setupenvironment
configarchitecture "i386"
+export APT_DONT_SIGN='Release.gpg'
buildaptarchive
setupflataptarchive
changetowebserver
}
runtest() {
- local DELETEFILE="$1"
msgmsg 'Cold archive signed by' 'Joe Sixpack'
prepare "${PKGFILE}"
rm -rf rootdir/var/lib/apt/lists
signreleasefiles 'Joe Sixpack'
- find aptarchive/ -name "$DELETEFILE" -delete
successfulaptgetupdate
testsuccessequal "$(cat "${PKGFILE}")
" aptcache show apt
msgmsg 'Good warm archive signed by' 'Joe Sixpack'
prepare "${PKGFILE}-new"
signreleasefiles 'Joe Sixpack'
- find aptarchive/ -name "$DELETEFILE" -delete
successfulaptgetupdate
testsuccessequal "$(cat "${PKGFILE}-new")
" aptcache show apt
rm -rf rootdir/var/lib/apt/lists
cp keys/rexexpired.pub rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg
signreleasefiles 'Rex Expired'
- find aptarchive/ -name "$DELETEFILE" -delete
updatewithwarnings '^W: .* EXPKEYSIG'
testsuccessequal "$(cat "${PKGFILE}")
" aptcache show apt
prepare "${PKGFILE}"
rm -rf rootdir/var/lib/apt/lists
signreleasefiles 'Joe Sixpack' 'aptarchive' --faked-system-time "20070924T154812" --default-sig-expire 2016-04-01
- find aptarchive/ -name "$DELETEFILE" -delete
updatewithwarnings '^W: .* EXPSIG'
testsuccessequal "$(cat "${PKGFILE}")
" aptcache show apt
prepare "${PKGFILE}"
rm -rf rootdir/var/lib/apt/lists
signreleasefiles 'Joe Sixpack,Marvin Paranoid'
- find aptarchive/ -name "$DELETEFILE" -delete
successfulaptgetupdate 'NO_PUBKEY'
testsuccessequal "$(cat "${PKGFILE}")
" aptcache show apt
prepare "${PKGFILE}"
rm -rf rootdir/var/lib/apt/lists
signreleasefiles 'Joe Sixpack,Rex Expired'
- find aptarchive/ -name "$DELETEFILE" -delete
cp keys/rexexpired.pub rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg
successfulaptgetupdate 'EXPKEYSIG'
rm -f rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg
prepare "${PKGFILE}"
rm -rf rootdir/var/lib/apt/lists
signreleasefiles 'Marvin Paranoid'
- find aptarchive/ -name "$DELETEFILE" -delete
updatewithwarnings '^W: .* NO_PUBKEY'
testsuccessequal "$(cat "${PKGFILE}")
" aptcache show apt
msgmsg 'Bad warm archive signed by' 'Joe Sixpack'
prepare "${PKGFILE}-new"
signreleasefiles 'Joe Sixpack'
- find aptarchive/ -name "$DELETEFILE" -delete
successfulaptgetupdate
testsuccessequal "$(cat "${PKGFILE}-new")
" aptcache show apt
prepare "${PKGFILE}"
rm -rf rootdir/var/lib/apt/lists
signreleasefiles 'Joe Sixpack'
- find aptarchive/ -name "$DELETEFILE" -delete
successfulaptgetupdate
testsuccessequal "$(cat "${PKGFILE}")
" aptcache show apt
msgmsg 'Good warm archive signed by' 'Marvin Paranoid'
prepare "${PKGFILE}-new"
signreleasefiles 'Marvin Paranoid'
- find aptarchive/ -name "$DELETEFILE" -delete
updatewithwarnings '^W: .* NO_PUBKEY'
testsuccessequal "$(cat "${PKGFILE}")
" aptcache show apt
prepare "${PKGFILE}-new"
cp keys/rexexpired.pub rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg
signreleasefiles 'Rex Expired'
- find aptarchive/ -name "$DELETEFILE" -delete
updatewithwarnings '^W: .* EXPKEYSIG'
testsuccessequal "$(cat "${PKGFILE}")
" aptcache show apt
msgmsg 'Good warm archive signed by' 'Joe Sixpack'
prepare "${PKGFILE}-new"
signreleasefiles
- find aptarchive/ -name "$DELETEFILE" -delete
successfulaptgetupdate
testsuccessequal "$(cat "${PKGFILE}-new")
" aptcache show apt
prepare "${PKGFILE}"
rm -rf rootdir/var/lib/apt/lists
signreleasefiles 'Marvin Paranoid'
- find aptarchive/ -name "$DELETEFILE" -delete
local MARVIN="$(readlink -f keys/marvinparanoid.pub)"
sed -i "s#^\(deb\(-src\)\?\) #\1 [signed-by=$MARVIN] #" rootdir/etc/apt/sources.list.d/*
successfulaptgetupdate
msgmsg 'Cold archive signed by bad keyring' 'Joe Sixpack'
rm -rf rootdir/var/lib/apt/lists
signreleasefiles 'Joe Sixpack'
- find aptarchive/ -name "$DELETEFILE" -delete
updatewithwarnings '^W: .* NO_PUBKEY'
