]> git.saurik.com Git - apt.git/blob - test/integration/test-apt-update-file
8da4ec35b352f3c883c38c92b75bf8a17db0f864
[apt.git] / test / integration / test-apt-update-file
1 #!/bin/sh
2 #
3 # Ensure that we do not modify file:/// uris (regression test for
4 # CVE-2014-0487
5 #
6 set -e
7
8 TESTDIR="$(readlink -f "$(dirname "$0")")"
9 . "$TESTDIR/framework"
10
11 setupenvironment
12 configarchitecture "amd64"
13 configcompression 'bz2' 'gz'
14 confighashes 'SHA512'
15
16 insertpackage 'unstable' 'foo' 'all' '1'
17 insertpackage 'unstable' 'bar' 'amd64' '1'
18 insertsource 'unstable' 'foo' 'all' '1'
19
20 setupaptarchive --no-update
21 logcurrentarchivedirectory
22
23 # ensure the archive is not writable
24 addtrap 'prefix' 'chmod 755 aptarchive/dists/unstable/main/binary-all;'
25 if [ "$(id -u)" = '0' ]; then
26 # too deep to notice it, but it also unlikely that files in the same repo have different permissions
27 chmod 500 aptarchive/dists/unstable/main/binary-all
28 testfailure aptget update
29 rm -rf rootdir/var/lib/apt/lists
30 chmod 755 aptarchive/dists/unstable/main/binary-all
31 testsuccess aptget update
32 rm -rf rootdir/var/lib/apt/lists
33 chmod 511 aptarchive/dists/
34 testsuccess aptget update
35 rm -rf rootdir/var/lib/apt/lists
36 chmod 510 aptarchive/dists/
37 testsuccesswithnotice aptget update
38 rm -rf rootdir/var/lib/apt/lists
39 chmod 500 aptarchive/dists/
40 testsuccesswithnotice aptget update
41 chmod 755 aptarchive/dists/
42 else
43 testsuccess aptget update
44 fi
45 mv rootdir/var/lib/apt/lists/_* rootdir/var/lib/apt/lists/partial
46 chmod 555 aptarchive/dists/unstable/main/binary-all
47 testsuccess aptget update -o Debug::pkgAcquire::Worker=1
48 cp -a rootdir/tmp/testsuccess.output rootdir/tmp/update.output
49 testsuccess grep '%0aAlt-Filename:%20' rootdir/tmp/update.output
50
51 # the release files aren't an IMS-hit, but the indexes are
52 redatereleasefiles '+1 hour'
53
54 # we don't download the index if it isn't updated
55 testsuccess aptget update -o Debug::pkgAcquire::Auth=1
56 # file:/ isn't shown in the log, so see if it was downloaded anyhow
57 cp -a rootdir/tmp/testsuccess.output rootdir/tmp/update.output
58 canary="SHA512:$(bzcat aptarchive/dists/unstable/main/binary-all/Packages.bz2 | sha512sum |cut -f1 -d' ')"
59 testfailure grep -- "$canary" rootdir/tmp/update.output
60
61 testfoo() {
62 # foo is still available
63 testsuccess aptget install -s foo
64 testsuccess aptcache showsrc foo
65 testsuccess aptget source foo --print-uris
66 }
67 testfoo
68
69 # the release file is new again, the index still isn't, but it is somehow gone now from disk
70 redatereleasefiles '+2 hour'
71 find rootdir/var/lib/apt/lists -name '*_Packages*' -delete
72
73 testsuccess aptget update -o Debug::pkgAcquire::Auth=1
74 # file:/ isn't shown in the log, so see if it was downloaded anyhow
75 cp -a rootdir/tmp/testsuccess.output rootdir/tmp/update.output
76 canary="SHA512:$(bzcat aptarchive/dists/unstable/main/binary-all/Packages.bz2 | sha512sum |cut -f1 -d' ')"
77 testsuccess grep -- "$canary" rootdir/tmp/update.output
78
79 testfoo