tests: allow to disable generation of InRelease/Release.gpg file

If the test just signs release files to throw away one of them to test
the other, we can just as well save the time and not create it.

Git-Dch: Ignore

diff --git a/test/integration/framework b/test/integration/framework
index 7eaa36415b96ca0950355c4a8262ad156ae5b934..1f843babfdcc3f277482f615795adf04afc79e94 100644 (file)
--- a/test/integration/framework
+++ b/test/integration/framework
@@ -1134,11 +1134,21 @@ signreleasefiles() {
        fi
        local GPG="aptkey --quiet --keyring ${KEY}.pub --secret-keyring ${KEY}.sec --readonly adv --batch --yes --digest-algo ${APT_TESTS_DIGEST_ALGO:-SHA512}"
        for RELEASE in $(find "${REPODIR}/" -name Release); do
-               testsuccess $GPG "$@" $SIGUSERS --armor --detach-sign --sign --output "${RELEASE}.gpg" "${RELEASE}"
-               local INRELEASE="$(echo "${RELEASE}" | sed 's#/Release$#/InRelease#')"
-               testsuccess $GPG "$@" $SIGUSERS --clearsign --output "$INRELEASE" "$RELEASE"
                # we might have set a specific date for the Release file, so copy it
-               touch -d "$(stat --format "%y" ${RELEASE})" "${RELEASE}.gpg" "${INRELEASE}"
+               local DATE="$(stat --format "%y" "${RELEASE}")"
+               if [ "$APT_DONT_SIGN" = 'Release.gpg' ]; then
+                       rm -f "${RELEASE}.gpg"
+               else
+                       testsuccess $GPG "$@" $SIGUSERS --armor --detach-sign --sign --output "${RELEASE}.gpg" "${RELEASE}"
+                       touch -d "$DATE" "${RELEASE}.gpg"
+               fi
+               local INRELEASE="${RELEASE%/*}/InRelease"
+               if [ "$APT_DONT_SIGN" = 'InRelease' ]; then
+                       rm -f "$INRELEASE"
+               else
+                       testsuccess $GPG "$@" $SIGUSERS --clearsign --output "$INRELEASE" "$RELEASE"
+                       touch -d "$DATE" "${INRELEASE}"
+               fi
        done
        if [ -f "$SECEXPIREBAK" ] && [ -f "$PUBEXPIREBAK" ]; then
                mv -f "$SECEXPIREBAK" "${REXKEY}.sec"

diff --git a/test/integration/test-apt-update-nofallback b/test/integration/test-apt-update-nofallback
index d9166eefd10589177aec610a012687dd9c876fec..4db67ee5d2b4150cc93de632548d37de023141a4 100755 (executable)
--- a/test/integration/test-apt-update-nofallback
+++ b/test/integration/test-apt-update-nofallback
@@ -9,8 +9,7 @@ set -e
 simulate_mitm_and_inject_evil_package()
 {
     redatereleasefiles '+1 hour'
-    rm -f "$APTARCHIVE/dists/unstable/InRelease"
-    rm -f "$APTARCHIVE/dists/unstable/Release.gpg"
+    rm -f "$APTARCHIVE/dists/unstable/InRelease" "$APTARCHIVE/dists/unstable/Release.gpg"
     inject_evil_package
 }
 
@@ -126,11 +125,10 @@ test_cve_2012_0214()
     listcurrentlistsdirectory > lists.before
 
     # do what CVE-2012-0214 did
-    rm "$APTARCHIVE/dists/unstable/InRelease"
-    rm "$APTARCHIVE/dists/unstable/Release.gpg"
+    rm "$APTARCHIVE/dists/unstable/InRelease" "$APTARCHIVE/dists/unstable/Release.gpg"
     inject_evil_package
     # build valid Release file
-    aptftparchive -qq release ./aptarchive > aptarchive/dists/unstable/Release 
+    aptftparchive -qq release ./aptarchive > aptarchive/dists/unstable/Release
 
     assert_update_is_refused_and_last_good_state_used
     testfileequal lists.before "$(listcurrentlistsdirectory)"

