]> git.saurik.com Git - apt.git/blob - test/integration/test-ubuntu-bug-1098738-apt-get-source-md5sum
projects / apt.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Do not consider SHA1 usable
[apt.git] / test / integration / test-ubuntu-bug-1098738-apt-get-source-md5sum
1 #!/bin/sh
2 set -e
3
4 TESTDIR="$(readlink -f "$(dirname "$0")")"
5 . "$TESTDIR/framework"
6
7 setupenvironment
8 configarchitecture 'native'
9
10 cat > aptarchive/Sources <<EOF
11 Package: pkg-md5-ok
12 Binary: pkg-md5-ok
13 Version: 1.0
14 Maintainer: Joe Sixpack <joe@example.org>
15 Architecture: all
16 Files:
17 9604ba9427a280db542279d9ed78400b 3 pkg-md5-ok_1.0.dsc
18 db5570bf61464b46e2bde31ed61a7dc6 3 pkg-md5-ok_1.0.tar.gz
19
20 Package: pkg-sha1-ok
21 Binary: pkg-sha1-ok
22 Version: 1.0
23 Maintainer: Joe Sixpack <joe@example.org>
24 Architecture: all
25 Files:
26 324f464e6151a92cf57b26ef95dcfcf2059a8c44 3 pkg-sha1-ok_1.0.dsc
27 680254bad1d7ca0d65ec46aaa315d363abf6a50a 3 pkg-sha1-ok_1.0.tar.gz
28
29 Package: pkg-sha256-ok
30 Binary: pkg-sha256-ok
31 Version: 1.0
32 Maintainer: Joe Sixpack <joe@example.org>
33 Architecture: all
34 Files:
35 9604ba9427a280db542279d9ed78400b 3 pkg-sha256-ok_1.0.dsc
36 db5570bf61464b46e2bde31ed61a7dc6 3 pkg-sha256-ok_1.0.tar.gz
37 Checksums-Sha1:
38 324f464e6151a92cf57b26ef95dcfcf2059a8c44 3 pkg-sha256-ok_1.0.dsc
39 680254bad1d7ca0d65ec46aaa315d363abf6a50a 3 pkg-sha256-ok_1.0.tar.gz
40 Checksums-Sha256:
41 943d3bf22ac661fb0f59bc4ff68cc12b04ff17a838dfcc2537008eb9c7f3770a 3 pkg-sha256-ok_1.0.dsc
42 90aebae315675cbf04612de4f7d5874850f48e0b8dd82becbeaa47ca93f5ebfb 3 pkg-sha256-ok_1.0.tar.gz
43
44 Package: pkg-sha256-bad
45 Binary: pkg-sha256-bad
46 Version: 1.0
47 Maintainer: Joe Sixpack <joe@example.org>
48 Architecture: all
49 Files:
50 9604ba9427a280db542279d9ed78400b 3 pkg-sha256-bad_1.0.dsc
51 db5570bf61464b46e2bde31ed61a7dc6 3 pkg-sha256-bad_1.0.tar.gz
52 Checksums-Sha1:
53 324f464e6151a92cf57b26ef95dcfcf2059a8c44 3 pkg-sha256-bad_1.0.dsc
54 680254bad1d7ca0d65ec46aaa315d363abf6a50a 3 pkg-sha256-bad_1.0.tar.gz
55 Checksums-Sha256:
56 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 3 pkg-sha256-bad_1.0.dsc
57 bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 3 pkg-sha256-bad_1.0.tar.gz
58
59 Package: pkg-md5-bad
60 Binary: pkg-md5-bad
61 Version: 1.0
62 Maintainer: Joe Sixpack <joe@example.org>
63 Architecture: all
64 Files:
65 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 3 pkg-md5-bad_1.0.dsc
66 bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 3 pkg-md5-bad_1.0.tar.gz
67
68 Package: pkg-no-md5
69 Binary: pkg-no-md5
70 Version: 1.0
71 Maintainer: Joe Sixpack <joe@example.org>
72 Architecture: all
73 Checksums-Sha1:
74 324f464e6151a92cf57b26ef95dcfcf2059a8c44 3 pkg-no-md5_1.0.dsc
75 680254bad1d7ca0d65ec46aaa315d363abf6a50a 3 pkg-no-md5_1.0.tar.gz
76 Checksums-Sha256:
77 943d3bf22ac661fb0f59bc4ff68cc12b04ff17a838dfcc2537008eb9c7f3770a 3 pkg-no-md5_1.0.dsc
78 90aebae315675cbf04612de4f7d5874850f48e0b8dd82becbeaa47ca93f5ebfb 3 pkg-no-md5_1.0.tar.gz
79
80 Package: pkg-mixed-ok
81 Binary: pkg-mixed-ok
82 Version: 1.0
83 Maintainer: Joe Sixpack <joe@example.org>
84 Architecture: all
85 Checksums-Sha1:
