]> git.saurik.com Git - apt.git/blame - test/integration/test-apt-update-rollback
handle gpgv's weak-digests ERRSIG
[apt.git] / test / integration / test-apt-update-rollback
CommitLineData
e05672e8
MV
1#!/bin/sh
2#
3# test that apt-get update is transactional
4#
5set -e
6
7avoid_ims_hit() {
8 touch -d '+1hour' aptarchive/dists/unstable/main/binary-i386/Packages*
9 touch -d '+1hour' aptarchive/dists/unstable/main/source/Sources*
10 touch -d '+1hour' aptarchive/dists/unstable/*Release*
11
12 touch -d '-1hour' rootdir/var/lib/apt/lists/*
13}
14
15create_fresh_archive()
16{
17 rm -rf aptarchive/*
18 rm -f rootdir/var/lib/apt/lists/_* rootdir/var/lib/apt/lists/partial/*
19
20 insertpackage 'unstable' 'old' 'all' '1.0'
21
4dbfe436 22 setupaptarchive --no-update
e05672e8
MV
23}
24
25add_new_package() {
63c71412
DK
26 insertpackage 'unstable' 'new' 'all' '1.0'
27 insertsource 'unstable' 'new' 'all' '1.0'
e05672e8 28
4dbfe436 29 setupaptarchive --no-update "$@"
e05672e8
MV
30}
31
32break_repository_sources_index() {
63c71412 33 printf 'xxx' > "$APTARCHIVE/dists/unstable/main/source/Sources"
4dbfe436 34 compressfile "$APTARCHIVE/dists/unstable/main/source/Sources" "$@"
e05672e8
MV
35}
36
4dbfe436 37start_with_good_inrelease() {
e05672e8 38 create_fresh_archive
4dbfe436 39 testsuccess aptget update
846bc058 40 listcurrentlistsdirectory > lists.before
2b0660b5 41 testsuccessequal 'old/unstable 1.0 all' apt list -qq
4dbfe436 42}
e05672e8 43
4dbfe436
DK
44test_inrelease_to_new_inrelease() {
45 msgmsg 'Test InRelease to new InRelease works fine'
46 start_with_good_inrelease
80976dd5 47
4dbfe436 48 add_new_package '+1hour'
80976dd5 49 testsuccess aptget update -o Debug::Acquire::Transaction=1
63c71412 50 testsuccessequal 'new/unstable 1.0 all
2b0660b5 51old/unstable 1.0 all' apt list -qq
e05672e8
MV
52}
53
54test_inrelease_to_broken_hash_reverts_all() {
4dbfe436
DK
55 msgmsg 'Test InRelease to broken InRelease reverts everything'
56 start_with_good_inrelease
57
58 add_new_package '+1hour'
e05672e8 59 # break the Sources file
4dbfe436 60 break_repository_sources_index '+1hour'
e05672e8
MV
61
62 # test the error condition
f695e761 63 testfailureequal "E: Failed to fetch file:${APTARCHIVE}/dists/unstable/main/source/Sources.gz Hash Sum mismatch
e05672e8
MV
64E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq
65 # ensure that the Packages file is also rolled back
846bc058 66 testfileequal lists.before "$(listcurrentlistsdirectory)"
25b86db1 67 testfailureequal "E: Unable to locate package new" aptget install new -s -qq
e05672e8
MV
68}
69
4dbfe436
DK
70test_inrelease_to_valid_release() {
71 msgmsg 'Test InRelease to valid Release'
72 start_with_good_inrelease
73
74 add_new_package '+1hour'
75 # switch to a unsigned repo now
63c71412
DK
76 rm "$APTARCHIVE/dists/unstable/InRelease"
77 rm "$APTARCHIVE/dists/unstable/Release.gpg"
e05672e8 78
bca84917 79 # update fails
1da3b7b8 80 testfailureequal "E: The repository 'file:${APTARCHIVE} unstable Release' is no longer signed." aptget update -qq
e05672e8 81
846bc058
DK
82 # test that security downgrade was not successful
83 testfileequal lists.before "$(listcurrentlistsdirectory)"
e05672e8 84 testsuccess aptget install old -s
bca84917 85 testfailure aptget install new -s
63c71412
DK
86 testnotempty find "${ROOTDIR}/var/lib/apt/lists" -name '*_InRelease'
87 testempty find "${ROOTDIR}/var/lib/apt/lists" -name '*_Release'
e05672e8
MV
88}
89
4dbfe436
DK
90test_inrelease_to_release_reverts_all() {
91 msgmsg 'Test InRelease to broken Release reverts everything'
92 start_with_good_inrelease
e05672e8 93
4dbfe436
DK
94 # switch to a unsigned repo now
95 add_new_package '+1hour'
63c71412
DK
96 rm "$APTARCHIVE/dists/unstable/InRelease"
97 rm "$APTARCHIVE/dists/unstable/Release.gpg"
4dbfe436 98
e05672e8 99 # break it
4dbfe436 100 break_repository_sources_index '+1hour'
e05672e8
MV
101
102 # ensure error
1da3b7b8 103 testfailureequal "E: The repository 'file:${APTARCHIVE} unstable Release' is no longer signed." aptget update -qq # -o Debug::acquire::transaction=1
e05672e8
MV
104
105 # ensure that the Packages file is also rolled back
846bc058 106 testfileequal lists.before "$(listcurrentlistsdirectory)"
e05672e8
MV
107 testsuccess aptget install old -s
108 testfailure aptget install new -s
63c71412
DK
109 testnotempty find "${ROOTDIR}/var/lib/apt/lists" -name '*_InRelease'
110 testempty find "${ROOTDIR}/var/lib/apt/lists" -name '*_Release'
e05672e8
MV
111}
112
113test_unauthenticated_to_invalid_inrelease() {
4dbfe436 114 msgmsg 'Test UnAuthenticated to invalid InRelease reverts everything'
e05672e8 115 create_fresh_archive
63c71412
DK
116 rm "$APTARCHIVE/dists/unstable/InRelease"
117 rm "$APTARCHIVE/dists/unstable/Release.gpg"
4dbfe436 118
4fa34122 119 testwarning aptget update --allow-insecure-repositories
846bc058 120 listcurrentlistsdirectory > lists.before
25b86db1 121 testfailureequal "WARNING: The following packages cannot be authenticated!
