X-Git-Url: https://git.saurik.com/apt.git/blobdiff_plain/d7a4635391d9ff36152603ab6faa6eafa206750a..8d1cb6da6e21302c654da3f09de3975af7e4a11f:/test/integration/test-policy-pinning?ds=sidebyside diff --git a/test/integration/test-policy-pinning b/test/integration/test-policy-pinning index 8eb4bcbad..30238bd87 100755 --- a/test/integration/test-policy-pinning +++ b/test/integration/test-policy-pinning @@ -1,8 +1,8 @@ #!/bin/sh set -e -TESTDIR=$(readlink -f $(dirname $0)) -. $TESTDIR/framework +TESTDIR="$(readlink -f "$(dirname "$0")")" +. "$TESTDIR/framework" setupenvironment configarchitecture "i386" @@ -17,94 +17,87 @@ testequalpolicy() { local SP="$1" local AP="$2" shift 2 - testequal "Package files: + testsuccessequal "Package files: $(echo "$SP" | awk '{ printf("%3s\n",$0) }') ${STATUS} release a=now - $(echo "$AP" | awk '{ printf("%3s\n",$0) }') file:${APTARCHIVE}/ Packages + $(echo "$AP" | awk '{ printf("%3s\n",$0) }') file:${APTARCHIVE} Packages release c= -Pinned packages:" aptcache policy $* +Pinned packages:" aptcache policy "$@" } -aptgetupdate() { - # just to be sure that no old files are used - rm -rf rootdir/var/lib/apt - if aptget update -qq 2>&1 | grep '^E: '; then - msgwarn 'apt-get update failed with an error' - fi -} +testglobalpolicy() { + aptgetupdate -### not signed archive + testequalpolicy 100 500 + testequalpolicy 990 500 -t now -aptgetupdate -testequalpolicy 100 500 -testequalpolicy 990 500 -t now + sed -i aptarchive/Release -e 1i"NotAutomatic: yes" + aptgetupdate -sed -i aptarchive/Release -e 1i"NotAutomatic: yes" -aptgetupdate - -testequalpolicy 100 1 -o Test=NotAutomatic -testequalpolicy 990 1 -o Test=NotAutomatic -t now + testequalpolicy 100 1 -o Test=NotAutomatic + testequalpolicy 990 1 -o Test=NotAutomatic -t now -sed -i aptarchive/Release -e 1i"ButAutomaticUpgrades: yes" -aptgetupdate + sed -i aptarchive/Release -e 1i"ButAutomaticUpgrades: yes" + aptgetupdate -testequalpolicy 100 100 -o Test=ButAutomaticUpgrades -testequalpolicy 990 100 -o Test=ButAutomaticUpgrades -t now + testequalpolicy 100 100 -o Test=ButAutomaticUpgrades + testequalpolicy 990 100 -o Test=ButAutomaticUpgrades -t now -sed -i aptarchive/Release -e 's#NotAutomatic: yes#NotAutomatic: no#' -e '/ButAutomaticUpgrades: / d' -aptgetupdate + sed -i aptarchive/Release -e 's#NotAutomatic: yes#NotAutomatic: no#' -e '/ButAutomaticUpgrades: / d' + aptgetupdate -testequalpolicy 100 500 -o Test=Automatic -testequalpolicy 990 500 -o Test=Automatic -t now + testequalpolicy 100 500 -o Test=Automatic + testequalpolicy 990 500 -o Test=Automatic -t now -sed -i aptarchive/Release -e '/NotAutomatic: / d' -e '/ButAutomaticUpgrades: / d' - -### signed but no key in trusted - -signreleasefiles 'Marvin Paranoid' -aptgetupdate -testequalpolicy 100 500 -testequalpolicy 990 500 -t now - -sed -i aptarchive/Release -e 1i"NotAutomatic: yes" -signreleasefiles 'Marvin Paranoid' -aptgetupdate - -testequalpolicy 100 1 -o Test=NotAutomatic -testequalpolicy 990 1 -o Test=NotAutomatic -t now - -sed -i aptarchive/Release -e 1i"ButAutomaticUpgrades: yes" -signreleasefiles 'Marvin Paranoid' -aptgetupdate + sed -i aptarchive/Release -e '/NotAutomatic: / d' -e '/ButAutomaticUpgrades: / d' +} -testequalpolicy 100 100 -o Test=ButAutomaticUpgrades -testequalpolicy 990 100 -o Test=ButAutomaticUpgrades -t now +msgmsg 'Test with not signed archive' +aptgetupdate() { + rm -rf rootdir/var/lib/apt + testwarning aptget update --allow-insecure-repositories +} +testglobalpolicy -sed -i aptarchive/Release -e 's#NotAutomatic: yes#NotAutomatic: no#' -e '/ButAutomaticUpgrades: / d' -signreleasefiles 'Marvin Paranoid' -aptgetupdate +msgmsg 'Test with signed but no key in trusted' +aptgetupdate() { + rm -rf rootdir/var/lib/apt + signreleasefiles 'Marvin Paranoid' + testwarning aptget update --allow-insecure-repositories +} +testglobalpolicy -testequalpolicy 100 500 -o Test=Automatic -testequalpolicy 990 500 -o Test=Automatic -t now +# much the same tests will be executed below in more detail again for this one +msgmsg 'Test with signed and valid key' +aptgetupdate() { + rm -rf rootdir/var/lib/apt + signreleasefiles 'Joe Sixpack' + testsuccess aptget update +} +testglobalpolicy -### signed and valid key +msgmsg 'Test with specific packages' buildsimplenativepackage "coolstuff" "all" "1.0" "stable" buildsimplenativepackage "coolstuff" "all" "2.0~bpo1" "backports" setupaptarchive +testsuccessequal "coolstuff: + Installed: (none) + Candidate: 2.0~bpo1 + Version table: + 2.0~bpo1 500 + 500 file:${APTARCHIVE} backports/main all Packages + 1.0 500 + 500 file:${APTARCHIVE} stable/main all Packages" apt policy '^cool.*' + testequalpolicycoolstuff() { local INSTALLED="${1:-(none)}" local CANDIDATE="${2:-(none)}" local AB="$3" local AS="$4" local PB="$5" - local PINVERSION="$6" - if [ -n "$PINVERSION" ]; then - PINVERSION="Package pin: $PINVERSION - " - fi local IS="" local IB="" local SB="" @@ -116,40 +109,41 @@ testequalpolicycoolstuff() { local BPO1ARCHIVE="" local BPO2ARCHIVE="" if [ ! "$7" = "2.0~bpo2" ]; then - BPO1ARCHIVE=" $(echo "$AB" | awk '{ printf("%3s\n",$0) }') file:${APTARCHIVE}/ backports/main i386 Packages" + BPO1PIN="$AB" + BPO1ARCHIVE=" $(echo "$AB" | awk '{ printf("%3s\n",$0) }') file:${APTARCHIVE} backports/main all Packages" else BPO2ARCHIVE=" - 2.0~bpo2 $PB - $(echo "$AB" | awk '{ printf("%3s\n",$0) }') file:${APTARCHIVE}/ backports/main i386 Packages" + 2.0~bpo2 $AB + $(echo "$AB" | awk '{ printf("%3s\n",$0) }') file:${APTARCHIVE} backports/main all Packages" SB="$(echo "$SB" | tail -n 1)" shift fi shift 6 - testequal "coolstuff: + testsuccessequal "coolstuff: Installed: $INSTALLED Candidate: $CANDIDATE - ${PINVERSION}Version table:${BPO2ARCHIVE} + Version table:${BPO2ARCHIVE} $IB 2.0~bpo1 $PB ${BPO1ARCHIVE}$SB - $IS 1.0 $PB - $(echo "$AS" | awk '{ printf("%3s\n",$0) }') file:${APTARCHIVE}/ stable/main i386 Packages$SS" \ + $IS 1.0 $AS + $(echo "$AS" | awk '{ printf("%3s\n",$0) }') file:${APTARCHIVE} stable/main all Packages$SS" \ aptcache policy coolstuff -o Policy=${INSTALLED}-${CANDIDATE}-${AB}-${AS}-${PB} $* } -testequalpolicycoolstuff "" "2.0~bpo1" 500 500 0 "" -testequalpolicycoolstuff "" "1.0" 500 990 0 "" -t stable -testequalpolicycoolstuff "" "2.0~bpo1" 990 500 0 "" -t backports +testequalpolicycoolstuff "" "2.0~bpo1" 500 500 500 "" +testequalpolicycoolstuff "" "1.0" 500 990 500 "" -t stable +testequalpolicycoolstuff "" "2.0~bpo1" 990 500 990 "" -t backports echo "Package: * Pin: release n=backports Pin-Priority: 200" > rootdir/etc/apt/preferences -testequalpolicycoolstuff "" "1.0" 200 500 0 "" -o Test=GlobalPin -testequalpolicycoolstuff "" "1.0" 200 990 0 "" -o Test=GlobalPin -t stable -testequalpolicycoolstuff "" "2.0~bpo1" 990 500 0 "" -o Test=GlobalPin -t backports +testequalpolicycoolstuff "" "1.0" 200 500 200 "" -o Test=GlobalPin +testequalpolicycoolstuff "" "1.0" 200 990 200 "" -o Test=GlobalPin -t stable +testequalpolicycoolstuff "" "2.0~bpo1" 990 500 990 "" -o Test=GlobalPin -t backports echo "Package: * Pin: release n=backports Pin-Priority: 600" > rootdir/etc/apt/preferences -testequalpolicycoolstuff "" "2.0~bpo1" 600 500 0 "" -o Test=GlobalPin -testequalpolicycoolstuff "" "1.0" 600 990 0 "" -o Test=GlobalPin -t stable +testequalpolicycoolstuff "" "2.0~bpo1" 600 500 600 "" -o Test=GlobalPin +testequalpolicycoolstuff "" "1.0" 600 990 600 "" -o Test=GlobalPin -t stable echo "Package: coolstuff Pin: release n=backports Pin-Priority: 200" > rootdir/etc/apt/preferences @@ -176,18 +170,18 @@ sed -i aptarchive/dists/backports/Release -e 1i"NotAutomatic: yes" signreleasefiles aptgetupdate -testequalpolicycoolstuff "" "1.0" 1 500 0 "" -o Test=NotAutomatic -testequalpolicycoolstuff "" "1.0" 1 990 0 "" -o Test=NotAutomatic -t stable -testequalpolicycoolstuff "" "2.0~bpo1" 990 500 0 "" -o Test=NotAutomatic -t backports +testequalpolicycoolstuff "" "1.0" 1 500 1 "" -o Test=NotAutomatic +testequalpolicycoolstuff "" "1.0" 1 990 1 "" -o Test=NotAutomatic -t stable +testequalpolicycoolstuff "" "2.0~bpo1" 990 500 990 "" -o Test=NotAutomatic -t backports echo "Package: * Pin: release n=backports Pin-Priority: 200" > rootdir/etc/apt/preferences -testequalpolicycoolstuff "" "1.0" 200 500 0 "" -o Test=NotAutomatic +testequalpolicycoolstuff "" "1.0" 200 500 200 "" -o Test=NotAutomatic echo "Package: * Pin: release n=backports Pin-Priority: 600" > rootdir/etc/apt/preferences -testequalpolicycoolstuff "" "2.0~bpo1" 600 500 0 "" -o Test=NotAutomatic -testequalpolicycoolstuff "" "1.0" 600 990 0 "" -o Test=NotAutomatic -t stable +testequalpolicycoolstuff "" "2.0~bpo1" 600 500 600 "" -o Test=NotAutomatic +testequalpolicycoolstuff "" "1.0" 600 990 600 "" -o Test=NotAutomatic -t stable echo "Package: coolstuff Pin: release n=backports Pin-Priority: 200" > rootdir/etc/apt/preferences @@ -204,18 +198,18 @@ sed -i aptarchive/dists/backports/Release -e 1i"ButAutomaticUpgrades: yes" signreleasefiles aptgetupdate -testequalpolicycoolstuff "" "1.0" 100 500 0 "" -o Test=ButAutomaticUpgrades -testequalpolicycoolstuff "" "1.0" 100 990 0 "" -o Test=ButAutomaticUpgrades -t stable -testequalpolicycoolstuff "" "2.0~bpo1" 990 500 0 "" -o Test=ButAutomaticUpgrades -t backports +testequalpolicycoolstuff "" "1.0" 100 500 100 "" -o Test=ButAutomaticUpgrades +testequalpolicycoolstuff "" "1.0" 100 990 100 "" -o Test=ButAutomaticUpgrades -t stable +testequalpolicycoolstuff "" "2.0~bpo1" 990 500 990 "" -o Test=ButAutomaticUpgrades -t backports echo "Package: * Pin: release n=backports Pin-Priority: 200" > rootdir/etc/apt/preferences -testequalpolicycoolstuff "" "1.0" 200 500 0 "" -o Test=ButAutomaticUpgrades +testequalpolicycoolstuff "" "1.0" 200 500 200 "" -o Test=ButAutomaticUpgrades echo "Package: * Pin: release n=backports Pin-Priority: 600" > rootdir/etc/apt/preferences -testequalpolicycoolstuff "" "2.0~bpo1" 600 500 0 "" -o Test=ButAutomaticUpgrades -testequalpolicycoolstuff "" "1.0" 600 990 0 "" -o