]>
Commit | Line | Data |
---|---|---|
ad000f6b MV |
1 | #!/bin/sh |
2 | ||
3 | set -e | |
4 | ||
5 | TESTDIR=$(readlink -f $(dirname $0)) | |
6 | . $TESTDIR/framework | |
7 | ||
8 | setupenvironment | |
9 | configarchitecture "i386" | |
10 | ||
11 | buildsimplenativepackage 'good-pkg' 'all' '1.0' 'stable' | |
12 | ||
13 | setupaptarchive | |
14 | ||
15 | # now exchange to the Packages file, note that this could be | |
16 | # done via MITM too | |
17 | cat > aptarchive/dists/stable/main/binary-i386/Packages <<EOF | |
18 | Package: bad-mitm | |
19 | Installed-Size: 108 | |
20 | Architecture: all | |
21 | Version: 0.5-3 | |
22 | Filename: pool/bad-mitm.deb | |
23 | Size: 14348 | |
24 | SHA256: e9b9a3859940c5882b35d56c0097667e552d87b662778c2c451fe6db657b0519 | |
25 | Description: Evil package | |
26 | EOF | |
27 | for pair in "gzip:gz" "bzip2:bz2" "lzma:lzma" "xz:xz"; do | |
28 | compressor=$(echo $pair|cut -f1 -d:) | |
29 | extension=$(echo $pair|cut -f2 -d:) | |
30 | $compressor -c aptarchive/dists/stable/main/binary-i386/Packages > aptarchive/dists/stable/main/binary-i386/Packages.$extension | |
31 | done | |
32 | ||
33 | # add a space into the BEGIN PGP SIGNATURE PART/END PGP SIGNATURE part | |
34 | # to trick apt - this is still legal to gpg(v) | |
35 | sed -i '/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ s/^$/ /g' aptarchive/dists/stable/InRelease | |
36 | ||
37 | # and append our own hashes for the modified Packages files | |
38 | cat >> aptarchive/dists/stable/InRelease <<EOF | |
39 | Origin: Ansgar | |
40 | Codename: evilevil | |
41 | Suite: stable | |
42 | Date: Sun, 03 Jun 2012 13:26:11 UTC | |
43 | Architectures: i386 | |
44 | Components: main | |
45 | SHA512: | |
46 | EOF | |
47 | for comp in "" ".gz" ".bz2" ".xz" ".lzma"; do | |
48 | # Packages | |
49 | s="$(sha512sum aptarchive/dists/stable/main/binary-i386/Packages$comp | cut -f1 -d' ') $(stat -c %s aptarchive/dists/stable/main/binary-i386/Packages$comp) main/binary-i386/Packages$comp" | |
50 | echo " $s" >> aptarchive/dists/stable/InRelease | |
51 | # Sources | |
52 | s="$(sha512sum aptarchive/dists/stable/main/source/Sources$comp | cut -f1 -d' ') $(stat -c %s aptarchive/dists/stable/main/source/Sources$comp) main/source/Sources$comp" | |
53 | echo " $s" >> aptarchive/dists/stable/InRelease | |
54 | done; | |
55 | ||
56 | # deliver this | |
57 | changetowebserver | |
58 | ||
59 | # ensure the update fails | |
60 | # useful for debugging to add "-o Debug::pkgAcquire::auth=true" | |
61 | if aptget update -qq; then | |
62 | msgfail "apt-get update should NOT work for MITM" | |
63 | exit 1 | |
64 | fi | |
65 | ||
66 | # ensure there is no package | |
67 | testequal 'Reading package lists... | |
68 | Building dependency tree... | |
69 | E: Unable to locate package bad-mitm' aptget install bad-mitm | |
70 | ||
71 | # and verify that its not picked up | |
72 | #testequal 'N: Unable to locate package bad-mitm' aptcache policy bad-mitm | |
73 | ||
74 | # and that the right one is used | |
75 | #testequal 'good-pkg: | |
76 | #+ Installed: (none) | |
77 | #+ Candidate: 1.0 | |
78 | #+ Version table: | |
79 | #+ 1.0 0 | |
80 | #+ 500 http://localhost/ stable/main i386 Packages' aptcache policy good-pkg |