]> git.saurik.com Git - apt.git/blame - test/integration/test-ubuntu-bug-1098738-apt-get-source-md5sum
enforce verify of filesize in 'apt-get source'
[apt.git] / test / integration / test-ubuntu-bug-1098738-apt-get-source-md5sum
CommitLineData
1262d358
DK
1#!/bin/sh
2set -e
3
3abb6a6a
DK
4TESTDIR="$(readlink -f "$(dirname "$0")")"
5. "$TESTDIR/framework"
1262d358
DK
6
7setupenvironment
8configarchitecture 'native'
9
10cat > aptarchive/Sources <<EOF
11Package: pkg-md5-ok
12Binary: pkg-md5-ok
13Version: 1.0
14Maintainer: Joe Sixpack <joe@example.org>
15Architecture: all
16Files:
895417ef
DK
17 9604ba9427a280db542279d9ed78400b 3 pkg-md5-ok_1.0.dsc
18 db5570bf61464b46e2bde31ed61a7dc6 3 pkg-md5-ok_1.0.tar.gz
1262d358 19
51c04562
JAK
20Package: pkg-sha1-ok
21Binary: pkg-sha1-ok
22Version: 1.0
23Maintainer: Joe Sixpack <joe@example.org>
24Architecture: all
25Files:
26 324f464e6151a92cf57b26ef95dcfcf2059a8c44 3 pkg-sha1-ok_1.0.dsc
27 680254bad1d7ca0d65ec46aaa315d363abf6a50a 3 pkg-sha1-ok_1.0.tar.gz
28
1262d358
DK
29Package: pkg-sha256-ok
30Binary: pkg-sha256-ok
31Version: 1.0
32Maintainer: Joe Sixpack <joe@example.org>
33Architecture: all
34Files:
895417ef
DK
35 9604ba9427a280db542279d9ed78400b 3 pkg-sha256-ok_1.0.dsc
36 db5570bf61464b46e2bde31ed61a7dc6 3 pkg-sha256-ok_1.0.tar.gz
1262d358 37Checksums-Sha1:
895417ef
DK
38 324f464e6151a92cf57b26ef95dcfcf2059a8c44 3 pkg-sha256-ok_1.0.dsc
39 680254bad1d7ca0d65ec46aaa315d363abf6a50a 3 pkg-sha256-ok_1.0.tar.gz
1262d358 40Checksums-Sha256:
895417ef
DK
41 943d3bf22ac661fb0f59bc4ff68cc12b04ff17a838dfcc2537008eb9c7f3770a 3 pkg-sha256-ok_1.0.dsc
42 90aebae315675cbf04612de4f7d5874850f48e0b8dd82becbeaa47ca93f5ebfb 3 pkg-sha256-ok_1.0.tar.gz
1262d358 43
d4c45145
DK
44Package: pkg-size-bad
45Binary: pkg-size-bad
46Version: 1.0
47Maintainer: Joe Sixpack <joe@example.org>
48Architecture: all
49Checksums-Sha256:
50 943d3bf22ac661fb0f59bc4ff68cc12b04ff17a838dfcc2537008eb9c7f3770a 2 pkg-size-bad_1.0.dsc
51 90aebae315675cbf04612de4f7d5874850f48e0b8dd82becbeaa47ca93f5ebfb 4 pkg-size-bad_1.0.tar.gz
52
1262d358
DK
53Package: pkg-sha256-bad
54Binary: pkg-sha256-bad
55Version: 1.0
56Maintainer: Joe Sixpack <joe@example.org>
57Architecture: all
58Files:
895417ef
DK
59 9604ba9427a280db542279d9ed78400b 3 pkg-sha256-bad_1.0.dsc
60 db5570bf61464b46e2bde31ed61a7dc6 3 pkg-sha256-bad_1.0.tar.gz
1262d358 61Checksums-Sha1:
895417ef
DK
62 324f464e6151a92cf57b26ef95dcfcf2059a8c44 3 pkg-sha256-bad_1.0.dsc
63 680254bad1d7ca0d65ec46aaa315d363abf6a50a 3 pkg-sha256-bad_1.0.tar.gz
1262d358 64Checksums-Sha256:
895417ef
DK
65 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 3 pkg-sha256-bad_1.0.dsc
66 bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 3 pkg-sha256-bad_1.0.tar.gz
1262d358 67
63d60998
DK
68Package: pkg-md5-bad
69Binary: pkg-md5-bad
70Version: 1.0
71Maintainer: Joe Sixpack <joe@example.org>
72Architecture: all
73Files:
