[apt.git] / test / integration / test-apt-update-rollback

#!/bin/sh
#
# test that apt-get update is transactional
# 
set -e

avoid_ims_hit() {
    touch -d '+1hour' aptarchive/dists/unstable/main/binary-i386/Packages*
    touch -d '+1hour' aptarchive/dists/unstable/main/source/Sources*
    touch -d '+1hour' aptarchive/dists/unstable/*Release*

    touch -d '-1hour' rootdir/var/lib/apt/lists/*
}

create_fresh_archive()
{
    rm -rf aptarchive/*
    rm -f rootdir/var/lib/apt/lists/_* rootdir/var/lib/apt/lists/partial/*

    insertpackage 'unstable' 'old' 'all' '1.0'

    setupaptarchive
}

add_new_package() {
    insertpackage "unstable" "new" "all" "1.0"
    insertsource "unstable" "new" "all" "1.0"

    setupaptarchive --no-update

    avoid_ims_hit
}

break_repository_sources_index() {
    printf "xxx" > $APTARCHIVE/dists/unstable/main/source/Sources
    gzip -c $APTARCHIVE/dists/unstable/main/source/Sources > \
            $APTARCHIVE/dists/unstable/main/source/Sources.gz
    avoid_ims_hit
}

test_inrelease_to_new_inrelease() {
    msgmsg "Test InRelease to new InRelease works fine"
    create_fresh_archive
    testequal "old/unstable 1.0 all" apt list -q

    add_new_package

    testsuccess aptget update -o Debug::Acquire::Transaction=1

    testequal "new/unstable 1.0 all
old/unstable 1.0 all" apt list -q
}

test_inrelease_to_broken_hash_reverts_all() {
    msgmsg "Test InRelease to broken InRelease reverts everything"
    create_fresh_archive
    add_new_package
    # break the Sources file
    break_repository_sources_index

    # test the error condition
    testequal "W: Failed to fetch file:${APTARCHIVE}/dists/unstable/main/source/Sources  Hash Sum mismatch

E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq
    # ensure that the Packages file is also rolled back
    testequal "E: Unable to locate package new" aptget install new -s -qq
}

test_inreleae_to_valid_release() {
    msgmsg "Test InRelease to valid Release"
    create_fresh_archive
    add_new_package
    # switch to a unsinged repo now
    rm $APTARCHIVE/dists/unstable/InRelease
    rm $APTARCHIVE/dists/unstable/Release.gpg
    avoid_ims_hit

    # update fails
    testequal "E: The repository 'file: unstable Release.gpg' is no longer signed." aptget update -qq

    # test that we can install the new packages but do no longer have a sig
    testsuccess aptget install old -s
    testfailure aptget install new -s
    testsuccess ls $ROOTDIR/var/lib/apt/lists/*_InRelease
    testfailure ls $ROOTDIR/var/lib/apt/lists/*_Release
}

test_inreleae_to_release_reverts_all() {
    msgmsg "Test InRelease to broken Release reverts everything"
    create_fresh_archive

    # switch to a unsinged repo now
    add_new_package
    rm $APTARCHIVE/dists/unstable/InRelease
    rm $APTARCHIVE/dists/unstable/Release.gpg
    # break it
    break_repository_sources_index

    # ensure error
    testequal "E: The repository 'file: unstable Release.gpg' is no longer signed." aptget update -qq # -o Debug::acquire::transaction=1

    # ensure that the Packages file is also rolled back
    testsuccess aptget install old -s
    testfailure aptget install new -s
    testsuccess ls $ROOTDIR/var/lib/apt/lists/*_InRelease
    testfailure ls $ROOTDIR/var/lib/apt/lists/*_Release
}

test_unauthenticated_to_invalid_inrelease() {
    msgmsg "Test UnAuthenticated to invalid InRelease reverts everything"
    create_fresh_archive
    rm -rf rootdir/var/lib/apt/lists/*
    rm $APTARCHIVE/dists/unstable/InRelease
    rm $APTARCHIVE/dists/unstable/Release.gpg
    avoid_ims_hit
    
    testsuccess aptget update -qq
    testequal "WARNING: The following packages cannot be authenticated!
  old
E: There are problems and -y was used without --force-yes" aptget install -qq -y old
    
