X-Git-Url: https://git.saurik.com/apt.git/blobdiff_plain/742f67eaede80d2f9b3631d8697ebd63b8f95427..7b197262212f49b3b355b1124edf2ba9adb73411:/test/integration/framework diff --git a/test/integration/framework b/test/integration/framework index 2a78e6194..6276ae825 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -217,6 +217,12 @@ gdb() { fi runapt command gdb --quiet -ex run "$CMD" --args "$CMD" "$@" } +lastmodification() { + date -u -d "@$(stat -c '%Y' "${TMPWORKINGDIRECTORY}/$1")" '+%a, %d %b %Y %H:%M:%S GMT' +} +releasefiledate() { + grep "^${2:-Date}:" "$1" | cut -d' ' -f 2- | sed -e 's#UTC#GMT#' +} exitwithstatus() { # error if we about to overflow, but ... @@ -296,10 +302,12 @@ setupenvironment() { mkdir -p usr/lib/apt ln -s "${METHODSDIR}" usr/lib/apt/methods if [ "$BUILDDIRECTORY" = "$LIBRARYPATH" ]; then - mkdir -p usr/lib/apt/solvers + mkdir -p usr/lib/apt/solvers usr/lib/apt/planers ln -s "${BUILDDIRECTORY}/apt-dump-solver" usr/lib/apt/solvers/dump + ln -s "${BUILDDIRECTORY}/apt-dump-solver" usr/lib/apt/planers/dump ln -s "${BUILDDIRECTORY}/apt-internal-solver" usr/lib/apt/solvers/apt echo "Dir::Bin::Solvers \"${TMPWORKINGDIRECTORY}/rootdir/usr/lib/apt/solvers\";" > etc/apt/apt.conf.d/externalsolver.conf + echo "Dir::Bin::Planers \"${TMPWORKINGDIRECTORY}/rootdir/usr/lib/apt/planers\";" > etc/apt/apt.conf.d/externalplaner.conf fi # use the autoremove from the BUILDDIRECTORY if its there, otherwise # system @@ -333,7 +341,9 @@ setupenvironment() { # destroys coverage reporting though, so we disable changing user for the calling gpgv echo "Dir::Bin::apt-key \"${BUILDDIRECTORY}/apt-key\";" >> aptconfig.conf if [ "$(id -u)" = '0' ]; then - echo 'Binary::gpgv::Debug::NoDropPrivs "true";' >>aptconfig.conf + echo 'Binary::gpgv::APT::Sandbox::User "root";' >> aptconfig.conf + # same for the solver executables + echo 'APT::Solver::RunAsUser "root";' >> aptconfig.conf fi cat > "${TMPWORKINGDIRECTORY}/rootdir/usr/bin/dpkg" < rootdir/etc/apt/apt.conf.d/no-sha1 fi + # most tests just need one signed Release file, not both + export APT_DONT_SIGN='Release.gpg' + msgdone "info" } @@ -528,6 +541,10 @@ EOF testempty --nomsg gcc -Wall -Wextra -fPIC -shared -o noopchroot.so noopchroot.c -ldl } configcompression() { + if [ "$1" = 'ALL' ]; then + configcompression '.' $(aptconfig dump APT::Compressor --format '%t %v%n' | sed -n 's#^Extension \.\(.*\)$#\1#p') + return + fi local CMD='apthelper cat-file -C' while [ -n "$1" ]; do case "$1" in @@ -595,12 +612,12 @@ setupsimplenativepackage() { mkdir -p ${BUILDDIR}/debian/source cd ${BUILDDIR} echo "* most suckless software product ever" > FEATURES - test -e debian/copyright || echo "Copyleft by Joe Sixpack $(date +%Y)" > debian/copyright + test -e debian/copyright || echo "Copyleft by Joe Sixpack $(date -u +%Y)" > debian/copyright test -e debian/changelog || echo "$NAME ($VERSION) $RELEASE; urgency=low * Initial release - -- Joe Sixpack $(date -R)" > debian/changelog + -- Joe Sixpack $(date -u -R)" > debian/changelog test -e debian/control || echo "Source: $NAME Section: $SECTION Priority: optional @@ -658,12 +675,12 @@ buildsimplenativepackage() { echo "#!/bin/sh echo '$NAME says \"Hello!