test/integration/test-apt-update-rollback

   1 #!/bin/sh
   2 #
   3 # test that apt-get update is transactional
   4 #
   5 set -e
   6
   7 avoid_ims_hit() {
   8     touch -d '+1hour' aptarchive/dists/unstable/main/binary-i386/Packages*
   9     touch -d '+1hour' aptarchive/dists/unstable/main/source/Sources*
  10     touch -d '+1hour' aptarchive/dists/unstable/*Release*
  11
  12     touch -d '-1hour' rootdir/var/lib/apt/lists/*
  13 }
  14
  15 create_fresh_archive()
  16 {
  17     rm -rf aptarchive/*
  18     rm -f rootdir/var/lib/apt/lists/_* rootdir/var/lib/apt/lists/partial/*
  19
  20     insertpackage 'unstable' 'old' 'all' '1.0'
  21
  22     setupaptarchive
  23 }
  24
  25 add_new_package() {
  26     insertpackage "unstable" "new" "all" "1.0"
  27     insertsource "unstable" "new" "all" "1.0"
  28
  29     setupaptarchive --no-update
  30
  31     avoid_ims_hit
  32 }
  33
  34 break_repository_sources_index() {
  35     printf "xxx" > $APTARCHIVE/dists/unstable/main/source/Sources
  36     gzip -c $APTARCHIVE/dists/unstable/main/source/Sources > \
  37             $APTARCHIVE/dists/unstable/main/source/Sources.gz
  38     avoid_ims_hit
  39 }
  40
  41 test_inrelease_to_new_inrelease() {
  42     msgmsg "Test InRelease to new InRelease works fine"
  43     create_fresh_archive
  44     testequal "old/unstable 1.0 all" apt list -q
  45
  46     add_new_package
  47
  48     testsuccess aptget update -o Debug::Acquire::Transaction=1
  49
  50     testequal "new/unstable 1.0 all
  51 old/unstable 1.0 all" apt list -q
  52 }
  53
  54 test_inrelease_to_broken_hash_reverts_all() {
  55     msgmsg "Test InRelease to broken InRelease reverts everything"
  56     create_fresh_archive
  57     add_new_package
  58     # break the Sources file
  59     break_repository_sources_index
  60
  61     # test the error condition
  62     testequal "W: Failed to fetch file:${APTARCHIVE}/dists/unstable/main/source/Sources  Hash Sum mismatch
  63
  64 E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq
  65     # ensure that the Packages file is also rolled back
  66     testequal "E: Unable to locate package new" aptget install new -s -qq
  67 }
  68
  69 test_inreleae_to_valid_release() {
  70     msgmsg "Test InRelease to valid Release"
  71     create_fresh_archive
  72     add_new_package
  73     # switch to a unsinged repo now
  74     rm $APTARCHIVE/dists/unstable/InRelease
  75     rm $APTARCHIVE/dists/unstable/Release.gpg
  76     avoid_ims_hit
  77
  78     # update fails
  79     testequal "E: The repository 'file: unstable Release.gpg' is no longer signed." aptget update -qq
  80
  81     # test that we can install the new packages but do no longer have a sig
  82     testsuccess aptget install old -s
  83     testfailure aptget install new -s
  84     testsuccess ls $ROOTDIR/var/lib/apt/lists/*_InRelease
  85     testfailure ls $ROOTDIR/var/lib/apt/lists/*_Release
  86 }
  87
  88 test_inreleae_to_release_reverts_all() {
  89     msgmsg "Test InRelease to broken Release reverts everything"
  90     create_fresh_archive
  91
  92     # switch to a unsinged repo now
  93     add_new_package
  94     rm $APTARCHIVE/dists/unstable/InRelease
  95     rm $APTARCHIVE/dists/unstable/Release.gpg
  96     # break it
  97     break_repository_sources_index
  98
  99     # ensure error
 100     testequal "E: The repository 'file: unstable Release.gpg' is no longer signed." aptget update -qq # -o Debug::acquire::transaction=1
 101
 102     # ensure that the Packages file is also rolled back
 103     testsuccess aptget install old -s
 104     testfailure aptget install new -s
 105     testsuccess ls $ROOTDIR/var/lib/apt/lists/*_InRelease
 106     testfailure ls $ROOTDIR/var/lib/apt/lists/*_Release
 107 }
 108
 109 test_unauthenticated_to_invalid_inrelease() {
 110     msgmsg "Test UnAuthenticated to invalid InRelease reverts everything"
 111     create_fresh_archive
 112     rm -rf rootdir/var/lib/apt/lists/*
 113     rm $APTARCHIVE/dists/unstable/InRelease
 114     rm $APTARCHIVE/dists/unstable/Release.gpg
 115     avoid_ims_hit
 116
 117     testsuccess aptget update -qq
 118     testequal "WARNING: The following packages cannot be authenticated!
