summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Kalnischkies <david@kalnischkies.de>2015-09-01 13:58:00 +0200
committerDavid Kalnischkies <david@kalnischkies.de>2015-09-01 14:19:44 +0200
commit63d609985eb7eefa5f2332bfe4fab96f017760a1 (patch)
treead38d0beb698f3bb35bfcedc145c1f7f85a38989
parent55ae7a516126f9f064d8353bf962256b7307590a (diff)
use unusable-for-security hashes for integrity checks
We want to declare some hashes as not enough for security, so that a user will need --allow-unauthenticated or similar to get data secured only by those hashes, but we can still us these hashes for integrity checks if we got them.
-rw-r--r--apt-pkg/acquire-worker.cc6
-rw-r--r--apt-pkg/contrib/hashes.cc1
-rwxr-xr-xtest/integration/test-apt-helper34
-rwxr-xr-xtest/integration/test-ubuntu-bug-1098738-apt-get-source-md5sum56
-rw-r--r--test/libapt/hashsums_test.cc14
5 files changed, 85 insertions, 26 deletions
diff --git a/apt-pkg/acquire-worker.cc b/apt-pkg/acquire-worker.cc
index 176772dde..889768030 100644
--- a/apt-pkg/acquire-worker.cc
+++ b/apt-pkg/acquire-worker.cc
@@ -407,7 +407,13 @@ bool pkgAcquire::Worker::RunMessages()
else if (Owner->HashesRequired() == true)
consideredOkay = false;
else
+ {
consideredOkay = true;
+ // even if the hashes aren't usable to declare something secure
+ // we can at least use them to declare it an integrity failure
+ if (ExpectedHashes.empty() == false && ReceivedHashes != ExpectedHashes && _config->Find("Acquire::ForceHash").empty())
+ consideredOkay = false;
+ }
if (consideredOkay == true)
consideredOkay = Owner->VerifyDone(Message, Config);
diff --git a/apt-pkg/contrib/hashes.cc b/apt-pkg/contrib/hashes.cc
index 41a0037cd..5c0023dc7 100644
--- a/apt-pkg/contrib/hashes.cc
+++ b/apt-pkg/contrib/hashes.cc
@@ -136,6 +136,7 @@ APT_PURE bool HashString::usable() const /*{{{*/
(Type != "MD5Sum")
);
}
+ /*}}}*/
std::string HashString::toStr() const /*{{{*/
{
return Type + ":" + Hash;
diff --git a/test/integration/test-apt-helper b/test/integration/test-apt-helper
index a303e944e..d6c8385af 100755
--- a/test/integration/test-apt-helper
+++ b/test/integration/test-apt-helper
@@ -13,29 +13,45 @@ test_apt_helper_download() {
echo 'foo' > aptarchive/foo
echo 'bar' > aptarchive/foo2
- msgtest 'apt-file download-file sha1'
+ msgtest 'apt-file download-file' 'md5sum'
+ testsuccess --nomsg apthelper download-file http://localhost:8080/foo ./downloaded/foo2 MD5Sum:d3b07384d113edec49eaa6238ad5ff00
+ testfileequal ./downloaded/foo2 'foo'
+
+ msgtest 'apt-file download-file' 'sha1'
testsuccess --nomsg apthelper download-file http://localhost:8080/foo ./downloaded/foo1 SHA1:f1d2d2f924e986ac86fdf7b36c94bcdf32beec15
testfileequal ./downloaded/foo1 'foo'
- msgtest 'apt-file download-file sha256'
+ msgtest 'apt-file download-file' 'sha256'
testsuccess --nomsg apthelper download-file http://localhost:8080/foo ./downloaded/foo3 SHA256:b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c
testfileequal ./downloaded/foo3 'foo'
- msgtest 'apt-file download-file no-hash'
+ msgtest 'apt-file download-file' 'no-hash'
testsuccess --nomsg apthelper download-file http://localhost:8080/foo ./downloaded/foo4
testfileequal ./downloaded/foo4 'foo'
-
- msgtest 'apt-file download-file wrong hash'
- testfailure --nomsg apthelper -qq download-file http://localhost:8080/foo ./downloaded/foo5 SHA256:aabbcc
+
+ msgtest 'apt-file download-file' 'wrong md5sum'
+ testfailure --nomsg apthelper -qq download-file http://localhost:8080/foo ./downloaded/foo5 MD5Sum:aabbcc
testfileequal rootdir/tmp/testfailure.output 'E: Failed to fetch http://localhost:8080/foo Hash Sum mismatch
E: Download Failed'
testfileequal ./downloaded/foo5.FAILED 'foo'
- msgtest 'apt-file download-file sha256 sha1'
- testsuccess --nomsg apthelper download-file http://localhost:8080/foo ./downloaded/foo6 SHA256:b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c http://localhost:8080/foo2 ./downloaded/foo7 SHA1:e242ed3bffccdf271b7fbaf34ed72d089537b42f
