test/integration/test-apt-update-nofallback

   1 #!/bin/sh
   2 #
   3 # ensure we never fallback from a signed to a unsigned repo
   4 #
   5 # hash checks are done in
   6 #
   7 set -e
   8
   9 simulate_mitm_and_inject_evil_package()
  10 {
  11     rm -f $APTARCHIVE/dists/unstable/InRelease
  12     rm -f $APTARCHIVE/dists/unstable/Release.gpg
  13     inject_evil_package
  14 }
  15
  16 inject_evil_package()
  17 {
  18     cat > $APTARCHIVE/dists/unstable/main/binary-i386/Packages <<EOF
  19 Package: evil
  20 Installed-Size: 29
  21 Maintainer: Joe Sixpack <joe@example.org>
  22 Architecture: all
  23 Version: 1.0
  24 Filename: pool/evil_1.0_all.deb
  25 Size: 1270
  26 Description: an autogenerated evil package
  27 EOF
  28     # avoid ims hit
  29     touch -d '+1hour' aptarchive/dists/unstable/main/binary-i386/Packages
  30 }
  31
  32 assert_update_is_refused_and_last_good_state_used()
  33 {
  34     testequal "E: The repository 'file: unstable Release.gpg' is no longer signed." aptget update -qq
  35
  36     assert_repo_is_intact
  37 }
  38
  39 assert_repo_is_intact()
  40 {
  41     testequal "foo/unstable 2.0 all" apt list -q
  42     testsuccess "" aptget install -y -s foo
  43     testfailure "" aptget install -y evil
  44
  45     LISTDIR=rootdir/var/lib/apt/lists
  46     if ! ( ls $LISTDIR/*InRelease >/dev/null 2>&1 ||
  47             ls $LISTDIR/*Release.gpg >/dev/null 2>&1 ); then
  48         echo "Can not find InRelease/Release.gpg in $(ls $LISTDIR)"
  49         msgfail
  50     fi
  51 }
  52
  53 setupaptarchive_with_lists_clean()
  54 {
  55     setupaptarchive --no-update
  56     rm -f rootdir/var/lib/apt/lists/_*
  57     #rm -rf rootdir/var/lib/apt/lists
  58 }
  59
  60 test_from_inrelease_to_unsigned()
  61 {
  62     # setup archive with InRelease file
  63     setupaptarchive_with_lists_clean
  64     testsuccess aptget update
  65
  66     simulate_mitm_and_inject_evil_package
  67     assert_update_is_refused_and_last_good_state_used
  68 }
  69
  70 test_from_release_gpg_to_unsigned()
  71 {
  72     # setup archive with Release/Release.gpg (but no InRelease)
  73     setupaptarchive_with_lists_clean
  74     rm $APTARCHIVE/dists/unstable/InRelease
  75     testsuccess aptget update
  76
  77     simulate_mitm_and_inject_evil_package
  78     assert_update_is_refused_and_last_good_state_used
  79 }
  80
  81 test_cve_2012_0214()
  82 {
  83     # see https://bugs.launchpad.net/ubuntu/+source/apt/+bug/947108
  84     #
  85     # it was possible to MITM the download so that InRelease/Release.gpg
  86     # are not delivered (404) and a altered Release file was send
  87     #
  88     # apt left the old InRelease file in /var/lib/apt/lists and downloaded
  89     # the unauthenticated Release file too giving the false impression that
  90     # Release was authenticated
  91     #
  92     # Note that this is pretty much impossible nowdays because:
  93     # a) InRelease is left as is, not split to InRelease/Release as it was
  94     #    in the old days
  95     # b) we refuse to go from signed->unsigned
  96     #
  97     # Still worth having a regression test the simulates the condition
  98
  99     # setup archive with InRelease
 100     setupaptarchive_with_lists_clean
 101     testsuccess aptget update
 102
 103     # do what CVE-2012-0214 did
 104     rm $APTARCHIVE/dists/unstable/InRelease
 105     rm $APTARCHIVE/dists/unstable/Release.gpg
 106     inject_evil_package
 107     # build valid Release file