    # go to authenticated but not correct
    add_new_package
    break_repository_sources_index

    testequal "W: Failed to fetch file:$APTARCHIVE/dists/unstable/main/source/Sources  Hash Sum mismatch

E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq

    testfailure ls rootdir/var/lib/apt/lists/*_InRelease
    testequal "WARNING: The following packages cannot be authenticated!
  old
E: There are problems and -y was used without --force-yes" aptget install -qq -y old
}

test_inrelease_to_unauth_inrelease() {
    msgmsg "Test InRelease to InRelease without sig"
    create_fresh_archive
    signreleasefiles 'Marvin Paranoid'
    avoid_ims_hit
    
    testequal "W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: file: unstable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E8525D47528144E2

W: Failed to fetch file:$APTARCHIVE/dists/unstable/InRelease  

W: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq

    testsuccess ls rootdir/var/lib/apt/lists/*_InRelease
}

test_inrelease_to_broken_gzip() {
    msgmsg "Test InRelease to broken gzip"
    create_fresh_archive
    # append junk at the end of the gzip, this
    echo "lala" >> $APTARCHIVE/dists/unstable/main/source/Sources.gz
    # remove uncompressed file, otherwise apt will just fallback fetching
    # that
    rm $APTARCHIVE/dists/unstable/main/source/Sources
    avoid_ims_hit

    testfailure aptget update
}

TESTDIR=$(readlink -f $(dirname $0))
. $TESTDIR/framework

setupenvironment
configarchitecture "i386"

# setup the archive and ensure we have a single package that installs fine
setupaptarchive
APTARCHIVE=$(readlink -f ./aptarchive)
ROOTDIR=${TMPWORKINGDIRECTORY}/rootdir
APTARCHIVE_LISTS="$(echo $APTARCHIVE | tr "/" "_" )"

# test the following cases:
# - InRelease -> broken InRelease revert to previous state 
# - empty lists dir and broken remote leaves nothing on the system
# - InRelease -> hashsum mismatch for one file reverts all files to previous state
# - Release/Release.gpg -> hashsum mismatch
# - InRelease -> Release with hashsum mismatch revert entire state and kills Release
# - Release -> InRelease with broken Sig/Hash removes InRelease
# going from Release/Release.gpg -> InRelease and vice versa
# - unauthenticated -> invalid InRelease

