]> git.saurik.com Git - apt.git/blame - test/integration/test-releasefile-verification
Make directory paths configurable
[apt.git] / test / integration / test-releasefile-verification
CommitLineData
fe0f7911
DK
1#!/bin/sh
2set -e
3
3abb6a6a
DK
4TESTDIR="$(readlink -f "$(dirname "$0")")"
5. "$TESTDIR/framework"
fe0f7911
DK
6
7setupenvironment
8configarchitecture "i386"
9
5a23c56d 10export APT_DONT_SIGN='Release.gpg'
fe0f7911
DK
11buildaptarchive
12setupflataptarchive
13changetowebserver
14
15prepare() {
16 local DATE="${2:-now}"
331e8396
DK
17 if [ "$DATE" = 'now' ]; then
18 if [ "$1" = "${PKGFILE}-new" ]; then
19 DATE='now - 1 day'
20 else
21 DATE='now - 7 day'
22 fi
fe0f7911
DK
23 fi
24 for release in $(find rootdir/var/lib/apt/lists 2> /dev/null); do
63c71412 25 touch -d 'now - 1 year' "$release"
fe0f7911 26 done
8de79b68 27 aptget clean
63c71412 28 cp "$1" aptarchive/Packages
fe0f7911 29 find aptarchive -name 'Release' -delete
331e8396 30 compressfile 'aptarchive/Packages' "$DATE"
89901946 31 generatereleasefiles "$DATE" 'now + 1 month'
fe0f7911
DK
32}
33
34installaptold() {
46e00c90 35 rm -rf rootdir/var/cache/apt/archives
6c0765c0 36 testsuccessequal "Reading package lists...
fe0f7911
DK
37Building dependency tree...
38Suggested packages:
9112f777 39 aptitude | synaptic | wajig dpkg-dev apt-doc bzip2 lzma python-apt
fe0f7911
DK
40The following NEW packages will be installed:
41 apt
420 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
43After this operation, 5370 kB of additional disk space will be used.
6c0765c0
DK
44Get:1 http://localhost:${APTHTTPPORT} apt 0.7.25.3
45Download complete and in download only mode" aptget install apt -dy
fe0f7911
DK
46}
47
48installaptnew() {
89901946 49 rm -rf rootdir/var/cache/apt/archives
6c0765c0 50 testsuccessequal "Reading package lists...
fe0f7911
DK
51Building dependency tree...
52Suggested packages:
9112f777 53 aptitude | synaptic | wajig dpkg-dev apt-doc bzip2 lzma python-apt
fe0f7911
DK
54The following NEW packages will be installed:
55 apt
560 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
57After this operation, 5808 kB of additional disk space will be used.
6c0765c0
DK
58Get:1 http://localhost:${APTHTTPPORT} apt 0.8.0~pre1
59Download complete and in download only mode" aptget install apt -dy
fe0f7911
DK
60}
61
62failaptold() {
25b86db1 63 testfailureequal 'Reading package lists...
fe0f7911
DK
64Building dependency tree...
65Suggested packages:
9112f777 66 aptitude | synaptic | wajig dpkg-dev apt-doc bzip2 lzma python-apt
fe0f7911
DK
67The following NEW packages will be installed:
68 apt
690 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
70After this operation, 5370 kB of additional disk space will be used.
71WARNING: The following packages cannot be authenticated!
72 apt
b381a482 73E: There were unauthenticated packages and -y was used without --allow-unauthenticated' aptget install apt -dy
fe0f7911
DK
74}
75
76failaptnew() {
25b86db1 77 testfailureequal 'Reading package lists...
fe0f7911
DK
78Building dependency tree...
79Suggested packages:
9112f777 80 aptitude | synaptic | wajig dpkg-dev apt-doc bzip2 lzma python-apt
fe0f7911
DK
81The following NEW packages will be installed:
82 apt
830 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
84After this operation, 5808 kB of additional disk space will be used.
85WARNING: The following packages cannot be authenticated!
