We use cookies to ensure you get the best experience on our website
Home Explore Help
Register Sign In
0ct0pu5
/
moby
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: c00c64c20e
Branches Tags
moby
/
integration-cli
/
docker_cli_push_test.go

docker_cli_push_test.go 15 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348 
  1. package main
    2. 

  2. 

  3. import (
    4. 

  4. 	"archive/tar"
    5. 

  5. 	"encoding/json"
    6. 

  6. 	"fmt"
    7. 

  7. 	"io/ioutil"
    8. 

  8. 	"os"
    9. 

  9. 	"os/exec"
    10. 

  10. 	"path/filepath"
    11. 

  11. 	"strings"
    12. 

  12. 	"time"
    13. 

  13. 

  14. 	"github.com/docker/docker/image"
    15. 

  15. 	"github.com/docker/docker/pkg/integration/checker"
    16. 

  16. 	"github.com/go-check/check"
    17. 

  17. )
    18. 

  18. 

  19. // Pushing an image to a private registry.
    20. 

  20. func (s *DockerRegistrySuite) TestPushBusyboxImage(c *check.C) {
    21. 

  21. 	repoName := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL)
    22. 

  22. 	// tag the image to upload it to the private registry
    23. 

  23. 	dockerCmd(c, "tag", "busybox", repoName)
    24. 

  24. 	// push the image to the registry
    25. 

  25. 	dockerCmd(c, "push", repoName)
    26. 

  26. }
    27. 

  27. 

  28. // pushing an image without a prefix should throw an error
    29. 

  29. func (s *DockerSuite) TestPushUnprefixedRepo(c *check.C) {
    30. 

  30. 	out, _, err := dockerCmdWithError("push", "busybox")
    31. 

  31. 	c.Assert(err, check.NotNil, check.Commentf("pushing an unprefixed repo didn't result in a non-zero exit status: %s", out))
    32. 

  32. }
    33. 

  33. 

  34. func (s *DockerRegistrySuite) TestPushUntagged(c *check.C) {
    35. 

  35. 	repoName := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL)
    36. 

  36. 	expected := "Repository does not exist"
    37. 

  37. 

  38. 	out, _, err := dockerCmdWithError("push", repoName)
    39. 

  39. 	c.Assert(err, check.NotNil, check.Commentf("pushing the image to the private registry should have failed: output %q", out))
    40. 

  40. 	c.Assert(out, checker.Contains, expected, check.Commentf("pushing the image failed"))
    41. 

  41. }
    42. 

  42. 

  43. func (s *DockerRegistrySuite) TestPushBadTag(c *check.C) {
    44. 

  44. 	repoName := fmt.Sprintf("%v/dockercli/busybox:latest", privateRegistryURL)
    45. 

  45. 	expected := "does not exist"
    46. 

  46. 

  47. 	out, _, err := dockerCmdWithError("push", repoName)
    48. 

  48. 	c.Assert(err, check.NotNil, check.Commentf("pushing the image to the private registry should have failed: output %q", out))
    49. 

  49. 	c.Assert(out, checker.Contains, expected, check.Commentf("pushing the image failed"))
    50. 

  50. }
    51. 

  51. 

  52. func (s *DockerRegistrySuite) TestPushMultipleTags(c *check.C) {
    53. 

  53. 	repoName := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL)
    54. 

  54. 	repoTag1 := fmt.Sprintf("%v/dockercli/busybox:t1", privateRegistryURL)
    55. 

  55. 	repoTag2 := fmt.Sprintf("%v/dockercli/busybox:t2", privateRegistryURL)
    56. 

  56. 	// tag the image and upload it to the private registry
    57. 

  57. 	dockerCmd(c, "tag", "busybox", repoTag1)
    58. 

  58. 

  59. 	dockerCmd(c, "tag", "busybox", repoTag2)
    60. 

  60. 

  61. 	dockerCmd(c, "push", repoName)
    62. 

  62. 

  63. 	// Ensure layer list is equivalent for repoTag1 and repoTag2
    64. 

  64. 	out1, _ := dockerCmd(c, "pull", repoTag1)
    65. 

  65. 

  66. 	imageAlreadyExists := ": Image already exists"
    67. 

  67. 	var out1Lines []string
    68. 

  68. 	for _, outputLine := range strings.Split(out1, "\n") {
    69. 

  69. 		if strings.Contains(outputLine, imageAlreadyExists) {
    70. 

  70. 			out1Lines = append(out1Lines, outputLine)
    71. 

  71. 		}
    72. 

  72. 	}
    73. 

  73. 

