]>
Commit | Line | Data |
---|---|---|
e05672e8 MV |
1 | #!/bin/sh |
2 | # | |
3 | # test that apt-get update is transactional | |
4 | # | |
5 | set -e | |
6 | ||
7 | avoid_ims_hit() { | |
8 | touch -d '+1hour' aptarchive/dists/unstable/main/binary-i386/Packages* | |
9 | touch -d '+1hour' aptarchive/dists/unstable/main/source/Sources* | |
10 | touch -d '+1hour' aptarchive/dists/unstable/*Release* | |
11 | ||
12 | touch -d '-1hour' rootdir/var/lib/apt/lists/* | |
13 | } | |
14 | ||
15 | create_fresh_archive() | |
16 | { | |
17 | rm -rf aptarchive/* | |
18 | rm -f rootdir/var/lib/apt/lists/_* rootdir/var/lib/apt/lists/partial/* | |
19 | ||
20 | insertpackage 'unstable' 'old' 'all' '1.0' | |
21 | ||
4dbfe436 | 22 | setupaptarchive --no-update |
e05672e8 MV |
23 | } |
24 | ||
25 | add_new_package() { | |
26 | insertpackage "unstable" "new" "all" "1.0" | |
27 | insertsource "unstable" "new" "all" "1.0" | |
28 | ||
4dbfe436 | 29 | setupaptarchive --no-update "$@" |
e05672e8 MV |
30 | } |
31 | ||
32 | break_repository_sources_index() { | |
4dbfe436 DK |
33 | printf 'xxx' > $APTARCHIVE/dists/unstable/main/source/Sources |
34 | compressfile "$APTARCHIVE/dists/unstable/main/source/Sources" "$@" | |
e05672e8 MV |
35 | } |
36 | ||
4dbfe436 | 37 | start_with_good_inrelease() { |
e05672e8 | 38 | create_fresh_archive |
4dbfe436 | 39 | testsuccess aptget update |
846bc058 | 40 | listcurrentlistsdirectory > lists.before |
25b86db1 | 41 | testsuccessequal "old/unstable 1.0 all" apt list -q |
4dbfe436 | 42 | } |
e05672e8 | 43 | |
4dbfe436 DK |
44 | test_inrelease_to_new_inrelease() { |
45 | msgmsg 'Test InRelease to new InRelease works fine' | |
46 | start_with_good_inrelease | |
80976dd5 | 47 | |
4dbfe436 | 48 | add_new_package '+1hour' |
80976dd5 | 49 | testsuccess aptget update -o Debug::Acquire::Transaction=1 |
25b86db1 | 50 | testsuccessequal "new/unstable 1.0 all |
e05672e8 MV |
51 | old/unstable 1.0 all" apt list -q |
52 | } | |
53 | ||
54 | test_inrelease_to_broken_hash_reverts_all() { | |
4dbfe436 DK |
55 | msgmsg 'Test InRelease to broken InRelease reverts everything' |
56 | start_with_good_inrelease | |
57 | ||
58 | add_new_package '+1hour' | |
e05672e8 | 59 | # break the Sources file |
4dbfe436 | 60 | break_repository_sources_index '+1hour' |
e05672e8 MV |
61 | |
62 | # test the error condition | |
58702f85 | 63 | testfailureequal "W: Failed to fetch file:${APTARCHIVE}/dists/unstable/main/source/Sources.gz Hash Sum mismatch |
e05672e8 MV |
64 | E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq |
65 | # ensure that the Packages file is also rolled back | |
846bc058 | 66 | testfileequal lists.before "$(listcurrentlistsdirectory)" |
25b86db1 | 67 | testfailureequal "E: Unable to locate package new" aptget install new -s -qq |
e05672e8 MV |
68 | } |
69 | ||
4dbfe436 DK |
70 | test_inrelease_to_valid_release() { |
71 | msgmsg 'Test InRelease to valid Release' | |
72 | start_with_good_inrelease | |
73 | ||
74 | add_new_package '+1hour' | |
75 | # switch to a unsigned repo now | |
e05672e8 MV |
76 | rm $APTARCHIVE/dists/unstable/InRelease |
77 | rm $APTARCHIVE/dists/unstable/Release.gpg | |
e05672e8 | 78 | |
bca84917 | 79 | # update fails |
