]>
Commit | Line | Data |
---|---|---|
1 | #!/bin/sh | |
2 | set -e | |
3 | ||
4 | TESTDIR="$(readlink -f "$(dirname "$0")")" | |
5 | . "$TESTDIR/framework" | |
6 | ||
7 | setupenvironment | |
8 | configarchitecture "i386" | |
9 | ||
10 | export APT_DONT_SIGN='Release.gpg' | |
11 | buildaptarchive | |
12 | setupflataptarchive | |
13 | changetowebserver | |
14 | ||
15 | webserverconfig 'aptwebserver::support::range' 'false' | |
16 | ||
17 | prepare() { | |
18 | local DATE="${2:-now}" | |
19 | if [ "$DATE" = 'now' ]; then | |
20 | if [ "$1" = "${PKGFILE}-new" ]; then | |
21 | DATE='now - 1 day' | |
22 | else | |
23 | DATE='now - 7 day' | |
24 | fi | |
25 | fi | |
26 | for release in $(find rootdir/var/lib/apt/lists 2> /dev/null); do | |
27 | touch -d 'now - 1 year' "$release" | |
28 | done | |
29 | aptget clean | |
30 | cp "$1" aptarchive/Packages | |
31 | find aptarchive -name 'Release' -delete | |
32 | compressfile 'aptarchive/Packages' "$DATE" | |
33 | generatereleasefiles "$DATE" 'now + 1 month' | |
34 | } | |
35 | ||
36 | installaptold() { | |
37 | rm -rf rootdir/var/cache/apt/archives | |
38 | testsuccessequal "Reading package lists... | |
39 | Building dependency tree... | |
40 | Suggested packages: | |
41 | aptitude | synaptic | wajig dpkg-dev apt-doc bzip2 lzma python-apt | |
42 | The following NEW packages will be installed: | |
43 | apt | |
44 | 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. | |
45 | After this operation, 5370 kB of additional disk space will be used. | |
46 | Get:1 http://localhost:${APTHTTPPORT} apt 0.7.25.3 | |
47 | Download complete and in download only mode" aptget install apt -dy | |
48 | } | |
49 | ||
50 | installaptnew() { | |
51 | rm -rf rootdir/var/cache/apt/archives | |
52 | testsuccessequal "Reading package lists... | |
53 | Building dependency tree... | |
54 | Suggested packages: | |
55 | aptitude | synaptic | wajig dpkg-dev apt-doc bzip2 lzma python-apt | |
56 | The following NEW packages will be installed: | |
57 | apt | |
58 | 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. | |
59 | After this operation, 5808 kB of additional disk space will be used. | |
60 | Get:1 http://localhost:${APTHTTPPORT} apt 0.8.0~pre1 | |
61 | Download complete and in download only mode" aptget install apt -dy | |
62 | } | |
63 | ||
64 | failaptold() { | |
65 | testfailureequal 'Reading package lists... | |
66 | Building dependency tree... | |
67 | Suggested packages: | |
68 | aptitude | synaptic | wajig dpkg-dev apt-doc bzip2 lzma python-apt | |
69 | The following NEW packages will be installed: | |
70 | apt | |
71 | 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. | |
72 | After this operation, 5370 kB of additional disk space will be used. | |
73 | WARNING: The following packages cannot be authenticated! | |
74 | apt | |
75 | E: There were unauthenticated packages and -y was used without --allow-unauthenticated' aptget install apt -dy | |
76 | } | |
77 | ||
78 | failaptnew() { | |
79 | testfailureequal 'Reading package lists... | |
80 | Building dependency tree... | |
81 | Suggested packages: | |
82 | aptitude | synaptic | wajig dpkg-dev apt-doc bzip2 lzma python-apt | |
83 | The following NEW packages will be installed: | |
