]> git.saurik.com Git - apt.git/blame - test/integration/test-cve-2013-1051-InRelease-parsing
policy: Fix the new policy implementation to handle downgrades correctly
[apt.git] / test / integration / test-cve-2013-1051-InRelease-parsing
CommitLineData
34747d46
DK
1#!/bin/sh
2set -e
3
4TESTDIR=$(readlink -f $(dirname $0))
5. $TESTDIR/framework
6
7setupenvironment
8configarchitecture 'i386'
9
10insertpackage 'stable' 'good-pkg' 'all' '1.0'
11
12setupaptarchive
13
14changetowebserver
1da3b7b8 15ARCHIVE='http://localhost:8080'
34747d46 16msgtest 'Initial apt-get update should work with' 'InRelease'
0440d936 17testsuccess --nomsg aptget update
34747d46
DK
18
19# check that the setup is correct
25b86db1 20testsuccessequal "good-pkg:
34747d46
DK
21 Installed: (none)
22 Candidate: 1.0
23 Version table:
24 1.0 0
25 500 ${ARCHIVE} stable/main i386 Packages" aptcache policy good-pkg
26
27# now exchange to the Packages file, note that this could be
28# done via MITM too
29insertpackage 'stable' 'bad-mitm' 'all' '1.0'
30
31# this builds compressed files and a new (unsigned) Release
32buildaptarchivefromfiles '+1hour'
33
34# add a space into the BEGIN PGP SIGNATURE PART/END PGP SIGNATURE part
35# to trick apt - this is still legal to gpg(v)
36sed -i '/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ s/^$/ /g' aptarchive/dists/stable/InRelease
37
38# we append the (evil unsigned) Release file to the (good signed) InRelease
39cat aptarchive/dists/stable/Release >> aptarchive/dists/stable/InRelease
e3c62328 40touch -d '+1hour' aptarchive/dists/stable/InRelease
34747d46 41
8d041b4f
DK
42# ensure the update doesn't load bad data as good data
43# Note that we will pick up the InRelease itself as we download no other
44# indexes which would trigger a hashsum mismatch, but we ignore the 'bad'
45# part of the InRelease
46listcurrentlistsdirectory | sed '/_InRelease/ d' > listsdir.lst
47msgtest 'apt-get update should ignore unsigned data in the' 'InRelease'
48testsuccessequal "Get:1 http://localhost:8080 stable InRelease [$(stat -c%s aptarchive/dists/stable/InRelease) B]
49Reading package lists..." --nomsg aptget update
50testfileequal './listsdir.lst' "$(listcurrentlistsdirectory | sed '/_InRelease/ d')"
34747d46
DK
51
52# ensure there is no package
25b86db1 53testfailureequal 'Reading package lists...
34747d46
DK
54Building dependency tree...
55E: Unable to locate package bad-mitm' aptget install bad-mitm -s
56
57# and verify that its not picked up
25b86db1 58testsuccessequal 'N: Unable to locate package bad-mitm' aptcache policy bad-mitm -q=0
34747d46
DK
59
60# and that the right one is used
25b86db1 61testsuccessequal "good-pkg:
34747d46
DK
62 Installed: (none)
63 Candidate: 1.0
64 Version table:
65 1.0 0
66 500 ${ARCHIVE} stable/main i386 Packages" aptcache policy good-pkg