else if (Owner->HashesRequired() == true)
consideredOkay = false;
else
+ {
consideredOkay = true;
+ // even if the hashes aren't usable to declare something secure
+ // we can at least use them to declare it an integrity failure
+ if (ExpectedHashes.empty() == false && ReceivedHashes != ExpectedHashes && _config->Find("Acquire::ForceHash").empty())
+ consideredOkay = false;
+ }
if (consideredOkay == true)
consideredOkay = Owner->VerifyDone(Message, Config);
(Type != "MD5Sum")
);
}
+ /*}}}*/
std::string HashString::toStr() const /*{{{*/
{
return Type + ":" + Hash;
echo 'foo' > aptarchive/foo
echo 'bar' > aptarchive/foo2
- msgtest 'apt-file download-file sha1'
+ msgtest 'apt-file download-file' 'md5sum'
+ testsuccess --nomsg apthelper download-file http://localhost:8080/foo ./downloaded/foo2 MD5Sum:d3b07384d113edec49eaa6238ad5ff00
+ testfileequal ./downloaded/foo2 'foo'
+
+ msgtest 'apt-file download-file' 'sha1'
testsuccess --nomsg apthelper download-file http://localhost:8080/foo ./downloaded/foo1 SHA1:f1d2d2f924e986ac86fdf7b36c94bcdf32beec15
testfileequal ./downloaded/foo1 'foo'
- msgtest 'apt-file download-file sha256'
+ msgtest 'apt-file download-file' 'sha256'
testsuccess --nomsg apthelper download-file http://localhost:8080/foo ./downloaded/foo3 SHA256:b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c
testfileequal ./downloaded/foo3 'foo'
- msgtest 'apt-file download-file no-hash'
+ msgtest 'apt-file download-file' 'no-hash'
testsuccess --nomsg apthelper download-file http://localhost:8080/foo ./downloaded/foo4
testfileequal ./downloaded/foo4 'foo'
-
- msgtest 'apt-file download-file wrong hash'
- testfailure --nomsg apthelper -qq download-file http://localhost:8080/foo ./downloaded/foo5 SHA256:aabbcc
+
+ msgtest 'apt-file download-file' 'wrong md5sum'
+ testfailure --nomsg apthelper -qq download-file http://localhost:8080/foo ./downloaded/foo5 MD5Sum:aabbcc
testfileequal rootdir/tmp/testfailure.output 'E: Failed to fetch http://localhost:8080/foo Hash Sum mismatch
E: Download Failed'
testfileequal ./downloaded/foo5.FAILED 'foo'
- msgtest 'apt-file download-file sha256 sha1'
- testsuccess --nomsg apthelper download-file http://localhost:8080/foo ./downloaded/foo6 SHA256:b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c http://localhost:8080/foo2 ./downloaded/foo7 SHA1:e242ed3bffccdf271b7fbaf34ed72d089537b42f
- testfileequal ./downloaded/foo6 'foo'
+ msgtest 'apt-file download-file' 'wrong sha256'
+ testfailure --nomsg apthelper -qq download-file http://localhost:8080/foo ./downloaded/foo6 SHA256:aabbcc
+ testfileequal rootdir/tmp/testfailure.output 'E: Failed to fetch http://localhost:8080/foo Hash Sum mismatch
+
+E: Download Failed'
+ testfileequal ./downloaded/foo6.FAILED 'foo'
+
+ msgtest 'apt-file download-file' 'sha256 sha1'
+ testsuccess --nomsg apthelper download-file http://localhost:8080/foo ./downloaded/foo8 SHA256:b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c http://localhost:8080/foo2 ./downloaded/foo7 SHA1:e242ed3bffccdf271b7fbaf34ed72d089537b42f
+ testfileequal ./downloaded/foo8 'foo'
testfileequal ./downloaded/foo7 'bar'
+
+ msgtest 'apt-file download-file' 'md5sum sha1'
+ testsuccess --nomsg apthelper download-file http://localhost:8080/foo ./downloaded/foo9 MD5Sum:d3b07384d113edec49eaa6238ad5ff00 http://localhost:8080/foo2 ./downloaded/foo10 SHA1:e242ed3bffccdf271b7fbaf34ed72d089537b42f
+ testfileequal ./downloaded/foo9 'foo'
+ testfileequal ./downloaded/foo10 'bar'
}
test_apt_helper_detect_proxy() {
#!/bin/sh
-#
-# FIXME: this test is mostly meaningless now as we do not consider
-# md5sum sufficient anyway. useful to test that it errors
-# if not all hashes pass
set -e
TESTDIR=$(readlink -f $(dirname $0))
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 3 pkg-sha256-bad_1.0.dsc
bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 3 pkg-sha256-bad_1.0.tar.gz
+Package: pkg-md5-bad
+Binary: pkg-md5-bad
+Version: 1.0
+Maintainer: Joe Sixpack <joe@example.org>
+Architecture: all
+Files:
+ aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 3 pkg-md5-bad_1.0.dsc
+ bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 3 pkg-md5-bad_1.0.tar.gz
+
Package: pkg-no-md5
Binary: pkg-no-md5
Version: 1.0
# create fetchable files
for x in 'pkg-md5-ok' 'pkg-sha256-ok' 'pkg-sha256-bad' 'pkg-no-md5' \
'pkg-mixed-ok' 'pkg-mixed-sha1-bad' 'pkg-mixed-sha2-bad' \
- 'pkg-md5-agree' 'pkg-md5-disagree' 'pkg-sha256-disagree'; do
+ 'pkg-md5-agree' 'pkg-md5-disagree' 'pkg-sha256-disagree' \
+ 'pkg-md5-bad'; do
echo -n 'dsc' > aptarchive/${x}_1.0.dsc
echo -n 'tar' > aptarchive/${x}_1.0.tar.gz
done
-setupaptarchive
+setupaptarchive --no-update
changetowebserver
testsuccess aptget update
rm -f ${1}_1.0.dsc ${1}_1.0.tar.gz
}
+testnohash() {
+ #FIXME: Maybe we should fail in this case instead of skipping
+ rm -f ${1}_1.0.dsc ${1}_1.0.tar.gz
+ testsuccessequal "Reading package lists...
