]> git.saurik.com Git - apt.git/blobdiff - test/integration/framework
reset HOME, USER(NAME), TMPDIR & SHELL in DropPrivileges
[apt.git] / test / integration / framework
index b65b0b86ff317af0f8680d6a9a633008a814c1fe..03633f28ad91396e30bcb202b1d63ff4d51f6bc8 100644 (file)
@@ -5,6 +5,8 @@ EXIT_CODE=0
 while [ -n "$1" ]; do
        if [ "$1" = "-q" ]; then
                export MSGLEVEL=2
+       elif [ "$1" = "-qq" ]; then
+               export MSGLEVEL=1
        elif [ "$1" = "-v" ]; then
                export MSGLEVEL=4
        elif [ "$1" = '--color=no' ]; then
@@ -31,7 +33,6 @@ if [ "${MSGCOLOR:-YES}" = 'YES' ]; then
        fi
 fi
 
-
 if [ "$MSGCOLOR" != 'NO' ]; then
        CERROR="\033[1;31m" # red
        CWARNING="\033[1;33m" # yellow
@@ -143,6 +144,9 @@ if [ $MSGLEVEL -le 4 ]; then
        msgdebug() { true; }
        msgndebug() { true; }
 fi
+if [ $MSGLEVEL -le 1 ]; then
+       msgpass() { true; }
+fi
 msgdone() {
        if [ "$1" = "debug" -a $MSGLEVEL -le 4 ] ||
           [ "$1" = "info" -a $MSGLEVEL -le 3 ] ||
@@ -175,25 +179,30 @@ runapt() {
        esac
        MALLOC_PERTURB_=21 MALLOC_CHECK_=2 APT_CONFIG="$(getaptconfig)" LD_LIBRARY_PATH="${LIBRARYPATH}:${LD_LIBRARY_PATH}" "$CMD" "$@"
 }
+runpython3() { runapt command python3 "$@"; }
 aptconfig() { runapt apt-config "$@"; }
 aptcache() { runapt apt-cache "$@"; }
 aptcdrom() { runapt apt-cdrom "$@"; }
 aptget() { runapt apt-get "$@"; }
-aptftparchive() { runapt apt-ftparchive "$@"; }
+aptftparchive() { runapt "${APTFTPARCHIVEBINDIR}/apt-ftparchive" "$@"; }
 aptkey() { runapt apt-key "$@"; }
 aptmark() { runapt apt-mark "$@"; }
 aptsortpkgs() { runapt apt-sortpkgs "$@"; }
 apt() { runapt apt "$@"; }
 apthelper() { runapt "${APTHELPERBINDIR}/apt-helper" "$@"; }
-aptwebserver() { runapt "${APTWEBSERVERBINDIR}/aptwebserver" "$@"; }
+aptwebserver() { runapt "${APTTESTHELPERSBINDIR}/aptwebserver" "$@"; }
 aptitude() { runapt aptitude "$@"; }
 aptextracttemplates() { runapt apt-extracttemplates "$@"; }
 aptinternalsolver() { runapt "${APTINTERNALSOLVER}" "$@"; }
 aptdumpsolver() { runapt "${APTDUMPSOLVER}" "$@"; }
+aptinternalplanner() { runapt "${APTINTERNALPLANNER}" "$@"; }
 
 dpkg() {
        "${TMPWORKINGDIRECTORY}/rootdir/usr/bin/dpkg" "$@"
 }
+dpkg_version() {
+       command perl -MDpkg -E 'say $Dpkg::PROGVERSION'
+}
 dpkgcheckbuilddeps() {
        command dpkg-checkbuilddeps --admindir="${TMPWORKINGDIRECTORY}/rootdir/var/lib/dpkg" "$@"
 }
@@ -214,7 +223,13 @@ gdb() {
        if [ "${CMD##*/}" = "$CMD" ]; then
                CMD="${BUILDDIRECTORY}/${CMD}"
        fi
-       runapt command gdb --quiet -ex run "$CMD" --args "$CMD" "$@"
+       runapt command gdb --quiet -ex "directory '$SOURCEDIRECTORY'" -ex run "$CMD" --args "$CMD" "$@"
+}
+lastmodification() {
+       date -u -d "@$(stat -c '%Y' "${TMPWORKINGDIRECTORY}/$1")" -R
+}
+releasefiledate() {
+       grep "^${2:-Date}:" "$1" | cut -d' ' -f 2-
 }
 
 exitwithstatus() {
@@ -249,9 +264,32 @@ escape_shell() {
     echo "$@" | sed -e "s#'#'\"'\"'#g"
 }
 
+find_project_binary_dir() {
+       local TESTDIRECTORY="$(readlink -f "$(dirname $0)")"
+       if [ -z "$PROJECT_BINARY_DIR" ]; then
+               PROJECT_BINARY_DIR=
+               for dir in ${TESTDIRECTORY}/../../ ${TESTDIRECTORY}/../../*; do
+                       test -e "$dir/CMakeCache.txt"  || continue
+                       if [ -z "$PROJECT_BINARY_DIR" ] ||
+                          [ "$dir/CMakeCache.txt" -nt "$PROJECT_BINARY_DIR/CMakeCache.txt" ]; then
+                               PROJECT_BINARY_DIR="$dir"
+                       fi
+               done
+               if [ -z "$PROJECT_BINARY_DIR" ]; then
+                       echo "Cannot find build directory, you might want to set PROJECT_BINARY_DIR" >&2
+                       exit 1
+               fi
+               export PROJECT_BINARY_DIR
+       fi
+}
 setupenvironment() {
+       # Next check needs a gnu stat, let's figure that out early.
+       stat=stat
+       if command -v gnustat >/dev/null 2>&1; then
+               stat=gnustat
+       fi
        # privilege dropping and testing doesn't work if /tmp isn't world-writeable (as e.g. with libpam-tmpdir)
-       if [ -n "$TMPDIR" ] && [ "$(id -u)" = '0' ] && [ "$(stat --format '%a' "$TMPDIR")" != '1777' ]; then
+       if [ -n "$TMPDIR" ] && [ "$(id -u)" = '0' ] && [ "$($stat --format '%a' "$TMPDIR")" != '1777' ]; then
                unset TMPDIR
        fi
        TMPWORKINGDIRECTORY="$(mktemp -d)"
@@ -264,24 +302,40 @@ setupenvironment() {
        fi
        msgninfo "Preparing environment for ${0##*/} in ${TMPWORKINGDIRECTORY}…"
 
+       # Setup coreutils on BSD systems
+       mkdir "${TMPWORKINGDIRECTORY}/bin"
+       for prefix in gnu g; do
+                       for command in stat touch sed cp tr sha1sum sha256sum md5sum sha512sum grep date wc chmod head readlink tar expr base64; do
+                                       if command -v $prefix$command 2>/dev/null >/dev/null; then
+                                                       [ -e "${TMPWORKINGDIRECTORY}/bin/$command" ] || ln -sf $(command -v $prefix$command)  "${TMPWORKINGDIRECTORY}/bin/$command"
+                                       fi
+                       done
+       done
+       export PATH="${TMPWORKINGDIRECTORY}/bin/:$PATH"
+
+
        mkdir -m 700 "${TMPWORKINGDIRECTORY}/downloaded"
        if [ "$(id -u)" = '0' ]; then
                # relax permissions so that running as root with user switching works
                umask 022
                chmod 711 "$TMPWORKINGDIRECTORY"
-               chown _apt:root "${TMPWORKINGDIRECTORY}/downloaded"
+               chown _apt:$(id -gn) "${TMPWORKINGDIRECTORY}/downloaded"
        fi
 
