]> git.saurik.com Git - apt.git/blame - test/integration/test-apt-update-rollback
show apt-key warnings in apt update
[apt.git] / test / integration / test-apt-update-rollback
CommitLineData
e05672e8
MV
1#!/bin/sh
2#
3# test that apt-get update is transactional
4#
5set -e
6
7avoid_ims_hit() {
8 touch -d '+1hour' aptarchive/dists/unstable/main/binary-i386/Packages*
9 touch -d '+1hour' aptarchive/dists/unstable/main/source/Sources*
10 touch -d '+1hour' aptarchive/dists/unstable/*Release*
11
12 touch -d '-1hour' rootdir/var/lib/apt/lists/*
13}
14
15create_fresh_archive()
16{
17 rm -rf aptarchive/*
18 rm -f rootdir/var/lib/apt/lists/_* rootdir/var/lib/apt/lists/partial/*
19
20 insertpackage 'unstable' 'old' 'all' '1.0'
21
4dbfe436 22 setupaptarchive --no-update
e05672e8
MV
23}
24
25add_new_package() {
63c71412
DK
26 insertpackage 'unstable' 'new' 'all' '1.0'
27 insertsource 'unstable' 'new' 'all' '1.0'
e05672e8 28
4dbfe436 29 setupaptarchive --no-update "$@"
e05672e8
MV
30}
31
32break_repository_sources_index() {
0340069c 33 mv "$APTARCHIVE/dists/unstable/main/source/Sources.gz" "$APTARCHIVE/dists/unstable/main/source/Sources.gz.orig"
63c71412 34 printf 'xxx' > "$APTARCHIVE/dists/unstable/main/source/Sources"
4dbfe436 35 compressfile "$APTARCHIVE/dists/unstable/main/source/Sources" "$@"
e05672e8
MV
36}
37
4dbfe436 38start_with_good_inrelease() {
e05672e8 39 create_fresh_archive
4dbfe436 40 testsuccess aptget update
846bc058 41 listcurrentlistsdirectory > lists.before
2b0660b5 42 testsuccessequal 'old/unstable 1.0 all' apt list -qq
4dbfe436 43}
e05672e8 44
4dbfe436
DK
45test_inrelease_to_new_inrelease() {
46 msgmsg 'Test InRelease to new InRelease works fine'
47 start_with_good_inrelease
80976dd5 48
4dbfe436 49 add_new_package '+1hour'
80976dd5 50 testsuccess aptget update -o Debug::Acquire::Transaction=1
63c71412 51 testsuccessequal 'new/unstable 1.0 all
2b0660b5 52old/unstable 1.0 all' apt list -qq
e05672e8
MV
53}
54
55test_inrelease_to_broken_hash_reverts_all() {
4dbfe436
DK
56 msgmsg 'Test InRelease to broken InRelease reverts everything'
57 start_with_good_inrelease
58
59 add_new_package '+1hour'
e05672e8 60 # break the Sources file
4dbfe436 61 break_repository_sources_index '+1hour'
e05672e8
MV
62
63 # test the error condition
f695e761 64 testfailureequal "E: Failed to fetch file:${APTARCHIVE}/dists/unstable/main/source/Sources.gz Hash Sum mismatch
0340069c 65 Hashes of expected file:
d3003692 66 - Checksum-FileSize:$(stat -c '%s' 'aptarchive/dists/unstable/main/source/Sources.gz.orig') [weak]
0340069c
DK
67 - SHA256:$(sha256sum 'aptarchive/dists/unstable/main/source/Sources.gz.orig' | cut -d' ' -f 1)
68 Hashes of received file:
69 - SHA256:$(sha256sum 'aptarchive/dists/unstable/main/source/Sources.gz' | cut -d' ' -f 1)
d3003692 70 - Checksum-FileSize:$(stat -c '%s' 'aptarchive/dists/unstable/main/source/Sources.gz') [weak]
0340069c
DK
71 Last modification reported: $(lastmodification 'aptarchive/dists/unstable/main/source/Sources.gz')
72 Release file created at: $(releasefiledate 'aptarchive/dists/unstable/InRelease')
e05672e8
MV
73E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq
74 # ensure that the Packages file is also rolled back
846bc058 75 testfileequal lists.before "$(listcurrentlistsdirectory)"
25b86db1 76 testfailureequal "E: Unable to locate package new" aptget install new -s -qq
e05672e8
MV
77}
78
4dbfe436
DK
79test_inrelease_to_valid_release() {
80 msgmsg 'Test InRelease to valid Release'
81 start_with_good_inrelease
82
83 add_new_package '+1hour'
84 # switch to a unsigned repo now