84 | apt | |
85 | 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. | |
86 | After this operation, 5808 kB of additional disk space will be used. | |
87 | WARNING: The following packages cannot be authenticated! | |
88 | apt | |
89 | E: There were unauthenticated packages and -y was used without --allow-unauthenticated' aptget install apt -dy | |
90 | } | |
91 | ||
92 | # fake our downloadable file | |
93 | touch aptarchive/apt.deb | |
94 | ||
95 | PKGFILE="${TESTDIR}/$(echo "$(basename "$0")" | sed 's#^test-#Packages-#')" | |
96 | ||
97 | updatewithwarnings() { | |
98 | testwarning aptget update -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1 | |
99 | testsuccess grep -E "$1" rootdir/tmp/testwarning.output | |
100 | } | |
101 | ||
102 | runtest() { | |
103 | msgmsg 'Cold archive signed by' 'Joe Sixpack' | |
104 | prepare "${PKGFILE}" | |
105 | rm -rf rootdir/var/lib/apt/lists | |
106 | signreleasefiles 'Joe Sixpack' | |
107 | successfulaptgetupdate | |
108 | testsuccessequal "$(cat "${PKGFILE}") | |
109 | " aptcache show apt | |
110 | installaptold | |
111 | ||
112 | msgmsg 'Good warm archive signed by' 'Joe Sixpack' | |
113 | prepare "${PKGFILE}-new" | |
114 | signreleasefiles 'Joe Sixpack' | |
115 | successfulaptgetupdate | |
116 | testsuccessequal "$(cat "${PKGFILE}-new") | |
117 | " aptcache show apt | |
118 | installaptnew | |
119 | ||
120 | msgmsg 'Cold archive signed by' 'Rex Expired' | |
121 | prepare "${PKGFILE}" | |
122 | rm -rf rootdir/var/lib/apt/lists | |
123 | cp keys/rexexpired.pub rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg | |
124 | signreleasefiles 'Rex Expired' | |
125 | updatewithwarnings '^W: .* EXPKEYSIG' | |
126 | testsuccessequal "$(cat "${PKGFILE}") | |
127 | " aptcache show apt | |
128 | failaptold | |
129 | rm -f rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg | |
130 | ||
131 | msgmsg 'Cold archive expired signed by' 'Joe Sixpack' | |
132 | if dpkg --compare-versions "$(aptkey adv --version | head -n 2 | tail -n 1 | cut -d' ' -f 3)" '>=' '2.1' >/dev/null 2>&1; then | |
133 | touch rootdir/etc/apt/apt.conf.d/99gnupg2 | |
134 | elif gpg2 --version >/dev/null 2>&1; then | |
135 | echo 'Apt::Key::gpgcommand "gpg2";' > rootdir/etc/apt/apt.conf.d/99gnupg2 | |
136 | if ! dpkg --compare-versions "$(aptkey adv --version | head -n 2 | tail -n 1 | cut -d' ' -f 3)" '>=' '2.1' >/dev/null 2>&1; then | |
137 | rm rootdir/etc/apt/apt.conf.d/99gnupg2 | |
138 | fi | |
139 | fi | |
140 | if [ -e rootdir/etc/apt/apt.conf.d/99gnupg2 ]; then | |
141 | prepare "${PKGFILE}" | |
142 | rm -rf rootdir/var/lib/apt/lists | |
143 | signreleasefiles 'Joe Sixpack' 'aptarchive' --faked-system-time "20070924T154812" --default-sig-expire 2016-04-01 | |
144 | updatewithwarnings '^W: .* EXPSIG' | |
145 | testsuccessequal "$(cat "${PKGFILE}") | |
146 | " aptcache show apt | |
147 | failaptold | |
148 | rm -f rootdir/etc/apt/apt.conf.d/99gnupg2 | |
149 | else | |
150 | msgskip 'Not a new enough gpg available providing --fake-system-time' | |
151 | fi | |
152 | ||
153 | msgmsg 'Cold archive signed by' 'Joe Sixpack,Marvin Paranoid' | |
154 | prepare "${PKGFILE}" | |
155 | rm -rf rootdir/var/lib/apt/lists | |
