printf "$START " "$1"
shift
while [ -n "$1" ]; do
- printf "$MIDDLE " "$(echo "$1" | sed -e 's#^apt\([cfghs]\)#apt-\1#')"
+ printf "$MIDDLE " "$(echo "$1" | sed -e 's#^apt\([cfghks]\)#apt-\1#')"
shift
done
fi
if [ $# -gt 0 ] && [ -n "$1" ]; then printf "${CFAIL}FAIL: $*${CNORMAL}\n" >&2;
else printf "${CFAIL}FAIL${CNORMAL}\n" >&2; fi
if [ -n "$APT_DEBUG_TESTS" ]; then
- $SHELL
+ runapt $SHELL
fi
EXIT_CODE=$((EXIT_CODE+1));
}
msgdebug "Executing: ${CCMD}$*${CDEBUG} "
local CMD="$1"
shift
- case $CMD in
+ case "$CMD" in
sh|aptitude|*/*|command) ;;
*) CMD="${BUILDDIRECTORY}/$CMD";;
esac
- MALLOC_PERTURB_=21 MALLOC_CHECK_=2 APT_CONFIG="$(getaptconfig)" LD_LIBRARY_PATH=${LIBRARYPATH} $CMD "$@"
+ MALLOC_PERTURB_=21 MALLOC_CHECK_=2 APT_CONFIG="$(getaptconfig)" LD_LIBRARY_PATH="${LIBRARYPATH}:${LD_LIBRARY_PATH}" "$CMD" "$@"
}
+runpython3() { runapt command python3 "$@"; }
aptconfig() { runapt apt-config "$@"; }
aptcache() { runapt apt-cache "$@"; }
aptcdrom() { runapt apt-cdrom "$@"; }
trap "shellsetedetector; $CURRENTTRAP exitwithstatus;" 0 HUP INT QUIT ILL ABRT FPE SEGV PIPE TERM
}
+escape_shell() {
+ echo "$@" | sed -e "s#'#'\"'\"'#g"
+}
+
setupenvironment() {
# privilege dropping and testing doesn't work if /tmp isn't world-writeable (as e.g. with libpam-tmpdir)
if [ -n "$TMPDIR" ] && [ "$(id -u)" = '0' ] && [ "$(stat --format '%a' "$TMPDIR")" != '1777' ]; then
unset TMPDIR
fi
TMPWORKINGDIRECTORY="$(mktemp -d)"
- addtrap "cd /; rm -rf \"$TMPWORKINGDIRECTORY\";"
+ addtrap "cd /; rm -rf '$(escape_shell "$TMPWORKINGDIRECTORY")';"
+ if [ -n "$TMPDIR_ADD" ]; then
+ TMPWORKINGDIRECTORY="${TMPWORKINGDIRECTORY}/${TMPDIR_ADD}"
+ mkdir -p "$TMPWORKINGDIRECTORY"
+ unset TMPDIR_ADD
+ export TMPDIR="$TMPWORKINGDIRECTORY"
+ fi
msgninfo "Preparing environment for ${0##*/} in ${TMPWORKINGDIRECTORY}…"
mkdir -m 700 "${TMPWORKINGDIRECTORY}/downloaded"
if [ -f "${TESTDIRECTORY}/${SOURCESSFILE}" ]; then
cp "${TESTDIRECTORY}/${SOURCESSFILE}" aptarchive/Sources
fi
- for key in $(find "$TESTDIRECTORY" -name '*.pub' -o -name '*.sec'); do
- cp "$key" keys/
- chmod 644 "$key"
- done
+ find "$TESTDIRECTORY" \( -name '*.pub' -o -name '*.sec' \) -exec cp '{}' keys/ \;
+ chmod 644 keys/*
ln -s "${TMPWORKINGDIRECTORY}/keys/joesixpack.pub" rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
echo "Dir \"${TMPWORKINGDIRECTORY}/rootdir\";" > aptconfig.conf
cat > "${TMPWORKINGDIRECTORY}/rootdir/usr/bin/dpkg" <<EOF
#!/bin/sh
set -e
-if [ -r "${TMPWORKINGDIRECTORY}/noopchroot.so" ]; then
+if [ -r '${TMPWORKINGDIRECTORY}/noopchroot.so' ]; then
if [ -n "\$LD_LIBRARY_PATH" ]; then
- export LD_LIBRARY_PATH="${TMPWORKINGDIRECTORY}:${LD_LIBRARY_PATH}"
