]>
Commit | Line | Data |
---|---|---|
1 | #!/bin/sh | |
2 | # | |
3 | # test that apt-get update is transactional | |
4 | # | |
5 | set -e | |
6 | ||
7 | avoid_ims_hit() { | |
8 | touch -d '+1hour' aptarchive/dists/unstable/main/binary-i386/Packages* | |
9 | touch -d '+1hour' aptarchive/dists/unstable/main/source/Sources* | |
10 | touch -d '+1hour' aptarchive/dists/unstable/*Release* | |
11 | ||
12 | touch -d '-1hour' rootdir/var/lib/apt/lists/* | |
13 | } | |
14 | ||
15 | create_fresh_archive() | |
16 | { | |
17 | rm -rf aptarchive/* | |
18 | rm -f rootdir/var/lib/apt/lists/_* rootdir/var/lib/apt/lists/partial/* | |
19 | ||
20 | insertpackage 'unstable' 'old' 'all' '1.0' | |
21 | ||
22 | setupaptarchive --no-update | |
23 | } | |
24 | ||
25 | add_new_package() { | |
26 | insertpackage "unstable" "new" "all" "1.0" | |
27 | insertsource "unstable" "new" "all" "1.0" | |
28 | ||
29 | setupaptarchive --no-update "$@" | |
30 | } | |
31 | ||
32 | break_repository_sources_index() { | |
33 | printf 'xxx' > $APTARCHIVE/dists/unstable/main/source/Sources | |
34 | compressfile "$APTARCHIVE/dists/unstable/main/source/Sources" "$@" | |
35 | } | |
36 | ||
37 | start_with_good_inrelease() { | |
38 | create_fresh_archive | |
39 | testsuccess aptget update | |
40 | listcurrentlistsdirectory > lists.before | |
41 | testsuccessequal "old/unstable 1.0 all" apt list -q | |
42 | } | |
43 | ||
44 | test_inrelease_to_new_inrelease() { | |
45 | msgmsg 'Test InRelease to new InRelease works fine' | |
46 | start_with_good_inrelease | |
47 | ||
48 | add_new_package '+1hour' | |
49 | testsuccess aptget update -o Debug::Acquire::Transaction=1 | |
50 | testsuccessequal "new/unstable 1.0 all | |
51 | old/unstable 1.0 all" apt list -q | |
52 | } | |
53 | ||
54 | test_inrelease_to_broken_hash_reverts_all() { | |
55 | msgmsg 'Test InRelease to broken InRelease reverts everything' | |
56 | start_with_good_inrelease | |
57 | ||
58 | add_new_package '+1hour' | |
59 | # break the Sources file | |
60 | break_repository_sources_index '+1hour' | |
61 | ||
62 | # test the error condition | |
63 | testfailureequal "W: Failed to fetch file:${APTARCHIVE}/dists/unstable/main/source/Sources Hash Sum mismatch | |
64 | ||
65 | E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq | |
66 | # ensure that the Packages file is also rolled back | |
67 | testfileequal lists.before "$(listcurrentlistsdirectory)" | |
68 | testfailureequal "E: Unable to locate package new" aptget install new -s -qq | |
69 | } | |
70 | ||
71 | test_inrelease_to_valid_release() { | |
72 | msgmsg 'Test InRelease to valid Release' | |
73 | start_with_good_inrelease | |
74 | ||
75 | add_new_package '+1hour' | |
76 | # switch to a unsigned repo now | |
77 | rm $APTARCHIVE/dists/unstable/InRelease | |
78 | rm $APTARCHIVE/dists/unstable/Release.gpg | |
79 | ||
80 | # update fails | |
81 | testfailureequal "E: The repository 'file: unstable Release.gpg' is no longer signed." aptget update -qq | |
82 | ||
83 | # test that security downgrade was not successful | |
84 | testfileequal lists.before "$(listcurrentlistsdirectory)" | |
85 | testsuccess aptget install old -s | |
86 | testfailure aptget install new -s | |
87 | testsuccess ls $ROOTDIR/var/lib/apt/lists/*_InRelease | |
88 | testfailure ls $ROOTDIR/var/lib/apt/lists/*_Release | |
89 | } | |
90 | ||
91 | test_inrelease_to_release_reverts_all() { | |
92 | msgmsg 'Test InRelease to broken Release reverts everything' | |
93 | start_with_good_inrelease | |
94 | ||
95 | # switch to a unsigned repo now | |
96 | add_new_package '+1hour' | |
97 | rm $APTARCHIVE/dists/unstable/InRelease | |
98 | rm $APTARCHIVE/dists/unstable/Release.gpg | |
99 | ||
100 | # break it | |
101 | break_repository_sources_index '+1hour' | |
102 | ||
103 | # ensure error | |
104 | testfailureequal "E: The repository 'file: unstable Release.gpg' is no longer signed." aptget update -qq # -o Debug::acquire::transaction=1 | |
105 | ||
106 | # ensure that the Packages file is also rolled back | |
107 | testfileequal lists.before "$(listcurrentlistsdirectory)" | |
108 | testsuccess aptget install old -s | |
109 | testfailure aptget install new -s | |
110 | testsuccess ls $ROOTDIR/var/lib/apt/lists/*_InRelease | |
