| | 1 | #!/bin/sh |
| | 2 | set -e |
| | 3 | |
| | 4 | TESTDIR="$(readlink -f "$(dirname "$0")")" |
| | 5 | . "$TESTDIR/framework" |
| | 6 | |
| | 7 | setupenvironment |
| | 8 | configarchitecture 'i386' |
| | 9 | |
| | 10 | insertpackage 'stable' 'good-pkg' 'all' '1.0' |
| | 11 | |
| | 12 | setupaptarchive |
| | 13 | |
| | 14 | changetowebserver |
| | 15 | ARCHIVE="http://localhost:${APTHTTPPORT}" |
| | 16 | msgtest 'Initial apt-get update should work with' 'InRelease' |
| | 17 | testsuccess --nomsg aptget update |
| | 18 | |
| | 19 | # check that the setup is correct |
| | 20 | testsuccessequal "good-pkg: |
| | 21 | Installed: (none) |
| | 22 | Candidate: 1.0 |
| | 23 | Version table: |
| | 24 | 1.0 500 |
| | 25 | 500 ${ARCHIVE} stable/main all Packages" aptcache policy good-pkg |
| | 26 | |
| | 27 | # now exchange to the Packages file, note that this could be |
| | 28 | # done via MITM too |
| | 29 | insertpackage 'stable' 'bad-mitm' 'all' '1.0' |
| | 30 | |
| | 31 | # this builds compressed files and a new (unsigned) Release |
| | 32 | buildaptarchivefromfiles '+1hour' |
| | 33 | |
| | 34 | # add a space into the BEGIN PGP SIGNATURE PART/END PGP SIGNATURE part |
| | 35 | # to trick apt - this is still legal to gpg(v) |
| | 36 | sed -i '/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ s/^$/ /g' aptarchive/dists/stable/InRelease |
| | 37 | |
| | 38 | # we append the (evil unsigned) Release file to the (good signed) InRelease |
| | 39 | cat aptarchive/dists/stable/Release >> aptarchive/dists/stable/InRelease |
| | 40 | touch -d '+1hour' aptarchive/dists/stable/InRelease |
| | 41 | |
| | 42 | # ensure the update doesn't load bad data as good data |
| | 43 | # Note that we will pick up the InRelease itself as we download no other |
| | 44 | # indexes which would trigger a hashsum mismatch, but we ignore the 'bad' |
| | 45 | # part of the InRelease |
| | 46 | listcurrentlistsdirectory | sed '/_InRelease/ d' > listsdir.lst |
| | 47 | msgtest 'apt-get update should ignore unsigned data in the' 'InRelease' |
| | 48 | testsuccessequal "Get:1 http://localhost:${APTHTTPPORT} stable InRelease [$(stat -c%s aptarchive/dists/stable/InRelease) B] |
| | 49 | Reading package lists..." --nomsg aptget update |
| | 50 | testfileequal './listsdir.lst' "$(listcurrentlistsdirectory | sed '/_InRelease/ d')" |
| | 51 | |
| | 52 | # ensure there is no package |
| | 53 | testfailureequal 'Reading package lists... |
| | 54 | Building dependency tree... |
| | 55 | E: Unable to locate package bad-mitm' aptget install bad-mitm -s |
| | 56 | |
| | 57 | # and verify that its not picked up |
| | 58 | testsuccessequal 'N: Unable to locate package bad-mitm' aptcache policy bad-mitm |
| | 59 | |
| | 60 | # and that the right one is used |
| | 61 | testsuccessequal "good-pkg: |
| | 62 | Installed: (none) |
| | 63 | Candidate: 1.0 |
| | 64 | Version table: |
| | 65 | 1.0 500 |
| | 66 | 500 ${ARCHIVE} stable/main all Packages" aptcache policy good-pkg |
projects / apt.git / blame_incremental