[apt.git] / test / integration / test-apt-update-weak-hashes

#!/bin/sh
set -e

TESTDIR="$(readlink -f "$(dirname "$0")")"
. "$TESTDIR/framework"

setupenvironment
configarchitecture 'i386'
confighashes 'MD5'
export APT_DONT_SIGN=''

insertpackage 'unstable' 'foo' 'i386' '1.0'
insertsource 'unstable' 'foo' 'any' '1.0'

setupaptarchive --no-update
APTARCHIVE="$(readlink -f ./aptarchive)"

testnopkg() {
	testnopackage "$@"
	testnosrcpackage "$@"
}
testbadpkg() {
	testempty find rootdir/var/lib/apt/lists -maxdepth 1 -name '*InRelease' -o -name '*Release.gpg'
	testnotempty find rootdir/var/lib/apt/lists -maxdepth 1 -name '*Release'
	testnotempty apt show "$@"
	testnotempty apt showsrc "$@"
	testfailureequal "WARNING: The following packages cannot be authenticated!
  $*
E: There were unauthenticated packages and -y was used without --allow-unauthenticated" aptget install -qq -y "$@"
	testfailureequal "WARNING: The following packages cannot be authenticated!
  $*
E: Some packages could not be authenticated" aptget source -qq "$@"
}

testrun() {
	local TYPE="$1"
	local FILENAME="$2"
	shift 2
	local MANGLED="$(readlink -f ./rootdir)/var/lib/apt/lists/partial/$(echo "$FILENAME" | sed 's#/#_#g')"
	msgmsg "$TYPE contains only weak hashes"
	confighashes 'MD5'
	generatereleasefiles
	signreleasefiles
	preparetest
	if [ -z "$1" ]; then
		listcurrentlistsdirectory > lists.before
		testfailuremsg "W: No Hash entry in Release file ${MANGLED} which is considered strong enough for security purposes
E: The repository 'file:${APTARCHIVE} unstable $(basename "$FILENAME")' provides only weak security information.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details." apt update
		testfileequal lists.before "$(listcurrentlistsdirectory)"
		testnopkg 'foo'
	else
		testwarningmsg "W: No Hash entry in Release file ${MANGLED} which is considered strong enough for security purposes
W: The repository 'file:${APTARCHIVE} unstable $(basename "$FILENAME")' provides only weak security information.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details." apt update "$@"
		testbadpkg 'foo'
	fi

	msgmsg "$TYPE contains no hashes"
	generatereleasefiles
	sed -i -e '/^ / d' -e '/^MD5Sum:/ d' "$APTARCHIVE/dists/unstable/Release"
	signreleasefiles
	preparetest
	if [ -z "$1" ]; then
		listcurrentlistsdirectory > lists.before
		testfailuremsg "W: No Hash entry in Release file ${MANGLED}
E: The repository 'file:${APTARCHIVE} unstable $(basename "$FILENAME")' provides only weak security information.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details." apt update
		testfileequal lists.before "$(listcurrentlistsdirectory)"
		testnopkg 'foo'
	else
		testwarningmsg "W: No Hash entry in Release file ${MANGLED}
W: The repository 'file:${APTARCHIVE} unstable $(basename "$FILENAME")' provides only weak security information.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details." apt update "$@"
		testbadpkg 'foo'
	fi

	msgmsg "$TYPE contains only weak hashes for some files"
	confighashes 'MD5' 'SHA256'
	generatereleasefiles
	sed -i '/^ [0-9a-fA-Z]\{64\} .*Sources$/d' "$APTARCHIVE/dists/unstable/Release"
	signreleasefiles
	preparetest
	# trust is a repository property, so individual files can't be insecure
	testwarningmsg "W: Skipping acquire of configured file 'main/source/Sources' as repository 'file:${APTARCHIVE} unstable InRelease' provides only weak security information for it" apt update "$@"
	testsuccess apt show foo
	testnosrcpackage foo
}

genericprepare() {
	rm -rf rootdir/var/lib/apt/lists
	mkdir -p rootdir/var/lib/apt/lists/partial
	touch rootdir/var/lib/apt/lists/lock
	local RELEASEGPG="$(readlink -f ./rootdir)/var/lib/apt/lists/partial/$(echo "${APTARCHIVE}/dists/unstable/Release.gpg" | sed 's#/#_#g')"
	touch "$RELEASEGPG"
	chmod 644 "$RELEASEGPG"
	local INRELEASE="$(readlink -f ./rootdir)/var/lib/apt/lists/partial/$(echo "${APTARCHIVE}/dists/unstable/InRelease" | sed 's#/#_#g')"
	touch "$INRELEASE"
	chmod 644 "$INRELEASE"
}
preparetest() {
	rm -f "${APTARCHIVE}/dists/unstable/Release" "${APTARCHIVE}/dists/unstable/Release.gpg"
	genericprepare
}
testrun 'InRelease' "${APTARCHIVE}/dists/unstable/InRelease"
testrun 'InRelease' "${APTARCHIVE}/dists/unstable/InRelease" --allow-insecure-repositories -o APT::Get::List-Cleanup=0