86 apt
b381a482 87E: There were unauthenticated packages and -y was used without --allow-unauthenticated' aptget install apt -dy
fe0f7911
DK
88}
89
90# fake our downloadable file
91touch aptarchive/apt.deb
92
63c71412 93PKGFILE="${TESTDIR}/$(echo "$(basename "$0")" | sed 's#^test-#Packages-#')"
fe0f7911 94
6bf93605 95updatewithwarnings() {
4e03c47d 96 testwarning aptget update -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1
6bf93605 97 testsuccess grep -E "$1" rootdir/tmp/testwarning.output
331e8396
DK
98}
99
fe0f7911 100runtest() {
8fa99570 101 msgmsg 'Cold archive signed by' 'Joe Sixpack'
63c71412 102 prepare "${PKGFILE}"
fe0f7911
DK
103 rm -rf rootdir/var/lib/apt/lists
104 signreleasefiles 'Joe Sixpack'
8fa99570 105 successfulaptgetupdate
63c71412 106 testsuccessequal "$(cat "${PKGFILE}")
fe0f7911
DK
107" aptcache show apt
108 installaptold
109
8fa99570 110 msgmsg 'Good warm archive signed by' 'Joe Sixpack'
63c71412 111 prepare "${PKGFILE}-new"
fe0f7911 112 signreleasefiles 'Joe Sixpack'
8fa99570 113 successfulaptgetupdate
63c71412 114 testsuccessequal "$(cat "${PKGFILE}-new")
fe0f7911
DK
115" aptcache show apt
116 installaptnew
117
8fa99570 118 msgmsg 'Cold archive signed by' 'Rex Expired'
63c71412 119 prepare "${PKGFILE}"
29a59c46
DK
120 rm -rf rootdir/var/lib/apt/lists
121 cp keys/rexexpired.pub rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg
122 signreleasefiles 'Rex Expired'
f13b413a 123 updatewithwarnings '^W: .* EXPKEYSIG'
63c71412 124 testsuccessequal "$(cat "${PKGFILE}")
29a59c46
DK
125" aptcache show apt
126 failaptold
fb7b11eb 127 rm -f rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg
fe0f7911 128
1af227c2
DK
129 msgmsg 'Cold archive expired signed by' 'Joe Sixpack'
130 if dpkg --compare-versions "$(aptkey adv --version | head -n 2 | tail -n 1 | cut -d' ' -f 3)" '>=' '2.1' >/dev/null 2>&1; then
131 touch rootdir/etc/apt/apt.conf.d/99gnupg2
132 elif gpg2 --version >/dev/null 2>&1; then
133 echo 'Apt::Key::gpgcommand "gpg2";' > rootdir/etc/apt/apt.conf.d/99gnupg2
134 if ! dpkg --compare-versions "$(aptkey adv --version | head -n 2 | tail -n 1 | cut -d' ' -f 3)" '>=' '2.1' >/dev/null 2>&1; then
135 rm rootdir/etc/apt/apt.conf.d/99gnupg2
136 fi
137 fi
138 if [ -e rootdir/etc/apt/apt.conf.d/99gnupg2 ]; then
139 prepare "${PKGFILE}"
140 rm -rf rootdir/var/lib/apt/lists
141 signreleasefiles 'Joe Sixpack' 'aptarchive' --faked-system-time "20070924T154812" --default-sig-expire 2016-04-01
1af227c2
DK
142 updatewithwarnings '^W: .* EXPSIG'
143 testsuccessequal "$(cat "${PKGFILE}")
144" aptcache show apt
145 failaptold
146 rm -f rootdir/etc/apt/apt.conf.d/99gnupg2
147 else
148 msgskip 'Not a new enough gpg available providing --fake-system-time'
149 fi
150
fb7b11eb
DK
151 msgmsg 'Cold archive signed by' 'Joe Sixpack,Marvin Paranoid'
152 prepare "${PKGFILE}"
153 rm -rf rootdir/var/lib/apt/lists