\"'" > "${BUILDDIR}/${NAME}" - echo "Copyleft by Joe Sixpack $(date +%Y)" > "${BUILDDIR}/debian/copyright" + echo "Copyleft by Joe Sixpack $(date -u +%Y)" > "${BUILDDIR}/debian/copyright" echo "$NAME ($VERSION) $RELEASE; urgency=low * Initial release - -- Joe Sixpack $(date -R)" > "${BUILDDIR}/debian/changelog" + -- Joe Sixpack $(date -u -R)" > "${BUILDDIR}/debian/changelog" { echo "Source: $NAME Priority: $PRIORITY @@ -952,7 +969,7 @@ buildaptarchivefromfiles() { } compressfile() { - cat "${TMPWORKINGDIRECTORY}/rootdir/etc/testcase-compressor.conf" | while read compressor extension command; do + while read compressor extension command; do if [ "$compressor" = '.' ]; then if [ -n "$2" ]; then touch -d "$2" "$1" @@ -963,7 +980,7 @@ compressfile() { if [ -n "$2" ]; then touch -d "$2" "${1}.${extension}" fi - done + done < "${TMPWORKINGDIRECTORY}/rootdir/etc/testcase-compressor.conf" } # can be overridden by testcases for their pleasure @@ -1014,13 +1031,13 @@ NotAutomatic: yes' "$dir/Release" fi if [ -n "$DATE" -a "$DATE" != "now" ]; then for release in $(find ./aptarchive -name 'Release'); do - sed -i "s/^Date: .*$/Date: $(date -d "$DATE" '+%a, %d %b %Y %H:%M:%S %Z')/" "$release" + sed -i "s/^Date: .*$/Date: $(date -u -d "$DATE" '+%a, %d %b %Y %H:%M:%S %Z')/" "$release" touch -d "$DATE" "$release" done fi if [ -n "$VALIDUNTIL" ]; then sed -i "/^Date: / a\ -Valid-Until: $(date -d "$VALIDUNTIL" '+%a, %d %b %Y %H:%M:%S %Z')" $(find ./aptarchive -name 'Release') +Valid-Until: $(date -u -d "$VALIDUNTIL" '+%a, %d %b %Y %H:%M:%S %Z')" $(find ./aptarchive -name 'Release') fi msgdone "info" } @@ -1076,40 +1093,73 @@ setupaptarchive() { } signreleasefiles() { - local SIGNER="${1:-Joe Sixpack}" + local SIGNERS="${1:-Joe Sixpack}" local REPODIR="${2:-aptarchive}" - local KEY="keys/$(echo "$SIGNER" | tr 'A-Z' 'a-z' | sed 's# ##g')" - local GPG="aptkey --quiet --keyring ${KEY}.pub --secret-keyring ${KEY}.sec --readonly adv --batch --yes --digest-algo ${APT_TESTS_DIGEST_ALGO:-SHA512}" - msgninfo "\tSign archive with $SIGNER key $KEY… " + if [ -n "$1" ]; then shift; fi + if [ -n "$1" ]; then shift; fi + local KEY="keys/$(echo "$SIGNERS" | tr 'A-Z' 'a-z' | tr -d ' ,')" + msgninfo "\tSign archive with $SIGNERS key $KEY… " local REXKEY='keys/rexexpired' local SECEXPIREBAK="${REXKEY}.sec.bak" local PUBEXPIREBAK="${REXKEY}.pub.bak" - if [ "${SIGNER}" = 'Rex Expired' ]; then - # the key is expired, so gpg doesn't allow to sign with and the --faked-system-time - # option doesn't exist anymore (and using faketime would add a new obscure dependency) - # therefore we 'temporary' make the key not expired and restore a backup after signing - cp "${REXKEY}.sec" "$SECEXPIREBAK" - cp "${REXKEY}.pub" "$PUBEXPIREBAK" - local SECUNEXPIRED="${REXKEY}.sec.unexpired" - local PUBUNEXPIRED="${REXKEY}.pub.unexpired" - if [ -f "$SECUNEXPIRED" ] && [ -f "$PUBUNEXPIRED" ]; then - cp "$SECUNEXPIRED" "${REXKEY}.sec" - cp "$PUBUNEXPIRED" "${REXKEY}.pub" - else - if ! printf "expire\n1w\nsave\n" | $GPG --default-key "$SIGNER" --command-fd 0 --edit-key "${SIGNER}" >setexpire.gpg 2>&1; then - cat setexpire.gpg - exit 1 + local SIGUSERS="" + while [ -n "${SIGNERS%%,*}" ]; do + local SIGNER="${SIGNERS%%,*}" + if [ "${SIGNERS}" = "${SIGNER}" ]; then + SIGNERS="" + fi + SIGNERS="${SIGNERS#*,}" + # FIXME: This should be the full name, but we can't encode the space properly currently + SIGUSERS="${SIGUSERS} -u ${SIGNER#* }" + if [ "${SIGNER}" = 'Rex Expired' ]; then + # the key