- testfileequal ./downloaded/foo6 'foo'
+ msgtest 'apt-file download-file' 'wrong sha256'
+ testfailure --nomsg apthelper -qq download-file http://localhost:8080/foo ./downloaded/foo6 SHA256:aabbcc
+ testfileequal rootdir/tmp/testfailure.output 'E: Failed to fetch http://localhost:8080/foo Hash Sum mismatch
+
+E: Download Failed'
+ testfileequal ./downloaded/foo6.FAILED 'foo'
+
+ msgtest 'apt-file download-file' 'sha256 sha1'
+ testsuccess --nomsg apthelper download-file http://localhost:8080/foo ./downloaded/foo8 SHA256:b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c http://localhost:8080/foo2 ./downloaded/foo7 SHA1:e242ed3bffccdf271b7fbaf34ed72d089537b42f
+ testfileequal ./downloaded/foo8 'foo'
testfileequal ./downloaded/foo7 'bar'
+
+ msgtest 'apt-file download-file' 'md5sum sha1'
+ testsuccess --nomsg apthelper download-file http://localhost:8080/foo ./downloaded/foo9 MD5Sum:d3b07384d113edec49eaa6238ad5ff00 http://localhost:8080/foo2 ./downloaded/foo10 SHA1:e242ed3bffccdf271b7fbaf34ed72d089537b42f
+ testfileequal ./downloaded/foo9 'foo'
+ testfileequal ./downloaded/foo10 'bar'
}
test_apt_helper_detect_proxy() {
diff --git a/test/integration/test-ubuntu-bug-1098738-apt-get-source-md5sum b/test/integration/test-ubuntu-bug-1098738-apt-get-source-md5sum
index 26b1393b7..f286f5650 100755
--- a/test/integration/test-ubuntu-bug-1098738-apt-get-source-md5sum
+++ b/test/integration/test-ubuntu-bug-1098738-apt-get-source-md5sum
@@ -1,8 +1,4 @@
#!/bin/sh
-#
-# FIXME: this test is mostly meaningless now as we do not consider
-# md5sum sufficient anyway. useful to test that it errors
-# if not all hashes pass
set -e
TESTDIR=$(readlink -f $(dirname $0))
@@ -51,6 +47,15 @@ Checksums-Sha256:
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 3 pkg-sha256-bad_1.0.dsc
bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 3 pkg-sha256-bad_1.0.tar.gz
+Package: pkg-md5-bad
+Binary: pkg-md5-bad
+Version: 1.0
+Maintainer: Joe Sixpack <joe@example.org>
+Architecture: all
+Files:
+ aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 3 pkg-md5-bad_1.0.dsc
+ bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 3 pkg-md5-bad_1.0.tar.gz
+
Package: pkg-no-md5
Binary: pkg-no-md5
Version: 1.0
@@ -136,12 +141,13 @@ EOF
# create fetchable files
for x in 'pkg-md5-ok' 'pkg-sha256-ok' 'pkg-sha256-bad' 'pkg-no-md5' \
'pkg-mixed-ok' 'pkg-mixed-sha1-bad' 'pkg-mixed-sha2-bad' \
- 'pkg-md5-agree' 'pkg-md5-disagree' 'pkg-sha256-disagree'; do
+ 'pkg-md5-agree' 'pkg-md5-disagree' 'pkg-sha256-disagree' \
+ 'pkg-md5-bad'; do
echo -n 'dsc' > aptarchive/${x}_1.0.dsc
echo -n 'tar' > aptarchive/${x}_1.0.tar.gz
done
-setupaptarchive
+setupaptarchive --no-update
changetowebserver
testsuccess aptget update
@@ -174,6 +180,19 @@ Download complete and in download only mode" aptget source -d "$@"
rm -f ${1}_1.0.dsc ${1}_1.0.tar.gz
}
+testnohash() {
+ #FIXME: Maybe we should fail in this case instead of skipping
+ rm -f ${1}_1.0.dsc ${1}_1.0.tar.gz
+ testsuccessequal "Reading package lists...
+Building dependency tree...
+Skipping download of file '${1}_1.0.dsc' as requested hashsum is not available for authentication
+Skipping download of file '${1}_1.0.tar.gz' as requested hashsum is not available for authentication
+Need to get 0 B of source archives.
+Download complete and in download only mode" aptget source -d "$@"
+ msgtest 'Files are not downloaded for' "$1"
+ testfailure --nomsg test -e ${1}_1.0.dsc -o -e ${1}_1.0.tar.gz
+}
+
testmismatch() {
rm -f ${1}_1.0.dsc ${1}_1.0.tar.gz
testfailureequal "Reading package lists...
@@ -193,15 +212,17 @@ E: Failed to fetch some archives." aptget source -d "$@"
msgtest 'Files were not download as they have hashsum mismatches for' "$1"
testfailure --nomsg test -e ${1}_1.0.dsc -a -e ${1}_1.0.tar.gz
- rm -f ${1}_1.0.dsc ${1}_1.0.tar.gz
- testsuccessequal "Reading package lists...