  74. 	out2, _ := dockerCmd(c, "pull", repoTag2)
    75. 

  75. 

  76. 	var out2Lines []string
    77. 

  77. 	for _, outputLine := range strings.Split(out2, "\n") {
    78. 

  78. 		if strings.Contains(outputLine, imageAlreadyExists) {
    79. 

  79. 			out1Lines = append(out1Lines, outputLine)
    80. 

  80. 		}
    81. 

  81. 	}
    82. 

  82. 	c.Assert(out2Lines, checker.HasLen, len(out1Lines))
    83. 

  83. 

  84. 	for i := range out1Lines {
    85. 

  85. 		c.Assert(out1Lines[i], checker.Equals, out2Lines[i])
    86. 

  86. 	}
    87. 

  87. }
    88. 

  88. 

  89. // TestPushBadParentChain tries to push an image with a corrupted parent chain
    90. 

  90. // in the v1compatibility files, and makes sure the push process fixes it.
    91. 

  91. func (s *DockerRegistrySuite) TestPushBadParentChain(c *check.C) {
    92. 

  92. 	repoName := fmt.Sprintf("%v/dockercli/badparent", privateRegistryURL)
    93. 

  93. 

  94. 	id, err := buildImage(repoName, `
    95. 

  95. 	    FROM busybox
    96. 

  96. 	    CMD echo "adding another layer"
    97. 

  97. 	    `, true)
    98. 

  98. 	if err != nil {
    99. 

  99. 		c.Fatal(err)
    100. 

  100. 	}
    101. 

  101. 

  102. 	// Push to create v1compatibility file
    103. 

  103. 	dockerCmd(c, "push", repoName)
    104. 

  104. 

  105. 	// Corrupt the parent in the v1compatibility file from the top layer
    106. 

  106. 	filename := filepath.Join(dockerBasePath, "graph", id, "v1Compatibility")
    107. 

  107. 

  108. 	jsonBytes, err := ioutil.ReadFile(filename)
    109. 

  109. 	c.Assert(err, check.IsNil, check.Commentf("Could not read v1Compatibility file: %s", err))
    110. 

  110. 

  111. 	var img image.Image
    112. 

  112. 	err = json.Unmarshal(jsonBytes, &img)
    113. 

  113. 	c.Assert(err, check.IsNil, check.Commentf("Could not unmarshal json: %s", err))
    114. 

  114. 

  115. 	img.Parent = "1234123412341234123412341234123412341234123412341234123412341234"
    116. 

  116. 

  117. 	jsonBytes, err = json.Marshal(&img)
    118. 

  118. 	c.Assert(err, check.IsNil, check.Commentf("Could not marshal json: %s", err))
    119. 

  119. 

  120. 	err = ioutil.WriteFile(filename, jsonBytes, 0600)
    121. 

  121. 	c.Assert(err, check.IsNil, check.Commentf("Could not write v1Compatibility file: %s", err))
    122. 

  122. 

  123. 	dockerCmd(c, "push", repoName)
    124. 

  124. 

  125. 	// pull should succeed
    126. 

  126. 	dockerCmd(c, "pull", repoName)
    127. 

  127. }
    128. 

  128. 

  129. func (s *DockerRegistrySuite) TestPushEmptyLayer(c *check.C) {
    130. 

  130. 	repoName := fmt.Sprintf("%v/dockercli/emptylayer", privateRegistryURL)
    131. 

  131. 	emptyTarball, err := ioutil.TempFile("", "empty_tarball")
    132. 

  132. 	c.Assert(err, check.IsNil, check.Commentf("Unable to create test file"))
    133. 

  133. 

  134. 	tw := tar.NewWriter(emptyTarball)
    135. 

  135. 	err = tw.Close()
    136. 

  136. 	c.Assert(err, check.IsNil, check.Commentf("Error creating empty tarball"))
    137. 

  137. 

  138. 	freader, err := os.Open(emptyTarball.Name())
    139. 

  139. 	c.Assert(err, check.IsNil, check.Commentf("Could not open test tarball"))
    140. 

  140. 

  141. 	importCmd := exec.Command(dockerBinary, "import", "-", repoName)
    142. 

  142. 	importCmd.Stdin = freader
    143. 

  143. 	out, _, err := runCommandWithOutput(importCmd)
    144. 

  144. 	c.Assert(err, check.IsNil, check.Commentf("import failed: %q", out))
    145. 

  145. 

  146. 	// Now verify we can push it
    147. 

  147. 	out, _, err = dockerCmdWithError("push", repoName)
    148. 

  148. 	c.Assert(err, check.IsNil, check.Commentf("pushing the image to the private registry has failed: %s", out))
    149. 

