vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-06 05:40:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

test(dockerfile): assert Docker apt GPG single-primary-key guard order

Browse Source 
Locks in Codex/Greptile review criteria: pub count runs before fingerprint
compare and gpg --dearmor for issue #74234.

Made-with: Cursor
This commit is contained in:
Yossi Eliaz
2026-04-29 13:16:45 +03:00
parent b8050fb11d
commit c09ca96153
1 changed files with 18 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/dockerfile.test.ts
View File

@@ -141,6 +141,24 @@ describe("Dockerfile", () => {
expect(dockerfile).not.toContain('\\"fpr\\"');
});
it("counts primary pub keys before Docker apt fingerprint compare and dearmor", async () => {
const dockerfile = collapseDockerContinuations(await readFile(dockerfilePath, "utf8"));
const anchor = dockerfile.indexOf(
"curl -fsSL https://download.docker.com/linux/debian/gpg -o /tmp/docker.gpg.asc",
);
expect(anchor).toBeGreaterThan(-1);
const slice = dockerfile.slice(anchor);
expect(slice).toContain("docker_gpg_pub_count=");
expect(slice).toContain('$1 == "pub"');
expect(slice).not.toContain('\\"pub\\"');
const pubCountIdx = slice.indexOf("docker_gpg_pub_count=");
const fpIdx = slice.indexOf("actual_fingerprint=");
const dearmorIdx = slice.indexOf("gpg --dearmor");
expect(pubCountIdx).toBeLessThan(fpIdx);
expect(fpIdx).toBeLessThan(dearmorIdx);
expect(slice).toContain('[ "$docker_gpg_pub_count" != "1" ]');
});
it("keeps runtime pnpm available", async () => {
const dockerfile = await readFile(dockerfilePath, "utf8");
expect(dockerfile).toContain("ENV COREPACK_HOME=/usr/local/share/corepack");