From 9496c17c84b722a7bce34d14b2f7627d413bdc6a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Wed, 10 Feb 2021 16:19:19 +0100 Subject: [PATCH] Fix and re-enable test/extended/images/signatures.go MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Use docker:// instead of atomic:, as recommended back in https://github.com/openshift/origin/pull/21782#issuecomment-459077188 https://github.com/openshift/origin/pull/21782#discussion_r253249564 - Then re-enable the test Signed-off-by: Miloslav Trmač --- test/extended/images/signatures.go | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/test/extended/images/signatures.go b/test/extended/images/signatures.go index 6781c00fa058..5fb4d26f6c1b 100644 --- a/test/extended/images/signatures.go +++ b/test/extended/images/signatures.go @@ -22,7 +22,6 @@ var _ = g.Describe("[sig-imageregistry][Serial][Suite:openshift/registry/serial] ) g.It("can push a signed image to openshift registry and verify it", func() { - g.Skip("disable because containers/image: https://github.com/containers/image/pull/570") g.By("building a signer image that knows how to sign images") output, err := oc.Run("create").Args("-f", signerBuildFixture).Output() if err != nil { @@ -83,24 +82,27 @@ var _ = g.Describe("[sig-imageregistry][Serial][Suite:openshift/registry/serial] o.Expect(err).NotTo(o.HaveOccurred()) o.Expect(out).To(o.ContainSubstring("keyring `/var/lib/origin/gnupg/secring.gpg' created")) - // Create kubeconfig for skopeo + // Create kubeconfig for oc g.By("logging as a test user") out, err = pod.Exec("oc login https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_SERVICE_PORT --token=" + token + " --certificate-authority=/run/secrets/kubernetes.io/serviceaccount/ca.crt") o.Expect(err).NotTo(o.HaveOccurred()) o.Expect(out).To(o.ContainSubstring("Logged in")) // Sign and copy the memcached image into target image stream tag - // TODO: Fix skopeo to pickup the Kubernetes environment variables (remove the $KUBERNETES_MASTER) g.By("signing the memcached:latest image and pushing it into openshift registry") out, err = pod.Exec(strings.Join([]string{ - "KUBERNETES_MASTER=https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_SERVICE_PORT", "GNUPGHOME=/var/lib/origin/gnupg", - "skopeo", "--debug", "copy", "--sign-by", "joe@foo.bar", + "skopeo", "--debug", + // Disable the default-docker: file sigstore default in /etc/containers/registries.d, so that the X-Registry-Supports-Signatures protocol is used. + // Newer versions of Skopeo default to X-R-S-S if present, this test (as of 2020-02) uses skopeo-0.1.40-11.el7_8.x86_64, which defaults to sigstore. + "--registries.d", "/this/does/not/exist", + + "copy", "--sign-by", "joe@foo.bar", "--dest-creds=" + user + ":" + token, // TODO: test with this turned to true as well "--dest-tls-verify=false", "docker://docker.io/library/memcached:latest", - "atomic:" + signedImage, + "docker://" + signedImage, }, " ")) fmt.Fprintf(g.GinkgoWriter, "output: %s\n", out) o.Expect(err).NotTo(o.HaveOccurred())