From 5a9ba0cd470ce93d48d72892b712918a799ff08b Mon Sep 17 00:00:00 2001
From: Hironori Shiina <shiina.hironori@jp.fujitsu.com>
Date: Thu, 28 Apr 2022 17:27:16 -0400
Subject: [PATCH] Add test for prevention of reusing encrypted layers

This fix modifies the test "commit oci encrypt to registry" to verify
that encrypted layers are not reused for a non-encrypted image.

see: https://github.com/containers/image/pull/1533

Signed-off-by: Hironori Shiina <shiina.hironori@jp.fujitsu.com>
---
 tests/commit.bats | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/tests/commit.bats b/tests/commit.bats
index 9ec45f8d051..39ad5a8f48a 100644
--- a/tests/commit.bats
+++ b/tests/commit.bats
@@ -229,6 +229,10 @@ load helpers
   # this test, just checks the ability to commit an image to a registry
   # there is no good way to test the details of the image unless with ./buildah pull, test will be in pull.bats
   rm -rf ${TEST_SCRATCH_DIR}/tmp
+
+  # verify that encrypted layers are not cached or reused for an non-encrypted image (See containers/image#1533)
+  run_buildah commit --iidfile /dev/null --tls-verify=false --creds testuser:testpassword $WITH_POLICY_JSON -q $cid docker://localhost:${REGISTRY_PORT}/buildah/busybox_not_encrypted:latest
+  run_buildah from $WITH_POLICY_JSON --tls-verify=false --creds testuser:testpassword docker://localhost:${REGISTRY_PORT}/buildah/busybox_not_encrypted:latest
 }
 
 @test "commit omit-timestamp" {