        TESTDIRECTORY="$(readlink -f "$(dirname $0)")"
+       # Find the newest build directory (sets PROJECT_BINARY_DIR)
+       find_project_binary_dir
         # allow overriding the default BUILDDIR location
        SOURCEDIRECTORY="${APT_INTEGRATION_TESTS_SOURCE_DIR:-"${TESTDIRECTORY}/../../"}"
-       BUILDDIRECTORY="${APT_INTEGRATION_TESTS_BUILD_DIR:-"${TESTDIRECTORY}/../../build/bin"}"
-       LIBRARYPATH="${APT_INTEGRATION_TESTS_LIBRARY_PATH:-"${BUILDDIRECTORY}"}"
-        METHODSDIR="${APT_INTEGRATION_TESTS_METHODS_DIR:-"${BUILDDIRECTORY}/methods"}"
+       BUILDDIRECTORY="${APT_INTEGRATION_TESTS_BUILD_DIR:-"${PROJECT_BINARY_DIR}/cmdline"}"
+       LIBRARYPATH="${APT_INTEGRATION_TESTS_LIBRARY_PATH:-"${BUILDDIRECTORY}/../apt-pkg"}"
+        METHODSDIR="${APT_INTEGRATION_TESTS_METHODS_DIR:-"${BUILDDIRECTORY}/../methods"}"
         APTHELPERBINDIR="${APT_INTEGRATION_TESTS_LIBEXEC_DIR:-"${BUILDDIRECTORY}"}"
-        APTWEBSERVERBINDIR="${APT_INTEGRATION_TESTS_WEBSERVER_BIN_DIR:-"${BUILDDIRECTORY}"}"
-        APTINTERNALSOLVER="${APT_INTEGRATION_TESTS_INTERNAL_SOLVER:-"${BUILDDIRECTORY}/apt-internal-solver"}"
-       APTDUMPSOLVER="${APT_INTEGRATION_TESTS_DUMP_SOLVER:-"${BUILDDIRECTORY}/apt-dump-solver"}"
+        APTTESTHELPERSBINDIR="${APT_INTEGRATION_TESTS_HELPERS_BIN_DIR:-"${BUILDDIRECTORY}/../test/interactive-helper"}"
+        APTFTPARCHIVEBINDIR="${APT_INTEGRATION_TESTS_FTPARCHIVE_BIN_DIR:-"${BUILDDIRECTORY}/../ftparchive"}"
+        APTINTERNALSOLVER="${APT_INTEGRATION_TESTS_INTERNAL_SOLVER:-"${BUILDDIRECTORY}/solvers/apt"}"
+       APTDUMPSOLVER="${APT_INTEGRATION_TESTS_DUMP_SOLVER:-"${BUILDDIRECTORY}/solvers/dump"}"
+       APTINTERNALPLANNER="${APT_INTEGRATION_TESTS_INTERNAL_PLANNER:-"${BUILDDIRECTORY}/planners/apt"}"
        test -x "${BUILDDIRECTORY}/apt-get" || msgdie "You need to build tree first"
         # -----
 
@@ -289,21 +343,21 @@ setupenvironment() {
        mkdir rootdir aptarchive keys
        cd rootdir
        mkdir -p etc/apt/apt.conf.d etc/apt/sources.list.d etc/apt/trusted.gpg.d etc/apt/preferences.d
-       mkdir -p usr/bin var/cache var/lib var/log tmp
+       mkdir -p usr/bin var/cache var/lib var/log var/crash tmp
        mkdir -p var/lib/dpkg/info var/lib/dpkg/updates var/lib/dpkg/triggers
+       mkdir -p usr/lib/apt/solvers usr/lib/apt/planners
        touch var/lib/dpkg/available
-       mkdir -p usr/lib/apt
        ln -s "${METHODSDIR}" usr/lib/apt/methods
-       if [ "$BUILDDIRECTORY" = "$LIBRARYPATH" ]; then
-               mkdir -p usr/lib/apt/solvers
-               ln -s "${BUILDDIRECTORY}/apt-dump-solver" usr/lib/apt/solvers/dump
-               ln -s "${BUILDDIRECTORY}/apt-internal-solver" usr/lib/apt/solvers/apt
-               echo "Dir::Bin::Solvers \"${TMPWORKINGDIRECTORY}/rootdir/usr/lib/apt/solvers\";" > etc/apt/apt.conf.d/externalsolver.conf
-       fi
+       ln -s "${APTDUMPSOLVER}" usr/lib/apt/solvers/dump
+       ln -s "${APTDUMPSOLVER}" usr/lib/apt/planners/dump
+       ln -s "${APTINTERNALSOLVER}" usr/lib/apt/solvers/apt
+       ln -s "${APTINTERNALPLANNER}" usr/lib/apt/planners/apt
+       echo "Dir::Bin::Solvers \"${TMPWORKINGDIRECTORY}/rootdir/usr/lib/apt/solvers\";" >> ../aptconfig.conf
+       echo "Dir::Bin::Planners \"${TMPWORKINGDIRECTORY}/rootdir/usr/lib/apt/planners\";" >> ../aptconfig.conf
         # use the autoremove from the BUILDDIRECTORY if its there, otherwise
         # system
-        if [ -e "${BUILDDIRECTORY}/../../debian/apt.conf.autoremove" ]; then
-           ln -s "${BUILDDIRECTORY}/../../debian/apt.conf.autoremove" etc/apt/apt.conf.d/01autoremove
+        if [ -z "${APT_INTEGRATION_TESTS_SOURCE_DIR}" ]; then
+           ln -s "${SOURCEDIRECTORY}/debian/apt.conf.autoremove" etc/apt/apt.conf.d/01autoremove
         else
            ln -s /etc/apt/apt.conf.d/01autoremove etc/apt/apt.conf.d/01autoremove
         fi
@@ -321,8 +375,12 @@ setupenvironment() {
        chmod 644 keys/*
        ln -s "${TMPWORKINGDIRECTORY}/keys/joesixpack.pub" rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
 
-       echo "Dir \"${TMPWORKINGDIRECTORY}/rootdir\";" > aptconfig.conf
-       echo "Dir::state::status \"${TMPWORKINGDIRECTORY}/rootdir/var/lib/dpkg/status\";" >> aptconfig.conf
+       echo "Dir \"${TMPWORKINGDIRECTORY}/rootdir\";" >> aptconfig.conf
+       echo "Dir::Etc \"etc\";" >> aptconfig.conf
+       echo "Dir::State \"var/lib/apt\";" >> aptconfig.conf
+       echo "Dir::Cache \"var/cache/apt\";" >> aptconfig.conf
+       echo "Dir::Etc \"etc/apt\";" >> aptconfig.conf
+       echo "Dir::Log \"var/log/apt\";" >> aptconfig.conf
        echo "APT::Get::Show-User-Simulation-Note \"false\";" >> aptconfig.conf
        echo "Dir::Bin::Methods \"${TMPWORKINGDIRECTORY}/rootdir/usr/lib/apt/methods\";" >> aptconfig.conf
        # either store apt-key were we can access it, even if we run it as a different user
@@ -332,7 +390,10 @@ setupenvironment() {
        # destroys coverage reporting though, so we disable changing user for the calling gpgv
        echo "Dir::Bin::apt-key \"${BUILDDIRECTORY}/apt-key\";" >> aptconfig.conf
        if [ "$(id -u)" = '0' ]; then
-               echo 'Binary::gpgv::Debug::NoDropPrivs "true";' >>aptconfig.conf
+               echo 'Binary::gpgv::APT::Sandbox::User "root";' >> aptconfig.conf
+               # same for the solver executables
+               echo 'APT::Solver::RunAsUser "root";' >> aptconfig.conf
+               echo 'APT::Planner::RunAsUser "root";' >> aptconfig.conf
        fi
 
