]> git.saurik.com Git - apt.git/blame - test/integration/test-releasefile-verification
detect Releasefile IMS hits even if the server doesn't
[apt.git] / test / integration / test-releasefile-verification
CommitLineData
fe0f7911
DK
1#!/bin/sh
2set -e
3
4TESTDIR=$(readlink -f $(dirname $0))
5. $TESTDIR/framework
6
7setupenvironment
8configarchitecture "i386"
9
10buildaptarchive
11setupflataptarchive
12changetowebserver
13
f2c0ec8b 14webserverconfig 'aptwebserver::support::range' 'false'
331e8396 15
fe0f7911
DK
16prepare() {
17 local DATE="${2:-now}"
331e8396
DK
18 if [ "$DATE" = 'now' ]; then
19 if [ "$1" = "${PKGFILE}-new" ]; then
20 DATE='now - 1 day'
21 else
22 DATE='now - 7 day'
23 fi
fe0f7911
DK
24 fi
25 for release in $(find rootdir/var/lib/apt/lists 2> /dev/null); do
331e8396 26 touch -d 'now - 1 year' $release
fe0f7911 27 done
8de79b68 28 aptget clean
fe0f7911
DK
29 cp $1 aptarchive/Packages
30 find aptarchive -name 'Release' -delete
331e8396 31 compressfile 'aptarchive/Packages' "$DATE"
fe0f7911
DK
32 generatereleasefiles "$DATE"
33}
34
35installaptold() {
25b86db1 36 testsuccessequal 'Reading package lists...
fe0f7911
DK
37Building dependency tree...
38Suggested packages:
39 aptitude synaptic wajig dpkg-dev apt-doc bzip2 lzma python-apt
40The following NEW packages will be installed:
41 apt
420 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
43After this operation, 5370 kB of additional disk space will be used.
5b63d2a9 44Get:1 http://localhost:8080/ apt 0.7.25.3
fe0f7911
DK
45Download complete and in download only mode' aptget install apt -dy
46}
47
48installaptnew() {
25b86db1 49 testsuccessequal 'Reading package lists...
fe0f7911
DK
50Building dependency tree...
51Suggested packages:
52 aptitude synaptic wajig dpkg-dev apt-doc bzip2 lzma python-apt
53The following NEW packages will be installed:
54 apt
550 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
56After this operation, 5808 kB of additional disk space will be used.
5b63d2a9 57Get:1 http://localhost:8080/ apt 0.8.0~pre1
fe0f7911
DK
58Download complete and in download only mode' aptget install apt -dy
59}
60
61failaptold() {
25b86db1 62 testfailureequal 'Reading package lists...
fe0f7911
DK
63Building dependency tree...
64Suggested packages:
65 aptitude synaptic wajig dpkg-dev apt-doc bzip2 lzma python-apt
66The following NEW packages will be installed:
67 apt
680 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
69After this operation, 5370 kB of additional disk space will be used.
70WARNING: The following packages cannot be authenticated!
71 apt
72E: There are problems and -y was used without --force-yes' aptget install apt -dy
73}
74
75failaptnew() {
25b86db1 76 testfailureequal 'Reading package lists...
fe0f7911
DK
77Building dependency tree...
78Suggested packages:
79 aptitude synaptic wajig dpkg-dev apt-doc bzip2 lzma python-apt
80The following NEW packages will be installed:
81 apt
820 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
83After this operation, 5808 kB of additional disk space will be used.
84WARNING: The following packages cannot be authenticated!
85 apt
86E: There are problems and -y was used without --force-yes' aptget install apt -dy
87}
88
89# fake our downloadable file
90touch aptarchive/apt.deb
91
92PKGFILE="${TESTDIR}/$(echo "$(basename $0)" | sed 's#^test-#Packages-#')"
93
331e8396
DK
94updatesuccess() {
95 local LOG='update.log'
96 if aptget update >$LOG 2>&1 || grep -q -E '^(W|E): ' $LOG; then
97 msgpass
98 else
99 cat $LOG
100 msgfail
101 fi
102}
103
104updatefailure() {
105 local LOG='update.log'
106 aptget update >$LOG 2>&1 || true
107 if grep -q -E "$1" $LOG; then
108 msgpass
109 else
110 cat $LOG
111 msgfail
112 fi
113}
114
fe0f7911
DK
115runtest() {
116 prepare ${PKGFILE}
117 rm -rf rootdir/var/lib/apt/lists
118 signreleasefiles 'Joe Sixpack'
119 find aptarchive/ -name "$DELETEFILE" -delete
120 msgtest 'Cold archive signed by' 'Joe Sixpack'
331e8396 121 updatesuccess
25b86db1 122 testsuccessequal "$(cat ${PKGFILE})
fe0f7911
DK
123" aptcache show apt
124 installaptold
125
126 prepare ${PKGFILE}-new
127 signreleasefiles 'Joe Sixpack'
128 find aptarchive/ -name "$DELETEFILE" -delete
129 msgtest 'Good warm archive signed by' 'Joe Sixpack'
331e8396 130 updatesuccess
25b86db1 131 testsuccessequal "$(cat ${PKGFILE}-new)
