]> git.saurik.com Git - apt.git/blame - test/integration/test-apt-update-weak-hashes
ensure filesize of deb is included in the hashes list
[apt.git] / test / integration / test-apt-update-weak-hashes
CommitLineData
bd4a8f51
DK
1#!/bin/sh
2set -e
3
4TESTDIR="$(readlink -f "$(dirname "$0")")"
5. "$TESTDIR/framework"
6
7setupenvironment
8configarchitecture 'i386'
9confighashes 'MD5'
ab94dcec 10export APT_DONT_SIGN=''
bd4a8f51
DK
11
12insertpackage 'unstable' 'foo' 'i386' '1.0'
13insertsource 'unstable' 'foo' 'any' '1.0'
14
15setupaptarchive --no-update
16APTARCHIVE="$(readlink -f ./aptarchive)"
17
ab94dcec
DK
18testnopkg() {
19 testnopackage "$@"
20 testnosrcpackage "$@"
21}
22testbadpkg() {
23 testempty find rootdir/var/lib/apt/lists -maxdepth 1 -name '*InRelease' -o -name '*Release.gpg'
24 testnotempty find rootdir/var/lib/apt/lists -maxdepth 1 -name '*Release'
25 testnotempty apt show "$@"
26 testnotempty apt showsrc "$@"
27 testfailureequal "WARNING: The following packages cannot be authenticated!
28 $*
29E: There were unauthenticated packages and -y was used without --allow-unauthenticated" aptget install -qq -y "$@"
30 testfailureequal "WARNING: The following packages cannot be authenticated!
31 $*
32E: Some packages could not be authenticated" aptget source -qq "$@"
33}
bd4a8f51 34
ab94dcec
DK
35testrun() {
36 local TYPE="$1"
37 local FILENAME="$2"
38 shift 2
39 local MANGLED="$(readlink -f ./rootdir)/var/lib/apt/lists/partial/$(echo "$FILENAME" | sed 's#/#_#g')"
40 msgmsg "$TYPE contains only weak hashes"
41 confighashes 'MD5'
42 generatereleasefiles
43 signreleasefiles
44 preparetest
45 if [ -z "$1" ]; then
46 listcurrentlistsdirectory > lists.before
47 testfailuremsg "W: No Hash entry in Release file ${MANGLED} which is considered strong enough for security purposes
48E: The repository 'file:${APTARCHIVE} unstable $(basename "$FILENAME")' provides only weak security information.
49N: Updating from such a repository can't be done securely, and is therefore disabled by default.
50N: See apt-secure(8) manpage for repository creation and user configuration details." apt update
51 testfileequal lists.before "$(listcurrentlistsdirectory)"
52 testnopkg 'foo'
53 else
54 testwarningmsg "W: No Hash entry in Release file ${MANGLED} which is considered strong enough for security purposes
55W: The repository 'file:${APTARCHIVE} unstable $(basename "$FILENAME")' provides only weak security information.
56N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
57N: See apt-secure(8) manpage for repository creation and user configuration details." apt update "$@"
58 testbadpkg 'foo'
59 fi
60
61 msgmsg "$TYPE contains no hashes"
62 generatereleasefiles
63 sed -i -e '/^ / d' -e '/^MD5Sum:/ d' "$APTARCHIVE/dists/unstable/Release"
64 signreleasefiles
65 preparetest
66 if [ -z "$1" ]; then
67 listcurrentlistsdirectory > lists.before
68 testfailuremsg "W: No Hash entry in Release file ${MANGLED}
69E: The repository 'file:${APTARCHIVE} unstable $(basename "$FILENAME")' provides only weak security information.
70N: Updating from such a repository can't be done securely, and is therefore disabled by default.
71N: See apt-secure(8) manpage for repository creation and user configuration details." apt update
72 testfileequal lists.before "$(listcurrentlistsdirectory)"
73 testnopkg 'foo'
74 else
75 testwarningmsg "W: No Hash entry in Release file ${MANGLED}
76W: The repository 'file:${APTARCHIVE} unstable $(basename "$FILENAME")' provides only weak security information.
