]> git.saurik.com Git - apt.git/blob - test/integration/test-apt-update-rollback
detect Releasefile IMS hits even if the server doesn't
[apt.git] / test / integration / test-apt-update-rollback
1 #!/bin/sh
2 #
3 # test that apt-get update is transactional
4 #
5 set -e
6
7 avoid_ims_hit() {
8 touch -d '+1hour' aptarchive/dists/unstable/main/binary-i386/Packages*
9 touch -d '+1hour' aptarchive/dists/unstable/main/source/Sources*
10 touch -d '+1hour' aptarchive/dists/unstable/*Release*
11
12 touch -d '-1hour' rootdir/var/lib/apt/lists/*
13 }
14
15 create_fresh_archive()
16 {
17 rm -rf aptarchive/*
18 rm -f rootdir/var/lib/apt/lists/_* rootdir/var/lib/apt/lists/partial/*
19
20 insertpackage 'unstable' 'old' 'all' '1.0'
21
22 setupaptarchive --no-update
23 }
24
25 add_new_package() {
26 insertpackage "unstable" "new" "all" "1.0"
27 insertsource "unstable" "new" "all" "1.0"
28
29 setupaptarchive --no-update "$@"
30 }
31
32 break_repository_sources_index() {
33 printf 'xxx' > $APTARCHIVE/dists/unstable/main/source/Sources
34 compressfile "$APTARCHIVE/dists/unstable/main/source/Sources" "$@"
35 }
36
37 start_with_good_inrelease() {
38 create_fresh_archive
39 testsuccess aptget update
40 listcurrentlistsdirectory > lists.before
41 testsuccessequal "old/unstable 1.0 all" apt list -q
42 }
43
44 test_inrelease_to_new_inrelease() {
45 msgmsg 'Test InRelease to new InRelease works fine'
46 start_with_good_inrelease
47
48 add_new_package '+1hour'
49 testsuccess aptget update -o Debug::Acquire::Transaction=1
50 testsuccessequal "new/unstable 1.0 all
51 old/unstable 1.0 all" apt list -q
52 }
53
54 test_inrelease_to_broken_hash_reverts_all() {
55 msgmsg 'Test InRelease to broken InRelease reverts everything'
56 start_with_good_inrelease
57
58 add_new_package '+1hour'
59 # break the Sources file
60 break_repository_sources_index '+1hour'
61
62 # test the error condition
63 testfailureequal "W: Failed to fetch file:${APTARCHIVE}/dists/unstable/main/source/Sources Hash Sum mismatch
64
65 E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq
66 # ensure that the Packages file is also rolled back
67 testfileequal lists.before "$(listcurrentlistsdirectory)"
68 testfailureequal "E: Unable to locate package new" aptget install new -s -qq
69 }
70
71 test_inrelease_to_valid_release() {
72 msgmsg 'Test InRelease to valid Release'
73 start_with_good_inrelease
74
75 add_new_package '+1hour'
76 # switch to a unsigned repo now
77 rm $APTARCHIVE/dists/unstable/InRelease
78 rm $APTARCHIVE/dists/unstable/Release.gpg
79
80 # update fails
81 testfailureequal "E: The repository 'file: unstable Release.gpg' is no longer signed." aptget update -qq
82
83 # test that security downgrade was not successful
84 testfileequal lists.before "$(listcurrentlistsdirectory)"
85 testsuccess aptget install old -s
86 testfailure aptget install new -s
87 testsuccess ls $ROOTDIR/var/lib/apt/lists/*_InRelease
88 testfailure ls $ROOTDIR/var/lib/apt/lists/*_Release
89 }
90
91 test_inrelease_to_release_reverts_all() {
92 msgmsg 'Test InRelease to broken Release reverts everything'
93 start_with_good_inrelease
94
95 # switch to a unsigned repo now
96 add_new_package '+1hour'
97 rm $APTARCHIVE/dists/unstable/InRelease
98 rm $APTARCHIVE/dists/unstable/Release.gpg
99
100 # break it
101 break_repository_sources_index '+1hour'
102
103 # ensure error
104 testfailureequal "E: The repository 'file: unstable Release.gpg' is no longer signed." aptget update -qq # -o Debug::acquire::transaction=1
105
106 # ensure that the Packages file is also rolled back
107 testfileequal lists.before "$(listcurrentlistsdirectory)"
108 testsuccess aptget install old -s
109 testfailure aptget install new -s
110 testsuccess ls $ROOTDIR/var/lib/apt/lists/*_InRelease
111 testfailure ls $ROOTDIR/var/lib/apt/lists/*_Release
112 }
113
114 test_unauthenticated_to_invalid_inrelease() {
115 msgmsg 'Test UnAuthenticated to invalid InRelease reverts everything'
116 create_fresh_archive
117 rm $APTARCHIVE/dists/unstable/InRelease
118 rm $APTARCHIVE/dists/unstable/Release.gpg
119
120 testwarning aptget update --allow-insecure-repositories
121 listcurrentlistsdirectory > lists.before
122 testfailureequal "WARNING: The following packages cannot be authenticated!
