X-Git-Url: https://git.saurik.com/apt.git/blobdiff_plain/ab94dcece2465f824bea80fc9158bf9a028b2e87..0343b48e06fb990ee15a020bc6716b1a5a984e14:/test/integration/test-apt-update-weak-hashes diff --git a/test/integration/test-apt-update-weak-hashes b/test/integration/test-apt-update-weak-hashes index 9395b10b0..b07dba6a2 100755 --- a/test/integration/test-apt-update-weak-hashes +++ b/test/integration/test-apt-update-weak-hashes @@ -58,6 +58,16 @@ N: See apt-secure(8) manpage for repository creation and user configuration deta testbadpkg 'foo' fi + msgmsg "$TYPE contains only weak hashes, but source allows weak" + sed -i 's#^deb\(-src\)\? #deb\1 [allow-weak=yes] #' rootdir/etc/apt/sources.list.d/* + genericprepare + testwarningmsg "W: No Hash entry in Release file ${MANGLED} which is considered strong enough for security purposes +W: The repository 'file:${APTARCHIVE} unstable $(basename "$FILENAME")' provides only weak security information. +N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use. +N: See apt-secure(8) manpage for repository creation and user configuration details." apt update "$@" + testbadpkg 'foo' + sed -i 's#^deb\(-src\)\? \[allow-weak=yes\] #deb\1 #' rootdir/etc/apt/sources.list.d/* + msgmsg "$TYPE contains no hashes" generatereleasefiles sed -i -e '/^ / d' -e '/^MD5Sum:/ d' "$APTARCHIVE/dists/unstable/Release" @@ -85,10 +95,15 @@ N: See apt-secure(8) manpage for repository creation and user configuration deta sed -i '/^ [0-9a-fA-Z]\{64\} .*Sources$/d' "$APTARCHIVE/dists/unstable/Release" signreleasefiles preparetest - # trust is a repository property, so individual files can't be insecure - testwarningmsg "W: Skipping acquire of configured file 'main/source/Sources' as repository 'file:${APTARCHIVE} unstable InRelease' provides only weak security information for it" apt update "$@" + if [ -z "$1" ]; then + testwarningmsg "W: Skipping acquire of configured file 'main/source/Sources' as repository 'file:${APTARCHIVE} unstable InRelease' provides only weak security information for it" apt update + testnosrcpackage foo + else + rm -f rootdir/var/lib/apt/lists/partial/* + testsuccess apt update "$@" + testnotempty apt showsrc foo + fi testsuccess apt show foo - testnosrcpackage foo } genericprepare() { @@ -107,14 +122,14 @@ preparetest() { genericprepare } testrun 'InRelease' "${APTARCHIVE}/dists/unstable/InRelease" -testrun 'InRelease' "${APTARCHIVE}/dists/unstable/InRelease" --allow-insecure-repositories -o APT::Get::List-Cleanup=0 +testrun 'InRelease' "${APTARCHIVE}/dists/unstable/InRelease" --allow-weak-repositories -o APT::Get::List-Cleanup=0 preparetest() { rm -f "${APTARCHIVE}/dists/unstable/InRelease" genericprepare } testrun 'Release+Release.gpg' "${APTARCHIVE}/dists/unstable/Release" -testrun 'Release+Release.gpg' "${APTARCHIVE}/dists/unstable/Release" --allow-insecure-repositories -o APT::Get::List-Cleanup=0 +testrun 'Release+Release.gpg' "${APTARCHIVE}/dists/unstable/Release" --allow-weak-repositories -o APT::Get::List-Cleanup=0 preparetest() { rm -f "${APTARCHIVE}/dists/unstable/InRelease" "${APTARCHIVE}/dists/unstable/Release.gpg" @@ -124,18 +139,18 @@ preparetest() { msgmsg 'Moving between Release files with good and bad hashes' rm -rf rootdir/var/lib/apt/lists confighashes 'MD5' -generatereleasefiles 'now - 1 day' +generatereleasefiles 'now - 7 days' signreleasefiles testfailure apt update testnopkg 'foo' -testwarning apt update --allow-insecure-repositories +testwarning apt update --allow-weak-repositories testbadpkg 'foo' confighashes 'MD5' 'SHA256' rm -rf aptarchive/dists insertpackage 'unstable' 'foo2' 'i386' '1.0' insertsource 'unstable' 'foo2' 'any' '1.0' -setupaptarchive --no-update 'now - 12 hours' +setupaptarchive --no-update 'now - 5 days' testsuccess apt update testnopkg foo testnotempty find rootdir/var/lib/apt/lists -maxdepth 1 -name '*InRelease' -o -name '*Release.gpg' @@ -146,13 +161,42 @@ confighashes 'MD5' rm -rf aptarchive/dists insertpackage 'unstable' 'foo3' 'i386' '1.0' insertsource 'unstable' 'foo3' 'any' '1.0' -setupaptarchive --no-update +setupaptarchive --no-update 'now - 3 days' testfailure apt update testnopkg foo testnopkg foo3 testnotempty find rootdir/var/lib/apt/lists -maxdepth 1 -name '*InRelease' -o -name '*Release.gpg' testnotempty apt show foo2 testnotempty apt showsrc foo2 -testwarning apt update --allow-insecure-repositories +testwarning apt update --allow-weak-repositories testnopkg foo2 testbadpkg foo3 + +msgmsg 'Working with packages guarded only by weak hashes' +confighashes 'MD5' +rm -rf aptarchive/dists +buildsimplenativepackage 'foo4' 'i386' '1' 'unstable' +setupaptarchive --no-update +testfailure apt update +confighashes 'SHA256' +generatereleasefiles 'now - 1 day' +signreleasefiles +testsuccess apt update +cd downloaded +testfailure apt download foo4 +cp ../rootdir/tmp/testfailure.output download.output +testfailure grep 'Hash Sum mismatch' download.output +testsuccess grep 'Insufficient information' download.output + +testsuccess apt install foo4 -s +testfailure apt install foo4 -dy +cp ../rootdir/tmp/testfailure.output install.output +testfailure grep 'Hash Sum mismatch' install.output +testsuccess grep 'Insufficient information' download.output + +testsuccess apt source foo4 +cp ../rootdir/tmp/testsuccess.output source.output +testsuccess grep 'Skipping download of file' source.output +testfailure test -e foo4_1.dsc +testsuccess test -e foo4_1.tar.* +cd ..