[apt.git] / test / integration / test-apt-key-net-update

#!/bin/sh
set -e

TESTDIR=$(readlink -f $(dirname $0))
. $TESTDIR/framework

setupenvironment
configarchitecture "i386"
changetowebserver

# setup env
mkdir -p aptarchive/ubuntu/project var/lib/apt/keyrings
echo 'APT::Key::ArchiveKeyringURI "http://localhost:8080/ubuntu/project/ubuntu-archive-keyring.gpg";' >> ./aptconfig.conf
echo 'APT::Key::Net-Update-Enabled "1";' >> ./aptconfig.conf

# signed thing
echo "meep" > aptarchive/ubuntu/project/ubuntu-archive-keyring.gpg

# test against the "real" webserver
aptkey --fakeroot net-update

exit 1

# mock
requires_root() {
    return 0
}

# extract net_update() and import it
func=$( sed -n -e '/^add_keys_with_verify_against_master_keyring/,/^}/p' ${BUILDDIRECTORY}/apt-key )
eval "$func"

mkdir -p ./etc/apt
TRUSTEDFILE=./etc/apt/trusted.gpg
mkdir -p ./var/lib/apt/keyrings
TMP_KEYRING=./var/lib/apt/keyrings/maybe-import-keyring.gpg
GPG_CMD="gpg --ignore-time-conflict --no-options --no-default-keyring"

# FIXME: instead of copying this use apt-key and the buildin apt webserver
#        to do a real test

# COPYIED from apt-key.in --------------

# gpg needs a trustdb to function, but it can't be invalid (not even empty)
# so we create a temporary directory to store our fresh readable trustdb in
TRUSTDBDIR="$(mktemp -d)"
CURRENTTRAP="${CURRENTTRAP} rm -rf '${TRUSTDBDIR}';"
trap "${CURRENTTRAP}" 0 HUP INT QUIT ILL ABRT FPE SEGV PIPE TERM
chmod 700 "$TRUSTDBDIR"
# We also don't use a secret keyring, of course, but gpg panics and
# implodes if there isn't one available - and writeable for imports
SECRETKEYRING="${TRUSTDBDIR}/secring.gpg"
touch $SECRETKEYRING
GPG_CMD="$GPG_CMD --secret-keyring $SECRETKEYRING"
GPG_CMD="$GPG_CMD --trustdb-name ${TRUSTDBDIR}/trustdb.gpg"
#----------------------------------------- END COPY

GPG="$GPG_CMD --keyring $TRUSTEDFILE"
MASTER_KEYRING=/usr/share/keyrings/ubuntu-master-keyring.gpg

msgtest "add_keys_with_verify_against_master_keyring"
if [ ! -e $MASTER_KEYRING ]; then
    echo -n "No $MASTER_KEYRING found"
    msgskip 
    exit 0
fi

# test bad keyring and ensure its not added (LP: #857472)
ADD_KEYRING=./keys/exploid-keyring-with-dupe-keys.pub
if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then
    msgfail
else
    msgpass
fi

# ensure the keyring is still empty
gpg_out=$($GPG --list-keys)
msgtest "Test if keyring is empty"
if [ -n "" ]; then
    msgfail
else
    msgpass
fi


# test another possible attack vector using subkeys (LP: #1013128)
msgtest "add_keys_with_verify_against_master_keyring with subkey attack"
ADD_KEYRING=./keys/exploid-keyring-with-dupe-subkeys.pub
if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then
    msgfail
else
    msgpass
fi

# ensure the keyring is still empty
gpg_out=$($GPG --list-keys)
msgtest "Test if keyring is empty"
if [ -n "" ]; then
    msgfail
else
    msgpass
fi


# test good keyring and ensure we get no errors
ADD_KEYRING=/usr/share/keyrings/ubuntu-archive-keyring.gpg
if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then
    msgpass
else
    msgfail
fi

testequal './etc/apt/trusted.gpg
---------------------
pub   1024D/437D05B5 2004-09-12
uid                  Ubuntu Archive Automatic Signing Key <ftpmaster@ubuntu.com>
sub   2048g/79164387 2004-09-12

pub   1024D/FBB75451 2004-12-30
uid                  Ubuntu CD Image Automatic Signing Key <cdimage@ubuntu.com>

pub   4096R/C0B21F32 2012-05-11
uid                  Ubuntu Archive Automatic Signing Key (2012) <ftpmaster@ubuntu.com>

