| 1 | #!/bin/sh |
| 2 | set -e |
| 3 | |
| 4 | TESTDIR="$(readlink -f "$(dirname "$0")")" |
| 5 | . "$TESTDIR/framework" |
| 6 | |
| 7 | setupenvironment |
| 8 | configarchitecture 'amd64' |
| 9 | |
| 10 | buildsimplenativepackage 'foo' 'amd64' '1' 'stable' |
| 11 | buildsimplenativepackage 'foo' 'amd64' '2' 'testing' |
| 12 | |
| 13 | setupaptarchive --no-update |
| 14 | |
| 15 | APTARCHIVE=$(readlink -f ./aptarchive) |
| 16 | |
| 17 | everythingsucceeds() { |
| 18 | testsuccessequal 'Listing... |
| 19 | foo/testing 2 amd64 |
| 20 | foo/stable 1 amd64 |
| 21 | ' apt list foo -a |
| 22 | |
| 23 | cd downloaded |
| 24 | rm -f foo_1_amd64.deb foo_2_amd64.deb |
| 25 | testsuccess aptget download foo "$@" |
| 26 | testsuccess test -s foo_1_amd64.deb -o -s foo_2_amd64.deb |
| 27 | |
| 28 | rm -f foo_1.dsc foo_2.dsc |
| 29 | testsuccess aptget source foo --dsc-only -d "$@" |
| 30 | testsuccess test -s foo_1.dsc -o -s foo_2.dsc |
| 31 | cd - >/dev/null |
| 32 | } |
| 33 | |
| 34 | everythingfails() { |
| 35 | testsuccessequal 'Listing... |
| 36 | foo/testing 2 amd64 |
| 37 | foo/stable 1 amd64 |
| 38 | ' apt list foo -a |
| 39 | |
| 40 | local WARNING='WARNING: The following packages cannot be authenticated! |
| 41 | foo |
| 42 | E: Some packages could not be authenticated' |
| 43 | |
| 44 | cd downloaded |
| 45 | rm -f foo_1_amd64.deb foo_2_amd64.deb |
| 46 | testfailure aptget download foo "$@" |
| 47 | testequal "$WARNING" tail -n 3 ../rootdir/tmp/testfailure.output |
| 48 | testfailure test -s foo_1_amd64.deb -o -s foo_2_amd64.deb |
| 49 | |
| 50 | rm -f foo_1.dsc foo_2.dsc |
| 51 | testfailure aptget source foo --dsc-only -d "$@" |
| 52 | testequal "$WARNING" tail -n 3 ../rootdir/tmp/testfailure.output |
| 53 | testfailure test -s foo_1.dsc -o -s foo_2.dsc |
| 54 | cd - >/dev/null |
| 55 | } |
| 56 | |
| 57 | cp -a rootdir/etc/apt/sources.list.d/ rootdir/etc/apt/sources.list.d.bak/ |
| 58 | echo 'Debug::Acquire::Transaction "true"; |
| 59 | Debug::pkgAcquire::Worker "true";' > rootdir/etc/apt/apt.conf.d/00debugging |
| 60 | |
| 61 | aptgetupdate() { |
| 62 | rm -rf rootdir/var/lib/apt/lists |
| 63 | # note that insecure with trusted=yes are allowed |
| 64 | # as the trusted=yes indicates that security is provided by |
| 65 | # something above the understanding of apt |
| 66 | ${1:-testsuccess} aptget update --no-allow-insecure-repositories |
| 67 | } |
| 68 | |
| 69 | insecureaptgetupdate() { |
| 70 | rm -rf rootdir/var/lib/apt/lists |
| 71 | testfailure aptget update --no-allow-insecure-repositories |
| 72 | rm -rf rootdir/var/lib/apt/lists |
| 73 | testwarning aptget update --allow-insecure-repositories |
| 74 | } |
| 75 | |
| 76 | msgmsg 'Test without trusted option and good sources' |
| 77 | cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/ |
| 78 | aptgetupdate |
| 79 | everythingsucceeds |
| 80 | everythingsucceeds -t stable |
| 81 | everythingsucceeds -t testing |
| 82 | |
| 83 | msgmsg 'Test with trusted=yes option and good sources' |
| 84 | cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/ |
| 85 | sed -i 's#^deb\(-src\)\? #deb\1 [trusted=yes] #' rootdir/etc/apt/sources.list.d/* |
| 86 | aptgetupdate |
| 87 | everythingsucceeds |
| 88 | everythingsucceeds -t stable |
| 89 | everythingsucceeds -t testing |
| 90 | |
| 91 | msgmsg 'Test with trusted=no option and good sources' |
| 92 | cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/ |
| 93 | sed -i 's#^deb\(-src\)\? #deb\1 [trusted=no] #' rootdir/etc/apt/sources.list.d/* |
| 94 | # we want the warnings on the actions, but for 'update' everything is fine |
| 95 | aptgetupdate |
| 96 | everythingfails |
| 97 | everythingfails -t stable |
| 98 | everythingfails -t testing |
| 99 | |
| 100 | find aptarchive/dists/stable \( -name 'InRelease' -o -name 'Release.gpg' \) -delete |
| 101 | |
| 102 | msgmsg 'Test without trusted option and good and unsigned sources' |
| 103 | cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/ |
| 104 | insecureaptgetupdate |
| 105 | everythingsucceeds |
| 106 | everythingfails -t stable |
| 107 | everythingsucceeds -t testing |
| 108 | |
| 109 | msgmsg 'Test with trusted=yes option and good and unsigned sources' |
| 110 | cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/ |
| 111 | sed -i 's#^deb\(-src\)\? #deb\1 [trusted=yes] #' rootdir/etc/apt/sources.list.d/* |
| 112 | aptgetupdate |
| 113 | everythingsucceeds |
| 114 | everythingsucceeds -t stable |
| 115 | everythingsucceeds -t testing |
| 116 | |
| 117 | msgmsg 'Test with trusted=no option and good and unsigned sources' |
| 118 | cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/ |
| 119 | sed -i 's#^deb\(-src\)\? #deb\1 [trusted=no] #' rootdir/etc/apt/sources.list.d/* |
