]> git.saurik.com Git - apt.git/blame - test/integration/test-sourceslist-trusted-options
trusted=yes sources are secure, we just don't know why
[apt.git] / test / integration / test-sourceslist-trusted-options
CommitLineData
07cb47e7
DK
1#!/bin/sh
2set -e
3
4TESTDIR=$(readlink -f $(dirname $0))
5. $TESTDIR/framework
6
7setupenvironment
8configarchitecture 'amd64'
9
10buildsimplenativepackage 'foo' 'amd64' '1' 'stable'
11buildsimplenativepackage 'foo' 'amd64' '2' 'testing'
12
13setupaptarchive --no-update
14
15APTARCHIVE=$(readlink -f ./aptarchive)
16
17everythingsucceeds() {
18 testequal 'Listing...
19foo/testing 2 amd64
20foo/stable 1 amd64
21' apt list foo -a
22
23 rm -f foo_1_amd64.deb foo_2_amd64.deb
24 testsuccess aptget download foo "$@"
25 testsuccess test -s foo_1_amd64.deb -o -s foo_2_amd64.deb
26
27 rm -f foo_1.dsc foo_2.dsc
28 testsuccess aptget source foo --dsc-only -d "$@"
29 testsuccess test -s foo_1.dsc -o -s foo_2.dsc
30}
31
32everythingfails() {
33 testequal 'Listing...
34foo/testing 2 amd64
35foo/stable 1 amd64
36' apt list foo -a
37
38 local WARNING='WARNING: The following packages cannot be authenticated!
39 foo
40E: Some packages could not be authenticated'
41
42 rm -f foo_1_amd64.deb foo_2_amd64.deb
43 testfailure aptget download foo "$@"
44 testequal "$WARNING" tail -n 3 rootdir/tmp/testfailure.output
45 testfailure test -s foo_1_amd64.deb -o -s foo_2_amd64.deb
46
47 rm -f foo_1.dsc foo_2.dsc
48 testfailure aptget source foo --dsc-only -d "$@"
49 testequal "$WARNING" tail -n 3 rootdir/tmp/testfailure.output
50 testfailure test -s foo_1.dsc -o -s foo_2.dsc
51}
52
53cp -a rootdir/etc/apt/sources.list.d/ rootdir/etc/apt/sources.list.d.bak/
54
55aptgetupdate() {
56 rm -rf rootdir/var/lib/apt/lists
57 # note that insecure with trusted=yes are allowed
58 # as the trusted=yes indicates that security is provided by
59 # something above the understanding of apt
60 testsuccess aptget update --no-allow-insecure-repositories
61}
62
63insecureaptgetupdate() {
64 rm -rf rootdir/var/lib/apt/lists
65 testfailure aptget update
66 rm -rf rootdir/var/lib/apt/lists
67 testsuccess aptget update --allow-insecure-repositories
68}
69
70msgmsg 'Test without trusted option and good sources'
71cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
72aptgetupdate
73everythingsucceeds
74everythingsucceeds -t stable
75everythingsucceeds -t testing
76
77msgmsg 'Test with trusted=yes option and good sources'
78cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
79sed -i 's#^deb\(-src\)\? #deb\1 [trusted=yes] #' rootdir/etc/apt/sources.list.d/*
80aptgetupdate
81everythingsucceeds
82everythingsucceeds -t stable
83everythingsucceeds -t testing
84
85msgmsg 'Test with trusted=no option and good sources'
86cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
87sed -i 's#^deb\(-src\)\? #deb\1 [trusted=no] #' rootdir/etc/apt/sources.list.d/*
88# we want the warnings on the actions, but for 'update' everything is fine
89aptgetupdate
90everythingfails
91everythingfails -t stable
92everythingfails -t testing
93
94find aptarchive/dists/stable \( -name 'InRelease' -o -name 'Release.gpg' \) -delete
95
96msgmsg 'Test without trusted option and good and unsigned sources'
97cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
98insecureaptgetupdate
99everythingsucceeds
100everythingfails -t stable
101everythingsucceeds -t testing
102
103msgmsg 'Test with trusted=yes option and good and unsigned sources'
104cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
105sed -i 's#^deb\(-src\)\? #deb\1 [trusted=yes] #' rootdir/etc/apt/sources.list.d/*
106aptgetupdate
107everythingsucceeds
108everythingsucceeds -t stable
109everythingsucceeds -t testing
110
111msgmsg 'Test with trusted=no option and good and unsigned sources'
112cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
113sed -i 's#^deb\(-src\)\? #deb\1 [trusted=no] #' rootdir/etc/apt/sources.list.d/*
114insecureaptgetupdate
115everythingfails
116everythingfails -t stable
117everythingfails -t testing
118
119signreleasefiles 'Marvin Paranoid' 'aptarchive/dists/stable'
120
121msgmsg 'Test without trusted option and good and unknown sources'
122cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
123insecureaptgetupdate
124everythingsucceeds
125everythingfails -t stable
126everythingsucceeds -t testing
127
128msgmsg 'Test with trusted=yes option and good and unknown sources'
129cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
130sed -i 's#^deb\(-src\)\? #deb\1 [trusted=yes] #' rootdir/etc/apt/sources.list.d/*
131aptgetupdate
132everythingsucceeds
133everythingsucceeds -t stable
134everythingsucceeds -t testing
135
136msgmsg 'Test with trusted=no option and good and unknown sources'
137cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
138sed -i 's#^deb\(-src\)\? #deb\1 [trusted=no] #' rootdir/etc/apt/sources.list.d/*
139insecureaptgetupdate
140everythingfails
141everythingfails -t stable
142everythingfails -t testing
143
144signreleasefiles 'Rex Expired' 'aptarchive/dists/stable'
145cp -a keys/rexexpired.pub rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg
146
147msgmsg 'Test without trusted option and good and expired sources'
148cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
149insecureaptgetupdate
150everythingsucceeds
151everythingfails -t stable
152everythingsucceeds -t testing
153
154msgmsg 'Test with trusted=yes option and good and expired sources'
155cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
156sed -i 's#^deb\(-src\)\? #deb\1 [trusted=yes] #' rootdir/etc/apt/sources.list.d/*
157aptgetupdate
158everythingsucceeds
159everythingsucceeds -t stable
160everythingsucceeds -t testing
161
162msgmsg 'Test with trusted=no option and good and expired sources'
163cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
164sed -i 's#^deb\(-src\)\? #deb\1 [trusted=no] #' rootdir/etc/apt/sources.list.d/*
165insecureaptgetupdate
166everythingfails
167everythingfails -t stable
168everythingfails -t testing