+Building dependency tree...
+Skipping download of file '${1}_1.0.dsc' as requested hashsum is not available for authentication
+Skipping download of file '${1}_1.0.tar.gz' as requested hashsum is not available for authentication
+Need to get 0 B of source archives.
+Download complete and in download only mode" aptget source -d "$@"
+ msgtest 'Files are not downloaded for' "$1"
+ testfailure --nomsg test -e ${1}_1.0.dsc -o -e ${1}_1.0.tar.gz
+}
+
testmismatch() {
rm -f ${1}_1.0.dsc ${1}_1.0.tar.gz
testfailureequal "Reading package lists...
msgtest 'Files were not download as they have hashsum mismatches for' "$1"
testfailure --nomsg test -e ${1}_1.0.dsc -a -e ${1}_1.0.tar.gz
- rm -f ${1}_1.0.dsc ${1}_1.0.tar.gz
- testsuccessequal "Reading package lists...
+ if [ "$2" != '--allow-unauthenticated' ]; then
+ rm -f ${1}_1.0.dsc ${1}_1.0.tar.gz
+ testsuccessequal "Reading package lists...
Building dependency tree...
-Skipping download of file 'pkg-sha256-bad_1.0.dsc' as requested hashsum is not available for authentication
-Skipping download of file 'pkg-sha256-bad_1.0.tar.gz' as requested hashsum is not available for authentication
+Skipping download of file '${1}_1.0.dsc' as requested hashsum is not available for authentication
+Skipping download of file '${1}_1.0.tar.gz' as requested hashsum is not available for authentication
Need to get 0 B of source archives.
Download complete and in download only mode" aptget source -d "$@" -o Acquire::ForceHash=ROT26
- msgtest 'Files were not download as hash is unavailable for' "$1"
- testfailure --nomsg test -e ${1}_1.0.dsc -a -e ${1}_1.0.tar.gz
+ msgtest 'Files were not download as hash is unavailable for' "$1"
+ testfailure --nomsg test -e ${1}_1.0.dsc -a -e ${1}_1.0.tar.gz
+ fi
rm -f ${1}_1.0.dsc ${1}_1.0.tar.gz
testsuccessequal "Reading package lists...
testsuccess --nomsg test -e ${1}_1.0.dsc -a -e ${1}_1.0.tar.gz
}
-#testok pkg-md5-ok
-#testkeep pkg-md5-ok
+testnohash pkg-md5-ok
testok pkg-sha256-ok
testkeep pkg-sha256-ok
# checking the best available hash (as it should), this will trigger
# a hash mismatch.
testmismatch pkg-sha256-bad
-testmismatch pkg-sha256-bad
testok pkg-sha256-bad -o Acquire::ForceHash=MD5Sum
+testnohash pkg-md5-bad
+testmismatch pkg-md5-bad --allow-unauthenticated
+
# not having MD5 sum doesn't mean the file doesn't exist at all …
-#testok pkg-no-md5
+testok pkg-no-md5
testok pkg-no-md5 -o Acquire::ForceHash=SHA256
testsuccessequal "Reading package lists...
Building dependency tree...
testsuccess --nomsg test -e pkg-mixed-sha2-bad_1.0.dsc -a ! -e pkg-mixed-sha2-bad_1.0.tar.gz
# it gets even more pathologic: multiple entries for one file, some even disagreeing!
-#testok pkg-md5-agree
+testnohash pkg-md5-agree
testfailureequal 'Reading package lists...
Building dependency tree...
E: Error parsing checksum in Files of source package pkg-md5-disagree' aptget source -d pkg-md5-disagree
EXPECT_EQ(NULL, list.find(NULL));
EXPECT_EQ(NULL, list.find(""));
EXPECT_EQ(NULL, list.find("MD5Sum"));
+ EXPECT_EQ(NULL, list.find("ROT26"));
+ EXPECT_EQ(NULL, list.find("SHA1"));
EXPECT_EQ(0, list.FileSize());
// empty lists aren't equal
EXPECT_FALSE(list.usable());
EXPECT_EQ(1, list.size());
EXPECT_EQ(29, list.FileSize());
+ list.push_back(HashString("MD5Sum", "d41d8cd98f00b204e9800998ecf8427e"));
+ EXPECT_FALSE(list.empty());
+ EXPECT_FALSE(list.usable());
+ EXPECT_EQ(2, list.size());
+ EXPECT_EQ(29, list.FileSize());
+ EXPECT_TRUE(NULL != list.find("MD5Sum"));
+ list.push_back(HashString("SHA1", "cacecbd74968bc90ea3342767e6b94f46ddbcafc"));
+ EXPECT_TRUE(list.usable());
+ EXPECT_EQ(3, list.size());
+ EXPECT_EQ(29, list.FileSize());
+ EXPECT_TRUE(NULL != list.find("MD5Sum"));
+ EXPECT_TRUE(NULL != list.find("SHA1"));
Hashes hashes;
hashes.Add("The quick brown fox jumps over the lazy dog");
projects / apt.git / commitdiff
