]> git.saurik.com Git - apt.git/blobdiff - test/integration/test-apt-update-weak-hashes
generalize secure->insecure downgrade protection
[apt.git] / test / integration / test-apt-update-weak-hashes
index 18674ecd23ac97b1fb7d2f3c19a96583b4c73792..9395b10b0cfc4ccf43bbb9e592a4aecb78d408c8 100755 (executable)
@@ -7,6 +7,7 @@ TESTDIR="$(readlink -f "$(dirname "$0")")"
 setupenvironment
 configarchitecture 'i386'
 confighashes 'MD5'
+export APT_DONT_SIGN=''
 
 insertpackage 'unstable' 'foo' 'i386' '1.0'
 insertsource 'unstable' 'foo' 'any' '1.0'
@@ -14,27 +15,144 @@ insertsource 'unstable' 'foo' 'any' '1.0'
 setupaptarchive --no-update
 APTARCHIVE="$(readlink -f ./aptarchive)"
 
-msgmsg 'Release contains only weak hashes'
-FILENAME="${APTARCHIVE}/dists/unstable/InRelease"
-MANGLED="$(readlink -f ./rootdir)/var/lib/apt/lists/partial/$(echo "$FILENAME" | sed 's#/#_#g')"
-testfailuremsg "E: Failed to fetch file:${FILENAME}  No Hash entry in Release file ${MANGLED} which is considered strong enough for security purposes
-E: Some index files failed to download. They have been ignored, or old ones used instead." apt update
-testnopackage foo
-testnosrcpackage foo
+testnopkg() {
+       testnopackage "$@"
+       testnosrcpackage "$@"
+}
+testbadpkg() {
+       testempty find rootdir/var/lib/apt/lists -maxdepth 1 -name '*InRelease' -o -name '*Release.gpg'
+       testnotempty find rootdir/var/lib/apt/lists -maxdepth 1 -name '*Release'
+       testnotempty apt show "$@"
+       testnotempty apt showsrc "$@"
+       testfailureequal "WARNING: The following packages cannot be authenticated!
+  $*
+E: There were unauthenticated packages and -y was used without --allow-unauthenticated" aptget install -qq -y "$@"
+       testfailureequal "WARNING: The following packages cannot be authenticated!
+  $*
+E: Some packages could not be authenticated" aptget source -qq "$@"
+}
 
