]>
Commit | Line | Data |
---|---|---|
34747d46 DK |
1 | #!/bin/sh |
2 | set -e | |
3 | ||
4 | TESTDIR=$(readlink -f $(dirname $0)) | |
5 | . $TESTDIR/framework | |
6 | ||
7 | setupenvironment | |
8 | configarchitecture 'i386' | |
9 | ||
10 | insertpackage 'stable' 'good-pkg' 'all' '1.0' | |
11 | ||
12 | setupaptarchive | |
13 | ||
14 | changetowebserver | |
6c0765c0 | 15 | ARCHIVE="http://localhost:${APTHTTPPORT}" |
34747d46 | 16 | msgtest 'Initial apt-get update should work with' 'InRelease' |
0440d936 | 17 | testsuccess --nomsg aptget update |
34747d46 DK |
18 | |
19 | # check that the setup is correct | |
25b86db1 | 20 | testsuccessequal "good-pkg: |
34747d46 DK |
21 | Installed: (none) |
22 | Candidate: 1.0 | |
23 | Version table: | |
76b004d1 | 24 | 1.0 500 |
1dd20368 | 25 | 500 ${ARCHIVE} stable/main all Packages" aptcache policy good-pkg |
34747d46 DK |
26 | |
27 | # now exchange to the Packages file, note that this could be | |
28 | # done via MITM too | |
29 | insertpackage 'stable' 'bad-mitm' 'all' '1.0' | |
30 | ||
31 | # this builds compressed files and a new (unsigned) Release | |
32 | buildaptarchivefromfiles '+1hour' | |
33 | ||
34 | # add a space into the BEGIN PGP SIGNATURE PART/END PGP SIGNATURE part | |
35 | # to trick apt - this is still legal to gpg(v) | |
36 | sed -i '/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ s/^$/ /g' aptarchive/dists/stable/InRelease | |
37 | ||
38 | # we append the (evil unsigned) Release file to the (good signed) InRelease | |
39 | cat aptarchive/dists/stable/Release >> aptarchive/dists/stable/InRelease | |
e3c62328 | 40 | touch -d '+1hour' aptarchive/dists/stable/InRelease |
34747d46 | 41 | |
8d041b4f DK |
42 | # ensure the update doesn't load bad data as good data |
43 | # Note that we will pick up the InRelease itself as we download no other | |
44 | # indexes which would trigger a hashsum mismatch, but we ignore the 'bad' | |
45 | # part of the InRelease | |
46 | listcurrentlistsdirectory | sed '/_InRelease/ d' > listsdir.lst | |
47 | msgtest 'apt-get update should ignore unsigned data in the' 'InRelease' | |
6c0765c0 | 48 | testsuccessequal "Get:1 http://localhost:${APTHTTPPORT} stable InRelease [$(stat -c%s aptarchive/dists/stable/InRelease) B] |
8d041b4f DK |
49 | Reading package lists..." --nomsg aptget update |
50 | testfileequal './listsdir.lst' "$(listcurrentlistsdirectory | sed '/_InRelease/ d')" | |
34747d46 DK |
51 | |
52 | # ensure there is no package | |
25b86db1 | 53 | testfailureequal 'Reading package lists... |
34747d46 DK |
54 | Building dependency tree... |
55 | E: Unable to locate package bad-mitm' aptget install bad-mitm -s | |
56 | ||
57 | # and verify that its not picked up | |
87d6947d | 58 | testsuccessequal 'N: Unable to locate package bad-mitm' aptcache policy bad-mitm |
34747d46 DK |
59 | |
60 | # and that the right one is used | |
25b86db1 | 61 | testsuccessequal "good-pkg: |
34747d46 DK |
62 | Installed: (none) |
63 | Candidate: 1.0 | |
64 | Version table: | |
76b004d1 | 65 | 1.0 500 |
1dd20368 | 66 | 500 ${ARCHIVE} stable/main all Packages" aptcache policy good-pkg |