Browse code
fix DockerSchema1RegistrySuite.TestPullFailsWithAlteredLayer
This test was failing if after the busybox image switched to a
single layer.
The test fails because it alters the data of an empty layer and
relies on a side effect of another empty layer not being skipped
on pull to pass.
(The original patch was provided by Tonis Tiigi)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Sebastiaan van Stijn authored on 2017/02/18 03:34:33Showing 1 changed files
| ... | ... |
@@ -31,7 +31,10 @@ func setupImage(c *check.C) (digest.Digest, error) {
|
| 31 | 31 |
func setupImageWithTag(c *check.C, tag string) (digest.Digest, error) {
|
| 32 | 32 |
containerName := "busyboxbydigest" |
| 33 | 33 |
|
| 34 |
- dockerCmd(c, "run", "-e", "digest=1", "--name", containerName, "busybox") |
|
| 34 |
+ // new file is committed because this layer is used for detecting malicious |
|
| 35 |
+ // changes. if this was committed as empty layer it would be skipped on pull |
|
| 36 |
+ // and malicious changes would never be detected. |
|
| 37 |
+ dockerCmd(c, "run", "-e", "digest=1", "--name", containerName, "busybox", "touch", "anewfile") |
|
| 35 | 38 |
|
| 36 | 39 |
// tag the image to upload it to the private registry |
| 37 | 40 |
repoAndTag := repoName + ":" + tag |