e05672e8 122 old
b381a482 123E: There were unauthenticated packages and -y was used without --allow-unauthenticated" aptget install -qq -y old
4dbfe436 124
e05672e8 125 # go to authenticated but not correct
4dbfe436
DK
126 add_new_package '+1hour'
127 break_repository_sources_index '+1hour'
e05672e8 128
f695e761 129 testfailureequal "E: Failed to fetch file:$APTARCHIVE/dists/unstable/main/source/Sources.gz Hash Sum mismatch
e05672e8
MV
130E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq
131
846bc058 132 testfileequal lists.before "$(listcurrentlistsdirectory)"
63c71412 133 testempty find "${ROOTDIR}/var/lib/apt/lists" -maxdepth 1 -name '*_InRelease'
25b86db1 134 testfailureequal "WARNING: The following packages cannot be authenticated!
e05672e8 135 old
b381a482 136E: There were unauthenticated packages and -y was used without --allow-unauthenticated" aptget install -qq -y old
e05672e8
MV
137}
138
c5fced38 139test_inrelease_to_unauth_inrelease() {
4dbfe436
DK
140 msgmsg 'Test InRelease to InRelease without good sig'
141 start_with_good_inrelease
142
9d653a6d 143 signreleasefiles 'Marvin Paranoid'
4dbfe436 144
1da3b7b8 145 testwarningequal "W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: file:${APTARCHIVE} unstable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E8525D47528144E2
4dbfe436 146W: Failed to fetch file:$APTARCHIVE/dists/unstable/InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E8525D47528144E2
21638c3a
MV
147W: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq
148
846bc058 149 testfileequal lists.before "$(listcurrentlistsdirectory)"
63c71412 150 testnotempty find "${ROOTDIR}/var/lib/apt/lists" -name '*_InRelease'
c5fced38
MV
151}
152
7abcfdde
MV
153test_inrelease_to_broken_gzip() {
154 msgmsg "Test InRelease to broken gzip"
4dbfe436
DK
155 start_with_good_inrelease
156
8d041b4f
DK
157 break_repository_sources_index '+1hour'
158 generatereleasefiles '+2hours'
159 signreleasefiles
160
4dbfe436 161 # append junk at the end of the compressed file
63c71412
DK
162 echo "lala" >> "$APTARCHIVE/dists/unstable/main/source/Sources.gz"
163 touch -d '+2min' "$APTARCHIVE/dists/unstable/main/source/Sources.gz"
4dbfe436 164 # remove uncompressed file to avoid fallback
63c71412 165 rm "$APTARCHIVE/dists/unstable/main/source/Sources"
7abcfdde
MV
166
167 testfailure aptget update
8d041b4f 168 testsuccess grep 'Hash Sum mismatch' rootdir/tmp/testfailure.output
846bc058 169 testfileequal lists.before "$(listcurrentlistsdirectory)"
7abcfdde
MV
170}
171
3abb6a6a
DK
172TESTDIR="$(readlink -f "$(dirname "$0")")"
173. "$TESTDIR/framework"
e05672e8
MV
174
175setupenvironment
176configarchitecture "i386"
177
178# setup the archive and ensure we have a single package that installs fine
179setupaptarchive
63c71412
DK
180APTARCHIVE="$(readlink -f ./aptarchive)"
181ROOTDIR="${TMPWORKINGDIRECTORY}/rootdir"
182APTARCHIVE_LISTS="$(echo "$APTARCHIVE" | tr "/" "_" )"
e05672e8
MV
183
184# test the following cases:
4dbfe436 185# - InRelease -> broken InRelease revert to previous state
e05672e8
MV
186# - empty lists dir and broken remote leaves nothing on the system
187# - InRelease -> hashsum mismatch for one file reverts all files to previous state
188# - Release/Release.gpg -> hashsum mismatch
189# - InRelease -> Release with hashsum mismatch revert entire state and kills Release
190# - Release -> InRelease with broken Sig/Hash removes InRelease
191# going from Release/Release.gpg -> InRelease and vice versa
192# - unauthenticated -> invalid InRelease
193
67f2f9e2 194# stuff to do:
4dbfe436 195# - ims-hit
67f2f9e2
MV
196# - gzip-index tests
197
e05672e8
MV
198test_inrelease_to_new_inrelease
199test_inrelease_to_broken_hash_reverts_all
4dbfe436
DK
200test_inrelease_to_valid_release
201test_inrelease_to_release_reverts_all
6d979490 202test_unauthenticated_to_invalid_inrelease
c5fced38 203test_inrelease_to_unauth_inrelease
7abcfdde 204test_inrelease_to_broken_gzip