]> git.saurik.com Git - apt.git/blame - test/integration/test-apt-update-rollback
Add new configallowinsecurerepositories to the test framework
[apt.git] / test / integration / test-apt-update-rollback
CommitLineData
e05672e8
MV
1#!/bin/sh
2#
3# test that apt-get update is transactional
4#
5set -e
6
7avoid_ims_hit() {
8 touch -d '+1hour' aptarchive/dists/unstable/main/binary-i386/Packages*
9 touch -d '+1hour' aptarchive/dists/unstable/main/source/Sources*
10 touch -d '+1hour' aptarchive/dists/unstable/*Release*
11
12 touch -d '-1hour' rootdir/var/lib/apt/lists/*
13}
14
15create_fresh_archive()
16{
17 rm -rf aptarchive/*
18 rm -f rootdir/var/lib/apt/lists/_* rootdir/var/lib/apt/lists/partial/*
19
20 insertpackage 'unstable' 'old' 'all' '1.0'
21
4dbfe436 22 setupaptarchive --no-update
e05672e8
MV
23}
24
25add_new_package() {
26 insertpackage "unstable" "new" "all" "1.0"
27 insertsource "unstable" "new" "all" "1.0"
28
4dbfe436 29 setupaptarchive --no-update "$@"
e05672e8
MV
30}
31
32break_repository_sources_index() {
4dbfe436
DK
33 printf 'xxx' > $APTARCHIVE/dists/unstable/main/source/Sources
34 compressfile "$APTARCHIVE/dists/unstable/main/source/Sources" "$@"
e05672e8
MV
35}
36
4dbfe436 37start_with_good_inrelease() {
e05672e8 38 create_fresh_archive
4dbfe436 39 testsuccess aptget update
e05672e8 40 testequal "old/unstable 1.0 all" apt list -q
4dbfe436 41}
e05672e8 42
4dbfe436
DK
43test_inrelease_to_new_inrelease() {
44 msgmsg 'Test InRelease to new InRelease works fine'
45 start_with_good_inrelease
80976dd5 46
4dbfe436 47 add_new_package '+1hour'
80976dd5 48 testsuccess aptget update -o Debug::Acquire::Transaction=1
e05672e8
MV
49 testequal "new/unstable 1.0 all
50old/unstable 1.0 all" apt list -q
51}
52
53test_inrelease_to_broken_hash_reverts_all() {
4dbfe436
DK
54 msgmsg 'Test InRelease to broken InRelease reverts everything'
55 start_with_good_inrelease
56
57 add_new_package '+1hour'
e05672e8 58 # break the Sources file
4dbfe436 59 break_repository_sources_index '+1hour'
e05672e8
MV
60
61 # test the error condition
183160cb 62 testequal "W: Failed to fetch file:${APTARCHIVE}/dists/unstable/main/source/Sources Hash Sum mismatch
e05672e8
MV
63
64E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq
65 # ensure that the Packages file is also rolled back
66 testequal "E: Unable to locate package new" aptget install new -s -qq
67}
68
4dbfe436
DK
69test_inrelease_to_valid_release() {
70 msgmsg 'Test InRelease to valid Release'
71 start_with_good_inrelease
72
73 add_new_package '+1hour'
74 # switch to a unsigned repo now
e05672e8
MV
75 rm $APTARCHIVE/dists/unstable/InRelease
76 rm $APTARCHIVE/dists/unstable/Release.gpg
e05672e8 77
bca84917
MV
78 # update fails
79 testequal "E: The repository 'file: unstable Release.gpg' is no longer signed." aptget update -qq
e05672e8
MV
80
81 # test that we can install the new packages but do no longer have a sig
82 testsuccess aptget install old -s
bca84917
MV
83 testfailure aptget install new -s
84 testsuccess ls $ROOTDIR/var/lib/apt/lists/*_InRelease
85 testfailure ls $ROOTDIR/var/lib/apt/lists/*_Release
e05672e8
MV
86}
87
4dbfe436
DK
88test_inrelease_to_release_reverts_all() {
89 msgmsg 'Test InRelease to broken Release reverts everything'
90 start_with_good_inrelease
e05672e8 91
4dbfe436
DK
92 # switch to a unsigned repo now
93 add_new_package '+1hour'
e05672e8
MV
94 rm $APTARCHIVE/dists/unstable/InRelease
95 rm $APTARCHIVE/dists/unstable/Release.gpg
4dbfe436 96
e05672e8 97 # break it
4dbfe436 98 break_repository_sources_index '+1hour'
e05672e8
MV
99
100 # ensure error
bca84917 101 testequal "E: The repository 'file: unstable Release.gpg' is no longer signed." aptget update -qq # -o Debug::acquire::transaction=1
e05672e8
MV
102
103 # ensure that the Packages file is also rolled back
104 testsuccess aptget install old -s
105 testfailure aptget install new -s
106 testsuccess ls $ROOTDIR/var/lib/apt/lists/*_InRelease
107 testfailure ls $ROOTDIR/var/lib/apt/lists/*_Release
108}
109
110test_unauthenticated_to_invalid_inrelease() {
4dbfe436 111 msgmsg 'Test UnAuthenticated to invalid InRelease reverts everything'
e05672e8
MV
112 create_fresh_archive
113 rm $APTARCHIVE/dists/unstable/InRelease
114 rm $APTARCHIVE/dists/unstable/Release.gpg
4dbfe436
DK
115
116 testsuccess aptget update --allow-insecure-repositories
e05672e8
MV
117 testequal "WARNING: The following packages cannot be authenticated!