| 120 | insecureaptgetupdate |
| 121 | everythingfails |
| 122 | everythingfails -t stable |
| 123 | everythingfails -t testing |
| 124 | |
| 125 | signreleasefiles 'Marvin Paranoid' 'aptarchive/dists/stable' |
| 126 | |
| 127 | msgmsg 'Test without trusted option and good and unknown sources' |
| 128 | cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/ |
| 129 | insecureaptgetupdate |
| 130 | everythingsucceeds |
| 131 | everythingfails -t stable |
| 132 | everythingsucceeds -t testing |
| 133 | |
| 134 | msgmsg 'Test with trusted=yes option and good and unknown sources' |
| 135 | cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/ |
| 136 | sed -i 's#^deb\(-src\)\? #deb\1 [trusted=yes] #' rootdir/etc/apt/sources.list.d/* |
| 137 | aptgetupdate 'testwarning' |
| 138 | everythingsucceeds |
| 139 | everythingsucceeds -t stable |
| 140 | everythingsucceeds -t testing |
| 141 | |
| 142 | msgmsg 'Test with trusted=no option and good and unknown sources' |
| 143 | cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/ |
| 144 | sed -i 's#^deb\(-src\)\? #deb\1 [trusted=no] #' rootdir/etc/apt/sources.list.d/* |
| 145 | insecureaptgetupdate |
| 146 | everythingfails |
| 147 | everythingfails -t stable |
| 148 | everythingfails -t testing |
| 149 | |
| 150 | signreleasefiles 'Rex Expired' 'aptarchive/dists/stable' |
| 151 | cp -a keys/rexexpired.pub rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg |
| 152 | |
| 153 | msgmsg 'Test without trusted option and good and expired sources' |
| 154 | cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/ |
| 155 | insecureaptgetupdate |
| 156 | everythingsucceeds |
| 157 | everythingfails -t stable |
| 158 | everythingsucceeds -t testing |
| 159 | |
| 160 | msgmsg 'Test with trusted=yes option and good and expired sources' |
| 161 | cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/ |
| 162 | sed -i 's#^deb\(-src\)\? #deb\1 [trusted=yes] #' rootdir/etc/apt/sources.list.d/* |
| 163 | aptgetupdate 'testwarning' |
| 164 | everythingsucceeds |
| 165 | everythingsucceeds -t stable |
| 166 | everythingsucceeds -t testing |
| 167 | |
| 168 | msgmsg 'Test with trusted=no option and good and expired sources' |
| 169 | cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/ |
| 170 | sed -i 's#^deb\(-src\)\? #deb\1 [trusted=no] #' rootdir/etc/apt/sources.list.d/* |
| 171 | insecureaptgetupdate |
| 172 | everythingfails |
| 173 | everythingfails -t stable |
| 174 | everythingfails -t testing |
| 175 | |
| 176 | # same as the one further above, but this time testing is unsigned |
| 177 | find aptarchive/ \( -name 'InRelease' -o -name 'Release.gpg' \) -delete |
| 178 | signreleasefiles 'Joe Sixpack' 'aptarchive/dists/stable' |
| 179 | |
| 180 | msgmsg 'Test without trusted option and unsigned and good sources' |
| 181 | cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/ |
| 182 | insecureaptgetupdate |
| 183 | everythingfails |
| 184 | everythingsucceeds -t stable |
| 185 | everythingfails -t testing |
| 186 | |
| 187 | msgmsg 'Test with trusted=yes option and unsigned and good sources' |
| 188 | cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/ |
| 189 | sed -i 's#^deb\(-src\)\? #deb\1 [trusted=yes] #' rootdir/etc/apt/sources.list.d/* |
| 190 | aptgetupdate |
| 191 | everythingsucceeds |
| 192 | everythingsucceeds -t stable |
| 193 | everythingsucceeds -t testing |
| 194 | |
| 195 | msgmsg 'Test with trusted=no option and unsigned and good sources' |
| 196 | cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/ |
| 197 | sed -i 's#^deb\(-src\)\? #deb\1 [trusted=no] #' rootdir/etc/apt/sources.list.d/* |
| 198 | insecureaptgetupdate |
| 199 | everythingfails |
| 200 | everythingfails -t stable |
| 201 | everythingfails -t testing |
| 202 | |
| 203 | msgmsg 'Test conflicting trusted options are refused' |
| 204 | testsource() { |
| 205 | echo "$@" > rootdir/etc/apt/sources.list.d/example.list |
| 206 | testfailuremsg 'E: Conflicting values set for option Trusted regarding source http://example.org/bad/ unstable |
| 207 | E: The list of sources could not be read.' aptget update --print-uris |
| 208 | } |
| 209 | for VAL in 'yes' 'no'; do |
| 210 | testsource "deb http://example.org/bad unstable main |
| 211 | deb [trusted=${VAL}] http://example.org/bad unstable non-free" |
| 212 | testsource "deb [trusted=${VAL}] http://example.org/bad unstable main |
| 213 | deb http://example.org/bad unstable non-free" |
| 214 | done |
| 215 | testsource 'deb [trusted=yes] http://example.org/bad unstable main |
| 216 | deb [trusted=no] http://example.org/bad unstable non-free' |
| 217 | testsource 'deb [trusted=no] http://example.org/bad unstable main |
| 218 | deb [trusted=yes] http://example.org/bad unstable non-free' |