Use Acquire::Allow{InsecureRepositories,DowngradeToInsecureRepositories}

[apt.git] / test / integration / test-apt-update-nofallback

diff --git a/test/integration/test-apt-update-nofallback b/test/integration/test-apt-update-nofallback
index 4e8ea99166e0dc31f569d22fc1fae7da63db8ca9..a53226e18a9cea9dd3eee09609dfa1f64ff12847 100755 (executable)
--- a/test/integration/test-apt-update-nofallback
+++ b/test/integration/test-apt-update-nofallback
@@ -78,6 +78,25 @@ test_from_release_gpg_to_unsigned()
     assert_update_is_refused_and_last_good_state_used
 }
 
+test_from_inrelease_to_unsigned_with_override()
+{
+    # setup archive with InRelease file
+    setupaptarchive_with_lists_clean
+    testsuccess aptget update
+
+    # simulate moving to a unsigned but otherwise valid repo
+    simulate_mitm_and_inject_evil_package
+    generatereleasefiles
+
+    # and ensure we can update to it (with enough force) 
+    testsuccess aptget update --allow-insecure-repositories \
+        -o Acquire::AllowDowngradeToInsecureRepositories=1
+    # but that the individual packages are still considered untrusted
+    testequal "WARNING: The following packages cannot be authenticated!
+  evil
+E: There are problems and -y was used without --force-yes" aptget install -qq -y evil
+}
+
 test_cve_2012_0214()
 {
     # see https://bugs.launchpad.net/ubuntu/+source/apt/+bug/947108
@@ -205,3 +224,7 @@ test_inrelease_to_invalid_inrelease
 # ensure we revert to last good state if Release/Release.gpg does not verify
 msgmsg "test_release_gpg_to_invalid_release_release_gpg"
 test_release_gpg_to_invalid_release_release_gpg
+
+# ensure we can ovveride the downgrade error
+msgmsg "test_from_inrelease_to_unsigned"
+test_from_inrelease_to_unsigned_with_override