86 680254bad1d7ca0d65ec46aaa315d363abf6a50a 3 pkg-mixed-ok_1.0.tar.gz
87 Checksums-Sha256:
88 943d3bf22ac661fb0f59bc4ff68cc12b04ff17a838dfcc2537008eb9c7f3770a 3 pkg-mixed-ok_1.0.dsc
89
90 Package: pkg-mixed-sha1-bad
91 Binary: pkg-mixed-sha1-bad
92 Version: 1.0
93 Maintainer: Joe Sixpack <joe@example.org>
94 Architecture: all
95 Checksums-Sha1:
96 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 3 pkg-mixed-sha1-bad_1.0.dsc
97 Checksums-Sha256:
98 90aebae315675cbf04612de4f7d5874850f48e0b8dd82becbeaa47ca93f5ebfb 3 pkg-mixed-sha1-bad_1.0.tar.gz
99
100 Package: pkg-mixed-sha2-bad
101 Binary: pkg-mixed-sha2-bad
102 Version: 1.0
103 Maintainer: Joe Sixpack <joe@example.org>
104 Architecture: all
105 Checksums-Sha1:
106 324f464e6151a92cf57b26ef95dcfcf2059a8c44 3 pkg-mixed-sha2-bad_1.0.dsc
107 Checksums-Sha256:
108 bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 3 pkg-mixed-sha2-bad_1.0.tar.gz
109
110 Package: pkg-md5-disagree
111 Binary: pkg-md5-disagree
112 Version: 1.0
113 Maintainer: Joe Sixpack <joe@example.org>
114 Architecture: all
115 Files:
116 9604ba9427a280db542279d9ed78400b 3 pkg-md5-disagree_1.0.dsc
117 db5570bf61464b46e2bde31ed61a7dc6 3 pkg-md5-disagree_1.0.tar.gz
118 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 3 pkg-md5-disagree_1.0.dsc
119 bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 3 pkg-md5-disagree_1.0.tar.gz
120
121 Package: pkg-md5-agree
122 Binary: pkg-md5-agree
123 Version: 1.0
124 Maintainer: Joe Sixpack <joe@example.org>
125 Architecture: all
126 Files:
127 9604ba9427a280db542279d9ed78400b 3 pkg-md5-agree_1.0.dsc
128 db5570bf61464b46e2bde31ed61a7dc6 3 pkg-md5-agree_1.0.tar.gz
129 db5570bf61464b46e2bde31ed61a7dc6 3 pkg-md5-agree_1.0.tar.gz
130 9604ba9427a280db542279d9ed78400b 3 pkg-md5-agree_1.0.dsc
131
132 Package: pkg-sha256-disagree
133 Binary: pkg-sha256-disagree
134 Version: 1.0
135 Maintainer: Joe Sixpack <joe@example.org>
136 Architecture: all
137 Files:
138 9604ba9427a280db542279d9ed78400b 3 pkg-sha256-disagree_1.0.dsc
139 db5570bf61464b46e2bde31ed61a7dc6 3 pkg-sha256-disagree_1.0.tar.gz
140 Checksums-Sha1:
141 324f464e6151a92cf57b26ef95dcfcf2059a8c44 3 pkg-sha256-disagree_1.0.dsc
142 680254bad1d7ca0d65ec46aaa315d363abf6a50a 3 pkg-sha256-disagree_1.0.tar.gz
143 Checksums-Sha256:
144 943d3bf22ac661fb0f59bc4ff68cc12b04ff17a838dfcc2537008eb9c7f3770a 3 pkg-sha256-disagree_1.0.dsc
145 90aebae315675cbf04612de4f7d5874850f48e0b8dd82becbeaa47ca93f5ebfb 3 pkg-sha256-disagree_1.0.tar.gz
146 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 3 pkg-sha256-disagree_1.0.dsc
147 bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 3 pkg-sha256-disagree_1.0.tar.gz
148 EOF
149
150 # create fetchable files
151 for x in 'pkg-md5-ok' 'pkg-sha1-ok' 'pkg-sha256-ok' 'pkg-sha256-bad' 'pkg-no-md5' \
152 'pkg-mixed-ok' 'pkg-mixed-sha1-bad' 'pkg-mixed-sha2-bad' \
153 'pkg-md5-agree' 'pkg-md5-disagree' 'pkg-sha256-disagree' \
154 'pkg-md5-bad'; do
155 echo -n 'dsc' > aptarchive/${x}_1.0.dsc
156 echo -n 'tar' > aptarchive/${x}_1.0.tar.gz
157 done
158
159 setupaptarchive --no-update
160 changetowebserver
161 testsuccess aptget update
162
163 cd downloaded
164
165 testok() {
166 rm -f ${1}_1.0.dsc ${1}_1.0.tar.gz
167 testsuccessequal "Reading package lists...