111 | testfailure ls $ROOTDIR/var/lib/apt/lists/*_Release | |
112 | } | |
113 | ||
114 | test_unauthenticated_to_invalid_inrelease() { | |
115 | msgmsg 'Test UnAuthenticated to invalid InRelease reverts everything' | |
116 | create_fresh_archive | |
117 | rm $APTARCHIVE/dists/unstable/InRelease | |
118 | rm $APTARCHIVE/dists/unstable/Release.gpg | |
119 | ||
120 | testwarning aptget update --allow-insecure-repositories | |
121 | listcurrentlistsdirectory > lists.before | |
122 | testfailureequal "WARNING: The following packages cannot be authenticated! | |
123 | old | |
124 | E: There are problems and -y was used without --force-yes" aptget install -qq -y old | |
125 | ||
126 | # go to authenticated but not correct | |
127 | add_new_package '+1hour' | |
128 | break_repository_sources_index '+1hour' | |
129 | ||
130 | testfailureequal "W: Failed to fetch file:$APTARCHIVE/dists/unstable/main/source/Sources Hash Sum mismatch | |
131 | ||
132 | E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq | |
133 | ||
134 | testfileequal lists.before "$(listcurrentlistsdirectory)" | |
135 | testfailure ls rootdir/var/lib/apt/lists/*_InRelease | |
136 | testfailureequal "WARNING: The following packages cannot be authenticated! | |
137 | old | |
138 | E: There are problems and -y was used without --force-yes" aptget install -qq -y old | |
139 | } | |
140 | ||
141 | test_inrelease_to_unauth_inrelease() { | |
142 | msgmsg 'Test InRelease to InRelease without good sig' | |
143 | start_with_good_inrelease | |
144 | ||
145 | signreleasefiles 'Marvin Paranoid' | |
146 | ||
147 | testwarningequal "W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: file: unstable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E8525D47528144E2 | |
148 | ||
149 | W: Failed to fetch file:$APTARCHIVE/dists/unstable/InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E8525D47528144E2 | |
150 | ||
151 | W: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq | |
152 | ||
153 | testfileequal lists.before "$(listcurrentlistsdirectory)" | |
154 | testsuccess ls rootdir/var/lib/apt/lists/*_InRelease | |
155 | } | |
156 | ||
157 | test_inrelease_to_broken_gzip() { | |
158 | msgmsg "Test InRelease to broken gzip" | |
159 | start_with_good_inrelease | |
160 | ||
161 | # append junk at the end of the compressed file | |
162 | echo "lala" >> $APTARCHIVE/dists/unstable/main/source/Sources.gz | |
163 | touch -d '+2min' $APTARCHIVE/dists/unstable/main/source/Sources.gz | |
164 | # remove uncompressed file to avoid fallback | |
165 | rm $APTARCHIVE/dists/unstable/main/source/Sources | |
166 | ||
167 | testfailure aptget update | |
168 | testfileequal lists.before "$(listcurrentlistsdirectory)" | |
169 | } | |
170 | ||
171 | TESTDIR=$(readlink -f $(dirname $0)) | |
172 | . $TESTDIR/framework | |
173 | ||
174 | setupenvironment | |
175 | configarchitecture "i386" | |
176 | ||
177 | # setup the archive and ensure we have a single package that installs fine | |
178 | setupaptarchive | |
179 | APTARCHIVE=$(readlink -f ./aptarchive) | |
180 | ROOTDIR=${TMPWORKINGDIRECTORY}/rootdir | |
181 | APTARCHIVE_LISTS="$(echo $APTARCHIVE | tr "/" "_" )" | |
182 | ||
183 | # test the following cases: | |
184 | # - InRelease -> broken InRelease revert to previous state | |
185 | # - empty lists dir and broken remote leaves nothing on the system | |
186 | # - InRelease -> hashsum mismatch for one file reverts all files to previous state | |
187 | # - Release/Release.gpg -> hashsum mismatch | |
188 | # - InRelease -> Release with hashsum mismatch revert entire state and kills Release | |
189 | # - Release -> InRelease with broken Sig/Hash removes InRelease | |
190 | # going from Release/Release.gpg -> InRelease and vice versa | |
191 | # - unauthenticated -> invalid InRelease | |
192 | ||
193 | # stuff to do: | |
194 | # - ims-hit | |
195 | # - gzip-index tests | |
196 | ||
197 | test_inrelease_to_new_inrelease | |
198 | test_inrelease_to_broken_hash_reverts_all | |
199 | test_inrelease_to_valid_release | |
200 | test_inrelease_to_release_reverts_all | |
201 | test_unauthenticated_to_invalid_inrelease | |
202 | test_inrelease_to_unauth_inrelease | |
203 | test_inrelease_to_broken_gzip |