sed -i "s#^\(deb\(-src\)\?\) \[signed-by=$MARVIN\] #\1 #" rootdir/etc/apt/sources.list.d/*
msgmsg 'Cold archive signed by bad keyid' 'Joe Sixpack'
rm -rf rootdir/var/lib/apt/lists
signreleasefiles 'Joe Sixpack'
- find aptarchive/ -name "$DELETEFILE" -delete
sed -i "s#^\(deb\(-src\)\?\) #\1 [signed-by=$MARVIN] #" rootdir/etc/apt/sources.list.d/*
updatewithwarnings '^W: .* be verified because the public key is not available: .*'
msgmsg 'Cold archive signed by good keyid' 'Marvin Paranoid'
rm -rf rootdir/var/lib/apt/lists
signreleasefiles 'Marvin Paranoid'
- find aptarchive/ -name "$DELETEFILE" -delete
cp keys/marvinparanoid.pub rootdir/etc/apt/trusted.gpg.d/marvinparanoid.gpg
successfulaptgetupdate
testsuccessequal "$(cat "${PKGFILE}")
msgmsg 'Cold archive signed by good keyid' 'Marvin Paranoid,Joe Sixpack'
rm -rf rootdir/var/lib/apt/lists
signreleasefiles 'Marvin Paranoid,Joe Sixpack'
- find aptarchive/ -name "$DELETEFILE" -delete
successfulaptgetupdate 'NoPubKey: GOODSIG'
testsuccessequal "$(cat "${PKGFILE}")
" aptcache show apt
msgmsg 'Cold archive signed by good keyids' 'Joe Sixpack'
rm -rf rootdir/var/lib/apt/lists
signreleasefiles 'Joe Sixpack'
- find aptarchive/ -name "$DELETEFILE" -delete
sed -i "s#^\(deb\(-src\)\?\) \[signed-by=$MARVIN\] #\1 [signed-by=${SIXPACK},${MARVIN}] #" rootdir/etc/apt/sources.list.d/*
successfulaptgetupdate
testsuccessequal "$(cat "${PKGFILE}")
cp -a rootdir/var/lib/apt/lists rootdir/var/lib/apt/lists-bak
prepare "${PKGFILE}-new"
signreleasefiles 'Joe Sixpack'
- find aptarchive/ -name "$DELETEFILE" -delete
msgmsg 'Warm archive with signed-by' 'Joe Sixpack'
sed -i "/^Valid-Until: / a\
# package verification.
msgmsg 'Warm archive signed by' 'nobody'
prepare "${PKGFILE}-new"
- find aptarchive/ -name InRelease -delete
- find aptarchive/ -name Release.gpg -delete
+ find aptarchive/ \( -name InRelease -o -name Release.gpg \) -delete
updatewithwarnings 'W: .* no longer signed.'
testsuccessequal "$(cat "${PKGFILE}-new")
" aptcache show apt
runtest2
for DELETEFILE in 'InRelease' 'Release.gpg'; do
+ export APT_DONT_SIGN="$DELETEFILE"
msgmsg "Running test with deletion of $DELETEFILE and $1 digest"
- runtest "$DELETEFILE"
+ runtest
+ export APT_DONT_SIGN='Release.gpg'
done
}
echo "APT::Hashes::$APT_TESTS_DIGEST_ALGO::Untrusted \"yes\";" > rootdir/etc/apt/apt.conf.d/truststate
runfailure() {
for DELETEFILE in 'InRelease' 'Release.gpg'; do
+ export APT_DONT_SIGN="$DELETEFILE"
msgmsg 'Cold archive signed by' 'Joe Sixpack'
prepare "${PKGFILE}"
rm -rf rootdir/var/lib/apt/lists
signreleasefiles 'Joe Sixpack'
- find aptarchive/ -name "$DELETEFILE" -delete
testfailure aptget update --no-allow-insecure-repositories -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1
testsuccess grep 'The following signatures were invalid' rootdir/tmp/testfailure.output
testnopackage 'apt'
testwarning aptget update --allow-insecure-repositories -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1
failaptold
+ rm -rf rootdir/var/lib/apt/lists
+ sed -i 's#^deb\(-src\)\? #deb\1 [allow-insecure=yes] #' rootdir/etc/apt/sources.list.d/*
+ testwarning aptget update --no-allow-insecure-repositories -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1
+ failaptold
+ sed -i 's#^deb\(-src\)\? \[allow-insecure=yes\] #deb\1 #' rootdir/etc/apt/sources.list.d/*
msgmsg 'Cold archive signed by' 'Marvin Paranoid'
prepare "${PKGFILE}"
rm -rf rootdir/var/lib/apt/lists
signreleasefiles 'Marvin Paranoid'
- find aptarchive/ -name "$DELETEFILE" -delete
testfailure aptget update --no-allow-insecure-repositories -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1
testnopackage 'apt'
updatewithwarnings '^W: .* NO_PUBKEY'
testsuccessequal "$(cat "${PKGFILE}")
" aptcache show apt
failaptold
+ export APT_DONT_SIGN='Release.gpg'
done
}
runfailure
projects / apt.git / blobdiff