]> git.saurik.com Git - apt.git/blame - test/integration/test-apt-update-file
do not use _apt for file/copy sources if it isn't world-accessible
[apt.git] / test / integration / test-apt-update-file
CommitLineData
daff4aa3
MV
1#!/bin/sh
2#
3# Ensure that we do not modify file:/// uris (regression test for
4# CVE-2014-0487
5#
6set -e
7
8TESTDIR=$(readlink -f $(dirname $0))
9. $TESTDIR/framework
10
11setupenvironment
12configarchitecture "amd64"
846bc058 13configcompression 'bz2' 'gz'
c5ede4ca 14confighashes 'SHA512'
daff4aa3 15
846bc058 16insertpackage 'unstable' 'foo' 'all' '1'
514a25cb 17insertpackage 'unstable' 'bar' 'amd64' '1'
846bc058 18insertsource 'unstable' 'foo' 'all' '1'
daff4aa3 19
daff4aa3
MV
20setupaptarchive --no-update
21
22# ensure the archive is not writable
30c8107e
DK
23addtrap 'prefix' 'chmod 755 aptarchive/dists/unstable/main/binary-all;'
24if [ "$(id -u)" = '0' ]; then
514a25cb
DK
25 # too deep to notice it, but it also unlikely that files in the same repo have different permissions
26 chmod 500 aptarchive/dists/unstable/main/binary-all
30c8107e 27 testfailure aptget update
514a25cb
DK
28 rm -rf rootdir/var/lib/apt/lists
29 chmod 755 aptarchive/dists/unstable/main/binary-all
30 testsuccess aptget update
31 rm -rf rootdir/var/lib/apt/lists
32 chmod 511 aptarchive/dists/
33 testsuccess aptget update
34 rm -rf rootdir/var/lib/apt/lists
35 chmod 510 aptarchive/dists/
36 testsuccesswithnotice aptget update -q=0
37 rm -rf rootdir/var/lib/apt/lists
38 chmod 500 aptarchive/dists/
39 testsuccesswithnotice aptget update -q=0
40 exit
30c8107e
DK
41fi
42chmod 555 aptarchive/dists/unstable/main/binary-all
846bc058 43testsuccess aptget update
448c38bd
DK
44
45# the release files aren't an IMS-hit, but the indexes are
46redatereleasefiles '+1 hour'
47
8d041b4f 48# we don't download the index if it isn't updated
846bc058 49testsuccess aptget update -o Debug::pkgAcquire::Auth=1
8d041b4f 50# file:/ isn't shown in the log, so see if it was downloaded anyhow
846bc058 51cp -a rootdir/tmp/testsuccess.output rootdir/tmp/update.output
1dd20368 52canary="SHA512:$(bzcat aptarchive/dists/unstable/main/binary-all/Packages.bz2 | sha512sum |cut -f1 -d' ')"
8d041b4f
DK
53testfailure grep -- "$canary" rootdir/tmp/update.output
54
55testfoo() {
56 # foo is still available
57 testsuccess aptget install -s foo
58 testsuccess aptcache showsrc foo
59 testsuccess aptget source foo --print-uris
60}
61testfoo
62
63# the release file is new again, the index still isn't, but it is somehow gone now from disk
64redatereleasefiles '+2 hour'
65find rootdir/var/lib/apt/lists -name '*_Packages*' -delete
23d0a6fb 66
8d041b4f
DK
67testsuccess aptget update -o Debug::pkgAcquire::Auth=1
68# file:/ isn't shown in the log, so see if it was downloaded anyhow
69cp -a rootdir/tmp/testsuccess.output rootdir/tmp/update.output
1dd20368 70canary="SHA512:$(bzcat aptarchive/dists/unstable/main/binary-all/Packages.bz2 | sha512sum |cut -f1 -d' ')"
846bc058 71testsuccess grep -- "$canary" rootdir/tmp/update.output
23d0a6fb 72
8d041b4f 73testfoo