]> git.saurik.com Git - apt.git/blame - test/integration/test-apt-update-file
test: Use :$(id -gn) instead of :root (when run as root)
[apt.git] / test / integration / test-apt-update-file
CommitLineData
daff4aa3
MV
1#!/bin/sh
2#
3# Ensure that we do not modify file:/// uris (regression test for
4# CVE-2014-0487
5#
6set -e
7
3abb6a6a
DK
8TESTDIR="$(readlink -f "$(dirname "$0")")"
9. "$TESTDIR/framework"
daff4aa3
MV
10
11setupenvironment
12configarchitecture "amd64"
846bc058 13configcompression 'bz2' 'gz'
c5ede4ca 14confighashes 'SHA512'
daff4aa3 15
846bc058 16insertpackage 'unstable' 'foo' 'all' '1'
514a25cb 17insertpackage 'unstable' 'bar' 'amd64' '1'
846bc058 18insertsource 'unstable' 'foo' 'all' '1'
daff4aa3 19
daff4aa3 20setupaptarchive --no-update
34651385 21logcurrentarchivedirectory
daff4aa3
MV
22
23# ensure the archive is not writable
30c8107e
DK
24addtrap 'prefix' 'chmod 755 aptarchive/dists/unstable/main/binary-all;'
25if [ "$(id -u)" = '0' ]; then
514a25cb
DK
26 # too deep to notice it, but it also unlikely that files in the same repo have different permissions
27 chmod 500 aptarchive/dists/unstable/main/binary-all
30c8107e 28 testfailure aptget update
514a25cb
DK
29 rm -rf rootdir/var/lib/apt/lists
30 chmod 755 aptarchive/dists/unstable/main/binary-all
31 testsuccess aptget update
32 rm -rf rootdir/var/lib/apt/lists
33 chmod 511 aptarchive/dists/
34 testsuccess aptget update
35 rm -rf rootdir/var/lib/apt/lists
36 chmod 510 aptarchive/dists/
87d6947d 37 testsuccesswithnotice aptget update
514a25cb
DK
38 rm -rf rootdir/var/lib/apt/lists
39 chmod 500 aptarchive/dists/
87d6947d 40 testsuccesswithnotice aptget update
34651385
DK
41 chmod 755 aptarchive/dists/
42else
43 testsuccess aptget update
30c8107e 44fi
34651385 45mv rootdir/var/lib/apt/lists/_* rootdir/var/lib/apt/lists/partial
30c8107e 46chmod 555 aptarchive/dists/unstable/main/binary-all
e169fa4a
DK
47testsuccess aptget update -o Debug::pkgAcquire::Worker=1
48cp -a rootdir/tmp/testsuccess.output rootdir/tmp/update.output
49testsuccess grep '%0aAlt-Filename:%20' rootdir/tmp/update.output
448c38bd
DK
50
51# the release files aren't an IMS-hit, but the indexes are
52redatereleasefiles '+1 hour'
53
8d041b4f 54# we don't download the index if it isn't updated
846bc058 55testsuccess aptget update -o Debug::pkgAcquire::Auth=1
8d041b4f 56# file:/ isn't shown in the log, so see if it was downloaded anyhow
846bc058 57cp -a rootdir/tmp/testsuccess.output rootdir/tmp/update.output
1dd20368 58canary="SHA512:$(bzcat aptarchive/dists/unstable/main/binary-all/Packages.bz2 | sha512sum |cut -f1 -d' ')"
8d041b4f
DK
59testfailure grep -- "$canary" rootdir/tmp/update.output
60
61testfoo() {
62 # foo is still available
63 testsuccess aptget install -s foo
64 testsuccess aptcache showsrc foo
65 testsuccess aptget source foo --print-uris
66}
67testfoo
68
69# the release file is new again, the index still isn't, but it is somehow gone now from disk
70redatereleasefiles '+2 hour'
71find rootdir/var/lib/apt/lists -name '*_Packages*' -delete
23d0a6fb 72
8d041b4f
DK
73testsuccess aptget update -o Debug::pkgAcquire::Auth=1
74# file:/ isn't shown in the log, so see if it was downloaded anyhow
75cp -a rootdir/tmp/testsuccess.output rootdir/tmp/update.output
1dd20368 76canary="SHA512:$(bzcat aptarchive/dists/unstable/main/binary-all/Packages.bz2 | sha512sum |cut -f1 -d' ')"
846bc058 77testsuccess grep -- "$canary" rootdir/tmp/update.output
23d0a6fb 78
8d041b4f 79testfoo