154 signreleasefiles 'Joe Sixpack,Marvin Paranoid'
fb7b11eb
DK
155 successfulaptgetupdate 'NO_PUBKEY'
156 testsuccessequal "$(cat "${PKGFILE}")
157" aptcache show apt
158 installaptold
159
160 msgmsg 'Cold archive signed by' 'Joe Sixpack,Rex Expired'
161 prepare "${PKGFILE}"
162 rm -rf rootdir/var/lib/apt/lists
163 signreleasefiles 'Joe Sixpack,Rex Expired'
fb7b11eb
DK
164 cp keys/rexexpired.pub rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg
165 successfulaptgetupdate 'EXPKEYSIG'
166 rm -f rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg
167 testsuccessequal "$(cat "${PKGFILE}")
168" aptcache show apt
169 installaptold
170
8fa99570 171 msgmsg 'Cold archive signed by' 'Marvin Paranoid'
63c71412 172 prepare "${PKGFILE}"
fe0f7911
DK
173 rm -rf rootdir/var/lib/apt/lists
174 signreleasefiles 'Marvin Paranoid'
6bf93605 175 updatewithwarnings '^W: .* NO_PUBKEY'
63c71412 176 testsuccessequal "$(cat "${PKGFILE}")
fe0f7911
DK
177" aptcache show apt
178 failaptold
179
8fa99570 180 msgmsg 'Bad warm archive signed by' 'Joe Sixpack'
63c71412 181 prepare "${PKGFILE}-new"
fe0f7911 182 signreleasefiles 'Joe Sixpack'
8fa99570 183 successfulaptgetupdate
63c71412 184 testsuccessequal "$(cat "${PKGFILE}-new")
fe0f7911
DK
185" aptcache show apt
186 installaptnew
187
8fa99570 188 msgmsg 'Cold archive signed by' 'Joe Sixpack'
63c71412 189 prepare "${PKGFILE}"
fe0f7911
DK
190 rm -rf rootdir/var/lib/apt/lists
191 signreleasefiles 'Joe Sixpack'
8fa99570 192 successfulaptgetupdate
63c71412 193 testsuccessequal "$(cat "${PKGFILE}")
fe0f7911
DK
194" aptcache show apt
195 installaptold
196
8fa99570 197 msgmsg 'Good warm archive signed by' 'Marvin Paranoid'
63c71412 198 prepare "${PKGFILE}-new"
fe0f7911 199 signreleasefiles 'Marvin Paranoid'
6bf93605 200 updatewithwarnings '^W: .* NO_PUBKEY'
63c71412 201 testsuccessequal "$(cat "${PKGFILE}")
29a59c46
DK
202" aptcache show apt
203 installaptold
204
8fa99570 205 msgmsg 'Good warm archive signed by' 'Rex Expired'
63c71412 206 prepare "${PKGFILE}-new"
29a59c46
DK
207 cp keys/rexexpired.pub rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg
208 signreleasefiles 'Rex Expired'
f13b413a 209 updatewithwarnings '^W: .* EXPKEYSIG'
63c71412 210 testsuccessequal "$(cat "${PKGFILE}")
fe0f7911
DK
211" aptcache show apt
212 installaptold
29a59c46
DK
213 rm rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg
214
8fa99570 215 msgmsg 'Good warm archive signed by' 'Joe Sixpack'
63c71412 216 prepare "${PKGFILE}-new"
29a59c46 217 signreleasefiles
8fa99570 218 successfulaptgetupdate
63c71412 219 testsuccessequal "$(cat "${PKGFILE}-new")
29a59c46
DK
220" aptcache show apt
221 installaptnew
b0d40854 222
8fa99570 223 msgmsg 'Cold archive signed by good keyring' 'Marvin Paranoid'
63c71412 224 prepare "${PKGFILE}"
b0d40854
DK
225 rm -rf rootdir/var/lib/apt/lists
226 signreleasefiles 'Marvin Paranoid'
b0d40854
DK