 119   old
 120 E: There are problems and -y was used without --force-yes" aptget install -qq -y old
 121
 122     # go to authenticated but not correct
 123     add_new_package
 124     break_repository_sources_index
 125
 126     testequal "W: Failed to fetch file:$APTARCHIVE/dists/unstable/main/source/Sources  Hash Sum mismatch
 127
 128 E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq
 129
 130     testfailure ls rootdir/var/lib/apt/lists/*_InRelease
 131     testequal "WARNING: The following packages cannot be authenticated!
 132   old
 133 E: There are problems and -y was used without --force-yes" aptget install -qq -y old
 134 }
 135
 136 test_inrelease_to_unauth_inrelease() {
 137     msgmsg "Test InRelease to InRelease without sig"
 138     create_fresh_archive
 139     signreleasefiles 'Marvin Paranoid'
 140     avoid_ims_hit
 141
 142     testequal "W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: file: unstable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E8525D47528144E2
 143
 144 W: Failed to fetch file:$APTARCHIVE/dists/unstable/InRelease
 145
 146 W: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq
 147
 148     testsuccess ls rootdir/var/lib/apt/lists/*_InRelease
 149 }
 150
 151 test_inrelease_to_broken_gzip() {
 152     msgmsg "Test InRelease to broken gzip"
 153     create_fresh_archive
 154     # append junk at the end of the gzip, this
 155     echo "lala" >> $APTARCHIVE/dists/unstable/main/source/Sources.gz
 156     # remove uncompressed file, otherwise apt will just fallback fetching
 157     # that
 158     rm $APTARCHIVE/dists/unstable/main/source/Sources
 159     avoid_ims_hit
 160
 161     testfailure aptget update
 162 }
 163
 164 TESTDIR=$(readlink -f $(dirname $0))
 165 . $TESTDIR/framework
 166
 167 setupenvironment
 168 configarchitecture "i386"
 169
 170 # setup the archive and ensure we have a single package that installs fine
 171 setupaptarchive
 172 APTARCHIVE=$(readlink -f ./aptarchive)
 173 ROOTDIR=${TMPWORKINGDIRECTORY}/rootdir
 174 APTARCHIVE_LISTS="$(echo $APTARCHIVE | tr "/" "_" )"
 175
 176 # test the following cases:
 177 # - InRelease -> broken InRelease revert to previous state
 178 # - empty lists dir and broken remote leaves nothing on the system
 179 # - InRelease -> hashsum mismatch for one file reverts all files to previous state
 180 # - Release/Release.gpg -> hashsum mismatch
 181 # - InRelease -> Release with hashsum mismatch revert entire state and kills Release
 182 # - Release -> InRelease with broken Sig/Hash removes InRelease
 183 # going from Release/Release.gpg -> InRelease and vice versa
 184 # - unauthenticated -> invalid InRelease
 185
 186 # stuff to do:
 187 # - ims-hit
 188 # - gzip-index tests
 189
 190 test_inrelease_to_new_inrelease
 191 test_inrelease_to_broken_hash_reverts_all
 192 test_inreleae_to_valid_release
 193 test_inreleae_to_release_reverts_all
 194 test_unauthenticated_to_invalid_inrelease
 195 test_inrelease_to_unauth_inrelease
 196 test_inrelease_to_broken_gzip