74 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 3 pkg-md5-bad_1.0.dsc
75 bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 3 pkg-md5-bad_1.0.tar.gz
76
1262d358
DK
77Package: pkg-no-md5
78Binary: pkg-no-md5
79Version: 1.0
80Maintainer: Joe Sixpack <joe@example.org>
81Architecture: all
82Checksums-Sha1:
895417ef
DK
83 324f464e6151a92cf57b26ef95dcfcf2059a8c44 3 pkg-no-md5_1.0.dsc
84 680254bad1d7ca0d65ec46aaa315d363abf6a50a 3 pkg-no-md5_1.0.tar.gz
1262d358 85Checksums-Sha256:
895417ef
DK
86 943d3bf22ac661fb0f59bc4ff68cc12b04ff17a838dfcc2537008eb9c7f3770a 3 pkg-no-md5_1.0.dsc
87 90aebae315675cbf04612de4f7d5874850f48e0b8dd82becbeaa47ca93f5ebfb 3 pkg-no-md5_1.0.tar.gz
1262d358
DK
88
89Package: pkg-mixed-ok
90Binary: pkg-mixed-ok
91Version: 1.0
92Maintainer: Joe Sixpack <joe@example.org>
93Architecture: all
94Checksums-Sha1:
895417ef 95 680254bad1d7ca0d65ec46aaa315d363abf6a50a 3 pkg-mixed-ok_1.0.tar.gz
1262d358 96Checksums-Sha256:
895417ef 97 943d3bf22ac661fb0f59bc4ff68cc12b04ff17a838dfcc2537008eb9c7f3770a 3 pkg-mixed-ok_1.0.dsc
1262d358
DK
98
99Package: pkg-mixed-sha1-bad
100Binary: pkg-mixed-sha1-bad
101Version: 1.0
102Maintainer: Joe Sixpack <joe@example.org>
103Architecture: all
104Checksums-Sha1:
895417ef 105 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 3 pkg-mixed-sha1-bad_1.0.dsc
1262d358 106Checksums-Sha256:
895417ef 107 90aebae315675cbf04612de4f7d5874850f48e0b8dd82becbeaa47ca93f5ebfb 3 pkg-mixed-sha1-bad_1.0.tar.gz
1262d358
DK
108
109Package: pkg-mixed-sha2-bad
110Binary: pkg-mixed-sha2-bad
111Version: 1.0
112Maintainer: Joe Sixpack <joe@example.org>
113Architecture: all
114Checksums-Sha1:
895417ef 115 324f464e6151a92cf57b26ef95dcfcf2059a8c44 3 pkg-mixed-sha2-bad_1.0.dsc
1262d358 116Checksums-Sha256:
895417ef 117 bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 3 pkg-mixed-sha2-bad_1.0.tar.gz
1262d358
DK
118
119Package: pkg-md5-disagree
120Binary: pkg-md5-disagree
121Version: 1.0
122Maintainer: Joe Sixpack <joe@example.org>
123Architecture: all
124Files:
895417ef
DK
125 9604ba9427a280db542279d9ed78400b 3 pkg-md5-disagree_1.0.dsc
126 db5570bf61464b46e2bde31ed61a7dc6 3 pkg-md5-disagree_1.0.tar.gz
127 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 3 pkg-md5-disagree_1.0.dsc
128 bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 3 pkg-md5-disagree_1.0.tar.gz
1262d358
DK
129
130Package: pkg-md5-agree
131Binary: pkg-md5-agree
132Version: 1.0
133Maintainer: Joe Sixpack <joe@example.org>
134Architecture: all
135Files:
895417ef
DK
136 9604ba9427a280db542279d9ed78400b 3 pkg-md5-agree_1.0.dsc
137 db5570bf61464b46e2bde31ed61a7dc6 3 pkg-md5-agree_1.0.tar.gz
138 db5570bf61464b46e2bde31ed61a7dc6 3 pkg-md5-agree_1.0.tar.gz
139 9604ba9427a280db542279d9ed78400b 3 pkg-md5-agree_1.0.dsc
1262d358
DK
140
141Package: pkg-sha256-disagree
142Binary: pkg-sha256-disagree
143Version: 1.0
144Maintainer: Joe Sixpack <joe@example.org>
145Architecture: all
146Files:
