[apt.git] / test / integration / test-releasefile-date-older

#!/bin/sh
set -e

TESTDIR="$(readlink -f "$(dirname "$0")")"
. "$TESTDIR/framework"
setupenvironment
configarchitecture 'i386'

insertpackage 'wheezy' 'apt' 'all' '0.8.15'

setupaptarchive --no-update

# we don't complain as the server could have just sent a 'Hit' here and this
# 'downgrade attack' is usually performed by out-of-sync mirrors. Valid-Until
# catches the 'real' downgrade attacks (expect that it finds stale mirrors).
# Scaring users with an error here serves hence no point.

msgmsg 'InRelease file is silently rejected if' 'new Date is before old Date'
rm -rf rootdir/var/lib/apt/lists
generatereleasefiles 'now' 'now + 7 days'
signreleasefiles
testsuccess aptget update
listcurrentlistsdirectory > listsdir.lst
redatereleasefiles 'now - 2 days'
testsuccess aptget update
testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"

msgmsg 'Release.gpg file is silently rejected if' 'new Date is before old Date'
export APT_DONT_SIGN='InRelease'
rm -rf rootdir/var/lib/apt/lists
generatereleasefiles 'now' 'now + 7 days'
signreleasefiles
testsuccess aptget update
listcurrentlistsdirectory > listsdir.lst
redatereleasefiles 'now - 2 days'
testsuccess aptget update
testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
unset APT_DONT_SIGN

msgmsg 'Crisscross InRelease/Release.gpg file is silently rejected if' 'new Date is before old Date'
export APT_DONT_SIGN='Release.gpg'
rm -rf rootdir/var/lib/apt/lists
generatereleasefiles 'now' 'now + 7 days'
signreleasefiles
testsuccess aptget update
export APT_DONT_SIGN='InRelease'
listcurrentlistsdirectory > listsdir.lst
redatereleasefiles 'now - 2 days'
testsuccess aptget update
testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
unset APT_DONT_SIGN

msgmsg 'Crisscross Release.gpg/InRelease file is silently rejected if' 'new Date is before old Date'
export APT_DONT_SIGN='InRelease'
rm -rf rootdir/var/lib/apt/lists
generatereleasefiles 'now' 'now + 7 days'
signreleasefiles
find aptarchive -name 'InRelease' -delete
testsuccess aptget update
export APT_DONT_SIGN='Release.gpg'
listcurrentlistsdirectory > listsdir.lst
redatereleasefiles 'now - 2 days'
testsuccess aptget update
testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
unset APT_DONT_SIGN

msgmsg 'Release file has' 'no Date and no Valid-Until field'
rm -rf rootdir/var/lib/apt/lists
generatereleasefiles 'now'
sed -i '/^Date: / d' $(find ./aptarchive -name 'Release')
signreleasefiles
testwarning aptget update
listcurrentlistsdirectory > listsdir.lst
# have no effect as Date is unknown
testwarning aptget update -o Acquire::Min-ValidTime=$((3600*24*30))
testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
testwarning aptget update -o Acquire::Max-ValidTime=1
testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
sed -i '/^Codename: / a\
Another-Field: yes' $(find aptarchive/ -name 'Release')
touch -d 'now + 1 day' $(find aptarchive/ -name 'Release')
signreleasefiles "${2:-Joe Sixpack}"
testwarning aptget update
testsuccess cmp $(find aptarchive/ -name 'InRelease')  $(find rootdir/var/lib/apt/ -name '*_InRelease')

msgmsg 'Release file has' 'no Date field, but Valid-Until expired'
rm -rf rootdir/var/lib/apt/lists
generatereleasefiles 'now' 'now - 2 days'
sed -i '/^Date: / d' $(find ./aptarchive -name 'Release')
signreleasefiles
testfailure aptget update
listcurrentlistsdirectory > listsdir.lst
# have no effect as Date is unknown
testfailure aptget update -o Acquire::Min-ValidTime=$((3600*24*30))
testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
testfailure aptget update -o Acquire::Max-ValidTime=1
testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"

