]> git.saurik.com Git - apt.git/blob - test/integration/test-apt-update-file
trusted=yes sources are secure, we just don't know why
[apt.git] / test / integration / test-apt-update-file
1 #!/bin/sh
2 #
3 # Ensure that we do not modify file:/// uris (regression test for
4 # CVE-2014-0487
5 #
6 set -e
7
8 TESTDIR=$(readlink -f $(dirname $0))
9 . $TESTDIR/framework
10
11 setupenvironment
12 configarchitecture "amd64"
13 configcompression 'bz2' 'gz'
14
15 insertpackage 'unstable' 'foo' 'all' '1.0'
16
17 setupaptarchive --no-update
18
19 # ensure the archive is not writable
20 chmod 550 aptarchive/dists/unstable/main/binary-amd64
21
22 testsuccess aptget update -qq
23 testsuccess aptget update -qq
24 aptget update -qq -o Debug::pkgAcquire::Auth=1 2> output.log
25
26 # ensure that the hash of the uncompressed file was verified even on a local
27 # ims hit
28 canary="SHA512:$(bzcat aptarchive/dists/unstable/main/binary-amd64/Packages.bz2 | sha512sum |cut -f1 -d' ')"
29 grep -q -- "- $canary" output.log
30
31 # foo is still available
32 testsuccess aptget install -s foo
33
34 # the cleanup should still work
35 chmod 750 aptarchive/dists/unstable/main/binary-amd64
36
37