We use cookies to ensure you get the best experience on our website
首頁 探索 說明
註冊 登入
0ct0pu5
/
moby
1
0
複刻 0
檔案 問題管理 0 合併請求 0 Wiki
目錄樹: 06e9a056ca
分支列表 標籤列表
moby
/
integration-cli
/
docker_cli_push_test.go

docker_cli_push_test.go 21 KB
文件歷史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468 
  1. package main
    2. 

  2. 

  3. import (
    4. 

  4. 	"archive/tar"
    5. 

  5. 	"fmt"
    6. 

  6. 	"io/ioutil"
    7. 

  7. 	"os"
    8. 

  8. 	"os/exec"
    9. 

  9. 	"path/filepath"
    10. 

  10. 	"strings"
    11. 

  11. 	"time"
    12. 

  12. 

  13. 	"github.com/docker/distribution/digest"
    14. 

  14. 	"github.com/docker/docker/cliconfig"
    15. 

  15. 	"github.com/docker/docker/pkg/integration/checker"
    16. 

  16. 	"github.com/go-check/check"
    17. 

  17. )
    18. 

  18. 

  19. // Pushing an image to a private registry.
    20. 

  20. func testPushBusyboxImage(c *check.C) {
    21. 

  21. 	repoName := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL)
    22. 

  22. 	// tag the image to upload it to the private registry
    23. 

  23. 	dockerCmd(c, "tag", "busybox", repoName)
    24. 

  24. 	// push the image to the registry
    25. 

  25. 	dockerCmd(c, "push", repoName)
    26. 

  26. }
    27. 

  27. 

  28. func (s *DockerRegistrySuite) TestPushBusyboxImage(c *check.C) {
    29. 

  29. 	testPushBusyboxImage(c)
    30. 

  30. }
    31. 

  31. 

  32. func (s *DockerSchema1RegistrySuite) TestPushBusyboxImage(c *check.C) {
    33. 

  33. 	testPushBusyboxImage(c)
    34. 

  34. }
    35. 

  35. 

  36. // pushing an image without a prefix should throw an error
    37. 

  37. func (s *DockerSuite) TestPushUnprefixedRepo(c *check.C) {
    38. 

  38. 	out, _, err := dockerCmdWithError("push", "busybox")
    39. 

  39. 	c.Assert(err, check.NotNil, check.Commentf("pushing an unprefixed repo didn't result in a non-zero exit status: %s", out))
    40. 

  40. }
    41. 

  41. 

  42. func testPushUntagged(c *check.C) {
    43. 

  43. 	repoName := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL)
    44. 

  44. 	expected := "Repository does not exist"
    45. 

  45. 

  46. 	out, _, err := dockerCmdWithError("push", repoName)
    47. 

  47. 	c.Assert(err, check.NotNil, check.Commentf("pushing the image to the private registry should have failed: output %q", out))
    48. 

  48. 	c.Assert(out, checker.Contains, expected, check.Commentf("pushing the image failed"))
    49. 

  49. }
    50. 

  50. 

  51. func (s *DockerRegistrySuite) TestPushUntagged(c *check.C) {
    52. 

  52. 	testPushUntagged(c)
    53. 

  53. }
    54. 

  54. 

  55. func (s *DockerSchema1RegistrySuite) TestPushUntagged(c *check.C) {
    56. 

  56. 	testPushUntagged(c)
    57. 

  57. }
    58. 

  58. 

  59. func testPushBadTag(c *check.C) {
    60. 

  60. 	repoName := fmt.Sprintf("%v/dockercli/busybox:latest", privateRegistryURL)
    61. 

  61. 	expected := "does not exist"
    62. 

  62. 

  63. 	out, _, err := dockerCmdWithError("push", repoName)
    64. 

  64. 	c.Assert(err, check.NotNil, check.Commentf("pushing the image to the private registry should have failed: output %q", out))
    65. 

  65. 	c.Assert(out, checker.Contains, expected, check.Commentf("pushing the image failed"))
    66. 