is expired, so gpg doesn't allow to sign with and the --faked-system-time + # option doesn't exist anymore (and using faketime would add a new obscure dependency) + # therefore we 'temporary' make the key not expired and restore a backup after signing + cp "${REXKEY}.sec" "$SECEXPIREBAK" + cp "${REXKEY}.pub" "$PUBEXPIREBAK" + local SECUNEXPIRED="${REXKEY}.sec.unexpired" + local PUBUNEXPIRED="${REXKEY}.pub.unexpired" + if [ -f "$SECUNEXPIRED" ] && [ -f "$PUBUNEXPIRED" ]; then + cp "$SECUNEXPIRED" "${REXKEY}.sec" + cp "$PUBUNEXPIRED" "${REXKEY}.pub" + else + if ! printf "expire\n1w\nsave\n" | aptkey --quiet --keyring "${REXKEY}.pub" --secret-keyring "${REXKEY}.sec" \ + --readonly adv --batch --yes --digest-algo "${APT_TESTS_DIGEST_ALGO:-SHA512}" \ + --default-key "$SIGNER" --command-fd 0 --edit-key "${SIGNER}" >setexpire.gpg 2>&1; then + cat setexpire.gpg + exit 1 + fi + cp "${REXKEY}.sec" "$SECUNEXPIRED" + cp "${REXKEY}.pub" "$PUBUNEXPIRED" fi - cp "${REXKEY}.sec" "$SECUNEXPIRED" - cp "${REXKEY}.pub" "$PUBUNEXPIRED" fi + if [ ! -e "${KEY}.pub" ]; then + local K="keys/$(echo "$SIGNER" | tr 'A-Z' 'a-z' | tr -d ' ,')" + cat "${K}.pub" >> "${KEY}.new.pub" + cat "${K}.sec" >> "${KEY}.new.sec" + fi + done + if [ ! -e "${KEY}.pub" ]; then + mv "${KEY}.new.pub" "${KEY}.pub" + mv "${KEY}.new.sec" "${KEY}.sec" fi + local GPG="aptkey --quiet --keyring ${KEY}.pub --secret-keyring ${KEY}.sec --readonly adv --batch --yes --digest-algo ${APT_TESTS_DIGEST_ALGO:-SHA512}" for RELEASE in $(find "${REPODIR}/" -name Release); do - testsuccess $GPG --default-key "$SIGNER" --armor --detach-sign --sign --output "${RELEASE}.gpg" "${RELEASE}" - local INRELEASE="$(echo "${RELEASE}" | sed 's#/Release$#/InRelease#')" - testsuccess $GPG --default-key "$SIGNER" --clearsign --output "$INRELEASE" "$RELEASE" # we might have set a specific date for the Release file, so copy it - touch -d "$(stat --format "%y" ${RELEASE})" "${RELEASE}.gpg" "${INRELEASE}" + local DATE="$(stat --format "%y" "${RELEASE}")" + if [ "$APT_DONT_SIGN" = 'Release.gpg' ]; then + rm -f "${RELEASE}.gpg" + else + testsuccess $GPG "$@" $SIGUSERS --armor --detach-sign --sign --output "${RELEASE}.gpg" "${RELEASE}" + touch -d "$DATE" "${RELEASE}.gpg" + fi + local INRELEASE="${RELEASE%/*}/InRelease" + if [ "$APT_DONT_SIGN" = 'InRelease' ]; then + rm -f "$INRELEASE" + else + testsuccess $GPG "$@" $SIGUSERS --clearsign --output "$INRELEASE" "$RELEASE" + touch -d "$DATE" "${INRELEASE}" + fi done if [ -f "$SECEXPIREBAK" ] && [ -f "$PUBEXPIREBAK" ]; then mv -f "$SECEXPIREBAK" "${REXKEY}.sec" @@ -1119,7 +1169,7 @@ signreleasefiles() { } redatereleasefiles() { - local DATE="$(date -d "$1" '+%a, %d %b %Y %H:%M:%S %Z')" + local DATE="$(date -u -d "$1" '+%a, %d %b %Y %H:%M:%S %Z')" for release in $(find aptarchive/ -name 'Release'); do sed -i "s/^Date: .*$/Date: ${DATE}/" "$release" touch -d "$DATE" "$release" @@ -1655,8 +1705,9 @@ testfailure() { local EXITCODE=$? if expr match "$1" '^apt.*' >/dev/null; then if [ "$1" = 'aptkey' ]; then - if grep -q -E " Can't check signature: " "$OUTPUT" || \ - grep -q -E " BAD signature from " "$OUTPUT"; then + if grep -q " Can't check signature: + BAD signature from + signature could not be verified" "$OUTPUT"; then msgpass else msgfailoutput "run failed with exitcode ${EXITCODE}, but no signature error" "$OUTPUT" "$@"