github.com/venafi-iw/cosign@v1.3.4/test/e2e_test_insecure_registry.sh

github.com/venafi-iw/cosign@v1.3.4/test/e2e_test_insecure_registry.sh (about)

     1  #!/bin/bash
     2  #
     3  # Copyright 2021 The Sigstore Authors.
     4  #
     5  # Licensed under the Apache License, Version 2.0 (the "License");
     6  # you may not use this file except in compliance with the License.
     7  # You may obtain a copy of the License at
     8  #
     9  #     http://www.apache.org/licenses/LICENSE-2.0
    10  #
    11  # Unless required by applicable law or agreed to in writing, software
    12  # distributed under the License is distributed on an "AS IS" BASIS,
    13  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    14  # See the License for the specific language governing permissions and
    15  # limitations under the License.
    16  
    17  set -ex
    18  
    19  go build -o cosign ./cmd/cosign
    20  tmp=$(mktemp -d)
    21  cp cosign $tmp/
    22  
    23  INSECURE_REGISTRY_NAME=${INSECURE_REGISTRY_NAME:-insecure-registry.notlocal}
    24  INSECURE_REGISTRY_PORT=${INSECURE_REGISTRY_PORT:-5001}
    25  
    26  pushd $tmp
    27  
    28  pass="$RANDOM"
    29  export COSIGN_PASSWORD=$pass
    30  
    31  ./cosign generate-key-pair
    32  signing_key=cosign.key
    33  verification_key=cosign.pub
    34  
    35  img="${INSECURE_REGISTRY_NAME}:${INSECURE_REGISTRY_PORT}/test"
    36  (crane delete $(./cosign triangulate $img)) || true
    37  crane cp gcr.io/distroless/static $img --insecure
    38  
    39  # Operations with insecure registries should fail by default, then succeed
    40  # with `--allow-insecure-registry`
    41  if (./cosign sign --key ${signing_key} $img); then false; fi
    42  ./cosign sign --allow-insecure-registry --key ${signing_key} $img
    43  if (./cosign verify --key ${verification_key} $img); then false; fi
    44  ./cosign verify --allow-insecure-registry --key ${verification_key} $img
    45  
    46  echo "SUCCESS"