git.saurik.com Git - apt.git/blame_incremental - test/integration/test-apt-update-rollback

... / ...

Commit	Line	Data
	1	#!/bin/sh
	2	#
	3	# test that apt-get update is transactional
	4	#
	5	set -e
	6
	7	avoid_ims_hit() {
	8	touch -d '+1hour' aptarchive/dists/unstable/main/binary-i386/Packages*
	9	touch -d '+1hour' aptarchive/dists/unstable/main/source/Sources*
	10	touch -d '+1hour' aptarchive/dists/unstable/Release
	11
	12	touch -d '-1hour' rootdir/var/lib/apt/lists/*
	13	}
	14
	15	create_fresh_archive()
	16	{
	17	rm -rf aptarchive/*
	18	rm -f rootdir/var/lib/apt/lists/_* rootdir/var/lib/apt/lists/partial/*
	19
	20	insertpackage 'unstable' 'old' 'all' '1.0'
	21
	22	setupaptarchive --no-update
	23	}
	24
	25	add_new_package() {
	26	insertpackage 'unstable' 'new' 'all' '1.0'
	27	insertsource 'unstable' 'new' 'all' '1.0'
	28
	29	setupaptarchive --no-update "$@"
	30	}
	31
	32	break_repository_sources_index() {
	33	mv "$APTARCHIVE/dists/unstable/main/source/Sources.gz" "$APTARCHIVE/dists/unstable/main/source/Sources.gz.orig"
	34	printf 'xxx' > "$APTARCHIVE/dists/unstable/main/source/Sources"
	35	compressfile "$APTARCHIVE/dists/unstable/main/source/Sources" "$@"
	36	}
	37
	38	start_with_good_inrelease() {
	39	create_fresh_archive
	40	testsuccess aptget update
	41	listcurrentlistsdirectory > lists.before
	42	testsuccessequal 'old/unstable 1.0 all' apt list -qq
	43	}
	44
	45	test_inrelease_to_new_inrelease() {
	46	msgmsg 'Test InRelease to new InRelease works fine'
	47	start_with_good_inrelease
	48
	49	add_new_package '+1hour'
	50	testsuccess aptget update -o Debug::Acquire::Transaction=1
	51	testsuccessequal 'new/unstable 1.0 all
	52	old/unstable 1.0 all' apt list -qq
	53	}
	54
	55	test_inrelease_to_broken_hash_reverts_all() {
	56	msgmsg 'Test InRelease to broken InRelease reverts everything'
	57	start_with_good_inrelease
	58
	59	add_new_package '+1hour'
	60	# break the Sources file
	61	break_repository_sources_index '+1hour'
	62
	63	# test the error condition
	64	testfailureequal "E: Failed to fetch file:${APTARCHIVE}/dists/unstable/main/source/Sources.gz Hash Sum mismatch
	65	Hashes of expected file:
	66	- Checksum-FileSize:$(stat -c '%s' 'aptarchive/dists/unstable/main/source/Sources.gz.orig')
	67	- SHA256:$(sha256sum 'aptarchive/dists/unstable/main/source/Sources.gz.orig' \| cut -d' ' -f 1)
	68	Hashes of received file:
	69	- SHA256:$(sha256sum 'aptarchive/dists/unstable/main/source/Sources.gz' \| cut -d' ' -f 1)
	70	- Checksum-FileSize:$(stat -c '%s' 'aptarchive/dists/unstable/main/source/Sources.gz')
	71	Last modification reported: $(lastmodification 'aptarchive/dists/unstable/main/source/Sources.gz')
	72	Release file created at: $(releasefiledate 'aptarchive/dists/unstable/InRelease')
	73	E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq
	74	# ensure that the Packages file is also rolled back
	75	testfileequal lists.before "$(listcurrentlistsdirectory)"
	76	testfailureequal "E: Unable to locate package new" aptget install new -s -qq
	77	}
	78
	79	test_inrelease_to_valid_release() {
	80	msgmsg 'Test InRelease to valid Release'
	81	start_with_good_inrelease
	82
	83	add_new_package '+1hour'
	84	# switch to a unsigned repo now
	85	rm "$APTARCHIVE/dists/unstable/InRelease"
	86	rm "$APTARCHIVE/dists/unstable/Release.gpg"
	87
	88	# update fails
	89	testfailureequal "E: The repository 'file:${APTARCHIVE} unstable Release' is no longer signed." aptget update -qq
	90
	91	# test that security downgrade was not successful
	92	testfileequal lists.before "$(listcurrentlistsdirectory)"
	93	testsuccess aptget install old -s
	94	testfailure aptget install new -s
	95	testnotempty find "${ROOTDIR}/var/lib/apt/lists" -name '*_InRelease'
	96	testempty find "${ROOTDIR}/var/lib/apt/lists" -name '*_Release'
	97	}
	98
	99	test_inrelease_to_release_reverts_all() {
	100	msgmsg 'Test InRelease to broken Release reverts everything'
	101	start_with_good_inrelease
	102
	103	# switch to a unsigned repo now
	104	add_new_package '+1hour'
	105	rm "$APTARCHIVE/dists/unstable/InRelease"
	106	rm "$APTARCHIVE/dists/unstable/Release.gpg"
	107
	108	# break it
	109	break_repository_sources_index '+1hour'
	110
	111	# ensure error
	112	testfailureequal "E: The repository 'file:${APTARCHIVE} unstable Release' is no longer signed." aptget update -qq # -o Debug::acquire::transaction=1
	113
	114	# ensure that the Packages file is also rolled back
	115	testfileequal lists.before "$(listcurrentlistsdirectory)"
	116	testsuccess aptget install old -s
	117	testfailure aptget install new -s
	118	testnotempty find "${ROOTDIR}/var/lib/apt/lists" -name '*_InRelease'
	119	testempty find "${ROOTDIR}/var/lib/apt/lists" -name '*_Release'
	120	}
	121
	122	test_unauthenticated_to_invalid_inrelease() {
	123	msgmsg 'Test UnAuthenticated to invalid InRelease reverts everything'
	124	create_fresh_archive
	125	rm "$APTARCHIVE/dists/unstable/InRelease"
	126	rm "$APTARCHIVE/dists/unstable/Release.gpg"
	127
	128	testwarning aptget update --allow-insecure-repositories
	129	listcurrentlistsdirectory > lists.before
	130	testfailureequal "WARNING: The following packages cannot be authenticated!