  66. }
    67. 

  67. 

  68. func (s *DockerRegistrySuite) TestPushBadTag(c *check.C) {
    69. 

  69. 	testPushBadTag(c)
    70. 

  70. }
    71. 

  71. 

  72. func (s *DockerSchema1RegistrySuite) TestPushBadTag(c *check.C) {
    73. 

  73. 	testPushBadTag(c)
    74. 

  74. }
    75. 

  75. 

  76. func testPushMultipleTags(c *check.C) {
    77. 

  77. 	repoName := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL)
    78. 

  78. 	repoTag1 := fmt.Sprintf("%v/dockercli/busybox:t1", privateRegistryURL)
    79. 

  79. 	repoTag2 := fmt.Sprintf("%v/dockercli/busybox:t2", privateRegistryURL)
    80. 

  80. 	// tag the image and upload it to the private registry
    81. 

  81. 	dockerCmd(c, "tag", "busybox", repoTag1)
    82. 

  82. 

  83. 	dockerCmd(c, "tag", "busybox", repoTag2)
    84. 

  84. 

  85. 	dockerCmd(c, "push", repoName)
    86. 

  86. 

  87. 	// Ensure layer list is equivalent for repoTag1 and repoTag2
    88. 

  88. 	out1, _ := dockerCmd(c, "pull", repoTag1)
    89. 

  89. 

  90. 	imageAlreadyExists := ": Image already exists"
    91. 

  91. 	var out1Lines []string
    92. 

  92. 	for _, outputLine := range strings.Split(out1, "\n") {
    93. 

  93. 		if strings.Contains(outputLine, imageAlreadyExists) {
    94. 

  94. 			out1Lines = append(out1Lines, outputLine)
    95. 

  95. 		}
    96. 

  96. 	}
    97. 

  97. 

  98. 	out2, _ := dockerCmd(c, "pull", repoTag2)
    99. 

  99. 

  100. 	var out2Lines []string
    101. 

  101. 	for _, outputLine := range strings.Split(out2, "\n") {
    102. 

  102. 		if strings.Contains(outputLine, imageAlreadyExists) {
    103. 

  103. 			out1Lines = append(out1Lines, outputLine)
    104. 

  104. 		}
    105. 

  105. 	}
    106. 

  106. 	c.Assert(out2Lines, checker.HasLen, len(out1Lines))
    107. 

  107. 

  108. 	for i := range out1Lines {
    109. 

  109. 		c.Assert(out1Lines[i], checker.Equals, out2Lines[i])
    110. 

  110. 	}
    111. 

  111. }
    112. 

  112. 

  113. func (s *DockerRegistrySuite) TestPushMultipleTags(c *check.C) {
    114. 

  114. 	testPushMultipleTags(c)
    115. 

  115. }
    116. 

  116. 

  117. func (s *DockerSchema1RegistrySuite) TestPushMultipleTags(c *check.C) {
    118. 

  118. 	testPushMultipleTags(c)
    119. 

  119. }
    120. 

  120. 

  121. func testPushEmptyLayer(c *check.C) {
    122. 

  122. 	repoName := fmt.Sprintf("%v/dockercli/emptylayer", privateRegistryURL)
    123. 

  123. 	emptyTarball, err := ioutil.TempFile("", "empty_tarball")
    124. 

  124. 	c.Assert(err, check.IsNil, check.Commentf("Unable to create test file"))
    125. 

  125. 

  126. 	tw := tar.NewWriter(emptyTarball)
    127. 

  127. 	err = tw.Close()
    128. 

  128. 	c.Assert(err, check.IsNil, check.Commentf("Error creating empty tarball"))
    129. 

  129. 

  130. 	freader, err := os.Open(emptyTarball.Name())
    131. 

  131. 	c.Assert(err, check.IsNil, check.Commentf("Could not open test tarball"))
    132. 

  132. 

  133. 	importCmd := exec.Command(dockerBinary, "import", "-", repoName)
    134. 

  134. 	importCmd.Stdin = freader
    135. 

