]> git.saurik.com Git - apt.git/blob - test/integration/test-apt-update-transactions
generalize secure->insecure downgrade protection
[apt.git] / test / integration / test-apt-update-transactions
1 #!/bin/sh
2 set -e
3
4 # ensure that an update will only succeed entirely or not at all
5
6 TESTDIR="$(readlink -f "$(dirname "$0")")"
7 . "$TESTDIR/framework"
8
9 setupenvironment
10 configarchitecture 'i386'
11 configcompression '.' 'gz'
12
13 insertpackage 'unstable' 'foo' 'i386' '1.0'
14 insertsource 'unstable' 'foo' 'i386' '1.0'
15
16 setupaptarchive --no-update
17
18 breakfile() {
19 mv "${1}" "${1}.bak"
20 mv "${1}.gz" "${1}.gz.bak"
21 cat > "$1" <<EOF
22 Package: bar
23 EOF
24 compressfile "$1"
25 }
26 restorefile() {
27 mv "${1}.bak" "$1"
28 mv "${1}.gz.bak" "${1}.gz"
29 }
30
31 testrun() {
32 rm -rf aptarchive/dists.good
33 cp -a aptarchive/dists aptarchive/dists.good
34 insertpackage 'unstable' 'bar' 'i386' '1.0'
35 insertsource 'unstable' 'bar' 'i386' '1.0'
36 buildaptarchivefromfiles '+1 hour'
37
38 # produce an unsigned repository
39 find aptarchive \( -name 'Release.gpg' -o -name 'InRelease' \) -delete
40 testfailure aptget update --no-allow-insecure-repositories
41 testfileequal "$1" "$(listcurrentlistsdirectory)"
42
43 # signed but broken
44 signreleasefiles
45
46 onehashbroken() {
47 rm -rf rootdir/var/lib/apt/lists/partial
48 testfailure aptget update -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::http=1
49 # each file generates two messages with this string
50 testequal '2' grep --count 'Hash Sum mismatch' rootdir/tmp/testfailure.output
51 testfileequal "$1" "$(listcurrentlistsdirectory)"
52 }
53
54 breakfile aptarchive/dists/unstable/main/binary-i386/Packages
55 onehashbroken "$1"
56 restorefile aptarchive/dists/unstable/main/binary-i386/Packages
57
58 breakfile aptarchive/dists/unstable/main/source/Sources
59 onehashbroken "$1"
60 restorefile aptarchive/dists/unstable/main/source/Sources
61
62 rm -rf aptarchive/dists
63 cp -a aptarchive/dists.good aptarchive/dists
64 }
65
66 testsetup() {
67 msgmsg 'Test with no initial data over' "$1"
68 rm -rf rootdir/var/lib/apt/lists
69 mkdir -p rootdir/var/lib/apt/lists/partial
70 listcurrentlistsdirectory > listsdir.lst
71 testrun 'listsdir.lst'
72
73 msgmsg 'Test with initial data over' "$1"
74 rm -rf rootdir/var/lib/apt/lists
75 testsuccess aptget update -o Debug::pkgAcquire::Worker=1
76 listcurrentlistsdirectory > listsdir.lst
77 testrun 'listsdir.lst'
78 }
79
80 testsetup 'file'
81
82 changetowebserver
83 webserverconfig 'aptwebserver::support::modified-since' 'false' "$1"
84 webserverconfig 'aptwebserver::support::last-modified' 'false' "$1" # curl is clever and sees hits here also
85 webserverconfig 'aptwebserver::support::range' 'false' "$1"
86
87 testsetup 'http'
88
89 changetohttpswebserver
90
91 testsetup 'https'