156 | signreleasefiles 'Joe Sixpack,Marvin Paranoid' | |
157 | successfulaptgetupdate 'NO_PUBKEY' | |
158 | testsuccessequal "$(cat "${PKGFILE}") | |
159 | " aptcache show apt | |
160 | installaptold | |
161 | ||
162 | msgmsg 'Cold archive signed by' 'Joe Sixpack,Rex Expired' | |
163 | prepare "${PKGFILE}" | |
164 | rm -rf rootdir/var/lib/apt/lists | |
165 | signreleasefiles 'Joe Sixpack,Rex Expired' | |
166 | cp keys/rexexpired.pub rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg | |
167 | successfulaptgetupdate 'EXPKEYSIG' | |
168 | rm -f rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg | |
169 | testsuccessequal "$(cat "${PKGFILE}") | |
170 | " aptcache show apt | |
171 | installaptold | |
172 | ||
173 | msgmsg 'Cold archive signed by' 'Marvin Paranoid' | |
174 | prepare "${PKGFILE}" | |
175 | rm -rf rootdir/var/lib/apt/lists | |
176 | signreleasefiles 'Marvin Paranoid' | |
177 | updatewithwarnings '^W: .* NO_PUBKEY' | |
178 | testsuccessequal "$(cat "${PKGFILE}") | |
179 | " aptcache show apt | |
180 | failaptold | |
181 | ||
182 | msgmsg 'Bad warm archive signed by' 'Joe Sixpack' | |
183 | prepare "${PKGFILE}-new" | |
184 | signreleasefiles 'Joe Sixpack' | |
185 | successfulaptgetupdate | |
186 | testsuccessequal "$(cat "${PKGFILE}-new") | |
187 | " aptcache show apt | |
188 | installaptnew | |
189 | ||
190 | msgmsg 'Cold archive signed by' 'Joe Sixpack' | |
191 | prepare "${PKGFILE}" | |
192 | rm -rf rootdir/var/lib/apt/lists | |
193 | signreleasefiles 'Joe Sixpack' | |
194 | successfulaptgetupdate | |
195 | testsuccessequal "$(cat "${PKGFILE}") | |
196 | " aptcache show apt | |
197 | installaptold | |
198 | ||
199 | msgmsg 'Good warm archive signed by' 'Marvin Paranoid' | |
200 | prepare "${PKGFILE}-new" | |
201 | signreleasefiles 'Marvin Paranoid' | |
202 | updatewithwarnings '^W: .* NO_PUBKEY' | |
203 | testsuccessequal "$(cat "${PKGFILE}") | |
204 | " aptcache show apt | |
205 | installaptold | |
206 | ||
207 | msgmsg 'Good warm archive signed by' 'Rex Expired' | |
208 | prepare "${PKGFILE}-new" | |
209 | cp keys/rexexpired.pub rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg | |
210 | signreleasefiles 'Rex Expired' | |
211 | updatewithwarnings '^W: .* EXPKEYSIG' | |
212 | testsuccessequal "$(cat "${PKGFILE}") | |
213 | " aptcache show apt | |
214 | installaptold | |
215 | rm rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg | |
216 | ||
217 | msgmsg 'Good warm archive signed by' 'Joe Sixpack' | |
218 | prepare "${PKGFILE}-new" | |
219 | signreleasefiles | |
220 | successfulaptgetupdate | |
221 | testsuccessequal "$(cat "${PKGFILE}-new") | |
222 | " aptcache show apt | |
223 | installaptnew | |
224 | ||
225 | msgmsg 'Cold archive signed by good keyring' 'Marvin Paranoid' | |
226 | prepare "${PKGFILE}" | |
227 | rm -rf rootdir/var/lib/apt/lists | |
228 | signreleasefiles 'Marvin Paranoid' | |
229 | local MARVIN="$(readlink -f keys/marvinparanoid.pub)" | |
230 | sed -i "s#^\(deb\(-src\)\?\) #\1 [signed-by=$MARVIN] #" rootdir/etc/apt/sources.list.d/* | |
231 | successfulaptgetupdate | |
232 | testsuccessequal "$(cat "${PKGFILE}") | |
233 | " aptcache show apt | |
234 | installaptold | |
235 | ||
