projects / apt.git / blame
| Commit | Line | Data |
|---|---|---|
| f87338d2 DK |
1 | #!/bin/sh |
| 2 | set -e | |
| 3 | ||
| 4 | TESTDIR=$(readlink -f $(dirname $0)) | |
| 5 | . $TESTDIR/framework | |
| 6 | ||
| 7 | setupenvironment | |
| 8 | configarchitecture "i386" | |
| 9 | ||
| 10 | # mock | |
| 11 | requires_root() { | |
| 12 | return 0 | |
| 13 | } | |
| 14 | ||
| 15 | # extract net_update() and import it | |
| 16 | func=$( sed -n -e '/^add_keys_with_verify_against_master_keyring/,/^}/p' ${BUILDDIRECTORY}/apt-key ) | |
| 17 | eval "$func" | |
| 18 | ||
| 19 | mkdir -p ./etc/apt | |
| 20 | TRUSTEDFILE=./etc/apt/trusted.gpg | |
| 21 | mkdir -p ./var/lib/apt/keyrings | |
| 22 | TMP_KEYRING=./var/lib/apt/keyrings/maybe-import-keyring.gpg | |
| 23 | GPG_CMD="gpg --ignore-time-conflict --no-options --no-default-keyring" | |
| 24 | GPG="$GPG_CMD --keyring $TRUSTEDFILE" | |
| 25 | MASTER_KEYRING=/usr/share/keyrings/ubuntu-master-keyring.gpg | |
| 26 | ||
| 27 | ||
| 28 | msgtest "add_keys_with_verify_against_master_keyring" | |
| 29 | if [ ! -e $MASTER_KEYRING ]; then | |
| 30 | echo -n "No $MASTER_KEYRING found" | |
| 31 | msgskip | |
| 32 | exit 0 | |
| 33 | fi | |
| 34 | ||
| 35 | # test bad keyring and ensure its not added (LP: #857472) | |
| 36 | ADD_KEYRING=./keys/exploid-keyring-with-dupe-keys.pub | |
| 37 | if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then | |
| 38 | msgfail | |
| 39 | else | |
| 40 | msgpass | |
| 41 | fi | |
| 42 | ||
| 43 | # ensure the keyring is still empty | |
| 44 | gpg_out=$($GPG --list-keys) | |
| 45 | msgtest "Test if keyring is empty" | |
| 46 | if [ -n "" ]; then | |
| 47 | msgfail | |
| 48 | else | |
| 49 | msgpass | |
| 50 | fi | |
| 51 | ||
| 52 | ||
| 53 | # test another possible attack vector using subkeys (LP: #1013128) | |
| 54 | msgtest "add_keys_with_verify_against_master_keyring with subkey attack" | |
| 55 | ADD_KEYRING=./keys/exploid-keyring-with-dupe-subkeys.pub | |
| 56 | if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then | |
| 57 | msgfail | |
| 58 | else | |
| 59 | msgpass | |
| 60 | fi | |
| 61 | ||
| 62 | # ensure the keyring is still empty | |
| 63 | gpg_out=$($GPG --list-keys) | |
| 64 | msgtest "Test if keyring is empty" | |
| 65 | if [ -n "" ]; then | |
| 66 | msgfail | |
| 67 | else | |
| 68 | msgpass | |
| 69 | fi | |
| 70 | ||
| 71 | ||
| 72 | # test good keyring and ensure we get no errors | |
| 73 | ADD_KEYRING=/usr/share/keyrings/ubuntu-archive-keyring.gpg | |
| 74 | if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then | |
| 75 | msgpass | |
| 76 | else | |
| 77 | msgfail | |
| 78 | fi | |
| 79 | ||
| 80 | testequal './etc/apt/trusted.gpg | |
| 81 | --------------------- | |
| 82 | pub 1024D/437D05B5 2004-09-12 | |
| 83 | uid Ubuntu Archive Automatic Signing Key <ftpmaster@ubuntu.com> | |
| 84 | sub 2048g/79164387 2004-09-12 | |
| 85 | ||
| 86 | pub 1024D/FBB75451 2004-12-30 | |
| 87 | uid Ubuntu CD Image Automatic Signing Key <cdimage@ubuntu.com> | |
| 88 | ||
| 89 | pub 4096R/C0B21F32 2012-05-11 | |
| 90 | uid Ubuntu Archive Automatic Signing Key (2012) <ftpmaster@ubuntu.com> | |
| 91 | ||
| 92 | pub 4096R/EFE21092 2012-05-11 | |
| 93 | uid Ubuntu CD Image Automatic Signing Key (2012) <cdimage@ubuntu.com> | |
| 94 | ' $GPG --list-keys | |
| 95 |