227 local MARVIN="$(readlink -f keys/marvinparanoid.pub)"
228 sed -i "s#^\(deb\(-src\)\?\) #\1 [signed-by=$MARVIN] #" rootdir/etc/apt/sources.list.d/*
8fa99570 229 successfulaptgetupdate
63c71412 230 testsuccessequal "$(cat "${PKGFILE}")
b0d40854
DK
231" aptcache show apt
232 installaptold
233
8fa99570 234 msgmsg 'Cold archive signed by bad keyring' 'Joe Sixpack'
b0d40854
DK
235 rm -rf rootdir/var/lib/apt/lists
236 signreleasefiles 'Joe Sixpack'
b0d40854 237 updatewithwarnings '^W: .* NO_PUBKEY'
b0d40854 238 sed -i "s#^\(deb\(-src\)\?\) \[signed-by=$MARVIN\] #\1 #" rootdir/etc/apt/sources.list.d/*
46e00c90 239
19fdf93d 240 local MARVIN="$(aptkey --keyring $MARVIN finger --with-colons | grep '^fpr' | cut -d':' -f 10)"
46e00c90
DK
241 msgmsg 'Cold archive signed by bad keyid' 'Joe Sixpack'
242 rm -rf rootdir/var/lib/apt/lists
243 signreleasefiles 'Joe Sixpack'
46e00c90
DK
244 sed -i "s#^\(deb\(-src\)\?\) #\1 [signed-by=$MARVIN] #" rootdir/etc/apt/sources.list.d/*
245 updatewithwarnings '^W: .* be verified because the public key is not available: .*'
b0d40854 246
8fa99570 247 msgmsg 'Cold archive signed by good keyid' 'Marvin Paranoid'
b0d40854
DK
248 rm -rf rootdir/var/lib/apt/lists
249 signreleasefiles 'Marvin Paranoid'
b0d40854 250 cp keys/marvinparanoid.pub rootdir/etc/apt/trusted.gpg.d/marvinparanoid.gpg
8fa99570 251 successfulaptgetupdate
63c71412 252 testsuccessequal "$(cat "${PKGFILE}")
b0d40854
DK
253" aptcache show apt
254 installaptold
b0d40854 255
46e00c90
DK
256 msgmsg 'Cold archive signed by good keyid' 'Marvin Paranoid,Joe Sixpack'
257 rm -rf rootdir/var/lib/apt/lists
258 signreleasefiles 'Marvin Paranoid,Joe Sixpack'
46e00c90
DK
259 successfulaptgetupdate 'NoPubKey: GOODSIG'
260 testsuccessequal "$(cat "${PKGFILE}")
261" aptcache show apt
262 installaptold
263
19fdf93d 264 local SIXPACK="$(aptkey --keyring keys/joesixpack.pub finger --with-colons | grep '^fpr' | cut -d':' -f 10)"
46e00c90 265 msgmsg 'Cold archive signed by good keyids' 'Joe Sixpack'
b0d40854
DK
266 rm -rf rootdir/var/lib/apt/lists
267 signreleasefiles 'Joe Sixpack'
46e00c90
DK
268 sed -i "s#^\(deb\(-src\)\?\) \[signed-by=$MARVIN\] #\1 [signed-by=${SIXPACK},${MARVIN}] #" rootdir/etc/apt/sources.list.d/*
269 successfulaptgetupdate
270 testsuccessequal "$(cat "${PKGFILE}")
271" aptcache show apt
272 installaptold
273
46e00c90
DK
274 msgmsg 'Cold archive signed by good keyids' 'Joe Sixpack'
275 rm -rf rootdir/var/lib/apt/lists
276 sed -i "s#^\(deb\(-src\)\?\) \[signed-by=${SIXPACK},${MARVIN}\] #\1 [signed-by=${MARVIN},${SIXPACK}] #" rootdir/etc/apt/sources.list.d/*
277 successfulaptgetupdate
278 testsuccessequal "$(cat "${PKGFILE}")
279" aptcache show apt
280 installaptold
281 rm -f rootdir/etc/apt/trusted.gpg.d/marvinparanoid.gpg
282 sed -i "s#^\(deb\(-src\)\?\) \[signed-by=${MARVIN},${SIXPACK}\] #\1 #" rootdir/etc/apt/sources.list.d/*
b0d40854 283
89901946
DK
