]>
Commit | Line | Data |
---|---|---|
e05672e8 MV |
1 | #!/bin/sh |
2 | # | |
3 | # test that apt-get update is transactional | |
4 | # | |
5 | set -e | |
6 | ||
7 | avoid_ims_hit() { | |
8 | touch -d '+1hour' aptarchive/dists/unstable/main/binary-i386/Packages* | |
9 | touch -d '+1hour' aptarchive/dists/unstable/main/source/Sources* | |
10 | touch -d '+1hour' aptarchive/dists/unstable/*Release* | |
11 | ||
12 | touch -d '-1hour' rootdir/var/lib/apt/lists/* | |
13 | } | |
14 | ||
15 | create_fresh_archive() | |
16 | { | |
17 | rm -rf aptarchive/* | |
18 | rm -f rootdir/var/lib/apt/lists/_* rootdir/var/lib/apt/lists/partial/* | |
19 | ||
20 | insertpackage 'unstable' 'old' 'all' '1.0' | |
21 | ||
4dbfe436 | 22 | setupaptarchive --no-update |
e05672e8 MV |
23 | } |
24 | ||
25 | add_new_package() { | |
26 | insertpackage "unstable" "new" "all" "1.0" | |
27 | insertsource "unstable" "new" "all" "1.0" | |
28 | ||
4dbfe436 | 29 | setupaptarchive --no-update "$@" |
e05672e8 MV |
30 | } |
31 | ||
32 | break_repository_sources_index() { | |
4dbfe436 DK |
33 | printf 'xxx' > $APTARCHIVE/dists/unstable/main/source/Sources |
34 | compressfile "$APTARCHIVE/dists/unstable/main/source/Sources" "$@" | |
e05672e8 MV |
35 | } |
36 | ||
4dbfe436 | 37 | start_with_good_inrelease() { |
e05672e8 | 38 | create_fresh_archive |
4dbfe436 | 39 | testsuccess aptget update |
846bc058 | 40 | listcurrentlistsdirectory > lists.before |
25b86db1 | 41 | testsuccessequal "old/unstable 1.0 all" apt list -q |
4dbfe436 | 42 | } |
e05672e8 | 43 | |
4dbfe436 DK |
44 | test_inrelease_to_new_inrelease() { |
45 | msgmsg 'Test InRelease to new InRelease works fine' | |
46 | start_with_good_inrelease | |
80976dd5 | 47 | |
4dbfe436 | 48 | add_new_package '+1hour' |
80976dd5 | 49 | testsuccess aptget update -o Debug::Acquire::Transaction=1 |
25b86db1 | 50 | testsuccessequal "new/unstable 1.0 all |
e05672e8 MV |
51 | old/unstable 1.0 all" apt list -q |
52 | } | |
53 | ||
54 | test_inrelease_to_broken_hash_reverts_all() { | |
4dbfe436 DK |
55 | msgmsg 'Test InRelease to broken InRelease reverts everything' |
56 | start_with_good_inrelease | |
57 | ||
58 | add_new_package '+1hour' | |
e05672e8 | 59 | # break the Sources file |
4dbfe436 | 60 | break_repository_sources_index '+1hour' |
e05672e8 MV |
61 | |
62 | # test the error condition | |
58702f85 | 63 | testfailureequal "W: Failed to fetch file:${APTARCHIVE}/dists/unstable/main/source/Sources.gz Hash Sum mismatch |
e05672e8 MV |
64 | |
65 | E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq | |
66 | # ensure that the Packages file is also rolled back | |
846bc058 | 67 | testfileequal lists.before "$(listcurrentlistsdirectory)" |
25b86db1 | 68 | testfailureequal "E: Unable to locate package new" aptget install new -s -qq |
e05672e8 MV |
69 | } |
70 | ||
4dbfe436 DK |
71 | test_inrelease_to_valid_release() { |
72 | msgmsg 'Test InRelease to valid Release' | |
73 | start_with_good_inrelease | |
74 | ||
75 | add_new_package '+1hour' | |
76 | # switch to a unsigned repo now | |
e05672e8 MV |
77 | rm $APTARCHIVE/dists/unstable/InRelease |
78 | rm $APTARCHIVE/dists/unstable/Release.gpg | |
e05672e8 | 79 | |
bca84917 | 80 | # update fails |