  135. 	out, _, err := runCommandWithOutput(importCmd)
    136. 

  136. 	c.Assert(err, check.IsNil, check.Commentf("import failed: %q", out))
    137. 

  137. 

  138. 	// Now verify we can push it
    139. 

  139. 	out, _, err = dockerCmdWithError("push", repoName)
    140. 

  140. 	c.Assert(err, check.IsNil, check.Commentf("pushing the image to the private registry has failed: %s", out))
    141. 

  141. }
    142. 

  142. 

  143. func (s *DockerRegistrySuite) TestPushEmptyLayer(c *check.C) {
    144. 

  144. 	testPushEmptyLayer(c)
    145. 

  145. }
    146. 

  146. 

  147. func (s *DockerSchema1RegistrySuite) TestPushEmptyLayer(c *check.C) {
    148. 

  148. 	testPushEmptyLayer(c)
    149. 

  149. }
    150. 

  150. 

  151. func (s *DockerRegistrySuite) TestCrossRepositoryLayerPush(c *check.C) {
    152. 

  152. 	testRequires(c, NotArm)
    153. 

  153. 	sourceRepoName := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL)
    154. 

  154. 	// tag the image to upload it to the private registry
    155. 

  155. 	dockerCmd(c, "tag", "busybox", sourceRepoName)
    156. 

  156. 	// push the image to the registry
    157. 

  157. 	out1, _, err := dockerCmdWithError("push", sourceRepoName)
    158. 

  158. 	c.Assert(err, check.IsNil, check.Commentf("pushing the image to the private registry has failed: %s", out1))
    159. 

  159. 	// ensure that none of the layers were mounted from another repository during push
    160. 

  160. 	c.Assert(strings.Contains(out1, "Mounted from"), check.Equals, false)
    161. 

  161. 

  162. 	digest1 := digest.DigestRegexp.FindString(out1)
    163. 

  163. 	c.Assert(len(digest1), checker.GreaterThan, 0, check.Commentf("no digest found for pushed manifest"))
    164. 

  164. 

  165. 	destRepoName := fmt.Sprintf("%v/dockercli/crossrepopush", privateRegistryURL)
    166. 

  166. 	// retag the image to upload the same layers to another repo in the same registry
    167. 

  167. 	dockerCmd(c, "tag", "busybox", destRepoName)
    168. 

  168. 	// push the image to the registry
    169. 

  169. 	out2, _, err := dockerCmdWithError("push", destRepoName)
    170. 

  170. 	c.Assert(err, check.IsNil, check.Commentf("pushing the image to the private registry has failed: %s", out2))
    171. 

  171. 	// ensure that layers were mounted from the first repo during push
    172. 

  172. 	c.Assert(strings.Contains(out2, "Mounted from dockercli/busybox"), check.Equals, true)
    173. 

  173. 

  174. 	digest2 := digest.DigestRegexp.FindString(out2)
    175. 

  175. 	c.Assert(len(digest2), checker.GreaterThan, 0, check.Commentf("no digest found for pushed manifest"))
    176. 

  176. 	c.Assert(digest1, check.Equals, digest2)
    177. 

  177. 

  178. 	// ensure that we can pull and run the cross-repo-pushed repository
    179. 

  179. 	dockerCmd(c, "rmi", destRepoName)
    180. 

  180. 	dockerCmd(c, "pull", destRepoName)
    181. 

  181. 	out3, _ := dockerCmd(c, "run", destRepoName, "echo", "-n", "hello world")
    182. 

  182. 	c.Assert(out3, check.Equals, "hello world")
    183. 

  183. }
    184. 

  184. 

  185. func (s *DockerSchema1RegistrySuite) TestCrossRepositoryLayerPushNotSupported(c *check.C) {
    186. 

  186. 	sourceRepoName := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL)
    187. 

  187. 	// tag the image to upload it to the private registry
    188. 

  188. 	dockerCmd(c, "tag", "busybox", sourceRepoName)
    189. 

  189. 	// push the image to the registry
    190. 