+ export LD_LIBRARY_PATH='${TMPWORKINGDIRECTORY}:'"\${LD_LIBRARY_PATH}"
else
- export LD_LIBRARY_PATH="${TMPWORKINGDIRECTORY}"
+ export LD_LIBRARY_PATH='${TMPWORKINGDIRECTORY}'
fi
if [ -n "\$LD_PRELOAD" ]; then
export LD_PRELOAD="noopchroot.so \${LD_PRELOAD}"
EOF
cp "${TMPWORKINGDIRECTORY}/rootdir/usr/bin/dpkg" "${TMPWORKINGDIRECTORY}/rootdir/usr/bin/gdb-dpkg"
cat >> "${TMPWORKINGDIRECTORY}/rootdir/usr/bin/dpkg" <<EOF
-exec fakeroot "${DPKG:-dpkg}" --root="${TMPWORKINGDIRECTORY}/rootdir" \\
- --log="${TMPWORKINGDIRECTORY}/rootdir/var/log/dpkg.log" \\
+exec fakeroot '${DPKG:-dpkg}' --root='${TMPWORKINGDIRECTORY}/rootdir' \\
+ --log='${TMPWORKINGDIRECTORY}/rootdir/var/log/dpkg.log' \\
--force-not-root --force-bad-path "\$@"
EOF
cat >> "${TMPWORKINGDIRECTORY}/rootdir/usr/bin/gdb-dpkg" <<EOF
-exec fakeroot gdb --quiet -ex run "${DPKG:-dpkg}" --args "${DPKG:-dpkg}" --root="${TMPWORKINGDIRECTORY}/rootdir" \\
- --log="${TMPWORKINGDIRECTORY}/rootdir/var/log/dpkg.log" \\
+exec fakeroot gdb --quiet -ex run '${DPKG:-dpkg}' --args '${DPKG:-dpkg}' --root='${TMPWORKINGDIRECTORY}/rootdir' \\
+ --log='${TMPWORKINGDIRECTORY}/rootdir/var/log/dpkg.log' \\
--force-not-root --force-bad-path "\$@"
EOF
chmod +x "${TMPWORKINGDIRECTORY}/rootdir/usr/bin/dpkg" "${TMPWORKINGDIRECTORY}/rootdir/usr/bin/gdb-dpkg"
echo "Acquire::https::CaInfo \"${TMPWORKINGDIRECTORY}/rootdir/etc/webserver.pem\";" > rootdir/etc/apt/apt.conf.d/99https
echo "Apt::Cmd::Disable-Script-Warning \"1\";" > rootdir/etc/apt/apt.conf.d/apt-binary
echo 'Acquire::Connect::AddrConfig "false";' > rootdir/etc/apt/apt.conf.d/connect-addrconfig
+
configcompression '.' 'gz' #'bz2' 'lzma' 'xz'
- confighashes 'SHA1' # these are tests, not security best-practices
+ confighashes 'SHA256' # these are tests, not security best-practices
# create some files in /tmp and look at user/group to get what this means
TEST_DEFAULT_USER="$(id -un)"
export LC_ALL=C.UTF-8
unset LANGUAGE APT_CONFIG
unset GREP_OPTIONS DEB_BUILD_PROFILES
- unset http_proxy HTTP_PROXY https_proxy HTTPS_PROXY
+ unset http_proxy HTTP_PROXY https_proxy HTTPS_PROXY no_proxy
+
+ # If gpgv supports --weak-digest, pass it to make sure we can disable SHA1
+ if aptkey verify --weak-digest SHA1 --help 2>/dev/null >/dev/null; then
+ echo 'Acquire::gpgv::Options { "--weak-digest"; "sha1"; };' > rootdir/etc/apt/apt.conf.d/no-sha1
+ fi
+
msgdone "info"
}
#include <stdlib.h>
#include <string.h>
#include <dlfcn.h>
-#include <limits.h>
static char * chrootdir = NULL;
if (chrootdir == NULL || strncmp(file, "/var/lib/dpkg/", strlen("/var/lib/dpkg/")) != 0)
return func_execvp(file, argv);
printf("REWRITE execvp call %s into %s\n", file, chrootdir);