895417ef
DK
147 9604ba9427a280db542279d9ed78400b 3 pkg-sha256-disagree_1.0.dsc
148 db5570bf61464b46e2bde31ed61a7dc6 3 pkg-sha256-disagree_1.0.tar.gz
1262d358 149Checksums-Sha1:
895417ef
DK
150 324f464e6151a92cf57b26ef95dcfcf2059a8c44 3 pkg-sha256-disagree_1.0.dsc
151 680254bad1d7ca0d65ec46aaa315d363abf6a50a 3 pkg-sha256-disagree_1.0.tar.gz
1262d358 152Checksums-Sha256:
895417ef
DK
153 943d3bf22ac661fb0f59bc4ff68cc12b04ff17a838dfcc2537008eb9c7f3770a 3 pkg-sha256-disagree_1.0.dsc
154 90aebae315675cbf04612de4f7d5874850f48e0b8dd82becbeaa47ca93f5ebfb 3 pkg-sha256-disagree_1.0.tar.gz
155 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 3 pkg-sha256-disagree_1.0.dsc
156 bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 3 pkg-sha256-disagree_1.0.tar.gz
1262d358
DK
157EOF
158
159# create fetchable files
51c04562 160for x in 'pkg-md5-ok' 'pkg-sha1-ok' 'pkg-sha256-ok' 'pkg-sha256-bad' 'pkg-no-md5' \
1262d358 161 'pkg-mixed-ok' 'pkg-mixed-sha1-bad' 'pkg-mixed-sha2-bad' \
63d60998 162 'pkg-md5-agree' 'pkg-md5-disagree' 'pkg-sha256-disagree' \
d4c45145 163 'pkg-md5-bad' 'pkg-size-bad'; do
895417ef
DK
164 echo -n 'dsc' > aptarchive/${x}_1.0.dsc
165 echo -n 'tar' > aptarchive/${x}_1.0.tar.gz
1262d358
DK
166done
167
63d60998 168setupaptarchive --no-update
1262d358
DK
169changetowebserver
170testsuccess aptget update
171
03aa0847
DK
172cd downloaded
173
1262d358
DK
174testok() {
175 rm -f ${1}_1.0.dsc ${1}_1.0.tar.gz
25b86db1 176 testsuccessequal "Reading package lists...
895417ef 177Need to get 6 B of source archives.
6c0765c0
DK
178Get:1 http://localhost:${APTHTTPPORT} $1 1.0 (dsc) [3 B]
179Get:2 http://localhost:${APTHTTPPORT} $1 1.0 (tar) [3 B]
1262d358
DK
180Download complete and in download only mode" aptget source -d "$@"
181 msgtest 'Files were successfully downloaded for' "$1"
182 testsuccess --nomsg test -e ${1}_1.0.dsc -a -e ${1}_1.0.tar.gz
183 rm -f ${1}_1.0.dsc ${1}_1.0.tar.gz
184}
185
186testkeep() {
895417ef
DK
187 echo -n 'dsc' > ${1}_1.0.dsc
188 echo -n 'tar' > ${1}_1.0.tar.gz
25b86db1 189 testsuccessequal "Reading package lists...
1262d358
DK
190Skipping already downloaded file '${1}_1.0.dsc'
191Skipping already downloaded file '${1}_1.0.tar.gz'
192Need to get 0 B of source archives.
193Download complete and in download only mode" aptget source -d "$@"
194 msgtest 'Files already downloaded are kept for' "$1"
195 testsuccess --nomsg test -e ${1}_1.0.dsc -a -e ${1}_1.0.tar.gz
196 rm -f ${1}_1.0.dsc ${1}_1.0.tar.gz
197}
198
63d60998
DK
199testnohash() {
200 #FIXME: Maybe we should fail in this case instead of skipping
201 rm -f ${1}_1.0.dsc ${1}_1.0.tar.gz
202 testsuccessequal "Reading package lists...
63d60998
DK
203Skipping download of file '${1}_1.0.dsc' as requested hashsum is not available for authentication
204Skipping download of file '${1}_1.0.tar.gz' as requested hashsum is not available for authentication
205Need to get 0 B of source archives.
