tests: fail testsuccess if notices are shown, too

[apt.git] / test / integration / test-apt-update-file

#!/bin/sh
#
# Ensure that we do not modify file:/// uris (regression test for
# CVE-2014-0487
#
set -e

TESTDIR=$(readlink -f $(dirname $0))
. $TESTDIR/framework

setupenvironment
configarchitecture "amd64"
configcompression 'bz2' 'gz'
confighashes 'SHA512'

insertpackage 'unstable' 'foo' 'all' '1'
insertsource 'unstable' 'foo' 'all' '1'

setupaptarchive --no-update

# ensure the archive is not writable
addtrap 'prefix' 'chmod 755 aptarchive/dists/unstable/main/binary-all;'
if [ "$(id -u)" = '0' ]; then
	chmod 550 aptarchive/dists/unstable/main/binary-all
	testfailure aptget update
fi
chmod 555 aptarchive/dists/unstable/main/binary-all
testsuccess aptget update

# the release files aren't an IMS-hit, but the indexes are
redatereleasefiles '+1 hour'

# we don't download the index if it isn't updated
testsuccess aptget update -o Debug::pkgAcquire::Auth=1
# file:/ isn't shown in the log, so see if it was downloaded anyhow
cp -a rootdir/tmp/testsuccess.output rootdir/tmp/update.output
canary="SHA512:$(bzcat aptarchive/dists/unstable/main/binary-all/Packages.bz2 | sha512sum |cut -f1 -d' ')"
testfailure grep -- "$canary" rootdir/tmp/update.output

testfoo() {
	# foo is still available
	testsuccess aptget install -s foo
	testsuccess aptcache showsrc foo
	testsuccess aptget source foo --print-uris
}
testfoo

# the release file is new again, the index still isn't, but it is somehow gone now from disk
redatereleasefiles '+2 hour'
find rootdir/var/lib/apt/lists -name '*_Packages*' -delete

testsuccess aptget update -o Debug::pkgAcquire::Auth=1
# file:/ isn't shown in the log, so see if it was downloaded anyhow
cp -a rootdir/tmp/testsuccess.output rootdir/tmp/update.output
canary="SHA512:$(bzcat aptarchive/dists/unstable/main/binary-all/Packages.bz2 | sha512sum |cut -f1 -d' ')"
testsuccess grep -- "$canary" rootdir/tmp/update.output

testfoo