]> git.saurik.com Git - apt.git/blob - test/integration/test-apt-update-nofallback
Merge branch 'debian/sid' into debian/experimental
[apt.git] / test / integration / test-apt-update-nofallback
1 #!/bin/sh
2 #
3 # ensure we never fallback from a signed to a unsigned repo
4 #
5 # hash checks are done in
6 #
7 set -e
8
9 simulate_mitm_and_inject_evil_package()
10 {
11 redatereleasefiles '+1 hour'
12 rm -f $APTARCHIVE/dists/unstable/InRelease
13 rm -f $APTARCHIVE/dists/unstable/Release.gpg
14 inject_evil_package
15 }
16
17 inject_evil_package()
18 {
19 cat > $APTARCHIVE/dists/unstable/main/binary-i386/Packages <<EOF
20 Package: evil
21 Installed-Size: 29
22 Maintainer: Joe Sixpack <joe@example.org>
23 Architecture: all
24 Version: 1.0
25 Filename: pool/evil_1.0_all.deb
26 Size: 1270
27 Description: an autogenerated evil package
28 EOF
29 # avoid ims hit
30 touch -d '+1hour' aptarchive/dists/unstable/main/binary-i386/Packages
31 }
32
33 assert_update_is_refused_and_last_good_state_used()
34 {
35 testfailuremsg "E: The repository 'file: unstable Release' is no longer signed." aptget update
36
37 assert_repo_is_intact
38 }
39
40 assert_repo_is_intact()
41 {
42 testsuccessequal "foo/unstable 2.0 all" apt list -q
43 testsuccess aptget install -y -s foo
44 testfailure aptget install -y evil
45 testsuccess aptget source foo --print-uris
46
47 LISTDIR=rootdir/var/lib/apt/lists
48 if ! ( ls $LISTDIR/*InRelease >/dev/null 2>&1 ||
49 ls $LISTDIR/*Release.gpg >/dev/null 2>&1 ); then
50 echo "Can not find InRelease/Release.gpg in $(ls $LISTDIR)"
51 msgfail
52 fi
53 }
54
55 setupaptarchive_with_lists_clean()
56 {
57 setupaptarchive --no-update
58 rm -rf rootdir/var/lib/apt/lists
59 }
60
61 test_from_inrelease_to_unsigned()
62 {
63 # setup archive with InRelease file
64 setupaptarchive_with_lists_clean
65 testsuccess aptget update
66 listcurrentlistsdirectory > lists.before
67
68 simulate_mitm_and_inject_evil_package
69 assert_update_is_refused_and_last_good_state_used
70 testfileequal lists.before "$(listcurrentlistsdirectory)"
71 }
72
73 test_from_release_gpg_to_unsigned()
74 {
75 # setup archive with Release/Release.gpg (but no InRelease)
76 setupaptarchive_with_lists_clean
77 rm $APTARCHIVE/dists/unstable/InRelease
78 testsuccess aptget update
79 listcurrentlistsdirectory > lists.before
80
81 simulate_mitm_and_inject_evil_package
82 assert_update_is_refused_and_last_good_state_used
83 testfileequal lists.before "$(listcurrentlistsdirectory)"
84 }
85
86 test_from_inrelease_to_unsigned_with_override()
87 {
88 # setup archive with InRelease file
89 setupaptarchive_with_lists_clean
90 # FIXME: is not what the server reported 4104 4106
91 testsuccess aptget update #-o Debug::pkgAcquire::Worker=1
92
93 # simulate moving to a unsigned but otherwise valid repo
94 simulate_mitm_and_inject_evil_package
95 generatereleasefiles
96
97 # and ensure we can update to it (with enough force)
98 testwarning aptget update --allow-insecure-repositories \
99 -o Acquire::AllowDowngradeToInsecureRepositories=1
100 # but that the individual packages are still considered untrusted
101 testfailureequal "WARNING: The following packages cannot be authenticated!