        cat > "${TMPWORKINGDIRECTORY}/rootdir/usr/bin/dpkg" <<EOF
@@ -354,11 +415,13 @@ EOF
        cp "${TMPWORKINGDIRECTORY}/rootdir/usr/bin/dpkg" "${TMPWORKINGDIRECTORY}/rootdir/usr/bin/gdb-dpkg"
        cat >> "${TMPWORKINGDIRECTORY}/rootdir/usr/bin/dpkg" <<EOF
 exec fakeroot '${DPKG:-dpkg}' --root='${TMPWORKINGDIRECTORY}/rootdir' \\
+       --admindir="${TMPWORKINGDIRECTORY}/rootdir/var/lib/dpkg" \\
        --log='${TMPWORKINGDIRECTORY}/rootdir/var/log/dpkg.log' \\
        --force-not-root --force-bad-path "\$@"
 EOF
        cat >> "${TMPWORKINGDIRECTORY}/rootdir/usr/bin/gdb-dpkg" <<EOF
 exec fakeroot gdb --quiet -ex run '${DPKG:-dpkg}' --args '${DPKG:-dpkg}' --root='${TMPWORKINGDIRECTORY}/rootdir' \\
+       --admindir="${TMPWORKINGDIRECTORY}/rootdir/var/lib/dpkg" \\
        --log='${TMPWORKINGDIRECTORY}/rootdir/var/log/dpkg.log' \\
        --force-not-root --force-bad-path "\$@"
 EOF
@@ -378,16 +441,19 @@ EOF
                # in testcases, it can appear as if localhost has a rotation setup,
                # hide this as we can't really deal with it properly
                echo 'Acquire::Failure::ShowIP "false";'
+               # randomess and tests don't play well together
+               echo 'Acquire::IndexTargets::Randomized "false";'
                # fakeroot can't fake everything, so disabled in production but good for tests
                echo 'APT::Sandbox::Verify "true";'
        } >> aptconfig.conf
 
        cp "${TESTDIRECTORY}/apt.pem" "${TMPWORKINGDIRECTORY}/rootdir/etc/webserver.pem"
        if [ "$(id -u)" = '0' ]; then
-               chown _apt:root "${TMPWORKINGDIRECTORY}/rootdir/etc/webserver.pem"
+               chown _apt:$(id -gn) "${TMPWORKINGDIRECTORY}/rootdir/etc/webserver.pem"
        fi
        echo "Acquire::https::CaInfo \"${TMPWORKINGDIRECTORY}/rootdir/etc/webserver.pem\";" > rootdir/etc/apt/apt.conf.d/99https
        echo "Apt::Cmd::Disable-Script-Warning \"1\";" > rootdir/etc/apt/apt.conf.d/apt-binary
+       export APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=no
        echo 'Acquire::Connect::AddrConfig "false";' > rootdir/etc/apt/apt.conf.d/connect-addrconfig
 
        configcompression '.' 'gz' #'bz2' 'lzma' 'xz'
@@ -395,16 +461,13 @@ EOF
 
        # create some files in /tmp and look at user/group to get what this means
        TEST_DEFAULT_USER="$(id -un)"
-       if [ "$(uname)" = 'GNU/kFreeBSD' ]; then
-               TEST_DEFAULT_GROUP='root'
-       else
-               TEST_DEFAULT_GROUP="$(id -gn)"
-       fi
+       touch "${TMPWORKINGDIRECTORY}/test-file"
+       TEST_DEFAULT_GROUP=$(stat --format '%G'  "${TMPWORKINGDIRECTORY}/test-file")
 
        # cleanup the environment a bit
        # prefer our apt binaries over the system apt binaries
        export PATH="${BUILDDIRECTORY}:${PATH}:/usr/local/sbin:/usr/sbin:/sbin"
-       export LC_ALL=C.UTF-8
+       export LC_ALL=C
        unset LANGUAGE APT_CONFIG
        unset GREP_OPTIONS DEB_BUILD_PROFILES
        unset http_proxy HTTP_PROXY https_proxy HTTPS_PROXY no_proxy
@@ -414,6 +477,13 @@ EOF
                echo 'Acquire::gpgv::Options { "--weak-digest"; "sha1"; };' > rootdir/etc/apt/apt.conf.d/no-sha1
        fi
 
+       # most tests just need one signed Release file, not both
+       export APT_DONT_SIGN='Release.gpg'
+
+       if [ -r "${TESTDIRECTORY}/extra-environment" ]; then
+               . "${TESTDIRECTORY}/extra-environment"
+       fi
+
        msgdone "info"
 }
 
@@ -455,30 +525,36 @@ configdpkg() {
                local STATUSFILE="status-${BASENAME#*-}"
                if [ -f "${TESTDIRECTORY}/${STATUSFILE}" ]; then
                        cp "${TESTDIRECTORY}/${STATUSFILE}" rootdir/var/lib/dpkg/status
+                       # Add an empty line to the end if there is none
+                       if tail -1 rootdir/var/lib/dpkg/status | grep -q .; then
+                               echo >> rootdir/var/lib/dpkg/status
+                       fi
                else
                        echo -n > rootdir/var/lib/dpkg/status
                fi
        fi
        rm -f rootdir/etc/apt/apt.conf.d/00foreigndpkg
-       if command dpkg --assert-multi-arch >/dev/null 2>&1 ; then
+       # make sure dpkg can detect itself as capable of it
+       if [ "0" = "$(dpkg -l dpkg 2> /dev/null | grep '^i' | wc -l)" ]; then
+               # dpkg doesn't really check the version as long as it is fully installed,
+               # but just to be sure we choose one above the required version
+               insertinstalledpackage 'dpkg' "all" '1.16.2+fake'
+       fi
+       if dpkg --assert-multi-arch >/dev/null 2>&1 ; then
                local ARCHS="$(getarchitectures)"
-               if echo "$ARCHS" | grep -E -q '[^ ]+ [^ ]+'; then
-                       DPKGARCH="$(dpkg --print-architecture)"
-                       for ARCH in ${ARCHS}; do
-                               if [ "${ARCH}" != "${DPKGARCH}" ]; then
-                                       if ! dpkg --add-architecture ${ARCH} >/dev/null 2>&1; then
-                                               # old-style used e.g. in Ubuntu-P – and as it seems travis
-                                               echo "DPKG::options:: \"--foreign-architecture\";" >> rootdir/etc/apt/apt.conf.d/00foreigndpkg
-                                               echo "DPKG::options:: \"${ARCH}\";"  >> rootdir/etc/apt/apt.conf.d/00foreigndpkg
-                                       fi
+               local DPKGARCH="$(dpkg --print-architecture)"
+               # this ensures that even if multi-arch isn't active in the view
+               # of apt, given that dpkg can't be told which arch is native
+               # the arch apt treats as native might be foreign for dpkg
+               for ARCH in ${ARCHS}; do
+                       if [ "${ARCH}" != "${DPKGARCH}" ]; then
+                               if ! dpkg --add-architecture ${ARCH} >/dev/null 2>&1; then
+                                       # old-style used e.g. in Ubuntu-P – and as it seems travis
+                                       echo "DPKG::options:: \"--foreign-architecture\";" >> rootdir/etc/apt/apt.conf.d/00foreigndpkg
+                                       echo "DPKG::options:: \"${ARCH}\";"  >> rootdir/etc/apt/apt.conf.d/00foreigndpkg
                                fi
-                       done
-                       if [ "0" = "$(dpkg -l dpkg 2> /dev/null | grep '^i' | wc -l)" ]; then
-                               # dpkg doesn't really check the version as long as it is fully installed,
-                               # but just to be sure we choose one above the required version
-                               insertinstalledpackage 'dpkg' "all" '1.16.2+fake'
                        fi
-               fi
+               done
        fi
 }
 
