]>
Commit | Line | Data |
---|---|---|
1 | #!/bin/sh | |
2 | set -e | |
3 | ||
4 | TESTDIR=$(readlink -f $(dirname $0)) | |
5 | . $TESTDIR/framework | |
6 | ||
7 | setupenvironment | |
8 | configarchitecture 'i386' | |
9 | ||
10 | insertpackage 'stable' 'good-pkg' 'all' '1.0' | |
11 | ||
12 | setupaptarchive | |
13 | ||
14 | changetowebserver | |
15 | ARCHIVE='http://localhost:8080/' | |
16 | msgtest 'Initial apt-get update should work with' 'InRelease' | |
17 | testsuccess --nomsg aptget update | |
18 | ||
19 | # check that the setup is correct | |
20 | testequal "good-pkg: | |
21 | Installed: (none) | |
22 | Candidate: 1.0 | |
23 | Version table: | |
24 | 1.0 0 | |
25 | 500 ${ARCHIVE} stable/main i386 Packages" aptcache policy good-pkg | |
26 | ||
27 | # now exchange to the Packages file, note that this could be | |
28 | # done via MITM too | |
29 | insertpackage 'stable' 'bad-mitm' 'all' '1.0' | |
30 | ||
31 | # this builds compressed files and a new (unsigned) Release | |
32 | buildaptarchivefromfiles '+1hour' | |
33 | ||
34 | # add a space into the BEGIN PGP SIGNATURE PART/END PGP SIGNATURE part | |
35 | # to trick apt - this is still legal to gpg(v) | |
36 | sed -i '/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ s/^$/ /g' aptarchive/dists/stable/InRelease | |
37 | ||
38 | # we append the (evil unsigned) Release file to the (good signed) InRelease | |
39 | cat aptarchive/dists/stable/Release >> aptarchive/dists/stable/InRelease | |
40 | touch -d '+1hour' aptarchive/dists/stable/InRelease | |
41 | ||
42 | # ensure the update fails | |
43 | # useful for debugging to add "-o Debug::pkgAcquire::auth=true" | |
44 | msgtest 'apt-get update for should fail with the modified' 'InRelease' | |
45 | aptget update 2>&1 | grep -q 'Hash Sum mismatch' > /dev/null && msgpass || msgfail | |
46 | ||
47 | # ensure there is no package | |
48 | testequal 'Reading package lists... | |
49 | Building dependency tree... | |
50 | E: Unable to locate package bad-mitm' aptget install bad-mitm -s | |
51 | ||
52 | # and verify that its not picked up | |
53 | testequal 'N: Unable to locate package bad-mitm' aptcache policy bad-mitm -q=0 | |
54 | ||
55 | # and that the right one is used | |
56 | testequal "good-pkg: | |
57 | Installed: (none) | |
58 | Candidate: 1.0 | |
59 | Version table: | |
60 | 1.0 0 | |
61 | 500 ${ARCHIVE} stable/main i386 Packages" aptcache policy good-pkg |