]> git.saurik.com Git - apt.git/blob - test/integration/test-sourceslist-trusted-options
Test that SHA1-only .diff/Index files are not used
[apt.git] / test / integration / test-sourceslist-trusted-options
1 #!/bin/sh
2 set -e
3
4 TESTDIR="$(readlink -f "$(dirname "$0")")"
5 . "$TESTDIR/framework"
6
7 setupenvironment
8 configarchitecture 'amd64'
9
10 buildsimplenativepackage 'foo' 'amd64' '1' 'stable'
11 buildsimplenativepackage 'foo' 'amd64' '2' 'testing'
12
13 setupaptarchive --no-update
14
15 APTARCHIVE=$(readlink -f ./aptarchive)
16
17 everythingsucceeds() {
18 testsuccessequal 'Listing...
19 foo/testing 2 amd64
20 foo/stable 1 amd64
21 ' apt list foo -a
22
23 cd downloaded
24 rm -f foo_1_amd64.deb foo_2_amd64.deb
25 testsuccess aptget download foo "$@"
26 testsuccess test -s foo_1_amd64.deb -o -s foo_2_amd64.deb
27
28 rm -f foo_1.dsc foo_2.dsc
29 testsuccess aptget source foo --dsc-only -d "$@"
30 testsuccess test -s foo_1.dsc -o -s foo_2.dsc
31 cd - >/dev/null
32 }
33
34 everythingfails() {
35 testsuccessequal 'Listing...
36 foo/testing 2 amd64
37 foo/stable 1 amd64
38 ' apt list foo -a
39
40 local WARNING='WARNING: The following packages cannot be authenticated!
41 foo
42 E: Some packages could not be authenticated'
43
44 cd downloaded
45 rm -f foo_1_amd64.deb foo_2_amd64.deb
46 testfailure aptget download foo "$@"
47 testequal "$WARNING" tail -n 3 ../rootdir/tmp/testfailure.output
48 testfailure test -s foo_1_amd64.deb -o -s foo_2_amd64.deb
49
50 rm -f foo_1.dsc foo_2.dsc
51 testfailure aptget source foo --dsc-only -d "$@"
52 testequal "$WARNING" tail -n 3 ../rootdir/tmp/testfailure.output
53 testfailure test -s foo_1.dsc -o -s foo_2.dsc
54 cd - >/dev/null
55 }
56
57 cp -a rootdir/etc/apt/sources.list.d/ rootdir/etc/apt/sources.list.d.bak/
58 echo 'Debug::Acquire::Transaction "true";
59 Debug::pkgAcquire::Worker "true";' > rootdir/etc/apt/apt.conf.d/00debugging
60
61 aptgetupdate() {
62 rm -rf rootdir/var/lib/apt/lists
63 # note that insecure with trusted=yes are allowed
64 # as the trusted=yes indicates that security is provided by
65 # something above the understanding of apt
66 ${1:-testsuccess} aptget update --no-allow-insecure-repositories
67 }
68
69 insecureaptgetupdate() {
70 rm -rf rootdir/var/lib/apt/lists
71 testfailure aptget update --no-allow-insecure-repositories
72 rm -rf rootdir/var/lib/apt/lists
73 testwarning aptget update --allow-insecure-repositories
74 }
75
76 msgmsg 'Test without trusted option and good sources'
77 cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
78 aptgetupdate
79 everythingsucceeds
80 everythingsucceeds -t stable
81 everythingsucceeds -t testing
82
83 msgmsg 'Test with trusted=yes option and good sources'
84 cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
85 sed -i 's#^deb\(-src\)\? #deb\1 [trusted=yes] #' rootdir/etc/apt/sources.list.d/*
86 aptgetupdate
87 everythingsucceeds
88 everythingsucceeds -t stable
89 everythingsucceeds -t testing
90
91 msgmsg 'Test with trusted=no option and good sources'
92 cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
93 sed -i 's#^deb\(-src\)\? #deb\1 [trusted=no] #' rootdir/etc/apt/sources.list.d/*
94 # we want the warnings on the actions, but for 'update' everything is fine
95 aptgetupdate
96 everythingfails
97 everythingfails -t stable
98 everythingfails -t testing
99
100 find aptarchive/dists/stable \( -name 'InRelease' -o -name 'Release.gpg' \) -delete
101
102 msgmsg 'Test without trusted option and good and unsigned sources'
103 cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
104 insecureaptgetupdate
105 everythingsucceeds
106 everythingfails -t stable
107 everythingsucceeds -t testing
108
109 msgmsg 'Test with trusted=yes option and good and unsigned sources'
110 cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
111 sed -i 's#^deb\(-src\)\? #deb\1 [trusted=yes] #' rootdir/etc/apt/sources.list.d/*
112 aptgetupdate
113 everythingsucceeds
114 everythingsucceeds -t stable
115 everythingsucceeds -t testing
116
117 msgmsg 'Test with trusted=no option and good and unsigned sources'
118 cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
119 sed -i 's#^deb\(-src\)\? #deb\1 [trusted=no] #' rootdir/etc/apt/sources.list.d/*
