3 # test that apt-get update is transactional
8 touch -d '+1hour' aptarchive
/dists
/unstable
/main
/binary
-i386/Packages
*
9 touch -d '+1hour' aptarchive
/dists
/unstable
/main
/source
/Sources
*
10 touch -d '+1hour' aptarchive
/dists
/unstable
/*Release
*
12 touch -d '-1hour' rootdir
/var
/lib
/apt
/lists
/*
15 create_fresh_archive
()
18 rm -f rootdir
/var
/lib
/apt
/lists
/_
* rootdir
/var
/lib
/apt
/lists
/partial
/*
20 insertpackage
'unstable' 'old' 'all' '1.0'
22 setupaptarchive
--no-update
26 insertpackage
'unstable' 'new' 'all' '1.0'
27 insertsource
'unstable' 'new' 'all' '1.0'
29 setupaptarchive
--no-update "$@"
32 break_repository_sources_index
() {
33 mv "$APTARCHIVE/dists/unstable/main/source/Sources.gz" "$APTARCHIVE/dists/unstable/main/source/Sources.gz.orig"
34 printf 'xxx' > "$APTARCHIVE/dists/unstable/main/source/Sources"
35 compressfile
"$APTARCHIVE/dists/unstable/main/source/Sources" "$@"
38 start_with_good_inrelease
() {
40 testsuccess aptget update
41 listcurrentlistsdirectory
> lists.before
42 testsuccessequal
'old/unstable 1.0 all' apt list
-qq
45 test_inrelease_to_new_inrelease
() {
46 msgmsg
'Test InRelease to new InRelease works fine'
47 start_with_good_inrelease
49 add_new_package
'+1hour'
50 testsuccess aptget update
-o Debug
::Acquire
::Transaction
=1
51 testsuccessequal
'new/unstable 1.0 all
52 old/unstable 1.0 all' apt list
-qq
55 test_inrelease_to_broken_hash_reverts_all
() {
56 msgmsg
'Test InRelease to broken InRelease reverts everything'
57 start_with_good_inrelease
59 add_new_package
'+1hour'
60 # break the Sources file
61 break_repository_sources_index
'+1hour'
63 # test the error condition
64 testfailureequal
"E: Failed to fetch file:${APTARCHIVE}/dists/unstable/main/source/Sources.gz Hash Sum mismatch
65 Hashes of expected file:
66 - Checksum-FileSize:$(stat -c '%s' 'aptarchive/dists/unstable/main/source/Sources.gz.orig') [weak]
67 - SHA256:$(sha256sum 'aptarchive/dists/unstable/main/source/Sources.gz.orig' | cut -d' ' -f 1)
68 Hashes of received file:
69 - SHA256:$(sha256sum 'aptarchive/dists/unstable/main/source/Sources.gz' | cut -d' ' -f 1)
70 - Checksum-FileSize:$(stat -c '%s' 'aptarchive/dists/unstable/main/source/Sources.gz') [weak]
71 Last modification reported: $(lastmodification 'aptarchive/dists/unstable/main/source/Sources.gz')
72 Release file created at: $(releasefiledate 'aptarchive/dists/unstable/InRelease')
73 E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update
-qq
74 # ensure that the Packages file is also rolled back
75 testfileequal lists.before
"$(listcurrentlistsdirectory)"
76 testfailureequal
"E: Unable to locate package new" aptget
install new
-s -qq
79 test_inrelease_to_valid_release
() {
80 msgmsg
'Test InRelease to valid Release'
81 start_with_good_inrelease
83 add_new_package
'+1hour'
84 # switch to a unsigned repo now
85 rm -f "$APTARCHIVE/dists/unstable/InRelease" "$APTARCHIVE/dists/unstable/Release.gpg"
88 testfailureequal
"E: The repository 'file:${APTARCHIVE} unstable Release' is no longer signed." aptget update
-qq
90 # test that security downgrade was not successful
91 testfileequal lists.before
"$(listcurrentlistsdirectory)"
92 testsuccess aptget
install old
-s
93 testfailure aptget
install new
-s
94 testnotempty
find "${ROOTDIR}/var/lib/apt/lists" -name '*_InRelease'
95 testempty
find "${ROOTDIR}/var/lib/apt/lists" -name '*_Release'
98 test_inrelease_to_release_reverts_all
() {
99 msgmsg
'Test InRelease to broken Release reverts everything'
100 start_with_good_inrelease
102 # switch to a unsigned repo now
103 add_new_package
'+1hour'
104 rm -f "$APTARCHIVE/dists/unstable/InRelease" "$APTARCHIVE/dists/unstable/Release.gpg"
107 break_repository_sources_index
'+1hour'
110 testfailureequal
"E: The repository 'file:${APTARCHIVE} unstable Release' is no longer signed." aptget update
-qq # -o Debug::acquire::transaction=1
112 # ensure that the Packages file is also rolled back
113 testfileequal lists.before
"$(listcurrentlistsdirectory)"
114 testsuccess aptget
install old
-s
115 testfailure aptget
install new
-s
116 testnotempty
find "${ROOTDIR}/var/lib/apt/lists" -name '*_InRelease'
117 testempty
find "${ROOTDIR}/var/lib/apt/lists" -name '*_Release'
120 test_unauthenticated_to_invalid_inrelease
() {
121 msgmsg
'Test UnAuthenticated to invalid InRelease reverts everything'
123 rm -f "$APTARCHIVE/dists/unstable/InRelease" "$APTARCHIVE/dists/unstable/Release.gpg"
125 testwarning aptget update
--allow-insecure-repositories
126 listcurrentlistsdirectory
> lists.before
127 testfailureequal
"WARNING: The following packages cannot be authenticated!