msgmsg 'Release file has' 'no Date field, but Valid-Until is good'
rm -rf rootdir/var/lib/apt/lists
generatereleasefiles 'now' 'now + 2 days'
sed -i '/^Date: / d' $(find ./aptarchive -name 'Release')
signreleasefiles
testwarning aptget update
Commit	Line	Data
6bf93605 DK	1	#!/bin/sh
	2	set -e
	3
3abb6a6a DK	4	TESTDIR="$(readlink -f "$(dirname "$0")")"
3abb6a6a DK	5	. "$TESTDIR/framework"
6bf93605 DK	6	setupenvironment
	7	configarchitecture 'i386'
	8
	9	insertpackage 'wheezy' 'apt' 'all' '0.8.15'
	10
	11	setupaptarchive --no-update
	12
	13	# we don't complain as the server could have just sent a 'Hit' here and this
	14	# 'downgrade attack' is usually performed by out-of-sync mirrors. Valid-Until
	15	# catches the 'real' downgrade attacks (expect that it finds stale mirrors).
	16	# Scaring users with an error here serves hence no point.
	17
	18	msgmsg 'InRelease file is silently rejected if' 'new Date is before old Date'
	19	rm -rf rootdir/var/lib/apt/lists
	20	generatereleasefiles 'now' 'now + 7 days'
	21	signreleasefiles
	22	testsuccess aptget update
	23	listcurrentlistsdirectory > listsdir.lst
	24	redatereleasefiles 'now - 2 days'
	25	testsuccess aptget update
	26	testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
	27
	28	msgmsg 'Release.gpg file is silently rejected if' 'new Date is before old Date'
761a5ad2	29	export APT_DONT_SIGN='InRelease'
6bf93605 DK	30	rm -rf rootdir/var/lib/apt/lists
	31	generatereleasefiles 'now' 'now + 7 days'
	32	signreleasefiles
6bf93605 DK	33	testsuccess aptget update
	34	listcurrentlistsdirectory > listsdir.lst
	35	redatereleasefiles 'now - 2 days'
6bf93605 DK	36	testsuccess aptget update
6bf93605 DK	37	testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
761a5ad2	38	unset APT_DONT_SIGN
6bf93605 DK	39
6bf93605 DK	40	msgmsg 'Crisscross InRelease/Release.gpg file is silently rejected if' 'new Date is before old Date'
761a5ad2	41	export APT_DONT_SIGN='Release.gpg'
6bf93605 DK	42	rm -rf rootdir/var/lib/apt/lists
	43	generatereleasefiles 'now' 'now + 7 days'
	44	signreleasefiles
6bf93605	45	testsuccess aptget update
761a5ad2	46	export APT_DONT_SIGN='InRelease'
6bf93605 DK	47	listcurrentlistsdirectory > listsdir.lst
6bf93605 DK	48	redatereleasefiles 'now - 2 days'
6bf93605 DK	49	testsuccess aptget update
6bf93605 DK	50	testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
761a5ad2	51	unset APT_DONT_SIGN
6bf93605 DK	52
6bf93605 DK	53	msgmsg 'Crisscross Release.gpg/InRelease file is silently rejected if' 'new Date is before old Date'
761a5ad2	54	export APT_DONT_SIGN='InRelease'
6bf93605 DK	55	rm -rf rootdir/var/lib/apt/lists
	56	generatereleasefiles 'now' 'now + 7 days'
	57	signreleasefiles
	58	find aptarchive -name 'InRelease' -delete
	59	testsuccess aptget update
761a5ad2	60	export APT_DONT_SIGN='Release.gpg'
6bf93605 DK	61	listcurrentlistsdirectory > listsdir.lst
6bf93605 DK	62	redatereleasefiles 'now - 2 days'
6bf93605 DK	63	testsuccess aptget update
6bf93605 DK	64	testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
761a5ad2	65	unset APT_DONT_SIGN
6fc2e030 DK	66
	67	msgmsg 'Release file has' 'no Date and no Valid-Until field'
	68	rm -rf rootdir/var/lib/apt/lists
	69	generatereleasefiles 'now'
	70	sed -i '/^Date: / d' $(find ./aptarchive -name 'Release')
	71	signreleasefiles
	72	testwarning aptget update
	73	listcurrentlistsdirectory > listsdir.lst
	74	# have no effect as Date is unknown
	75	testwarning aptget update -o Acquire::Min-ValidTime=$((36002430))
	76	testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
	77	testwarning aptget update -o Acquire::Max-ValidTime=1
	78	testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
	79	sed -i '/^Codename: / a\
	80	Another-Field: yes' $(find aptarchive/ -name 'Release')
	81	touch -d 'now + 1 day' $(find aptarchive/ -name 'Release')
	82	signreleasefiles "${2:-Joe Sixpack}"
	83	testwarning aptget update
	84	testsuccess cmp $(find aptarchive/ -name 'InRelease') $(find rootdir/var/lib/apt/ -name '*_InRelease')
	85
	86	msgmsg 'Release file has' 'no Date field, but Valid-Until expired'
	87	rm -rf rootdir/var/lib/apt/lists
	88	generatereleasefiles 'now' 'now - 2 days'
	89	sed -i '/^Date: / d' $(find ./aptarchive -name 'Release')
	90	signreleasefiles
	91	testfailure aptget update
	92	listcurrentlistsdirectory > listsdir.lst
	93	# have no effect as Date is unknown
	94	testfailure aptget update -o Acquire::Min-ValidTime=$((36002430))
	95	testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
	96	testfailure aptget update -o Acquire::Max-ValidTime=1
	97	testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
	98
	99	msgmsg 'Release file has' 'no Date field, but Valid-Until is good'
	100	rm -rf rootdir/var/lib/apt/lists
	101	generatereleasefiles 'now' 'now + 2 days'
	102	sed -i '/^Date: / d' $(find ./aptarchive -name 'Release')
	103	signreleasefiles
	104	testwarning aptget update