]> git.saurik.com Git - apt.git/blame - test/integration/test-releasefile-verification
report failures via exit and ensure we don't overflow
[apt.git] / test / integration / test-releasefile-verification
CommitLineData
fe0f7911
DK
1#!/bin/sh
2set -e
3
4TESTDIR=$(readlink -f $(dirname $0))
5. $TESTDIR/framework
6
7setupenvironment
8configarchitecture "i386"
9
10buildaptarchive
11setupflataptarchive
12changetowebserver
13
14prepare() {
15 local DATE="${2:-now}"
16 if [ "$DATE" = 'now' -a "$1" = "${PKGFILE}-new" ]; then
17 DATE='now + 6 days'
18 fi
19 for release in $(find rootdir/var/lib/apt/lists 2> /dev/null); do
20 touch -d 'now - 6 hours' $release
21 done
8de79b68 22 aptget clean
fe0f7911
DK
23 cp $1 aptarchive/Packages
24 find aptarchive -name 'Release' -delete
25 cat aptarchive/Packages | gzip > aptarchive/Packages.gz
26 cat aptarchive/Packages | bzip2 > aptarchive/Packages.bz2
3b4d8136 27 cat aptarchive/Packages | xz --format=lzma > aptarchive/Packages.lzma
fe0f7911
DK
28 generatereleasefiles "$DATE"
29}
30
31installaptold() {
32 testequal 'Reading package lists...
33Building dependency tree...
34Suggested packages:
35 aptitude synaptic wajig dpkg-dev apt-doc bzip2 lzma python-apt
36The following NEW packages will be installed:
37 apt
380 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
39After this operation, 5370 kB of additional disk space will be used.
40Get:1 http://localhost/ apt 0.7.25.3
41Download complete and in download only mode' aptget install apt -dy
42}
43
44installaptnew() {
45 testequal 'Reading package lists...
46Building dependency tree...
47Suggested packages:
48 aptitude synaptic wajig dpkg-dev apt-doc bzip2 lzma python-apt
49The following NEW packages will be installed:
50 apt
510 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
52After this operation, 5808 kB of additional disk space will be used.
53Get:1 http://localhost/ apt 0.8.0~pre1
54Download complete and in download only mode' aptget install apt -dy
55}
56
57failaptold() {
58 testequal 'Reading package lists...
59Building dependency tree...
60Suggested packages:
61 aptitude synaptic wajig dpkg-dev apt-doc bzip2 lzma python-apt
62The following NEW packages will be installed:
63 apt
640 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
65After this operation, 5370 kB of additional disk space will be used.
66WARNING: The following packages cannot be authenticated!
67 apt
68E: There are problems and -y was used without --force-yes' aptget install apt -dy
69}
70
71failaptnew() {
72 testequal 'Reading package lists...
73Building dependency tree...
74Suggested packages:
75 aptitude synaptic wajig dpkg-dev apt-doc bzip2 lzma python-apt
76The following NEW packages will be installed:
77 apt
780 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
79After this operation, 5808 kB of additional disk space will be used.
80WARNING: The following packages cannot be authenticated!
