[apt.git] / test / integration / test-releasefile-date-older

#!/bin/sh
set -e

TESTDIR="$(readlink -f "$(dirname "$0")")"
. "$TESTDIR/framework"
setupenvironment
configarchitecture 'i386'

insertpackage 'wheezy' 'apt' 'all' '0.8.15'

setupaptarchive --no-update

# we don't complain as the server could have just sent a 'Hit' here and this
# 'downgrade attack' is usually performed by out-of-sync mirrors. Valid-Until
# catches the 'real' downgrade attacks (expect that it finds stale mirrors).
# Scaring users with an error here serves hence no point.

msgmsg 'InRelease file is silently rejected if' 'new Date is before old Date'
rm -rf rootdir/var/lib/apt/lists
generatereleasefiles 'now' 'now + 7 days'
signreleasefiles
testsuccess aptget update
listcurrentlistsdirectory > listsdir.lst
redatereleasefiles 'now - 2 days'
testsuccess aptget update
testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"

msgmsg 'Release.gpg file is silently rejected if' 'new Date is before old Date'
rm -rf rootdir/var/lib/apt/lists
generatereleasefiles 'now' 'now + 7 days'
signreleasefiles
find aptarchive -name 'InRelease' -delete
testsuccess aptget update
listcurrentlistsdirectory > listsdir.lst
redatereleasefiles 'now - 2 days'
find aptarchive -name 'InRelease' -delete
testsuccess aptget update
testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"

msgmsg 'Crisscross InRelease/Release.gpg file is silently rejected if' 'new Date is before old Date'
rm -rf rootdir/var/lib/apt/lists
generatereleasefiles 'now' 'now + 7 days'
signreleasefiles
find aptarchive -name 'Release.gpg' -delete
testsuccess aptget update
listcurrentlistsdirectory > listsdir.lst
redatereleasefiles 'now - 2 days'
find aptarchive -name 'InRelease' -delete
testsuccess aptget update
testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"

msgmsg 'Crisscross Release.gpg/InRelease file is silently rejected if' 'new Date is before old Date'
rm -rf rootdir/var/lib/apt/lists
generatereleasefiles 'now' 'now + 7 days'
signreleasefiles
find aptarchive -name 'InRelease' -delete
testsuccess aptget update
listcurrentlistsdirectory > listsdir.lst
redatereleasefiles 'now - 2 days'
find aptarchive -name 'Release.gpg' -delete
testsuccess aptget update
testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"

msgmsg 'Release file has' 'no Date and no Valid-Until field'
rm -rf rootdir/var/lib/apt/lists
generatereleasefiles 'now'
sed -i '/^Date: / d' $(find ./aptarchive -name 'Release')
signreleasefiles
testwarning aptget update
listcurrentlistsdirectory > listsdir.lst
# have no effect as Date is unknown
testwarning aptget update -o Acquire::Min-ValidTime=$((3600*24*30))
testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
testwarning aptget update -o Acquire::Max-ValidTime=1
testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
sed -i '/^Codename: / a\
Another-Field: yes' $(find aptarchive/ -name 'Release')
touch -d 'now + 1 day' $(find aptarchive/ -name 'Release')
signreleasefiles "${2:-Joe Sixpack}"
testwarning aptget update
testsuccess cmp $(find aptarchive/ -name 'InRelease')  $(find rootdir/var/lib/apt/ -name '*_InRelease')

msgmsg 'Release file has' 'no Date field, but Valid-Until expired'
rm -rf rootdir/var/lib/apt/lists
generatereleasefiles 'now' 'now - 2 days'
sed -i '/^Date: / d' $(find ./aptarchive -name 'Release')
signreleasefiles
testfailure aptget update
listcurrentlistsdirectory > listsdir.lst
# have no effect as Date is unknown
testfailure aptget update -o Acquire::Min-ValidTime=$((3600*24*30))
testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
testfailure aptget update -o Acquire::Max-ValidTime=1
testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"