206Download complete and in download only mode" aptget source -d "$@"
207 msgtest 'Files are not downloaded for' "$1"
208 testfailure --nomsg test -e ${1}_1.0.dsc -o -e ${1}_1.0.tar.gz
209}
210
1262d358
DK
211testmismatch() {
212 rm -f ${1}_1.0.dsc ${1}_1.0.tar.gz
d4c45145
DK
213 local FAILURE
214 if [ "$1" = 'pkg-size-bad' ]; then
215 FAILURE="Reading package lists...
216Need to get 6 B of source archives.
217Get:1 http://localhost:${APTHTTPPORT} $1 1.0 (dsc) [2 B]
218Err:1 http://localhost:${APTHTTPPORT} $1 1.0 (dsc)
219 Writing more data than expected (3 > 2)
220Get:2 http://localhost:${APTHTTPPORT} $1 1.0 (tar) [4 B]
221Err:2 http://localhost:${APTHTTPPORT} $1 1.0 (tar)
222 Hash Sum mismatch
223E: Failed to fetch http://localhost:${APTHTTPPORT}/${1}_1.0.dsc Writing more data than expected (3 > 2)
224
225E: Failed to fetch http://localhost:${APTHTTPPORT}/${1}_1.0.tar.gz Hash Sum mismatch
226
227E: Failed to fetch some archives."
228 else
229 FAILURE="Reading package lists...
895417ef 230Need to get 6 B of source archives.
6c0765c0
DK
231Get:1 http://localhost:${APTHTTPPORT} $1 1.0 (dsc) [3 B]
232Err:1 http://localhost:${APTHTTPPORT} $1 1.0 (dsc)
448c38bd 233 Hash Sum mismatch
6c0765c0
DK
234Get:2 http://localhost:${APTHTTPPORT} $1 1.0 (tar) [3 B]
235Err:2 http://localhost:${APTHTTPPORT} $1 1.0 (tar)
448c38bd 236 Hash Sum mismatch
6c0765c0 237E: Failed to fetch http://localhost:${APTHTTPPORT}/${1}_1.0.dsc Hash Sum mismatch
1262d358 238
6c0765c0 239E: Failed to fetch http://localhost:${APTHTTPPORT}/${1}_1.0.tar.gz Hash Sum mismatch
1262d358 240
d4c45145
DK
241E: Failed to fetch some archives."
242 fi
243 testfailureequal "$FAILURE" aptget source -d "$@"
244
1262d358
DK
245 msgtest 'Files were not download as they have hashsum mismatches for' "$1"
246 testfailure --nomsg test -e ${1}_1.0.dsc -a -e ${1}_1.0.tar.gz
247
63d60998
DK
248 if [ "$2" != '--allow-unauthenticated' ]; then
249 rm -f ${1}_1.0.dsc ${1}_1.0.tar.gz
250 testsuccessequal "Reading package lists...
63d60998
DK
251Skipping download of file '${1}_1.0.dsc' as requested hashsum is not available for authentication
252Skipping download of file '${1}_1.0.tar.gz' as requested hashsum is not available for authentication
1262d358
DK
253Need to get 0 B of source archives.
254Download complete and in download only mode" aptget source -d "$@" -o Acquire::ForceHash=ROT26
63d60998
DK
255 msgtest 'Files were not download as hash is unavailable for' "$1"
256 testfailure --nomsg test -e ${1}_1.0.dsc -a -e ${1}_1.0.tar.gz
257 fi
1262d358 258
d4c45145
DK
259 if [ "$1" != 'pkg-size-bad' ]; then
260 rm -f ${1}_1.0.dsc ${1}_1.0.tar.gz
261 testsuccessequal "Reading package lists...
895417ef 262Need to get 6 B of source archives.
6c0765c0
DK
263Get:1 http://localhost:${APTHTTPPORT} $1 1.0 (dsc) [3 B]
264Get:2 http://localhost:${APTHTTPPORT} $1 1.0 (tar) [3 B]
1262d358 265Download complete and in download only mode" aptget source --allow-unauthenticated -d "$@" -o Acquire::ForceHash=ROT26
d4c45145
DK
266 msgtest 'Files were downloaded unauthenticated as user allowed it' "$1"
267 testsuccess --nomsg test -e ${1}_1.0.dsc -a -e ${1}_1.0.tar.gz
268 fi
1262d358
DK
269}
270
63d60998 271testnohash pkg-md5-ok
51c04562 272testnohash pkg-sha1-ok
1262d358
DK
273testok pkg-sha256-ok
274testkeep pkg-sha256-ok
275
276# pkg-sha256-bad has a bad SHA sum, but good MD5 sum. If apt is
277# checking the best available hash (as it should), this will trigger
278# a hash mismatch.
