github.com/containers/podman/v5@v5.1.0-rc1/test/system/011-image.bats (about) 1 #!/usr/bin/env bats 2 3 load helpers 4 5 function setup() { 6 skip_if_remote "--sign-by does not work with podman-remote" 7 8 basic_setup 9 10 export _GNUPGHOME_TMP=$PODMAN_TMPDIR/.gnupg 11 mkdir --mode=0700 $_GNUPGHOME_TMP $PODMAN_TMPDIR/signatures 12 13 cat >$PODMAN_TMPDIR/keydetails <<EOF 14 %echo Generating a basic OpenPGP key 15 Key-Type: RSA 16 Key-Length: 2048 17 Subkey-Type: RSA 18 Subkey-Length: 2048 19 Name-Real: Foo 20 Name-Comment: Foo 21 Name-Email: foo@bar.com 22 Expire-Date: 0 23 %no-ask-passphrase 24 %no-protection 25 # Do a commit here, so that we can later print "done" :-) 26 %commit 27 %echo done 28 EOF 29 GNUPGHOME=$_GNUPGHOME_TMP gpg --verbose --batch --gen-key $PODMAN_TMPDIR/keydetails 30 } 31 32 function check_signature() { 33 # This test requires that $IMAGE be 100% the same as the registry one 34 run_podman rmi -a -f 35 _prefetch $IMAGE 36 37 local sigfile=$1 38 find $PODMAN_TMPDIR/signatures -print 39 run_podman inspect --format '{{.Digest}}' $PODMAN_TEST_IMAGE_FQN 40 local repodigest=${output/:/=} 41 42 local dir="$PODMAN_TMPDIR/signatures/libpod/${PODMAN_TEST_IMAGE_NAME}@${repodigest}" 43 test -d $dir || die "Missing signature directory $dir" 44 test -e "$dir/$sigfile" || die "Missing signature file '$sigfile'" 45 46 # Confirm good signature 47 run env GNUPGHOME=$_GNUPGHOME_TMP gpg --verify "$dir/$sigfile" 48 is "$output" ".*Good signature from .Foo.*<foo@bar.com>" \ 49 "gpg --verify $sigfile" 50 } 51 52 53 @test "podman image - sign with no sigfile" { 54 GNUPGHOME=$_GNUPGHOME_TMP run_podman image sign --sign-by foo@bar.com --directory $PODMAN_TMPDIR/signatures "containers-storage:$PODMAN_TEST_IMAGE_FQN" 55 check_signature "signature-1" 56 } 57 58 # vim: filetype=sh