Commit | Line | Data |
---|---|---|
fe0f7911 DK |
1 | #!/bin/sh |
2 | set -e | |
3 | ||
4 | TESTDIR=$(readlink -f $(dirname $0)) | |
5 | . $TESTDIR/framework | |
6 | ||
7 | setupenvironment | |
8 | configarchitecture "i386" | |
9 | ||
10 | buildaptarchive | |
11 | setupflataptarchive | |
12 | changetowebserver | |
13 | ||
14 | prepare() { | |
15 | local DATE="${2:-now}" | |
16 | if [ "$DATE" = 'now' -a "$1" = "${PKGFILE}-new" ]; then | |
17 | DATE='now + 6 days' | |
18 | fi | |
19 | for release in $(find rootdir/var/lib/apt/lists 2> /dev/null); do | |
20 | touch -d 'now - 6 hours' $release | |
21 | done | |
8de79b68 | 22 | aptget clean |
fe0f7911 DK |
23 | cp $1 aptarchive/Packages |
24 | find aptarchive -name 'Release' -delete | |
25 | cat aptarchive/Packages | gzip > aptarchive/Packages.gz | |
26 | cat aptarchive/Packages | bzip2 > aptarchive/Packages.bz2 | |
3b4d8136 | 27 | cat aptarchive/Packages | xz --format=lzma > aptarchive/Packages.lzma |
fe0f7911 DK |
28 | generatereleasefiles "$DATE" |
29 | } | |
30 | ||
31 | installaptold() { | |
32 | testequal 'Reading package lists... | |
33 | Building dependency tree... | |
34 | Suggested packages: | |
35 | aptitude synaptic wajig dpkg-dev apt-doc bzip2 lzma python-apt | |
36 | The following NEW packages will be installed: | |
37 | apt | |
38 | 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. | |
39 | After this operation, 5370 kB of additional disk space will be used. | |
5b63d2a9 | 40 | Get:1 http://localhost:8080/ apt 0.7.25.3 |
fe0f7911 DK |
41 | Download complete and in download only mode' aptget install apt -dy |
42 | } | |
43 | ||
44 | installaptnew() { | |
45 | testequal 'Reading package lists... | |
46 | Building dependency tree... | |
47 | Suggested packages: | |
48 | aptitude synaptic wajig dpkg-dev apt-doc bzip2 lzma python-apt | |
49 | The following NEW packages will be installed: | |
50 | apt | |
51 | 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. | |
52 | After this operation, 5808 kB of additional disk space will be used. | |
5b63d2a9 | 53 | Get:1 http://localhost:8080/ apt 0.8.0~pre1 |
fe0f7911 DK |
54 | Download complete and in download only mode' aptget install apt -dy |
55 | } | |
56 | ||
57 | failaptold() { | |
58 | testequal 'Reading package lists... | |
59 | Building dependency tree... | |
60 | Suggested packages: | |
61 | aptitude synaptic wajig dpkg-dev apt-doc bzip2 lzma python-apt | |
62 | The following NEW packages will be installed: | |
63 | apt | |
64 | 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. | |
65 | After this operation, 5370 kB of additional disk space will be used. | |
66 | WARNING: The following packages cannot be authenticated! | |
67 | apt | |
68 | E: There are problems and -y was used without --force-yes' aptget install apt -dy | |
69 | } | |
70 | ||
71 | failaptnew() { | |
72 | testequal 'Reading package lists... | |
73 | Building dependency tree... | |
74 | Suggested packages: | |
75 | aptitude synaptic wajig dpkg-dev apt-doc bzip2 lzma python-apt | |
76 | The following NEW packages will be installed: | |
77 | apt | |
78 | 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. | |
79 | After this operation, 5808 kB of additional disk space will be used. | |
80 | WARNING: The following packages cannot be authenticated! | |
81 | apt | |
82 | E: There are problems and -y was used without --force-yes' aptget install apt -dy | |
83 | } | |
84 | ||
85 | # fake our downloadable file | |
86 | touch aptarchive/apt.deb | |
87 | ||
88 | PKGFILE="${TESTDIR}/$(echo "$(basename $0)" | sed 's#^test-#Packages-#')" | |
89 | ||
90 | runtest() { | |
91 | prepare ${PKGFILE} | |
92 | rm -rf rootdir/var/lib/apt/lists | |
93 | signreleasefiles 'Joe Sixpack' | |
94 | find aptarchive/ -name "$DELETEFILE" -delete | |
95 | msgtest 'Cold archive signed by' 'Joe Sixpack' | |
96 | aptget update 2>&1 | grep -E '^(W|E): ' > /dev/null && msgfail || msgpass | |
97 | testequal "$(cat ${PKGFILE}) | |
98 | " aptcache show apt | |
99 | installaptold | |
100 | ||
101 | prepare ${PKGFILE}-new | |
102 | signreleasefiles 'Joe Sixpack' | |
103 | find aptarchive/ -name "$DELETEFILE" -delete | |
104 | msgtest 'Good warm archive signed by' 'Joe Sixpack' | |
105 | aptget update 2>&1 | grep -E '^(W|E): ' > /dev/null && msgfail || msgpass | |
106 | testequal "$(cat ${PKGFILE}-new) | |
107 | " aptcache show apt | |
108 | installaptnew | |
109 | ||
29a59c46 DK |
110 | prepare ${PKGFILE} |
111 | rm -rf rootdir/var/lib/apt/lists | |
112 | cp keys/rexexpired.pub rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg | |
113 | signreleasefiles 'Rex Expired' | |
114 | find aptarchive/ -name "$DELETEFILE" -delete | |
115 | msgtest 'Cold archive signed by' 'Rex Expired' | |
116 | aptget update 2>&1 | grep -E '^W: .* KEYEXPIRED' > /dev/null && msgpass || msgfail | |
117 | testequal "$(cat ${PKGFILE}) | |
118 | " aptcache show apt | |
119 | failaptold | |
120 | rm rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg | |
fe0f7911 DK |
121 | |
122 | prepare ${PKGFILE} | |
123 | rm -rf rootdir/var/lib/apt/lists | |
124 | signreleasefiles 'Marvin Paranoid' | |
125 | find aptarchive/ -name "$DELETEFILE" -delete | |
126 | msgtest 'Cold archive signed by' 'Marvin Paranoid' | |
29a59c46 | 127 | aptget update 2>&1 | grep -E '^W: .* NO_PUBKEY' > /dev/null && msgpass || msgfail |
fe0f7911 DK |
128 | testequal "$(cat ${PKGFILE}) |
129 | " aptcache show apt | |
130 | failaptold | |
131 | ||
132 | prepare ${PKGFILE}-new | |
133 | # weborf doesn't support If-Range | |
134 | for release in $(find rootdir/var/lib/apt/lists/partial/ -name '*Release'); do | |
135 | rm $release | |
136 | touch $release | |
137 | done | |
138 | signreleasefiles 'Joe Sixpack' | |
139 | find aptarchive/ -name "$DELETEFILE" -delete | |
140 | msgtest 'Bad warm archive signed by' 'Joe Sixpack' | |
141 | aptget update 2>&1 | grep -E '^(W|E): ' > /dev/null && msgfail || msgpass | |
142 | testequal "$(cat ${PKGFILE}-new) | |
143 | " aptcache show apt | |
144 | installaptnew | |
145 | ||
146 | ||
147 | prepare ${PKGFILE} | |
148 | rm -rf rootdir/var/lib/apt/lists | |
149 | signreleasefiles 'Joe Sixpack' | |
150 | find aptarchive/ -name "$DELETEFILE" -delete | |
151 | msgtest 'Cold archive signed by' 'Joe Sixpack' | |
152 | aptget update 2>&1 | grep -E '^(W|E): ' > /dev/null && msgfail || msgpass | |
153 | testequal "$(cat ${PKGFILE}) | |
154 | " aptcache show apt | |
155 | installaptold | |
156 | ||
157 | prepare ${PKGFILE}-new | |
158 | signreleasefiles 'Marvin Paranoid' | |
159 | find aptarchive/ -name "$DELETEFILE" -delete | |
160 | msgtest 'Good warm archive signed by' 'Marvin Paranoid' | |
29a59c46 DK |
161 | aptget update 2>&1 | grep -E '^W: .* NO_PUBKEY' > /dev/null && msgpass || msgfail |
162 | testequal "$(cat ${PKGFILE}) | |
163 | " aptcache show apt | |
164 | installaptold | |
165 | ||
166 | prepare ${PKGFILE}-new | |
167 | cp keys/rexexpired.pub rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg | |
168 | signreleasefiles 'Rex Expired' | |
169 | find aptarchive/ -name "$DELETEFILE" -delete | |
170 | msgtest 'Good warm archive signed by' 'Rex Expired' | |
171 | aptget update 2>&1 | grep -E '^W: .* KEYEXPIRED' > /dev/null && msgpass || msgfail | |
fe0f7911 DK |
172 | testequal "$(cat ${PKGFILE}) |
173 | " aptcache show apt | |
174 | installaptold | |
29a59c46 DK |
175 | rm rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg |
176 | ||
177 | prepare ${PKGFILE}-new | |
178 | signreleasefiles | |
179 | find aptarchive/ -name "$DELETEFILE" -delete | |
180 | msgtest 'Good warm archive signed by' 'Joe Sixpack' | |
181 | aptget update 2>&1 | grep -E '^(W|E): ' > /dev/null && msgfail || msgpass | |
182 | testequal "$(cat ${PKGFILE}-new) | |
183 | " aptcache show apt | |
184 | installaptnew | |
fe0f7911 DK |
185 | } |
186 | ||
43c1ca5d SR |
187 | runtest2() { |
188 | prepare ${PKGFILE} | |
189 | rm -rf rootdir/var/lib/apt/lists | |
190 | signreleasefiles 'Joe Sixpack' | |
191 | msgtest 'Cold archive signed by' 'Joe Sixpack' | |
192 | aptget update 2>&1 | grep -E '^(W|E): ' > /dev/null && msgfail || msgpass | |
193 | ||
194 | # New .deb but now an unsigned archive. For example MITM to circumvent | |
195 | # package verification. | |
196 | prepare ${PKGFILE}-new | |
197 | find aptarchive/ -name InRelease -delete | |
198 | find aptarchive/ -name Release.gpg -delete | |
199 | msgtest 'Warm archive signed by' 'nobody' | |
200 | aptget update 2>&1 | grep -E '^(W|E): ' > /dev/null && msgfail || msgpass | |
201 | testequal "$(cat ${PKGFILE}-new) | |
202 | " aptcache show apt | |
203 | failaptnew | |
204 | ||
205 | # Unsigned archive from the beginning must also be detected. | |
206 | rm -rf rootdir/var/lib/apt/lists | |
207 | msgtest 'Cold archive signed by' 'nobody' | |
208 | aptget update 2>&1 | grep -E '^(W|E): ' > /dev/null && msgfail || msgpass | |
209 | testequal "$(cat ${PKGFILE}-new) | |
210 | " aptcache show apt | |
211 | failaptnew | |
212 | } | |
213 | runtest2 | |
214 | ||
215 | ||
fe0f7911 DK |
216 | DELETEFILE="InRelease" |
217 | runtest | |
e3c62328 DK |
218 | DELETEFILE="Release.gpg" |
219 | runtest |