]>
Commit | Line | Data |
---|---|---|
1 | #!/bin/sh | |
2 | set -e | |
3 | ||
4 | TESTDIR=$(readlink -f $(dirname $0)) | |
5 | . $TESTDIR/framework | |
6 | ||
7 | setupenvironment | |
8 | configarchitecture 'i386' | |
9 | ||
10 | insertpackage 'stable' 'good-pkg' 'all' '1.0' | |
11 | ||
12 | setupaptarchive | |
13 | ||
14 | changetowebserver | |
15 | ARCHIVE="http://localhost:${APTHTTPPORT}" | |
16 | msgtest 'Initial apt-get update should work with' 'InRelease' | |
17 | testsuccess --nomsg aptget update | |
18 | ||
19 | # check that the setup is correct | |
20 | testsuccessequal "good-pkg: | |
21 | Installed: (none) | |
22 | Candidate: 1.0 | |
23 | Version table: | |
24 | 1.0 500 | |
25 | 500 ${ARCHIVE} stable/main all Packages" aptcache policy good-pkg | |
26 | ||
27 | # now exchange to the Packages file, note that this could be | |
28 | # done via MITM too | |
29 | insertpackage 'stable' 'bad-mitm' 'all' '1.0' | |
30 | ||
31 | # this builds compressed files and a new (unsigned) Release | |
32 | buildaptarchivefromfiles '+1hour' | |
33 | ||
34 | # add a space into the BEGIN PGP SIGNATURE PART/END PGP SIGNATURE part | |
35 | # to trick apt - this is still legal to gpg(v) | |
36 | sed -i '/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ s/^$/ /g' aptarchive/dists/stable/InRelease | |
37 | ||
38 | # we append the (evil unsigned) Release file to the (good signed) InRelease | |
39 | cat aptarchive/dists/stable/Release >> aptarchive/dists/stable/InRelease | |
40 | touch -d '+1hour' aptarchive/dists/stable/InRelease | |
41 | ||
42 | # ensure the update doesn't load bad data as good data | |
43 | # Note that we will pick up the InRelease itself as we download no other | |
44 | # indexes which would trigger a hashsum mismatch, but we ignore the 'bad' | |
45 | # part of the InRelease | |
46 | listcurrentlistsdirectory | sed '/_InRelease/ d' > listsdir.lst | |
47 | msgtest 'apt-get update should ignore unsigned data in the' 'InRelease' | |
48 | testsuccessequal "Get:1 http://localhost:${APTHTTPPORT} stable InRelease [$(stat -c%s aptarchive/dists/stable/InRelease) B] | |
49 | Reading package lists..." --nomsg aptget update | |
50 | testfileequal './listsdir.lst' "$(listcurrentlistsdirectory | sed '/_InRelease/ d')" | |
51 | ||
52 | # ensure there is no package | |
53 | testfailureequal 'Reading package lists... | |
54 | Building dependency tree... | |
55 | E: Unable to locate package bad-mitm' aptget install bad-mitm -s | |
56 | ||
57 | # and verify that its not picked up | |
58 | testsuccessequal 'N: Unable to locate package bad-mitm' aptcache policy bad-mitm | |
59 | ||
60 | # and that the right one is used | |
61 | testsuccessequal "good-pkg: | |
62 | Installed: (none) | |
63 | Candidate: 1.0 | |
64 | Version table: | |
65 | 1.0 500 | |
66 | 500 ${ARCHIVE} stable/main all Packages" aptcache policy good-pkg |