  149. }
    150. 

  150. 

  151. func (s *DockerTrustSuite) TestTrustedPush(c *check.C) {
    152. 

  152. 	repoName := fmt.Sprintf("%v/dockercli/trusted:latest", privateRegistryURL)
    153. 

  153. 	// tag the image and upload it to the private registry
    154. 

  154. 	dockerCmd(c, "tag", "busybox", repoName)
    155. 

  155. 

  156. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    157. 

  157. 	s.trustedCmd(pushCmd)
    158. 

  158. 	out, _, err := runCommandWithOutput(pushCmd)
    159. 

  159. 	c.Assert(err, check.IsNil, check.Commentf("Error running trusted push: %s\n%s", err, out))
    160. 

  160. 	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push"))
    161. 

  161. }
    162. 

  162. 

  163. func (s *DockerTrustSuite) TestTrustedPushWithEnvPasswords(c *check.C) {
    164. 

  164. 	repoName := fmt.Sprintf("%v/dockercli/trusted:latest", privateRegistryURL)
    165. 

  165. 	// tag the image and upload it to the private registry
    166. 

  166. 	dockerCmd(c, "tag", "busybox", repoName)
    167. 

  167. 

  168. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    169. 

  169. 	s.trustedCmdWithPassphrases(pushCmd, "12345678", "12345678")
    170. 

  170. 	out, _, err := runCommandWithOutput(pushCmd)
    171. 

  171. 	c.Assert(err, check.IsNil, check.Commentf("Error running trusted push: %s\n%s", err, out))
    172. 

  172. 	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push"))
    173. 

  173. }
    174. 

  174. 

  175. // This test ensures backwards compatibility with old ENV variables. Should be
    176. 

  176. // deprecated by 1.10
    177. 

  177. func (s *DockerTrustSuite) TestTrustedPushWithDeprecatedEnvPasswords(c *check.C) {
    178. 

  178. 	repoName := fmt.Sprintf("%v/dockercli/trusteddeprecated:latest", privateRegistryURL)
    179. 

  179. 	// tag the image and upload it to the private registry
    180. 

  180. 	dockerCmd(c, "tag", "busybox", repoName)
    181. 

  181. 

  182. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    183. 

  183. 	s.trustedCmdWithDeprecatedEnvPassphrases(pushCmd, "12345678", "12345678")
    184. 

  184. 	out, _, err := runCommandWithOutput(pushCmd)
    185. 

  185. 	c.Assert(err, check.IsNil, check.Commentf("Error running trusted push: %s\n%s", err, out))
    186. 

  186. 	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push"))
    187. 

  187. }
    188. 

  188. 

  189. func (s *DockerTrustSuite) TestTrustedPushWithFaillingServer(c *check.C) {
    190. 

  190. 	repoName := fmt.Sprintf("%v/dockercli/trusted:latest", privateRegistryURL)
    191. 

  191. 	// tag the image and upload it to the private registry
    192. 

  192. 	dockerCmd(c, "tag", "busybox", repoName)
    193. 

  193. 

  194. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    195. 

  195. 	s.trustedCmdWithServer(pushCmd, "https://example.com:81/")
    196. 

  196. 	out, _, err := runCommandWithOutput(pushCmd)
    197. 

  197. 	c.Assert(err, check.NotNil, check.Commentf("Missing error while running trusted push w/ no server"))
    198. 

  198. 	c.Assert(out, checker.Contains, "error contacting notary server", check.Commentf("Missing expected output on trusted push"))
    199. 

  199. }
    200. 

  200. 

  201. func (s *DockerTrustSuite) TestTrustedPushWithoutServerAndUntrusted(c *check.C) {
    202. 

  202. 	repoName := fmt.Sprintf("%v/dockercli/trusted:latest", privateRegistryURL)
    203. 

  203. 	// tag the image and upload it to the private registry
    204. 

  204. 	dockerCmd(c, "tag", "busybox", repoName)
    205. 

  205. 

  206. 	pushCmd := exec.Command(dockerBinary, "push", "--disable-content-trust", repoName)
    207. 

  207. 	s.trustedCmdWithServer(pushCmd, "https://example.com/")
    208. 

  208. 	out, _, err := runCommandWithOutput(pushCmd)
    209. 

  209. 	c.Assert(err, check.IsNil, check.Commentf("trusted push with no server and --disable-content-trust failed: %s\n%s", err, out))
    210. 

  210. 	c.Assert(out, check.Not(checker.Contains), "Error establishing connection to notary repository", check.Commentf("Missing expected output on trusted push with --disable-content-trust:"))
    211. 

