]> git.saurik.com Git - apt.git/blobdiff - test/integration/framework
merge sources.list lines based on Release filename
[apt.git] / test / integration / framework
index b0be3eaf14de36b262340721b20ece2fe7e5f445..3f7101170ced769a2dcbe2a15f69bd3416a2bb65 100644 (file)
@@ -175,6 +175,7 @@ runapt() {
        esac
        MALLOC_PERTURB_=21 MALLOC_CHECK_=2 APT_CONFIG="$(getaptconfig)" LD_LIBRARY_PATH="${LIBRARYPATH}:${LD_LIBRARY_PATH}" "$CMD" "$@"
 }
+runpython3() { runapt command python3 "$@"; }
 aptconfig() { runapt apt-config "$@"; }
 aptcache() { runapt apt-cache "$@"; }
 aptcdrom() { runapt apt-cdrom "$@"; }
@@ -216,6 +217,12 @@ gdb() {
        fi
        runapt command gdb --quiet -ex run "$CMD" --args "$CMD" "$@"
 }
+lastmodification() {
+       date -u -d "@$(stat -c '%Y' "${TMPWORKINGDIRECTORY}/$1")" '+%a, %d %b %Y %H:%M:%S GMT'
+}
+releasefiledate() {
+       grep "^${2:-Date}:" "$1" | cut -d' ' -f 2- | sed -e 's#UTC#GMT#'
+}
 
 exitwithstatus() {
         # error if we about to overflow, but ...
@@ -332,7 +339,9 @@ setupenvironment() {
        # destroys coverage reporting though, so we disable changing user for the calling gpgv
        echo "Dir::Bin::apt-key \"${BUILDDIRECTORY}/apt-key\";" >> aptconfig.conf
        if [ "$(id -u)" = '0' ]; then
-               echo 'Binary::gpgv::Debug::NoDropPrivs "true";' >>aptconfig.conf
+               echo 'Binary::gpgv::APT::Sandbox::User "root";' >> aptconfig.conf
+               # same for the solver executables
+               echo 'APT::Solver::RunAsUser "root";' >> aptconfig.conf
        fi
 
        cat > "${TMPWORKINGDIRECTORY}/rootdir/usr/bin/dpkg" <<EOF
@@ -389,8 +398,9 @@ EOF
        echo "Acquire::https::CaInfo \"${TMPWORKINGDIRECTORY}/rootdir/etc/webserver.pem\";" > rootdir/etc/apt/apt.conf.d/99https
        echo "Apt::Cmd::Disable-Script-Warning \"1\";" > rootdir/etc/apt/apt.conf.d/apt-binary
        echo 'Acquire::Connect::AddrConfig "false";' > rootdir/etc/apt/apt.conf.d/connect-addrconfig
+
        configcompression '.' 'gz' #'bz2' 'lzma' 'xz'
-       confighashes 'SHA1' # these are tests, not security best-practices
+       confighashes 'SHA256' # these are tests, not security best-practices
 
        # create some files in /tmp and look at user/group to get what this means
        TEST_DEFAULT_USER="$(id -un)"
@@ -407,6 +417,15 @@ EOF
        unset LANGUAGE APT_CONFIG
        unset GREP_OPTIONS DEB_BUILD_PROFILES
        unset http_proxy HTTP_PROXY https_proxy HTTPS_PROXY no_proxy
+
+       # If gpgv supports --weak-digest, pass it to make sure we can disable SHA1
+       if aptkey verify --weak-digest SHA1 --help 2>/dev/null >/dev/null; then
+               echo 'Acquire::gpgv::Options { "--weak-digest"; "sha1"; };' > rootdir/etc/apt/apt.conf.d/no-sha1
+       fi
+
+       # most tests just need one signed Release file, not both
+       export APT_DONT_SIGN='Release.gpg'
+
        msgdone "info"
 }
 