diff --git a/test/integration/test-hashsum-verification b/test/integration/test-hashsum-verification
index a31be6bcb29dda2878008351ca682c35ef15f6ca..31923bd87b570581fcfee40fa07f70e5d00302d3 100755 (executable)
--- a/test/integration/test-hashsum-verification
+++ b/test/integration/test-hashsum-verification
@@ -44,7 +44,6 @@ SHA256:
  xb306e66e5e6a7169c8d281a888539d1fdca9cecc99ae605717df579d5b9c166              527 Packages.lzma
  x9585d0e66b74c9385727fbea11fea9ab33c716b18a32f3036f037a2b9b57120              572 Packages.xz
 EOF
-        cp aptarchive/Release aptarchive/InRelease
 }
 
 # fake our downloadable file
@@ -56,7 +55,6 @@ runtest() {
        prepare "${PKGFILE}"
        rm -rf rootdir/var/lib/apt/lists
        signreleasefiles 'Joe Sixpack'
-       find aptarchive/ -name "$DELETEFILE" -delete
 
        # test signed release file
        msgtest 'apt-get update gets the expected hashsum mismatch'

diff --git a/test/integration/test-releasefile-date-older b/test/integration/test-releasefile-date-older
index 2d6746b1047d3031f56a4faefaca23f472849bba..e38ddc3c592f37025ec695b0f911ab2494740f20 100755 (executable)
--- a/test/integration/test-releasefile-date-older
+++ b/test/integration/test-releasefile-date-older
@@ -26,40 +26,43 @@ testsuccess aptget update
 testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
 
 msgmsg 'Release.gpg file is silently rejected if' 'new Date is before old Date'
+export APT_DONT_SIGN='InRelease'
 rm -rf rootdir/var/lib/apt/lists
 generatereleasefiles 'now' 'now + 7 days'
 signreleasefiles
-find aptarchive -name 'InRelease' -delete
 testsuccess aptget update
 listcurrentlistsdirectory > listsdir.lst
 redatereleasefiles 'now - 2 days'
-find aptarchive -name 'InRelease' -delete
 testsuccess aptget update
 testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
+unset APT_DONT_SIGN
 
 msgmsg 'Crisscross InRelease/Release.gpg file is silently rejected if' 'new Date is before old Date'
+export APT_DONT_SIGN='Release.gpg'
 rm -rf rootdir/var/lib/apt/lists
 generatereleasefiles 'now' 'now + 7 days'
 signreleasefiles
-find aptarchive -name 'Release.gpg' -delete
 testsuccess aptget update
+export APT_DONT_SIGN='InRelease'
 listcurrentlistsdirectory > listsdir.lst
 redatereleasefiles 'now - 2 days'
-find aptarchive -name 'InRelease' -delete
 testsuccess aptget update
 testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
+unset APT_DONT_SIGN
 
 msgmsg 'Crisscross Release.gpg/InRelease file is silently rejected if' 'new Date is before old Date'
+export APT_DONT_SIGN='InRelease'
 rm -rf rootdir/var/lib/apt/lists
 generatereleasefiles 'now' 'now + 7 days'
 signreleasefiles
 find aptarchive -name 'InRelease' -delete
 testsuccess aptget update
+export APT_DONT_SIGN='Release.gpg'
 listcurrentlistsdirectory > listsdir.lst
 redatereleasefiles 'now - 2 days'
-find aptarchive -name 'Release.gpg' -delete
 testsuccess aptget update
 testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
+unset APT_DONT_SIGN
 
 msgmsg 'Release file has' 'no Date and no Valid-Until field'
 rm -rf rootdir/var/lib/apt/lists

diff --git a/test/integration/test-releasefile-verification b/test/integration/test-releasefile-verification
index 24e7830aab82bcdd4c3f1de7aee7bb1194b40333..a95c20fd45be3fc1f71ef9e7bb212bba6c593155 100755 (executable)
--- a/test/integration/test-releasefile-verification
+++ b/test/integration/test-releasefile-verification
@@ -99,12 +99,10 @@ updatewithwarnings() {
 }
 