1da3b7b8 | 80 | testfailureequal "E: The repository 'file:${APTARCHIVE} unstable Release' is no longer signed." aptget update -qq |
e05672e8 | 81 | |
846bc058 DK |
82 | # test that security downgrade was not successful |
83 | testfileequal lists.before "$(listcurrentlistsdirectory)" | |
e05672e8 | 84 | testsuccess aptget install old -s |
bca84917 MV |
85 | testfailure aptget install new -s |
86 | testsuccess ls $ROOTDIR/var/lib/apt/lists/*_InRelease | |
87 | testfailure ls $ROOTDIR/var/lib/apt/lists/*_Release | |
e05672e8 MV |
88 | } |
89 | ||
4dbfe436 DK |
90 | test_inrelease_to_release_reverts_all() { |
91 | msgmsg 'Test InRelease to broken Release reverts everything' | |
92 | start_with_good_inrelease | |
e05672e8 | 93 | |
4dbfe436 DK |
94 | # switch to a unsigned repo now |
95 | add_new_package '+1hour' | |
e05672e8 MV |
96 | rm $APTARCHIVE/dists/unstable/InRelease |
97 | rm $APTARCHIVE/dists/unstable/Release.gpg | |
4dbfe436 | 98 | |
e05672e8 | 99 | # break it |
4dbfe436 | 100 | break_repository_sources_index '+1hour' |
e05672e8 MV |
101 | |
102 | # ensure error | |
1da3b7b8 | 103 | testfailureequal "E: The repository 'file:${APTARCHIVE} unstable Release' is no longer signed." aptget update -qq # -o Debug::acquire::transaction=1 |
e05672e8 MV |
104 | |
105 | # ensure that the Packages file is also rolled back | |
846bc058 | 106 | testfileequal lists.before "$(listcurrentlistsdirectory)" |
e05672e8 MV |
107 | testsuccess aptget install old -s |
108 | testfailure aptget install new -s | |
109 | testsuccess ls $ROOTDIR/var/lib/apt/lists/*_InRelease | |
110 | testfailure ls $ROOTDIR/var/lib/apt/lists/*_Release | |
111 | } | |
112 | ||
113 | test_unauthenticated_to_invalid_inrelease() { | |
4dbfe436 | 114 | msgmsg 'Test UnAuthenticated to invalid InRelease reverts everything' |
e05672e8 MV |
115 | create_fresh_archive |
116 | rm $APTARCHIVE/dists/unstable/InRelease | |
117 | rm $APTARCHIVE/dists/unstable/Release.gpg | |
4dbfe436 | 118 | |
4fa34122 | 119 | testwarning aptget update --allow-insecure-repositories |
846bc058 | 120 | listcurrentlistsdirectory > lists.before |
25b86db1 | 121 | testfailureequal "WARNING: The following packages cannot be authenticated! |
e05672e8 | 122 | old |
b381a482 | 123 | E: There were unauthenticated packages and -y was used without --allow-unauthenticated" aptget install -qq -y old |
4dbfe436 | 124 | |
e05672e8 | 125 | # go to authenticated but not correct |
4dbfe436 DK |
126 | add_new_package '+1hour' |
127 | break_repository_sources_index '+1hour' | |
e05672e8 | 128 | |
58702f85 | 129 | testfailureequal "W: Failed to fetch file:$APTARCHIVE/dists/unstable/main/source/Sources.gz Hash Sum mismatch |
e05672e8 MV |
130 | E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq |
131 | ||
846bc058 | 132 | testfileequal lists.before "$(listcurrentlistsdirectory)" |
e05672e8 | 133 | testfailure ls rootdir/var/lib/apt/lists/*_InRelease |
25b86db1 | 134 | testfailureequal "WARNING: The following packages cannot be authenticated! |
e05672e8 | 135 | old |
b381a482 | 136 | E: There were unauthenticated packages and -y was used without --allow-unauthenticated" aptget install -qq -y old |
e05672e8 MV |
137 | } |
138 | ||
c5fced38 | 139 | test_inrelease_to_unauth_inrelease() { |
4dbfe436 DK |
140 | msgmsg 'Test InRelease to InRelease without good sig' |