284 rm -rf rootdir/var/lib/apt/lists-bak
285 cp -a rootdir/var/lib/apt/lists rootdir/var/lib/apt/lists-bak
286 prepare "${PKGFILE}-new"
287 signreleasefiles 'Joe Sixpack'
89901946
DK
288
289 msgmsg 'Warm archive with signed-by' 'Joe Sixpack'
290 sed -i "/^Valid-Until: / a\
291Signed-By: ${SIXPACK}" rootdir/var/lib/apt/lists/*Release
292 touch -d 'now - 1 year' rootdir/var/lib/apt/lists/*Release
293 successfulaptgetupdate
294 testsuccessequal "$(cat "${PKGFILE}-new")
295" aptcache show apt
296 installaptnew
297
298 msgmsg 'Warm archive with signed-by' 'Marvin Paranoid'
299 rm -rf rootdir/var/lib/apt/lists
300 cp -a rootdir/var/lib/apt/lists-bak rootdir/var/lib/apt/lists
301 sed -i "/^Valid-Until: / a\
302Signed-By: ${MARVIN}" rootdir/var/lib/apt/lists/*Release
303 touch -d 'now - 1 year' rootdir/var/lib/apt/lists/*Release
304 updatewithwarnings 'W: .* public key is not available: GOODSIG'
305 testsuccessequal "$(cat "${PKGFILE}")
306" aptcache show apt
307 installaptold
308
309 msgmsg 'Warm archive with outdated signed-by' 'Marvin Paranoid'
310 rm -rf rootdir/var/lib/apt/lists
311 cp -a rootdir/var/lib/apt/lists-bak rootdir/var/lib/apt/lists
312 sed -i "/^Valid-Until: / a\
313Valid-Until: $(date -u -d "now - 2min" '+%a, %d %b %Y %H:%M:%S %Z') \\
314Signed-By: ${MARVIN}" rootdir/var/lib/apt/lists/*Release
315 touch -d 'now - 1 year' rootdir/var/lib/apt/lists/*Release
316 successfulaptgetupdate
317 testsuccessequal "$(cat "${PKGFILE}-new")
318" aptcache show apt
319 installaptnew
320
321 msgmsg 'Warm archive with two signed-bys' 'Joe Sixpack'
322 rm -rf rootdir/var/lib/apt/lists
323 cp -a rootdir/var/lib/apt/lists-bak rootdir/var/lib/apt/lists
324 sed -i "/^Valid-Until: / a\
325Signed-By: ${MARVIN} ${MARVIN}, \\
326 ${SIXPACK}" rootdir/var/lib/apt/lists/*Release
327 touch -d 'now - 1 year' rootdir/var/lib/apt/lists/*Release
328 successfulaptgetupdate
329 testsuccessequal "$(cat "${PKGFILE}-new")
330" aptcache show apt
331 installaptnew
fe0f7911
DK
332}
333
43c1ca5d 334runtest2() {
8fa99570 335 msgmsg 'Cold archive signed by' 'Joe Sixpack'
63c71412 336 prepare "${PKGFILE}"
43c1ca5d
SR
337 rm -rf rootdir/var/lib/apt/lists
338 signreleasefiles 'Joe Sixpack'
8fa99570 339 successfulaptgetupdate
43c1ca5d
SR
340
341 # New .deb but now an unsigned archive. For example MITM to circumvent
342 # package verification.
8fa99570 343 msgmsg 'Warm archive signed by' 'nobody'
63c71412 344 prepare "${PKGFILE}-new"
761a5ad2 345 find aptarchive/ \( -name InRelease -o -name Release.gpg \) -delete
6bf93605 346 updatewithwarnings 'W: .* no longer signed.'
63c71412 347 testsuccessequal "$(cat "${PKGFILE}-new")
43c1ca5d
SR
348" aptcache show apt
349 failaptnew
350
351 # Unsigned archive from the beginning must also be detected.
6bf93605 352 msgmsg 'Cold archive signed by' 'nobody'
8fa99570 353 rm -rf rootdir/var/lib/apt/lists
6bf93605 354 updatewithwarnings 'W: .* is not signed.'
