Update verification message logic

Only show the verification message if all the tarsum checks pass and the image manifest is verified. No longer return an error when a tarsum verification fails, just reset the verification flag. Tarsum verification is less meaningful without a verified manifest and therefore it should not cause an error. Updated the verified image test to pull an image which expected to have a verified manifest and contents. Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2025-07-30 18:23:29 +03:00 · 2015-02-05 17:46:55 -08:00
parent a271eaeba2
commit 6088df20c3
3 changed files with 27 additions and 28 deletions
--- a/integration-cli/docker_cli_pull_test.go
+++ b/integration-cli/docker_cli_pull_test.go
@ -53,39 +53,31 @@ func TestPullImageWithAliases(t *testing.T) {
 	logDone("pull - image with aliases")
 }

-// pulling busybox should show verified message
+// pulling library/hello-world should show verified message
 func TestPullVerified(t *testing.T) {
-	defer setupRegistry(t)()
+	// Image must be pulled from central repository to get verified message
+	// unless keychain is manually updated to contain the daemon's sign key.

-	repo := fmt.Sprintf("%v/dockercli/busybox:verified", privateRegistryURL)
-	defer deleteImages(repo)
-
-	// tag the image
-	if out, _, err := runCommandWithOutput(exec.Command(dockerBinary, "tag", "busybox", repo)); err != nil {
-		t.Fatalf("Failed to tag image verifiedTest: error %v, output %q", err, out)
-	}
-
-	// push it
-	if out, err := exec.Command(dockerBinary, "push", repo).CombinedOutput(); err != nil {
-		t.Fatalf("Failed to push image %v: error %v, output %q", repo, err, string(out))
-	}
-
-	// remove it locally
-	if out, err := exec.Command(dockerBinary, "rmi", repo).CombinedOutput(); err != nil {
-		t.Fatalf("Failed to clean images: error %v, output %q", err, string(out))
-	}
+	verifiedName := "hello-world"
+	defer deleteImages(verifiedName)

 	// pull it
 	expected := "The image you are pulling has been verified"
-	pullCmd := exec.Command(dockerBinary, "pull", repo)
-	if out, _, err := runCommandWithOutput(pullCmd); err != nil || !strings.Contains(out, expected) {
+	pullCmd := exec.Command(dockerBinary, "pull", verifiedName)
+	if out, exitCode, err := runCommandWithOutput(pullCmd); err != nil || !strings.Contains(out, expected) {
+		if err != nil || exitCode != 0 {
+			t.Skipf("pulling the '%s' image from the registry has failed: %s", verifiedName, err)
+		}
 		t.Fatalf("pulling a verified image failed. expected: %s\ngot: %s, %v", expected, out, err)
 	}

 	// pull it again
-	pullCmd = exec.Command(dockerBinary, "pull", repo)
-	if out, _, err := runCommandWithOutput(pullCmd); err != nil || !strings.Contains(out, expected) {
-		t.Fatalf("pulling a verified image failed. expected: %s\ngot: %s, %v", expected, out, err)
+	pullCmd = exec.Command(dockerBinary, "pull", verifiedName)
+	if out, exitCode, err := runCommandWithOutput(pullCmd); err != nil || strings.Contains(out, expected) {
+		if err != nil || exitCode != 0 {
+			t.Skipf("pulling the '%s' image from the registry has failed: %s", verifiedName, err)
+		}
+		t.Fatalf("pulling a verified image failed. unexpected verify message\ngot: %s, %v", out, err)
 	}

 	logDone("pull - pull verified")
@ -93,6 +85,8 @@ func TestPullVerified(t *testing.T) {

 // pulling an image from the central registry should work
 func TestPullImageFromCentralRegistry(t *testing.T) {
+	defer deleteImages("hello-world")
+
 	pullCmd := exec.Command(dockerBinary, "pull", "hello-world")
 	if out, _, err := runCommandWithOutput(pullCmd); err != nil {
 		t.Fatalf("pulling the hello-world image from the registry has failed: %s, %v", out, err)