3 # Ensure that a MITM can not stale the Packages/Sources without
4 # raising a error message. Note that the Release file is protected
5 # via the "Valid-Until" header
9 TESTDIR
="$(readlink -f "$(dirname "$0")")"
10 . "$TESTDIR/framework
"
13 configarchitecture "i386
"
15 insertpackage 'unstable' 'foo' 'i386' '1.0'
17 setupaptarchive --no-update
20 echo "Acquire
::Languages
\"none
\";" > rootdir/etc/apt/apt.conf.d/00nolanguages
21 testsuccess aptget update -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::http=1
22 listcurrentlistsdirectory > lists.before
25 mkdir aptarchive/dists/unstable/main/binary-i386/saved
26 cp -p aptarchive/dists/unstable/main/binary-i386/Packages* \
27 aptarchive/dists/unstable/main/binary-i386/saved
28 insertpackage 'unstable' 'foo' 'i386' '2.0'
29 touch -d '+1 hour' aptarchive/dists/unstable/main/binary-i386/Packages
30 compressfile aptarchive/dists/unstable/main/binary-i386/Packages
31 # ensure that we do not get a I-M-S hit for the Release file
33 generatereleasefiles '+1hour'
36 # but now only deliver the previous Packages file instead of the new one
37 # (simulating a stale attack)
38 cp -p aptarchive/dists/unstable/main/binary-i386/saved/Packages* \
39 aptarchive/dists/unstable/main/binary-i386/
41 # ensure this raises an error
42 testfailuremsg "W
: Failed to fetch http
://localhost
:${APTHTTPPORT}/dists
/unstable
/main
/binary
-i386/Packages.gz Hash Sum mismatch
43 E
: Some index files failed to download. They have been ignored
, or old ones used instead.
" aptget update -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::http=1
44 testfileequal lists.before "$(listcurrentlistsdirectory)"