102 evil
103 E: There are problems and -y was used without --force-yes" aptget install -qq -y evil
104 }
105
106 test_cve_2012_0214()
107 {
108 # see https://bugs.launchpad.net/ubuntu/+source/apt/+bug/947108
109 #
110 # it was possible to MITM the download so that InRelease/Release.gpg
111 # are not delivered (404) and a altered Release file was send
112 #
113 # apt left the old InRelease file in /var/lib/apt/lists and downloaded
114 # the unauthenticated Release file too giving the false impression that
115 # Release was authenticated
116 #
117 # Note that this is pretty much impossible nowdays because:
118 # a) InRelease is left as is, not split to InRelease/Release as it was
119 # in the old days
120 # b) we refuse to go from signed->unsigned
121 #
122 # Still worth having a regression test the simulates the condition
123
124 # setup archive with InRelease
125 setupaptarchive_with_lists_clean
126 testsuccess aptget update
127 listcurrentlistsdirectory > lists.before
128
129 # do what CVE-2012-0214 did
130 rm $APTARCHIVE/dists/unstable/InRelease
131 rm $APTARCHIVE/dists/unstable/Release.gpg
132 inject_evil_package
133 # build valid Release file
134 aptftparchive -qq release ./aptarchive > aptarchive/dists/unstable/Release
135
136 assert_update_is_refused_and_last_good_state_used
137 testfileequal lists.before "$(listcurrentlistsdirectory)"
138
139 # ensure there is no _Release file downloaded
140 testfailure ls rootdir/var/lib/apt/lists/*_Release
141 }
142
143 test_subvert_inrelease()
144 {
145 # setup archive with InRelease
146 setupaptarchive_with_lists_clean
147 testsuccess aptget update
148 listcurrentlistsdirectory > lists.before
149
150 # replace InRelease with something else
151 mv $APTARCHIVE/dists/unstable/Release $APTARCHIVE/dists/unstable/InRelease
152
153 testfailureequal "W: Failed to fetch file:${APTARCHIVE}/dists/unstable/InRelease Does not start with a cleartext signature
154
155 E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq
156
157 # ensure we keep the repo
158 testfileequal lists.before "$(listcurrentlistsdirectory)"
159 assert_repo_is_intact
160 }
161
162 test_inrelease_to_invalid_inrelease()
163 {
164 # setup archive with InRelease
165 setupaptarchive_with_lists_clean
166 testsuccess aptget update
167 listcurrentlistsdirectory > lists.before
168
169 # now remove InRelease and subvert Release do no longer verify
170 sed -i 's/Codename.*/Codename: evil!'/ $APTARCHIVE/dists/unstable/InRelease
171 inject_evil_package
172
173 testwarningequal "W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: file: unstable InRelease: The following signatures were invalid: BADSIG 5A90D141DBAC8DAE Joe Sixpack (APT Testcases Dummy) <joe@example.org>
174
175 W: Failed to fetch file:${APTARCHIVE}/dists/unstable/InRelease The following signatures were invalid: BADSIG 5A90D141DBAC8DAE Joe Sixpack (APT Testcases Dummy) <joe@example.org>
176
177 W: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq
178
179 # ensure we keep the repo
180 testfailure grep 'evil' rootdir/var/lib/apt/lists/*InRelease
181 testfileequal lists.before "$(listcurrentlistsdirectory)"
182 assert_repo_is_intact
183 }
184
185 test_release_gpg_to_invalid_release_release_gpg()
186 {
187 # setup archive with InRelease
188 setupaptarchive_with_lists_clean
189 rm $APTARCHIVE/dists/unstable/InRelease
190 testsuccess aptget update
191 listcurrentlistsdirectory > lists.before
192
193 # now subvert Release do no longer verify
194 echo "Some evil data" >> $APTARCHIVE/dists/unstable/Release
195 inject_evil_package
196
197 testwarningequal "W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: file: unstable Release: The following signatures were invalid: BADSIG 5A90D141DBAC8DAE Joe Sixpack (APT Testcases Dummy) <joe@example.org>
198
199 W: Failed to fetch file:${APTARCHIVE}/dists/unstable/Release.gpg The following signatures were invalid: BADSIG 5A90D141DBAC8DAE Joe Sixpack (APT Testcases Dummy) <joe@example.org>
200
201 W: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq
202
203 testfailure grep 'evil' rootdir/var/lib/apt/lists/*Release
204 testfileequal lists.before "$(listcurrentlistsdirectory)"
205 assert_repo_is_intact
206 }
207
208
209 TESTDIR=$(readlink -f $(dirname $0))
210 . $TESTDIR/framework
211
212 setupenvironment
213 configarchitecture "i386"
214
215 # a "normal" package with source and binary
216 buildsimplenativepackage 'foo' 'all' '2.0'
217
218 # setup the archive and ensure we have a single package that installs fine
219 setupaptarchive
220 APTARCHIVE=$(readlink -f ./aptarchive)
221 assert_repo_is_intact
222
223 # test the various cases where a repo may go from signed->unsigned
224 msgmsg "test_from_inrelease_to_unsigned"
225 test_from_inrelease_to_unsigned
226
227 msgmsg "test_from_release_gpg_to_unsigned"
228 test_from_release_gpg_to_unsigned
229
230 # ensure we do not regress on CVE-2012-0214
231 msgmsg "test_cve_2012_0214"
232 test_cve_2012_0214
233
234 # ensure InRelase can not be subverted
235 msgmsg "test_subvert_inrelease"
236 test_subvert_inrelease
237
238 # ensure we revert to last good state if InRelease does not verify
239 msgmsg "test_inrelease_to_invalid_inrelease"
240 test_inrelease_to_invalid_inrelease
241
242 # ensure we revert to last good state if Release/Release.gpg does not verify
243 msgmsg "test_release_gpg_to_invalid_release_release_gpg"
244 test_release_gpg_to_invalid_release_release_gpg
245
246 # ensure we can override the downgrade error
247 msgmsg "test_from_inrelease_to_unsigned_with_override"
248 test_from_inrelease_to_unsigned_with_override