projects / apt.git / blame
| Commit | Line | Data |
|---|---|---|
| daff4aa3 MV |
1 | #!/bin/sh |
| 2 | # | |
| 3 | # Ensure that we do not modify file:/// uris (regression test for | |
| 4 | # CVE-2014-0487 | |
| 5 | # | |
| 6 | set -e | |
| 7 | ||
| 8 | TESTDIR=$(readlink -f $(dirname $0)) | |
| 9 | . $TESTDIR/framework | |
| 10 | ||
| 11 | setupenvironment | |
| 12 | configarchitecture "amd64" | |
| 13 | configcompression 'bz2' 'gz' | |
| 14 | ||
| 15 | insertpackage 'unstable' 'foo' 'all' '1.0' | |
| 16 | ||
| daff4aa3 MV |
17 | setupaptarchive --no-update |
| 18 | ||
| 19 | # ensure the archive is not writable | |
| 20 | chmod 550 aptarchive/dists/unstable/main/binary-amd64 | |
| 21 | ||
| 22 | testsuccess aptget update -qq | |
| 23 | testsuccess aptget update -qq | |
| 23d0a6fb MV |
24 | aptget update -qq -o Debug::pkgAcquire::Auth=1 2> output.log |
| 25 | ||
| 26 | # ensure that the hash of the uncompressed file was verified even on a local | |
| 27 | # ims hit | |
| 28 | canary="SHA512:$(bzcat aptarchive/dists/unstable/main/binary-amd64/Packages.bz2 | sha512sum |cut -f1 -d' ')" | |
| a1380a5c | 29 | grep -q -- "- $canary" output.log |
| 23d0a6fb | 30 | |
| 8b451962 MV |
31 | # foo is still available |
| 32 | testsuccess aptget install -s foo | |
| daff4aa3 MV |
33 | |
| 34 | # the cleanup should still work | |
| 35 | chmod 750 aptarchive/dists/unstable/main/binary-amd64 | |
| a1380a5c MV |
36 | |
| 37 |