fe0f7911
DK
132" aptcache show apt
133 installaptnew
134
29a59c46
DK
135 prepare ${PKGFILE}
136 rm -rf rootdir/var/lib/apt/lists
137 cp keys/rexexpired.pub rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg
138 signreleasefiles 'Rex Expired'
139 find aptarchive/ -name "$DELETEFILE" -delete
140 msgtest 'Cold archive signed by' 'Rex Expired'
331e8396 141 updatefailure '^W: .* KEYEXPIRED'
25b86db1 142 testsuccessequal "$(cat ${PKGFILE})
29a59c46
DK
143" aptcache show apt
144 failaptold
145 rm rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg
fe0f7911
DK
146
147 prepare ${PKGFILE}
148 rm -rf rootdir/var/lib/apt/lists
149 signreleasefiles 'Marvin Paranoid'
150 find aptarchive/ -name "$DELETEFILE" -delete
151 msgtest 'Cold archive signed by' 'Marvin Paranoid'
331e8396 152 updatefailure '^W: .* NO_PUBKEY'
25b86db1 153 testsuccessequal "$(cat ${PKGFILE})
fe0f7911
DK
154" aptcache show apt
155 failaptold
156
157 prepare ${PKGFILE}-new
158 # weborf doesn't support If-Range
159 for release in $(find rootdir/var/lib/apt/lists/partial/ -name '*Release'); do
160 rm $release
161 touch $release
162 done
163 signreleasefiles 'Joe Sixpack'
164 find aptarchive/ -name "$DELETEFILE" -delete
165 msgtest 'Bad warm archive signed by' 'Joe Sixpack'
331e8396 166 updatesuccess
25b86db1 167 testsuccessequal "$(cat ${PKGFILE}-new)
fe0f7911
DK
168" aptcache show apt
169 installaptnew
170
171
172 prepare ${PKGFILE}
173 rm -rf rootdir/var/lib/apt/lists
174 signreleasefiles 'Joe Sixpack'
175 find aptarchive/ -name "$DELETEFILE" -delete
176 msgtest 'Cold archive signed by' 'Joe Sixpack'
331e8396 177 updatesuccess
25b86db1 178 testsuccessequal "$(cat ${PKGFILE})
fe0f7911
DK
179" aptcache show apt
180 installaptold
181
182 prepare ${PKGFILE}-new
183 signreleasefiles 'Marvin Paranoid'
184 find aptarchive/ -name "$DELETEFILE" -delete
185 msgtest 'Good warm archive signed by' 'Marvin Paranoid'
331e8396 186 updatefailure '^W: .* NO_PUBKEY'
25b86db1 187 testsuccessequal "$(cat ${PKGFILE})
29a59c46
DK
188" aptcache show apt
189 installaptold
190
191 prepare ${PKGFILE}-new
192 cp keys/rexexpired.pub rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg
193 signreleasefiles 'Rex Expired'
194 find aptarchive/ -name "$DELETEFILE" -delete
195 msgtest 'Good warm archive signed by' 'Rex Expired'
331e8396 196 updatefailure '^W: .* KEYEXPIRED'
25b86db1 197 testsuccessequal "$(cat ${PKGFILE})
fe0f7911
DK
198" aptcache show apt
199 installaptold
29a59c46
DK
200 rm rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg
201
202 prepare ${PKGFILE}-new
203 signreleasefiles
204 find aptarchive/ -name "$DELETEFILE" -delete
205 msgtest 'Good warm archive signed by' 'Joe Sixpack'
331e8396 206 updatesuccess
25b86db1 207 testsuccessequal "$(cat ${PKGFILE}-new)
29a59c46
DK
208" aptcache show apt
209 installaptnew
fe0f7911
DK
210}
211
43c1ca5d
SR
212runtest2() {
213 prepare ${PKGFILE}
214 rm -rf rootdir/var/lib/apt/lists
215 signreleasefiles 'Joe Sixpack'
216 msgtest 'Cold archive signed by' 'Joe Sixpack'
331e8396 217 updatesuccess
43c1ca5d
SR
218
219 # New .deb but now an unsigned archive. For example MITM to circumvent
220 # package verification.
221 prepare ${PKGFILE}-new
222 find aptarchive/ -name InRelease -delete
223 find aptarchive/ -name Release.gpg -delete
224 msgtest 'Warm archive signed by' 'nobody'
331e8396 225 updatesuccess
25b86db1 226 testsuccessequal "$(cat ${PKGFILE}-new)
43c1ca5d
SR
227" aptcache show apt
228 failaptnew
229
230 # Unsigned archive from the beginning must also be detected.
231 rm -rf rootdir/var/lib/apt/lists
232 msgtest 'Cold archive signed by' 'nobody'
331e8396 233 updatesuccess
25b86db1 234 testsuccessequal "$(cat ${PKGFILE}-new)
43c1ca5d
SR
235" aptcache show apt
236 failaptnew
237}
43c1ca5d 238
e8b1db38
MV
239# diable some protection by default and ensure we still do the verification
240# correctly
241cat > rootdir/etc/apt/apt.conf.d/weaken-security <<EOF
242Acquire::AllowInsecureRepositories "1";
243Acquire::AllowDowngradeToInsecureRepositories "1";
244EOF
245
246msgmsg "Runing base test"
247runtest2
43c1ca5d 248
fe0f7911 249DELETEFILE="InRelease"
e8b1db38 250msgmsg "Running test with deletion of $DELETEFILE"
fe0f7911 251runtest
e8b1db38 252
e3c62328 253DELETEFILE="Release.gpg"
e8b1db38 254msgmsg "Running test with deletion of $DELETEFILE"
e3c62328 255runtest