Add new configallowinsecurerepositories to the test framework

[apt.git] / test / integration / test-apt-update-nofallback

diff --git a/test/integration/test-apt-update-nofallback b/test/integration/test-apt-update-nofallback
index 4e8ea99166e0dc31f569d22fc1fae7da63db8ca9..321472c2efd8505fc148131d460379411dba7c74 100755 (executable)
--- a/test/integration/test-apt-update-nofallback
+++ b/test/integration/test-apt-update-nofallback
@@ -78,6 +78,25 @@ test_from_release_gpg_to_unsigned()
     assert_update_is_refused_and_last_good_state_used
 }
 
     assert_update_is_refused_and_last_good_state_used
 }
 

+test_from_inrelease_to_unsigned_with_override()
+{
+    # setup archive with InRelease file
+    setupaptarchive_with_lists_clean
+    testsuccess aptget update
+
+    # simulate moving to a unsigned but otherwise valid repo
+    simulate_mitm_and_inject_evil_package
+    generatereleasefiles
+
+    # and ensure we can update to it (with enough force) 
+    testsuccess aptget update --allow-insecure-repositories \
+        -o Acquire::AllowDowngradeToInsecureRepositories=1
+    # but that the individual packages are still considered untrusted
+    testequal "WARNING: The following packages cannot be authenticated!
+  evil
+E: There are problems and -y was used without --force-yes" aptget install -qq -y evil
+}
+

 test_cve_2012_0214()
 {
     # see https://bugs.launchpad.net/ubuntu/+source/apt/+bug/947108
 test_cve_2012_0214()
 {
     # see https://bugs.launchpad.net/ubuntu/+source/apt/+bug/947108


@@ -142,7 +161,7 @@ test_inrelease_to_invalid_inrelease()
 
     testequal "W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: file: unstable InRelease: The following signatures were invalid: BADSIG 5A90D141DBAC8DAE Joe Sixpack (APT Testcases Dummy) <joe@example.org>
 
 
     testequal "W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: file: unstable InRelease: The following signatures were invalid: BADSIG 5A90D141DBAC8DAE Joe Sixpack (APT Testcases Dummy) <joe@example.org>
 

-W: Failed to fetch file:${APTARCHIVE}/dists/unstable/InRelease  
+W: Failed to fetch file:${APTARCHIVE}/dists/unstable/InRelease  The following signatures were invalid: BADSIG 5A90D141DBAC8DAE Joe Sixpack (APT Testcases Dummy) <joe@example.org>

 
 W: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq
 
 
 W: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq
 


@@ -162,7 +181,11 @@ test_release_gpg_to_invalid_release_release_gpg()
     echo "Some evil data" >>  $APTARCHIVE/dists/unstable/Release
     inject_evil_package
 
     echo "Some evil data" >>  $APTARCHIVE/dists/unstable/Release
     inject_evil_package
 

-    testequal "E: The repository 'file: unstable Release.gpg' is no longer signed." aptget update -qq
+    testequal "W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: file: unstable Release.gpg: The following signatures were invalid: BADSIG 5A90D141DBAC8DAE Joe Sixpack (APT Testcases Dummy) <joe@example.org>
+
+W: Failed to fetch file:${APTARCHIVE}/dists/unstable/Release.gpg  
+
+W: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq

 
     assert_repo_is_intact
     testfailure grep "evil" rootdir/var/lib/apt/lists/*Release
 
     assert_repo_is_intact
     testfailure grep "evil" rootdir/var/lib/apt/lists/*Release


@@ -205,3 +228,7 @@ test_inrelease_to_invalid_inrelease
 # ensure we revert to last good state if Release/Release.gpg does not verify
 msgmsg "test_release_gpg_to_invalid_release_release_gpg"
 test_release_gpg_to_invalid_release_release_gpg
 # ensure we revert to last good state if Release/Release.gpg does not verify
 msgmsg "test_release_gpg_to_invalid_release_release_gpg"
 test_release_gpg_to_invalid_release_release_gpg

+
+# ensure we can ovveride the downgrade error
+msgmsg "test_from_inrelease_to_unsigned"
+test_from_inrelease_to_unsigned_with_override