118 old
119E: There are problems and -y was used without --force-yes" aptget install -qq -y old
4dbfe436 120
e05672e8 121 # go to authenticated but not correct
4dbfe436
DK
122 add_new_package '+1hour'
123 break_repository_sources_index '+1hour'
e05672e8 124
183160cb 125 testequal "W: Failed to fetch file:$APTARCHIVE/dists/unstable/main/source/Sources Hash Sum mismatch
6d979490 126
e05672e8
MV
127E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq
128
129 testfailure ls rootdir/var/lib/apt/lists/*_InRelease
130 testequal "WARNING: The following packages cannot be authenticated!
131 old
132E: There are problems and -y was used without --force-yes" aptget install -qq -y old
133}
134
c5fced38 135test_inrelease_to_unauth_inrelease() {
4dbfe436
DK
136 msgmsg 'Test InRelease to InRelease without good sig'
137 start_with_good_inrelease
138
9d653a6d 139 signreleasefiles 'Marvin Paranoid'
4dbfe436 140
21638c3a 141 testequal "W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: file: unstable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E8525D47528144E2
c5fced38 142
4dbfe436 143W: Failed to fetch file:$APTARCHIVE/dists/unstable/InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E8525D47528144E2
c5fced38 144
21638c3a
MV
145W: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq
146
147 testsuccess ls rootdir/var/lib/apt/lists/*_InRelease
c5fced38
MV
148}
149
7abcfdde
MV
150test_inrelease_to_broken_gzip() {
151 msgmsg "Test InRelease to broken gzip"
4dbfe436
DK
152 start_with_good_inrelease
153
154 # append junk at the end of the compressed file
7abcfdde 155 echo "lala" >> $APTARCHIVE/dists/unstable/main/source/Sources.gz
4dbfe436
DK
156 touch -d '+2min' $APTARCHIVE/dists/unstable/main/source/Sources.gz
157 # remove uncompressed file to avoid fallback
7abcfdde 158 rm $APTARCHIVE/dists/unstable/main/source/Sources
7abcfdde
MV
159
160 testfailure aptget update
161}
162
e05672e8
MV
163TESTDIR=$(readlink -f $(dirname $0))
164. $TESTDIR/framework
165
166setupenvironment
167configarchitecture "i386"
168
169# setup the archive and ensure we have a single package that installs fine
170setupaptarchive
171APTARCHIVE=$(readlink -f ./aptarchive)
172ROOTDIR=${TMPWORKINGDIRECTORY}/rootdir
173APTARCHIVE_LISTS="$(echo $APTARCHIVE | tr "/" "_" )"
174
175# test the following cases:
4dbfe436 176# - InRelease -> broken InRelease revert to previous state
e05672e8
MV
177# - empty lists dir and broken remote leaves nothing on the system
178# - InRelease -> hashsum mismatch for one file reverts all files to previous state
179# - Release/Release.gpg -> hashsum mismatch
180# - InRelease -> Release with hashsum mismatch revert entire state and kills Release
181# - Release -> InRelease with broken Sig/Hash removes InRelease
182# going from Release/Release.gpg -> InRelease and vice versa
183# - unauthenticated -> invalid InRelease
184
67f2f9e2 185# stuff to do:
4dbfe436 186# - ims-hit
67f2f9e2
MV
187# - gzip-index tests
188
e05672e8
MV
189test_inrelease_to_new_inrelease
190test_inrelease_to_broken_hash_reverts_all
4dbfe436
DK
191test_inrelease_to_valid_release
192test_inrelease_to_release_reverts_all
6d979490 193test_unauthenticated_to_invalid_inrelease
c5fced38 194test_inrelease_to_unauth_inrelease
7abcfdde 195test_inrelease_to_broken_gzip