]> git.saurik.com Git - apt.git/blame - test/integration/test-releasefile-date-older
generalize secure->insecure downgrade protection
[apt.git] / test / integration / test-releasefile-date-older
CommitLineData
6bf93605
DK
1#!/bin/sh
2set -e
3
3abb6a6a
DK
4TESTDIR="$(readlink -f "$(dirname "$0")")"
5. "$TESTDIR/framework"
6bf93605
DK
6setupenvironment
7configarchitecture 'i386'
8
9insertpackage 'wheezy' 'apt' 'all' '0.8.15'
10
11setupaptarchive --no-update
12
13# we don't complain as the server could have just sent a 'Hit' here and this
14# 'downgrade attack' is usually performed by out-of-sync mirrors. Valid-Until
15# catches the 'real' downgrade attacks (expect that it finds stale mirrors).
16# Scaring users with an error here serves hence no point.
17
18msgmsg 'InRelease file is silently rejected if' 'new Date is before old Date'
19rm -rf rootdir/var/lib/apt/lists
20generatereleasefiles 'now' 'now + 7 days'
21signreleasefiles
22testsuccess aptget update
23listcurrentlistsdirectory > listsdir.lst
24redatereleasefiles 'now - 2 days'
25testsuccess aptget update
26testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
27
28msgmsg 'Release.gpg file is silently rejected if' 'new Date is before old Date'
761a5ad2 29export APT_DONT_SIGN='InRelease'
6bf93605
DK
30rm -rf rootdir/var/lib/apt/lists
31generatereleasefiles 'now' 'now + 7 days'
32signreleasefiles
6bf93605
DK
33testsuccess aptget update
34listcurrentlistsdirectory > listsdir.lst
35redatereleasefiles 'now - 2 days'
6bf93605
DK
36testsuccess aptget update
37testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
761a5ad2 38unset APT_DONT_SIGN
6bf93605
DK
39
40msgmsg 'Crisscross InRelease/Release.gpg file is silently rejected if' 'new Date is before old Date'
761a5ad2 41export APT_DONT_SIGN='Release.gpg'
6bf93605
DK
42rm -rf rootdir/var/lib/apt/lists
43generatereleasefiles 'now' 'now + 7 days'
44signreleasefiles
6bf93605 45testsuccess aptget update
761a5ad2 46export APT_DONT_SIGN='InRelease'
6bf93605
DK
47listcurrentlistsdirectory > listsdir.lst
48redatereleasefiles 'now - 2 days'
6bf93605
DK
49testsuccess aptget update
50testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
761a5ad2 51unset APT_DONT_SIGN
6bf93605
DK
52
53msgmsg 'Crisscross Release.gpg/InRelease file is silently rejected if' 'new Date is before old Date'
761a5ad2 54export APT_DONT_SIGN='InRelease'
6bf93605
DK
55rm -rf rootdir/var/lib/apt/lists
56generatereleasefiles 'now' 'now + 7 days'
57signreleasefiles
58find aptarchive -name 'InRelease' -delete
59testsuccess aptget update
761a5ad2 60export APT_DONT_SIGN='Release.gpg'
6bf93605
DK
61listcurrentlistsdirectory > listsdir.lst
62redatereleasefiles 'now - 2 days'
6bf93605
DK
63testsuccess aptget update
64testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
761a5ad2 65unset APT_DONT_SIGN
6fc2e030
DK
66
67msgmsg 'Release file has' 'no Date and no Valid-Until field'
68rm -rf rootdir/var/lib/apt/lists
69generatereleasefiles 'now'
70sed -i '/^Date: / d' $(find ./aptarchive -name 'Release')
71signreleasefiles
72testwarning aptget update
73listcurrentlistsdirectory > listsdir.lst
74# have no effect as Date is unknown
75testwarning aptget update -o Acquire::Min-ValidTime=$((3600*24*30))
76testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
77testwarning aptget update -o Acquire::Max-ValidTime=1
78testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
79sed -i '/^Codename: / a\
80Another-Field: yes' $(find aptarchive/ -name 'Release')
81touch -d 'now + 1 day' $(find aptarchive/ -name 'Release')
82signreleasefiles "${2:-Joe Sixpack}"
83testwarning aptget update
84testsuccess cmp $(find aptarchive/ -name 'InRelease') $(find rootdir/var/lib/apt/ -name '*_InRelease')
85
86msgmsg 'Release file has' 'no Date field, but Valid-Until expired'
87rm -rf rootdir/var/lib/apt/lists
88generatereleasefiles 'now' 'now - 2 days'
89sed -i '/^Date: / d' $(find ./aptarchive -name 'Release')
90signreleasefiles
91testfailure aptget update
92listcurrentlistsdirectory > listsdir.lst
93# have no effect as Date is unknown
94testfailure aptget update -o Acquire::Min-ValidTime=$((3600*24*30))
95testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
96testfailure aptget update -o Acquire::Max-ValidTime=1
97testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
98
99msgmsg 'Release file has' 'no Date field, but Valid-Until is good'
100rm -rf rootdir/var/lib/apt/lists
101generatereleasefiles 'now' 'now + 2 days'
102sed -i '/^Date: / d' $(find ./aptarchive -name 'Release')
103signreleasefiles
104testwarning aptget update