]> git.saurik.com Git - apt.git/blob - test/integration/test-apt-key-net-update
improve test for #731853 and comments
[apt.git] / test / integration / test-apt-key-net-update
1 #!/bin/sh
2 set -e
3
4 TESTDIR=$(readlink -f $(dirname $0))
5 . $TESTDIR/framework
6
7 setupenvironment
8 configarchitecture "i386"
9
10 # mock
11 requires_root() {
12 return 0
13 }
14
15 # extract net_update() and import it
16 func=$( sed -n -e '/^add_keys_with_verify_against_master_keyring/,/^}/p' ${BUILDDIRECTORY}/apt-key )
17 eval "$func"
18
19 mkdir -p ./etc/apt
20 TRUSTEDFILE=./etc/apt/trusted.gpg
21 mkdir -p ./var/lib/apt/keyrings
22 TMP_KEYRING=./var/lib/apt/keyrings/maybe-import-keyring.gpg
23 GPG_CMD="gpg --ignore-time-conflict --no-options --no-default-keyring"
24 GPG="$GPG_CMD --keyring $TRUSTEDFILE"
25 MASTER_KEYRING=/usr/share/keyrings/ubuntu-master-keyring.gpg
26
27
28 msgtest "add_keys_with_verify_against_master_keyring"
29 if [ ! -e $MASTER_KEYRING ]; then
30 echo -n "No $MASTER_KEYRING found"
31 msgskip
32 exit 0
33 fi
34
35 # test bad keyring and ensure its not added (LP: #857472)
36 ADD_KEYRING=./keys/exploid-keyring-with-dupe-keys.pub
37 if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then
38 msgfail
39 else
40 msgpass
41 fi
42
43 # ensure the keyring is still empty
44 gpg_out=$($GPG --list-keys)
45 msgtest "Test if keyring is empty"
46 if [ -n "" ]; then
47 msgfail
48 else
49 msgpass
50 fi
51
52
53 # test another possible attack vector using subkeys (LP: #1013128)
54 msgtest "add_keys_with_verify_against_master_keyring with subkey attack"
55 ADD_KEYRING=./keys/exploid-keyring-with-dupe-subkeys.pub
56 if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then
57 msgfail
58 else
59 msgpass
60 fi
61
62 # ensure the keyring is still empty
63 gpg_out=$($GPG --list-keys)
64 msgtest "Test if keyring is empty"
65 if [ -n "" ]; then
66 msgfail
67 else
68 msgpass
69 fi
70
71
72 # test good keyring and ensure we get no errors
73 ADD_KEYRING=/usr/share/keyrings/ubuntu-archive-keyring.gpg
74 if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then
75 msgpass
76 else
77 msgfail
78 fi
79
80 testequal './etc/apt/trusted.gpg
81 ---------------------
82 pub 1024D/437D05B5 2004-09-12
83 uid Ubuntu Archive Automatic Signing Key <ftpmaster@ubuntu.com>
84 sub 2048g/79164387 2004-09-12
85
86 pub 1024D/FBB75451 2004-12-30
87 uid Ubuntu CD Image Automatic Signing Key <cdimage@ubuntu.com>
88
89 pub 4096R/C0B21F32 2012-05-11
90 uid Ubuntu Archive Automatic Signing Key (2012) <ftpmaster@ubuntu.com>
91
92 pub 4096R/EFE21092 2012-05-11
93 uid Ubuntu CD Image Automatic Signing Key (2012) <cdimage@ubuntu.com>
94 ' $GPG --list-keys
95