77N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
78N: See apt-secure(8) manpage for repository creation and user configuration details." apt update "$@"
79 testbadpkg 'foo'
80 fi
81
82 msgmsg "$TYPE contains only weak hashes for some files"
83 confighashes 'MD5' 'SHA256'
84 generatereleasefiles
85 sed -i '/^ [0-9a-fA-Z]\{64\} .*Sources$/d' "$APTARCHIVE/dists/unstable/Release"
86 signreleasefiles
87 preparetest
88 # trust is a repository property, so individual files can't be insecure
89 testwarningmsg "W: Skipping acquire of configured file 'main/source/Sources' as repository 'file:${APTARCHIVE} unstable InRelease' provides only weak security information for it" apt update "$@"
90 testsuccess apt show foo
91 testnosrcpackage foo
92}
93
94genericprepare() {
95 rm -rf rootdir/var/lib/apt/lists
96 mkdir -p rootdir/var/lib/apt/lists/partial
97 touch rootdir/var/lib/apt/lists/lock
98 local RELEASEGPG="$(readlink -f ./rootdir)/var/lib/apt/lists/partial/$(echo "${APTARCHIVE}/dists/unstable/Release.gpg" | sed 's#/#_#g')"
99 touch "$RELEASEGPG"
100 chmod 644 "$RELEASEGPG"
101 local INRELEASE="$(readlink -f ./rootdir)/var/lib/apt/lists/partial/$(echo "${APTARCHIVE}/dists/unstable/InRelease" | sed 's#/#_#g')"
102 touch "$INRELEASE"
103 chmod 644 "$INRELEASE"
104}
105preparetest() {
106 rm -f "${APTARCHIVE}/dists/unstable/Release" "${APTARCHIVE}/dists/unstable/Release.gpg"
107 genericprepare
108}
109testrun 'InRelease' "${APTARCHIVE}/dists/unstable/InRelease"
110testrun 'InRelease' "${APTARCHIVE}/dists/unstable/InRelease" --allow-insecure-repositories -o APT::Get::List-Cleanup=0
111
112preparetest() {
113 rm -f "${APTARCHIVE}/dists/unstable/InRelease"
114 genericprepare
115}
116testrun 'Release+Release.gpg' "${APTARCHIVE}/dists/unstable/Release"
117testrun 'Release+Release.gpg' "${APTARCHIVE}/dists/unstable/Release" --allow-insecure-repositories -o APT::Get::List-Cleanup=0
118
119preparetest() {
120 rm -f "${APTARCHIVE}/dists/unstable/InRelease" "${APTARCHIVE}/dists/unstable/Release.gpg"
121 genericprepare
122}
123
124msgmsg 'Moving between Release files with good and bad hashes'
125rm -rf rootdir/var/lib/apt/lists
126confighashes 'MD5'
562f0774 127generatereleasefiles 'now - 7 days'
bd4a8f51 128signreleasefiles
ab94dcec
DK
129testfailure apt update
130testnopkg 'foo'
131testwarning apt update --allow-insecure-repositories
132testbadpkg 'foo'
bd4a8f51 133
bd4a8f51 134confighashes 'MD5' 'SHA256'
ab94dcec
DK
135rm -rf aptarchive/dists
136insertpackage 'unstable' 'foo2' 'i386' '1.0'
137insertsource 'unstable' 'foo2' 'any' '1.0'
562f0774 138setupaptarchive --no-update 'now - 5 days'
ab94dcec
DK
139testsuccess apt update
140testnopkg foo
141testnotempty find rootdir/var/lib/apt/lists -maxdepth 1 -name '*InRelease' -o -name '*Release.gpg'
142testnotempty apt show foo2
143testnotempty apt showsrc foo2
144
145confighashes 'MD5'
146rm -rf aptarchive/dists
147insertpackage 'unstable' 'foo3' 'i386' '1.0'
148insertsource 'unstable' 'foo3' 'any' '1.0'
562f0774 149setupaptarchive --no-update 'now - 3 days'
ab94dcec
DK
150testfailure apt update
151testnopkg foo
152testnopkg foo3
153testnotempty find rootdir/var/lib/apt/lists -maxdepth 1 -name '*InRelease' -o -name '*Release.gpg'
154testnotempty apt show foo2
155testnotempty apt showsrc foo2
156testwarning apt update --allow-insecure-repositories
157testnopkg foo2
158testbadpkg foo3
562f0774
DK
159
160msgmsg 'Working with packages guarded only by weak hashes'
161confighashes 'MD5'
162rm -rf aptarchive/dists
163buildsimplenativepackage 'foo4' 'i386' '1' 'unstable'
164setupaptarchive --no-update
165testfailure apt update
166confighashes 'SHA256'
167generatereleasefiles 'now - 1 day'
168signreleasefiles
169testsuccess apt update
170cd downloaded
171testfailure apt download foo4
172cp ../rootdir/tmp/testfailure.output download.output
173testfailure grep 'Hash Sum mismatch' download.output
174testsuccess grep 'Insufficient information' download.output
175
176testsuccess apt install foo4 -s
177testfailure apt install foo4 -dy
178cp ../rootdir/tmp/testfailure.output install.output
179testfailure grep 'Hash Sum mismatch' install.output
180testsuccess grep 'Insufficient information' download.output
181
182testsuccess apt source foo4
183cp ../rootdir/tmp/testsuccess.output source.output
184testsuccess grep 'Skipping download of file' source.output
185testfailure test -e foo4_1.dsc
186testsuccess test -e foo4_1.tar.*
187cd ..