- char newfile[PATH_MAX];
- snprintf(newfile, sizeof(newfile), "%s/%s", chrootdir, file);
+ char *newfile;
+ if (asprintf(&newfile, "%s%s", chrootdir, file) == -1) {
+ perror("asprintf");
+ return -1;
+ }
char const * const baseadmindir = "/var/lib/dpkg";
- char admindir[PATH_MAX];
- snprintf(admindir, sizeof(admindir), "%s/%s", chrootdir, baseadmindir);
+ char *admindir;
+ if (asprintf(&admindir, "%s%s", chrootdir, baseadmindir) == -1) {
+ perror("asprintf");
+ return -1;
+ }
setenv("DPKG_ADMINDIR", admindir, 1);
return func_execvp(newfile, argv);
}
EOF
- testsuccess --nomsg gcc -fPIC -shared -o noopchroot.so noopchroot.c -ldl
+ testempty --nomsg gcc -Wall -Wextra -fPIC -shared -o noopchroot.so noopchroot.c -ldl
}
configcompression() {
+ local CMD='apthelper cat-file -C'
while [ -n "$1" ]; do
case "$1" in
'.') printf ".\t.\tcat\n";;
- 'gz') printf "gzip\tgz\tgzip\n";;
- 'bz2') printf "bzip2\tbz2\tbzip2\n";;
- 'lzma') printf "lzma\tlzma\txz --format=lzma\n";;
- 'xz') printf "xz\txz\txz\n";;
- *) printf "$1\t$1\t$1\n";;
+ 'gz') printf "gzip\tgz\t$CMD $1\n";;
+ 'bz2') printf "bzip2\tbz2\t$CMD $1\n";;
+ *) printf "$1\t$1\t$CMD $1\n";;
esac
shift
done > "${TMPWORKINGDIRECTORY}/rootdir/etc/testcase-compressor.conf"
}
forcecompressor() {
COMPRESSOR="$1"
- COMPRESSOR_CMD="$1"
+ COMPRESS="$1"
+ COMPRESSOR_CMD="apthelper cat-file -C $1"
case $COMPRESSOR in
gzip) COMPRESS='gz';;
bzip2) COMPRESS='bz2';;
- lzma) COMPRESS='lzma';;
- xz) COMPRESS='xz';;
- *) msgdie "Compressor $COMPRESSOR is unknown to framework, so can't be forced by forcecompressor!";;
esac
local CONFFILE="${TMPWORKINGDIRECTORY}/rootdir/etc/apt/apt.conf.d/00force-compressor"
echo "Acquire::CompressionTypes::Order { \"${COMPRESS}\"; };
-Dir::Bin::uncompressed \"/does/not/exist\";
-Dir::Bin::gzip \"/does/not/exist\";
-Dir::Bin::bzip2 \"/does/not/exist\";
-Dir::Bin::lzma \"/does/not/exist\";
-Dir::Bin::xz \"/does/not/exist\";" > "$CONFFILE"
- if [ -e "/bin/${COMPRESSOR}" ]; then
- echo "Dir::Bin::${COMPRESSOR} \"/bin/${COMPRESSOR}\";" >> "$CONFFILE"
- elif [ -e "/usr/bin/${COMPRESSOR}" ]; then
- echo "Dir::Bin::${COMPRESSOR} \"/usr/bin/${COMPRESSOR}\";" >> "$CONFFILE"
- elif [ "${COMPRESSOR}" = 'lzma' ]; then
- echo 'Dir::Bin::xz "/usr/bin/xz";' >> "$CONFFILE"
- COMPRESSOR_CMD='xz --format=lzma'
- else
- msgtest 'Test for availability of compressor' "${COMPRESSOR}"
- msgfail "${COMPRESSOR} not available"
- fi
+Dir::Bin::uncompressed \"/does/not/exist\";" > "$CONFFILE"
+ for COMP in $(aptconfig dump 'APT::Compressor' --format '%f%n' | cut -d':' -f 5 | uniq); do
+ if [ -z "$COMP" -o "$COMP" = '.' -o "$COMP" = "$COMPRESSOR" ]; then continue; fi