168 Need to get 6 B of source archives.
169 Get:1 http://localhost:${APTHTTPPORT} $1 1.0 (dsc) [3 B]
170 Get:2 http://localhost:${APTHTTPPORT} $1 1.0 (tar) [3 B]
171 Download complete and in download only mode" aptget source -d "$@"
172 msgtest 'Files were successfully downloaded for' "$1"
173 testsuccess --nomsg test -e ${1}_1.0.dsc -a -e ${1}_1.0.tar.gz
174 rm -f ${1}_1.0.dsc ${1}_1.0.tar.gz
175 }
176
177 testkeep() {
178 echo -n 'dsc' > ${1}_1.0.dsc
179 echo -n 'tar' > ${1}_1.0.tar.gz
180 testsuccessequal "Reading package lists...
181 Skipping already downloaded file '${1}_1.0.dsc'
182 Skipping already downloaded file '${1}_1.0.tar.gz'
183 Need to get 0 B of source archives.
184 Download complete and in download only mode" aptget source -d "$@"
185 msgtest 'Files already downloaded are kept for' "$1"
186 testsuccess --nomsg test -e ${1}_1.0.dsc -a -e ${1}_1.0.tar.gz
187 rm -f ${1}_1.0.dsc ${1}_1.0.tar.gz
188 }
189
190 testnohash() {
191 #FIXME: Maybe we should fail in this case instead of skipping
192 rm -f ${1}_1.0.dsc ${1}_1.0.tar.gz
193 testsuccessequal "Reading package lists...
194 Skipping download of file '${1}_1.0.dsc' as requested hashsum is not available for authentication
195 Skipping download of file '${1}_1.0.tar.gz' as requested hashsum is not available for authentication
196 Need to get 0 B of source archives.
197 Download complete and in download only mode" aptget source -d "$@"
198 msgtest 'Files are not downloaded for' "$1"
199 testfailure --nomsg test -e ${1}_1.0.dsc -o -e ${1}_1.0.tar.gz
200 }
201
202 testmismatch() {
203 rm -f ${1}_1.0.dsc ${1}_1.0.tar.gz
204 testfailureequal "Reading package lists...
205 Need to get 6 B of source archives.
206 Get:1 http://localhost:${APTHTTPPORT} $1 1.0 (dsc) [3 B]
207 Err:1 http://localhost:${APTHTTPPORT} $1 1.0 (dsc)
208 Hash Sum mismatch
209 Get:2 http://localhost:${APTHTTPPORT} $1 1.0 (tar) [3 B]
210 Err:2 http://localhost:${APTHTTPPORT} $1 1.0 (tar)
211 Hash Sum mismatch
212 E: Failed to fetch http://localhost:${APTHTTPPORT}/${1}_1.0.dsc Hash Sum mismatch
213
214 E: Failed to fetch http://localhost:${APTHTTPPORT}/${1}_1.0.tar.gz Hash Sum mismatch
215
216 E: Failed to fetch some archives." aptget source -d "$@"
217 msgtest 'Files were not download as they have hashsum mismatches for' "$1"
218 testfailure --nomsg test -e ${1}_1.0.dsc -a -e ${1}_1.0.tar.gz
219
220 if [ "$2" != '--allow-unauthenticated' ]; then
221 rm -f ${1}_1.0.dsc ${1}_1.0.tar.gz
222 testsuccessequal "Reading package lists...
223 Skipping download of file '${1}_1.0.dsc' as requested hashsum is not available for authentication
224 Skipping download of file '${1}_1.0.tar.gz' as requested hashsum is not available for authentication
225 Need to get 0 B of source archives.
226 Download complete and in download only mode" aptget source -d "$@" -o Acquire::ForceHash=ROT26
227 msgtest 'Files were not download as hash is unavailable for' "$1"
228 testfailure --nomsg test -e ${1}_1.0.dsc -a -e ${1}_1.0.tar.gz
229 fi
230
231 rm -f ${1}_1.0.dsc ${1}_1.0.tar.gz
232 testsuccessequal "Reading package lists...