5a23c56d 85 rm -f "$APTARCHIVE/dists/unstable/InRelease" "$APTARCHIVE/dists/unstable/Release.gpg"
e05672e8 86
bca84917 87 # update fails
1da3b7b8 88 testfailureequal "E: The repository 'file:${APTARCHIVE} unstable Release' is no longer signed." aptget update -qq
e05672e8 89
846bc058
DK
90 # test that security downgrade was not successful
91 testfileequal lists.before "$(listcurrentlistsdirectory)"
e05672e8 92 testsuccess aptget install old -s
bca84917 93 testfailure aptget install new -s
63c71412
DK
94 testnotempty find "${ROOTDIR}/var/lib/apt/lists" -name '*_InRelease'
95 testempty find "${ROOTDIR}/var/lib/apt/lists" -name '*_Release'
e05672e8
MV
96}
97
4dbfe436
DK
98test_inrelease_to_release_reverts_all() {
99 msgmsg 'Test InRelease to broken Release reverts everything'
100 start_with_good_inrelease
e05672e8 101
4dbfe436
DK
102 # switch to a unsigned repo now
103 add_new_package '+1hour'
5a23c56d 104 rm -f "$APTARCHIVE/dists/unstable/InRelease" "$APTARCHIVE/dists/unstable/Release.gpg"
4dbfe436 105
e05672e8 106 # break it
4dbfe436 107 break_repository_sources_index '+1hour'
e05672e8
MV
108
109 # ensure error
1da3b7b8 110 testfailureequal "E: The repository 'file:${APTARCHIVE} unstable Release' is no longer signed." aptget update -qq # -o Debug::acquire::transaction=1
e05672e8
MV
111
112 # ensure that the Packages file is also rolled back
846bc058 113 testfileequal lists.before "$(listcurrentlistsdirectory)"
e05672e8
MV
114 testsuccess aptget install old -s
115 testfailure aptget install new -s
63c71412
DK
116 testnotempty find "${ROOTDIR}/var/lib/apt/lists" -name '*_InRelease'
117 testempty find "${ROOTDIR}/var/lib/apt/lists" -name '*_Release'
e05672e8
MV
118}
119
120test_unauthenticated_to_invalid_inrelease() {
4dbfe436 121 msgmsg 'Test UnAuthenticated to invalid InRelease reverts everything'
e05672e8 122 create_fresh_archive
5a23c56d 123 rm -f "$APTARCHIVE/dists/unstable/InRelease" "$APTARCHIVE/dists/unstable/Release.gpg"
4dbfe436 124
4fa34122 125 testwarning aptget update --allow-insecure-repositories
846bc058 126 listcurrentlistsdirectory > lists.before
25b86db1 127 testfailureequal "WARNING: The following packages cannot be authenticated!
e05672e8 128 old
b381a482 129E: There were unauthenticated packages and -y was used without --allow-unauthenticated" aptget install -qq -y old
4dbfe436 130
e05672e8 131 # go to authenticated but not correct
4dbfe436
DK
132 add_new_package '+1hour'
133 break_repository_sources_index '+1hour'
e05672e8 134
f695e761 135 testfailureequal "E: Failed to fetch file:$APTARCHIVE/dists/unstable/main/source/Sources.gz Hash Sum mismatch
0340069c 136 Hashes of expected file:
d3003692 137 - Checksum-FileSize:$(stat -c '%s' 'aptarchive/dists/unstable/main/source/Sources.gz.orig') [weak]
0340069c
DK
138 - SHA256:$(sha256sum 'aptarchive/dists/unstable/main/source/Sources.gz.orig' | cut -d' ' -f 1)
139 Hashes of received file:
140 - SHA256:$(sha256sum 'aptarchive/dists/unstable/main/source/Sources.gz' | cut -d' ' -f 1)
d3003692 141 - Checksum-FileSize:$(stat -c '%s' 'aptarchive/dists/unstable/main/source/Sources.gz') [weak]
0340069c
DK
142 Last modification reported: $(lastmodification 'aptarchive/dists/unstable/main/source/Sources.gz')
143 Release file created at: $(releasefiledate 'aptarchive/dists/unstable/InRelease')
e05672e8
MV
144E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq
145
846bc058 146 testfileequal lists.before "$(listcurrentlistsdirectory)"
63c71412 147 testempty find "${ROOTDIR}/var/lib/apt/lists" -maxdepth 1 -name '*_InRelease'
25b86db1 148 testfailureequal "WARNING: The following packages cannot be authenticated!