236 | msgmsg 'Cold archive signed by bad keyring' 'Joe Sixpack' | |
237 | rm -rf rootdir/var/lib/apt/lists | |
238 | signreleasefiles 'Joe Sixpack' | |
239 | updatewithwarnings '^W: .* NO_PUBKEY' | |
240 | sed -i "s#^\(deb\(-src\)\?\) \[signed-by=$MARVIN\] #\1 #" rootdir/etc/apt/sources.list.d/* | |
241 | ||
242 | local MARVIN="$(aptkey --keyring $MARVIN finger | grep 'Key fingerprint' | cut -d'=' -f 2 | tr -d ' ')" | |
243 | msgmsg 'Cold archive signed by bad keyid' 'Joe Sixpack' | |
244 | rm -rf rootdir/var/lib/apt/lists | |
245 | signreleasefiles 'Joe Sixpack' | |
246 | sed -i "s#^\(deb\(-src\)\?\) #\1 [signed-by=$MARVIN] #" rootdir/etc/apt/sources.list.d/* | |
247 | updatewithwarnings '^W: .* be verified because the public key is not available: .*' | |
248 | ||
249 | msgmsg 'Cold archive signed by good keyid' 'Marvin Paranoid' | |
250 | rm -rf rootdir/var/lib/apt/lists | |
251 | signreleasefiles 'Marvin Paranoid' | |
252 | cp keys/marvinparanoid.pub rootdir/etc/apt/trusted.gpg.d/marvinparanoid.gpg | |
253 | successfulaptgetupdate | |
254 | testsuccessequal "$(cat "${PKGFILE}") | |
255 | " aptcache show apt | |
256 | installaptold | |
257 | ||
258 | msgmsg 'Cold archive signed by good keyid' 'Marvin Paranoid,Joe Sixpack' | |
259 | rm -rf rootdir/var/lib/apt/lists | |
260 | signreleasefiles 'Marvin Paranoid,Joe Sixpack' | |
261 | successfulaptgetupdate 'NoPubKey: GOODSIG' | |
262 | testsuccessequal "$(cat "${PKGFILE}") | |
263 | " aptcache show apt | |
264 | installaptold | |
265 | ||
266 | local SIXPACK="$(aptkey --keyring keys/joesixpack.pub finger | grep 'Key fingerprint' | cut -d'=' -f 2 | tr -d ' ')" | |
267 | msgmsg 'Cold archive signed by good keyids' 'Joe Sixpack' | |
268 | rm -rf rootdir/var/lib/apt/lists | |
269 | signreleasefiles 'Joe Sixpack' | |
270 | sed -i "s#^\(deb\(-src\)\?\) \[signed-by=$MARVIN\] #\1 [signed-by=${SIXPACK},${MARVIN}] #" rootdir/etc/apt/sources.list.d/* | |
271 | successfulaptgetupdate | |
272 | testsuccessequal "$(cat "${PKGFILE}") | |
273 | " aptcache show apt | |
274 | installaptold | |
275 | ||
276 | local SIXPACK="$(aptkey --keyring keys/joesixpack.pub finger | grep 'Key fingerprint' | cut -d'=' -f 2 | tr -d ' ')" | |
277 | msgmsg 'Cold archive signed by good keyids' 'Joe Sixpack' | |
278 | rm -rf rootdir/var/lib/apt/lists | |
279 | sed -i "s#^\(deb\(-src\)\?\) \[signed-by=${SIXPACK},${MARVIN}\] #\1 [signed-by=${MARVIN},${SIXPACK}] #" rootdir/etc/apt/sources.list.d/* | |
280 | successfulaptgetupdate | |
281 | testsuccessequal "$(cat "${PKGFILE}") | |
282 | " aptcache show apt | |
283 | installaptold | |
284 | rm -f rootdir/etc/apt/trusted.gpg.d/marvinparanoid.gpg | |
285 | sed -i "s#^\(deb\(-src\)\?\) \[signed-by=${MARVIN},${SIXPACK}\] #\1 #" rootdir/etc/apt/sources.list.d/* | |
286 | ||
287 | rm -rf rootdir/var/lib/apt/lists-bak | |
288 | cp -a rootdir/var/lib/apt/lists rootdir/var/lib/apt/lists-bak | |
289 | prepare "${PKGFILE}-new" | |
290 | signreleasefiles 'Joe Sixpack' | |
291 | ||
292 | msgmsg 'Warm archive with signed-by' 'Joe Sixpack' | |
293 | sed -i "/^Valid-Until: / a\ | |
294 | Signed-By: ${SIXPACK}" rootdir/var/lib/apt/lists/*Release | |
295 | touch -d 'now - 1 year' rootdir/var/lib/apt/lists/*Release | |
