3 # Ensure that a MITM can not stale the Packages/Sources without
4 # raising a error message. Note that the Release file is protected
5 # via the "Valid-Until" header
9 TESTDIR
=$(readlink -f $(dirname $0))
13 configarchitecture
"i386"
15 insertpackage
'unstable' 'foo' 'all' '1.0'
17 setupaptarchive
--no-update
20 echo "Acquire::Languages \"none\";" > rootdir
/etc
/apt
/apt.conf.d
/00nolanguages
21 testsuccess aptget update
22 listcurrentlistsdirectory
> lists.before
25 mkdir aptarchive
/dists
/unstable
/main
/binary
-i386/saved
26 cp -p aptarchive
/dists
/unstable
/main
/binary
-i386/Packages
* \
27 aptarchive
/dists
/unstable
/main
/binary
-i386/saved
28 insertpackage
'unstable' 'foo' 'all' '2.0'
30 compressfile aptarchive
/dists
/unstable
/main
/binary
-i386/Packages
31 # ensure that we do not get a I-M-S hit for the Release file
33 generatereleasefiles
'+1hour'
36 # but now only deliver the previous Packages file instead of the new one
37 # (simulating a stale attack)
38 cp -p aptarchive
/dists
/unstable
/main
/binary
-i386/saved
/Packages
* \
39 aptarchive
/dists
/unstable
/main
/binary
-i386/
41 # ensure this raises an error
42 testequal
"W: Failed to fetch http://localhost:8080/dists/unstable/main/binary-i386/Packages Hash Sum mismatch
44 E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update
-qq
45 testfileequal lists.before
"$(listcurrentlistsdirectory)"