]>
Commit | Line | Data |
---|---|---|
1 | #!/bin/sh | |
2 | set -e | |
3 | ||
4 | TESTDIR=$(readlink -f $(dirname $0)) | |
5 | . $TESTDIR/framework | |
6 | ||
7 | setupenvironment | |
8 | configarchitecture "i386" | |
9 | ||
10 | buildsimplenativepackage 'apt' 'all' '1.0' 'stable' | |
11 | ||
12 | # setup http redirecting to https | |
13 | setupaptarchive --no-update | |
14 | changetowebserver -o 'aptwebserver::redirect::replace::/redirectme/=https://localhost:4433/' \ | |
15 | -o 'aptwebserver::redirect::replace::/downgrademe/=http://localhost:8080/' \ | |
16 | -o 'aptwebserver::support::http=false' | |
17 | changetohttpswebserver | |
18 | sed -i -e 's#:4433/#:8080/redirectme#' -e 's# https:# http:#' rootdir/etc/apt/sources.list.d/* | |
19 | ||
20 | testsuccess aptget update -o Debug::Acquire::http=1 -o Debug::Acquire::https=1 -o Debug::pkgAcquire::Worker=1 | |
21 | ||
22 | msgtest 'Test that the webserver does not answer' 'http requests' | |
23 | downloadfile 'http://localhost:8080/pool/apt_1.0/changelog' changelog >/dev/null 2>&1 && msgfail || msgpass | |
24 | ||
25 | echo 'Apt::Changelogs::Server "http://localhost:8080/redirectme";' > rootdir/etc/apt/apt.conf.d/changelog.conf | |
26 | testequal "'http://localhost:8080/redirectme/pool/apt_1.0/changelog'" aptget changelog apt --print-uris | |
27 | ||
28 | testsuccess aptget changelog apt -d | |
29 | testsuccess test -s apt.changelog | |
30 | rm -f apt.changelog | |
31 | ||
32 | testsuccess aptget download apt | |
33 | testsuccess test -s apt_1.0_all.deb | |
34 | rm apt_1.0_all.deb | |
35 | ||
36 | testsuccess aptget install apt -y | |
37 | testdpkginstalled 'apt' | |
38 | ||
39 | # create a copy of all methods, expect https | |
40 | eval `aptconfig shell METHODS Dir::Bin::Methods/d` | |
41 | COPYMETHODS='usr/lib/apt/methods' | |
42 | mv rootdir/${COPYMETHODS} rootdir/${COPYMETHODS}.bak | |
43 | mkdir -p rootdir/$COPYMETHODS | |
44 | cd rootdir/$COPYMETHODS | |
45 | find $METHODS \! -type d | while read meth; do | |
46 | ln -s $meth | |
47 | done | |
48 | rm https | |
49 | cd - >/dev/null | |
50 | echo "Dir::Bin::Methods \"${COPYMETHODS}\";" >> aptconfig.conf | |
51 | ||
52 | if [ "$(id -u)" = '0' ]; then | |
53 | testequal "Can't drop privileges for downloading as file '$(pwd)/apt_1.0_all.deb' couldn't be accessed by user '_apt'. | |
54 | E: The method driver $(pwd)/rootdir/usr/lib/apt/methods/https could not be found. | |
55 | N: Is the package apt-transport-https installed?" aptget download apt -q=0 | |
56 | else | |
57 | testequal "E: The method driver $(pwd)/rootdir/usr/lib/apt/methods/https could not be found. | |
58 | N: Is the package apt-transport-https installed?" aptget download apt -q=0 | |
59 | fi | |
60 | testsuccess test ! -e apt_1.0_all.deb | |
61 | ||
62 | # revert to all methods | |
63 | rm -rf rootdir/$COPYMETHODS | |
64 | mv rootdir/${COPYMETHODS}.bak rootdir/${COPYMETHODS} | |
65 | ||
66 | # check that downgrades from https to http are not allowed | |
67 | webserverconfig 'aptwebserver::support::http' 'true' | |
68 | sed -i -e 's#:8080/redirectme#:4433/downgrademe#' -e 's# http:# https:#' rootdir/etc/apt/sources.list.d/* | |
69 | testfailure aptget update --allow-insecure-repositories |