296 | successfulaptgetupdate | |
297 | testsuccessequal "$(cat "${PKGFILE}-new") | |
298 | " aptcache show apt | |
299 | installaptnew | |
300 | ||
301 | msgmsg 'Warm archive with signed-by' 'Marvin Paranoid' | |
302 | rm -rf rootdir/var/lib/apt/lists | |
303 | cp -a rootdir/var/lib/apt/lists-bak rootdir/var/lib/apt/lists | |
304 | sed -i "/^Valid-Until: / a\ | |
305 | Signed-By: ${MARVIN}" rootdir/var/lib/apt/lists/*Release | |
306 | touch -d 'now - 1 year' rootdir/var/lib/apt/lists/*Release | |
307 | updatewithwarnings 'W: .* public key is not available: GOODSIG' | |
308 | testsuccessequal "$(cat "${PKGFILE}") | |
309 | " aptcache show apt | |
310 | installaptold | |
311 | ||
312 | msgmsg 'Warm archive with outdated signed-by' 'Marvin Paranoid' | |
313 | rm -rf rootdir/var/lib/apt/lists | |
314 | cp -a rootdir/var/lib/apt/lists-bak rootdir/var/lib/apt/lists | |
315 | sed -i "/^Valid-Until: / a\ | |
316 | Valid-Until: $(date -u -d "now - 2min" '+%a, %d %b %Y %H:%M:%S %Z') \\ | |
317 | Signed-By: ${MARVIN}" rootdir/var/lib/apt/lists/*Release | |
318 | touch -d 'now - 1 year' rootdir/var/lib/apt/lists/*Release | |
319 | successfulaptgetupdate | |
320 | testsuccessequal "$(cat "${PKGFILE}-new") | |
321 | " aptcache show apt | |
322 | installaptnew | |
323 | ||
324 | msgmsg 'Warm archive with two signed-bys' 'Joe Sixpack' | |
325 | rm -rf rootdir/var/lib/apt/lists | |
326 | cp -a rootdir/var/lib/apt/lists-bak rootdir/var/lib/apt/lists | |
327 | sed -i "/^Valid-Until: / a\ | |
328 | Signed-By: ${MARVIN} ${MARVIN}, \\ | |
329 | ${SIXPACK}" rootdir/var/lib/apt/lists/*Release | |
330 | touch -d 'now - 1 year' rootdir/var/lib/apt/lists/*Release | |
331 | successfulaptgetupdate | |
332 | testsuccessequal "$(cat "${PKGFILE}-new") | |
333 | " aptcache show apt | |
334 | installaptnew | |
335 | } | |
336 | ||
337 | runtest2() { | |
338 | msgmsg 'Cold archive signed by' 'Joe Sixpack' | |
339 | prepare "${PKGFILE}" | |
340 | rm -rf rootdir/var/lib/apt/lists | |
341 | signreleasefiles 'Joe Sixpack' | |
342 | successfulaptgetupdate | |
343 | ||
344 | # New .deb but now an unsigned archive. For example MITM to circumvent | |
345 | # package verification. | |
346 | msgmsg 'Warm archive signed by' 'nobody' | |
347 | prepare "${PKGFILE}-new" | |
348 | find aptarchive/ \( -name InRelease -o -name Release.gpg \) -delete | |
349 | updatewithwarnings 'W: .* no longer signed.' | |
350 | testsuccessequal "$(cat "${PKGFILE}-new") | |
351 | " aptcache show apt | |
352 | failaptnew | |
353 | ||
354 | # Unsigned archive from the beginning must also be detected. | |
355 | msgmsg 'Cold archive signed by' 'nobody' | |
356 | rm -rf rootdir/var/lib/apt/lists | |
357 | updatewithwarnings 'W: .* is not signed.' | |
358 | testsuccessequal "$(cat "${PKGFILE}-new") | |
359 | " aptcache show apt | |
360 | failaptnew | |
361 | } | |
362 | ||
363 | runtest3() { | |
364 | echo "APT::Hashes::$APT_TESTS_DIGEST_ALGO::$1 \"yes\";" > rootdir/etc/apt/apt.conf.d/truststate | |
365 | msgmsg "Running base test with $1 digest" | |
366 | runtest2 | |
367 | ||
368 | for DELETEFILE in 'InRelease' 'Release.gpg'; do | |
369 | export APT_DONT_SIGN="$DELETEFILE" | |
370 | msgmsg "Running test with deletion of $DELETEFILE and $1 digest" | |