@@ -524,9 +600,17 @@ int execvp(const char *file, char *const argv[]) {
        return func_execvp(newfile, argv);
 }
 EOF
-       testempty --nomsg gcc -Wall -Wextra -fPIC -shared -o noopchroot.so noopchroot.c -ldl
+       if cc -ldl 2>&1 | grep -q dl; then
+               testempty --nomsg cc -Wall -Wextra -fPIC -shared -o noopchroot.so noopchroot.c
+       else
+               testempty --nomsg cc -Wall -Wextra -fPIC -shared -o noopchroot.so noopchroot.c -ldl
+       fi
 }
 configcompression() {
+       if [ "$1" = 'ALL' ]; then
+               configcompression '.' $(aptconfig dump APT::Compressor --format '%t %v%n' | sed -n 's#^Extension \.\(.*\)$#\1#p')
+               return
+       fi
        local CMD='apthelper cat-file -C'
        while [ -n "$1" ]; do
                case "$1" in
@@ -565,74 +649,23 @@ forcecompressor() {
        local CONFFILE="${TMPWORKINGDIRECTORY}/rootdir/etc/apt/apt.conf.d/00force-compressor"
        echo "Acquire::CompressionTypes::Order { \"${COMPRESS}\"; };
 Dir::Bin::uncompressed \"/does/not/exist\";" > "$CONFFILE"
+       for COMP in $(aptconfig dump 'APT::Compressor' --format '%f%n' | cut -d':' -f 5 | uniq); do
+               if [ -z "$COMP" -o "$COMP" = '.' -o "$COMP" = "$COMPRESSOR" ]; then continue; fi
+               echo "Dir::Bin::${COMP} \"/does/not/exist\";" >> "$CONFFILE"
+               echo "APT::Compressor::${COMP}::Name \"${COMP}-disabled\";" >> "$CONFFILE"
+       done
 }
 
-setupsimplenativepackage() {
-       local NAME="$1"
-       local ARCH="$2"
-       local VERSION="$3"
-       local RELEASE="${4:-unstable}"
-       local DEPENDENCIES="$5"
-       local DESCRIPTION="${6:-"an autogenerated dummy ${NAME}=${VERSION}/${RELEASE}
- If you find such a package installed on your system,
- something went horribly wrong! They are autogenerated
- und used only by testcases and serve no other purpose…"}"
-
-       local SECTION="${7:-others}"
-       local DISTSECTION
-       if [ "$SECTION" = "${SECTION#*/}" ]; then
-               DISTSECTION="main"
-       else
-               DISTSECTION="${SECTION%/*}"
-       fi
-       local BUILDDIR=incoming/${NAME}-${VERSION}
-       mkdir -p ${BUILDDIR}/debian/source
-       cd ${BUILDDIR}
-       echo "* most suckless software product ever" > FEATURES
-       test -e debian/copyright || echo "Copyleft by Joe Sixpack $(date +%Y)" > debian/copyright
-       test -e debian/changelog || echo "$NAME ($VERSION) $RELEASE; urgency=low
-
-  * Initial release
-
- -- Joe Sixpack <joe@example.org>  $(date -R)" > debian/changelog
-       test -e debian/control || echo "Source: $NAME
-Section: $SECTION
-Priority: optional
-Maintainer: Joe Sixpack <joe@example.org>
-Build-Depends: debhelper (>= 7)
-Standards-Version: 3.9.1
-
-Package: $NAME" > debian/control
-       if [ "$ARCH" = 'all' ]; then
-               echo "Architecture: all" >> debian/control
-       else
-               echo "Architecture: any" >> debian/control
-       fi
-       test -z "$DEPENDENCIES" || echo "$DEPENDENCIES" >> debian/control
-       echo "Description: $DESCRIPTION" >> debian/control
-
-       test -e debian/compat || echo "7" > debian/compat
-       test -e debian/source/format || echo "3.0 (native)" > debian/source/format
-       test -e debian/rules || cp /usr/share/doc/debhelper/examples/rules.tiny debian/rules
-       cd - > /dev/null
-}
-
-buildsimplenativepackage() {
+_setupsimplenativepackage() {
        local NAME="$1"
-       local NM
-       if [ "$(echo "$NAME" | cut -c 1-3)" = 'lib' ]; then
-               NM="$(echo "$NAME" | cut -c 1-4)"
-       else
-               NM="$(echo "$NAME" | cut -c 1)"
-       fi
        local ARCH="$2"
        local VERSION="$3"
        local RELEASE="${4:-unstable}"
        local DEPENDENCIES="$5"
-       local DESCRIPTION="${6:-"an autogenerated dummy ${NAME}=${VERSION}/${RELEASE}
+       local DESCRIPTION="${6:-an autogenerated dummy ${NAME}=${VERSION}/${RELEASE}
  If you find such a package installed on your system,
  something went horribly wrong! They are autogenerated
- und used only by testcases and serve no other purpose…"}"
+ und used only by testcases and serve no other purpose…}"
 
        local SECTION="${7:-others}"
        local PRIORITY="${8:-optional}"
@@ -646,18 +679,17 @@ buildsimplenativepackage() {
        fi
        local BUILDDIR="${TMPWORKINGDIRECTORY}/incoming/${NAME}-${VERSION}"
 
-       msgtest "Build source package in version ${VERSION} for ${RELEASE} in ${DISTSECTION}" "$NAME"
        mkdir -p "$BUILDDIR/debian/source"
        echo "* most suckless software product ever" > "${BUILDDIR}/FEATURES"
        echo "#!/bin/sh
 echo '$NAME says \"Hello!\"'" > "${BUILDDIR}/${NAME}"
 
-       echo "Copyleft by Joe Sixpack $(date +%Y)" > "${BUILDDIR}/debian/copyright"
+       echo "Copyleft by Joe Sixpack $(date -u +%Y)" > "${BUILDDIR}/debian/copyright"
        echo "$NAME ($VERSION) $RELEASE; urgency=low
 
   * Initial release
 
- -- Joe Sixpack <joe@example.org>  $(date -R)" > "${BUILDDIR}/debian/changelog"
+ -- Joe Sixpack <joe@example.org>  $(date -u -R)" > "${BUILDDIR}/debian/changelog"
        {
                echo "Source: $NAME
 Priority: $PRIORITY
@@ -666,7 +698,7 @@ Standards-Version: 3.9.3"
                if [ "$SECTION" != '<none>' ]; then
                        echo "Section: $SECTION"
                fi
-               local BUILDDEPS="$(echo "$DEPENDENCIES" | grep '^Build-')"
+               local BUILDDEPS="$(printf "%b\n" "$DEPENDENCIES" | grep '^Build-')"
                test -z "$BUILDDEPS" || echo "$BUILDDEPS"
                echo "
 Package: $NAME"
@@ -676,12 +708,55 @@ Package: $NAME"
                else
                        echo "Architecture: any"
                fi
-               local DEPS="$(echo "$DEPENDENCIES" | grep -v '^Build-')"
+               local DEPS="$(printf "%b\n" "$DEPENDENCIES" | grep -v '^Build-')"
                test -z "$DEPS" || echo "$DEPS"
-               echo "Description: $DESCRIPTION"
+               printf "%b\n" "Description: $DESCRIPTION"
        } > "${BUILDDIR}/debian/control"
 