pub   4096R/EFE21092 2012-05-11
uid                  Ubuntu CD Image Automatic Signing Key (2012) <cdimage@ubuntu.com>
' $GPG --list-keys
Commit	Line	Data
f87338d2 DK	1	#!/bin/sh
	2	set -e
	3
	4	TESTDIR=$(readlink -f $(dirname $0))
	5	. $TESTDIR/framework
	6
	7	setupenvironment
	8	configarchitecture "i386"
5acf154d MV	9	changetowebserver
	10
	11	# setup env
	12	mkdir -p aptarchive/ubuntu/project var/lib/apt/keyrings
	13	echo 'APT::Key::ArchiveKeyringURI "http://localhost:8080/ubuntu/project/ubuntu-archive-keyring.gpg";' >> ./aptconfig.conf
	14	echo 'APT::Key::Net-Update-Enabled "1";' >> ./aptconfig.conf
	15
	16	# signed thing
	17	echo "meep" > aptarchive/ubuntu/project/ubuntu-archive-keyring.gpg
	18
	19	# test against the "real" webserver
	20	aptkey --fakeroot net-update
	21
	22	exit 1
f87338d2 DK	23
	24	# mock
	25	requires_root() {
	26	return 0
	27	}
	28
	29	# extract net_update() and import it
	30	func=$( sed -n -e '/^add_keys_with_verify_against_master_keyring/,/^}/p' ${BUILDDIRECTORY}/apt-key )
	31	eval "$func"
	32
	33	mkdir -p ./etc/apt
	34	TRUSTEDFILE=./etc/apt/trusted.gpg
	35	mkdir -p ./var/lib/apt/keyrings
	36	TMP_KEYRING=./var/lib/apt/keyrings/maybe-import-keyring.gpg
	37	GPG_CMD="gpg --ignore-time-conflict --no-options --no-default-keyring"
9b7c1050 MV	38
	39	# FIXME: instead of copying this use apt-key and the buildin apt webserver
	40	# to do a real test
f87338d2	41
fc85b0d8 MV	42	# COPYIED from apt-key.in --------------
	43
	44	# gpg needs a trustdb to function, but it can't be invalid (not even empty)
	45	# so we create a temporary directory to store our fresh readable trustdb in
	46	TRUSTDBDIR="$(mktemp -d)"
	47	CURRENTTRAP="${CURRENTTRAP} rm -rf '${TRUSTDBDIR}';"
	48	trap "${CURRENTTRAP}" 0 HUP INT QUIT ILL ABRT FPE SEGV PIPE TERM
	49	chmod 700 "$TRUSTDBDIR"
	50	# We also don't use a secret keyring, of course, but gpg panics and
	51	# implodes if there isn't one available - and writeable for imports
	52	SECRETKEYRING="${TRUSTDBDIR}/secring.gpg"
	53	touch $SECRETKEYRING
	54	GPG_CMD="$GPG_CMD --secret-keyring $SECRETKEYRING"
	55	GPG_CMD="$GPG_CMD --trustdb-name ${TRUSTDBDIR}/trustdb.gpg"
	56	#----------------------------------------- END COPY
f87338d2	57
9b7c1050 MV	58	GPG="$GPG_CMD --keyring $TRUSTEDFILE"
	59	MASTER_KEYRING=/usr/share/keyrings/ubuntu-master-keyring.gpg
	60
f87338d2 DK	61	msgtest "add_keys_with_verify_against_master_keyring"
	62	if [ ! -e $MASTER_KEYRING ]; then
	63	echo -n "No $MASTER_KEYRING found"
	64	msgskip
	65	exit 0
	66	fi
	67
	68	# test bad keyring and ensure its not added (LP: #857472)
	69	ADD_KEYRING=./keys/exploid-keyring-with-dupe-keys.pub
	70	if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then
	71	msgfail
	72	else
	73	msgpass
	74	fi
	75
	76	# ensure the keyring is still empty
	77	gpg_out=$($GPG --list-keys)
	78	msgtest "Test if keyring is empty"
	79	if [ -n "" ]; then
	80	msgfail
	81	else
	82	msgpass
	83	fi
	84
	85
	86	# test another possible attack vector using subkeys (LP: #1013128)
	87	msgtest "add_keys_with_verify_against_master_keyring with subkey attack"
	88	ADD_KEYRING=./keys/exploid-keyring-with-dupe-subkeys.pub
	89	if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then
	90	msgfail
	91	else
	92	msgpass
	93	fi
	94
	95	# ensure the keyring is still empty
	96	gpg_out=$($GPG --list-keys)
	97	msgtest "Test if keyring is empty"
	98	if [ -n "" ]; then
	99	msgfail
	100	else
	101	msgpass
	102	fi
	103
	104
	105	# test good keyring and ensure we get no errors
	106	ADD_KEYRING=/usr/share/keyrings/ubuntu-archive-keyring.gpg
	107	if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then
	108	msgpass
	109	else
	110	msgfail
	111	fi
	112
	113	testequal './etc/apt/trusted.gpg
	114	---------------------
	115	pub 1024D/437D05B5 2004-09-12
	116	uid Ubuntu Archive Automatic Signing Key <ftpmaster@ubuntu.com>
	117	sub 2048g/79164387 2004-09-12
	118
	119	pub 1024D/FBB75451 2004-12-30
	120	uid Ubuntu CD Image Automatic Signing Key <cdimage@ubuntu.com>
	121
	122	pub 4096R/C0B21F32 2012-05-11
	123	uid Ubuntu Archive Automatic Signing Key (2012) <ftpmaster@ubuntu.com>
	124
125	pub 4096R/EFE21092 2012-05-11
126	uid Ubuntu CD Image Automatic Signing Key (2012) <cdimage@ubuntu.com>
127	' $GPG --list-keys
128