preparetest() {
	rm -f "${APTARCHIVE}/dists/unstable/InRelease"
	genericprepare
}
testrun 'Release+Release.gpg' "${APTARCHIVE}/dists/unstable/Release"
testrun 'Release+Release.gpg' "${APTARCHIVE}/dists/unstable/Release" --allow-insecure-repositories -o APT::Get::List-Cleanup=0

preparetest() {
	rm -f "${APTARCHIVE}/dists/unstable/InRelease" "${APTARCHIVE}/dists/unstable/Release.gpg"
	genericprepare
}

msgmsg 'Moving between Release files with good and bad hashes'
rm -rf rootdir/var/lib/apt/lists
confighashes 'MD5'
generatereleasefiles 'now - 7 days'
signreleasefiles
testfailure apt update
testnopkg 'foo'
testwarning apt update --allow-insecure-repositories
testbadpkg 'foo'

confighashes 'MD5' 'SHA256'
rm -rf aptarchive/dists
insertpackage 'unstable' 'foo2' 'i386' '1.0'
insertsource 'unstable' 'foo2' 'any' '1.0'
setupaptarchive --no-update 'now - 5 days'
testsuccess apt update
testnopkg foo
testnotempty find rootdir/var/lib/apt/lists -maxdepth 1 -name '*InRelease' -o -name '*Release.gpg'
testnotempty apt show foo2
testnotempty apt showsrc foo2

confighashes 'MD5'
rm -rf aptarchive/dists
insertpackage 'unstable' 'foo3' 'i386' '1.0'
insertsource 'unstable' 'foo3' 'any' '1.0'
setupaptarchive --no-update 'now - 3 days'
testfailure apt update
testnopkg foo
testnopkg foo3
testnotempty find rootdir/var/lib/apt/lists -maxdepth 1 -name '*InRelease' -o -name '*Release.gpg'
testnotempty apt show foo2
testnotempty apt showsrc foo2
testwarning apt update --allow-insecure-repositories
testnopkg foo2
testbadpkg foo3

msgmsg 'Working with packages guarded only by weak hashes'
confighashes 'MD5'
rm -rf aptarchive/dists
buildsimplenativepackage 'foo4' 'i386' '1' 'unstable'
setupaptarchive --no-update
testfailure apt update
confighashes 'SHA256'
generatereleasefiles 'now - 1 day'
signreleasefiles
testsuccess apt update
cd downloaded
testfailure apt download foo4
cp ../rootdir/tmp/testfailure.output download.output
testfailure grep 'Hash Sum mismatch' download.output
testsuccess grep 'Insufficient information' download.output

testsuccess apt install foo4 -s
testfailure apt install foo4 -dy
cp ../rootdir/tmp/testfailure.output install.output
testfailure grep 'Hash Sum mismatch' install.output
testsuccess grep 'Insufficient information' download.output

