X-Git-Url: https://git.saurik.com/apt.git/blobdiff_plain/4fc6b7570c3e97b65c118b58cdf6729fa94c9b03..2906182db398419a9c59a928b7ae73cf7c7aa307:/test/integration/test-cve-2013-1051-InRelease-parsing?ds=inline

diff --git a/test/integration/test-cve-2013-1051-InRelease-parsing b/test/integration/test-cve-2013-1051-InRelease-parsing
index e38e40cc9..3cc012e35 100755
--- a/test/integration/test-cve-2013-1051-InRelease-parsing
+++ b/test/integration/test-cve-2013-1051-InRelease-parsing
@@ -1,8 +1,8 @@
 #!/bin/sh
 set -e
 
-TESTDIR=$(readlink -f $(dirname $0))
-. $TESTDIR/framework
+TESTDIR="$(readlink -f "$(dirname "$0")")"
+. "$TESTDIR/framework"
 
 setupenvironment
 configarchitecture 'i386'
@@ -12,7 +12,7 @@ insertpackage 'stable' 'good-pkg' 'all' '1.0'
 setupaptarchive
 
 changetowebserver
-ARCHIVE='http://localhost:8080/'
+ARCHIVE="http://localhost:${APTHTTPPORT}"
 msgtest 'Initial apt-get update should work with' 'InRelease'
 testsuccess --nomsg aptget update
 
@@ -21,8 +21,8 @@ testsuccessequal "good-pkg:
   Installed: (none)
   Candidate: 1.0
   Version table:
-     1.0 0
-        500 ${ARCHIVE} stable/main i386 Packages" aptcache policy good-pkg
+     1.0 500
+        500 ${ARCHIVE} stable/main all Packages" aptcache policy good-pkg
 
 # now exchange to the Packages file, note that this could be
 # done via MITM too
@@ -39,10 +39,15 @@ sed -i '/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ s/^$/  /
 cat aptarchive/dists/stable/Release >> aptarchive/dists/stable/InRelease
 touch -d '+1hour' aptarchive/dists/stable/InRelease
 
-# ensure the update fails
-# useful for debugging to add "-o Debug::pkgAcquire::auth=true"
-msgtest 'apt-get update for should fail with the modified' 'InRelease'
-aptget update 2>&1 | grep -E -q '(Writing more data than expected|Hash Sum mismatch)' > /dev/null && msgpass || msgfail
+# ensure the update doesn't load bad data as good data
+# Note that we will pick up the InRelease itself as we download no other
+# indexes which would trigger a hashsum mismatch, but we ignore the 'bad'
+# part of the InRelease
+listcurrentlistsdirectory | sed '/_InRelease/ d' > listsdir.lst
+msgtest 'apt-get update should ignore unsigned data in the' 'InRelease'
+testsuccessequal "Get:1 http://localhost:${APTHTTPPORT} stable InRelease [$(stat -c%s aptarchive/dists/stable/InRelease) B]
+Reading package lists..." --nomsg aptget update
+testfileequal './listsdir.lst' "$(listcurrentlistsdirectory | sed '/_InRelease/ d')"
 
 # ensure there is no package
 testfailureequal 'Reading package lists...
@@ -50,12 +55,12 @@ Building dependency tree...
 E: Unable to locate package bad-mitm' aptget install bad-mitm -s
 
 # and verify that its not picked up
-testsuccessequal 'N: Unable to locate package bad-mitm' aptcache policy bad-mitm -q=0
+testsuccessequal 'N: Unable to locate package bad-mitm' aptcache policy bad-mitm
 
 # and that the right one is used
 testsuccessequal "good-pkg:
   Installed: (none)
   Candidate: 1.0
   Version table:
-     1.0 0
-        500 ${ARCHIVE} stable/main i386 Packages" aptcache policy good-pkg
+     1.0 500
+        500 ${ARCHIVE} stable/main all Packages" aptcache policy good-pkg