        echo '3.0 (native)' > "${BUILDDIR}/debian/source/format"
+}
+
+make_tiny_rules() {
+       local OUT="$1"
+       if command -v gmake >/dev/null 2>&1; then
+               [ -e ${TMPWORKINGDIRECTORY}/bin/make ] || ln -s $(command -v gmake) ${TMPWORKINGDIRECTORY}/bin/make
+               echo "#!${TMPWORKINGDIRECTORY}/bin/make -f" > "$OUT"
+       else
+               echo '#!/usr/bin/make -f' > "$OUT"
+       fi
+       echo '%:' >> "$OUT"
+       echo '  dh $@' >> "$OUT"
+}
+
+setupsimplenativepackage() {
+       _setupsimplenativepackage "$@"
+       local NAME="$1"
+       local VERSION="$3"
+       local BUILDDIR="${TMPWORKINGDIRECTORY}/incoming/${NAME}-${VERSION}"
+       test -e "${BUILDDIR}/debian/compat" || echo '7' > "${BUILDDIR}/debian/compat"
+       test -e  "${BUILDDIR}/debian/rules" || make_tiny_rules "${BUILDDIR}/debian/rules"
+}
+
+buildsimplenativepackage() {
+       local NAME="$1"
+       local ARCH="$2"
+       local VERSION="$3"
+       local RELEASE="${4:-unstable}"
+       local DEPENDENCIES="$5"
+       local DESCRIPTION="$6"
+       local SECTION="${7:-others}"
+       local PRIORITY="${8:-optional}"
+       local FILE_TREE="$9"
+       local COMPRESS_TYPE="${10:-gzip}"
+       local DISTSECTION
+       if [ "$SECTION" = "${SECTION#*/}" ]; then
+               DISTSECTION="main"
+       else
+               DISTSECTION="${SECTION%/*}"
+       fi
+       local BUILDDIR="${TMPWORKINGDIRECTORY}/incoming/${NAME}-${VERSION}"
+       msgtest "Build source package in version ${VERSION} for ${RELEASE} in ${DISTSECTION}" "$NAME"
+       _setupsimplenativepackage "$@"
        cd "${BUILDDIR}/.."
        testsuccess --nomsg dpkg-source -b ${NAME}-${VERSION}
        cd - >/dev/null
@@ -715,6 +790,12 @@ Package: $NAME"
                echo "pool/${NAME}_${VERSION}_${arch}.deb" >> "${BUILDDIR}/../${RELEASE}.${DISTSECTION}.pkglist"
        done
 
+       local NM
+       if [ "$(echo "$NAME" | cut -c 1-3)" = 'lib' ]; then
+               NM="$(echo "$NAME" | cut -c 1-4)"
+       else
+               NM="$(echo "$NAME" | cut -c 1)"
+       fi
        local CHANGEPATH="${BUILDDIR}/../${DISTSECTION}/${NM}/${NAME}/${NAME}_${VERSION}"
        mkdir -p "$CHANGEPATH"
        cp "${BUILDDIR}/debian/changelog" "$CHANGEPATH"
@@ -734,7 +815,7 @@ buildpackage() {
        if [ "$ARCH" = "all" ]; then
                ARCH="$(dpkg-architecture -qDEB_HOST_ARCH 2> /dev/null)"
        fi
-       testsuccess --nomsg dpkg-buildpackage -uc -us -a$ARCH
+       testsuccess --nomsg dpkg-buildpackage -uc -us -a$ARCH -d
        cp "${TMPWORKINGDIRECTORY}/rootdir/tmp/testsuccess.output" "$BUILDLOG"
        local PKGS="$(grep '^dpkg-deb: building package' "$BUILDLOG" | cut -d'/' -f 2 | sed -e "s#'\.##")"
        local SRCS="$(grep '^dpkg-source: info: building' "$BUILDLOG" | grep -o '[a-z0-9._+~-]*$')"
@@ -811,10 +892,10 @@ insertpackage() {
        local VERSION="$4"
        local DEPENDENCIES="$5"
        local PRIORITY="${6:-optional}"
-       local DESCRIPTION="${7:-"an autogenerated dummy ${NAME}=${VERSION}/${RELEASES}
+       local DESCRIPTION="${7:-an autogenerated dummy ${NAME}=${VERSION}/${RELEASES}
  If you find such a package installed on your system,
  something went horribly wrong! They are autogenerated
- und used only by testcases and serve no other purpose…"}"
+ und used only by testcases and serve no other purpose…}"
        local ARCHS=""
        for RELEASE in $(printf '%s' "$RELEASES" | tr ',' '\n'); do
                if [ "$RELEASE" = 'installed' ]; then
@@ -839,9 +920,10 @@ Maintainer: Joe Sixpack <joe@example.org>"
                                        test "$arch" = 'none' || echo "Architecture: $arch"
                                        echo "Version: $VERSION
 Filename: pool/main/${NAME}/${NAME}_${VERSION}_${arch}.deb"
-                                       test -z "$DEPENDENCIES" || echo "$DEPENDENCIES"
+                                       test -z "$DEPENDENCIES" || printf "%b\n" "$DEPENDENCIES"
                                        echo "Description: $(printf '%s' "$DESCRIPTION" | head -n 1)"
                                        echo "Description-md5: $(printf '%s' "$DESCRIPTION" | md5sum | cut -d' ' -f 1)"
+                                       echo "SHA256: 0000000000000000000000000000000000000000000000000000000000000000"
                                        echo
                                } >> "${PPATH}/Packages"
                        done
@@ -874,7 +956,7 @@ Binary: $BINARY
 Version: $VERSION
 Maintainer: Joe Sixpack <joe@example.org>
 Architecture: $ARCH" >> $FILE
-               test -z "$DEPENDENCIES" || echo "$DEPENDENCIES" >> "$FILE"
+               test -z "$DEPENDENCIES" || printf "%b\n" "$DEPENDENCIES" >> "$FILE"
                echo "Files:
  $(echo -n "$DSCFILE" | md5sum | cut -d' ' -f 1) $(echo -n "$DSCFILE" | wc -c) "$DSCFILE"
  $(echo -n "$TARFILE" | md5sum | cut -d' ' -f 1) $(echo -n "$TARFILE" | wc -c) "$TARFILE"
@@ -892,10 +974,10 @@ insertinstalledpackage() {
        local DEPENDENCIES="$4"
        local PRIORITY="${5:-optional}"
        local STATUS="${6:-install ok installed}"
-       local DESCRIPTION="${7:-"an autogenerated dummy ${NAME}=${VERSION}/installed
+       local DESCRIPTION="${7:-an autogenerated dummy ${NAME}=${VERSION}/installed
  If you find such a package installed on your system,
  something went horribly wrong! They are autogenerated
- und used only by testcases and serve no other purpose…"}"
+ und used only by testcases and serve no other purpose…}"
 
        local FILE='rootdir/var/lib/dpkg/status'
        local INFO='rootdir/var/lib/dpkg/info'
@@ -908,8 +990,8 @@ Installed-Size: 42
 Maintainer: Joe Sixpack <joe@example.org>
 Version: $VERSION" >> "$FILE"
                test "$arch" = 'none' || echo "Architecture: $arch" >> "$FILE"
-               test -z "$DEPENDENCIES" || echo "$DEPENDENCIES" >> "$FILE"
-               echo "Description: $DESCRIPTION" >> "$FILE"
+               test -z "$DEPENDENCIES" || printf "%b\n" "$DEPENDENCIES" >> "$FILE"
+               printf "%b\n" "Description: $DESCRIPTION" >> "$FILE"
                echo >> "$FILE"
                if [ "$(dpkg-query -W --showformat='${Multi-Arch}')" = 'same' ]; then
                        echo -n > "${INFO}/${NAME}:${arch}.list"
@@ -946,7 +1028,7 @@ buildaptarchivefromfiles() {
 }
 
 compressfile() {
-       cat "${TMPWORKINGDIRECTORY}/rootdir/etc/testcase-compressor.conf" | while read compressor extension command; do
+       while read compressor extension command; do
                if [ "$compressor" = '.' ]; then
                        if [ -n "$2" ]; then
                                touch -d "$2" "$1"
@@ -957,7 +1039,7 @@ compressfile() {
                if [ -n "$2" ]; then
                        touch -d "$2" "${1}.${extension}"
                fi
-       done
+       done < "${TMPWORKINGDIRECTORY}/rootdir/etc/testcase-compressor.conf"
 }
 