testsuccess apt source foo4
cp ../rootdir/tmp/testsuccess.output source.output
testsuccess grep 'Skipping download of file' source.output
testfailure test -e foo4_1.dsc
testsuccess test -e foo4_1.tar.*
cd ..
Commit	Line	Data
bd4a8f51 DK	1	#!/bin/sh
	2	set -e
	3
	4	TESTDIR="$(readlink -f "$(dirname "$0")")"
	5	. "$TESTDIR/framework"
	6
	7	setupenvironment
	8	configarchitecture 'i386'
	9	confighashes 'MD5'
ab94dcec	10	export APT_DONT_SIGN=''
bd4a8f51 DK	11
	12	insertpackage 'unstable' 'foo' 'i386' '1.0'
	13	insertsource 'unstable' 'foo' 'any' '1.0'
	14
	15	setupaptarchive --no-update
	16	APTARCHIVE="$(readlink -f ./aptarchive)"
	17
ab94dcec DK	18	testnopkg() {
	19	testnopackage "$@"
	20	testnosrcpackage "$@"
	21	}
	22	testbadpkg() {
	23	testempty find rootdir/var/lib/apt/lists -maxdepth 1 -name 'InRelease' -o -name 'Release.gpg'
	24	testnotempty find rootdir/var/lib/apt/lists -maxdepth 1 -name '*Release'
	25	testnotempty apt show "$@"
	26	testnotempty apt showsrc "$@"
	27	testfailureequal "WARNING: The following packages cannot be authenticated!
	28	$*
	29	E: There were unauthenticated packages and -y was used without --allow-unauthenticated" aptget install -qq -y "$@"
	30	testfailureequal "WARNING: The following packages cannot be authenticated!
	31	$*
	32	E: Some packages could not be authenticated" aptget source -qq "$@"
	33	}
bd4a8f51	34
ab94dcec DK	35	testrun() {
	36	local TYPE="$1"
	37	local FILENAME="$2"
	38	shift 2
	39	local MANGLED="$(readlink -f ./rootdir)/var/lib/apt/lists/partial/$(echo "$FILENAME" \| sed 's#/#_#g')"
	40	msgmsg "$TYPE contains only weak hashes"
	41	confighashes 'MD5'
	42	generatereleasefiles
	43	signreleasefiles
	44	preparetest
	45	if [ -z "$1" ]; then
	46	listcurrentlistsdirectory > lists.before
	47	testfailuremsg "W: No Hash entry in Release file ${MANGLED} which is considered strong enough for security purposes
	48	E: The repository 'file:${APTARCHIVE} unstable $(basename "$FILENAME")' provides only weak security information.
	49	N: Updating from such a repository can't be done securely, and is therefore disabled by default.
	50	N: See apt-secure(8) manpage for repository creation and user configuration details." apt update
	51	testfileequal lists.before "$(listcurrentlistsdirectory)"
	52	testnopkg 'foo'
	53	else
	54	testwarningmsg "W: No Hash entry in Release file ${MANGLED} which is considered strong enough for security purposes
	55	W: The repository 'file:${APTARCHIVE} unstable $(basename "$FILENAME")' provides only weak security information.
	56	N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
	57	N: See apt-secure(8) manpage for repository creation and user configuration details." apt update "$@"
	58	testbadpkg 'foo'
	59	fi
	60
	61	msgmsg "$TYPE contains no hashes"
	62	generatereleasefiles
	63	sed -i -e '/^ / d' -e '/^MD5Sum:/ d' "$APTARCHIVE/dists/unstable/Release"
	64	signreleasefiles
	65	preparetest
	66	if [ -z "$1" ]; then
	67	listcurrentlistsdirectory > lists.before
	68	testfailuremsg "W: No Hash entry in Release file ${MANGLED}
	69	E: The repository 'file:${APTARCHIVE} unstable $(basename "$FILENAME")' provides only weak security information.
	70	N: Updating from such a repository can't be done securely, and is therefore disabled by default.
	71	N: See apt-secure(8) manpage for repository creation and user configuration details." apt update
	72	testfileequal lists.before "$(listcurrentlistsdirectory)"
	73	testnopkg 'foo'
	74	else
	75	testwarningmsg "W: No Hash entry in Release file ${MANGLED}
	76	W: The repository 'file:${APTARCHIVE} unstable $(basename "$FILENAME")' provides only weak security information.
	77	N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
	78	N: See apt-secure(8) manpage for repository creation and user configuration details." apt update "$@"
	79	testbadpkg 'foo'
	80	fi
	81
	82	msgmsg "$TYPE contains only weak hashes for some files"
	83	confighashes 'MD5' 'SHA256'
	84	generatereleasefiles
	85	sed -i '/^ [0-9a-fA-Z]\{64\} .*Sources$/d' "$APTARCHIVE/dists/unstable/Release"
	86	signreleasefiles
	87	preparetest
	88	# trust is a repository property, so individual files can't be insecure