  190. 	out1, _, err := dockerCmdWithError("push", sourceRepoName)
    191. 

  191. 	c.Assert(err, check.IsNil, check.Commentf("pushing the image to the private registry has failed: %s", out1))
    192. 

  192. 	// ensure that none of the layers were mounted from another repository during push
    193. 

  193. 	c.Assert(strings.Contains(out1, "Mounted from"), check.Equals, false)
    194. 

  194. 

  195. 	digest1 := digest.DigestRegexp.FindString(out1)
    196. 

  196. 	c.Assert(len(digest1), checker.GreaterThan, 0, check.Commentf("no digest found for pushed manifest"))
    197. 

  197. 

  198. 	destRepoName := fmt.Sprintf("%v/dockercli/crossrepopush", privateRegistryURL)
    199. 

  199. 	// retag the image to upload the same layers to another repo in the same registry
    200. 

  200. 	dockerCmd(c, "tag", "busybox", destRepoName)
    201. 

  201. 	// push the image to the registry
    202. 

  202. 	out2, _, err := dockerCmdWithError("push", destRepoName)
    203. 

  203. 	c.Assert(err, check.IsNil, check.Commentf("pushing the image to the private registry has failed: %s", out2))
    204. 

  204. 	// schema1 registry should not support cross-repo layer mounts, so ensure that this does not happen
    205. 

  205. 	c.Assert(strings.Contains(out2, "Mounted from dockercli/busybox"), check.Equals, false)
    206. 

  206. 

  207. 	digest2 := digest.DigestRegexp.FindString(out2)
    208. 

  208. 	c.Assert(len(digest2), checker.GreaterThan, 0, check.Commentf("no digest found for pushed manifest"))
    209. 

  209. 	c.Assert(digest1, check.Equals, digest2)
    210. 

  210. 

  211. 	// ensure that we can pull and run the second pushed repository
    212. 

  212. 	dockerCmd(c, "rmi", destRepoName)
    213. 

  213. 	dockerCmd(c, "pull", destRepoName)
    214. 

  214. 	out3, _ := dockerCmd(c, "run", destRepoName, "echo", "-n", "hello world")
    215. 

  215. 	c.Assert(out3, check.Equals, "hello world")
    216. 

  216. }
    217. 

  217. 

  218. func (s *DockerTrustSuite) TestTrustedPush(c *check.C) {
    219. 

  219. 	repoName := fmt.Sprintf("%v/dockercli/trusted:latest", privateRegistryURL)
    220. 

  220. 	// tag the image and upload it to the private registry
    221. 

  221. 	dockerCmd(c, "tag", "busybox", repoName)
    222. 

  222. 

  223. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    224. 

  224. 	s.trustedCmd(pushCmd)
    225. 

  225. 	out, _, err := runCommandWithOutput(pushCmd)
    226. 

  226. 	c.Assert(err, check.IsNil, check.Commentf("Error running trusted push: %s\n%s", err, out))
    227. 

  227. 	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push"))
    228. 

  228. 

  229. 	// Try pull after push
    230. 

  230. 	pullCmd := exec.Command(dockerBinary, "pull", repoName)
    231. 

  231. 	s.trustedCmd(pullCmd)
    232. 

  232. 	out, _, err = runCommandWithOutput(pullCmd)
    233. 

  233. 	c.Assert(err, check.IsNil, check.Commentf(out))
    234. 

  234. 	c.Assert(string(out), checker.Contains, "Status: Downloaded", check.Commentf(out))
    235. 

  235. }
    236. 

  236. 

  237. func (s *DockerTrustSuite) TestTrustedPushWithEnvPasswords(c *check.C) {
    238. 

  238. 	repoName := fmt.Sprintf("%v/dockerclienv/trusted:latest", privateRegistryURL)
    239. 

  239. 	// tag the image and upload it to the private registry
    240. 

  240. 	dockerCmd(c, "tag", "busybox", repoName)
    241. 

  241. 

  242. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    243. 

