]>
git.saurik.com Git - apt.git/blob - test/integration/test-cve-2013-1051-InRelease-parsing
4 TESTDIR
="$(readlink -f "$(dirname "$0")")"
8 configarchitecture 'i386'
10 insertpackage 'stable' 'good-pkg' 'all' '1.0'
15 ARCHIVE="http
://localhost
:${APTHTTPPORT}"
16 msgtest 'Initial apt-get update should work with' 'InRelease'
17 testsuccess --nomsg aptget update
19 # check that the setup is correct
20 testsuccessequal "good
-pkg:
25 500 ${ARCHIVE} stable
/main all Packages
" aptcache policy good-pkg
27 # now exchange to the Packages file, note that this could be
29 insertpackage 'stable' 'bad-mitm' 'all' '1.0'
31 # this builds compressed files and a new (unsigned) Release
32 buildaptarchivefromfiles '+1hour'
34 # add a space into the BEGIN PGP SIGNATURE PART/END PGP SIGNATURE part
35 # to trick apt - this is still legal to gpg(v)
36 sed -i '/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ s/^$/ /g' aptarchive/dists/stable/InRelease
38 # we append the (evil unsigned) Release file to the (good signed) InRelease
39 cat aptarchive/dists/stable/Release >> aptarchive/dists/stable/InRelease
40 touch -d '+1hour' aptarchive/dists/stable/InRelease
42 # ensure the update doesn't load bad data as good data
43 # Note that we will pick up the InRelease itself as we download no other
44 # indexes which would trigger a hashsum mismatch, but we ignore the 'bad'
45 # part of the InRelease
46 listcurrentlistsdirectory | sed '/_InRelease/ d' > listsdir.lst
47 msgtest 'apt-get update should ignore unsigned data in the' 'InRelease'
48 testsuccessequal "Get
:1 http
://localhost
:${APTHTTPPORT} stable InRelease
[$(stat -c%s aptarchive/dists/stable/InRelease) B
]
49 Reading package lists...
" --nomsg aptget update
50 testfileequal './listsdir.lst' "$(listcurrentlistsdirectory | sed '/_InRelease/ d')"
52 # ensure there is no package
53 testfailureequal 'Reading package lists...
54 Building dependency tree...
55 E: Unable to locate package bad-mitm' aptget install bad-mitm -s
57 # and verify that its not picked up
58 testsuccessequal 'N: Unable to locate package bad-mitm' aptcache policy bad-mitm
60 # and that the right one is used
61 testsuccessequal "good
-pkg:
66 500 ${ARCHIVE} stable
/main all Packages
" aptcache policy good-pkg