+ if [ "$2" != '--allow-unauthenticated' ]; then
+ rm -f ${1}_1.0.dsc ${1}_1.0.tar.gz
+ testsuccessequal "Reading package lists...
Building dependency tree...
-Skipping download of file 'pkg-sha256-bad_1.0.dsc' as requested hashsum is not available for authentication
-Skipping download of file 'pkg-sha256-bad_1.0.tar.gz' as requested hashsum is not available for authentication
+Skipping download of file '${1}_1.0.dsc' as requested hashsum is not available for authentication
+Skipping download of file '${1}_1.0.tar.gz' as requested hashsum is not available for authentication
Need to get 0 B of source archives.
Download complete and in download only mode" aptget source -d "$@" -o Acquire::ForceHash=ROT26
- msgtest 'Files were not download as hash is unavailable for' "$1"
- testfailure --nomsg test -e ${1}_1.0.dsc -a -e ${1}_1.0.tar.gz
+ msgtest 'Files were not download as hash is unavailable for' "$1"
+ testfailure --nomsg test -e ${1}_1.0.dsc -a -e ${1}_1.0.tar.gz
+ fi
rm -f ${1}_1.0.dsc ${1}_1.0.tar.gz
testsuccessequal "Reading package lists...
@@ -214,8 +235,7 @@ Download complete and in download only mode" aptget source --allow-unauthenticat
testsuccess --nomsg test -e ${1}_1.0.dsc -a -e ${1}_1.0.tar.gz
}
-#testok pkg-md5-ok
-#testkeep pkg-md5-ok
+testnohash pkg-md5-ok
testok pkg-sha256-ok
testkeep pkg-sha256-ok
@@ -223,11 +243,13 @@ testkeep pkg-sha256-ok
# checking the best available hash (as it should), this will trigger
# a hash mismatch.
testmismatch pkg-sha256-bad
-testmismatch pkg-sha256-bad
testok pkg-sha256-bad -o Acquire::ForceHash=MD5Sum
+testnohash pkg-md5-bad
+testmismatch pkg-md5-bad --allow-unauthenticated
+
# not having MD5 sum doesn't mean the file doesn't exist at all …
-#testok pkg-no-md5
+testok pkg-no-md5
testok pkg-no-md5 -o Acquire::ForceHash=SHA256
testsuccessequal "Reading package lists...
Building dependency tree...
@@ -267,7 +289,7 @@ msgtest 'Only dsc file is downloaded as the tar has hashsum mismatch' 'pkg-mixed
testsuccess --nomsg test -e pkg-mixed-sha2-bad_1.0.dsc -a ! -e pkg-mixed-sha2-bad_1.0.tar.gz
# it gets even more pathologic: multiple entries for one file, some even disagreeing!
-#testok pkg-md5-agree
+testnohash pkg-md5-agree
testfailureequal 'Reading package lists...
Building dependency tree...
E: Error parsing checksum in Files of source package pkg-md5-disagree' aptget source -d pkg-md5-disagree
diff --git a/test/libapt/hashsums_test.cc b/test/libapt/hashsums_test.cc
index 63c63ecd3..033493f84 100644
--- a/test/libapt/hashsums_test.cc
+++ b/test/libapt/hashsums_test.cc
@@ -306,6 +306,8 @@ TEST(HashSumsTest, HashStringList)
EXPECT_EQ(NULL, list.find(NULL));
EXPECT_EQ(NULL, list.find(""));
EXPECT_EQ(NULL, list.find("MD5Sum"));
+ EXPECT_EQ(NULL, list.find("ROT26"));
+ EXPECT_EQ(NULL, list.find("SHA1"));
EXPECT_EQ(0, list.FileSize());
// empty lists aren't equal
@@ -319,6 +321,18 @@ TEST(HashSumsTest, HashStringList)
EXPECT_FALSE(list.usable());
EXPECT_EQ(1, list.size());
EXPECT_EQ(29, list.FileSize());
+ list.push_back(HashString("MD5Sum", "d41d8cd98f00b204e9800998ecf8427e"));
+ EXPECT_FALSE(list.empty());
+ EXPECT_FALSE(list.usable());
+ EXPECT_EQ(2, list.size());
+ EXPECT_EQ(29, list.FileSize());
+ EXPECT_TRUE(NULL != list.find("MD5Sum"));
+ list.push_back(HashString("SHA1", "cacecbd74968bc90ea3342767e6b94f46ddbcafc"));
+ EXPECT_TRUE(list.usable());
+ EXPECT_EQ(3, list.size());
+ EXPECT_EQ(29, list.FileSize());
+ EXPECT_TRUE(NULL != list.find("MD5Sum"));
+ EXPECT_TRUE(NULL != list.find("SHA1"));
Hashes hashes;
hashes.Add("The quick brown fox jumps over the lazy dog");