1da3b7b8 | 81 | testfailureequal "E: The repository 'file:${APTARCHIVE} unstable Release' is no longer signed." aptget update -qq |
e05672e8 | 82 | |
846bc058 DK |
83 | # test that security downgrade was not successful |
84 | testfileequal lists.before "$(listcurrentlistsdirectory)" | |
e05672e8 | 85 | testsuccess aptget install old -s |
bca84917 MV |
86 | testfailure aptget install new -s |
87 | testsuccess ls $ROOTDIR/var/lib/apt/lists/*_InRelease | |
88 | testfailure ls $ROOTDIR/var/lib/apt/lists/*_Release | |
e05672e8 MV |
89 | } |
90 | ||
4dbfe436 DK |
91 | test_inrelease_to_release_reverts_all() { |
92 | msgmsg 'Test InRelease to broken Release reverts everything' | |
93 | start_with_good_inrelease | |
e05672e8 | 94 | |
4dbfe436 DK |
95 | # switch to a unsigned repo now |
96 | add_new_package '+1hour' | |
e05672e8 MV |
97 | rm $APTARCHIVE/dists/unstable/InRelease |
98 | rm $APTARCHIVE/dists/unstable/Release.gpg | |
4dbfe436 | 99 | |
e05672e8 | 100 | # break it |
4dbfe436 | 101 | break_repository_sources_index '+1hour' |
e05672e8 MV |
102 | |
103 | # ensure error | |
1da3b7b8 | 104 | testfailureequal "E: The repository 'file:${APTARCHIVE} unstable Release' is no longer signed." aptget update -qq # -o Debug::acquire::transaction=1 |
e05672e8 MV |
105 | |
106 | # ensure that the Packages file is also rolled back | |
846bc058 | 107 | testfileequal lists.before "$(listcurrentlistsdirectory)" |
e05672e8 MV |
108 | testsuccess aptget install old -s |
109 | testfailure aptget install new -s | |
110 | testsuccess ls $ROOTDIR/var/lib/apt/lists/*_InRelease | |
111 | testfailure ls $ROOTDIR/var/lib/apt/lists/*_Release | |
112 | } | |
113 | ||
114 | test_unauthenticated_to_invalid_inrelease() { | |
4dbfe436 | 115 | msgmsg 'Test UnAuthenticated to invalid InRelease reverts everything' |
e05672e8 MV |
116 | create_fresh_archive |
117 | rm $APTARCHIVE/dists/unstable/InRelease | |
118 | rm $APTARCHIVE/dists/unstable/Release.gpg | |
4dbfe436 | 119 | |
4fa34122 | 120 | testwarning aptget update --allow-insecure-repositories |
846bc058 | 121 | listcurrentlistsdirectory > lists.before |
25b86db1 | 122 | testfailureequal "WARNING: The following packages cannot be authenticated! |
e05672e8 MV |
123 | old |
124 | E: There are problems and -y was used without --force-yes" aptget install -qq -y old | |
4dbfe436 | 125 | |
e05672e8 | 126 | # go to authenticated but not correct |
4dbfe436 DK |
127 | add_new_package '+1hour' |
128 | break_repository_sources_index '+1hour' | |
e05672e8 | 129 | |
58702f85 | 130 | testfailureequal "W: Failed to fetch file:$APTARCHIVE/dists/unstable/main/source/Sources.gz Hash Sum mismatch |
6d979490 | 131 | |
e05672e8 MV |
132 | E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq |
133 | ||
846bc058 | 134 | testfileequal lists.before "$(listcurrentlistsdirectory)" |
e05672e8 | 135 | testfailure ls rootdir/var/lib/apt/lists/*_InRelease |
25b86db1 | 136 | testfailureequal "WARNING: The following packages cannot be authenticated! |
e05672e8 MV |
137 | old |
138 | E: There are problems and -y was used without --force-yes" aptget install -qq -y old | |
139 | } | |
140 | ||
c5fced38 | 141 | test_inrelease_to_unauth_inrelease() { |
4dbfe436 DK |
142 | msgmsg 'Test InRelease to InRelease without good sig' |
143 | start_with_good_inrelease | |
