]> git.saurik.com Git - apt.git/blame - test/integration/test-policy-pinning
disable updating insecure repositories in apt by default
[apt.git] / test / integration / test-policy-pinning
CommitLineData
5ed56f93
DK
1#!/bin/sh
2set -e
3
9962ae93 4TESTDIR=$(readlink -f $(dirname $0))
5ed56f93
DK
5. $TESTDIR/framework
6
7setupenvironment
8configarchitecture "i386"
9
10buildaptarchive
11setupflataptarchive
12
13STATUS=$(readlink -f rootdir/var/lib/dpkg/status)
14APTARCHIVE=$(readlink -f aptarchive)
15
16testequalpolicy() {
17 local SP="$1"
18 local AP="$2"
19 shift 2
25b86db1 20 testsuccessequal "Package files:
5ed56f93
DK
21 $(echo "$SP" | awk '{ printf("%3s\n",$0) }') ${STATUS}
22 release a=now
1da3b7b8 23 $(echo "$AP" | awk '{ printf("%3s\n",$0) }') file:${APTARCHIVE} Packages
5ed56f93 24 release c=
b07aeb1a 25Pinned packages:" aptcache policy "$@"
5ed56f93
DK
26}
27
3f732aa6
DK
28testglobalpolicy() {
29 aptgetupdate
5ed56f93 30
3f732aa6
DK
31 testequalpolicy 100 500
32 testequalpolicy 990 500 -t now
5ed56f93 33
3f732aa6
DK
34 sed -i aptarchive/Release -e 1i"NotAutomatic: yes"
35 aptgetupdate
5ed56f93 36
3f732aa6
DK
37 testequalpolicy 100 1 -o Test=NotAutomatic
38 testequalpolicy 990 1 -o Test=NotAutomatic -t now
451ea3d4 39
3f732aa6
DK
40 sed -i aptarchive/Release -e 1i"ButAutomaticUpgrades: yes"
41 aptgetupdate
451ea3d4 42
3f732aa6
DK
43 testequalpolicy 100 100 -o Test=ButAutomaticUpgrades
44 testequalpolicy 990 100 -o Test=ButAutomaticUpgrades -t now
451ea3d4 45
3f732aa6
DK
46 sed -i aptarchive/Release -e 's#NotAutomatic: yes#NotAutomatic: no#' -e '/ButAutomaticUpgrades: / d'
47 aptgetupdate
451ea3d4 48
3f732aa6
DK
49 testequalpolicy 100 500 -o Test=Automatic
50 testequalpolicy 990 500 -o Test=Automatic -t now
451ea3d4 51
3f732aa6
DK
52 sed -i aptarchive/Release -e '/NotAutomatic: / d' -e '/ButAutomaticUpgrades: / d'
53}
451ea3d4 54
3f732aa6
DK
55msgmsg 'Test with not signed archive'
56aptgetupdate() {
57 rm -rf rootdir/var/lib/apt
58 testwarning aptget update --allow-insecure-repositories
59}
60testglobalpolicy
451ea3d4 61
3f732aa6
DK
62msgmsg 'Test with signed but no key in trusted'
63aptgetupdate() {
64 rm -rf rootdir/var/lib/apt
65 signreleasefiles 'Marvin Paranoid'
66 testwarning aptget update --allow-insecure-repositories
67}
68testglobalpolicy
451ea3d4 69
3f732aa6
DK
70# much the same tests will be executed below in more detail again for this one
71msgmsg 'Test with signed and valid key'
72aptgetupdate() {
73 rm -rf rootdir/var/lib/apt
74 signreleasefiles 'Joe Sixpack'
75 testsuccess aptget update
76}
77testglobalpolicy
451ea3d4 78
3f732aa6 79msgmsg 'Test with specific packages'
451ea3d4 80
5ed56f93
DK
81buildsimplenativepackage "coolstuff" "all" "1.0" "stable"
82buildsimplenativepackage "coolstuff" "all" "2.0~bpo1" "backports"
83
84setupaptarchive
85
86testequalpolicycoolstuff() {
87 local INSTALLED="${1:-(none)}"
88 local CANDIDATE="${2:-(none)}"
89 local AB="$3"
90 local AS="$4"
91 local PB="$5"
5ed56f93
DK
92 local IS=""
93 local IB=""
94 local SB=""
95 local SS=""
96 [ "$1" = "2.0~bpo1" ] && IB="***" && SB="
97 100 $STATUS" || IB=" "
98 [ "$1" = "1.0" ] && IS="***" && SS="
99 100 $STATUS" || IS=" "
100 local BPO1ARCHIVE=""
101 local BPO2ARCHIVE=""
102 if [ ! "$7" = "2.0~bpo2" ]; then
76b004d1 103 BPO1PIN="$AB"
