Fix and re-enable test/extended/images/signatures.go

mtrmac · mtrmac · commit 8f511a8d812a · 2021-02-10T19:25:01.000+01:00
- Use docker:// instead of atomic:, as recommended back in openshift#21782 (comment) openshift#21782 (comment) - Then re-enable the test Signed-off-by: Miloslav Trmač <mitr@redhat.com>
diff --git a/test/extended/images/signatures.go b/test/extended/images/signatures.go
@@ -22,7 +22,6 @@ var _ = g.Describe("[sig-imageregistry][Serial][Suite:openshift/registry/serial]
 	)
 
 	g.It("can push a signed image to openshift registry and verify it", func() {
-		g.Skip("disable because containers/image: https://github.com/containers/image/pull/570")
 		g.By("building a signer image that knows how to sign images")
 		output, err := oc.Run("create").Args("-f", signerBuildFixture).Output()
 		if err != nil {
@@ -83,24 +82,27 @@ var _ = g.Describe("[sig-imageregistry][Serial][Suite:openshift/registry/serial]
 		o.Expect(err).NotTo(o.HaveOccurred())
 		o.Expect(out).To(o.ContainSubstring("keyring `/var/lib/origin/gnupg/secring.gpg' created"))
 
-		// Create kubeconfig for skopeo
+		// Create kubeconfig for oc
 		g.By("logging as a test user")
 		out, err = pod.Exec("oc login https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_SERVICE_PORT --token=" + token + " --certificate-authority=/run/secrets/kubernetes.io/serviceaccount/ca.crt")
 		o.Expect(err).NotTo(o.HaveOccurred())
 		o.Expect(out).To(o.ContainSubstring("Logged in"))
 
 		// Sign and copy the memcached image into target image stream tag
-		// TODO: Fix skopeo to pickup the Kubernetes environment variables (remove the $KUBERNETES_MASTER)
 		g.By("signing the memcached:latest image and pushing it into openshift registry")
 		out, err = pod.Exec(strings.Join([]string{
-			"KUBERNETES_MASTER=https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_SERVICE_PORT",
 			"GNUPGHOME=/var/lib/origin/gnupg",
-			"skopeo", "--debug", "copy", "--sign-by", "joe@foo.bar",
+			"skopeo", "--debug",
+			// Disable the default-docker: file sigstore default in /etc/containers/registries.d, so that the X-Registry-Supports-Signatures protocol is used.
+			// Newer versions of Skopeo default to X-R-S-S if present, this test (as of 2020-02) uses skopeo-0.1.40-11.el7_8.x86_64, which defaults to sigstore.
+			"--registries.d", "/this/does/not/exist",
+
+			"copy", "--sign-by", "joe@foo.bar",
 			"--dest-creds=" + user + ":" + token,
 			// TODO: test with this turned to true as well
 			"--dest-tls-verify=false",
 			"docker://docker.io/library/memcached:latest",
-			"atomic:" + signedImage,
+			"docker://" + signedImage,
 		}, " "))
 		fmt.Fprintf(g.GinkgoWriter, "output: %s\n", out)
 		o.Expect(err).NotTo(o.HaveOccurred())
