@@ -38,8 +38,7 @@ type cleanupFunc func()
3838type newRegistryFunc func (t * testing.T , serverCert * x509.Certificate ) (image.Registry , cleanupFunc )
3939
4040func caDirForCert (t * testing.T , serverCert * x509.Certificate ) string {
41- caDir , err := os .MkdirTemp ("" , "opm-registry-test-ca-" )
42- require .NoError (t , err )
41+ caDir := t .TempDir ()
4342 caFile , err := os .Create (filepath .Join (caDir , "ca.crt" ))
4443 require .NoError (t , err )
4544
@@ -51,6 +50,29 @@ func caDirForCert(t *testing.T, serverCert *x509.Certificate) string {
5150 return caDir
5251}
5352
53+ const insecureSignaturePolicy = `{
54+ "default": [
55+ {
56+ "type": "insecureAcceptAnything"
57+ }
58+ ],
59+ "transports":
60+ {
61+ "docker-daemon":
62+ {
63+ "": [{"type":"insecureAcceptAnything"}]
64+ }
65+ }
66+ }`
67+
68+ func createSignaturePolicyFile (t * testing.T ) string {
69+ policyDir := t .TempDir ()
70+ policyFilePath := filepath .Join (policyDir , "policy.json" )
71+ err := os .WriteFile (policyFilePath , []byte (insecureSignaturePolicy ), 0600 )
72+ require .NoError (t , err )
73+ return policyFilePath
74+ }
75+
5476func poolForCert (serverCert * x509.Certificate ) * x509.CertPool {
5577 rootCAs := x509 .NewCertPool ()
5678 rootCAs .AddCert (serverCert )
@@ -61,10 +83,12 @@ func TestRegistries(t *testing.T) {
6183 registries := map [string ]newRegistryFunc {
6284 "containersimage" : func (t * testing.T , serverCert * x509.Certificate ) (image.Registry , cleanupFunc ) {
6385 caDir := caDirForCert (t , serverCert )
86+ policyFile := createSignaturePolicyFile (t )
6487 sourceCtx := & types.SystemContext {
6588 OCICertPath : caDir ,
6689 DockerCertPath : caDir ,
6790 DockerPerHostCertDirPath : caDir ,
91+ SignaturePolicyPath : policyFile ,
6892 }
6993 r , err := containersimageregistry .New (sourceCtx , containersimageregistry .WithTemporaryImageCache ())
7094 require .NoError (t , err )
0 commit comments