Test=ButAutomaticUpgrades -t stable +testequalpolicycoolstuff "" "2.0~bpo1" 600 500 600 "" -o Test=ButAutomaticUpgrades +testequalpolicycoolstuff "" "1.0" 600 990 600 "" -o Test=ButAutomaticUpgrades -t stable echo "Package: coolstuff Pin: release n=backports Pin-Priority: 200" > rootdir/etc/apt/preferences @@ -229,18 +223,18 @@ testequalpolicycoolstuff "" "1.0" 100 990 600 "2.0~bpo1" -o Test=ButAutomaticUpg rm rootdir/etc/apt/preferences testsuccess aptget install coolstuff -y -testequalpolicycoolstuff "1.0" "1.0" 100 500 0 "" -o Test=ButAutomaticUpgrades +testequalpolicycoolstuff "1.0" "1.0" 100 500 100 "" -o Test=ButAutomaticUpgrades testsuccess aptget dist-upgrade -y -testequalpolicycoolstuff "1.0" "1.0" 100 500 0 "" -o Test=ButAutomaticUpgrades -testequalpolicycoolstuff "1.0" "1.0" 100 990 0 "" -o Test=ButAutomaticUpgrades -t stable -testequalpolicycoolstuff "1.0" "2.0~bpo1" 990 500 0 "" -o Test=ButAutomaticUpgrades -t backports +testequalpolicycoolstuff "1.0" "1.0" 100 500 100 "" -o Test=ButAutomaticUpgrades +testequalpolicycoolstuff "1.0" "1.0" 100 990 100 "" -o Test=ButAutomaticUpgrades -t stable +testequalpolicycoolstuff "1.0" "2.0~bpo1" 990 500 990 "" -o Test=ButAutomaticUpgrades -t backports testsuccess aptget install coolstuff -t backports -y -testequalpolicycoolstuff "2.0~bpo1" "2.0~bpo1" 100 500 0 "" -o Test=ButAutomaticUpgrades +testequalpolicycoolstuff "2.0~bpo1" "2.0~bpo1" 100 500 100 "" -o Test=ButAutomaticUpgrades testsuccess aptget dist-upgrade -y -testequalpolicycoolstuff "2.0~bpo1" "2.0~bpo1" 100 500 0 "" -o Test=ButAutomaticUpgrades -testequalpolicycoolstuff "2.0~bpo1" "2.0~bpo1" 100 990 0 "" -o Test=ButAutomaticUpgrades -t stable -testequalpolicycoolstuff "2.0~bpo1" "2.0~bpo1" 990 500 0 "" -o Test=ButAutomaticUpgrades -t backports +testequalpolicycoolstuff "2.0~bpo1" "2.0~bpo1" 100 500 100 "" -o Test=ButAutomaticUpgrades +testequalpolicycoolstuff "2.0~bpo1" "2.0~bpo1" 100 990 100 "" -o Test=ButAutomaticUpgrades -t stable +testequalpolicycoolstuff "2.0~bpo1" "2.0~bpo1" 990 500 990 "" -o Test=ButAutomaticUpgrades -t backports rm incoming/backports.main.pkglist incoming/backports.main.srclist buildsimplenativepackage "coolstuff" "all" "2.0~bpo2" "backports" @@ -250,14 +244,118 @@ sed -i aptarchive/dists/backports/Release -e 1i"NotAutomatic: yes" signreleasefiles aptgetupdate -testequalpolicycoolstuff "2.0~bpo1" "2.0~bpo1" 1 500 0 "" "2.0~bpo2" -o Test=NotAutomatic -testequalpolicycoolstuff "2.0~bpo1" "2.0~bpo1" 1 990 0 "" "2.0~bpo2" -o Test=NotAutomatic -t stable -testequalpolicycoolstuff "2.0~bpo1" "2.0~bpo2" 990 500 0 "" "2.0~bpo2" -o Test=NotAutomatic -t backports +testequalpolicycoolstuff "2.0~bpo1" "2.0~bpo1" 1 500 100 "" "2.0~bpo2" -o Test=NotAutomatic +testequalpolicycoolstuff "2.0~bpo1" "2.0~bpo1" 1 990 100 "" "2.0~bpo2" -o Test=NotAutomatic -t stable +testequalpolicycoolstuff "2.0~bpo1" "2.0~bpo2" 990 500 100 "" "2.0~bpo2" -o Test=NotAutomatic -t backports sed -i aptarchive/dists/backports/Release -e 1i"ButAutomaticUpgrades: yes" signreleasefiles aptgetupdate -testequalpolicycoolstuff "2.0~bpo1" "2.0~bpo2" 100 500 0 "" "2.0~bpo2" -o Test=ButAutomaticUpgrades -testequalpolicycoolstuff "2.0~bpo1" "2.0~bpo2" 100 990 0 "" "2.0~bpo2" -o Test=ButAutomaticUpgrades -t stable -testequalpolicycoolstuff "2.0~bpo1" "2.0~bpo2" 