	131	old
	132	E: There were unauthenticated packages and -y was used without --allow-unauthenticated" aptget install -qq -y old
	133
	134	# go to authenticated but not correct
	135	add_new_package '+1hour'
	136	break_repository_sources_index '+1hour'
	137
	138	testfailureequal "E: Failed to fetch file:$APTARCHIVE/dists/unstable/main/source/Sources.gz Hash Sum mismatch
	139	Hashes of expected file:
	140	- Checksum-FileSize:$(stat -c '%s' 'aptarchive/dists/unstable/main/source/Sources.gz.orig')
	141	- SHA256:$(sha256sum 'aptarchive/dists/unstable/main/source/Sources.gz.orig' \| cut -d' ' -f 1)
	142	Hashes of received file:
	143	- SHA256:$(sha256sum 'aptarchive/dists/unstable/main/source/Sources.gz' \| cut -d' ' -f 1)
	144	- Checksum-FileSize:$(stat -c '%s' 'aptarchive/dists/unstable/main/source/Sources.gz')
	145	Last modification reported: $(lastmodification 'aptarchive/dists/unstable/main/source/Sources.gz')
	146	Release file created at: $(releasefiledate 'aptarchive/dists/unstable/InRelease')
	147	E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq
	148
	149	testfileequal lists.before "$(listcurrentlistsdirectory)"
	150	testempty find "${ROOTDIR}/var/lib/apt/lists" -maxdepth 1 -name '*_InRelease'
	151	testfailureequal "WARNING: The following packages cannot be authenticated!
	152	old
	153	E: There were unauthenticated packages and -y was used without --allow-unauthenticated" aptget install -qq -y old
	154	}
	155
	156	test_inrelease_to_unauth_inrelease() {
	157	msgmsg 'Test InRelease to InRelease without good sig'
	158	start_with_good_inrelease
	159
	160	signreleasefiles 'Marvin Paranoid'
	161
	162	testwarningequal "W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: file:${APTARCHIVE} unstable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E8525D47528144E2
	163	W: Failed to fetch file:$APTARCHIVE/dists/unstable/InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E8525D47528144E2
	164	W: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq
	165
	166	testfileequal lists.before "$(listcurrentlistsdirectory)"
	167	testnotempty find "${ROOTDIR}/var/lib/apt/lists" -name '*_InRelease'
	168	}
	169
	170	test_inrelease_to_broken_gzip() {
	171	msgmsg "Test InRelease to broken gzip"
	172	start_with_good_inrelease
	173
	174	break_repository_sources_index '+1hour'
	175	generatereleasefiles '+2hours'
	176	signreleasefiles
	177
	178	# append junk at the end of the compressed file
	179	echo "lala" >> "$APTARCHIVE/dists/unstable/main/source/Sources.gz"
	180	touch -d '+2min' "$APTARCHIVE/dists/unstable/main/source/Sources.gz"
	181	# remove uncompressed file to avoid fallback
	182	rm "$APTARCHIVE/dists/unstable/main/source/Sources"
	183
	184	testfailure aptget update
	185	testsuccess grep 'Hash Sum mismatch' rootdir/tmp/testfailure.output
	186	testfileequal lists.before "$(listcurrentlistsdirectory)"
	187	}
	188
	189	TESTDIR="$(readlink -f "$(dirname "$0")")"
	190	. "$TESTDIR/framework"
	191
	192	setupenvironment
	193	configarchitecture "i386"
	194
	195	# setup the archive and ensure we have a single package that installs fine
	196	setupaptarchive
	197	APTARCHIVE="$(readlink -f ./aptarchive)"
	198	ROOTDIR="${TMPWORKINGDIRECTORY}/rootdir"
	199	APTARCHIVE_LISTS="$(echo "$APTARCHIVE" \| tr "/" "_" )"
	200
	201	# test the following cases:
	202	# - InRelease -> broken InRelease revert to previous state
	203	# - empty lists dir and broken remote leaves nothing on the system
	204	# - InRelease -> hashsum mismatch for one file reverts all files to previous state
	205	# - Release/Release.gpg -> hashsum mismatch
	206	# - InRelease -> Release with hashsum mismatch revert entire state and kills Release
	207	# - Release -> InRelease with broken Sig/Hash removes InRelease
	208	# going from Release/Release.gpg -> InRelease and vice versa
	209	# - unauthenticated -> invalid InRelease
	210
	211	# stuff to do:
	212	# - ims-hit
	213	# - gzip-index tests
	214
	215	test_inrelease_to_new_inrelease
	216	test_inrelease_to_broken_hash_reverts_all
	217	test_inrelease_to_valid_release
	218	test_inrelease_to_release_reverts_all
	219	test_unauthenticated_to_invalid_inrelease
	220	test_inrelease_to_unauth_inrelease
	221	test_inrelease_to_broken_gzip