144 | ||
9d653a6d | 145 | signreleasefiles 'Marvin Paranoid' |
4dbfe436 | 146 | |
1da3b7b8 | 147 | testwarningequal "W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: file:${APTARCHIVE} unstable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E8525D47528144E2 |
c5fced38 | 148 | |
4dbfe436 | 149 | W: Failed to fetch file:$APTARCHIVE/dists/unstable/InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E8525D47528144E2 |
c5fced38 | 150 | |
21638c3a MV |
151 | W: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq |
152 | ||
846bc058 | 153 | testfileequal lists.before "$(listcurrentlistsdirectory)" |
21638c3a | 154 | testsuccess ls rootdir/var/lib/apt/lists/*_InRelease |
c5fced38 MV |
155 | } |
156 | ||
7abcfdde MV |
157 | test_inrelease_to_broken_gzip() { |
158 | msgmsg "Test InRelease to broken gzip" | |
4dbfe436 DK |
159 | start_with_good_inrelease |
160 | ||
8d041b4f DK |
161 | break_repository_sources_index '+1hour' |
162 | generatereleasefiles '+2hours' | |
163 | signreleasefiles | |
164 | ||
4dbfe436 | 165 | # append junk at the end of the compressed file |
7abcfdde | 166 | echo "lala" >> $APTARCHIVE/dists/unstable/main/source/Sources.gz |
4dbfe436 DK |
167 | touch -d '+2min' $APTARCHIVE/dists/unstable/main/source/Sources.gz |
168 | # remove uncompressed file to avoid fallback | |
7abcfdde | 169 | rm $APTARCHIVE/dists/unstable/main/source/Sources |
7abcfdde MV |
170 | |
171 | testfailure aptget update | |
8d041b4f | 172 | testsuccess grep 'Hash Sum mismatch' rootdir/tmp/testfailure.output |
846bc058 | 173 | testfileequal lists.before "$(listcurrentlistsdirectory)" |
7abcfdde MV |
174 | } |
175 | ||
e05672e8 MV |
176 | TESTDIR=$(readlink -f $(dirname $0)) |
177 | . $TESTDIR/framework | |
178 | ||
179 | setupenvironment | |
180 | configarchitecture "i386" | |
181 | ||
182 | # setup the archive and ensure we have a single package that installs fine | |
183 | setupaptarchive | |
184 | APTARCHIVE=$(readlink -f ./aptarchive) | |
185 | ROOTDIR=${TMPWORKINGDIRECTORY}/rootdir | |
186 | APTARCHIVE_LISTS="$(echo $APTARCHIVE | tr "/" "_" )" | |
187 | ||
188 | # test the following cases: | |
4dbfe436 | 189 | # - InRelease -> broken InRelease revert to previous state |
e05672e8 MV |
190 | # - empty lists dir and broken remote leaves nothing on the system |
191 | # - InRelease -> hashsum mismatch for one file reverts all files to previous state | |
192 | # - Release/Release.gpg -> hashsum mismatch | |
193 | # - InRelease -> Release with hashsum mismatch revert entire state and kills Release | |
194 | # - Release -> InRelease with broken Sig/Hash removes InRelease | |
195 | # going from Release/Release.gpg -> InRelease and vice versa | |
196 | # - unauthenticated -> invalid InRelease | |
197 | ||
67f2f9e2 | 198 | # stuff to do: |
4dbfe436 | 199 | # - ims-hit |
67f2f9e2 MV |
200 | # - gzip-index tests |
201 | ||
e05672e8 MV |
202 | test_inrelease_to_new_inrelease |
203 | test_inrelease_to_broken_hash_reverts_all | |
4dbfe436 DK |
204 | test_inrelease_to_valid_release |
205 | test_inrelease_to_release_reverts_all | |
6d979490 | 206 | test_unauthenticated_to_invalid_inrelease |
c5fced38 | 207 | test_inrelease_to_unauth_inrelease |
7abcfdde | 208 | test_inrelease_to_broken_gzip |