990 500 0 "" "2.0~bpo2" -o Test=ButAutomaticUpgrades -t backports +testequalpolicycoolstuff "2.0~bpo1" "2.0~bpo2" 100 500 100 "" "2.0~bpo2" -o Test=ButAutomaticUpgrades +testequalpolicycoolstuff "2.0~bpo1" "2.0~bpo2" 100 990 100 "" "2.0~bpo2" -o Test=ButAutomaticUpgrades -t stable +testequalpolicycoolstuff "2.0~bpo1" "2.0~bpo2" 990 500 100 "" "2.0~bpo2" -o Test=ButAutomaticUpgrades -t backports + + +tmppath=$(readlink -f .) + +# Check 16-bit integers +echo "Package: coolstuff +Pin: release n=backports +Pin-Priority: 32767 +" > rootdir/etc/apt/preferences + +testsuccess aptget install -s coolstuff -o PinPriority=32767 + +echo "Package: coolstuff +Pin: release n=backports +Pin-Priority: -32768 +" > rootdir/etc/apt/preferences +testsuccess aptget install -s coolstuff -o PinPriority=-32768 + +# Check for 32-bit integers +echo "Package: coolstuff +Pin: release n=backports +Pin-Priority: 32768 +" > rootdir/etc/apt/preferences + +testfailureequal "Reading package lists... +E: ${tmppath}/rootdir/etc/apt/preferences: Value 32768 is outside the range of valid pin priorities (-32768 to 32767)" \ + aptget install -s coolstuff -o PinPriority=32768 + + +echo "Package: coolstuff +Pin: release n=backports +Pin-Priority: -32769 +" > rootdir/etc/apt/preferences + +testfailureequal "Reading package lists... +E: ${tmppath}/rootdir/etc/apt/preferences: Value -32769 is outside the range of valid pin priorities (-32768 to 32767)" \ + aptget install -s coolstuff -o PinPriority=-32769 + +# Check for 64-bit integers + +echo "Package: coolstuff +Pin: release n=backports +Pin-Priority: 2147483648 +" > rootdir/etc/apt/preferences + +testfailureequal "Reading package lists... +E: Cannot convert 2147483648 to integer: out of range +E: ${tmppath}/rootdir/etc/apt/preferences: Value 2147483648 is outside the range of valid pin priorities (-32768 to 32767)" \ + aptget install -s coolstuff -o PinPriority=2147483648 + +# Check that short-max/min is a valid pin +currentpin() { +echo "Package: * +Pin: release n=backports +Pin-Priority: $1 +" > rootdir/etc/apt/preferences +testsuccessequal "coolstuff: + Installed: 2.0~bpo1 + Candidate: $2 + Version table: + 2.0~bpo2 $1 + $1 file:${tmppath}/aptarchive backports/main all Packages + *** 2.0~bpo1 100 + 100 ${tmppath}/rootdir/var/lib/dpkg/status + 1.0 500 + 500 file:${tmppath}/aptarchive stable/main all Packages" apt policy coolstuff +} +currentpin '32767' '2.0~bpo2' +currentpin '-32768' '2.0~bpo1' + +# Check for 0 +echo "Package: coolstuff +Pin: release n=backports +Pin-Priority: 0 +" > rootdir/etc/apt/preferences + +testfailureequal "Reading package lists... +E: No priority (or zero) specified for pin" \ + aptget install -s coolstuff -o PinPriority=0 + +# Check with comments +echo "#Package: coolstuff +#Pin: release n=backports +#Pin-Priority: 0 + +# Test + +Package: coolstuff +Pin: release n=backports +#Pin: release n=unstable +#Pin-Priority: 999 +Pin-Priority: 999 +#Pin-Priority: 999" > rootdir/etc/apt/preferences + +testsuccessequal "coolstuff: + Installed: 2.0~bpo1 + Candidate: 2.0~bpo2 + Version table: + 2.0~bpo2 999 + 100 file:${tmppath}/aptarchive backports/main all Packages + *** 2.0~bpo1 100 + 100 ${tmppath}/rootdir/var/lib/dpkg/status + 1.0 500 + 500 file:${tmppath}/aptarchive stable/main all Packages" aptcache policy coolstuff