+ echo "Dir::Bin::${COMP} \"/does/not/exist\";" >> "$CONFFILE"
+ echo "APT::Compressor::${COMP}::Name \"${COMP}-disabled\";" >> "$CONFFILE"
+ done
}
setupsimplenativepackage() {
}
insertsource() {
- local RELEASE="$1"
+ local RELEASES="$1"
local NAME="$2"
local ARCH="$3"
local VERSION="$4"
local DEPENDENCIES="$5"
- local BINARY="${6:-$NAME}"
+ local BINARY="${6:-$NAME}"
local ARCHS=""
- local SPATH="aptarchive/dists/${RELEASE}/main/source"
- mkdir -p $SPATH
- local FILE="${SPATH}/Sources"
- local DSCFILE="${NAME}_${VERSION}.dsc"
- local TARFILE="${NAME}_${VERSION}.tar.gz"
- echo "Package: $NAME
+ for RELEASE in $(printf '%s' "$RELEASES" | tr ',' '\n'); do
+ local SPATH="aptarchive/dists/${RELEASE}/main/source"
+ mkdir -p $SPATH
+ local FILE="${SPATH}/Sources"
+ local DSCFILE="${NAME}_${VERSION}.dsc"
+ local TARFILE="${NAME}_${VERSION}.tar.gz"
+ echo "Package: $NAME
Binary: $BINARY
Version: $VERSION
Maintainer: Joe Sixpack <joe@example.org>
Architecture: $ARCH" >> $FILE
- test -z "$DEPENDENCIES" || echo "$DEPENDENCIES" >> "$FILE"
- echo "Files:
+ test -z "$DEPENDENCIES" || echo "$DEPENDENCIES" >> "$FILE"
+ echo "Files:
$(echo -n "$DSCFILE" | md5sum | cut -d' ' -f 1) $(echo -n "$DSCFILE" | wc -c) "$DSCFILE"
$(echo -n "$TARFILE" | md5sum | cut -d' ' -f 1) $(echo -n "$TARFILE" | wc -c) "$TARFILE"
Checksums-Sha256:
$(echo -n "$DSCFILE" | sha256sum | cut -d' ' -f 1) $(echo -n "$DSCFILE" | wc -c) "$DSCFILE"
$(echo -n "$TARFILE" | sha256sum | cut -d' ' -f 1) $(echo -n "$TARFILE" | wc -c) "$TARFILE"
" >> "$FILE"
+ done
}
insertinstalledpackage() {
local SIGNER="${1:-Joe Sixpack}"
local REPODIR="${2:-aptarchive}"
local KEY="keys/$(echo "$SIGNER" | tr 'A-Z' 'a-z' | sed 's# ##g')"
- local GPG="aptkey --quiet --keyring ${KEY}.pub --secret-keyring ${KEY}.sec --readonly adv --batch --yes"
+ local GPG="aptkey --quiet --keyring ${KEY}.pub --secret-keyring ${KEY}.sec --readonly adv --batch --yes --digest-algo ${APT_TESTS_DIGEST_ALGO:-SHA512}"
msgninfo "\tSign archive with $SIGNER key $KEY… "
local REXKEY='keys/rexexpired'
local SECEXPIREBAK="${REXKEY}.sec.bak"
fi
fi
for RELEASE in $(find "${REPODIR}/" -name Release); do
- $GPG --default-key "$SIGNER" --armor --detach-sign --sign --output "${RELEASE}.gpg" "${RELEASE}"
+ testsuccess $GPG --default-key "$SIGNER" --armor --detach-sign --sign --output "${RELEASE}.gpg" "${RELEASE}"
local INRELEASE="$(echo "${RELEASE}" | sed 's#/Release$#/InRelease#')"
- $GPG --default-key "$SIGNER" --clearsign --output "$INRELEASE" "$RELEASE"
+ testsuccess $GPG --default-key "$SIGNER" --clearsign --output "$INRELEASE" "$RELEASE"
