGHOME_TMP run_podman image sign --sign-by foo@bar.com --directory $PODMAN_TMPDIR/signatures  "docker://$PODMAN_TEST_IMAGE_FQN"
 | |
|     check_signature "signature-1"
 | |
| }
 | |
| 
 | |
| # vim: filetype=sh
 |