 # can be overridden by testcases for their pleasure
@@ -1008,13 +1090,13 @@ NotAutomatic: yes' "$dir/Release"
        fi
        if [ -n "$DATE" -a "$DATE" != "now" ]; then
                for release in $(find ./aptarchive -name 'Release'); do
-                       sed -i "s/^Date: .*$/Date: $(date -d "$DATE" '+%a, %d %b %Y %H:%M:%S %Z')/" "$release"
+                       sed -i "s/^Date: .*$/Date: $(date -u -d "$DATE" -R)/" "$release"
                        touch -d "$DATE" "$release"
                done
        fi
        if [ -n "$VALIDUNTIL" ]; then
                sed -i "/^Date: / a\
-Valid-Until: $(date -d "$VALIDUNTIL" '+%a, %d %b %Y %H:%M:%S %Z')" $(find ./aptarchive -name 'Release')
+Valid-Until: $(date -u -d "$VALIDUNTIL" -R)" $(find ./aptarchive -name 'Release')
        fi
        msgdone "info"
 }
@@ -1070,40 +1152,73 @@ setupaptarchive() {
 }
 
 signreleasefiles() {
-       local SIGNER="${1:-Joe Sixpack}"
+       local SIGNERS="${1:-Joe Sixpack}"
        local REPODIR="${2:-aptarchive}"
-       local KEY="keys/$(echo "$SIGNER" | tr 'A-Z' 'a-z' | sed 's# ##g')"
-       local GPG="aptkey --quiet --keyring ${KEY}.pub --secret-keyring ${KEY}.sec --readonly adv --batch --yes --digest-algo SHA512"
-       msgninfo "\tSign archive with $SIGNER key $KEY… "
+       if [ -n "$1" ]; then shift; fi
+       if [ -n "$1" ]; then shift; fi
+       local KEY="keys/$(echo "$SIGNERS" | tr 'A-Z' 'a-z' | tr -d ' ,')"
+       msgninfo "\tSign archive with $SIGNERS key $KEY… "
        local REXKEY='keys/rexexpired'
        local SECEXPIREBAK="${REXKEY}.sec.bak"
        local PUBEXPIREBAK="${REXKEY}.pub.bak"
-       if [ "${SIGNER}" = 'Rex Expired' ]; then
-               # the key is expired, so gpg doesn't allow to sign with and the --faked-system-time
-               # option doesn't exist anymore (and using faketime would add a new obscure dependency)
-               # therefore we 'temporary' make the key not expired and restore a backup after signing
-               cp "${REXKEY}.sec" "$SECEXPIREBAK"
-               cp "${REXKEY}.pub" "$PUBEXPIREBAK"
-               local SECUNEXPIRED="${REXKEY}.sec.unexpired"
-               local PUBUNEXPIRED="${REXKEY}.pub.unexpired"
-               if [ -f "$SECUNEXPIRED" ] && [ -f "$PUBUNEXPIRED" ]; then
-                       cp "$SECUNEXPIRED" "${REXKEY}.sec"
-                       cp "$PUBUNEXPIRED" "${REXKEY}.pub"
-               else
-                       if ! printf "expire\n1w\nsave\n" | $GPG --default-key "$SIGNER" --command-fd 0 --edit-key "${SIGNER}" >setexpire.gpg 2>&1; then
-                               cat setexpire.gpg
-                               exit 1
+       local SIGUSERS=""
+       while [ -n "${SIGNERS%%,*}" ]; do
+               local SIGNER="${SIGNERS%%,*}"
+               if [ "${SIGNERS}" = "${SIGNER}" ]; then
+                       SIGNERS=""
+               fi
+               SIGNERS="${SIGNERS#*,}"
+               # FIXME: This should be the full name, but we can't encode the space properly currently
+               SIGUSERS="${SIGUSERS} -u ${SIGNER#* }"
+               if [ "${SIGNER}" = 'Rex Expired' ]; then
+                       # the key is expired, so gpg doesn't allow to sign with and the --faked-system-time
+                       # option doesn't exist anymore (and using faketime would add a new obscure dependency)
+                       # therefore we 'temporary' make the key not expired and restore a backup after signing
+                       cp "${REXKEY}.sec" "$SECEXPIREBAK"
+                       cp "${REXKEY}.pub" "$PUBEXPIREBAK"
+                       local SECUNEXPIRED="${REXKEY}.sec.unexpired"
+                       local PUBUNEXPIRED="${REXKEY}.pub.unexpired"
+                       if [ -f "$SECUNEXPIRED" ] && [ -f "$PUBUNEXPIRED" ]; then
+                               cp "$SECUNEXPIRED" "${REXKEY}.sec"
+                               cp "$PUBUNEXPIRED" "${REXKEY}.pub"
+                       else
+                               if ! printf "expire\n1w\nsave\n" | aptkey --quiet --keyring "${REXKEY}.pub" --secret-keyring "${REXKEY}.sec" \
+                                       --readonly adv --batch --yes --digest-algo "${APT_TESTS_DIGEST_ALGO:-SHA512}" \
+                                       --default-key "$SIGNER" --command-fd 0 --edit-key "${SIGNER}" >setexpire.gpg 2>&1; then
+                                       cat setexpire.gpg
+                                       exit 1
+                               fi
+                               cp "${REXKEY}.sec" "$SECUNEXPIRED"
+                               cp "${REXKEY}.pub" "$PUBUNEXPIRED"
                        fi
-                       cp "${REXKEY}.sec" "$SECUNEXPIRED"
-                       cp "${REXKEY}.pub" "$PUBUNEXPIRED"
                fi
+               if [ ! -e "${KEY}.pub" ]; then
+                       local K="keys/$(echo "$SIGNER" | tr 'A-Z' 'a-z' | tr -d ' ,')"
+                       cat "${K}.pub" >> "${KEY}.new.pub"
+                       cat "${K}.sec" >> "${KEY}.new.sec"
+               fi
+       done
+       if [ ! -e "${KEY}.pub" ]; then
+               mv "${KEY}.new.pub" "${KEY}.pub"
+               mv "${KEY}.new.sec" "${KEY}.sec"
        fi
+       local GPG="aptkey --quiet --keyring ${KEY}.pub --secret-keyring ${KEY}.sec --readonly adv --batch --yes --digest-algo ${APT_TESTS_DIGEST_ALGO:-SHA512}"
        for RELEASE in $(find "${REPODIR}/" -name Release); do
-               testsuccess $GPG --default-key "$SIGNER" --armor --detach-sign --sign --output "${RELEASE}.gpg" "${RELEASE}"
-               local INRELEASE="$(echo "${RELEASE}" | sed 's#/Release$#/InRelease#')"
-               testsuccess $GPG --default-key "$SIGNER" --clearsign --output "$INRELEASE" "$RELEASE"
                # we might have set a specific date for the Release file, so copy it
-               touch -d "$(stat --format "%y" ${RELEASE})" "${RELEASE}.gpg" "${INRELEASE}"
+               local DATE="$(stat --format "%y" "${RELEASE}")"
+               if [ "$APT_DONT_SIGN" = 'Release.gpg' ]; then
+                       rm -f "${RELEASE}.gpg"
+               else
+                       testsuccess $GPG "$@" $SIGUSERS --armor --detach-sign --sign --output "${RELEASE}.gpg" "${RELEASE}"
+                       touch -d "$DATE" "${RELEASE}.gpg"
+               fi
+               local INRELEASE="${RELEASE%/*}/InRelease"
+               if [ "$APT_DONT_SIGN" = 'InRelease' ]; then
+                       rm -f "$INRELEASE"
+               else
+                       testsuccess $GPG "$@" $SIGUSERS --clearsign --output "$INRELEASE" "$RELEASE"
+                       touch -d "$DATE" "${INRELEASE}"
+               fi
        done
        if [ -f "$SECEXPIREBAK" ] && [ -f "$PUBEXPIREBAK" ]; then
                mv -f "$SECEXPIREBAK" "${REXKEY}.sec"
@@ -1113,7 +1228,7 @@ signreleasefiles() {
 }
 
