]>
Commit | Line | Data |
---|---|---|
fe0f7911 DK |
1 | #!/bin/sh |
2 | set -e | |
3 | ||
4 | TESTDIR=$(readlink -f $(dirname $0)) | |
5 | . $TESTDIR/framework | |
6 | ||
7 | setupenvironment | |
8 | configarchitecture "i386" | |
9 | ||
10 | buildaptarchive | |
11 | setupflataptarchive | |
12 | changetowebserver | |
13 | ||
f2c0ec8b | 14 | webserverconfig 'aptwebserver::support::range' 'false' |
331e8396 | 15 | |
fe0f7911 DK |
16 | prepare() { |
17 | local DATE="${2:-now}" | |
331e8396 DK |
18 | if [ "$DATE" = 'now' ]; then |
19 | if [ "$1" = "${PKGFILE}-new" ]; then | |
20 | DATE='now - 1 day' | |
21 | else | |
22 | DATE='now - 7 day' | |
23 | fi | |
fe0f7911 DK |
24 | fi |
25 | for release in $(find rootdir/var/lib/apt/lists 2> /dev/null); do | |
331e8396 | 26 | touch -d 'now - 1 year' $release |
fe0f7911 | 27 | done |
8de79b68 | 28 | aptget clean |
fe0f7911 DK |
29 | cp $1 aptarchive/Packages |
30 | find aptarchive -name 'Release' -delete | |
331e8396 | 31 | compressfile 'aptarchive/Packages' "$DATE" |
fe0f7911 DK |
32 | generatereleasefiles "$DATE" |
33 | } | |
34 | ||
35 | installaptold() { | |
25b86db1 | 36 | testsuccessequal 'Reading package lists... |
fe0f7911 DK |
37 | Building dependency tree... |
38 | Suggested packages: | |
39 | aptitude synaptic wajig dpkg-dev apt-doc bzip2 lzma python-apt | |
40 | The following NEW packages will be installed: | |
41 | apt | |
42 | 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. | |
43 | After this operation, 5370 kB of additional disk space will be used. | |
5b63d2a9 | 44 | Get:1 http://localhost:8080/ apt 0.7.25.3 |
fe0f7911 DK |
45 | Download complete and in download only mode' aptget install apt -dy |
46 | } | |
47 | ||
48 | installaptnew() { | |
25b86db1 | 49 | testsuccessequal 'Reading package lists... |
fe0f7911 DK |
50 | Building dependency tree... |
51 | Suggested packages: | |
52 | aptitude synaptic wajig dpkg-dev apt-doc bzip2 lzma python-apt | |
53 | The following NEW packages will be installed: | |
54 | apt | |
55 | 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. | |
56 | After this operation, 5808 kB of additional disk space will be used. | |
5b63d2a9 | 57 | Get:1 http://localhost:8080/ apt 0.8.0~pre1 |
fe0f7911 DK |
58 | Download complete and in download only mode' aptget install apt -dy |
59 | } | |
60 | ||
61 | failaptold() { | |
25b86db1 | 62 | testfailureequal 'Reading package lists... |
fe0f7911 DK |
63 | Building dependency tree... |
64 | Suggested packages: | |
65 | aptitude synaptic wajig dpkg-dev apt-doc bzip2 lzma python-apt | |
66 | The following NEW packages will be installed: | |
67 | apt | |
68 | 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. | |
69 | After this operation, 5370 kB of additional disk space will be used. | |
70 | WARNING: The following packages cannot be authenticated! | |
71 | apt | |
72 | E: There are problems and -y was used without --force-yes' aptget install apt -dy | |
73 | } | |
74 | ||
75 | failaptnew() { | |
25b86db1 | 76 | testfailureequal 'Reading package lists... |
fe0f7911 DK |
77 | Building dependency tree... |
78 | Suggested packages: | |
79 | aptitude synaptic wajig dpkg-dev apt-doc bzip2 lzma python-apt | |
80 | The following NEW packages will be installed: | |
81 | apt | |
82 | 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. | |
