test: Move --weak-digest initialization to the right place

This was wrong and caused some issues because apt-key invoked
host apt-config with our library.

Gbp-Dch: ignore

diff --git a/test/integration/framework b/test/integration/framework
index 2b7f3f9679641ff5046f8106d5cb6b497b158f41..b65b0b86ff317af0f8680d6a9a633008a814c1fe 100644 (file)
--- a/test/integration/framework
+++ b/test/integration/framework
@@ -389,9 +389,6 @@ EOF
        echo "Acquire::https::CaInfo \"${TMPWORKINGDIRECTORY}/rootdir/etc/webserver.pem\";" > rootdir/etc/apt/apt.conf.d/99https
        echo "Apt::Cmd::Disable-Script-Warning \"1\";" > rootdir/etc/apt/apt.conf.d/apt-binary
        echo 'Acquire::Connect::AddrConfig "false";' > rootdir/etc/apt/apt.conf.d/connect-addrconfig
-       if aptkey verify --weak-digest SHA1 --help 2>/dev/null >/dev/null; then
-               echo 'Acquire::gpgv::Options { "--weak-digest"; "sha1"; };' > rootdir/etc/apt/apt.conf.d/no-sha1
-       fi
 
        configcompression '.' 'gz' #'bz2' 'lzma' 'xz'
        confighashes 'SHA256' # these are tests, not security best-practices
@@ -411,6 +408,12 @@ EOF
        unset LANGUAGE APT_CONFIG
        unset GREP_OPTIONS DEB_BUILD_PROFILES
        unset http_proxy HTTP_PROXY https_proxy HTTPS_PROXY no_proxy
+
+       # If gpgv supports --weak-digest, pass it to make sure we can disable SHA1
+       if aptkey verify --weak-digest SHA1 --help 2>/dev/null >/dev/null; then
+               echo 'Acquire::gpgv::Options { "--weak-digest"; "sha1"; };' > rootdir/etc/apt/apt.conf.d/no-sha1
+       fi
+
        msgdone "info"
 }