 runtest() {
-       local DELETEFILE="$1"
        msgmsg 'Cold archive signed by' 'Joe Sixpack'
        prepare "${PKGFILE}"
        rm -rf rootdir/var/lib/apt/lists
        signreleasefiles 'Joe Sixpack'
-       find aptarchive/ -name "$DELETEFILE" -delete
        successfulaptgetupdate
        testsuccessequal "$(cat "${PKGFILE}")
 " aptcache show apt
@@ -113,7 +111,6 @@ runtest() {
        msgmsg 'Good warm archive signed by' 'Joe Sixpack'
        prepare "${PKGFILE}-new"
        signreleasefiles 'Joe Sixpack'
-       find aptarchive/ -name "$DELETEFILE" -delete
        successfulaptgetupdate
        testsuccessequal "$(cat "${PKGFILE}-new")
 " aptcache show apt
@@ -124,7 +121,6 @@ runtest() {
        rm -rf rootdir/var/lib/apt/lists
        cp keys/rexexpired.pub rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg
        signreleasefiles 'Rex Expired'
-       find aptarchive/ -name "$DELETEFILE" -delete
        updatewithwarnings '^W: .* EXPKEYSIG'
        testsuccessequal "$(cat "${PKGFILE}")
 " aptcache show apt
@@ -144,7 +140,6 @@ runtest() {
                prepare "${PKGFILE}"
                rm -rf rootdir/var/lib/apt/lists
                signreleasefiles 'Joe Sixpack' 'aptarchive' --faked-system-time "20070924T154812" --default-sig-expire 2016-04-01
-               find aptarchive/ -name "$DELETEFILE" -delete
                updatewithwarnings '^W: .* EXPSIG'
                testsuccessequal "$(cat "${PKGFILE}")
 " aptcache show apt
@@ -158,7 +153,6 @@ runtest() {
        prepare "${PKGFILE}"
        rm -rf rootdir/var/lib/apt/lists
        signreleasefiles 'Joe Sixpack,Marvin Paranoid'
-       find aptarchive/ -name "$DELETEFILE" -delete
        successfulaptgetupdate 'NO_PUBKEY'
        testsuccessequal "$(cat "${PKGFILE}")
 " aptcache show apt
@@ -168,7 +162,6 @@ runtest() {
        prepare "${PKGFILE}"
        rm -rf rootdir/var/lib/apt/lists
        signreleasefiles 'Joe Sixpack,Rex Expired'
-       find aptarchive/ -name "$DELETEFILE" -delete
        cp keys/rexexpired.pub rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg
        successfulaptgetupdate 'EXPKEYSIG'
        rm -f rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg
@@ -180,7 +173,6 @@ runtest() {
        prepare "${PKGFILE}"
        rm -rf rootdir/var/lib/apt/lists
        signreleasefiles 'Marvin Paranoid'
-       find aptarchive/ -name "$DELETEFILE" -delete
        updatewithwarnings '^W: .* NO_PUBKEY'
        testsuccessequal "$(cat "${PKGFILE}")
 " aptcache show apt
@@ -189,7 +181,6 @@ runtest() {
        msgmsg 'Bad warm archive signed by' 'Joe Sixpack'
        prepare "${PKGFILE}-new"
        signreleasefiles 'Joe Sixpack'
-       find aptarchive/ -name "$DELETEFILE" -delete
        successfulaptgetupdate
        testsuccessequal "$(cat "${PKGFILE}-new")
 " aptcache show apt
@@ -199,7 +190,6 @@ runtest() {
        prepare "${PKGFILE}"
        rm -rf rootdir/var/lib/apt/lists
        signreleasefiles 'Joe Sixpack'
-       find aptarchive/ -name "$DELETEFILE" -delete
        successfulaptgetupdate
        testsuccessequal "$(cat "${PKGFILE}")
 " aptcache show apt
@@ -208,7 +198,6 @@ runtest() {
        msgmsg 'Good warm archive signed by' 'Marvin Paranoid'
        prepare "${PKGFILE}-new"
        signreleasefiles 'Marvin Paranoid'
-       find aptarchive/ -name "$DELETEFILE" -delete
        updatewithwarnings '^W: .* NO_PUBKEY'
        testsuccessequal "$(cat "${PKGFILE}")
 " aptcache show apt
@@ -218,7 +207,6 @@ runtest() {
        prepare "${PKGFILE}-new"
        cp keys/rexexpired.pub rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg
        signreleasefiles 'Rex Expired'
-       find aptarchive/ -name "$DELETEFILE" -delete
        updatewithwarnings '^W: .* EXPKEYSIG'
        testsuccessequal "$(cat "${PKGFILE}")
 " aptcache show apt
@@ -228,7 +216,6 @@ runtest() {
        msgmsg 'Good warm archive signed by' 'Joe Sixpack'
        prepare "${PKGFILE}-new"
        signreleasefiles
-       find aptarchive/ -name "$DELETEFILE" -delete
        successfulaptgetupdate
        testsuccessequal "$(cat "${PKGFILE}-new")
 " aptcache show apt
@@ -238,7 +225,6 @@ runtest() {
        prepare "${PKGFILE}"
        rm -rf rootdir/var/lib/apt/lists
        signreleasefiles 'Marvin Paranoid'
-       find aptarchive/ -name "$DELETEFILE" -delete
        local MARVIN="$(readlink -f keys/marvinparanoid.pub)"
        sed -i "s#^\(deb\(-src\)\?\) #\1 [signed-by=$MARVIN] #" rootdir/etc/apt/sources.list.d/*
        successfulaptgetupdate
@@ -249,7 +235,6 @@ runtest() {
        msgmsg 'Cold archive signed by bad keyring' 'Joe Sixpack'
        rm -rf rootdir/var/lib/apt/lists
        signreleasefiles 'Joe Sixpack'
-       find aptarchive/ -name "$DELETEFILE" -delete
        updatewithwarnings '^W: .* NO_PUBKEY'
        sed -i "s#^\(deb\(-src\)\?\) \[signed-by=$MARVIN\] #\1 #" rootdir/etc/apt/sources.list.d/*
 
