4 TESTDIR
=$(readlink -f $(dirname $0))
8 configarchitecture
"i386"
14 webserverconfig
'aptwebserver::support::range' 'false'
17 local DATE
="${2:-now}"
18 if [ "$DATE" = 'now' ]; then
19 if [ "$1" = "${PKGFILE}-new" ]; then
25 for release
in $(find rootdir/var/lib/apt/lists 2> /dev/null); do
26 touch -d 'now - 1 year' "$release"
29 cp "$1" aptarchive
/Packages
30 find aptarchive
-name 'Release' -delete
31 compressfile
'aptarchive/Packages' "$DATE"
32 generatereleasefiles
"$DATE"
36 testsuccessequal
"Reading package lists...
37 Building dependency tree...
39 aptitude | synaptic | wajig dpkg-dev apt-doc bzip2 lzma python-apt
40 The following NEW packages will be installed:
42 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
43 After this operation, 5370 kB of additional disk space will be used.
44 Get:1 http://localhost:${APTHTTPPORT} apt 0.7.25.3
45 Download complete and in download only mode" aptget
install apt
-dy
49 testsuccessequal
"Reading package lists...
50 Building dependency tree...
52 aptitude | synaptic | wajig dpkg-dev apt-doc bzip2 lzma python-apt
53 The following NEW packages will be installed:
55 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
56 After this operation, 5808 kB of additional disk space will be used.
57 Get:1 http://localhost:${APTHTTPPORT} apt 0.8.0~pre1
58 Download complete and in download only mode" aptget
install apt
-dy
62 testfailureequal
'Reading package lists...
63 Building dependency tree...
65 aptitude | synaptic | wajig dpkg-dev apt-doc bzip2 lzma python-apt
66 The following NEW packages will be installed:
68 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
69 After this operation, 5370 kB of additional disk space will be used.
70 WARNING: The following packages cannot be authenticated!
72 E: There were unauthenticated packages and -y was used without --allow-unauthenticated' aptget
install apt
-dy
76 testfailureequal
'Reading package lists...
77 Building dependency tree...
79 aptitude | synaptic | wajig dpkg-dev apt-doc bzip2 lzma python-apt
80 The following NEW packages will be installed:
82 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
83 After this operation, 5808 kB of additional disk space will be used.
84 WARNING: The following packages cannot be authenticated!
86 E: There were unauthenticated packages and -y was used without --allow-unauthenticated' aptget
install apt
-dy
89 # fake our downloadable file
90 touch aptarchive
/apt.deb
92 PKGFILE
="${TESTDIR}/$(echo "$(basename "$0")" | sed 's#^test-#Packages-#')"
94 updatewithwarnings() {
95 testwarning aptget update -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1
96 testsuccess grep -E "$1" rootdir/tmp/testwarning.output
101 rm -rf rootdir/var/lib/apt/lists
102 signreleasefiles 'Joe Sixpack'
103 find aptarchive/ -name "$DELETEFILE" -delete
104 msgmsg 'Cold archive signed by' 'Joe Sixpack'
105 testsuccess aptget update
106 testsuccessequal "$(cat "${PKGFILE}")
110 prepare "${PKGFILE}-new"
111 signreleasefiles 'Joe Sixpack'
112 find aptarchive/ -name "$DELETEFILE" -delete
113 msgmsg 'Good warm archive signed by' 'Joe Sixpack'
114 testsuccess aptget update
115 testsuccessequal "$(cat "${PKGFILE}-new")
120 rm -rf rootdir/var/lib/apt/lists
121 cp keys/rexexpired.pub rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg
122 signreleasefiles 'Rex Expired'
123 find aptarchive/ -name "$DELETEFILE" -delete
124 msgmsg 'Cold archive signed by' 'Rex Expired'
125 updatewithwarnings '^W: .* KEYEXPIRED'
126 testsuccessequal "$(cat "${PKGFILE}")
129 rm rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg
132 rm -rf rootdir/var/lib/apt/lists
133 signreleasefiles 'Marvin Paranoid'
134 find aptarchive/ -name "$DELETEFILE" -delete
135 msgmsg 'Cold archive signed by' 'Marvin Paranoid'
136 updatewithwarnings '^W: .* NO_PUBKEY'
137 testsuccessequal "$(cat "${PKGFILE}")
141 prepare "${PKGFILE}-new"
142 signreleasefiles 'Joe Sixpack'
143 find aptarchive/ -name "$DELETEFILE" -delete
144 msgmsg 'Bad warm archive signed by' 'Joe Sixpack'
145 testsuccess aptget update
146 testsuccessequal "$(cat "${PKGFILE}-new")
152 rm -rf rootdir/var/lib/apt/lists
