]>
git.saurik.com Git - apt.git/blob - test/integration/test-cve-2013-1051-InRelease-parsing
4 TESTDIR
=$(readlink -f $(dirname $0))
8 configarchitecture
'i386'
10 insertpackage
'stable' 'good-pkg' 'all' '1.0'
15 ARCHIVE
='http://localhost:8080/'
16 msgtest
'Initial apt-get update should work with' 'InRelease'
17 testsuccess
--nomsg aptget update
19 # check that the setup is correct
20 testsuccessequal
"good-pkg:
25 500 ${ARCHIVE} stable/main i386 Packages" aptcache policy good
-pkg
27 # now exchange to the Packages file, note that this could be
29 insertpackage
'stable' 'bad-mitm' 'all' '1.0'
31 # this builds compressed files and a new (unsigned) Release
32 buildaptarchivefromfiles
'+1hour'
34 # add a space into the BEGIN PGP SIGNATURE PART/END PGP SIGNATURE part
35 # to trick apt - this is still legal to gpg(v)
36 sed -i '/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ s/^$/ /g' aptarchive
/dists
/stable
/InRelease
38 # we append the (evil unsigned) Release file to the (good signed) InRelease
39 cat aptarchive
/dists
/stable
/Release
>> aptarchive
/dists
/stable
/InRelease
40 touch -d '+1hour' aptarchive
/dists
/stable
/InRelease
42 # ensure the update fails
43 # useful for debugging to add "-o Debug::pkgAcquire::auth=true"
44 msgtest
'apt-get update for should fail with the modified' 'InRelease'
45 aptget update
2>&1 | grep -E -q '(Writing more data than expected|Hash Sum mismatch)' > /dev
/null
&& msgpass
|| msgfail
47 # ensure there is no package
48 testfailureequal
'Reading package lists...
49 Building dependency tree...
50 E: Unable to locate package bad-mitm' aptget
install bad
-mitm -s
52 # and verify that its not picked up
53 testsuccessequal
'N: Unable to locate package bad-mitm' aptcache policy bad
-mitm -q=0
55 # and that the right one is used
56 testsuccessequal
"good-pkg:
61 500 ${ARCHIVE} stable/main i386 Packages" aptcache policy good
-pkg