]> git.saurik.com Git - apt.git/blame - test/integration/test-cve-2013-1051-InRelease-parsing
Implement simple by-hash for apt update
[apt.git] / test / integration / test-cve-2013-1051-InRelease-parsing
CommitLineData
34747d46
DK
1#!/bin/sh
2set -e
3
4TESTDIR=$(readlink -f $(dirname $0))
5. $TESTDIR/framework
6
7setupenvironment
8configarchitecture 'i386'
9
10insertpackage 'stable' 'good-pkg' 'all' '1.0'
11
12setupaptarchive
13
14changetowebserver
2842f3e6 15ARCHIVE='http://localhost:8080/'
34747d46 16msgtest 'Initial apt-get update should work with' 'InRelease'
0440d936 17testsuccess --nomsg aptget update
34747d46
DK
18
19# check that the setup is correct
20testequal "good-pkg:
21 Installed: (none)
22 Candidate: 1.0
23 Version table:
24 1.0 0
25 500 ${ARCHIVE} stable/main i386 Packages" aptcache policy good-pkg
26
27# now exchange to the Packages file, note that this could be
28# done via MITM too
29insertpackage 'stable' 'bad-mitm' 'all' '1.0'
30
31# this builds compressed files and a new (unsigned) Release
32buildaptarchivefromfiles '+1hour'
33
34# add a space into the BEGIN PGP SIGNATURE PART/END PGP SIGNATURE part
35# to trick apt - this is still legal to gpg(v)
36sed -i '/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ s/^$/ /g' aptarchive/dists/stable/InRelease
37
38# we append the (evil unsigned) Release file to the (good signed) InRelease
39cat aptarchive/dists/stable/Release >> aptarchive/dists/stable/InRelease
e3c62328 40touch -d '+1hour' aptarchive/dists/stable/InRelease
34747d46
DK
41
42# ensure the update fails
43# useful for debugging to add "-o Debug::pkgAcquire::auth=true"
44msgtest 'apt-get update for should fail with the modified' 'InRelease'
45aptget update 2>&1 | grep -q 'Hash Sum mismatch' > /dev/null && msgpass || msgfail
46
47# ensure there is no package
48testequal 'Reading package lists...
49Building dependency tree...
50E: Unable to locate package bad-mitm' aptget install bad-mitm -s
51
52# and verify that its not picked up
53testequal 'N: Unable to locate package bad-mitm' aptcache policy bad-mitm -q=0
54
55# and that the right one is used
56testequal "good-pkg:
57 Installed: (none)
58 Candidate: 1.0
59 Version table:
60 1.0 0
61 500 ${ARCHIVE} stable/main i386 Packages" aptcache policy good-pkg