 redatereleasefiles() {
-       local DATE="$(date -d "$1" '+%a, %d %b %Y %H:%M:%S %Z')"
+       local DATE="$(date -u -d "$1" -R)"
        for release in $(find aptarchive/ -name 'Release'); do
                sed -i "s/^Date: .*$/Date: ${DATE}/" "$release"
                touch -d "$DATE" "$release"
@@ -1155,8 +1270,8 @@ rewritesourceslist() {
        local APTARCHIVE2="copy://$(readlink -f "${TMPWORKINGDIRECTORY}/aptarchive" | sed 's# #%20#g')"
        for LIST in $(find rootdir/etc/apt/sources.list.d/ -name 'apt-test-*.list'); do
                sed -i $LIST -e "s#$APTARCHIVE#${1}#" -e "s#$APTARCHIVE2#${1}#" \
-                       -e "s#http://localhost:${APTHTTPPORT}/#${1}#" \
-                       -e "s#https://localhost:${APTHTTPSPORT}/#${1}#"
+                       -e "s#http://[^@]*@\?localhost:${APTHTTPPORT}/\?#${1}#" \
+                       -e "s#https://[^@]*@\?localhost:${APTHTTPSPORT}/\?#${1}#"
        done
 }
 
@@ -1181,7 +1296,7 @@ changetowebserver() {
        else
                shift
        fi
-       if test -x "${APTWEBSERVERBINDIR}/aptwebserver"; then
+       if test -x "${APTTESTHELPERSBINDIR}/aptwebserver"; then
                cd aptarchive
                local LOG="webserver.log"
                if ! aptwebserver --port 0 -o aptwebserver::fork=1 -o aptwebserver::portfile='aptwebserver.port' "$@" >$LOG 2>&1 ; then
@@ -1209,7 +1324,12 @@ changetowebserver() {
 }
 
 changetohttpswebserver() {
-       if ! command -v stunnel4 >/dev/null 2>&1; then
+       local stunnel4
+       if command -v stunnel4 >/dev/null 2>&1; then
+               stunnel4=stunnel4
+       elif command -v stunnel >/dev/null 2>&1; then
+               stunnel4=stunnel
+       else
                msgdie 'You need to install stunnel4 for https testcases'
        fi
        if [ ! -e "${TMPWORKINGDIRECTORY}/aptarchive/aptwebserver.pid" ]; then
@@ -1223,14 +1343,14 @@ output = /dev/null
 accept = 0
 connect = $APTHTTPPORT
 " > "${TMPWORKINGDIRECTORY}/stunnel.conf"
-       stunnel4 "${TMPWORKINGDIRECTORY}/stunnel.conf"
+       $stunnel4 "${TMPWORKINGDIRECTORY}/stunnel.conf"
         waitforpidfile "${TMPWORKINGDIRECTORY}/aptarchive/stunnel.pid"
        local PID="$(cat "${TMPWORKINGDIRECTORY}/aptarchive/stunnel.pid")"
         if [ -z "$PID" ]; then
-               msgdie 'Could not fork stunnel4 successfully'
+               msgdie 'Could not fork $stunnel4 successfully'
        fi
        addtrap 'prefix' "kill ${PID};"
-       APTHTTPSPORT="$(lsof -i | awk "/^stunnel4 / && \$2 == \"${PID}\" {print \$9; exit; }" | cut -d':' -f 2)"
+       APTHTTPSPORT="$(lsof -i -n | awk "/^$stunnel4 / && \$2 == \"${PID}\" {print \$9; exit; }" | cut -d':' -f 2)"
        webserverconfig 'aptwebserver::port::https' "$APTHTTPSPORT" "https://localhost:${APTHTTPSPORT}"
        rewritesourceslist "https://localhost:${APTHTTPSPORT}/"
 }
@@ -1499,17 +1619,26 @@ testmarkedmanual() {
        msggroup
 }
 
+catfile() {
+       if [ "${1##*.}" = 'deb' ]; then
+               stat >&2 "$1" || true
+               file >&2 "$1" || true
+       else
+               cat >&2 "$1" || true
+       fi
+}
 msgfailoutput() {
        msgreportheader 'msgfailoutput'
        local MSG="$1"
        local OUTPUT="$2"
        shift 2
-       if [ "$1" = 'grep' ]; then
+       local CMD="$1"
+       if [ "$1" = 'grep' -o "$1" = 'tail' -o "$1" = 'head' ]; then
                echo >&2
                while [ -n "$2" ]; do shift; done
                echo "#### Complete file: $1 ####"
-               cat >&2 "$1" || true
-               echo '#### grep output ####'
+               catfile "$1"
+               echo "#### $CMD output ####"
        elif [ "$1" = 'test' ]; then
                echo >&2
                # doesn't support ! or non-file flags
@@ -1523,7 +1652,7 @@ msgfailoutput() {
                                        ls >&2 "$2" || true
                                elif test -e "$2"; then
                                        echo "#### Complete file: $2 ####"
-                                       cat >&2 "$2" || true
+                                       catfile "$2"
                                fi
                        fi
                }
@@ -1537,12 +1666,12 @@ msgfailoutput() {
                echo >&2
                while [ -n "$2" ]; do
                        echo "#### Complete file: $2 ####"
-                       cat >&2 "$2" || true
+                       catfile "$2"
                        shift
                done
                echo '#### cmp output ####'
        fi
-       cat >&2 "$OUTPUT"
+       catfile "$OUTPUT"
        msgfail "$MSG"
 }
 
@@ -1641,8 +1770,9 @@ testfailure() {
                local EXITCODE=$?
                if expr match "$1" '^apt.*' >/dev/null; then
                        if [ "$1" = 'aptkey' ]; then
-                               if grep -q -E " Can't check signature: " "$OUTPUT" || \
-                                       grep -q -E " BAD signature from " "$OUTPUT"; then
+                               if grep -q " Can't check signature: 
+ BAD signature from 
+ signature could not be verified" "$OUTPUT"; then
                                        msgpass
                                else
                                        msgfailoutput "run failed with exitcode ${EXITCODE}, but no signature error" "$OUTPUT" "$@"
@@ -1780,49 +1910,24 @@ testwebserverlaststatuscode() {
        msggroup
 }
 
