]> git.saurik.com Git - apt.git/blob - test/integration/test-apt-update-stale
add apt-key support for armored GPG key files (*.asc)
[apt.git] / test / integration / test-apt-update-stale
1 #!/bin/sh
2 #
3 # Ensure that a MITM can not stale the Packages/Sources without
4 # raising a error message. Note that the Release file is protected
5 # via the "Valid-Until" header
6 #
7 set -e
8
9 TESTDIR="$(readlink -f "$(dirname "$0")")"
10 . "$TESTDIR/framework"
11
12 setupenvironment
13 configarchitecture "i386"
14
15 insertpackage 'unstable' 'foo' 'i386' '1.0'
16
17 setupaptarchive --no-update
18 changetowebserver
19
20 echo "Acquire::Languages \"none\";" > rootdir/etc/apt/apt.conf.d/00nolanguages
21 testsuccess aptget update -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::http=1
22 listcurrentlistsdirectory > lists.before
23
24 # insert new version
25 mkdir aptarchive/dists/unstable/main/binary-i386/saved
26 cp -p aptarchive/dists/unstable/main/binary-i386/Packages* \
27 aptarchive/dists/unstable/main/binary-i386/saved
28 insertpackage 'unstable' 'foo' 'i386' '2.0'
29 touch -d '+1 hour' aptarchive/dists/unstable/main/binary-i386/Packages
30 compressfile aptarchive/dists/unstable/main/binary-i386/Packages
31 # ensure that we do not get a I-M-S hit for the Release file
32
33 generatereleasefiles '+1hour'
34 signreleasefiles
35
36 # but now only deliver the previous Packages file instead of the new one
37 # (simulating a stale attack)
38 cp -p aptarchive/dists/unstable/main/binary-i386/saved/Packages* \
39 aptarchive/dists/unstable/main/binary-i386/
40
41 # ensure this raises an error
42 testfailuremsg "E: Failed to fetch http://localhost:${APTHTTPPORT}/dists/unstable/main/binary-i386/Packages.gz Hash Sum mismatch
43 E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::http=1
44 testfileequal lists.before "$(listcurrentlistsdirectory)"