1da3b7b8 104 BPO1ARCHIVE=" $(echo "$AB" | awk '{ printf("%3s\n",$0) }') file:${APTARCHIVE} backports/main i386 Packages"
5ed56f93
DK
105 else
106 BPO2ARCHIVE="
76b004d1 107 2.0~bpo2 $AB
1da3b7b8 108 $(echo "$AB" | awk '{ printf("%3s\n",$0) }') file:${APTARCHIVE} backports/main i386 Packages"
5ed56f93
DK
109 SB="$(echo "$SB" | tail -n 1)"
110 shift
111 fi
112 shift 6
25b86db1 113 testsuccessequal "coolstuff:
5ed56f93
DK
114 Installed: $INSTALLED
115 Candidate: $CANDIDATE
bb08e204 116 Version table:${BPO2ARCHIVE}
5ed56f93
DK
117 $IB 2.0~bpo1 $PB
118${BPO1ARCHIVE}$SB
76b004d1 119 $IS 1.0 $AS
1da3b7b8 120 $(echo "$AS" | awk '{ printf("%3s\n",$0) }') file:${APTARCHIVE} stable/main i386 Packages$SS" \
5ed56f93
DK
121 aptcache policy coolstuff -o Policy=${INSTALLED}-${CANDIDATE}-${AB}-${AS}-${PB} $*
122}
123
76b004d1
JAK
124testequalpolicycoolstuff "" "2.0~bpo1" 500 500 500 ""
125testequalpolicycoolstuff "" "1.0" 500 990 500 "" -t stable
126testequalpolicycoolstuff "" "2.0~bpo1" 990 500 990 "" -t backports
5ed56f93
DK
127echo "Package: *
128Pin: release n=backports
129Pin-Priority: 200" > rootdir/etc/apt/preferences
76b004d1
JAK
130testequalpolicycoolstuff "" "1.0" 200 500 200 "" -o Test=GlobalPin
131testequalpolicycoolstuff "" "1.0" 200 990 200 "" -o Test=GlobalPin -t stable
132testequalpolicycoolstuff "" "2.0~bpo1" 990 500 990 "" -o Test=GlobalPin -t backports
5ed56f93
DK
133echo "Package: *
134Pin: release n=backports
135Pin-Priority: 600" > rootdir/etc/apt/preferences
76b004d1
JAK
136testequalpolicycoolstuff "" "2.0~bpo1" 600 500 600 "" -o Test=GlobalPin
137testequalpolicycoolstuff "" "1.0" 600 990 600 "" -o Test=GlobalPin -t stable
5ed56f93
DK
138echo "Package: coolstuff
139Pin: release n=backports
140Pin-Priority: 200" > rootdir/etc/apt/preferences
141#FIXME: policy can't differentiate between two sources where one has a package specific pin in place
142# testequalpolicycoolstuff "" "1.0" 500 500 200 "2.0~bpo1" -o Test=PackagePin
143# testequalpolicycoolstuff "" "1.0" 990 500 200 "2.0~bpo1" -o Test=PackagePin -t backports
144testequalpolicycoolstuff "" "1.0" 500 990 200 "2.0~bpo1" -o Test=PackagePin -t stable
145echo "Package: coolstuff
146Pin: release n=backports
147Pin-Priority: 600" > rootdir/etc/apt/preferences
148testequalpolicycoolstuff "" "2.0~bpo1" 500 500 600 "2.0~bpo1" -o Test=PackagePin
149testequalpolicycoolstuff "" "1.0" 500 990 600 "2.0~bpo1" -o Test=PackagePin -t stable
150testequalpolicycoolstuff "" "2.0~bpo1" 990 500 600 "2.0~bpo1" -o Test=PackagePin -t backports
151
152echo "Package: coolstuff
153Pin: release n=backports
154Pin-Priority: -1" > rootdir/etc/apt/preferences
155# testequalpolicycoolstuff "" "1.0" 500 500 -1 "2.0~bpo1" -o Test=PackagePin
156# testequalpolicycoolstuff "" "1.0" 990 500 -1 "2.0~bpo1" -o Test=PackagePin -t backports
157# testequalpolicycoolstuff "" "1.0" 500 990 -1 "2.0~bpo1" -o Test=PackagePin -t stable
158
159rm rootdir/etc/apt/preferences
160sed -i aptarchive/dists/backports/Release -e 1i"NotAutomatic: yes"
161signreleasefiles
451ea3d4 162aptgetupdate
5ed56f93 163
76b004d1
JAK
164testequalpolicycoolstuff "" "1.0" 1 500 1 "" -o Test=NotAutomatic
165testequalpolicycoolstuff "" "1.0" 1 990 1 "" -o Test=NotAutomatic -t stable
166testequalpolicycoolstuff "" "2.0~bpo1" 990 500 990 "" -o Test=NotAutomatic -t backports
5ed56f93
DK
167echo "Package: *
168Pin: release n=backports