120 insecureaptgetupdate
121 everythingfails
122 everythingfails -t stable
123 everythingfails -t testing
124
125 signreleasefiles 'Marvin Paranoid' 'aptarchive/dists/stable'
126
127 msgmsg 'Test without trusted option and good and unknown sources'
128 cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
129 insecureaptgetupdate
130 everythingsucceeds
131 everythingfails -t stable
132 everythingsucceeds -t testing
133
134 msgmsg 'Test with trusted=yes option and good and unknown sources'
135 cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
136 sed -i 's#^deb\(-src\)\? #deb\1 [trusted=yes] #' rootdir/etc/apt/sources.list.d/*
137 aptgetupdate 'testwarning'
138 everythingsucceeds
139 everythingsucceeds -t stable
140 everythingsucceeds -t testing
141
142 msgmsg 'Test with trusted=no option and good and unknown sources'
143 cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
144 sed -i 's#^deb\(-src\)\? #deb\1 [trusted=no] #' rootdir/etc/apt/sources.list.d/*
145 insecureaptgetupdate
146 everythingfails
147 everythingfails -t stable
148 everythingfails -t testing
149
150 signreleasefiles 'Rex Expired' 'aptarchive/dists/stable'
151 cp -a keys/rexexpired.pub rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg
152
153 msgmsg 'Test without trusted option and good and expired sources'
154 cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
155 insecureaptgetupdate
156 everythingsucceeds
157 everythingfails -t stable
158 everythingsucceeds -t testing
159
160 msgmsg 'Test with trusted=yes option and good and expired sources'
161 cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
162 sed -i 's#^deb\(-src\)\? #deb\1 [trusted=yes] #' rootdir/etc/apt/sources.list.d/*
163 aptgetupdate 'testwarning'
164 everythingsucceeds
165 everythingsucceeds -t stable
166 everythingsucceeds -t testing
167
168 msgmsg 'Test with trusted=no option and good and expired sources'
169 cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
170 sed -i 's#^deb\(-src\)\? #deb\1 [trusted=no] #' rootdir/etc/apt/sources.list.d/*
171 insecureaptgetupdate
172 everythingfails
173 everythingfails -t stable
174 everythingfails -t testing
175
176 # same as the one further above, but this time testing is unsigned
177 find aptarchive/ \( -name 'InRelease' -o -name 'Release.gpg' \) -delete
178 signreleasefiles 'Joe Sixpack' 'aptarchive/dists/stable'
179
180 msgmsg 'Test without trusted option and unsigned and good sources'
181 cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
182 insecureaptgetupdate
183 everythingfails
184 everythingsucceeds -t stable
185 everythingfails -t testing
186
187 msgmsg 'Test with trusted=yes option and unsigned and good sources'
188 cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
189 sed -i 's#^deb\(-src\)\? #deb\1 [trusted=yes] #' rootdir/etc/apt/sources.list.d/*
190 aptgetupdate
191 everythingsucceeds
192 everythingsucceeds -t stable
193 everythingsucceeds -t testing
194
195 msgmsg 'Test with trusted=no option and unsigned and good sources'
196 cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
197 sed -i 's#^deb\(-src\)\? #deb\1 [trusted=no] #' rootdir/etc/apt/sources.list.d/*
198 insecureaptgetupdate
199 everythingfails
200 everythingfails -t stable
201 everythingfails -t testing
202
203 msgmsg 'Test conflicting trusted options are refused'
204 testsource() {
205 echo "$@" > rootdir/etc/apt/sources.list.d/example.list
206 testfailuremsg 'E: Conflicting values set for option Trusted regarding source http://example.org/bad/ unstable
207 E: The list of sources could not be read.' aptget update --print-uris
208 }
209 for VAL in 'yes' 'no'; do
210 testsource "deb http://example.org/bad unstable main
211 deb [trusted=${VAL}] http://example.org/bad unstable non-free"
212 testsource "deb [trusted=${VAL}] http://example.org/bad unstable main
213 deb http://example.org/bad unstable non-free"
214 done
215 testsource 'deb [trusted=yes] http://example.org/bad unstable main
216 deb [trusted=no] http://example.org/bad unstable non-free'
217 testsource 'deb [trusted=no] http://example.org/bad unstable main
218 deb [trusted=yes] http://example.org/bad unstable non-free'