-createlistofkeys() {
-       local OUTPUT="$1"
-       shift
+mapkeynametokeyid() {
        while [ -n "$1" ]; do
-               # gpg 2.1.something starts printing [SC] at some point
-               if grep -q ' rsa2048/' "$OUTPUT" && grep -qF '[SC]' "$OUTPUT"; then
-                       case "$1" in
-                               *Joe*|*Sixpack*) echo 'pub   rsa2048/DBAC8DAE 2010-08-18 [SC]';;
-                               *Rex*|*Expired*) echo 'pub   rsa2048/27CE74F9 2013-07-12 [SC] [expired: 2013-07-13]';;
-                               *Marvin*|*Paranoid*) echo 'pub   rsa2048/528144E2 2011-01-16 [SC]';;
-                               oldarchive) echo 'pub   rsa1024/F68C85A3 2013-12-19 [SC]';;
-                               newarchive) echo 'pub   rsa2048/DBAC8DAE 2010-08-18 [SC]';;
-                               *) echo 'UNKNOWN KEY';;
-                       esac
-               # gpg 2.1 has a slightly different output format
-               elif grep -q ' rsa2048/' "$OUTPUT"; then
-                       case "$1" in
-                               *Joe*|*Sixpack*) echo 'pub   rsa2048/DBAC8DAE 2010-08-18';;
-                               *Rex*|*Expired*) echo 'pub   rsa2048/27CE74F9 2013-07-12 [expired: 2013-07-13]';;
-                               *Marvin*|*Paranoid*) echo 'pub   rsa2048/528144E2 2011-01-16';;
-                               oldarchive) echo 'pub   rsa1024/F68C85A3 2013-12-19';;
-                               newarchive) echo 'pub   rsa2048/DBAC8DAE 2010-08-18';;
-                               *) echo 'UNKNOWN KEY';;
-                       esac
-               else
-                       case "$1" in
-                               *Joe*|*Sixpack*) echo 'pub   2048R/DBAC8DAE 2010-08-18';;
-                               *Rex*|*Expired*) echo 'pub   2048R/27CE74F9 2013-07-12 [expired: 2013-07-13]';;
-                               *Marvin*|*Paranoid*) echo 'pub   2048R/528144E2 2011-01-16';;
-                               oldarchive) echo 'pub   1024R/F68C85A3 2013-12-19';;
-                               newarchive) echo 'pub   2048R/DBAC8DAE 2010-08-18';;
-                               *) echo 'UNKNOWN KEY';;
-                       esac
-               fi
+               case "$1" in
+                       *Joe*|*Sixpack*|newarchive) echo '5A90D141DBAC8DAE';;
+                       *Rex*|*Expired*) echo '4BC0A39C27CE74F9';;
+                       *Marvin*|*Paranoid*) echo 'E8525D47528144E2';;
+                       oldarchive) echo 'FDD2DB85F68C85A3';;
+                       *) echo 'UNKNOWN KEY';;
+               esac
                shift
        done
 }
 testaptkeys() {
        local OUTPUT="${TMPWORKINGDIRECTORY}/rootdir/tmp/aptkeylist.output"
-       if ! aptkey list | grep '^pub' > "$OUTPUT"; then
+       if ! aptkey list --with-colon | grep '^pub' | cut -d':' -f 5 > "$OUTPUT"; then
                echo -n > "$OUTPUT"
        fi
-       testfileequal "$OUTPUT" "$(createlistofkeys "$OUTPUT" "$@")"
+       testfileequal "$OUTPUT" "$(mapkeynametokeyid "$@")"
 }
 
 pause() {
@@ -1831,6 +1936,11 @@ pause() {
        read IGNORE
 }
 
+logcurrentarchivedirectory() {
+       find "${TMPWORKINGDIRECTORY}/aptarchive/dists" -type f | while read line; do
+               stat --format '%U:%G:%a:%n' "$line"
+       done | sort > "${TMPWORKINGDIRECTORY}/rootdir/var/log/aptgetupdate.before.lst"
+}
 listcurrentlistsdirectory() {
        {
                find rootdir/var/lib/apt/lists -maxdepth 1 -type d | while read line; do
@@ -1842,6 +1952,7 @@ listcurrentlistsdirectory() {
        } | sort
 }
 forallsupportedcompressors() {
+       rm -f "${TMPWORKINGDIRECTORY}/rootdir/etc/apt/apt.conf.d/00force-compressor"
        for COMP in $(aptconfig dump 'APT::Compressor' --format '%f%n' | cut -d':' -f 5 | uniq); do
                if [ -z "$COMP" -o "$COMP" = '.' ]; then continue; fi
                "$@" "$COMP"
@@ -1859,7 +1970,7 @@ mkdir() {
                command mkdir -m 700 -p "${TMPWORKINGDIRECTORY}/rootdir/var/lib/apt/lists/partial"
                touch "${TMPWORKINGDIRECTORY}/rootdir/var/lib/apt/lists/lock"
                if [ "$(id -u)" = '0' ]; then
-                       chown _apt:root "${TMPWORKINGDIRECTORY}/rootdir/var/lib/apt/lists/partial"
+                       chown _apt:$(id -gn) "${TMPWORKINGDIRECTORY}/rootdir/var/lib/apt/lists/partial"
                fi
        else
                command mkdir "$@"
@@ -1870,12 +1981,20 @@ mkdir() {
 ### general things about commands executed without writing the test every time.
 
 aptautotest() {
+       if [ $# -lt 3 ]; then return; fi
        local TESTCALL="$1"
        local CMD="$2"
        local FIRSTOPT="$3"
+       shift 2
+       for i in "$@"; do
+               if ! expr match "$i" '^-' >/dev/null 2>&1; then
+                       FIRSTOPT="$i"
+                       break
+               fi
+       done
+       shift
        local AUTOTEST="aptautotest_$(echo "${CMD##*/}_${FIRSTOPT}" | tr -d -c 'A-za-z0-9')"
        if command -v $AUTOTEST >/dev/null; then
-               shift 3
                # save and restore the *.output files from other tests
                # as we might otherwise override them in these automatic tests
                rm -rf "${TMPWORKINGDIRECTORY}/rootdir/tmp-before"
@@ -1908,6 +2027,10 @@ aptautotest_aptget_update() {
                # failure cases can retain partial files and such
                testempty find "${TMPWORKINGDIRECTORY}/rootdir/var/lib/apt/lists/partial" -mindepth 1 ! \( -name 'lock' -o -name '*.FAILED' \)
        fi
+       if [ -s "${TMPWORKINGDIRECTORY}/rootdir/var/log/aptgetupdate.before.lst" ]; then
+               testfileequal "${TMPWORKINGDIRECTORY}/rootdir/var/log/aptgetupdate.before.lst" \
+                       "$(find "${TMPWORKINGDIRECTORY}/aptarchive/dists" -type f | while read line; do stat --format '%U:%G:%a:%n' "$line"; done | sort)"
+       fi
 }
 aptautotest_apt_update() { aptautotest_aptget_update "$@"; }
 aptautotest_aptcdrom_add() { aptautotest_aptget_update "$@"; }
@@ -1919,7 +2042,7 @@ testaptautotestnodpkgwarning() {
                if expr match "$2" '^-dy\?' >/dev/null 2>&1; then return; fi # download-only mode
                shift
        done
-       testfailure grep '^dpkg: warning:.*ignor.*' "${TMPWORKINGDIRECTORY}/rootdir/tmp-before/${TESTCALL}.output"
+       testfailure grep '^dpkg: warning:.*\(ignor\|unknown\).*' "${TMPWORKINGDIRECTORY}/rootdir/tmp-before/${TESTCALL}.output"
 }
 
 aptautotest_aptget_install() { testaptautotestnodpkgwarning "$@"; }
@@ -1928,3 +2051,11 @@ aptautotest_aptget_purge() { testaptautotestnodpkgwarning "$@"; }
 aptautotest_apt_install() { testaptautotestnodpkgwarning "$@"; }
 aptautotest_apt_remove() { testaptautotestnodpkgwarning "$@"; }
 aptautotest_apt_purge() { testaptautotestnodpkgwarning "$@"; }
+
+testaptmarknodefaultsections() {
+       testfailure grep '^Auto-Installed: 0$' "${TMPWORKINGDIRECTORY}/rootdir/var/lib/apt/extended_states"
+}
+aptautotest_aptmark_auto() { testaptmarknodefaultsections "$@"; }
+aptautotest_aptmark_manual() { testaptmarknodefaultsections "$@"; }
+aptautotest_aptget_markauto() { testaptmarknodefaultsections "$@"; }
+aptautotest_aptget_markmanual() { testaptmarknodefaultsections "$@"; }