]> git.saurik.com Git - apt.git/blob - test/integration/test-releasefile-verification
a9f4b977523d0ba3be51e5b56899e3ccdd547ece
[apt.git] / test / integration / test-releasefile-verification
1 #!/bin/sh
2 set -e
3
4 TESTDIR=$(readlink -f $(dirname $0))
5 . $TESTDIR/framework
6
7 setupenvironment
8 configarchitecture "i386"
9
10 buildaptarchive
11 setupflataptarchive
12 changetowebserver
13
14 prepare() {
15 local DATE="${2:-now}"
16 if [ "$DATE" = 'now' -a "$1" = "${PKGFILE}-new" ]; then
17 DATE='now + 6 days'
18 fi
19 for release in $(find rootdir/var/lib/apt/lists 2> /dev/null); do
20 touch -d 'now - 6 hours' $release
21 done
22 aptget clean
23 cp $1 aptarchive/Packages
24 find aptarchive -name 'Release' -delete
25 compressfile 'aptarchive/Packages'
26 generatereleasefiles "$DATE"
27 }
28
29 installaptold() {
30 testequal 'Reading package lists...
31 Building dependency tree...
32 Suggested packages:
33 aptitude synaptic wajig dpkg-dev apt-doc bzip2 lzma python-apt
34 The following NEW packages will be installed:
35 apt
36 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
37 After this operation, 5370 kB of additional disk space will be used.
38 Get:1 http://localhost:8080/ apt 0.7.25.3
39 Download complete and in download only mode' aptget install apt -dy
40 }
41
42 installaptnew() {
43 testequal 'Reading package lists...
44 Building dependency tree...
45 Suggested packages:
46 aptitude synaptic wajig dpkg-dev apt-doc bzip2 lzma python-apt
47 The following NEW packages will be installed:
48 apt
49 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
50 After this operation, 5808 kB of additional disk space will be used.
51 Get:1 http://localhost:8080/ apt 0.8.0~pre1
52 Download complete and in download only mode' aptget install apt -dy
53 }
54
55 failaptold() {
56 testequal 'Reading package lists...
57 Building dependency tree...
58 Suggested packages:
59 aptitude synaptic wajig dpkg-dev apt-doc bzip2 lzma python-apt
60 The following NEW packages will be installed:
61 apt
62 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
63 After this operation, 5370 kB of additional disk space will be used.
64 WARNING: The following packages cannot be authenticated!
65 apt
66 E: There are problems and -y was used without --force-yes' aptget install apt -dy
67 }
68
69 failaptnew() {
70 testequal 'Reading package lists...
71 Building dependency tree...
72 Suggested packages:
73 aptitude synaptic wajig dpkg-dev apt-doc bzip2 lzma python-apt
74 The following NEW packages will be installed:
75 apt
76 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
77 After this operation, 5808 kB of additional disk space will be used.
78 WARNING: The following packages cannot be authenticated!
79 apt
80 E: There are problems and -y was used without --force-yes' aptget install apt -dy
81 }
82
83 # fake our downloadable file
84 touch aptarchive/apt.deb
85
86 PKGFILE="${TESTDIR}/$(echo "$(basename $0)" | sed 's#^test-#Packages-#')"
87
88 runtest() {
89 prepare ${PKGFILE}
90 rm -rf rootdir/var/lib/apt/lists
91 signreleasefiles 'Joe Sixpack'
92 find aptarchive/ -name "$DELETEFILE" -delete
93 msgtest 'Cold archive signed by' 'Joe Sixpack'
94 aptget update 2>&1 | grep -E '^(W|E): ' > /dev/null && msgfail || msgpass
95 testequal "$(cat ${PKGFILE})
96 " aptcache show apt
97 installaptold
98
99 prepare ${PKGFILE}-new
100 signreleasefiles 'Joe Sixpack'
101 find aptarchive/ -name "$DELETEFILE" -delete
102 msgtest 'Good warm archive signed by' 'Joe Sixpack'
103 aptget update 2>&1 | grep -E '^(W|E): ' > /dev/null && msgfail || msgpass
104 testequal "$(cat ${PKGFILE}-new)
105 " aptcache show apt
106 installaptnew
107
108 prepare ${PKGFILE}
109 rm -rf rootdir/var/lib/apt/lists
110 cp keys/rexexpired.pub rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg
111 signreleasefiles 'Rex Expired'
112 find aptarchive/ -name "$DELETEFILE" -delete
113 msgtest 'Cold archive signed by' 'Rex Expired'
114 aptget update 2>&1 | grep -E '^W: .* KEYEXPIRED' > /dev/null && msgpass || msgfail
115 testequal "$(cat ${PKGFILE})
116 " aptcache show apt
117 failaptold
118 rm rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg
119
120 prepare ${PKGFILE}
121 rm -rf rootdir/var/lib/apt/lists
122 signreleasefiles 'Marvin Paranoid'
123 find aptarchive/ -name "$DELETEFILE" -delete
124 msgtest 'Cold archive signed by' 'Marvin Paranoid'
125 aptget update 2>&1 | grep -E '^W: .* NO_PUBKEY' > /dev/null && msgpass || msgfail
126 testequal "$(cat ${PKGFILE})
127 " aptcache show apt
128 failaptold
129
130 prepare ${PKGFILE}-new
131 # weborf doesn't support If-Range
132 for release in $(find rootdir/var/lib/apt/lists/partial/ -name '*Release'); do
133 rm $release
134 touch $release
135 done
136 signreleasefiles 'Joe Sixpack'
137 find aptarchive/ -name "$DELETEFILE" -delete
138 msgtest 'Bad warm archive signed by' 'Joe Sixpack'
139 aptget update 2>&1 | grep -E '^(W|E): ' > /dev/null && msgfail || msgpass
140 testequal "$(cat ${PKGFILE}-new)
141 " aptcache show apt
142 installaptnew
143
144
145 prepare ${PKGFILE}
146 rm -rf rootdir/var/lib/apt/lists
147 signreleasefiles 'Joe Sixpack'
148 find aptarchive/ -name "$DELETEFILE" -delete
149 msgtest 'Cold archive signed by' 'Joe Sixpack'
150 aptget update 2>&1 | grep -E '^(W|E): ' > /dev/null && msgfail || msgpass
151 testequal "$(cat ${PKGFILE})
152 " aptcache show apt
153 installaptold
154
155 prepare ${PKGFILE}-new
156 signreleasefiles 'Marvin Paranoid'
157 find aptarchive/ -name "$DELETEFILE" -delete
158 msgtest 'Good warm archive signed by' 'Marvin Paranoid'
159 aptget update 2>&1 | grep -E '^W: .* NO_PUBKEY' > /dev/null && msgpass || msgfail
160 testequal "$(cat ${PKGFILE})
161 " aptcache show apt
162 installaptold
163
164 prepare ${PKGFILE}-new
165 cp keys/rexexpired.pub rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg
166 signreleasefiles 'Rex Expired'
167 find aptarchive/ -name "$DELETEFILE" -delete
168 msgtest 'Good warm archive signed by' 'Rex Expired'
169 aptget update 2>&1 | grep -E '^W: .* KEYEXPIRED' > /dev/null && msgpass || msgfail
170 testequal "$(cat ${PKGFILE})
171 " aptcache show apt
172 installaptold
173 rm rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg
174
175 prepare ${PKGFILE}-new
176 signreleasefiles
177 find aptarchive/ -name "$DELETEFILE" -delete
178 msgtest 'Good warm archive signed by' 'Joe Sixpack'
179 aptget update 2>&1 | grep -E '^(W|E): ' > /dev/null && msgfail || msgpass
180 testequal "$(cat ${PKGFILE}-new)
181 " aptcache show apt
182 installaptnew
183 }
184
185 runtest2() {
186 prepare ${PKGFILE}
187 rm -rf rootdir/var/lib/apt/lists
188 signreleasefiles 'Joe Sixpack'
189 msgtest 'Cold archive signed by' 'Joe Sixpack'
190 aptget update 2>&1 | grep -E '^(W|E): ' > /dev/null && msgfail || msgpass
191
192 # New .deb but now an unsigned archive. For example MITM to circumvent
193 # package verification.
194 prepare ${PKGFILE}-new
195 find aptarchive/ -name InRelease -delete
196 find aptarchive/ -name Release.gpg -delete
197 msgtest 'Warm archive signed by' 'nobody'
198 aptget update 2>&1 | grep -E '^(W|E): ' > /dev/null && msgfail || msgpass
199 testequal "$(cat ${PKGFILE}-new)
200 " aptcache show apt
201 failaptnew
202
203 # Unsigned archive from the beginning must also be detected.
204 rm -rf rootdir/var/lib/apt/lists
205 msgtest 'Cold archive signed by' 'nobody'
206 aptget update 2>&1 | grep -E '^(W|E): ' > /dev/null && msgfail || msgpass
207 testequal "$(cat ${PKGFILE}-new)
208 " aptcache show apt
209 failaptnew
210 }
211 runtest2
212
213
214 DELETEFILE="InRelease"
215 runtest
216 DELETEFILE="Release.gpg"
217 runtest