83 | After this operation, 5808 kB of additional disk space will be used. | |
84 | WARNING: The following packages cannot be authenticated! | |
85 | apt | |
86 | E: There are problems and -y was used without --force-yes' aptget install apt -dy | |
87 | } | |
88 | ||
89 | # fake our downloadable file | |
90 | touch aptarchive/apt.deb | |
91 | ||
92 | PKGFILE="${TESTDIR}/$(echo "$(basename $0)" | sed 's#^test-#Packages-#')" | |
93 | ||
331e8396 DK |
94 | updatesuccess() { |
95 | local LOG='update.log' | |
96 | if aptget update >$LOG 2>&1 || grep -q -E '^(W|E): ' $LOG; then | |
97 | msgpass | |
98 | else | |
99 | cat $LOG | |
100 | msgfail | |
101 | fi | |
102 | } | |
103 | ||
104 | updatefailure() { | |
105 | local LOG='update.log' | |
106 | aptget update >$LOG 2>&1 || true | |
107 | if grep -q -E "$1" $LOG; then | |
108 | msgpass | |
109 | else | |
110 | cat $LOG | |
111 | msgfail | |
112 | fi | |
113 | } | |
114 | ||
fe0f7911 DK |
115 | runtest() { |
116 | prepare ${PKGFILE} | |
117 | rm -rf rootdir/var/lib/apt/lists | |
118 | signreleasefiles 'Joe Sixpack' | |
119 | find aptarchive/ -name "$DELETEFILE" -delete | |
120 | msgtest 'Cold archive signed by' 'Joe Sixpack' | |
331e8396 | 121 | updatesuccess |
25b86db1 | 122 | testsuccessequal "$(cat ${PKGFILE}) |
fe0f7911 DK |
123 | " aptcache show apt |
124 | installaptold | |
125 | ||
126 | prepare ${PKGFILE}-new | |
127 | signreleasefiles 'Joe Sixpack' | |
128 | find aptarchive/ -name "$DELETEFILE" -delete | |
129 | msgtest 'Good warm archive signed by' 'Joe Sixpack' | |
331e8396 | 130 | updatesuccess |
25b86db1 | 131 | testsuccessequal "$(cat ${PKGFILE}-new) |
fe0f7911 DK |
132 | " aptcache show apt |
133 | installaptnew | |
134 | ||
29a59c46 DK |
135 | prepare ${PKGFILE} |
136 | rm -rf rootdir/var/lib/apt/lists | |
137 | cp keys/rexexpired.pub rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg | |
138 | signreleasefiles 'Rex Expired' | |
139 | find aptarchive/ -name "$DELETEFILE" -delete | |
140 | msgtest 'Cold archive signed by' 'Rex Expired' | |
331e8396 | 141 | updatefailure '^W: .* KEYEXPIRED' |
25b86db1 | 142 | testsuccessequal "$(cat ${PKGFILE}) |
29a59c46 DK |
143 | " aptcache show apt |
144 | failaptold | |
145 | rm rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg | |
fe0f7911 DK |
146 | |
147 | prepare ${PKGFILE} | |
148 | rm -rf rootdir/var/lib/apt/lists | |
149 | signreleasefiles 'Marvin Paranoid' | |
150 | find aptarchive/ -name "$DELETEFILE" -delete | |
151 | msgtest 'Cold archive signed by' 'Marvin Paranoid' | |
331e8396 | 152 | updatefailure '^W: .* NO_PUBKEY' |
25b86db1 | 153 | testsuccessequal "$(cat ${PKGFILE}) |
fe0f7911 DK |
154 | " aptcache show apt |
155 | failaptold | |
156 | ||
157 | prepare ${PKGFILE}-new | |
158 | # weborf doesn't support If-Range | |
159 | for release in $(find rootdir/var/lib/apt/lists/partial/ -name '*Release'); do | |
160 | rm $release | |
161 | touch $release | |
162 | done | |
163 | signreleasefiles 'Joe Sixpack' | |
164 | find aptarchive/ -name "$DELETEFILE" -delete | |
165 | msgtest 'Bad warm archive signed by' 'Joe Sixpack' | |
331e8396 | 166 | updatesuccess |
25b86db1 | 167 | testsuccessequal "$(cat ${PKGFILE}-new) |
fe0f7911 DK |
168 | " aptcache show apt |
169 | installaptnew | |
170 | ||
171 | ||
172 | prepare ${PKGFILE} | |
173 | rm -rf rootdir/var/lib/apt/lists | |
174 | signreleasefiles 'Joe Sixpack' | |