  243. 	s.trustedCmdWithPassphrases(pushCmd, "12345678", "12345678")
    244. 

  244. 	out, _, err := runCommandWithOutput(pushCmd)
    245. 

  245. 	c.Assert(err, check.IsNil, check.Commentf("Error running trusted push: %s\n%s", err, out))
    246. 

  246. 	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push"))
    247. 

  247. 

  248. 	// Try pull after push
    249. 

  249. 	pullCmd := exec.Command(dockerBinary, "pull", repoName)
    250. 

  250. 	s.trustedCmd(pullCmd)
    251. 

  251. 	out, _, err = runCommandWithOutput(pullCmd)
    252. 

  252. 	c.Assert(err, check.IsNil, check.Commentf(out))
    253. 

  253. 	c.Assert(string(out), checker.Contains, "Status: Downloaded", check.Commentf(out))
    254. 

  254. }
    255. 

  255. 

  256. // This test ensures backwards compatibility with old ENV variables. Should be
    257. 

  257. // deprecated by 1.10
    258. 

  258. func (s *DockerTrustSuite) TestTrustedPushWithDeprecatedEnvPasswords(c *check.C) {
    259. 

  259. 	repoName := fmt.Sprintf("%v/dockercli/trusteddeprecated:latest", privateRegistryURL)
    260. 

  260. 	// tag the image and upload it to the private registry
    261. 

  261. 	dockerCmd(c, "tag", "busybox", repoName)
    262. 

  262. 

  263. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    264. 

  264. 	s.trustedCmdWithDeprecatedEnvPassphrases(pushCmd, "12345678", "12345678")
    265. 

  265. 	out, _, err := runCommandWithOutput(pushCmd)
    266. 

  266. 	c.Assert(err, check.IsNil, check.Commentf("Error running trusted push: %s\n%s", err, out))
    267. 

  267. 	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push"))
    268. 

  268. }
    269. 

  269. 

  270. func (s *DockerTrustSuite) TestTrustedPushWithFailingServer(c *check.C) {
    271. 

  271. 	repoName := fmt.Sprintf("%v/dockercli/trusted:latest", privateRegistryURL)
    272. 

  272. 	// tag the image and upload it to the private registry
    273. 

  273. 	dockerCmd(c, "tag", "busybox", repoName)
    274. 

  274. 

  275. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    276. 

  276. 	s.trustedCmdWithServer(pushCmd, "https://example.com:81/")
    277. 

  277. 	out, _, err := runCommandWithOutput(pushCmd)
    278. 

  278. 	c.Assert(err, check.NotNil, check.Commentf("Missing error while running trusted push w/ no server"))
    279. 

  279. 	c.Assert(out, checker.Contains, "error contacting notary server", check.Commentf("Missing expected output on trusted push"))
    280. 

  280. }
    281. 

  281. 

  282. func (s *DockerTrustSuite) TestTrustedPushWithoutServerAndUntrusted(c *check.C) {
    283. 

  283. 	repoName := fmt.Sprintf("%v/dockercli/trusted:latest", privateRegistryURL)
    284. 

  284. 	// tag the image and upload it to the private registry
    285. 

  285. 	dockerCmd(c, "tag", "busybox", repoName)
    286. 

  286. 

  287. 	pushCmd := exec.Command(dockerBinary, "push", "--disable-content-trust", repoName)
    288. 

  288. 	s.trustedCmdWithServer(pushCmd, "https://example.com/")
    289. 

  289. 	out, _, err := runCommandWithOutput(pushCmd)
    290. 

  290. 	c.Assert(err, check.IsNil, check.Commentf("trusted push with no server and --disable-content-trust failed: %s\n%s", err, out))
    291. 

  291. 	c.Assert(out, check.Not(checker.Contains), "Error establishing connection to notary repository", check.Commentf("Missing expected output on trusted push with --disable-content-trust:"))
    292. 

  292. }
    293. 

  293. 

  294. func (s *DockerTrustSuite) TestTrustedPushWithExistingTag(c *check.C) {
    295. 