# stuff to do:
# - ims-hit 
# - gzip-index tests

test_inrelease_to_new_inrelease
test_inrelease_to_broken_hash_reverts_all
test_inreleae_to_valid_release
test_inreleae_to_release_reverts_all
test_unauthenticated_to_invalid_inrelease
test_inrelease_to_unauth_inrelease
test_inrelease_to_broken_gzip
Commit	Line	Data
e05672e8 MV	1	#!/bin/sh
	2	#
	3	# test that apt-get update is transactional
	4	#
	5	set -e
	6
	7	avoid_ims_hit() {
	8	touch -d '+1hour' aptarchive/dists/unstable/main/binary-i386/Packages*
	9	touch -d '+1hour' aptarchive/dists/unstable/main/source/Sources*
	10	touch -d '+1hour' aptarchive/dists/unstable/Release
	11
	12	touch -d '-1hour' rootdir/var/lib/apt/lists/*
	13	}
	14
	15	create_fresh_archive()
	16	{
	17	rm -rf aptarchive/*
	18	rm -f rootdir/var/lib/apt/lists/_* rootdir/var/lib/apt/lists/partial/*
	19
	20	insertpackage 'unstable' 'old' 'all' '1.0'
	21
	22	setupaptarchive
	23	}
	24
	25	add_new_package() {
	26	insertpackage "unstable" "new" "all" "1.0"
	27	insertsource "unstable" "new" "all" "1.0"
	28
	29	setupaptarchive --no-update
	30
	31	avoid_ims_hit
	32	}
	33
	34	break_repository_sources_index() {
	35	printf "xxx" > $APTARCHIVE/dists/unstable/main/source/Sources
	36	gzip -c $APTARCHIVE/dists/unstable/main/source/Sources > \
	37	$APTARCHIVE/dists/unstable/main/source/Sources.gz
	38	avoid_ims_hit
	39	}
	40
	41	test_inrelease_to_new_inrelease() {
	42	msgmsg "Test InRelease to new InRelease works fine"
	43	create_fresh_archive
	44	testequal "old/unstable 1.0 all" apt list -q
	45
	46	add_new_package
80976dd5 MV	47
80976dd5 MV	48	testsuccess aptget update -o Debug::Acquire::Transaction=1
e05672e8 MV	49
	50	testequal "new/unstable 1.0 all
	51	old/unstable 1.0 all" apt list -q
	52	}
	53
	54	test_inrelease_to_broken_hash_reverts_all() {
	55	msgmsg "Test InRelease to broken InRelease reverts everything"
	56	create_fresh_archive
	57	add_new_package
	58	# break the Sources file
	59	break_repository_sources_index
	60
	61	# test the error condition
183160cb	62	testequal "W: Failed to fetch file:${APTARCHIVE}/dists/unstable/main/source/Sources Hash Sum mismatch
e05672e8 MV	63
	64	E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq
	65	# ensure that the Packages file is also rolled back
	66	testequal "E: Unable to locate package new" aptget install new -s -qq
	67	}
	68
	69	test_inreleae_to_valid_release() {
	70	msgmsg "Test InRelease to valid Release"
	71	create_fresh_archive
	72	add_new_package
	73	# switch to a unsinged repo now
	74	rm $APTARCHIVE/dists/unstable/InRelease
	75	rm $APTARCHIVE/dists/unstable/Release.gpg
	76	avoid_ims_hit
	77
bca84917 MV	78	# update fails
bca84917 MV	79	testequal "E: The repository 'file: unstable Release.gpg' is no longer signed." aptget update -qq
e05672e8 MV	80
	81	# test that we can install the new packages but do no longer have a sig
	82	testsuccess aptget install old -s
bca84917 MV	83	testfailure aptget install new -s
	84	testsuccess ls $ROOTDIR/var/lib/apt/lists/*_InRelease
	85	testfailure ls $ROOTDIR/var/lib/apt/lists/*_Release
e05672e8 MV	86	}
	87
	88	test_inreleae_to_release_reverts_all() {
	89	msgmsg "Test InRelease to broken Release reverts everything"
	90	create_fresh_archive
	91
	92	# switch to a unsinged repo now
	93	add_new_package
	94	rm $APTARCHIVE/dists/unstable/InRelease
	95	rm $APTARCHIVE/dists/unstable/Release.gpg
	96	# break it
	97	break_repository_sources_index
	98
	99	# ensure error
bca84917	100	testequal "E: The repository 'file: unstable Release.gpg' is no longer signed." aptget update -qq # -o Debug::acquire::transaction=1
e05672e8 MV	101
	102	# ensure that the Packages file is also rolled back
	103	testsuccess aptget install old -s
	104	testfailure aptget install new -s
