github.com/venafi-iw/cosign@v1.3.4/test/e2e_test_insecure_registry.sh (about) 1 #!/bin/bash 2 # 3 # Copyright 2021 The Sigstore Authors. 4 # 5 # Licensed under the Apache License, Version 2.0 (the "License"); 6 # you may not use this file except in compliance with the License. 7 # You may obtain a copy of the License at 8 # 9 # http://www.apache.org/licenses/LICENSE-2.0 10 # 11 # Unless required by applicable law or agreed to in writing, software 12 # distributed under the License is distributed on an "AS IS" BASIS, 13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 # See the License for the specific language governing permissions and 15 # limitations under the License. 16 17 set -ex 18 19 go build -o cosign ./cmd/cosign 20 tmp=$(mktemp -d) 21 cp cosign $tmp/ 22 23 INSECURE_REGISTRY_NAME=${INSECURE_REGISTRY_NAME:-insecure-registry.notlocal} 24 INSECURE_REGISTRY_PORT=${INSECURE_REGISTRY_PORT:-5001} 25 26 pushd $tmp 27 28 pass="$RANDOM" 29 export COSIGN_PASSWORD=$pass 30 31 ./cosign generate-key-pair 32 signing_key=cosign.key 33 verification_key=cosign.pub 34 35 img="${INSECURE_REGISTRY_NAME}:${INSECURE_REGISTRY_PORT}/test" 36 (crane delete $(./cosign triangulate $img)) || true 37 crane cp gcr.io/distroless/static $img --insecure 38 39 # Operations with insecure registries should fail by default, then succeed 40 # with `--allow-insecure-registry` 41 if (./cosign sign --key ${signing_key} $img); then false; fi 42 ./cosign sign --allow-insecure-registry --key ${signing_key} $img 43 if (./cosign verify --key ${verification_key} $img); then false; fi 44 ./cosign verify --allow-insecure-registry --key ${verification_key} $img 45 46 echo "SUCCESS"