169Pin-Priority: 200" > rootdir/etc/apt/preferences
76b004d1 170testequalpolicycoolstuff "" "1.0" 200 500 200 "" -o Test=NotAutomatic
5ed56f93
DK
171echo "Package: *
172Pin: release n=backports
173Pin-Priority: 600" > rootdir/etc/apt/preferences
76b004d1
JAK
174testequalpolicycoolstuff "" "2.0~bpo1" 600 500 600 "" -o Test=NotAutomatic
175testequalpolicycoolstuff "" "1.0" 600 990 600 "" -o Test=NotAutomatic -t stable
5ed56f93
DK
176echo "Package: coolstuff
177Pin: release n=backports
178Pin-Priority: 200" > rootdir/etc/apt/preferences
179testequalpolicycoolstuff "" "1.0" 1 500 200 "2.0~bpo1" -o Test=NotAutomatic
180echo "Package: coolstuff
181Pin: release n=backports
182Pin-Priority: 600" > rootdir/etc/apt/preferences
183testequalpolicycoolstuff "" "2.0~bpo1" 1 500 600 "2.0~bpo1" -o Test=NotAutomatic
184testequalpolicycoolstuff "" "2.0~bpo1" 990 500 600 "2.0~bpo1" -o Test=NotAutomatic -t backports
185testequalpolicycoolstuff "" "1.0" 1 990 600 "2.0~bpo1" -o Test=NotAutomatic -t stable
186
187rm rootdir/etc/apt/preferences
188sed -i aptarchive/dists/backports/Release -e 1i"ButAutomaticUpgrades: yes"
189signreleasefiles
451ea3d4 190aptgetupdate
5ed56f93 191
76b004d1
JAK
192testequalpolicycoolstuff "" "1.0" 100 500 100 "" -o Test=ButAutomaticUpgrades
193testequalpolicycoolstuff "" "1.0" 100 990 100 "" -o Test=ButAutomaticUpgrades -t stable
194testequalpolicycoolstuff "" "2.0~bpo1" 990 500 990 "" -o Test=ButAutomaticUpgrades -t backports
5ed56f93
DK
195echo "Package: *
196Pin: release n=backports
197Pin-Priority: 200" > rootdir/etc/apt/preferences
76b004d1 198testequalpolicycoolstuff "" "1.0" 200 500 200 "" -o Test=ButAutomaticUpgrades
5ed56f93
DK
199echo "Package: *
200Pin: release n=backports
201Pin-Priority: 600" > rootdir/etc/apt/preferences
76b004d1
JAK
202testequalpolicycoolstuff "" "2.0~bpo1" 600 500 600 "" -o Test=ButAutomaticUpgrades
203testequalpolicycoolstuff "" "1.0" 600 990 600 "" -o Test=ButAutomaticUpgrades -t stable
5ed56f93
DK
204echo "Package: coolstuff
205Pin: release n=backports
206Pin-Priority: 200" > rootdir/etc/apt/preferences
207testequalpolicycoolstuff "" "1.0" 100 500 200 "2.0~bpo1" -o Test=ButAutomaticUpgrades
208echo "Package: coolstuff
209Pin: release n=backports
210Pin-Priority: 600" > rootdir/etc/apt/preferences
211testequalpolicycoolstuff "" "2.0~bpo1" 100 500 600 "2.0~bpo1" -o Test=ButAutomaticUpgrades
212testequalpolicycoolstuff "" "2.0~bpo1" 990 500 600 "2.0~bpo1" -o Test=ButAutomaticUpgrades -t backports
213testequalpolicycoolstuff "" "1.0" 100 990 600 "2.0~bpo1" -o Test=ButAutomaticUpgrades -t stable
214
215rm rootdir/etc/apt/preferences
0440d936 216testsuccess aptget install coolstuff -y
76b004d1 217testequalpolicycoolstuff "1.0" "1.0" 100 500 100 "" -o Test=ButAutomaticUpgrades
0440d936 218testsuccess aptget dist-upgrade -y
76b004d1
JAK
219testequalpolicycoolstuff "1.0" "1.0" 100 500 100 "" -o Test=ButAutomaticUpgrades
220testequalpolicycoolstuff "1.0" "1.0" 100 990 100 "" -o Test=ButAutomaticUpgrades -t stable
221testequalpolicycoolstuff "1.0" "2.0~bpo1" 990 500 990 "" -o Test=ButAutomaticUpgrades -t backports
5ed56f93 222
0440d936 223testsuccess aptget install coolstuff -t backports -y
76b004d1 224testequalpolicycoolstuff "2.0~bpo1" "2.0~bpo1" 100 500 100 "" -o Test=ButAutomaticUpgrades
0440d936 225testsuccess aptget dist-upgrade -y
76b004d1
JAK
