]> git.saurik.com Git - apt.git/blame - test/integration/test-apt-update-file
rework hashsum verification in the acquire system
[apt.git] / test / integration / test-apt-update-file
CommitLineData
daff4aa3
MV
1#!/bin/sh
2#
3# Ensure that we do not modify file:/// uris (regression test for
4# CVE-2014-0487
5#
6set -e
7
8TESTDIR=$(readlink -f $(dirname $0))
9. $TESTDIR/framework
10
11setupenvironment
12configarchitecture "amd64"
846bc058 13configcompression 'bz2' 'gz'
daff4aa3 14
846bc058
DK
15insertpackage 'unstable' 'foo' 'all' '1'
16insertsource 'unstable' 'foo' 'all' '1'
daff4aa3 17
daff4aa3
MV
18setupaptarchive --no-update
19
20# ensure the archive is not writable
846bc058 21addtrap 'prefix' 'chmod 750 aptarchive/dists/unstable/main/binary-amd64;'
daff4aa3
MV
22chmod 550 aptarchive/dists/unstable/main/binary-amd64
23
846bc058 24testsuccess aptget update
448c38bd
DK
25
26# the release files aren't an IMS-hit, but the indexes are
27redatereleasefiles '+1 hour'
28
846bc058
DK
29testsuccess aptget update -o Debug::pkgAcquire::Auth=1
30cp -a rootdir/tmp/testsuccess.output rootdir/tmp/update.output
23d0a6fb 31
846bc058 32# ensure that the hash of the uncompressed file was verified even on a local ims hit
23d0a6fb 33canary="SHA512:$(bzcat aptarchive/dists/unstable/main/binary-amd64/Packages.bz2 | sha512sum |cut -f1 -d' ')"
846bc058 34testsuccess grep -- "$canary" rootdir/tmp/update.output
23d0a6fb 35
8b451962
MV
36# foo is still available
37testsuccess aptget install -s foo
846bc058
DK
38testsuccess aptcache showsrc foo
39testsuccess aptget source foo --print-uris