@@ -517,9 +536,13 @@ int execvp(const char *file, char *const argv[]) {
        return func_execvp(newfile, argv);
 }
 EOF
-       testsuccess --nomsg gcc -Wall -fPIC -shared -o noopchroot.so noopchroot.c -ldl
+       testempty --nomsg gcc -Wall -Wextra -fPIC -shared -o noopchroot.so noopchroot.c -ldl
 }
 configcompression() {
+       if [ "$1" = 'ALL' ]; then
+               configcompression '.' $(aptconfig dump APT::Compressor --format '%t %v%n' | sed -n 's#^Extension \.\(.*\)$#\1#p')
+               return
+       fi
        local CMD='apthelper cat-file -C'
        while [ -n "$1" ]; do
                case "$1" in
@@ -558,6 +581,11 @@ forcecompressor() {
        local CONFFILE="${TMPWORKINGDIRECTORY}/rootdir/etc/apt/apt.conf.d/00force-compressor"
        echo "Acquire::CompressionTypes::Order { \"${COMPRESS}\"; };
 Dir::Bin::uncompressed \"/does/not/exist\";" > "$CONFFILE"
+       for COMP in $(aptconfig dump 'APT::Compressor' --format '%f%n' | cut -d':' -f 5 | uniq); do
+               if [ -z "$COMP" -o "$COMP" = '.' -o "$COMP" = "$COMPRESSOR" ]; then continue; fi
+               echo "Dir::Bin::${COMP} \"/does/not/exist\";" >> "$CONFFILE"
+               echo "APT::Compressor::${COMP}::Name \"${COMP}-disabled\";" >> "$CONFFILE"
+       done
 }
 
 setupsimplenativepackage() {
@@ -582,12 +610,12 @@ setupsimplenativepackage() {
        mkdir -p ${BUILDDIR}/debian/source
        cd ${BUILDDIR}
        echo "* most suckless software product ever" > FEATURES
-       test -e debian/copyright || echo "Copyleft by Joe Sixpack $(date +%Y)" > debian/copyright
+       test -e debian/copyright || echo "Copyleft by Joe Sixpack $(date -u +%Y)" > debian/copyright
        test -e debian/changelog || echo "$NAME ($VERSION) $RELEASE; urgency=low
 
   * Initial release
 
- -- Joe Sixpack <joe@example.org>  $(date -R)" > debian/changelog
+ -- Joe Sixpack <joe@example.org>  $(date -u -R)" > debian/changelog
        test -e debian/control || echo "Source: $NAME
 Section: $SECTION
 Priority: optional
@@ -645,12 +673,12 @@ buildsimplenativepackage() {
        echo "#!/bin/sh
 echo '$NAME says \"Hello!\"'" > "${BUILDDIR}/${NAME}"
 
-       echo "Copyleft by Joe Sixpack $(date +%Y)" > "${BUILDDIR}/debian/copyright"
+       echo "Copyleft by Joe Sixpack $(date -u +%Y)" > "${BUILDDIR}/debian/copyright"
        echo "$NAME ($VERSION) $RELEASE; urgency=low
 
   * Initial release
 
- -- Joe Sixpack <joe@example.org>  $(date -R)" > "${BUILDDIR}/debian/changelog"
+ -- Joe Sixpack <joe@example.org>  $(date -u -R)" > "${BUILDDIR}/debian/changelog"
        {
                echo "Source: $NAME
 Priority: $PRIORITY
@@ -939,7 +967,7 @@ buildaptarchivefromfiles() {
 }
 
 compressfile() {
-       cat "${TMPWORKINGDIRECTORY}/rootdir/etc/testcase-compressor.conf" | while read compressor extension command; do
+       while read compressor extension command; do
                if [ "$compressor" = '.' ]; then
                        if [ -n "$2" ]; then
                                touch -d "$2" "$1"
@@ -950,7 +978,7 @@ compressfile() {
                if [ -n "$2" ]; then
                        touch -d "$2" "${1}.${extension}"
                fi
-       done
+       done < "${TMPWORKINGDIRECTORY}/rootdir/etc/testcase-compressor.conf"
 }
 