226testequalpolicycoolstuff "2.0~bpo1" "2.0~bpo1" 100 500 100 "" -o Test=ButAutomaticUpgrades
227testequalpolicycoolstuff "2.0~bpo1" "2.0~bpo1" 100 990 100 "" -o Test=ButAutomaticUpgrades -t stable
228testequalpolicycoolstuff "2.0~bpo1" "2.0~bpo1" 990 500 990 "" -o Test=ButAutomaticUpgrades -t backports
5ed56f93
DK
229
230rm incoming/backports.main.pkglist incoming/backports.main.srclist
231buildsimplenativepackage "coolstuff" "all" "2.0~bpo2" "backports"
232setupaptarchive
233
234sed -i aptarchive/dists/backports/Release -e 1i"NotAutomatic: yes"
235signreleasefiles
451ea3d4 236aptgetupdate
5ed56f93 237
76b004d1
JAK
238testequalpolicycoolstuff "2.0~bpo1" "2.0~bpo1" 1 500 100 "" "2.0~bpo2" -o Test=NotAutomatic
239testequalpolicycoolstuff "2.0~bpo1" "2.0~bpo1" 1 990 100 "" "2.0~bpo2" -o Test=NotAutomatic -t stable
240testequalpolicycoolstuff "2.0~bpo1" "2.0~bpo2" 990 500 100 "" "2.0~bpo2" -o Test=NotAutomatic -t backports
5ed56f93
DK
241
242sed -i aptarchive/dists/backports/Release -e 1i"ButAutomaticUpgrades: yes"
243signreleasefiles
451ea3d4 244aptgetupdate
5ed56f93 245
76b004d1
JAK
246testequalpolicycoolstuff "2.0~bpo1" "2.0~bpo2" 100 500 100 "" "2.0~bpo2" -o Test=ButAutomaticUpgrades
247testequalpolicycoolstuff "2.0~bpo1" "2.0~bpo2" 100 990 100 "" "2.0~bpo2" -o Test=ButAutomaticUpgrades -t stable
248testequalpolicycoolstuff "2.0~bpo1" "2.0~bpo2" 990 500 100 "" "2.0~bpo2" -o Test=ButAutomaticUpgrades -t backports
e916a815
JAK
249
250
251tmppath=$(readlink -f .)
252
253# Check 16-bit integers
254echo "Package: coolstuff
255Pin: release n=backports
256Pin-Priority: 32767
257" > rootdir/etc/apt/preferences
258
259testsuccess aptget install -s coolstuff -o PinPriority=32767
260
261echo "Package: coolstuff
262Pin: release n=backports
263Pin-Priority: -32768
264" > rootdir/etc/apt/preferences
265testsuccess aptget install -s coolstuff -o PinPriority=-32768
266
267
268# Check for 32-bit integers
269echo "Package: coolstuff
270Pin: release n=backports
271Pin-Priority: 32768
272" > rootdir/etc/apt/preferences
273
274testfailureequal "Reading package lists...
275E: ${tmppath}/rootdir/etc/apt/preferences: Value 32768 is outside the range of valid pin priorities (-32768 to 32767)" \
276 aptget install -s coolstuff -o PinPriority=32768
277
278
279echo "Package: coolstuff
280Pin: release n=backports
281Pin-Priority: -32769
282" > rootdir/etc/apt/preferences
283
284testfailureequal "Reading package lists...
285E: ${tmppath}/rootdir/etc/apt/preferences: Value -32769 is outside the range of valid pin priorities (-32768 to 32767)" \
286 aptget install -s coolstuff -o PinPriority=-32769
287
288# Check for 64-bit integers
289
290echo "Package: coolstuff
291Pin: release n=backports
292Pin-Priority: 2147483648
293" > rootdir/etc/apt/preferences
294
295testfailureequal "Reading package lists...
296E: Cannot convert 2147483648 to integer - (34: Numerical result out of range)
297E: ${tmppath}/rootdir/etc/apt/preferences: Value 2147483648 is outside the range of valid pin priorities (-32768 to 32767)" \
298 aptget install -s coolstuff -o PinPriority=2147483648
299
300# Check for 0
301echo "Package: coolstuff
302Pin: release n=backports
303Pin-Priority: 0
304" > rootdir/etc/apt/preferences
305
306testfailureequal "Reading package lists...
307E: No priority (or zero) specified for pin" \
308 aptget install -s coolstuff -o PinPriority=0