233 Need to get 6 B of source archives.
234 Get:1 http://localhost:${APTHTTPPORT} $1 1.0 (dsc) [3 B]
235 Get:2 http://localhost:${APTHTTPPORT} $1 1.0 (tar) [3 B]
236 Download complete and in download only mode" aptget source --allow-unauthenticated -d "$@" -o Acquire::ForceHash=ROT26
237 msgtest 'Files were downloaded unauthenticated as user allowed it' "$1"
238 testsuccess --nomsg test -e ${1}_1.0.dsc -a -e ${1}_1.0.tar.gz
239 }
240
241 testnohash pkg-md5-ok
242 testnohash pkg-sha1-ok
243 testok pkg-sha256-ok
244 testkeep pkg-sha256-ok
245
246 # pkg-sha256-bad has a bad SHA sum, but good MD5 sum. If apt is
247 # checking the best available hash (as it should), this will trigger
248 # a hash mismatch.
249 testmismatch pkg-sha256-bad
250 testok pkg-sha256-bad -o Acquire::ForceHash=MD5Sum
251
252 testnohash pkg-md5-bad
253 testmismatch pkg-md5-bad --allow-unauthenticated
254
255 # not having MD5 sum doesn't mean the file doesn't exist at all …
256 testok pkg-no-md5
257 testok pkg-no-md5 -o Acquire::ForceHash=SHA256
258 testsuccessequal "Reading package lists...
259 Skipping download of file 'pkg-no-md5_1.0.dsc' as requested hashsum is not available for authentication
260 Skipping download of file 'pkg-no-md5_1.0.tar.gz' as requested hashsum is not available for authentication
261 Need to get 0 B of source archives.
262 Download complete and in download only mode" aptget source -d pkg-no-md5 -o Acquire::ForceHash=MD5Sum
263 msgtest 'Files were not download as MD5 is not available for this package' 'pkg-no-md5'
264 testfailure --nomsg test -e pkg-no-md5_1.0.dsc -a -e pkg-no-md5_1.0.tar.gz
265
266 # deal with cases in which we haven't for all files the same checksum type
267 # mostly pathologic as this shouldn't happen, but just to be sure
268 testsuccessequal "Reading package lists...
269 Skipping download of file 'pkg-mixed-ok_1.0.tar.gz' as requested hashsum is not available for authentication
270 Need to get 3 B of source archives.
271 Get:1 http://localhost:${APTHTTPPORT} pkg-mixed-ok 1.0 (dsc) [3 B]
272 Download complete and in download only mode" aptget source -d pkg-mixed-ok
273
274 testsuccessequal "Reading package lists...
275 Skipping download of file 'pkg-mixed-sha1-bad_1.0.dsc' as requested hashsum is not available for authentication
276 Need to get 3 B of source archives.
277 Get:1 http://localhost:${APTHTTPPORT} pkg-mixed-sha1-bad 1.0 (tar) [3 B]
278 Download complete and in download only mode" aptget source -d pkg-mixed-sha1-bad
279 msgtest 'Only tar file is downloaded as the dsc has hashsum mismatch' 'pkg-mixed-sha1-bad'
280 testsuccess --nomsg test ! -e pkg-mixed-sha1-bad_1.0.dsc -a -e pkg-mixed-sha1-bad_1.0.tar.gz
281 testfailureequal "Reading package lists...
282 Skipping download of file 'pkg-mixed-sha2-bad_1.0.dsc' as requested hashsum is not available for authentication
283 Need to get 3 B of source archives.
284 Get:1 http://localhost:${APTHTTPPORT} pkg-mixed-sha2-bad 1.0 (tar) [3 B]
285 Err:1 http://localhost:${APTHTTPPORT} pkg-mixed-sha2-bad 1.0 (tar)
286 Hash Sum mismatch
287 E: Failed to fetch http://localhost:${APTHTTPPORT}/pkg-mixed-sha2-bad_1.0.tar.gz Hash Sum mismatch
288
289 E: Failed to fetch some archives." aptget source -d pkg-mixed-sha2-bad
290
291 # it gets even more pathologic: multiple entries for one file, some even disagreeing!
292 testnohash pkg-md5-agree
293 testfailureequal 'Reading package lists...
294 E: Error parsing checksum in Files of source package pkg-md5-disagree' aptget source -d pkg-md5-disagree
295 testfailureequal 'Reading package lists...
296 E: Error parsing checksum in Checksums-SHA256 of source package pkg-sha256-disagree' aptget source -d pkg-sha256-disagree
APT (for Cydia)