175 | find aptarchive/ -name "$DELETEFILE" -delete | |
176 | msgtest 'Cold archive signed by' 'Joe Sixpack' | |
331e8396 | 177 | updatesuccess |
25b86db1 | 178 | testsuccessequal "$(cat ${PKGFILE}) |
fe0f7911 DK |
179 | " aptcache show apt |
180 | installaptold | |
181 | ||
182 | prepare ${PKGFILE}-new | |
183 | signreleasefiles 'Marvin Paranoid' | |
184 | find aptarchive/ -name "$DELETEFILE" -delete | |
185 | msgtest 'Good warm archive signed by' 'Marvin Paranoid' | |
331e8396 | 186 | updatefailure '^W: .* NO_PUBKEY' |
25b86db1 | 187 | testsuccessequal "$(cat ${PKGFILE}) |
29a59c46 DK |
188 | " aptcache show apt |
189 | installaptold | |
190 | ||
191 | prepare ${PKGFILE}-new | |
192 | cp keys/rexexpired.pub rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg | |
193 | signreleasefiles 'Rex Expired' | |
194 | find aptarchive/ -name "$DELETEFILE" -delete | |
195 | msgtest 'Good warm archive signed by' 'Rex Expired' | |
331e8396 | 196 | updatefailure '^W: .* KEYEXPIRED' |
25b86db1 | 197 | testsuccessequal "$(cat ${PKGFILE}) |
fe0f7911 DK |
198 | " aptcache show apt |
199 | installaptold | |
29a59c46 DK |
200 | rm rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg |
201 | ||
202 | prepare ${PKGFILE}-new | |
203 | signreleasefiles | |
204 | find aptarchive/ -name "$DELETEFILE" -delete | |
205 | msgtest 'Good warm archive signed by' 'Joe Sixpack' | |
331e8396 | 206 | updatesuccess |
25b86db1 | 207 | testsuccessequal "$(cat ${PKGFILE}-new) |
29a59c46 DK |
208 | " aptcache show apt |
209 | installaptnew | |
fe0f7911 DK |
210 | } |
211 | ||
43c1ca5d SR |
212 | runtest2() { |
213 | prepare ${PKGFILE} | |
214 | rm -rf rootdir/var/lib/apt/lists | |
215 | signreleasefiles 'Joe Sixpack' | |
216 | msgtest 'Cold archive signed by' 'Joe Sixpack' | |
331e8396 | 217 | updatesuccess |
43c1ca5d SR |
218 | |
219 | # New .deb but now an unsigned archive. For example MITM to circumvent | |
220 | # package verification. | |
221 | prepare ${PKGFILE}-new | |
222 | find aptarchive/ -name InRelease -delete | |
223 | find aptarchive/ -name Release.gpg -delete | |
224 | msgtest 'Warm archive signed by' 'nobody' | |
331e8396 | 225 | updatesuccess |
25b86db1 | 226 | testsuccessequal "$(cat ${PKGFILE}-new) |
43c1ca5d SR |
227 | " aptcache show apt |
228 | failaptnew | |
229 | ||
230 | # Unsigned archive from the beginning must also be detected. | |
231 | rm -rf rootdir/var/lib/apt/lists | |
232 | msgtest 'Cold archive signed by' 'nobody' | |
331e8396 | 233 | updatesuccess |
25b86db1 | 234 | testsuccessequal "$(cat ${PKGFILE}-new) |
43c1ca5d SR |
235 | " aptcache show apt |
236 | failaptnew | |
237 | } | |
43c1ca5d | 238 | |
e8b1db38 MV |
239 | # diable some protection by default and ensure we still do the verification |
240 | # correctly | |
241 | cat > rootdir/etc/apt/apt.conf.d/weaken-security <<EOF | |
242 | Acquire::AllowInsecureRepositories "1"; | |
243 | Acquire::AllowDowngradeToInsecureRepositories "1"; | |
244 | EOF | |
245 | ||
246 | msgmsg "Runing base test" | |
247 | runtest2 | |
43c1ca5d | 248 | |
fe0f7911 | 249 | DELETEFILE="InRelease" |
e8b1db38 | 250 | msgmsg "Running test with deletion of $DELETEFILE" |
fe0f7911 | 251 | runtest |
e8b1db38 | 252 | |
e3c62328 | 253 | DELETEFILE="Release.gpg" |
e8b1db38 | 254 | msgmsg "Running test with deletion of $DELETEFILE" |
e3c62328 | 255 | runtest |