 # can be overridden by testcases for their pleasure
@@ -1001,13 +1029,13 @@ NotAutomatic: yes' "$dir/Release"
        fi
        if [ -n "$DATE" -a "$DATE" != "now" ]; then
                for release in $(find ./aptarchive -name 'Release'); do
-                       sed -i "s/^Date: .*$/Date: $(date -d "$DATE" '+%a, %d %b %Y %H:%M:%S %Z')/" "$release"
+                       sed -i "s/^Date: .*$/Date: $(date -u -d "$DATE" '+%a, %d %b %Y %H:%M:%S %Z')/" "$release"
                        touch -d "$DATE" "$release"
                done
        fi
        if [ -n "$VALIDUNTIL" ]; then
                sed -i "/^Date: / a\
-Valid-Until: $(date -d "$VALIDUNTIL" '+%a, %d %b %Y %H:%M:%S %Z')" $(find ./aptarchive -name 'Release')
+Valid-Until: $(date -u -d "$VALIDUNTIL" '+%a, %d %b %Y %H:%M:%S %Z')" $(find ./aptarchive -name 'Release')
        fi
        msgdone "info"
 }
@@ -1063,40 +1091,73 @@ setupaptarchive() {
 }
 
 signreleasefiles() {
-       local SIGNER="${1:-Joe Sixpack}"
+       local SIGNERS="${1:-Joe Sixpack}"
        local REPODIR="${2:-aptarchive}"
-       local KEY="keys/$(echo "$SIGNER" | tr 'A-Z' 'a-z' | sed 's# ##g')"
-       local GPG="aptkey --quiet --keyring ${KEY}.pub --secret-keyring ${KEY}.sec --readonly adv --batch --yes"
-       msgninfo "\tSign archive with $SIGNER key $KEY… "
+       if [ -n "$1" ]; then shift; fi
+       if [ -n "$1" ]; then shift; fi
+       local KEY="keys/$(echo "$SIGNERS" | tr 'A-Z' 'a-z' | tr -d ' ,')"
+       msgninfo "\tSign archive with $SIGNERS key $KEY… "
        local REXKEY='keys/rexexpired'
        local SECEXPIREBAK="${REXKEY}.sec.bak"
        local PUBEXPIREBAK="${REXKEY}.pub.bak"
-       if [ "${SIGNER}" = 'Rex Expired' ]; then
-               # the key is expired, so gpg doesn't allow to sign with and the --faked-system-time
-               # option doesn't exist anymore (and using faketime would add a new obscure dependency)
-               # therefore we 'temporary' make the key not expired and restore a backup after signing
-               cp "${REXKEY}.sec" "$SECEXPIREBAK"
-               cp "${REXKEY}.pub" "$PUBEXPIREBAK"
-               local SECUNEXPIRED="${REXKEY}.sec.unexpired"
-               local PUBUNEXPIRED="${REXKEY}.pub.unexpired"
-               if [ -f "$SECUNEXPIRED" ] && [ -f "$PUBUNEXPIRED" ]; then
-                       cp "$SECUNEXPIRED" "${REXKEY}.sec"
-                       cp "$PUBUNEXPIRED" "${REXKEY}.pub"
-               else
-                       if ! printf "expire\n1w\nsave\n" | $GPG --default-key "$SIGNER" --command-fd 0 --edit-key "${SIGNER}" >setexpire.gpg 2>&1; then
-                               cat setexpire.gpg
-                               exit 1
+       local SIGUSERS=""
+       while [ -n "${SIGNERS%%,*}" ]; do
+               local SIGNER="${SIGNERS%%,*}"
+               if [ "${SIGNERS}" = "${SIGNER}" ]; then
+                       SIGNERS=""
+               fi
+               SIGNERS="${SIGNERS#*,}"
+               # FIXME: This should be the full name, but we can't encode the space properly currently
+               SIGUSERS="${SIGUSERS} -u ${SIGNER#* }"
+               if [ "${SIGNER}" = 'Rex Expired' ]; then
+                       # the key is expired, so gpg doesn't allow to sign with and the --faked-system-time
+                       # option doesn't exist anymore (and using faketime would add a new obscure dependency)
+                       # therefore we 'temporary' make the key not expired and restore a backup after signing
