test/integration/test-apt-update-rollback

   1 #!/bin/sh
   2 #
   3 # test that apt-get update is transactional
   4 #
   5 set -e
   6
   7 avoid_ims_hit() {
   8     touch -d '+1hour' aptarchive/dists/unstable/main/binary-i386/Packages*
   9     touch -d '+1hour' aptarchive/dists/unstable/main/source/Sources*
  10     touch -d '+1hour' aptarchive/dists/unstable/*Release*
  11
  12     touch -d '-1hour' rootdir/var/lib/apt/lists/*
  13 }
  14
  15 create_fresh_archive()
  16 {
  17     rm -rf aptarchive/*
  18     rm -f rootdir/var/lib/apt/lists/_* rootdir/var/lib/apt/lists/partial/*
  19
  20     insertpackage 'unstable' 'old' 'all' '1.0'
  21
  22     setupaptarchive --no-update
  23 }
  24
  25 add_new_package() {
  26     insertpackage "unstable" "new" "all" "1.0"
  27     insertsource "unstable" "new" "all" "1.0"
  28
  29     setupaptarchive --no-update "$@"
  30 }
  31
  32 break_repository_sources_index() {
  33     printf 'xxx' > $APTARCHIVE/dists/unstable/main/source/Sources
  34     compressfile "$APTARCHIVE/dists/unstable/main/source/Sources" "$@"
  35 }
  36
  37 start_with_good_inrelease() {
  38     create_fresh_archive
  39     testsuccess aptget update
  40     testequal "old/unstable 1.0 all" apt list -q
  41 }
  42
  43 test_inrelease_to_new_inrelease() {
  44     msgmsg 'Test InRelease to new InRelease works fine'
  45     start_with_good_inrelease
  46
  47     add_new_package '+1hour'
  48     testsuccess aptget update -o Debug::Acquire::Transaction=1
  49     testequal "new/unstable 1.0 all
  50 old/unstable 1.0 all" apt list -q
  51 }
  52
  53 test_inrelease_to_broken_hash_reverts_all() {
  54     msgmsg 'Test InRelease to broken InRelease reverts everything'
  55     start_with_good_inrelease
  56
  57     add_new_package '+1hour'
  58     # break the Sources file
  59     break_repository_sources_index '+1hour'
  60
  61     # test the error condition
  62     testequal "W: Failed to fetch file:${APTARCHIVE}/dists/unstable/main/source/Sources  Hash Sum mismatch
  63
  64 E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq
  65     # ensure that the Packages file is also rolled back
  66     testequal "E: Unable to locate package new" aptget install new -s -qq
  67 }
  68
  69 test_inrelease_to_valid_release() {
  70     msgmsg 'Test InRelease to valid Release'
  71     start_with_good_inrelease
  72
  73     add_new_package '+1hour'
  74     # switch to a unsigned repo now
  75     rm $APTARCHIVE/dists/unstable/InRelease
  76     rm $APTARCHIVE/dists/unstable/Release.gpg
  77
  78     # update fails
  79     testequal "E: The repository 'file: unstable Release.gpg' is no longer signed." aptget update -qq
  80
  81     # test that we can install the new packages but do no longer have a sig
  82     testsuccess aptget install old -s
  83     testfailure aptget install new -s
  84     testsuccess ls $ROOTDIR/var/lib/apt/lists/*_InRelease
  85     testfailure ls $ROOTDIR/var/lib/apt/lists/*_Release
  86 }
  87
  88 test_inrelease_to_release_reverts_all() {
  89     msgmsg 'Test InRelease to broken Release reverts everything'
  90     start_with_good_inrelease
  91
  92     # switch to a unsigned repo now
  93     add_new_package '+1hour'
  94     rm $APTARCHIVE/dists/unstable/InRelease
  95     rm $APTARCHIVE/dists/unstable/Release.gpg
  96
  97     # break it
  98     break_repository_sources_index '+1hour'
  99
 100     # ensure error
 101     testequal "E: The repository 'file: unstable Release.gpg' is no longer signed." aptget update -qq # -o Debug::acquire::transaction=1
 102
 103     # ensure that the Packages file is also rolled back
 104     testsuccess aptget install old -s
 105     testfailure aptget install new -s
 106     testsuccess ls $ROOTDIR/var/lib/apt/lists/*_InRelease
 107     testfailure ls $ROOTDIR/var/lib/apt/lists/*_Release
 108 }
 109
 110 test_unauthenticated_to_invalid_inrelease() {
 111     msgmsg 'Test UnAuthenticated to invalid InRelease reverts everything'
 112     create_fresh_archive
 113     rm $APTARCHIVE/dists/unstable/InRelease
 114     rm $APTARCHIVE/dists/unstable/Release.gpg
 115
 116     testsuccess aptget update --allow-insecure-repositories
 117     testequal "WARNING: The following packages cannot be authenticated!