  211. }
    212. 

  212. 

  213. func (s *DockerTrustSuite) TestTrustedPushWithExistingTag(c *check.C) {
    214. 

  214. 	repoName := fmt.Sprintf("%v/dockercli/trusted:latest", privateRegistryURL)
    215. 

  215. 	// tag the image and upload it to the private registry
    216. 

  216. 	dockerCmd(c, "tag", "busybox", repoName)
    217. 

  217. 	dockerCmd(c, "push", repoName)
    218. 

  218. 

  219. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    220. 

  220. 	s.trustedCmd(pushCmd)
    221. 

  221. 	out, _, err := runCommandWithOutput(pushCmd)
    222. 

  222. 	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
    223. 

  223. 	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with existing tag"))
    224. 

  224. }
    225. 

  225. 

  226. func (s *DockerTrustSuite) TestTrustedPushWithExistingSignedTag(c *check.C) {
    227. 

  227. 	repoName := fmt.Sprintf("%v/dockerclipushpush/trusted:latest", privateRegistryURL)
    228. 

  228. 	// tag the image and upload it to the private registry
    229. 

  229. 	dockerCmd(c, "tag", "busybox", repoName)
    230. 

  230. 

  231. 	// Do a trusted push
    232. 

  232. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    233. 

  233. 	s.trustedCmd(pushCmd)
    234. 

  234. 	out, _, err := runCommandWithOutput(pushCmd)
    235. 

  235. 	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
    236. 

  236. 	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with existing tag"))
    237. 

  237. 

  238. 	// Do another trusted push
    239. 

  239. 	pushCmd = exec.Command(dockerBinary, "push", repoName)
    240. 

  240. 	s.trustedCmd(pushCmd)
    241. 

  241. 	out, _, err = runCommandWithOutput(pushCmd)
    242. 

  242. 	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
    243. 

  243. 	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with existing tag"))
    244. 

  244. 

  245. 	dockerCmd(c, "rmi", repoName)
    246. 

  246. 

  247. 	// Try pull to ensure the double push did not break our ability to pull
    248. 

  248. 	pullCmd := exec.Command(dockerBinary, "pull", repoName)
    249. 

  249. 	s.trustedCmd(pullCmd)
    250. 

  250. 	out, _, err = runCommandWithOutput(pullCmd)
    251. 

  251. 	c.Assert(err, check.IsNil, check.Commentf("Error running trusted pull: %s\n%s", err, out))
    252. 

  252. 	c.Assert(out, checker.Contains, "Status: Downloaded", check.Commentf("Missing expected output on trusted pull with --disable-content-trust"))
    253. 

  253. 

  254. }
    255. 

  255. 

  256. func (s *DockerTrustSuite) TestTrustedPushWithIncorrectPassphraseForNonRoot(c *check.C) {
    257. 

  257. 	repoName := fmt.Sprintf("%v/dockercliincorretpwd/trusted:latest", privateRegistryURL)
    258. 

  258. 	// tag the image and upload it to the private registry
    259. 

  259. 	dockerCmd(c, "tag", "busybox", repoName)
    260. 

  260. 

  261. 	// Push with default passphrases
    262. 

  262. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    263. 

  263. 	s.trustedCmd(pushCmd)
    264. 

  264. 	out, _, err := runCommandWithOutput(pushCmd)
    265. 

  265. 	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
    266. 

  266. 	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push:\n%s", out))
    267. 

  267. 

  268. 	// Push with wrong passphrases
    269. 

  269. 	pushCmd = exec.Command(dockerBinary, "push", repoName)
    270. 

  270. 	s.trustedCmdWithPassphrases(pushCmd, "12345678", "87654321")
    271. 

  271. 	out, _, err = runCommandWithOutput(pushCmd)
    272. 

  272. 	c.Assert(err, check.NotNil, check.Commentf("Error missing from trusted push with short targets passphrase: \n%s", out))
    273. 

  273. 	c.Assert(out, checker.Contains, "could not find necessary signing keys", check.Commentf("Missing expected output on trusted push with short targets/snapsnot passphrase"))
    274. 

  274. }
    275. 

  275. 

  276. // This test ensures backwards compatibility with old ENV variables. Should be
    277. 

  277. // deprecated by 1.10
    278. 

  278. func (s *DockerTrustSuite) TestTrustedPushWithIncorrectDeprecatedPassphraseForNonRoot(c *check.C) {
    279. 

  279. 	repoName := fmt.Sprintf("%v/dockercliincorretdeprecatedpwd/trusted:latest", privateRegistryURL)
    280. 