# we might have set a specific date for the Release file, so copy it
touch -d "$(stat --format "%y" ${RELEASE})" "${RELEASE}.gpg" "${INRELEASE}"
done
local APTARCHIVE2="copy://$(readlink -f "${TMPWORKINGDIRECTORY}/aptarchive" | sed 's# #%20#g')"
for LIST in $(find rootdir/etc/apt/sources.list.d/ -name 'apt-test-*.list'); do
sed -i $LIST -e "s#$APTARCHIVE#${1}#" -e "s#$APTARCHIVE2#${1}#" \
- -e "s#http://localhost:${APTHTTPPORT}/#${1}#" \
- -e "s#https://localhost:${APTHTTPSPORT}/#${1}#"
+ -e "s#http://[^@]*@\?localhost:${APTHTTPPORT}/\?#${1}#" \
+ -e "s#https://[^@]*@\?localhost:${APTHTTPSPORT}/\?#${1}#"
done
}
cd aptarchive
local LOG="webserver.log"
if ! aptwebserver --port 0 -o aptwebserver::fork=1 -o aptwebserver::portfile='aptwebserver.port' "$@" >$LOG 2>&1 ; then
- cat $LOG
+ cat "$LOG"
false
fi
waitforpidfile aptwebserver.pid
msgdie 'Could not fork stunnel4 successfully'
fi
addtrap 'prefix' "kill ${PID};"
- APTHTTPSPORT="$(lsof -i | awk "/^stunnel4 / && \$2 == \"${PID}\" {print \$9; exit; }" | cut -d':' -f 2)"
+ APTHTTPSPORT="$(lsof -i -n | awk "/^stunnel4 / && \$2 == \"${PID}\" {print \$9; exit; }" | cut -d':' -f 2)"
webserverconfig 'aptwebserver::port::https' "$APTHTTPSPORT" "https://localhost:${APTHTTPSPORT}"
rewritesourceslist "https://localhost:${APTHTTPSPORT}/"
}
# start with an unmounted disk
mv "${CD}" "${CD}-unmounted"
# we don't want the disk to be modifiable
- addtrap 'prefix' "chmod -f -R +w \"$PWD/rootdir/media/cdrom/dists/\" \"$PWD/rootdir/media/cdrom-unmounted/dists/\" || true;"
+ addtrap 'prefix' "chmod -f -R +w '$(escape_shell "$PWD/rootdir/media/cdrom/dists/")' '$(escape_shell "$PWD/rootdir/media/cdrom-unmounted/dists/")' || true;"
chmod -R 555 rootdir/media/cdrom-unmounted/dists
}
testempty() {
msggroup 'testempty'
- msgtest "Test for no output of" "$*"
+ if [ "$1" = '--nomsg' ]; then
+ shift
+ else
+ msgtest "Test for no output of" "$*"
+ fi
local COMPAREFILE="${TMPWORKINGDIRECTORY}/rootdir/tmp/testempty.comparefile"
- if ("$@" >"$COMPAREFILE" 2>&1 || true) && test ! -s "$COMPAREFILE"; then
+ if "$@" >"$COMPAREFILE" 2>&1 && test ! -s "$COMPAREFILE"; then
msgpass
else
msgfailoutput '' "$COMPAREFILE" "$@"
msggroup
}
+catfile() {
+ if [ "${1##*.}" = 'deb' ]; then
+ stat >&2 "$1" || true
+ file >&2 "$1" || true
+ else
+ cat >&2 "$1" || true
+ fi
+}
msgfailoutput() {
msgreportheader 'msgfailoutput'
local MSG="$1"
echo >&2
while [ -n "$2" ]; do shift; done
echo "#### Complete file: $1 ####"
- cat >&2 "$1" || true
+ catfile "$1"
echo '#### grep output ####'
elif [ "$1" = 'test' ]; then
echo >&2
ls >&2 "$2" || true
elif test -e "$2"; then
echo "#### Complete file: $2 ####"
- cat >&2 "$2" || true
+ catfile "$2"
fi
fi
}
msgfailoutputstatfile "$2" "$3"
done