 118   old
 119 E: There are problems and -y was used without --force-yes" aptget install -qq -y old
 120
 121     # go to authenticated but not correct
 122     add_new_package '+1hour'
 123     break_repository_sources_index '+1hour'
 124
 125     testequal "W: Failed to fetch file:$APTARCHIVE/dists/unstable/main/source/Sources  Hash Sum mismatch
 126
 127 E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq
 128
 129     testfailure ls rootdir/var/lib/apt/lists/*_InRelease
 130     testequal "WARNING: The following packages cannot be authenticated!
 131   old
 132 E: There are problems and -y was used without --force-yes" aptget install -qq -y old
 133 }
 134
 135 test_inrelease_to_unauth_inrelease() {
 136     msgmsg 'Test InRelease to InRelease without good sig'
 137     start_with_good_inrelease
 138
 139     signreleasefiles 'Marvin Paranoid' '+1hour'
 140
 141     testequal "W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: file: unstable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E8525D47528144E2
 142
 143 W: Failed to fetch file:$APTARCHIVE/dists/unstable/InRelease  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E8525D47528144E2
 144
 145 W: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq
 146
 147     testsuccess ls rootdir/var/lib/apt/lists/*_InRelease
 148 }
 149
 150 test_inrelease_to_broken_gzip() {
 151     msgmsg "Test InRelease to broken gzip"
 152     start_with_good_inrelease
 153
 154     # append junk at the end of the compressed file
 155     echo "lala" >> $APTARCHIVE/dists/unstable/main/source/Sources.gz
 156     touch -d '+2min' $APTARCHIVE/dists/unstable/main/source/Sources.gz
 157     # remove uncompressed file to avoid fallback
 158     rm $APTARCHIVE/dists/unstable/main/source/Sources
 159
 160     testfailure aptget update
 161 }
 162
 163 TESTDIR=$(readlink -f $(dirname $0))
 164 . $TESTDIR/framework
 165
 166 setupenvironment
 167 configarchitecture "i386"
 168
 169 # setup the archive and ensure we have a single package that installs fine
 170 setupaptarchive
 171 APTARCHIVE=$(readlink -f ./aptarchive)
 172 ROOTDIR=${TMPWORKINGDIRECTORY}/rootdir
 173 APTARCHIVE_LISTS="$(echo $APTARCHIVE | tr "/" "_" )"
 174
 175 # test the following cases:
 176 # - InRelease -> broken InRelease revert to previous state
 177 # - empty lists dir and broken remote leaves nothing on the system
 178 # - InRelease -> hashsum mismatch for one file reverts all files to previous state
 179 # - Release/Release.gpg -> hashsum mismatch
 180 # - InRelease -> Release with hashsum mismatch revert entire state and kills Release
 181 # - Release -> InRelease with broken Sig/Hash removes InRelease
 182 # going from Release/Release.gpg -> InRelease and vice versa
 183 # - unauthenticated -> invalid InRelease
 184
 185 # stuff to do:
 186 # - ims-hit
 187 # - gzip-index tests
 188
 189 test_inrelease_to_new_inrelease
 190 test_inrelease_to_broken_hash_reverts_all
 191 test_inrelease_to_valid_release
 192 test_inrelease_to_release_reverts_all
 193 test_unauthenticated_to_invalid_inrelease
 194 test_inrelease_to_unauth_inrelease
 195 test_inrelease_to_broken_gzip