  295. 	repoName := fmt.Sprintf("%v/dockerclitag/trusted:latest", privateRegistryURL)
    296. 

  296. 	// tag the image and upload it to the private registry
    297. 

  297. 	dockerCmd(c, "tag", "busybox", repoName)
    298. 

  298. 	dockerCmd(c, "push", repoName)
    299. 

  299. 

  300. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    301. 

  301. 	s.trustedCmd(pushCmd)
    302. 

  302. 	out, _, err := runCommandWithOutput(pushCmd)
    303. 

  303. 	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
    304. 

  304. 	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with existing tag"))
    305. 

  305. 

  306. 	// Try pull after push
    307. 

  307. 	pullCmd := exec.Command(dockerBinary, "pull", repoName)
    308. 

  308. 	s.trustedCmd(pullCmd)
    309. 

  309. 	out, _, err = runCommandWithOutput(pullCmd)
    310. 

  310. 	c.Assert(err, check.IsNil, check.Commentf(out))
    311. 

  311. 	c.Assert(string(out), checker.Contains, "Status: Downloaded", check.Commentf(out))
    312. 

  312. }
    313. 

  313. 

  314. func (s *DockerTrustSuite) TestTrustedPushWithExistingSignedTag(c *check.C) {
    315. 

  315. 	repoName := fmt.Sprintf("%v/dockerclipushpush/trusted:latest", privateRegistryURL)
    316. 

  316. 	// tag the image and upload it to the private registry
    317. 

  317. 	dockerCmd(c, "tag", "busybox", repoName)
    318. 

  318. 

  319. 	// Do a trusted push
    320. 

  320. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    321. 

  321. 	s.trustedCmd(pushCmd)
    322. 

  322. 	out, _, err := runCommandWithOutput(pushCmd)
    323. 

  323. 	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
    324. 

  324. 	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with existing tag"))
    325. 

  325. 

  326. 	// Do another trusted push
    327. 

  327. 	pushCmd = exec.Command(dockerBinary, "push", repoName)
    328. 

  328. 	s.trustedCmd(pushCmd)
    329. 

  329. 	out, _, err = runCommandWithOutput(pushCmd)
    330. 

  330. 	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
    331. 

  331. 	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with existing tag"))
    332. 

  332. 

  333. 	dockerCmd(c, "rmi", repoName)
    334. 

  334. 

  335. 	// Try pull to ensure the double push did not break our ability to pull
    336. 

  336. 	pullCmd := exec.Command(dockerBinary, "pull", repoName)
    337. 

  337. 	s.trustedCmd(pullCmd)
    338. 

  338. 	out, _, err = runCommandWithOutput(pullCmd)
    339. 

  339. 	c.Assert(err, check.IsNil, check.Commentf("Error running trusted pull: %s\n%s", err, out))
    340. 

  340. 	c.Assert(out, checker.Contains, "Status: Downloaded", check.Commentf("Missing expected output on trusted pull with --disable-content-trust"))
    341. 

  341. 

  342. }
    343. 

  343. 

  344. func (s *DockerTrustSuite) TestTrustedPushWithIncorrectPassphraseForNonRoot(c *check.C) {
    345. 

  345. 	repoName := fmt.Sprintf("%v/dockercliincorretpwd/trusted:latest", privateRegistryURL)
    346. 

  346. 	// tag the image and upload it to the private registry
    347. 

  347. 	dockerCmd(c, "tag", "busybox", repoName)
    348. 

  348. 

  349. 	// Push with default passphrases
    350. 

  350. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    351. 

  351. 	s.trustedCmd(pushCmd)
    352. 

  352. 	out, _, err := runCommandWithOutput(pushCmd)
    353. 

  353. 	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
    354. 

  354. 	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push:\n%s", out))
    355. 

  355. 

  356. 	// Push with wrong passphrases
    357. 

  357. 	pushCmd = exec.Command(dockerBinary, "push", repoName)
    358. 

  358. 	s.trustedCmdWithPassphrases(pushCmd, "12345678", "87654321")
    359. 