 108     aptftparchive -qq release ./aptarchive > aptarchive/dists/unstable/Release
 109
 110     assert_update_is_refused_and_last_good_state_used
 111
 112     # ensure there is no _Release file downloaded
 113     testfailure ls rootdir/var/lib/apt/lists/*_Release
 114 }
 115
 116 test_subvert_inrelease()
 117 {
 118     # setup archive with InRelease
 119     setupaptarchive_with_lists_clean
 120     testsuccess aptget update
 121
 122     # replace InRelease with something else
 123     mv $APTARCHIVE/dists/unstable/Release $APTARCHIVE/dists/unstable/InRelease
 124
 125     testequal "W: Failed to fetch file:${APTARCHIVE}/dists/unstable/InRelease  Does not start with a cleartext signature
 126
 127 E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq
 128
 129     # ensure we keep the repo
 130     assert_repo_is_intact
 131 }
 132
 133 test_inrelease_to_invalid_inrelease()
 134 {
 135     # setup archive with InRelease
 136     setupaptarchive_with_lists_clean
 137     testsuccess aptget update
 138
 139     # now remove InRelease and subvert Release do no longer verify
 140     sed -i 's/Codename.*/Codename: evil!'/ $APTARCHIVE/dists/unstable/InRelease
 141     inject_evil_package
 142
 143     testequal "W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: file: unstable InRelease: The following signatures were invalid: BADSIG 5A90D141DBAC8DAE Joe Sixpack (APT Testcases Dummy) <joe@example.org>
 144
 145 W: Failed to fetch file:${APTARCHIVE}/dists/unstable/InRelease
 146
 147 W: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq
 148
 149     # ensure we keep the repo
 150     assert_repo_is_intact
 151     testfailure grep "evil" rootdir/var/lib/apt/lists/*InRelease
 152 }
 153
 154 test_release_gpg_to_invalid_release_release_gpg()
 155 {
 156     # setup archive with InRelease
 157     setupaptarchive_with_lists_clean
 158     rm $APTARCHIVE/dists/unstable/InRelease
 159     testsuccess aptget update
 160
 161     # now subvert Release do no longer verify
 162     echo "Some evil data" >>  $APTARCHIVE/dists/unstable/Release
 163     inject_evil_package
 164
 165     testequal "E: The repository 'file: unstable Release.gpg' is no longer signed." aptget update -qq
 166
 167     assert_repo_is_intact
 168     testfailure grep "evil" rootdir/var/lib/apt/lists/*Release
 169 }
 170
 171
 172 TESTDIR=$(readlink -f $(dirname $0))
 173 . $TESTDIR/framework
 174
 175 setupenvironment
 176 configarchitecture "i386"
 177
 178 # a "normal" package with source and binary
 179 buildsimplenativepackage 'foo' 'all' '2.0'
 180
 181 # setup the archive and ensure we have a single package that installs fine
 182 setupaptarchive
 183 APTARCHIVE=$(readlink -f ./aptarchive)
 184 assert_repo_is_intact
 185
 186 # test the various cases where a repo may go from signed->unsigned
 187 msgmsg "test_from_inrelease_to_unsigned"
 188 test_from_inrelease_to_unsigned
 189
 190 msgmsg "test_from_release_gpg_to_unsigned"
 191 test_from_release_gpg_to_unsigned
 192
 193 # ensure we do not regress on CVE-2012-0214
 194 msgmsg "test_cve_2012_0214"
 195 test_cve_2012_0214
 196
 197 # ensure InRelase can not be subverted
 198 msgmsg "test_subvert_inrelease"
 199 test_subvert_inrelease
 200
 201 # ensure we revert to last good state if InRelease does not verify
 202 msgmsg "test_inrelease_to_invalid_inrelease"
 203 test_inrelease_to_invalid_inrelease
 204
 205 # ensure we revert to last good state if Release/Release.gpg does not verify
 206 msgmsg "test_release_gpg_to_invalid_release_release_gpg"
 207 test_release_gpg_to_invalid_release_release_gpg