]> git.saurik.com Git - apt.git/blob - test/integration/test-releasefile-verification
* sources.list.5.xml:
[apt.git] / test / integration / test-releasefile-verification
1 #!/bin/sh
2 set -e
3
4 TESTDIR=$(readlink -f $(dirname $0))
5 . $TESTDIR/framework
6
7 setupenvironment
8 configarchitecture "i386"
9
10 buildaptarchive
11 setupflataptarchive
12 changetowebserver
13
14 prepare() {
15 local DATE="${2:-now}"
16 if [ "$DATE" = 'now' -a "$1" = "${PKGFILE}-new" ]; then
17 DATE='now + 6 days'
18 fi
19 for release in $(find rootdir/var/lib/apt/lists 2> /dev/null); do
20 touch -d 'now - 6 hours' $release
21 done
22 aptget clean
23 cp $1 aptarchive/Packages
24 find aptarchive -name 'Release' -delete
25 cat aptarchive/Packages | gzip > aptarchive/Packages.gz
26 cat aptarchive/Packages | bzip2 > aptarchive/Packages.bz2
27 cat aptarchive/Packages | xz --format=lzma > aptarchive/Packages.lzma
28 generatereleasefiles "$DATE"
29 }
30
31 installaptold() {
32 testequal 'Reading package lists...
33 Building dependency tree...
34 Suggested packages:
35 aptitude synaptic wajig dpkg-dev apt-doc bzip2 lzma python-apt
36 The following NEW packages will be installed:
37 apt
38 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
39 After this operation, 5370 kB of additional disk space will be used.
40 Get:1 http://localhost/ apt 0.7.25.3
41 Download complete and in download only mode' aptget install apt -dy
42 }
43
44 installaptnew() {
45 testequal 'Reading package lists...
46 Building dependency tree...
47 Suggested packages:
48 aptitude synaptic wajig dpkg-dev apt-doc bzip2 lzma python-apt
49 The following NEW packages will be installed:
50 apt
51 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
52 After this operation, 5808 kB of additional disk space will be used.
53 Get:1 http://localhost/ apt 0.8.0~pre1
54 Download complete and in download only mode' aptget install apt -dy
55 }
56
57 failaptold() {
58 testequal 'Reading package lists...
59 Building dependency tree...
60 Suggested packages:
61 aptitude synaptic wajig dpkg-dev apt-doc bzip2 lzma python-apt
62 The following NEW packages will be installed:
63 apt
64 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
65 After this operation, 5370 kB of additional disk space will be used.
66 WARNING: The following packages cannot be authenticated!
67 apt
68 E: There are problems and -y was used without --force-yes' aptget install apt -dy
69 }
70
71 failaptnew() {
72 testequal 'Reading package lists...