e05672e8 149 old
b381a482 150E: There were unauthenticated packages and -y was used without --allow-unauthenticated" aptget install -qq -y old
e05672e8
MV
151}
152
c5fced38 153test_inrelease_to_unauth_inrelease() {
4dbfe436
DK
154 msgmsg 'Test InRelease to InRelease without good sig'
155 start_with_good_inrelease
156
9d653a6d 157 signreleasefiles 'Marvin Paranoid'
4dbfe436 158
1da3b7b8 159 testwarningequal "W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: file:${APTARCHIVE} unstable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E8525D47528144E2
4dbfe436 160W: Failed to fetch file:$APTARCHIVE/dists/unstable/InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E8525D47528144E2
21638c3a
MV
161W: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq
162
846bc058 163 testfileequal lists.before "$(listcurrentlistsdirectory)"
63c71412 164 testnotempty find "${ROOTDIR}/var/lib/apt/lists" -name '*_InRelease'
c5fced38
MV
165}
166
7abcfdde
MV
167test_inrelease_to_broken_gzip() {
168 msgmsg "Test InRelease to broken gzip"
4dbfe436
DK
169 start_with_good_inrelease
170
8d041b4f
DK
171 break_repository_sources_index '+1hour'
172 generatereleasefiles '+2hours'
173 signreleasefiles
174
4dbfe436 175 # append junk at the end of the compressed file
63c71412
DK
176 echo "lala" >> "$APTARCHIVE/dists/unstable/main/source/Sources.gz"
177 touch -d '+2min' "$APTARCHIVE/dists/unstable/main/source/Sources.gz"
4dbfe436 178 # remove uncompressed file to avoid fallback
63c71412 179 rm "$APTARCHIVE/dists/unstable/main/source/Sources"
7abcfdde
MV
180
181 testfailure aptget update
8d041b4f 182 testsuccess grep 'Hash Sum mismatch' rootdir/tmp/testfailure.output
846bc058 183 testfileequal lists.before "$(listcurrentlistsdirectory)"
7abcfdde
MV
184}
185
3abb6a6a
DK
186TESTDIR="$(readlink -f "$(dirname "$0")")"
187. "$TESTDIR/framework"
e05672e8
MV
188
189setupenvironment
190configarchitecture "i386"
5a23c56d 191export APT_DONT_SIGN='Release.gpg'
e05672e8 192
63c71412
DK
193APTARCHIVE="$(readlink -f ./aptarchive)"
194ROOTDIR="${TMPWORKINGDIRECTORY}/rootdir"
195APTARCHIVE_LISTS="$(echo "$APTARCHIVE" | tr "/" "_" )"
e05672e8
MV
196
197# test the following cases:
4dbfe436 198# - InRelease -> broken InRelease revert to previous state
e05672e8
MV
199# - empty lists dir and broken remote leaves nothing on the system
200# - InRelease -> hashsum mismatch for one file reverts all files to previous state
201# - Release/Release.gpg -> hashsum mismatch
202# - InRelease -> Release with hashsum mismatch revert entire state and kills Release
203# - Release -> InRelease with broken Sig/Hash removes InRelease
204# going from Release/Release.gpg -> InRelease and vice versa
205# - unauthenticated -> invalid InRelease
206
67f2f9e2 207# stuff to do:
4dbfe436 208# - ims-hit
67f2f9e2
MV
209# - gzip-index tests
210
e05672e8
MV
211test_inrelease_to_new_inrelease
212test_inrelease_to_broken_hash_reverts_all
4dbfe436
DK
213test_inrelease_to_valid_release
214test_inrelease_to_release_reverts_all
6d979490 215test_unauthenticated_to_invalid_inrelease
c5fced38 216test_inrelease_to_unauth_inrelease
7abcfdde 217test_inrelease_to_broken_gzip