  280. 	// tag the image and upload it to the private registry
    281. 

  281. 	dockerCmd(c, "tag", "busybox", repoName)
    282. 

  282. 

  283. 	// Push with default passphrases
    284. 

  284. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    285. 

  285. 	s.trustedCmd(pushCmd)
    286. 

  286. 	out, _, err := runCommandWithOutput(pushCmd)
    287. 

  287. 	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
    288. 

  288. 	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push"))
    289. 

  289. 

  290. 	// Push with wrong passphrases
    291. 

  291. 	pushCmd = exec.Command(dockerBinary, "push", repoName)
    292. 

  292. 	s.trustedCmdWithDeprecatedEnvPassphrases(pushCmd, "12345678", "87654321")
    293. 

  293. 	out, _, err = runCommandWithOutput(pushCmd)
    294. 

  294. 	c.Assert(err, check.NotNil, check.Commentf("Error missing from trusted push with short targets passphrase: \n%s", out))
    295. 

  295. 	c.Assert(out, checker.Contains, "could not find necessary signing keys", check.Commentf("Missing expected output on trusted push with short targets/snapsnot passphrase"))
    296. 

  296. }
    297. 

  297. 

  298. func (s *DockerTrustSuite) TestTrustedPushWithExpiredSnapshot(c *check.C) {
    299. 

  299. 	c.Skip("Currently changes system time, causing instability")
    300. 

  300. 	repoName := fmt.Sprintf("%v/dockercliexpiredsnapshot/trusted:latest", privateRegistryURL)
    301. 

  301. 	// tag the image and upload it to the private registry
    302. 

  302. 	dockerCmd(c, "tag", "busybox", repoName)
    303. 

  303. 

  304. 	// Push with default passphrases
    305. 

  305. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    306. 

  306. 	s.trustedCmd(pushCmd)
    307. 

  307. 	out, _, err := runCommandWithOutput(pushCmd)
    308. 

  308. 	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
    309. 

  309. 	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push"))
    310. 

  310. 

  311. 	// Snapshots last for three years. This should be expired
    312. 

  312. 	fourYearsLater := time.Now().Add(time.Hour * 24 * 365 * 4)
    313. 

  313. 

  314. 	runAtDifferentDate(fourYearsLater, func() {
    315. 

  315. 		// Push with wrong passphrases
    316. 

  316. 		pushCmd = exec.Command(dockerBinary, "push", repoName)
    317. 

  317. 		s.trustedCmd(pushCmd)
    318. 

  318. 		out, _, err = runCommandWithOutput(pushCmd)
    319. 

  319. 		c.Assert(err, check.NotNil, check.Commentf("Error missing from trusted push with expired snapshot: \n%s", out))
    320. 

  320. 		c.Assert(out, checker.Contains, "repository out-of-date", check.Commentf("Missing expected output on trusted push with expired snapshot"))
    321. 

  321. 	})
    322. 

  322. }
    323. 

  323. 

  324. func (s *DockerTrustSuite) TestTrustedPushWithExpiredTimestamp(c *check.C) {
    325. 

  325. 	c.Skip("Currently changes system time, causing instability")
    326. 

  326. 	repoName := fmt.Sprintf("%v/dockercliexpiredtimestamppush/trusted:latest", privateRegistryURL)
    327. 

  327. 	// tag the image and upload it to the private registry
    328. 

  328. 	dockerCmd(c, "tag", "busybox", repoName)
    329. 

  329. 

  330. 	// Push with default passphrases
    331. 

  331. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    332. 

  332. 	s.trustedCmd(pushCmd)
    333. 

  333. 	out, _, err := runCommandWithOutput(pushCmd)
    334. 

  334. 	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
    335. 

  335. 	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push"))
    336. 

  336. 

  337. 	// The timestamps expire in two weeks. Lets check three
    338. 

  338. 	threeWeeksLater := time.Now().Add(time.Hour * 24 * 21)
    339. 

  339. 

  340. 	// Should succeed because the server transparently re-signs one
    341. 

  341. 	runAtDifferentDate(threeWeeksLater, func() {
    342. 

  342. 		pushCmd := exec.Command(dockerBinary, "push", repoName)
    343. 

  343. 		s.trustedCmd(pushCmd)
    344. 

  344. 		out, _, err := runCommandWithOutput(pushCmd)
    345. 

  345. 		c.Assert(err, check.IsNil, check.Commentf("Error running trusted push: %s\n%s", err, out))
    346. 

  346. 		c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with expired timestamp"))
    347. 

  347. 	})
    348. 

  348. }
    349.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5