73 Building dependency tree...
74 Suggested packages:
75 aptitude synaptic wajig dpkg-dev apt-doc bzip2 lzma python-apt
76 The following NEW packages will be installed:
77 apt
78 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
79 After this operation, 5808 kB of additional disk space will be used.
80 WARNING: The following packages cannot be authenticated!
81 apt
82 E: There are problems and -y was used without --force-yes' aptget install apt -dy
83 }
84
85 # fake our downloadable file
86 touch aptarchive/apt.deb
87
88 PKGFILE="${TESTDIR}/$(echo "$(basename $0)" | sed 's#^test-#Packages-#')"
89
90 runtest() {
91 prepare ${PKGFILE}
92 rm -rf rootdir/var/lib/apt/lists
93 signreleasefiles 'Joe Sixpack'
94 find aptarchive/ -name "$DELETEFILE" -delete
95 msgtest 'Cold archive signed by' 'Joe Sixpack'
96 aptget update 2>&1 | grep -E '^(W|E): ' > /dev/null && msgfail || msgpass
97 testequal "$(cat ${PKGFILE})
98 " aptcache show apt
99 installaptold
100
101 prepare ${PKGFILE}-new
102 signreleasefiles 'Joe Sixpack'
103 find aptarchive/ -name "$DELETEFILE" -delete
104 msgtest 'Good warm archive signed by' 'Joe Sixpack'
105 aptget update 2>&1 | grep -E '^(W|E): ' > /dev/null && msgfail || msgpass
106 testequal "$(cat ${PKGFILE}-new)
107 " aptcache show apt
108 installaptnew
109
110
111 prepare ${PKGFILE}
112 rm -rf rootdir/var/lib/apt/lists
113 signreleasefiles 'Marvin Paranoid'
114 find aptarchive/ -name "$DELETEFILE" -delete
115 msgtest 'Cold archive signed by' 'Marvin Paranoid'
116 aptget update 2>&1 | grep -E '^(W|E): ' > /dev/null && msgpass || msgfail
117 testequal "$(cat ${PKGFILE})
118 " aptcache show apt
119 failaptold
120
121 prepare ${PKGFILE}-new
122 # weborf doesn't support If-Range
123 for release in $(find rootdir/var/lib/apt/lists/partial/ -name '*Release'); do
124 rm $release
125 touch $release
126 done
127 signreleasefiles 'Joe Sixpack'
128 find aptarchive/ -name "$DELETEFILE" -delete
129 msgtest 'Bad warm archive signed by' 'Joe Sixpack'
130 aptget update 2>&1 | grep -E '^(W|E): ' > /dev/null && msgfail || msgpass
131 testequal "$(cat ${PKGFILE}-new)
132 " aptcache show apt
133 installaptnew
134
135
136 prepare ${PKGFILE}
137 rm -rf rootdir/var/lib/apt/lists
138 signreleasefiles 'Joe Sixpack'
139 find aptarchive/ -name "$DELETEFILE" -delete
140 msgtest 'Cold archive signed by' 'Joe Sixpack'
141 aptget update 2>&1 | grep -E '^(W|E): ' > /dev/null && msgfail || msgpass
142 testequal "$(cat ${PKGFILE})
143 " aptcache show apt
144 installaptold
145
146 prepare ${PKGFILE}-new
147 signreleasefiles 'Marvin Paranoid'
148 find aptarchive/ -name "$DELETEFILE" -delete
149 msgtest 'Good warm archive signed by' 'Marvin Paranoid'
150 aptget update 2>&1 | grep -E '^(W|E): ' > /dev/null && msgpass || msgfail
151 testequal "$(cat ${PKGFILE})
152 " aptcache show apt
153 installaptold
154 }
155
156 runtest2() {
157 prepare ${PKGFILE}
158 rm -rf rootdir/var/lib/apt/lists
159 signreleasefiles 'Joe Sixpack'
160 msgtest 'Cold archive signed by' 'Joe Sixpack'
161 aptget update 2>&1 | grep -E '^(W|E): ' > /dev/null && msgfail || msgpass
162
163 # New .deb but now an unsigned archive. For example MITM to circumvent
164 # package verification.
165 prepare ${PKGFILE}-new
166 find aptarchive/ -name InRelease -delete
167 find aptarchive/ -name Release.gpg -delete
168 msgtest 'Warm archive signed by' 'nobody'
169 aptget update 2>&1 | grep -E '^(W|E): ' > /dev/null && msgfail || msgpass
170 testequal "$(cat ${PKGFILE}-new)
171 " aptcache show apt
172 failaptnew
173
174 # Unsigned archive from the beginning must also be detected.
175 rm -rf rootdir/var/lib/apt/lists
176 msgtest 'Cold archive signed by' 'nobody'
177 aptget update 2>&1 | grep -E '^(W|E): ' > /dev/null && msgfail || msgpass
178 testequal "$(cat ${PKGFILE}-new)
179 " aptcache show apt
180 failaptnew
181 }
182 runtest2
183
184
185 DELETEFILE="InRelease"
186 runtest
187 DELETEFILE="Release.gpg"
188 runtest