@@ -257,14 +242,12 @@ runtest() {
        msgmsg 'Cold archive signed by bad keyid' 'Joe Sixpack'
        rm -rf rootdir/var/lib/apt/lists
        signreleasefiles 'Joe Sixpack'
-       find aptarchive/ -name "$DELETEFILE" -delete
        sed -i "s#^\(deb\(-src\)\?\) #\1 [signed-by=$MARVIN] #" rootdir/etc/apt/sources.list.d/*
        updatewithwarnings '^W: .* be verified because the public key is not available: .*'
 
        msgmsg 'Cold archive signed by good keyid' 'Marvin Paranoid'
        rm -rf rootdir/var/lib/apt/lists
        signreleasefiles 'Marvin Paranoid'
-       find aptarchive/ -name "$DELETEFILE" -delete
        cp keys/marvinparanoid.pub rootdir/etc/apt/trusted.gpg.d/marvinparanoid.gpg
        successfulaptgetupdate
        testsuccessequal "$(cat "${PKGFILE}")
@@ -274,7 +257,6 @@ runtest() {
        msgmsg 'Cold archive signed by good keyid' 'Marvin Paranoid,Joe Sixpack'
        rm -rf rootdir/var/lib/apt/lists
        signreleasefiles 'Marvin Paranoid,Joe Sixpack'
-       find aptarchive/ -name "$DELETEFILE" -delete
        successfulaptgetupdate 'NoPubKey: GOODSIG'
        testsuccessequal "$(cat "${PKGFILE}")
 " aptcache show apt
@@ -284,7 +266,6 @@ runtest() {
        msgmsg 'Cold archive signed by good keyids' 'Joe Sixpack'
        rm -rf rootdir/var/lib/apt/lists
        signreleasefiles 'Joe Sixpack'
-       find aptarchive/ -name "$DELETEFILE" -delete
        sed -i "s#^\(deb\(-src\)\?\) \[signed-by=$MARVIN\] #\1 [signed-by=${SIXPACK},${MARVIN}] #" rootdir/etc/apt/sources.list.d/*
        successfulaptgetupdate
        testsuccessequal "$(cat "${PKGFILE}")
@@ -306,7 +287,6 @@ runtest() {
        cp -a rootdir/var/lib/apt/lists rootdir/var/lib/apt/lists-bak
        prepare "${PKGFILE}-new"
        signreleasefiles 'Joe Sixpack'
-       find aptarchive/ -name "$DELETEFILE" -delete
 