echo '#### test output ####'
+ elif [ "$1" = 'cmp' ]; then
+ echo >&2
+ while [ -n "$2" ]; do
+ echo "#### Complete file: $2 ####"
+ catfile "$2"
+ shift
+ done
+ echo '#### cmp output ####'
fi
- cat >&2 "$OUTPUT"
+ catfile "$OUTPUT"
msgfail "$MSG"
}
msggroup
}
+createlistofkeys() {
+ local OUTPUT="$1"
+ shift
+ while [ -n "$1" ]; do
+ # gpg 2.1.something starts printing [SC] at some point
+ if grep -q ' rsa2048/' "$OUTPUT" && grep -qF '[SC]' "$OUTPUT"; then
+ case "$1" in
+ *Joe*|*Sixpack*) echo 'pub rsa2048/DBAC8DAE 2010-08-18 [SC]';;
+ *Rex*|*Expired*) echo 'pub rsa2048/27CE74F9 2013-07-12 [SC] [expired: 2013-07-13]';;
+ *Marvin*|*Paranoid*) echo 'pub rsa2048/528144E2 2011-01-16 [SC]';;
+ oldarchive) echo 'pub rsa1024/F68C85A3 2013-12-19 [SC]';;
+ newarchive) echo 'pub rsa2048/DBAC8DAE 2010-08-18 [SC]';;
+ *) echo 'UNKNOWN KEY';;
+ esac
+ # gpg 2.1 has a slightly different output format
+ elif grep -q ' rsa2048/' "$OUTPUT"; then
+ case "$1" in
+ *Joe*|*Sixpack*) echo 'pub rsa2048/DBAC8DAE 2010-08-18';;
+ *Rex*|*Expired*) echo 'pub rsa2048/27CE74F9 2013-07-12 [expired: 2013-07-13]';;
+ *Marvin*|*Paranoid*) echo 'pub rsa2048/528144E2 2011-01-16';;
+ oldarchive) echo 'pub rsa1024/F68C85A3 2013-12-19';;
+ newarchive) echo 'pub rsa2048/DBAC8DAE 2010-08-18';;
+ *) echo 'UNKNOWN KEY';;
+ esac
+ else
+ case "$1" in
+ *Joe*|*Sixpack*) echo 'pub 2048R/DBAC8DAE 2010-08-18';;
+ *Rex*|*Expired*) echo 'pub 2048R/27CE74F9 2013-07-12 [expired: 2013-07-13]';;
+ *Marvin*|*Paranoid*) echo 'pub 2048R/528144E2 2011-01-16';;
+ oldarchive) echo 'pub 1024R/F68C85A3 2013-12-19';;
+ newarchive) echo 'pub 2048R/DBAC8DAE 2010-08-18';;
+ *) echo 'UNKNOWN KEY';;
+ esac
+ fi
+ shift
+ done
+}
+testaptkeys() {
+ local OUTPUT="${TMPWORKINGDIRECTORY}/rootdir/tmp/aptkeylist.output"
+ if ! aptkey list | grep '^pub' > "$OUTPUT"; then
+ echo -n > "$OUTPUT"
+ fi
+ testfileequal "$OUTPUT" "$(createlistofkeys "$OUTPUT" "$@")"
+}
+
pause() {
echo "STOPPED execution. Press enter to continue"
local IGNORE
done
} | sort
}
+forallsupportedcompressors() {
+ rm -f "${TMPWORKINGDIRECTORY}/rootdir/etc/apt/apt.conf.d/00force-compressor"
+ for COMP in $(aptconfig dump 'APT::Compressor' --format '%f%n' | cut -d':' -f 5 | uniq); do
+ if [ -z "$COMP" -o "$COMP" = '.' ]; then continue; fi
+ "$@" "$COMP"
+ done
+}
### convenience hacks ###
mkdir() {
local TESTCALL="$1"
local CMD="$2"
local FIRSTOPT="$3"
- local AUTOTEST="aptautotest_$(echo "${CMD##*/}_${FIRSTOPT}" | tr -d '-')"
+ local AUTOTEST="aptautotest_$(echo "${CMD##*/}_${FIRSTOPT}" | tr -d -c 'A-za-z0-9')"
if command -v $AUTOTEST >/dev/null; then
shift 3
# save and restore the *.output files from other tests