(t *testing.T, provFile, pluginTgz, hash string)
| 212 | } |
| 213 | |
| 214 | func createProvFile(t *testing.T, provFile, pluginTgz, hash string) { |
| 215 | t.Helper() |
| 216 | |
| 217 | var hashStr string |
| 218 | if hash == "" { |
| 219 | // Calculate actual hash of the tarball |
| 220 | data, err := os.ReadFile(pluginTgz) |
| 221 | if err != nil { |
| 222 | t.Fatalf("Failed to read tarball for hashing: %v", err) |
| 223 | } |
| 224 | hashSum := sha256.Sum256(data) |
| 225 | hashStr = fmt.Sprintf("sha256:%x", hashSum) |
| 226 | } else { |
| 227 | // Use provided hash |
| 228 | hashStr = hash |
| 229 | } |
| 230 | |
| 231 | // Create properly formatted provenance file with specified hash |
| 232 | provContent := fmt.Sprintf(`-----BEGIN PGP SIGNED MESSAGE----- |
| 233 | Hash: SHA256 |
| 234 | |
| 235 | name: test-plugin |
| 236 | version: 1.0.0 |
| 237 | description: Test plugin for verification |
| 238 | files: |
| 239 | test-plugin-1.0.0.tgz: %s |
| 240 | -----BEGIN PGP SIGNATURE----- |
| 241 | Version: GnuPG v1 |
| 242 | |
| 243 | iQEcBAEBCAAGBQJktest... |
| 244 | -----END PGP SIGNATURE----- |
| 245 | `, hashStr) |
| 246 | if err := os.WriteFile(provFile, []byte(provContent), 0644); err != nil { |
| 247 | t.Fatalf("Failed to create provenance file: %v", err) |
| 248 | } |
| 249 | } |
| 250 | |
| 251 | func createTestKeyring(t *testing.T) string { |
| 252 | t.Helper() |
no test coverage detected
searching dependent graphs…