279testmismatch pkg-sha256-bad
1262d358
DK
280testok pkg-sha256-bad -o Acquire::ForceHash=MD5Sum
281
63d60998
DK
282testnohash pkg-md5-bad
283testmismatch pkg-md5-bad --allow-unauthenticated
284
d4c45145
DK
285testmismatch pkg-size-bad
286
1262d358 287# not having MD5 sum doesn't mean the file doesn't exist at all …
63d60998 288testok pkg-no-md5
1262d358 289testok pkg-no-md5 -o Acquire::ForceHash=SHA256
25b86db1 290testsuccessequal "Reading package lists...
1262d358
DK
291Skipping download of file 'pkg-no-md5_1.0.dsc' as requested hashsum is not available for authentication
292Skipping download of file 'pkg-no-md5_1.0.tar.gz' as requested hashsum is not available for authentication
293Need to get 0 B of source archives.
294Download complete and in download only mode" aptget source -d pkg-no-md5 -o Acquire::ForceHash=MD5Sum
295msgtest 'Files were not download as MD5 is not available for this package' 'pkg-no-md5'
296testfailure --nomsg test -e pkg-no-md5_1.0.dsc -a -e pkg-no-md5_1.0.tar.gz
297
298# deal with cases in which we haven't for all files the same checksum type
299# mostly pathologic as this shouldn't happen, but just to be sure
51c04562
JAK
300testsuccessequal "Reading package lists...
301Skipping download of file 'pkg-mixed-ok_1.0.tar.gz' as requested hashsum is not available for authentication
302Need to get 3 B of source archives.
303Get:1 http://localhost:${APTHTTPPORT} pkg-mixed-ok 1.0 (dsc) [3 B]
304Download complete and in download only mode" aptget source -d pkg-mixed-ok
305
306testsuccessequal "Reading package lists...
307Skipping download of file 'pkg-mixed-sha1-bad_1.0.dsc' as requested hashsum is not available for authentication
308Need to get 3 B of source archives.
6c0765c0 309Get:1 http://localhost:${APTHTTPPORT} pkg-mixed-sha1-bad 1.0 (tar) [3 B]
51c04562 310Download complete and in download only mode" aptget source -d pkg-mixed-sha1-bad
1262d358
DK
311msgtest 'Only tar file is downloaded as the dsc has hashsum mismatch' 'pkg-mixed-sha1-bad'
312testsuccess --nomsg test ! -e pkg-mixed-sha1-bad_1.0.dsc -a -e pkg-mixed-sha1-bad_1.0.tar.gz
6c0765c0 313testfailureequal "Reading package lists...
51c04562
JAK
314Skipping download of file 'pkg-mixed-sha2-bad_1.0.dsc' as requested hashsum is not available for authentication
315Need to get 3 B of source archives.
6c0765c0
DK
316Get:1 http://localhost:${APTHTTPPORT} pkg-mixed-sha2-bad 1.0 (tar) [3 B]
317Err:1 http://localhost:${APTHTTPPORT} pkg-mixed-sha2-bad 1.0 (tar)
448c38bd 318 Hash Sum mismatch
6c0765c0 319E: Failed to fetch http://localhost:${APTHTTPPORT}/pkg-mixed-sha2-bad_1.0.tar.gz Hash Sum mismatch
1262d358 320
6c0765c0 321E: Failed to fetch some archives." aptget source -d pkg-mixed-sha2-bad
1262d358
DK
322
323# it gets even more pathologic: multiple entries for one file, some even disagreeing!
63d60998 324testnohash pkg-md5-agree
25b86db1 325testfailureequal 'Reading package lists...
1262d358 326E: Error parsing checksum in Files of source package pkg-md5-disagree' aptget source -d pkg-md5-disagree
25b86db1 327testfailureequal 'Reading package lists...
1262d358 328E: Error parsing checksum in Checksums-SHA256 of source package pkg-sha256-disagree' aptget source -d pkg-sha256-disagree