123 old
124 E: There are problems and -y was used without --force-yes" aptget install -qq -y old
125
126 # go to authenticated but not correct
127 add_new_package '+1hour'
128 break_repository_sources_index '+1hour'
129
130 testfailureequal "W: Failed to fetch file:$APTARCHIVE/dists/unstable/main/source/Sources Hash Sum mismatch
131
132 E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq
133
134 testfileequal lists.before "$(listcurrentlistsdirectory)"
135 testfailure ls rootdir/var/lib/apt/lists/*_InRelease
136 testfailureequal "WARNING: The following packages cannot be authenticated!
137 old
138 E: There are problems and -y was used without --force-yes" aptget install -qq -y old
139 }
140
141 test_inrelease_to_unauth_inrelease() {
142 msgmsg 'Test InRelease to InRelease without good sig'
143 start_with_good_inrelease
144
145 signreleasefiles 'Marvin Paranoid'
146
147 testwarningequal "W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: file: unstable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E8525D47528144E2
148
149 W: Failed to fetch file:$APTARCHIVE/dists/unstable/InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E8525D47528144E2
150
151 W: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq
152
153 testfileequal lists.before "$(listcurrentlistsdirectory)"
154 testsuccess ls rootdir/var/lib/apt/lists/*_InRelease
155 }
156
157 test_inrelease_to_broken_gzip() {
158 msgmsg "Test InRelease to broken gzip"
159 start_with_good_inrelease
160
161 redatereleasefiles '+2hours'
162 # append junk at the end of the compressed file
163 echo "lala" >> $APTARCHIVE/dists/unstable/main/source/Sources.gz
164 touch -d '+2min' $APTARCHIVE/dists/unstable/main/source/Sources.gz
165 # remove uncompressed file to avoid fallback
166 rm $APTARCHIVE/dists/unstable/main/source/Sources
167
168 testfailure aptget update
169 testfileequal lists.before "$(listcurrentlistsdirectory)"
170 }
171
172 TESTDIR=$(readlink -f $(dirname $0))
173 . $TESTDIR/framework
174
175 setupenvironment
176 configarchitecture "i386"
177
178 # setup the archive and ensure we have a single package that installs fine
179 setupaptarchive
180 APTARCHIVE=$(readlink -f ./aptarchive)
181 ROOTDIR=${TMPWORKINGDIRECTORY}/rootdir
182 APTARCHIVE_LISTS="$(echo $APTARCHIVE | tr "/" "_" )"
183
184 # test the following cases:
185 # - InRelease -> broken InRelease revert to previous state
186 # - empty lists dir and broken remote leaves nothing on the system
187 # - InRelease -> hashsum mismatch for one file reverts all files to previous state
188 # - Release/Release.gpg -> hashsum mismatch
189 # - InRelease -> Release with hashsum mismatch revert entire state and kills Release
190 # - Release -> InRelease with broken Sig/Hash removes InRelease
191 # going from Release/Release.gpg -> InRelease and vice versa
192 # - unauthenticated -> invalid InRelease
193
194 # stuff to do:
195 # - ims-hit
196 # - gzip-index tests
197
198 test_inrelease_to_new_inrelease
199 test_inrelease_to_broken_hash_reverts_all
200 test_inrelease_to_valid_release
201 test_inrelease_to_release_reverts_all
202 test_unauthenticated_to_invalid_inrelease
203 test_inrelease_to_unauth_inrelease
204 test_inrelease_to_broken_gzip