  359. 	out, _, err = runCommandWithOutput(pushCmd)
    360. 

  360. 	c.Assert(err, check.NotNil, check.Commentf("Error missing from trusted push with short targets passphrase: \n%s", out))
    361. 

  361. 	c.Assert(out, checker.Contains, "could not find necessary signing keys", check.Commentf("Missing expected output on trusted push with short targets/snapsnot passphrase"))
    362. 

  362. }
    363. 

  363. 

  364. // This test ensures backwards compatibility with old ENV variables. Should be
    365. 

  365. // deprecated by 1.10
    366. 

  366. func (s *DockerTrustSuite) TestTrustedPushWithIncorrectDeprecatedPassphraseForNonRoot(c *check.C) {
    367. 

  367. 	repoName := fmt.Sprintf("%v/dockercliincorretdeprecatedpwd/trusted:latest", privateRegistryURL)
    368. 

  368. 	// tag the image and upload it to the private registry
    369. 

  369. 	dockerCmd(c, "tag", "busybox", repoName)
    370. 

  370. 

  371. 	// Push with default passphrases
    372. 

  372. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    373. 

  373. 	s.trustedCmd(pushCmd)
    374. 

  374. 	out, _, err := runCommandWithOutput(pushCmd)
    375. 

  375. 	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
    376. 

  376. 	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push"))
    377. 

  377. 

  378. 	// Push with wrong passphrases
    379. 

  379. 	pushCmd = exec.Command(dockerBinary, "push", repoName)
    380. 

  380. 	s.trustedCmdWithDeprecatedEnvPassphrases(pushCmd, "12345678", "87654321")
    381. 

  381. 	out, _, err = runCommandWithOutput(pushCmd)
    382. 

  382. 	c.Assert(err, check.NotNil, check.Commentf("Error missing from trusted push with short targets passphrase: \n%s", out))
    383. 

  383. 	c.Assert(out, checker.Contains, "could not find necessary signing keys", check.Commentf("Missing expected output on trusted push with short targets/snapsnot passphrase"))
    384. 

  384. }
    385. 

  385. 

  386. func (s *DockerTrustSuite) TestTrustedPushWithExpiredSnapshot(c *check.C) {
    387. 

  387. 	c.Skip("Currently changes system time, causing instability")
    388. 

  388. 	repoName := fmt.Sprintf("%v/dockercliexpiredsnapshot/trusted:latest", privateRegistryURL)
    389. 

  389. 	// tag the image and upload it to the private registry
    390. 

  390. 	dockerCmd(c, "tag", "busybox", repoName)
    391. 

  391. 

  392. 	// Push with default passphrases
    393. 

  393. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    394. 

  394. 	s.trustedCmd(pushCmd)
    395. 

  395. 	out, _, err := runCommandWithOutput(pushCmd)
    396. 

  396. 	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
    397. 

  397. 	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push"))
    398. 

  398. 

  399. 	// Snapshots last for three years. This should be expired
    400. 

  400. 	fourYearsLater := time.Now().Add(time.Hour * 24 * 365 * 4)
    401. 

  401. 

  402. 	runAtDifferentDate(fourYearsLater, func() {
    403. 

  403. 		// Push with wrong passphrases
    404. 

  404. 		pushCmd = exec.Command(dockerBinary, "push", repoName)
    405. 

  405. 		s.trustedCmd(pushCmd)
    406. 

  406. 		out, _, err = runCommandWithOutput(pushCmd)
    407. 

  407. 		c.Assert(err, check.NotNil, check.Commentf("Error missing from trusted push with expired snapshot: \n%s", out))
    408. 

  408. 		c.Assert(out, checker.Contains, "repository out-of-date", check.Commentf("Missing expected output on trusted push with expired snapshot"))
    409. 

  409. 	})
    410. 

  410. }
    411. 

  411. 

  412. func (s *DockerTrustSuite) TestTrustedPushWithExpiredTimestamp(c *check.C) {
    413. 