63c71412 355 testsuccessequal "$(cat "${PKGFILE}-new")
43c1ca5d
SR
356" aptcache show apt
357 failaptnew
358}
43c1ca5d 359
8fa99570 360runtest3() {
6a4958d3 361 echo "APT::Hashes::$APT_TESTS_DIGEST_ALGO::$1 \"yes\";" > rootdir/etc/apt/apt.conf.d/truststate
08b7761a 362 msgmsg "Running base test with $1 digest"
8fa99570
DK
363 runtest2
364
08b7761a 365 for DELETEFILE in 'InRelease' 'Release.gpg'; do
761a5ad2 366 export APT_DONT_SIGN="$DELETEFILE"
08b7761a 367 msgmsg "Running test with deletion of $DELETEFILE and $1 digest"
761a5ad2 368 runtest
5a23c56d 369 export APT_DONT_SIGN='Release.gpg'
08b7761a 370 done
8fa99570
DK
371}
372
e8b1db38
MV
373# diable some protection by default and ensure we still do the verification
374# correctly
375cat > rootdir/etc/apt/apt.conf.d/weaken-security <<EOF
376Acquire::AllowInsecureRepositories "1";
377Acquire::AllowDowngradeToInsecureRepositories "1";
378EOF
196d590a 379# the hash marked as configurable in our gpgv method
08b7761a 380export APT_TESTS_DIGEST_ALGO='SHA224'
e8b1db38 381
8fa99570
DK
382successfulaptgetupdate() {
383 testsuccess aptget update -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1
fb7b11eb
DK
384 if [ -n "$1" ]; then
385 cp rootdir/tmp/testsuccess.output aptupdate.output
386 testsuccess grep "$1" aptupdate.output
387 fi
8fa99570 388}
6a4958d3 389runtest3 'Trusted'
e8b1db38 390
8fa99570
DK
391successfulaptgetupdate() {
392 testwarning aptget update -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1
fb7b11eb
DK
393 if [ -n "$1" ]; then
394 testsuccess grep "$1" rootdir/tmp/testwarning.output
395 fi
8fa99570
DK
396 testsuccess grep 'uses weak digest algorithm' rootdir/tmp/testwarning.output
397}
6a4958d3 398runtest3 'Weak'
08b7761a
DK
399
400msgmsg "Running test with apt-untrusted digest"
6a4958d3 401echo "APT::Hashes::$APT_TESTS_DIGEST_ALGO::Untrusted \"yes\";" > rootdir/etc/apt/apt.conf.d/truststate
08b7761a
DK
402runfailure() {
403 for DELETEFILE in 'InRelease' 'Release.gpg'; do
761a5ad2 404 export APT_DONT_SIGN="$DELETEFILE"
08b7761a
DK
405 msgmsg 'Cold archive signed by' 'Joe Sixpack'
406 prepare "${PKGFILE}"
407 rm -rf rootdir/var/lib/apt/lists
408 signreleasefiles 'Joe Sixpack'
08b7761a
DK
409 testfailure aptget update --no-allow-insecure-repositories -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1
410 testsuccess grep 'The following signatures were invalid' rootdir/tmp/testfailure.output
411 testnopackage 'apt'
412 testwarning aptget update --allow-insecure-repositories -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1
413 failaptold
d03b947b
DK
414 rm -rf rootdir/var/lib/apt/lists
415 sed -i 's#^deb\(-src\)\? #deb\1 [allow-insecure=yes] #' rootdir/etc/apt/sources.list.d/*
416 testwarning aptget update --no-allow-insecure-repositories -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1
417 failaptold
418 sed -i 's#^deb\(-src\)\? \[allow-insecure=yes\] #deb\1 #' rootdir/etc/apt/sources.list.d/*
08b7761a
DK
419
420 msgmsg 'Cold archive signed by' 'Marvin Paranoid'
421 prepare "${PKGFILE}"
422 rm -rf rootdir/var/lib/apt/lists
423 signreleasefiles 'Marvin Paranoid'
08b7761a
DK
424 testfailure aptget update --no-allow-insecure-repositories -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1
425 testnopackage 'apt'
426 updatewithwarnings '^W: .* NO_PUBKEY'
427 testsuccessequal "$(cat "${PKGFILE}")
428" aptcache show apt
429 failaptold
5a23c56d 430 export APT_DONT_SIGN='Release.gpg'
08b7761a
DK
431 done
432}
433runfailure
434
435msgmsg "Running test with gpgv-untrusted digest"
436export APT_TESTS_DIGEST_ALGO='MD5'
437runfailure