371 | runtest | |
372 | export APT_DONT_SIGN='Release.gpg' | |
373 | done | |
374 | } | |
375 | ||
376 | # diable some protection by default and ensure we still do the verification | |
377 | # correctly | |
378 | cat > rootdir/etc/apt/apt.conf.d/weaken-security <<EOF | |
379 | Acquire::AllowInsecureRepositories "1"; | |
380 | Acquire::AllowDowngradeToInsecureRepositories "1"; | |
381 | EOF | |
382 | # the hash marked as configureable in our gpgv method | |
383 | export APT_TESTS_DIGEST_ALGO='SHA224' | |
384 | ||
385 | successfulaptgetupdate() { | |
386 | testsuccess aptget update -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1 | |
387 | if [ -n "$1" ]; then | |
388 | cp rootdir/tmp/testsuccess.output aptupdate.output | |
389 | testsuccess grep "$1" aptupdate.output | |
390 | fi | |
391 | } | |
392 | runtest3 'Trusted' | |
393 | ||
394 | successfulaptgetupdate() { | |
395 | testwarning aptget update -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1 | |
396 | if [ -n "$1" ]; then | |
397 | testsuccess grep "$1" rootdir/tmp/testwarning.output | |
398 | fi | |
399 | testsuccess grep 'uses weak digest algorithm' rootdir/tmp/testwarning.output | |
400 | } | |
401 | runtest3 'Weak' | |
402 | ||
403 | msgmsg "Running test with apt-untrusted digest" | |
404 | echo "APT::Hashes::$APT_TESTS_DIGEST_ALGO::Untrusted \"yes\";" > rootdir/etc/apt/apt.conf.d/truststate | |
405 | runfailure() { | |
406 | for DELETEFILE in 'InRelease' 'Release.gpg'; do | |
407 | export APT_DONT_SIGN="$DELETEFILE" | |
408 | msgmsg 'Cold archive signed by' 'Joe Sixpack' | |
409 | prepare "${PKGFILE}" | |
410 | rm -rf rootdir/var/lib/apt/lists | |
411 | signreleasefiles 'Joe Sixpack' | |
412 | testfailure aptget update --no-allow-insecure-repositories -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1 | |
413 | testsuccess grep 'The following signatures were invalid' rootdir/tmp/testfailure.output | |
414 | testnopackage 'apt' | |
415 | testwarning aptget update --allow-insecure-repositories -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1 | |
416 | failaptold | |
417 | rm -rf rootdir/var/lib/apt/lists | |
418 | sed -i 's#^deb\(-src\)\? #deb\1 [allow-insecure=yes] #' rootdir/etc/apt/sources.list.d/* | |
419 | testwarning aptget update --no-allow-insecure-repositories -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1 | |
420 | failaptold | |
421 | sed -i 's#^deb\(-src\)\? \[allow-insecure=yes\] #deb\1 #' rootdir/etc/apt/sources.list.d/* | |
422 | ||
423 | msgmsg 'Cold archive signed by' 'Marvin Paranoid' | |
424 | prepare "${PKGFILE}" | |
425 | rm -rf rootdir/var/lib/apt/lists | |
426 | signreleasefiles 'Marvin Paranoid' | |
427 | testfailure aptget update --no-allow-insecure-repositories -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1 | |
428 | testnopackage 'apt' | |
429 | updatewithwarnings '^W: .* NO_PUBKEY' | |
430 | testsuccessequal "$(cat "${PKGFILE}") | |
431 | " aptcache show apt | |
432 | failaptold | |
433 | export APT_DONT_SIGN='Release.gpg' | |
434 | done | |
435 | } | |
436 | runfailure | |
437 | ||
438 | msgmsg "Running test with gpgv-untrusted digest" | |
439 | export APT_TESTS_DIGEST_ALGO='MD5' | |
440 | runfailure |