  413. 	c.Skip("Currently changes system time, causing instability")
    414. 

  414. 	repoName := fmt.Sprintf("%v/dockercliexpiredtimestamppush/trusted:latest", privateRegistryURL)
    415. 

  415. 	// tag the image and upload it to the private registry
    416. 

  416. 	dockerCmd(c, "tag", "busybox", repoName)
    417. 

  417. 

  418. 	// Push with default passphrases
    419. 

  419. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    420. 

  420. 	s.trustedCmd(pushCmd)
    421. 

  421. 	out, _, err := runCommandWithOutput(pushCmd)
    422. 

  422. 	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
    423. 

  423. 	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push"))
    424. 

  424. 

  425. 	// The timestamps expire in two weeks. Lets check three
    426. 

  426. 	threeWeeksLater := time.Now().Add(time.Hour * 24 * 21)
    427. 

  427. 

  428. 	// Should succeed because the server transparently re-signs one
    429. 

  429. 	runAtDifferentDate(threeWeeksLater, func() {
    430. 

  430. 		pushCmd := exec.Command(dockerBinary, "push", repoName)
    431. 

  431. 		s.trustedCmd(pushCmd)
    432. 

  432. 		out, _, err := runCommandWithOutput(pushCmd)
    433. 

  433. 		c.Assert(err, check.IsNil, check.Commentf("Error running trusted push: %s\n%s", err, out))
    434. 

  434. 		c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with expired timestamp"))
    435. 

  435. 	})
    436. 

  436. }
    437. 

  437. 

  438. func (s *DockerTrustSuite) TestTrustedPushWithReleasesDelegation(c *check.C) {
    439. 

  439. 	repoName := fmt.Sprintf("%v/dockerclireleasedelegation/trusted", privateRegistryURL)
    440. 

  440. 	targetName := fmt.Sprintf("%s:latest", repoName)
    441. 

  441. 	pwd := "12345678"
    442. 

  442. 	s.setupDelegations(c, repoName, pwd)
    443. 

  443. 

  444. 	// tag the image and upload it to the private registry
    445. 

  445. 	dockerCmd(c, "tag", "busybox", targetName)
    446. 

  446. 

  447. 	pushCmd := exec.Command(dockerBinary, "-D", "push", targetName)
    448. 

  448. 	s.trustedCmdWithPassphrases(pushCmd, pwd, pwd)
    449. 

  449. 	out, _, err := runCommandWithOutput(pushCmd)
    450. 

  450. 	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
    451. 

  451. 	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with existing tag"))
    452. 

  452. 

  453. 	// Try pull after push
    454. 

  454. 	pullCmd := exec.Command(dockerBinary, "pull", targetName)
    455. 

  455. 	s.trustedCmd(pullCmd)
    456. 

  456. 	out, _, err = runCommandWithOutput(pullCmd)
    457. 

  457. 	c.Assert(err, check.IsNil, check.Commentf(out))
    458. 

  458. 	c.Assert(string(out), checker.Contains, "Status: Downloaded", check.Commentf(out))
    459. 

  459. 

  460. 	// check to make sure that the target has been added to targets/releases and not targets
    461. 

  461. 	contents, err := ioutil.ReadFile(filepath.Join(cliconfig.ConfigDir(), "trust/tuf", repoName, "metadata/targets.json"))
    462. 

  462. 	c.Assert(err, check.IsNil, check.Commentf("Unable to read targets metadata"))
    463. 

  463. 	c.Assert(strings.Contains(string(contents), `"latest"`), checker.False, check.Commentf(string(contents)))
    464. 

  464. 

  465. 	contents, err = ioutil.ReadFile(filepath.Join(cliconfig.ConfigDir(), "trust/tuf", repoName, "metadata/targets/releases.json"))
    466. 

  466. 	c.Assert(err, check.IsNil, check.Commentf("Unable to read targets/releases metadata"))
    467. 

  467. 	c.Assert(string(contents), checker.Contains, `"latest"`, check.Commentf(string(contents)))
    468. 

  468. }
    469.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5