+                       cp "${REXKEY}.sec" "$SECEXPIREBAK"
+                       cp "${REXKEY}.pub" "$PUBEXPIREBAK"
+                       local SECUNEXPIRED="${REXKEY}.sec.unexpired"
+                       local PUBUNEXPIRED="${REXKEY}.pub.unexpired"
+                       if [ -f "$SECUNEXPIRED" ] && [ -f "$PUBUNEXPIRED" ]; then
+                               cp "$SECUNEXPIRED" "${REXKEY}.sec"
+                               cp "$PUBUNEXPIRED" "${REXKEY}.pub"
+                       else
+                               if ! printf "expire\n1w\nsave\n" | aptkey --quiet --keyring "${REXKEY}.pub" --secret-keyring "${REXKEY}.sec" \
+                                       --readonly adv --batch --yes --digest-algo "${APT_TESTS_DIGEST_ALGO:-SHA512}" \
+                                       --default-key "$SIGNER" --command-fd 0 --edit-key "${SIGNER}" >setexpire.gpg 2>&1; then
+                                       cat setexpire.gpg
+                                       exit 1
+                               fi
+                               cp "${REXKEY}.sec" "$SECUNEXPIRED"
+                               cp "${REXKEY}.pub" "$PUBUNEXPIRED"
                        fi
-                       cp "${REXKEY}.sec" "$SECUNEXPIRED"
-                       cp "${REXKEY}.pub" "$PUBUNEXPIRED"
                fi
+               if [ ! -e "${KEY}.pub" ]; then
+                       local K="keys/$(echo "$SIGNER" | tr 'A-Z' 'a-z' | tr -d ' ,')"
+                       cat "${K}.pub" >> "${KEY}.new.pub"
+                       cat "${K}.sec" >> "${KEY}.new.sec"
+               fi
+       done
+       if [ ! -e "${KEY}.pub" ]; then
+               mv "${KEY}.new.pub" "${KEY}.pub"
+               mv "${KEY}.new.sec" "${KEY}.sec"
        fi
+       local GPG="aptkey --quiet --keyring ${KEY}.pub --secret-keyring ${KEY}.sec --readonly adv --batch --yes --digest-algo ${APT_TESTS_DIGEST_ALGO:-SHA512}"
        for RELEASE in $(find "${REPODIR}/" -name Release); do
-               testsuccess $GPG --default-key "$SIGNER" --armor --detach-sign --sign --output "${RELEASE}.gpg" "${RELEASE}"
-               local INRELEASE="$(echo "${RELEASE}" | sed 's#/Release$#/InRelease#')"
-               testsuccess $GPG --default-key "$SIGNER" --clearsign --output "$INRELEASE" "$RELEASE"
                # we might have set a specific date for the Release file, so copy it
-               touch -d "$(stat --format "%y" ${RELEASE})" "${RELEASE}.gpg" "${INRELEASE}"
+               local DATE="$(stat --format "%y" "${RELEASE}")"
+               if [ "$APT_DONT_SIGN" = 'Release.gpg' ]; then
+                       rm -f "${RELEASE}.gpg"
+               else
+                       testsuccess $GPG "$@" $SIGUSERS --armor --detach-sign --sign --output "${RELEASE}.gpg" "${RELEASE}"
+                       touch -d "$DATE" "${RELEASE}.gpg"
+               fi
+               local INRELEASE="${RELEASE%/*}/InRelease"
+               if [ "$APT_DONT_SIGN" = 'InRelease' ]; then
+                       rm -f "$INRELEASE"
+               else
+                       testsuccess $GPG "$@" $SIGUSERS --clearsign --output "$INRELEASE" "$RELEASE"
+                       touch -d "$DATE" "${INRELEASE}"
+               fi
        done
        if [ -f "$SECEXPIREBAK" ] && [ -f "$PUBEXPIREBAK" ]; then
                mv -f "$SECEXPIREBAK" "${REXKEY}.sec"
@@ -1106,7 +1167,7 @@ signreleasefiles() {
 }
 
