]> git.saurik.com Git - apt.git/blame - test/integration/test-inrelease-verification-fail
add testcase and update changelog
[apt.git] / test / integration / test-inrelease-verification-fail
CommitLineData
ad000f6b
MV
1#!/bin/sh
2
3set -e
4
5TESTDIR=$(readlink -f $(dirname $0))
6. $TESTDIR/framework
7
8setupenvironment
9configarchitecture "i386"
10
11buildsimplenativepackage 'good-pkg' 'all' '1.0' 'stable'
12
13setupaptarchive
14
15# now exchange to the Packages file, note that this could be
16# done via MITM too
17cat > aptarchive/dists/stable/main/binary-i386/Packages <<EOF
18Package: bad-mitm
19Installed-Size: 108
20Architecture: all
21Version: 0.5-3
22Filename: pool/bad-mitm.deb
23Size: 14348
24SHA256: e9b9a3859940c5882b35d56c0097667e552d87b662778c2c451fe6db657b0519
25Description: Evil package
26EOF
27for pair in "gzip:gz" "bzip2:bz2" "lzma:lzma" "xz:xz"; do
28 compressor=$(echo $pair|cut -f1 -d:)
29 extension=$(echo $pair|cut -f2 -d:)
30 $compressor -c aptarchive/dists/stable/main/binary-i386/Packages > aptarchive/dists/stable/main/binary-i386/Packages.$extension
31done
32
33# add a space into the BEGIN PGP SIGNATURE PART/END PGP SIGNATURE part
34# to trick apt - this is still legal to gpg(v)
35sed -i '/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ s/^$/ /g' aptarchive/dists/stable/InRelease
36
37# and append our own hashes for the modified Packages files
38cat >> aptarchive/dists/stable/InRelease <<EOF
39Origin: Ansgar
40Codename: evilevil
41Suite: stable
42Date: Sun, 03 Jun 2012 13:26:11 UTC
43Architectures: i386
44Components: main
45SHA512:
46EOF
47for comp in "" ".gz" ".bz2" ".xz" ".lzma"; do
48 # Packages
49 s="$(sha512sum aptarchive/dists/stable/main/binary-i386/Packages$comp | cut -f1 -d' ') $(stat -c %s aptarchive/dists/stable/main/binary-i386/Packages$comp) main/binary-i386/Packages$comp"
50 echo " $s" >> aptarchive/dists/stable/InRelease
51 # Sources
52 s="$(sha512sum aptarchive/dists/stable/main/source/Sources$comp | cut -f1 -d' ') $(stat -c %s aptarchive/dists/stable/main/source/Sources$comp) main/source/Sources$comp"
53 echo " $s" >> aptarchive/dists/stable/InRelease
54done;
55
56# deliver this
57changetowebserver
58
59# ensure the update fails
60# useful for debugging to add "-o Debug::pkgAcquire::auth=true"
61if aptget update -qq; then
62 msgfail "apt-get update should NOT work for MITM"
63 exit 1
64fi
65
66# ensure there is no package
67testequal 'Reading package lists...
68Building dependency tree...
69E: Unable to locate package bad-mitm' aptget install bad-mitm
70
71# and verify that its not picked up
72#testequal 'N: Unable to locate package bad-mitm' aptcache policy bad-mitm
73
74# and that the right one is used
75#testequal 'good-pkg:
76#+ Installed: (none)
77#+ Candidate: 1.0
78#+ Version table:
79#+ 1.0 0
80#+ 500 http://localhost/ stable/main i386 Packages' aptcache policy good-pkg