153 signreleasefiles 'Joe Sixpack'
154 find aptarchive/ -name "$DELETEFILE" -delete
155 msgmsg 'Cold archive signed by' 'Joe Sixpack'
156 testsuccess aptget update
157 testsuccessequal "$(cat "${PKGFILE}")
161 prepare "${PKGFILE}-new"
162 signreleasefiles 'Marvin Paranoid'
163 find aptarchive/ -name "$DELETEFILE" -delete
164 msgmsg 'Good warm archive signed by' 'Marvin Paranoid'
165 updatewithwarnings '^W: .* NO_PUBKEY'
166 testsuccessequal "$(cat "${PKGFILE}")
170 prepare "${PKGFILE}-new"
171 cp keys/rexexpired.pub rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg
172 signreleasefiles 'Rex Expired'
173 find aptarchive/ -name "$DELETEFILE" -delete
174 msgmsg 'Good warm archive signed by' 'Rex Expired'
175 updatewithwarnings '^W: .* KEYEXPIRED'
176 testsuccessequal "$(cat "${PKGFILE}")
179 rm rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg
181 prepare "${PKGFILE}-new"
183 find aptarchive/ -name "$DELETEFILE" -delete
184 msgmsg 'Good warm archive signed by' 'Joe Sixpack'
185 testsuccess aptget update
186 testsuccessequal "$(cat "${PKGFILE}-new")
191 rm -rf rootdir/var/lib/apt/lists
192 signreleasefiles 'Marvin Paranoid'
193 find aptarchive/ -name "$DELETEFILE" -delete
194 msgmsg 'Cold archive signed by good keyring' 'Marvin Paranoid'
195 local MARVIN="$(readlink -f keys/marvinparanoid.pub)"
196 sed -i "s
#^\(deb\(-src\)\?\) #\1 [signed-by=$MARVIN] #" rootdir/etc/apt/sources.list.d/*
197 testsuccess aptget update
-o Debug
::pkgAcquire
::Worker
=1
198 testsuccessequal
"$(cat "${PKGFILE}")
202 rm -rf rootdir
/var
/lib
/apt
/lists
203 signreleasefiles
'Joe Sixpack'
204 find aptarchive
/ -name "$DELETEFILE" -delete
205 msgmsg
'Cold archive signed by bad keyring' 'Joe Sixpack'
206 updatewithwarnings
'^W: .* NO_PUBKEY'
208 sed -i "s#^\(deb\(-src\)\?\) \[signed-by=$MARVIN\] #\1 #" rootdir
/etc
/apt
/sources.list.d
/*
209 local MARVIN
="$(aptkey --keyring $MARVIN finger | grep 'Key fingerprint' | cut -d'=' -f 2 | tr -d ' ')"
212 rm -rf rootdir
/var
/lib
/apt
/lists
213 signreleasefiles
'Marvin Paranoid'
214 find aptarchive
/ -name "$DELETEFILE" -delete
215 msgmsg
'Cold archive signed by good keyid' 'Marvin Paranoid'
216 sed -i "s#^\(deb\(-src\)\?\) #\1 [signed-by=$MARVIN] #" rootdir
/etc
/apt
/sources.list.d
/*
217 cp keys
/marvinparanoid.pub rootdir
/etc
/apt
/trusted.gpg.d
/marvinparanoid.gpg
218 testsuccess aptget update
-o Debug
::pkgAcquire
::Worker
=1 -o Debug
::Acquire
::gpgv
=1
219 testsuccessequal
"$(cat "${PKGFILE}")
222 rm -f rootdir
/etc
/apt
/trusted.gpg.d
/marvinparanoid.gpg
224 rm -rf rootdir
/var
/lib
/apt
/lists
225 signreleasefiles
'Joe Sixpack'
226 find aptarchive
/ -name "$DELETEFILE" -delete
227 msgmsg
'Cold archive signed by bad keyid' 'Joe Sixpack'
228 updatewithwarnings
'^W: .* be verified because the public key is not available: .*'
230 sed -i "s#^\(deb\(-src\)\?\) \[signed-by=$MARVIN\] #\1 #" rootdir
/etc
/apt
/sources.list.d
/*
235 rm -rf rootdir
/var
/lib
/apt
/lists
236 signreleasefiles
'Joe Sixpack'
237 msgmsg
'Cold archive signed by' 'Joe Sixpack'
238 testsuccess aptget update
240 # New .deb but now an unsigned archive. For example MITM to circumvent
241 # package verification.
242 prepare
"${PKGFILE}-new"
243 find aptarchive
/ -name InRelease
-delete
244 find aptarchive
/ -name Release.gpg
-delete
245 msgmsg
'Warm archive signed by' 'nobody'
246 updatewithwarnings
'W: .* no longer signed.'
247 testsuccessequal
"$(cat "${PKGFILE}-new")
251 # Unsigned archive from the beginning must also be detected.
252 rm -rf rootdir
/var
/lib
/apt
/lists
253 msgmsg
'Cold archive signed by' 'nobody'
254 updatewithwarnings
'W: .* is not signed.'
255 testsuccessequal
"$(cat "${PKGFILE}-new")
260 # diable some protection by default and ensure we still do the verification
262 cat > rootdir
/etc
/apt
/apt.conf.d
/weaken
-security <<EOF
263 Acquire::AllowInsecureRepositories "1";
264 Acquire::AllowDowngradeToInsecureRepositories "1";
267 msgmsg
"Running base test"
270 DELETEFILE
="InRelease"
271 msgmsg
"Running test with deletion of $DELETEFILE"
274 DELETEFILE
="Release.gpg"
275 msgmsg
"Running test with deletion of $DELETEFILE"