 redatereleasefiles() {
-       local DATE="$(date -d "$1" '+%a, %d %b %Y %H:%M:%S %Z')"
+       local DATE="$(date -u -d "$1" '+%a, %d %b %Y %H:%M:%S %Z')"
        for release in $(find aptarchive/ -name 'Release'); do
                sed -i "s/^Date: .*$/Date: ${DATE}/" "$release"
                touch -d "$DATE" "$release"
@@ -1148,8 +1209,8 @@ rewritesourceslist() {
        local APTARCHIVE2="copy://$(readlink -f "${TMPWORKINGDIRECTORY}/aptarchive" | sed 's# #%20#g')"
        for LIST in $(find rootdir/etc/apt/sources.list.d/ -name 'apt-test-*.list'); do
                sed -i $LIST -e "s#$APTARCHIVE#${1}#" -e "s#$APTARCHIVE2#${1}#" \
-                       -e "s#http://localhost:${APTHTTPPORT}/#${1}#" \
-                       -e "s#https://localhost:${APTHTTPSPORT}/#${1}#"
+                       -e "s#http://[^@]*@\?localhost:${APTHTTPPORT}/\?#${1}#" \
+                       -e "s#https://[^@]*@\?localhost:${APTHTTPSPORT}/\?#${1}#"
        done
 }
 
@@ -1223,7 +1284,7 @@ connect = $APTHTTPPORT
                msgdie 'Could not fork stunnel4 successfully'
        fi
        addtrap 'prefix' "kill ${PID};"
-       APTHTTPSPORT="$(lsof -i | awk "/^stunnel4 / && \$2 == \"${PID}\" {print \$9; exit; }" | cut -d':' -f 2)"
+       APTHTTPSPORT="$(lsof -i -n | awk "/^stunnel4 / && \$2 == \"${PID}\" {print \$9; exit; }" | cut -d':' -f 2)"
        webserverconfig 'aptwebserver::port::https' "$APTHTTPSPORT" "https://localhost:${APTHTTPSPORT}"
        rewritesourceslist "https://localhost:${APTHTTPSPORT}/"
 }
@@ -1313,9 +1374,13 @@ testfileequal() {
 
 testempty() {
        msggroup 'testempty'
-       msgtest "Test for no output of" "$*"
+       if [ "$1" = '--nomsg' ]; then
+               shift
+       else
+               msgtest "Test for no output of" "$*"
+       fi
        local COMPAREFILE="${TMPWORKINGDIRECTORY}/rootdir/tmp/testempty.comparefile"
-       if ("$@" >"$COMPAREFILE" 2>&1 || true) && test ! -s "$COMPAREFILE"; then
+       if "$@" >"$COMPAREFILE" 2>&1 && test ! -s "$COMPAREFILE"; then
                msgpass
        else
                msgfailoutput '' "$COMPAREFILE" "$@"
@@ -1488,6 +1553,14 @@ testmarkedmanual() {
        msggroup
 }
 
