]>
Commit | Line | Data |
---|---|---|
1 | #!/bin/sh | |
2 | # | |
3 | # test that apt-get update is transactional | |
4 | # | |
5 | set -e | |
6 | ||
7 | avoid_ims_hit() { | |
8 | touch -d '+1hour' aptarchive/dists/unstable/main/binary-i386/Packages* | |
9 | touch -d '+1hour' aptarchive/dists/unstable/main/source/Sources* | |
10 | touch -d '+1hour' aptarchive/dists/unstable/*Release* | |
11 | ||
12 | touch -d '-1hour' rootdir/var/lib/apt/lists/* | |
13 | } | |
14 | ||
15 | create_fresh_archive() | |
16 | { | |
17 | rm -rf aptarchive/* | |
18 | rm -f rootdir/var/lib/apt/lists/_* rootdir/var/lib/apt/lists/partial/* | |
19 | ||
20 | insertpackage 'unstable' 'old' 'all' '1.0' | |
21 | ||
22 | setupaptarchive --no-update | |
23 | } | |
24 | ||
25 | add_new_package() { | |
26 | insertpackage "unstable" "new" "all" "1.0" | |
27 | insertsource "unstable" "new" "all" "1.0" | |
28 | ||
29 | setupaptarchive --no-update "$@" | |
30 | } | |
31 | ||
32 | break_repository_sources_index() { | |
33 | printf 'xxx' > $APTARCHIVE/dists/unstable/main/source/Sources | |
34 | compressfile "$APTARCHIVE/dists/unstable/main/source/Sources" "$@" | |
35 | } | |
36 | ||
37 | start_with_good_inrelease() { | |
38 | create_fresh_archive | |
39 | testsuccess aptget update | |
40 | listcurrentlistsdirectory > lists.before | |
41 | testsuccessequal "old/unstable 1.0 all" apt list -q | |
42 | } | |
43 | ||
44 | test_inrelease_to_new_inrelease() { | |
45 | msgmsg 'Test InRelease to new InRelease works fine' | |
46 | start_with_good_inrelease | |
47 | ||
48 | add_new_package '+1hour' | |
49 | testsuccess aptget update -o Debug::Acquire::Transaction=1 | |
50 | testsuccessequal "new/unstable 1.0 all | |
51 | old/unstable 1.0 all" apt list -q | |
52 | } | |
53 | ||
54 | test_inrelease_to_broken_hash_reverts_all() { | |
55 | msgmsg 'Test InRelease to broken InRelease reverts everything' | |
56 | start_with_good_inrelease | |
57 | ||
58 | add_new_package '+1hour' | |
59 | # break the Sources file | |
60 | break_repository_sources_index '+1hour' | |
61 | ||
62 | # test the error condition | |
63 | testfailureequal "W: Failed to fetch file:${APTARCHIVE}/dists/unstable/main/source/Sources.gz Hash Sum mismatch | |
64 | E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq | |
65 | # ensure that the Packages file is also rolled back | |
66 | testfileequal lists.before "$(listcurrentlistsdirectory)" | |
67 | testfailureequal "E: Unable to locate package new" aptget install new -s -qq | |
68 | } | |
69 | ||
70 | test_inrelease_to_valid_release() { | |
71 | msgmsg 'Test InRelease to valid Release' | |
72 | start_with_good_inrelease | |
73 | ||
74 | add_new_package '+1hour' | |
75 | # switch to a unsigned repo now | |
76 | rm $APTARCHIVE/dists/unstable/InRelease | |
77 | rm $APTARCHIVE/dists/unstable/Release.gpg | |
78 | ||
79 | # update fails | |
80 | testfailureequal "E: The repository 'file:${APTARCHIVE} unstable Release' is no longer signed." aptget update -qq | |
81 | ||
82 | # test that security downgrade was not successful | |
83 | testfileequal lists.before "$(listcurrentlistsdirectory)" | |
84 | testsuccess aptget install old -s | |
85 | testfailure aptget install new -s | |
86 | testsuccess ls $ROOTDIR/var/lib/apt/lists/*_InRelease | |
87 | testfailure ls $ROOTDIR/var/lib/apt/lists/*_Release | |
88 | } | |
89 | ||
90 | test_inrelease_to_release_reverts_all() { | |
91 | msgmsg 'Test InRelease to broken Release reverts everything' | |
92 | start_with_good_inrelease | |
93 | ||
94 | # switch to a unsigned repo now | |
95 | add_new_package '+1hour' | |
96 | rm $APTARCHIVE/dists/unstable/InRelease | |
97 | rm $APTARCHIVE/dists/unstable/Release.gpg | |
98 | ||
99 | # break it | |
100 | break_repository_sources_index '+1hour' | |
101 | ||
102 | # ensure error | |
103 | testfailureequal "E: The repository 'file:${APTARCHIVE} unstable Release' is no longer signed." aptget update -qq # -o Debug::acquire::transaction=1 | |
104 | ||
105 | # ensure that the Packages file is also rolled back | |
106 | testfileequal lists.before "$(listcurrentlistsdirectory)" | |
107 | testsuccess aptget install old -s | |
108 | testfailure aptget install new -s | |
109 | testsuccess ls $ROOTDIR/var/lib/apt/lists/*_InRelease | |
110 | testfailure ls $ROOTDIR/var/lib/apt/lists/*_Release | |
111 | } | |
112 | ||