81 apt
82E: There are problems and -y was used without --force-yes' aptget install apt -dy
83}
84
85# fake our downloadable file
86touch aptarchive/apt.deb
87
88PKGFILE="${TESTDIR}/$(echo "$(basename $0)" | sed 's#^test-#Packages-#')"
89
90runtest() {
91 prepare ${PKGFILE}
92 rm -rf rootdir/var/lib/apt/lists
93 signreleasefiles 'Joe Sixpack'
94 find aptarchive/ -name "$DELETEFILE" -delete
95 msgtest 'Cold archive signed by' 'Joe Sixpack'
96 aptget update 2>&1 | grep -E '^(W|E): ' > /dev/null && msgfail || msgpass
97 testequal "$(cat ${PKGFILE})
98" aptcache show apt
99 installaptold
100
101 prepare ${PKGFILE}-new
102 signreleasefiles 'Joe Sixpack'
103 find aptarchive/ -name "$DELETEFILE" -delete
104 msgtest 'Good warm archive signed by' 'Joe Sixpack'
105 aptget update 2>&1 | grep -E '^(W|E): ' > /dev/null && msgfail || msgpass
106 testequal "$(cat ${PKGFILE}-new)
107" aptcache show apt
108 installaptnew
109
110
111 prepare ${PKGFILE}
112 rm -rf rootdir/var/lib/apt/lists
113 signreleasefiles 'Marvin Paranoid'
114 find aptarchive/ -name "$DELETEFILE" -delete
115 msgtest 'Cold archive signed by' 'Marvin Paranoid'
116 aptget update 2>&1 | grep -E '^(W|E): ' > /dev/null && msgpass || msgfail
117 testequal "$(cat ${PKGFILE})
118" aptcache show apt
119 failaptold
120
121 prepare ${PKGFILE}-new
122 # weborf doesn't support If-Range
123 for release in $(find rootdir/var/lib/apt/lists/partial/ -name '*Release'); do
124 rm $release
125 touch $release
126 done
127 signreleasefiles 'Joe Sixpack'
128 find aptarchive/ -name "$DELETEFILE" -delete
129 msgtest 'Bad warm archive signed by' 'Joe Sixpack'
130 aptget update 2>&1 | grep -E '^(W|E): ' > /dev/null && msgfail || msgpass
131 testequal "$(cat ${PKGFILE}-new)
132" aptcache show apt
133 installaptnew
134
135
136 prepare ${PKGFILE}
137 rm -rf rootdir/var/lib/apt/lists
138 signreleasefiles 'Joe Sixpack'
139 find aptarchive/ -name "$DELETEFILE" -delete
140 msgtest 'Cold archive signed by' 'Joe Sixpack'
141 aptget update 2>&1 | grep -E '^(W|E): ' > /dev/null && msgfail || msgpass
142 testequal "$(cat ${PKGFILE})
143" aptcache show apt
144 installaptold
145
146 prepare ${PKGFILE}-new
147 signreleasefiles 'Marvin Paranoid'
148 find aptarchive/ -name "$DELETEFILE" -delete
149 msgtest 'Good warm archive signed by' 'Marvin Paranoid'
150 aptget update 2>&1 | grep -E '^(W|E): ' > /dev/null && msgpass || msgfail
151 testequal "$(cat ${PKGFILE})
152" aptcache show apt
153 installaptold
154}
155
43c1ca5d
SR
156runtest2() {
157 prepare ${PKGFILE}
158 rm -rf rootdir/var/lib/apt/lists
159 signreleasefiles 'Joe Sixpack'
160 msgtest 'Cold archive signed by' 'Joe Sixpack'
161 aptget update 2>&1 | grep -E '^(W|E): ' > /dev/null && msgfail || msgpass
162
163 # New .deb but now an unsigned archive. For example MITM to circumvent
164 # package verification.
165 prepare ${PKGFILE}-new
166 find aptarchive/ -name InRelease -delete
167 find aptarchive/ -name Release.gpg -delete
168 msgtest 'Warm archive signed by' 'nobody'
169 aptget update 2>&1 | grep -E '^(W|E): ' > /dev/null && msgfail || msgpass
170 testequal "$(cat ${PKGFILE}-new)
171" aptcache show apt
172 failaptnew
173
174 # Unsigned archive from the beginning must also be detected.
175 rm -rf rootdir/var/lib/apt/lists
176 msgtest 'Cold archive signed by' 'nobody'
177 aptget update 2>&1 | grep -E '^(W|E): ' > /dev/null && msgfail || msgpass
178 testequal "$(cat ${PKGFILE}-new)
179" aptcache show apt
180 failaptnew
181}
182runtest2
183
184
fe0f7911
DK
185DELETEFILE="InRelease"
186runtest
187DELETEFILE="Release.gpg"
188runtest