	89	testwarningmsg "W: Skipping acquire of configured file 'main/source/Sources' as repository 'file:${APTARCHIVE} unstable InRelease' provides only weak security information for it" apt update "$@"
	90	testsuccess apt show foo
	91	testnosrcpackage foo
	92	}
	93
	94	genericprepare() {
	95	rm -rf rootdir/var/lib/apt/lists
	96	mkdir -p rootdir/var/lib/apt/lists/partial
	97	touch rootdir/var/lib/apt/lists/lock
	98	local RELEASEGPG="$(readlink -f ./rootdir)/var/lib/apt/lists/partial/$(echo "${APTARCHIVE}/dists/unstable/Release.gpg" \| sed 's#/#_#g')"
99	touch "$RELEASEGPG"
100	chmod 644 "$RELEASEGPG"
101	local INRELEASE="$(readlink -f ./rootdir)/var/lib/apt/lists/partial/$(echo "${APTARCHIVE}/dists/unstable/InRelease" \| sed 's#/#_#g')"
102	touch "$INRELEASE"
103	chmod 644 "$INRELEASE"
104	}
105	preparetest() {
106	rm -f "${APTARCHIVE}/dists/unstable/Release" "${APTARCHIVE}/dists/unstable/Release.gpg"
107	genericprepare
108	}
109	testrun 'InRelease' "${APTARCHIVE}/dists/unstable/InRelease"
110	testrun 'InRelease' "${APTARCHIVE}/dists/unstable/InRelease" --allow-insecure-repositories -o APT::Get::List-Cleanup=0
111
112	preparetest() {
113	rm -f "${APTARCHIVE}/dists/unstable/InRelease"
114	genericprepare
115	}
116	testrun 'Release+Release.gpg' "${APTARCHIVE}/dists/unstable/Release"
117	testrun 'Release+Release.gpg' "${APTARCHIVE}/dists/unstable/Release" --allow-insecure-repositories -o APT::Get::List-Cleanup=0
118
119	preparetest() {
120	rm -f "${APTARCHIVE}/dists/unstable/InRelease" "${APTARCHIVE}/dists/unstable/Release.gpg"
121	genericprepare
122	}
123
124	msgmsg 'Moving between Release files with good and bad hashes'
125	rm -rf rootdir/var/lib/apt/lists
126	confighashes 'MD5'
562f0774	127	generatereleasefiles 'now - 7 days'
bd4a8f51	128	signreleasefiles
ab94dcec DK	129	testfailure apt update
	130	testnopkg 'foo'
	131	testwarning apt update --allow-insecure-repositories
	132	testbadpkg 'foo'
bd4a8f51	133
bd4a8f51	134	confighashes 'MD5' 'SHA256'
ab94dcec DK	135	rm -rf aptarchive/dists
	136	insertpackage 'unstable' 'foo2' 'i386' '1.0'
	137	insertsource 'unstable' 'foo2' 'any' '1.0'
562f0774	138	setupaptarchive --no-update 'now - 5 days'
ab94dcec DK	139	testsuccess apt update
	140	testnopkg foo
	141	testnotempty find rootdir/var/lib/apt/lists -maxdepth 1 -name 'InRelease' -o -name 'Release.gpg'
	142	testnotempty apt show foo2
	143	testnotempty apt showsrc foo2
	144
	145	confighashes 'MD5'
	146	rm -rf aptarchive/dists
	147	insertpackage 'unstable' 'foo3' 'i386' '1.0'
	148	insertsource 'unstable' 'foo3' 'any' '1.0'
562f0774	149	setupaptarchive --no-update 'now - 3 days'
ab94dcec DK	150	testfailure apt update
	151	testnopkg foo
	152	testnopkg foo3
	153	testnotempty find rootdir/var/lib/apt/lists -maxdepth 1 -name 'InRelease' -o -name 'Release.gpg'
	154	testnotempty apt show foo2
	155	testnotempty apt showsrc foo2
	156	testwarning apt update --allow-insecure-repositories
	157	testnopkg foo2
	158	testbadpkg foo3
562f0774 DK	159
	160	msgmsg 'Working with packages guarded only by weak hashes'
	161	confighashes 'MD5'
	162	rm -rf aptarchive/dists
	163	buildsimplenativepackage 'foo4' 'i386' '1' 'unstable'
	164	setupaptarchive --no-update
	165	testfailure apt update
	166	confighashes 'SHA256'
	167	generatereleasefiles 'now - 1 day'
	168	signreleasefiles
	169	testsuccess apt update
	170	cd downloaded
	171	testfailure apt download foo4
	172	cp ../rootdir/tmp/testfailure.output download.output
	173	testfailure grep 'Hash Sum mismatch' download.output
	174	testsuccess grep 'Insufficient information' download.output
	175
	176	testsuccess apt install foo4 -s
	177	testfailure apt install foo4 -dy
	178	cp ../rootdir/tmp/testfailure.output install.output
	179	testfailure grep 'Hash Sum mismatch' install.output
	180	testsuccess grep 'Insufficient information' download.output
	181
	182	testsuccess apt source foo4
	183	cp ../rootdir/tmp/testsuccess.output source.output
	184	testsuccess grep 'Skipping download of file' source.output
	185	testfailure test -e foo4_1.dsc
	186	testsuccess test -e foo4_1.tar.*
	187	cd ..