141 | start_with_good_inrelease | |
142 | ||
9d653a6d | 143 | signreleasefiles 'Marvin Paranoid' |
4dbfe436 | 144 | |
1da3b7b8 | 145 | testwarningequal "W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: file:${APTARCHIVE} unstable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E8525D47528144E2 |
4dbfe436 | 146 | W: Failed to fetch file:$APTARCHIVE/dists/unstable/InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E8525D47528144E2 |
21638c3a MV |
147 | W: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq |
148 | ||
846bc058 | 149 | testfileequal lists.before "$(listcurrentlistsdirectory)" |
21638c3a | 150 | testsuccess ls rootdir/var/lib/apt/lists/*_InRelease |
c5fced38 MV |
151 | } |
152 | ||
7abcfdde MV |
153 | test_inrelease_to_broken_gzip() { |
154 | msgmsg "Test InRelease to broken gzip" | |
4dbfe436 DK |
155 | start_with_good_inrelease |
156 | ||
8d041b4f DK |
157 | break_repository_sources_index '+1hour' |
158 | generatereleasefiles '+2hours' | |
159 | signreleasefiles | |
160 | ||
4dbfe436 | 161 | # append junk at the end of the compressed file |
7abcfdde | 162 | echo "lala" >> $APTARCHIVE/dists/unstable/main/source/Sources.gz |
4dbfe436 DK |
163 | touch -d '+2min' $APTARCHIVE/dists/unstable/main/source/Sources.gz |
164 | # remove uncompressed file to avoid fallback | |
7abcfdde | 165 | rm $APTARCHIVE/dists/unstable/main/source/Sources |
7abcfdde MV |
166 | |
167 | testfailure aptget update | |
8d041b4f | 168 | testsuccess grep 'Hash Sum mismatch' rootdir/tmp/testfailure.output |
846bc058 | 169 | testfileequal lists.before "$(listcurrentlistsdirectory)" |
7abcfdde MV |
170 | } |
171 | ||
e05672e8 MV |
172 | TESTDIR=$(readlink -f $(dirname $0)) |
173 | . $TESTDIR/framework | |
174 | ||
175 | setupenvironment | |
176 | configarchitecture "i386" | |
177 | ||
178 | # setup the archive and ensure we have a single package that installs fine | |
179 | setupaptarchive | |
180 | APTARCHIVE=$(readlink -f ./aptarchive) | |
181 | ROOTDIR=${TMPWORKINGDIRECTORY}/rootdir | |
182 | APTARCHIVE_LISTS="$(echo $APTARCHIVE | tr "/" "_" )" | |
183 | ||
184 | # test the following cases: | |
4dbfe436 | 185 | # - InRelease -> broken InRelease revert to previous state |
e05672e8 MV |
186 | # - empty lists dir and broken remote leaves nothing on the system |
187 | # - InRelease -> hashsum mismatch for one file reverts all files to previous state | |
188 | # - Release/Release.gpg -> hashsum mismatch | |
189 | # - InRelease -> Release with hashsum mismatch revert entire state and kills Release | |
190 | # - Release -> InRelease with broken Sig/Hash removes InRelease | |
191 | # going from Release/Release.gpg -> InRelease and vice versa | |
192 | # - unauthenticated -> invalid InRelease | |
193 | ||
67f2f9e2 | 194 | # stuff to do: |
4dbfe436 | 195 | # - ims-hit |
67f2f9e2 MV |
196 | # - gzip-index tests |
197 | ||
e05672e8 MV |
198 | test_inrelease_to_new_inrelease |
199 | test_inrelease_to_broken_hash_reverts_all | |
4dbfe436 DK |
200 | test_inrelease_to_valid_release |
201 | test_inrelease_to_release_reverts_all | |
6d979490 | 202 | test_unauthenticated_to_invalid_inrelease |
c5fced38 | 203 | test_inrelease_to_unauth_inrelease |
7abcfdde | 204 | test_inrelease_to_broken_gzip |