testcases runable as root

Running the testcases is usually not a good idea, but it can be handy to
check if the privilege dropping works.

Git-Dch: Ignore

1 files changed, 26 insertions, 5 deletions

diff --git a/test/integration/framework b/test/integration/framework
index 96b867788..a8d6bf3d0 100644
--- a/test/integration/framework
+++ b/test/integration/framework
@@ -43,7 +43,10 @@ msgtest() {
 	printf "…${CNORMAL} "
 }
 msgpass() { printf "${CPASS}PASS${CNORMAL}\n"; }
-msgskip() { printf "${CWARNING}SKIP${CNORMAL}\n" >&2; }
+msgskip() {
+	if [ $# -gt 0 ]; then printf "${CWARNING}SKIP: $*${CNORMAL}\n" >&2;
+	else printf "${CWARNING}SKIP${CNORMAL}\n" >&2; fi
+}
 msgfail() {
 	if [ $# -gt 0 ]; then printf "${CFAIL}FAIL: $*${CNORMAL}\n" >&2;
 	else printf "${CFAIL}FAIL${CNORMAL}\n" >&2; fi
@@ -170,6 +173,12 @@ setupenvironment() {
 	addtrap "cd /; rm -rf $TMPWORKINGDIRECTORY;"
 	msgninfo "Preparing environment for ${CCMD}$(basename $0)${CINFO} in ${TMPWORKINGDIRECTORY}… "
 
+	if [ "$(id -u)" = '0' ]; then
+		# relax permissions so that running as root with user switching works
+		umask 022
+		chmod o+rx "$TMPWORKINGDIRECTORY"
+	fi
+
 	TESTDIRECTORY=$(readlink -f $(dirname $0))
         # allow overriding the default BUILDDIR location
 	BUILDDIRECTORY=${APT_INTEGRATION_TESTS_BUILD_DIR:-"${TESTDIRECTORY}/../../build/bin"}
@@ -185,7 +194,7 @@ setupenvironment() {
 	mkdir rootdir aptarchive keys
 	cd rootdir
 	mkdir -p etc/apt/apt.conf.d etc/apt/sources.list.d etc/apt/trusted.gpg.d etc/apt/preferences.d
-	mkdir -p var/cache var/lib/apt var/log tmp
+	mkdir -p usr/bin var/cache var/lib/apt var/log tmp
 	mkdir -p var/lib/dpkg/info var/lib/dpkg/updates var/lib/dpkg/triggers
 	touch var/lib/dpkg/available
 	mkdir -p usr/lib/apt
@@ -221,7 +230,15 @@ setupenvironment() {
 	echo "Debug::NoLocking \"true\";" >> aptconfig.conf
 	echo "APT::Get::Show-User-Simulation-Note \"false\";" >> aptconfig.conf
 	echo "Dir::Bin::Methods \"${METHODSDIR}\";" >> aptconfig.conf
-	echo "Dir::Bin::apt-key \"${BUILDDIRECTORY}/apt-key\";" >> aptconfig.conf
+	# store apt-key were we can access it, even if we run it as a different user
+	# destroys coverage reporting though, so just do it for root for now
+	if [ "$(id -u)" = '0' ]; then
+		cp "${BUILDDIRECTORY}/apt-key" "${TMPWORKINGDIRECTORY}/rootdir/usr/bin/"
+		chmod o+rx "${TMPWORKINGDIRECTORY}/rootdir/usr/bin/apt-key"
+		echo "Dir::Bin::apt-key \"${TMPWORKINGDIRECTORY}/rootdir/usr/bin/apt-key\";" >> aptconfig.conf
+	else
+		echo "Dir::Bin::apt-key \"${BUILDDIRECTORY}/apt-key\";" >> aptconfig.conf
+	fi
 	echo "Dir::Bin::dpkg \"fakeroot\";" >> aptconfig.conf
 	echo "DPKG::options:: \"dpkg\";" >> aptconfig.conf
 	echo "DPKG::options:: \"--root=${TMPWORKINGDIRECTORY}/rootdir\";" >> aptconfig.conf
@@ -239,7 +256,11 @@ setupenvironment() {
 	# hide this as we can't really deal with it properly
 	echo 'Acquire::Failure::ShowIP "false";' >> aptconfig.conf
 
-	echo "Acquire::https::CaInfo \"${TESTDIR}/apt.pem\";" > rootdir/etc/apt/apt.conf.d/99https
+	cp "${TESTDIRECTORY}/apt.pem" "${TMPWORKINGDIRECTORY}/rootdir/etc/webserver.pem"
+	if [ "$(id -u)" = '0' ]; then
+		chown _apt:root "${TMPWORKINGDIRECTORY}/rootdir/etc/webserver.pem"
+	fi
+	echo "Acquire::https::CaInfo \"${TMPWORKINGDIRECTORY}/rootdir/etc/webserver.pem\";" > rootdir/etc/apt/apt.conf.d/99https
 	echo "Apt::Cmd::Disable-Script-Warning \"1\";" > rootdir/etc/apt/apt.conf.d/apt-binary
 	configcompression '.' 'gz' #'bz2' 'lzma' 'xz'
 
@@ -977,7 +998,7 @@ changetohttpswebserver() {
 		changetowebserver --no-rewrite "$@"
 	fi
 	echo "pid = ${TMPWORKINGDIRECTORY}/aptarchive/stunnel.pid
-cert = ${TESTDIRECTORY}/apt.pem
+cert = ${TMPWORKINGDIRECTORY}/rootdir/etc/webserver.pem
 output = /dev/null
 
 [https]