129 E: There were unauthenticated packages and -y was used without --allow-unauthenticated" aptget
install -qq -y old
131 # go to authenticated but not correct
132 add_new_package
'+1hour'
133 break_repository_sources_index
'+1hour'
135 testfailureequal
"E: Failed to fetch file:$APTARCHIVE/dists/unstable/main/source/Sources.gz Hash Sum mismatch
136 Hashes of expected file:
137 - Checksum-FileSize:$(stat -c '%s' 'aptarchive/dists/unstable/main/source/Sources.gz.orig') [weak]
138 - SHA256:$(sha256sum 'aptarchive/dists/unstable/main/source/Sources.gz.orig' | cut -d' ' -f 1)
139 Hashes of received file:
140 - SHA256:$(sha256sum 'aptarchive/dists/unstable/main/source/Sources.gz' | cut -d' ' -f 1)
141 - Checksum-FileSize:$(stat -c '%s' 'aptarchive/dists/unstable/main/source/Sources.gz') [weak]
142 Last modification reported: $(lastmodification 'aptarchive/dists/unstable/main/source/Sources.gz')
143 Release file created at: $(releasefiledate 'aptarchive/dists/unstable/InRelease')
144 E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update
-qq
146 testfileequal lists.before
"$(listcurrentlistsdirectory)"
147 testempty
find "${ROOTDIR}/var/lib/apt/lists" -maxdepth 1 -name '*_InRelease'
148 testfailureequal
"WARNING: The following packages cannot be authenticated!
150 E: There were unauthenticated packages and -y was used without --allow-unauthenticated" aptget
install -qq -y old
153 test_inrelease_to_unauth_inrelease
() {
154 msgmsg
'Test InRelease to InRelease without good sig'
155 start_with_good_inrelease
157 signreleasefiles
'Marvin Paranoid'
159 testwarningequal
"W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: file:${APTARCHIVE} unstable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E8525D47528144E2
160 W: Failed to fetch file:$APTARCHIVE/dists/unstable/InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E8525D47528144E2
161 W: Some index files failed to download. They have been ignored, or old ones used instead." aptget update
-qq
163 testfileequal lists.before
"$(listcurrentlistsdirectory)"
164 testnotempty
find "${ROOTDIR}/var/lib/apt/lists" -name '*_InRelease'
167 test_inrelease_to_broken_gzip
() {
168 msgmsg
"Test InRelease to broken gzip"
169 start_with_good_inrelease
171 break_repository_sources_index
'+1hour'
172 generatereleasefiles
'+2hours'
175 # append junk at the end of the compressed file
176 echo "lala" >> "$APTARCHIVE/dists/unstable/main/source/Sources.gz"
177 touch -d '+2min' "$APTARCHIVE/dists/unstable/main/source/Sources.gz"
178 # remove uncompressed file to avoid fallback
179 rm "$APTARCHIVE/dists/unstable/main/source/Sources"
181 testfailure aptget update
182 testsuccess
grep 'Hash Sum mismatch' rootdir
/tmp
/testfailure.output
183 testfileequal lists.before
"$(listcurrentlistsdirectory)"
186 TESTDIR
="$(readlink -f "$(dirname "$0")")"
187 . "$TESTDIR/framework
"
190 configarchitecture "i386
"
191 export APT_DONT_SIGN='Release.gpg'
193 APTARCHIVE="$(readlink -f ./aptarchive)"
194 ROOTDIR="${TMPWORKINGDIRECTORY}/rootdir
"
195 APTARCHIVE_LISTS="$(echo "$APTARCHIVE" | tr "/" "_" )"
197 # test the following cases:
198 # - InRelease -> broken InRelease revert to previous state
199 # - empty lists dir and broken remote leaves nothing on the system
200 # - InRelease -> hashsum mismatch for one file reverts all files to previous state
201 # - Release/Release.gpg -> hashsum mismatch
202 # - InRelease -> Release with hashsum mismatch revert entire state and kills Release
203 # - Release -> InRelease with broken Sig/Hash removes InRelease
204 # going from Release/Release.gpg -> InRelease and vice versa
205 # - unauthenticated -> invalid InRelease
211 test_inrelease_to_new_inrelease
212 test_inrelease_to_broken_hash_reverts_all
213 test_inrelease_to_valid_release
214 test_inrelease_to_release_reverts_all
215 test_unauthenticated_to_invalid_inrelease
216 test_inrelease_to_unauth_inrelease
217 test_inrelease_to_broken_gzip