	105	testsuccess ls $ROOTDIR/var/lib/apt/lists/*_InRelease
	106	testfailure ls $ROOTDIR/var/lib/apt/lists/*_Release
	107	}
	108
	109	test_unauthenticated_to_invalid_inrelease() {
	110	msgmsg "Test UnAuthenticated to invalid InRelease reverts everything"
	111	create_fresh_archive
bca84917	112	rm -rf rootdir/var/lib/apt/lists/*
e05672e8 MV	113	rm $APTARCHIVE/dists/unstable/InRelease
	114	rm $APTARCHIVE/dists/unstable/Release.gpg
	115	avoid_ims_hit
	116
	117	testsuccess aptget update -qq
	118	testequal "WARNING: The following packages cannot be authenticated!
	119	old
	120	E: There are problems and -y was used without --force-yes" aptget install -qq -y old
	121
	122	# go to authenticated but not correct
	123	add_new_package
	124	break_repository_sources_index
	125
183160cb	126	testequal "W: Failed to fetch file:$APTARCHIVE/dists/unstable/main/source/Sources Hash Sum mismatch
6d979490	127
e05672e8 MV	128	E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq
	129
	130	testfailure ls rootdir/var/lib/apt/lists/*_InRelease
	131	testequal "WARNING: The following packages cannot be authenticated!
	132	old
	133	E: There are problems and -y was used without --force-yes" aptget install -qq -y old
	134	}
	135
c5fced38 MV	136	test_inrelease_to_unauth_inrelease() {
	137	msgmsg "Test InRelease to InRelease without sig"
	138	create_fresh_archive
	139	signreleasefiles 'Marvin Paranoid'
	140	avoid_ims_hit
	141
21638c3a	142	testequal "W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: file: unstable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E8525D47528144E2
c5fced38	143
21638c3a	144	W: Failed to fetch file:$APTARCHIVE/dists/unstable/InRelease
c5fced38	145
21638c3a MV	146	W: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq
	147
	148	testsuccess ls rootdir/var/lib/apt/lists/*_InRelease
c5fced38 MV	149	}
c5fced38 MV	150
7abcfdde MV	151	test_inrelease_to_broken_gzip() {
	152	msgmsg "Test InRelease to broken gzip"
	153	create_fresh_archive
	154	# append junk at the end of the gzip, this
	155	echo "lala" >> $APTARCHIVE/dists/unstable/main/source/Sources.gz
	156	# remove uncompressed file, otherwise apt will just fallback fetching
	157	# that
	158	rm $APTARCHIVE/dists/unstable/main/source/Sources
	159	avoid_ims_hit
	160
	161	testfailure aptget update
	162	}
	163
e05672e8 MV	164	TESTDIR=$(readlink -f $(dirname $0))
	165	. $TESTDIR/framework
	166
	167	setupenvironment
	168	configarchitecture "i386"
	169
	170	# setup the archive and ensure we have a single package that installs fine
	171	setupaptarchive
	172	APTARCHIVE=$(readlink -f ./aptarchive)
	173	ROOTDIR=${TMPWORKINGDIRECTORY}/rootdir
	174	APTARCHIVE_LISTS="$(echo $APTARCHIVE \| tr "/" "_" )"
	175
	176	# test the following cases:
	177	# - InRelease -> broken InRelease revert to previous state
	178	# - empty lists dir and broken remote leaves nothing on the system
	179	# - InRelease -> hashsum mismatch for one file reverts all files to previous state
	180	# - Release/Release.gpg -> hashsum mismatch
	181	# - InRelease -> Release with hashsum mismatch revert entire state and kills Release
	182	# - Release -> InRelease with broken Sig/Hash removes InRelease
	183	# going from Release/Release.gpg -> InRelease and vice versa
	184	# - unauthenticated -> invalid InRelease
	185
67f2f9e2 MV	186	# stuff to do:
	187	# - ims-hit
	188	# - gzip-index tests
	189
e05672e8 MV	190	test_inrelease_to_new_inrelease
e05672e8 MV	191	test_inrelease_to_broken_hash_reverts_all
e05672e8 MV	192	test_inreleae_to_valid_release
e05672e8 MV	193	test_inreleae_to_release_reverts_all
6d979490	194	test_unauthenticated_to_invalid_inrelease
c5fced38	195	test_inrelease_to_unauth_inrelease
7abcfdde	196	test_inrelease_to_broken_gzip