-msgmsg 'Release contains no hashes'
-sed -i -e '/^ / d' -e '/^MD5Sum:/ d' "$APTARCHIVE/dists/unstable/Release"
+testrun() {
+       local TYPE="$1"
+       local FILENAME="$2"
+       shift 2
+       local MANGLED="$(readlink -f ./rootdir)/var/lib/apt/lists/partial/$(echo "$FILENAME" | sed 's#/#_#g')"
+       msgmsg "$TYPE contains only weak hashes"
+       confighashes 'MD5'
+       generatereleasefiles
+       signreleasefiles
+       preparetest
+       if [ -z "$1" ]; then
+               listcurrentlistsdirectory > lists.before
+               testfailuremsg "W: No Hash entry in Release file ${MANGLED} which is considered strong enough for security purposes
+E: The repository 'file:${APTARCHIVE} unstable $(basename "$FILENAME")' provides only weak security information.
+N: Updating from such a repository can't be done securely, and is therefore disabled by default.
+N: See apt-secure(8) manpage for repository creation and user configuration details." apt update
+               testfileequal lists.before "$(listcurrentlistsdirectory)"
+               testnopkg 'foo'
+       else
+               testwarningmsg "W: No Hash entry in Release file ${MANGLED} which is considered strong enough for security purposes
+W: The repository 'file:${APTARCHIVE} unstable $(basename "$FILENAME")' provides only weak security information.
+N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
+N: See apt-secure(8) manpage for repository creation and user configuration details." apt update "$@"
+               testbadpkg 'foo'
+       fi
+
+       msgmsg "$TYPE contains no hashes"
+       generatereleasefiles
+       sed -i -e '/^ / d' -e '/^MD5Sum:/ d' "$APTARCHIVE/dists/unstable/Release"
+       signreleasefiles
+       preparetest
+       if [ -z "$1" ]; then
+               listcurrentlistsdirectory > lists.before
+               testfailuremsg "W: No Hash entry in Release file ${MANGLED}
+E: The repository 'file:${APTARCHIVE} unstable $(basename "$FILENAME")' provides only weak security information.
+N: Updating from such a repository can't be done securely, and is therefore disabled by default.
+N: See apt-secure(8) manpage for repository creation and user configuration details." apt update
+               testfileequal lists.before "$(listcurrentlistsdirectory)"
+               testnopkg 'foo'
+       else
+               testwarningmsg "W: No Hash entry in Release file ${MANGLED}
+W: The repository 'file:${APTARCHIVE} unstable $(basename "$FILENAME")' provides only weak security information.
+N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
+N: See apt-secure(8) manpage for repository creation and user configuration details." apt update "$@"
+               testbadpkg 'foo'
+       fi
+
+       msgmsg "$TYPE contains only weak hashes for some files"
+       confighashes 'MD5' 'SHA256'
+       generatereleasefiles
+       sed -i '/^ [0-9a-fA-Z]\{64\} .*Sources$/d' "$APTARCHIVE/dists/unstable/Release"
+       signreleasefiles
+       preparetest
+       # trust is a repository property, so individual files can't be insecure
+       testwarningmsg "W: Skipping acquire of configured file 'main/source/Sources' as repository 'file:${APTARCHIVE} unstable InRelease' provides only weak security information for it" apt update "$@"
+       testsuccess apt show foo
+       testnosrcpackage foo
+}
+
+genericprepare() {
+       rm -rf rootdir/var/lib/apt/lists
+       mkdir -p rootdir/var/lib/apt/lists/partial
+       touch rootdir/var/lib/apt/lists/lock
+       local RELEASEGPG="$(readlink -f ./rootdir)/var/lib/apt/lists/partial/$(echo "${APTARCHIVE}/dists/unstable/Release.gpg" | sed 's#/#_#g')"
+       touch "$RELEASEGPG"
+       chmod 644 "$RELEASEGPG"
+       local INRELEASE="$(readlink -f ./rootdir)/var/lib/apt/lists/partial/$(echo "${APTARCHIVE}/dists/unstable/InRelease" | sed 's#/#_#g')"
+       touch "$INRELEASE"
+       chmod 644 "$INRELEASE"
+}
+preparetest() {
+       rm -f "${APTARCHIVE}/dists/unstable/Release" "${APTARCHIVE}/dists/unstable/Release.gpg"
+       genericprepare
+}
+testrun 'InRelease' "${APTARCHIVE}/dists/unstable/InRelease"
+testrun 'InRelease' "${APTARCHIVE}/dists/unstable/InRelease" --allow-insecure-repositories -o APT::Get::List-Cleanup=0
+
+preparetest() {
+       rm -f "${APTARCHIVE}/dists/unstable/InRelease"
+       genericprepare
+}
+testrun 'Release+Release.gpg' "${APTARCHIVE}/dists/unstable/Release"
+testrun 'Release+Release.gpg' "${APTARCHIVE}/dists/unstable/Release" --allow-insecure-repositories -o APT::Get::List-Cleanup=0
+
+preparetest() {
+       rm -f "${APTARCHIVE}/dists/unstable/InRelease" "${APTARCHIVE}/dists/unstable/Release.gpg"
+       genericprepare
+}
+
+msgmsg 'Moving between Release files with good and bad hashes'
+rm -rf rootdir/var/lib/apt/lists
+confighashes 'MD5'
+generatereleasefiles 'now - 1 day'
 signreleasefiles
-testfailuremsg "E: Failed to fetch file:${FILENAME}  No Hash entry in Release file ${MANGLED}
-E: Some index files failed to download. They have been ignored, or old ones used instead." apt update
-testnopackage foo
-testnosrcpackage foo
+testfailure apt update
+testnopkg 'foo'
+testwarning apt update --allow-insecure-repositories
+testbadpkg 'foo'
 
-msgmsg 'Release contains only weak hashes for some files'
 confighashes 'MD5' 'SHA256'
-generatereleasefiles
-sed -i '/^ [0-9a-fA-Z]\{64\} .*Sources$/d' "$APTARCHIVE/dists/unstable/Release"
-signreleasefiles
-testwarningmsg "W: Skipping acquire of configured file 'main/source/Sources' as repository 'file:${APTARCHIVE} unstable InRelease' provides only weak security information for it" apt update
-testsuccess apt show foo
-testnosrcpackage foo
+rm -rf aptarchive/dists
+insertpackage 'unstable' 'foo2' 'i386' '1.0'
+insertsource 'unstable' 'foo2' 'any' '1.0'
+setupaptarchive --no-update 'now - 12 hours'
+testsuccess apt update
+testnopkg foo
+testnotempty find rootdir/var/lib/apt/lists -maxdepth 1 -name '*InRelease' -o -name '*Release.gpg'
+testnotempty apt show foo2
+testnotempty apt showsrc foo2
+
+confighashes 'MD5'
+rm -rf aptarchive/dists
+insertpackage 'unstable' 'foo3' 'i386' '1.0'
+insertsource 'unstable' 'foo3' 'any' '1.0'
+setupaptarchive --no-update
+testfailure apt update
+testnopkg foo
+testnopkg foo3
+testnotempty find rootdir/var/lib/apt/lists -maxdepth 1 -name '*InRelease' -o -name '*Release.gpg'
+testnotempty apt show foo2
+testnotempty apt showsrc foo2
+testwarning apt update --allow-insecure-repositories
+testnopkg foo2
+testbadpkg foo3