        msgmsg 'Warm archive with signed-by' 'Joe Sixpack'
        sed -i "/^Valid-Until: / a\
@@ -364,8 +344,7 @@ runtest2() {
        # package verification.
        msgmsg 'Warm archive signed by' 'nobody'
        prepare "${PKGFILE}-new"
-       find aptarchive/ -name InRelease -delete
-       find aptarchive/ -name Release.gpg -delete
+       find aptarchive/ \( -name InRelease -o -name Release.gpg \) -delete
        updatewithwarnings 'W: .* no longer signed.'
        testsuccessequal "$(cat "${PKGFILE}-new")
 " aptcache show apt
@@ -386,8 +365,10 @@ runtest3() {
        runtest2
 
        for DELETEFILE in 'InRelease' 'Release.gpg'; do
+               export APT_DONT_SIGN="$DELETEFILE"
                msgmsg "Running test with deletion of $DELETEFILE and $1 digest"
-               runtest "$DELETEFILE"
+               runtest
+               unset APT_DONT_SIGN
        done
 }
 
@@ -422,11 +403,11 @@ msgmsg "Running test with apt-untrusted digest"
 echo "APT::Hashes::$APT_TESTS_DIGEST_ALGO::Untrusted \"yes\";" > rootdir/etc/apt/apt.conf.d/truststate
 runfailure() {
        for DELETEFILE in 'InRelease' 'Release.gpg'; do
+               export APT_DONT_SIGN="$DELETEFILE"
                msgmsg 'Cold archive signed by' 'Joe Sixpack'
                prepare "${PKGFILE}"
                rm -rf rootdir/var/lib/apt/lists
                signreleasefiles 'Joe Sixpack'
-               find aptarchive/ -name "$DELETEFILE" -delete
                testfailure aptget update --no-allow-insecure-repositories -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1
                testsuccess grep 'The following signatures were invalid' rootdir/tmp/testfailure.output
                testnopackage 'apt'
@@ -437,13 +418,13 @@ runfailure() {
                prepare "${PKGFILE}"
                rm -rf rootdir/var/lib/apt/lists
                signreleasefiles 'Marvin Paranoid'
-               find aptarchive/ -name "$DELETEFILE" -delete
                testfailure aptget update --no-allow-insecure-repositories -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1
                testnopackage 'apt'
                updatewithwarnings '^W: .* NO_PUBKEY'
                testsuccessequal "$(cat "${PKGFILE}")
 " aptcache show apt
                failaptold
+               unset APT_DONT_SIGN
        done
 }
 runfailure

diff --git a/test/integration/test-ubuntu-bug-784473-InRelease-one-message-only b/test/integration/test-ubuntu-bug-784473-InRelease-one-message-only
index 21d7129aeba5ef93c0f94f3e005c0b02618337d5..fe42ba83de2c4789bc75e71e30c1cb0e3cfd553a 100755 (executable)
--- a/test/integration/test-ubuntu-bug-784473-InRelease-one-message-only
+++ b/test/integration/test-ubuntu-bug-784473-InRelease-one-message-only
@@ -8,11 +8,9 @@ configarchitecture 'i386'
 
 insertpackage 'unstable' 'apt' 'i386' '0.8.11'
 
-setupaptarchive
+export APT_DONT_SIGN='Release.gpg'
+setupaptarchive --no-update
 
-rm -rf rootdir/var/lib/apt/lists
-
-find aptarchive/ -name 'Release.gpg' -delete
 find aptarchive/ -name 'InRelease' -exec cp {} {}.old \;
 
 for RELEASE in $(find aptarchive/ -name 'InRelease'); do