]> git.saurik.com Git - apt.git/blame - test/integration/test-apt-key-net-update
improve test for #731853 and comments
[apt.git] / test / integration / test-apt-key-net-update
CommitLineData
f87338d2
DK
1#!/bin/sh
2set -e
3
4TESTDIR=$(readlink -f $(dirname $0))
5. $TESTDIR/framework
6
7setupenvironment
8configarchitecture "i386"
9
10# mock
11requires_root() {
12 return 0
13}
14
15# extract net_update() and import it
16func=$( sed -n -e '/^add_keys_with_verify_against_master_keyring/,/^}/p' ${BUILDDIRECTORY}/apt-key )
17eval "$func"
18
19mkdir -p ./etc/apt
20TRUSTEDFILE=./etc/apt/trusted.gpg
21mkdir -p ./var/lib/apt/keyrings
22TMP_KEYRING=./var/lib/apt/keyrings/maybe-import-keyring.gpg
23GPG_CMD="gpg --ignore-time-conflict --no-options --no-default-keyring"
24GPG="$GPG_CMD --keyring $TRUSTEDFILE"
25MASTER_KEYRING=/usr/share/keyrings/ubuntu-master-keyring.gpg
26
27
28msgtest "add_keys_with_verify_against_master_keyring"
29if [ ! -e $MASTER_KEYRING ]; then
30 echo -n "No $MASTER_KEYRING found"
31 msgskip
32 exit 0
33fi
34
35# test bad keyring and ensure its not added (LP: #857472)
36ADD_KEYRING=./keys/exploid-keyring-with-dupe-keys.pub
37if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then
38 msgfail
39else
40 msgpass
41fi
42
43# ensure the keyring is still empty
44gpg_out=$($GPG --list-keys)
45msgtest "Test if keyring is empty"
46if [ -n "" ]; then
47 msgfail
48else
49 msgpass
50fi
51
52
53# test another possible attack vector using subkeys (LP: #1013128)
54msgtest "add_keys_with_verify_against_master_keyring with subkey attack"
55ADD_KEYRING=./keys/exploid-keyring-with-dupe-subkeys.pub
56if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then
57 msgfail
58else
59 msgpass
60fi
61
62# ensure the keyring is still empty
63gpg_out=$($GPG --list-keys)
64msgtest "Test if keyring is empty"
65if [ -n "" ]; then
66 msgfail
67else
68 msgpass
69fi
70
71
72# test good keyring and ensure we get no errors
73ADD_KEYRING=/usr/share/keyrings/ubuntu-archive-keyring.gpg
74if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then
75 msgpass
76else
77 msgfail
78fi
79
80testequal './etc/apt/trusted.gpg
81---------------------
82pub 1024D/437D05B5 2004-09-12
83uid Ubuntu Archive Automatic Signing Key <ftpmaster@ubuntu.com>
84sub 2048g/79164387 2004-09-12
85
86pub 1024D/FBB75451 2004-12-30
87uid Ubuntu CD Image Automatic Signing Key <cdimage@ubuntu.com>
88
89pub 4096R/C0B21F32 2012-05-11
90uid Ubuntu Archive Automatic Signing Key (2012) <ftpmaster@ubuntu.com>
91
92pub 4096R/EFE21092 2012-05-11
93uid Ubuntu CD Image Automatic Signing Key (2012) <cdimage@ubuntu.com>
94' $GPG --list-keys
95