torrentclaw/unarr
1
0
Fork 0
Code Issues Pull requests Projects Releases 4 Packages Wiki Activity Actions

test(upgrade): disable signature check in checksum-matching tests
Some checks are pending
CI / Test (push) Waiting to run
Details
CI / Build (push) Waiting to run
Details
CI / Build-1 (push) Waiting to run
Details
CI / Build-2 (push) Waiting to run
Details
CI / Build-3 (push) Waiting to run
Details
CI / Build-4 (push) Waiting to run
Details
CI / Build-5 (push) Waiting to run
Details
CI / Lint (push) Waiting to run
Details
CI / Coverage (push) Waiting to run
Details
CI / Vet (push) Waiting to run
Details

Browse source 
TestVerifyChecksumWithHTTPTest and TestVerifyChecksumCaseInsensitive predate
release signing (commit 1757bda baked the release pubkey). With the pubkey set,
verifyChecksum now requires a valid checksums.txt.sig and fails at signature
decode before reaching the SHA256 comparison these tests assert. They exercise
the checksum-matching path only, so clear releasePubKeyBase64 for their duration
(t.Cleanup restore) — mirroring the existing pattern in signature_test.go. The
signature path itself keeps its dedicated coverage there. No production change.
This commit is contained in:
Deivid Soto 2026-06-04 08:35:46 +02:00
parent c82826bf68
commit 86f03ba787
1 changed files with 17 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

17
internal/upgrade/upgrade_test.go
View file

@ -678,6 +678,16 @@ func TestVerifyChecksumWithHTTPTest(t *testing.T) {
t.Skip("tar.gz test only on unix") t.Skip("tar.gz test only on unix")
} }
// This test predates release signing and exercises the checksum-MATCHING
// logic only. With the baked release pubkey set, verifyChecksum now requires a
// valid checksums.txt.sig and fails at signature decode before reaching the
// SHA256 comparison these cases assert. Disable signature verification here
// (empty pubkey → loadReleasePubKey returns nil → step skipped); the signature
// path has dedicated coverage in signature_test.go. Pattern mirrors that file.
prevPubKey := releasePubKeyBase64
releasePubKeyBase64 = ""
t.Cleanup(func() { releasePubKeyBase64 = prevPubKey })
// Create a fake archive file // Create a fake archive file
dir := t.TempDir() dir := t.TempDir()
archiveContent := []byte("archive-content-for-checksum-test") archiveContent := []byte("archive-content-for-checksum-test")
@ -792,6 +802,13 @@ func TestVerifyChecksumCaseInsensitive(t *testing.T) {
t.Skip("tar.gz test only on unix") t.Skip("tar.gz test only on unix")
} }
// Predates release signing; tests checksum matching only. Disable signature
// verification (see TestVerifyChecksumWithHTTPTest) so it reaches the SHA256
// comparison instead of failing on the absent .sig.
prevPubKey := releasePubKeyBase64
releasePubKeyBase64 = ""
t.Cleanup(func() { releasePubKeyBase64 = prevPubKey })
dir := t.TempDir() dir := t.TempDir()
archiveContent := []byte("case-insensitive-hash-test") archiveContent := []byte("case-insensitive-hash-test")
archivePath := filepath.Join(dir, "archive.tar.gz") archivePath := filepath.Join(dir, "archive.tar.gz")