113 | test_unauthenticated_to_invalid_inrelease() { | |
114 | msgmsg 'Test UnAuthenticated to invalid InRelease reverts everything' | |
115 | create_fresh_archive | |
116 | rm $APTARCHIVE/dists/unstable/InRelease | |
117 | rm $APTARCHIVE/dists/unstable/Release.gpg | |
118 | ||
119 | testwarning aptget update --allow-insecure-repositories | |
120 | listcurrentlistsdirectory > lists.before | |
121 | testfailureequal "WARNING: The following packages cannot be authenticated! | |
122 | old | |
123 | E: There were unauthenticated packages and -y was used without --allow-unauthenticated" aptget install -qq -y old | |
124 | ||
125 | # go to authenticated but not correct | |
126 | add_new_package '+1hour' | |
127 | break_repository_sources_index '+1hour' | |
128 | ||
129 | testfailureequal "W: Failed to fetch file:$APTARCHIVE/dists/unstable/main/source/Sources.gz Hash Sum mismatch | |
130 | E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq | |
131 | ||
132 | testfileequal lists.before "$(listcurrentlistsdirectory)" | |
133 | testfailure ls rootdir/var/lib/apt/lists/*_InRelease | |
134 | testfailureequal "WARNING: The following packages cannot be authenticated! | |
135 | old | |
136 | E: There were unauthenticated packages and -y was used without --allow-unauthenticated" aptget install -qq -y old | |
137 | } | |
138 | ||
139 | test_inrelease_to_unauth_inrelease() { | |
140 | msgmsg 'Test InRelease to InRelease without good sig' | |
141 | start_with_good_inrelease | |
142 | ||
143 | signreleasefiles 'Marvin Paranoid' | |
144 | ||
145 | testwarningequal "W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: file:${APTARCHIVE} unstable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E8525D47528144E2 | |
146 | W: Failed to fetch file:$APTARCHIVE/dists/unstable/InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E8525D47528144E2 | |
147 | W: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq | |
148 | ||
149 | testfileequal lists.before "$(listcurrentlistsdirectory)" | |
150 | testsuccess ls rootdir/var/lib/apt/lists/*_InRelease | |
151 | } | |
152 | ||
153 | test_inrelease_to_broken_gzip() { | |
154 | msgmsg "Test InRelease to broken gzip" | |
155 | start_with_good_inrelease | |
156 | ||
157 | break_repository_sources_index '+1hour' | |
158 | generatereleasefiles '+2hours' | |
159 | signreleasefiles | |
160 | ||
161 | # append junk at the end of the compressed file | |
162 | echo "lala" >> $APTARCHIVE/dists/unstable/main/source/Sources.gz | |
163 | touch -d '+2min' $APTARCHIVE/dists/unstable/main/source/Sources.gz | |
164 | # remove uncompressed file to avoid fallback | |
165 | rm $APTARCHIVE/dists/unstable/main/source/Sources | |
166 | ||
167 | testfailure aptget update | |
168 | testsuccess grep 'Hash Sum mismatch' rootdir/tmp/testfailure.output | |
169 | testfileequal lists.before "$(listcurrentlistsdirectory)" | |
170 | } | |
171 | ||
172 | TESTDIR=$(readlink -f $(dirname $0)) | |
173 | . $TESTDIR/framework | |
174 | ||
175 | setupenvironment | |
176 | configarchitecture "i386" | |
177 | ||
178 | # setup the archive and ensure we have a single package that installs fine | |
179 | setupaptarchive | |
180 | APTARCHIVE=$(readlink -f ./aptarchive) | |
181 | ROOTDIR=${TMPWORKINGDIRECTORY}/rootdir | |
182 | APTARCHIVE_LISTS="$(echo $APTARCHIVE | tr "/" "_" )" | |
183 | ||
184 | # test the following cases: | |
185 | # - InRelease -> broken InRelease revert to previous state | |
186 | # - empty lists dir and broken remote leaves nothing on the system | |
187 | # - InRelease -> hashsum mismatch for one file reverts all files to previous state | |
188 | # - Release/Release.gpg -> hashsum mismatch | |
189 | # - InRelease -> Release with hashsum mismatch revert entire state and kills Release | |
190 | # - Release -> InRelease with broken Sig/Hash removes InRelease | |
191 | # going from Release/Release.gpg -> InRelease and vice versa | |
192 | # - unauthenticated -> invalid InRelease | |
193 | ||
194 | # stuff to do: | |
195 | # - ims-hit | |
196 | # - gzip-index tests | |
197 | ||
198 | test_inrelease_to_new_inrelease | |
199 | test_inrelease_to_broken_hash_reverts_all | |
200 | test_inrelease_to_valid_release | |
201 | test_inrelease_to_release_reverts_all | |
202 | test_unauthenticated_to_invalid_inrelease | |
203 | test_inrelease_to_unauth_inrelease | |
204 | test_inrelease_to_broken_gzip |