]> git.saurik.com Git - apt.git/blobdiff - test/integration/test-bug-738785-switch-protocol
generalize secure->insecure downgrade protection
[apt.git] / test / integration / test-bug-738785-switch-protocol
index e86f28824c29d0f24432a4bd696eb9c8bd868067..e7d4a67447332928eba4c5fd5f1d6dbab49c44cc 100755 (executable)
@@ -1,8 +1,8 @@
 #!/bin/sh
 set -e
 
-TESTDIR=$(readlink -f $(dirname $0))
-. $TESTDIR/framework
+TESTDIR="$(readlink -f "$(dirname "$0")")"
+. "$TESTDIR/framework"
 
 setupenvironment
 configarchitecture "i386"
@@ -12,19 +12,18 @@ buildsimplenativepackage 'apt' 'all' '1.0' 'stable'
 # setup http redirecting to https
 getlabelfromsuite() { echo 'Testcases'; }
 setupaptarchive --no-update
-changetowebserver -o 'aptwebserver::redirect::replace::/redirectme/=https://localhost:4433/' \
-       -o 'aptwebserver::redirect::replace::/downgrademe/=http://localhost:8080/' \
-       -o 'aptwebserver::support::http=false'
-changetohttpswebserver
-sed -i -e 's#:4433/#:8080/redirectme#' -e 's# https:# http:#' rootdir/etc/apt/sources.list.d/*
+changetohttpswebserver -o 'aptwebserver::support::http=false'
+webserverconfig 'aptwebserver::redirect::replace::/downgrademe/' "http://localhost:${APTHTTPPORT}/"
+webserverconfig 'aptwebserver::redirect::replace::/redirectme/' "https://localhost:${APTHTTPSPORT}/"
+sed -i -e "s#:${APTHTTPSPORT}/#:${APTHTTPPORT}/redirectme#" -e 's# https:# http:#' rootdir/etc/apt/sources.list.d/*
 
 testsuccess aptget update -o Debug::Acquire::http=1 -o Debug::Acquire::https=1 -o Debug::pkgAcquire::Worker=1
 
 msgtest 'Test that the webserver does not answer' 'http requests'
-downloadfile 'http://localhost:8080/pool/main/a/apt/apt_1.0/changelog' changelog >/dev/null 2>&1 && msgfail || msgpass
+downloadfile "http://localhost:${APTHTTPPORT}/pool/main/a/apt/apt_1.0/changelog" changelog >/dev/null 2>&1 && msgfail || msgpass
 
-echo 'Acquire::Changelogs::URI::Label::Testcases "http://localhost:8080/redirectme/pool/CHANGEPATH/changelog";' > rootdir/etc/apt/apt.conf.d/changelog.conf
-testsuccessequal "'http://localhost:8080/redirectme/pool/main/a/apt/apt_1.0/changelog' apt.changelog" aptget changelog apt --print-uris
+echo "Acquire::Changelogs::URI::Label::Testcases \"http://localhost:${APTHTTPPORT}/redirectme/pool/@CHANGEPATH@/changelog\";" > rootdir/etc/apt/apt.conf.d/changelog.conf
+testsuccessequal "'http://localhost:${APTHTTPPORT}/redirectme/pool/main/a/apt/apt_1.0/changelog' apt.changelog" aptget changelog apt --print-uris
 
 cd downloaded
 testsuccess aptget changelog apt -d
@@ -42,23 +41,26 @@ testdpkginstalled 'apt'
 # install a slowed down file: otherwise its to fast to reproduce combining
 NEWMETHODS="$(readlink -f rootdir)/usr/lib/apt/methods"
 OLDMETHODS="$(readlink -f rootdir/usr/lib/apt/methods)"
-rm $NEWMETHODS
-mkdir $NEWMETHODS
-for METH in $(find $OLDMETHODS ! -type d); do
-       ln -s $OLDMETHODS/$(basename $METH) $NEWMETHODS
+rm "$NEWMETHODS"
+mkdir "$NEWMETHODS"
+backupIFS="$IFS"
+IFS="$(printf "\n\b")"
+for METH in $(find "$OLDMETHODS" ! -type d); do
+       ln -s "$OLDMETHODS/$(basename "$METH")" "$NEWMETHODS"
 done
-rm $NEWMETHODS/https
+IFS="$backupIFS"
+rm "$NEWMETHODS/https"
 
 cd downloaded
 testfailureequal "E: The method driver $(readlink -f './../')/rootdir/usr/lib/apt/methods/https could not be found.
-N: Is the package apt-transport-https installed?" aptget download apt -q=0
+N: Is the package apt-transport-https installed?" aptget download apt
 testfailure test -e apt_1.0_all.deb
 cd - >/dev/null
 
 # revert to all methods
-ln -s $OLDMETHODS/https $NEWMETHODS
+ln -s "$OLDMETHODS/https" "$NEWMETHODS"
 
 # check that downgrades from https to http are not allowed
 webserverconfig 'aptwebserver::support::http' 'true'
-sed -i -e 's#:8080/redirectme#:4433/downgrademe#' -e 's# http:# https:#' rootdir/etc/apt/sources.list.d/*
+sed -i -e "s#:${APTHTTPPORT}/redirectme#:${APTHTTPSPORT}/downgrademe#" -e 's# http:# https:#' rootdir/etc/apt/sources.list.d/*
 testfailure aptget update --allow-insecure-repositories