+catfile() {
+       if [ "${1##*.}" = 'deb' ]; then
+               stat >&2 "$1" || true
+               file >&2 "$1" || true
+       else
+               cat >&2 "$1" || true
+       fi
+}
 msgfailoutput() {
        msgreportheader 'msgfailoutput'
        local MSG="$1"
@@ -1497,7 +1570,7 @@ msgfailoutput() {
                echo >&2
                while [ -n "$2" ]; do shift; done
                echo "#### Complete file: $1 ####"
-               cat >&2 "$1" || true
+               catfile "$1"
                echo '#### grep output ####'
        elif [ "$1" = 'test' ]; then
                echo >&2
@@ -1512,7 +1585,7 @@ msgfailoutput() {
                                        ls >&2 "$2" || true
                                elif test -e "$2"; then
                                        echo "#### Complete file: $2 ####"
-                                       cat >&2 "$2" || true
+                                       catfile "$2"
                                fi
                        fi
                }
@@ -1522,8 +1595,16 @@ msgfailoutput() {
                        msgfailoutputstatfile "$2" "$3"
                done
                echo '#### test output ####'
+       elif [ "$1" = 'cmp' ]; then
+               echo >&2
+               while [ -n "$2" ]; do
+                       echo "#### Complete file: $2 ####"
+                       catfile "$2"
+                       shift
+               done
+               echo '#### cmp output ####'
        fi
-       cat >&2 "$OUTPUT"
+       catfile "$OUTPUT"
        msgfail "$MSG"
 }
 
@@ -1622,8 +1703,9 @@ testfailure() {
                local EXITCODE=$?
                if expr match "$1" '^apt.*' >/dev/null; then
                        if [ "$1" = 'aptkey' ]; then
-                               if grep -q -E " Can't check signature: " "$OUTPUT" || \
-                                       grep -q -E " BAD signature from " "$OUTPUT"; then
+                               if grep -q " Can't check signature: 
+ BAD signature from 
+ signature could not be verified" "$OUTPUT"; then
                                        msgpass
                                else
                                        msgfailoutput "run failed with exitcode ${EXITCODE}, but no signature error" "$OUTPUT" "$@"
@@ -1765,8 +1847,18 @@ createlistofkeys() {
        local OUTPUT="$1"
        shift
        while [ -n "$1" ]; do
+               # gpg 2.1.something starts printing [SC] at some point
+               if grep -q ' rsa2048/' "$OUTPUT" && grep -qF '[SC]' "$OUTPUT"; then
+                       case "$1" in
+                               *Joe*|*Sixpack*) echo 'pub   rsa2048/DBAC8DAE 2010-08-18 [SC]';;
+                               *Rex*|*Expired*) echo 'pub   rsa2048/27CE74F9 2013-07-12 [SC] [expired: 2013-07-13]';;
+                               *Marvin*|*Paranoid*) echo 'pub   rsa2048/528144E2 2011-01-16 [SC]';;
+                               oldarchive) echo 'pub   rsa1024/F68C85A3 2013-12-19 [SC]';;
+                               newarchive) echo 'pub   rsa2048/DBAC8DAE 2010-08-18 [SC]';;
+                               *) echo 'UNKNOWN KEY';;
+                       esac
                # gpg 2.1 has a slightly different output format
-               if grep -q ' rsa2048/' "$OUTPUT"; then
+               elif grep -q ' rsa2048/' "$OUTPUT"; then
                        case "$1" in
                                *Joe*|*Sixpack*) echo 'pub   rsa2048/DBAC8DAE 2010-08-18';;
                                *Rex*|*Expired*) echo 'pub   rsa2048/27CE74F9 2013-07-12 [expired: 2013-07-13]';;
@@ -1813,6 +1905,7 @@ listcurrentlistsdirectory() {
        } | sort
 }
 forallsupportedcompressors() {
+       rm -f "${TMPWORKINGDIRECTORY}/rootdir/etc/apt/apt.conf.d/00force-compressor"
        for COMP in $(aptconfig dump 'APT::Compressor' --format '%f%n' | cut -d':' -f 5 | uniq); do
                if [ -z "$COMP" -o "$COMP" = '.' ]; then continue; fi
                "$@" "$COMP"