msgmsg 'Release file has' 'no Date field, but Valid-Until is good'
rm -rf rootdir/var/lib/apt/lists
generatereleasefiles 'now' 'now + 2 days'
sed -i '/^Date: / d' $(find ./aptarchive -name 'Release')
signreleasefiles
testwarning aptget update
Commit	Line	Data
6bf93605 DK	1	#!/bin/sh
	2	set -e
	3
3abb6a6a DK	4	TESTDIR="$(readlink -f "$(dirname "$0")")"
3abb6a6a DK	5	. "$TESTDIR/framework"
6bf93605 DK	6	setupenvironment
	7	configarchitecture 'i386'
	8
	9	insertpackage 'wheezy' 'apt' 'all' '0.8.15'
	10
	11	setupaptarchive --no-update
	12
	13	# we don't complain as the server could have just sent a 'Hit' here and this
	14	# 'downgrade attack' is usually performed by out-of-sync mirrors. Valid-Until
	15	# catches the 'real' downgrade attacks (expect that it finds stale mirrors).
	16	# Scaring users with an error here serves hence no point.
	17
	18	msgmsg 'InRelease file is silently rejected if' 'new Date is before old Date'
	19	rm -rf rootdir/var/lib/apt/lists
	20	generatereleasefiles 'now' 'now + 7 days'
	21	signreleasefiles
	22	testsuccess aptget update
	23	listcurrentlistsdirectory > listsdir.lst
	24	redatereleasefiles 'now - 2 days'
	25	testsuccess aptget update
	26	testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
	27
	28	msgmsg 'Release.gpg file is silently rejected if' 'new Date is before old Date'
	29	rm -rf rootdir/var/lib/apt/lists
	30	generatereleasefiles 'now' 'now + 7 days'
	31	signreleasefiles
	32	find aptarchive -name 'InRelease' -delete
	33	testsuccess aptget update
	34	listcurrentlistsdirectory > listsdir.lst
	35	redatereleasefiles 'now - 2 days'
	36	find aptarchive -name 'InRelease' -delete
	37	testsuccess aptget update
	38	testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
	39
	40	msgmsg 'Crisscross InRelease/Release.gpg file is silently rejected if' 'new Date is before old Date'
	41	rm -rf rootdir/var/lib/apt/lists
	42	generatereleasefiles 'now' 'now + 7 days'
	43	signreleasefiles
	44	find aptarchive -name 'Release.gpg' -delete
	45	testsuccess aptget update
	46	listcurrentlistsdirectory > listsdir.lst
	47	redatereleasefiles 'now - 2 days'
	48	find aptarchive -name 'InRelease' -delete
	49	testsuccess aptget update
	50	testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
	51
	52	msgmsg 'Crisscross Release.gpg/InRelease file is silently rejected if' 'new Date is before old Date'
	53	rm -rf rootdir/var/lib/apt/lists
	54	generatereleasefiles 'now' 'now + 7 days'
	55	signreleasefiles
	56	find aptarchive -name 'InRelease' -delete
	57	testsuccess aptget update
	58	listcurrentlistsdirectory > listsdir.lst
	59	redatereleasefiles 'now - 2 days'
	60	find aptarchive -name 'Release.gpg' -delete
	61	testsuccess aptget update
	62	testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
6fc2e030 DK	63
	64	msgmsg 'Release file has' 'no Date and no Valid-Until field'
	65	rm -rf rootdir/var/lib/apt/lists
	66	generatereleasefiles 'now'
	67	sed -i '/^Date: / d' $(find ./aptarchive -name 'Release')
	68	signreleasefiles
	69	testwarning aptget update
	70	listcurrentlistsdirectory > listsdir.lst
	71	# have no effect as Date is unknown
	72	testwarning aptget update -o Acquire::Min-ValidTime=$((36002430))
	73	testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
	74	testwarning aptget update -o Acquire::Max-ValidTime=1
	75	testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
	76	sed -i '/^Codename: / a\
	77	Another-Field: yes' $(find aptarchive/ -name 'Release')
	78	touch -d 'now + 1 day' $(find aptarchive/ -name 'Release')
	79	signreleasefiles "${2:-Joe Sixpack}"
	80	testwarning aptget update
	81	testsuccess cmp $(find aptarchive/ -name 'InRelease') $(find rootdir/var/lib/apt/ -name '*_InRelease')
	82
	83	msgmsg 'Release file has' 'no Date field, but Valid-Until expired'
	84	rm -rf rootdir/var/lib/apt/lists
	85	generatereleasefiles 'now' 'now - 2 days'
	86	sed -i '/^Date: / d' $(find ./aptarchive -name 'Release')
	87	signreleasefiles
	88	testfailure aptget update
	89	listcurrentlistsdirectory > listsdir.lst
	90	# have no effect as Date is unknown
	91	testfailure aptget update -o Acquire::Min-ValidTime=$((36002430))
	92	testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
	93	testfailure aptget update -o Acquire::Max-ValidTime=1
	94	testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
	95
	96	msgmsg 'Release file has' 'no Date field, but Valid-Until is good'
	97	rm -rf rootdir/var/lib/apt/lists
	98	generatereleasefiles 'now' 'now + 2 days'
	99	sed -i '/^Date: / d' $(find ./aptarchive -name 'Release')
	100	signreleasefiles
	101	testwarning aptget update