]> git.saurik.com Git - apt.git/blob - test/integration/test-apt-update-file
eipp: add Allow-Temporary-Remove-of-Essentials
[apt.git] / test / integration / test-apt-update-file
1 #!/bin/sh
2 #
3 # Ensure that we do not modify file:/// uris (regression test for
4 # CVE-2014-0487
5 #
6 set -e
7
8 TESTDIR="$(readlink -f "$(dirname "$0")")"
9 . "$TESTDIR/framework"
10
11 setupenvironment
12 configarchitecture "amd64"
13 configcompression 'bz2' 'gz'
14 confighashes 'SHA512'
15
16 insertpackage 'unstable' 'foo' 'all' '1'
17 insertpackage 'unstable' 'bar' 'amd64' '1'
18 insertsource 'unstable' 'foo' 'all' '1'
19
20 setupaptarchive --no-update
21
22 # ensure the archive is not writable
23 addtrap 'prefix' 'chmod 755 aptarchive/dists/unstable/main/binary-all;'
24 if [ "$(id -u)" = '0' ]; then
25 # too deep to notice it, but it also unlikely that files in the same repo have different permissions
26 chmod 500 aptarchive/dists/unstable/main/binary-all
27 testfailure aptget update
28 rm -rf rootdir/var/lib/apt/lists
29 chmod 755 aptarchive/dists/unstable/main/binary-all
30 testsuccess aptget update
31 rm -rf rootdir/var/lib/apt/lists
32 chmod 511 aptarchive/dists/
33 testsuccess aptget update
34 rm -rf rootdir/var/lib/apt/lists
35 chmod 510 aptarchive/dists/
36 testsuccesswithnotice aptget update
37 rm -rf rootdir/var/lib/apt/lists
38 chmod 500 aptarchive/dists/
39 testsuccesswithnotice aptget update
40 exit
41 fi
42 chmod 555 aptarchive/dists/unstable/main/binary-all
43 testsuccess aptget update -o Debug::pkgAcquire::Worker=1
44 cp -a rootdir/tmp/testsuccess.output rootdir/tmp/update.output
45 testsuccess grep '%0aAlt-Filename:%20' rootdir/tmp/update.output
46
47 # the release files aren't an IMS-hit, but the indexes are
48 redatereleasefiles '+1 hour'
49
50 # we don't download the index if it isn't updated
51 testsuccess aptget update -o Debug::pkgAcquire::Auth=1
52 # file:/ isn't shown in the log, so see if it was downloaded anyhow
53 cp -a rootdir/tmp/testsuccess.output rootdir/tmp/update.output
54 canary="SHA512:$(bzcat aptarchive/dists/unstable/main/binary-all/Packages.bz2 | sha512sum |cut -f1 -d' ')"
55 testfailure grep -- "$canary" rootdir/tmp/update.output
56
57 testfoo() {
58 # foo is still available
59 testsuccess aptget install -s foo
60 testsuccess aptcache showsrc foo
61 testsuccess aptget source foo --print-uris
62 }
63 testfoo
64
65 # the release file is new again, the index still isn't, but it is somehow gone now from disk
66 redatereleasefiles '+2 hour'
67 find rootdir/var/lib/apt/lists -name '*_Packages*' -delete
68
69 testsuccess aptget update -o Debug::pkgAcquire::Auth=1
70 # file:/ isn't shown in the log, so see if it was downloaded anyhow
71 cp -a rootdir/tmp/testsuccess.output rootdir/tmp/update.output
72 canary="SHA512:$(bzcat aptarchive/dists/unstable/main/binary-all/Packages.bz2 | sha512sum |cut -f1 -d' ')"
73 testsuccess grep -- "$canary" rootdir/tmp/update.output
74
75 testfoo