diff options
| author | Julian Andres Klode <julian.klode@canonical.com> | 2018-01-29 16:15:41 +0100 |
|---|---|---|
| committer | Julian Andres Klode <julian.klode@canonical.com> | 2018-02-19 16:05:01 +0100 |
| commit | 9e5899cac1a6367e3769af52a724821880e538f6 (patch) | |
| tree | 4c7add81aeb5f851ce764697b03e3778391f9cbc /test/integration/framework | |
| parent | 38d444af2632219ab399dabadaaefaa4dcdd6ebf (diff) | |
Check that Date of Release file is not in the future
By restricting the Date field to be in the past, an attacker cannot
just create a repository from the future that would be accepted as
a valid update for a repository.
This check can be disabled by Acquire::Check-Date set to false. This
will also disable Check-Valid-Until and any future date related checking,
if any - the option means: "my computers date cannot be trusted."
Modify the tests to allow repositories to be up to 10 hours in the
future, so we can keep using hours there to simulate time changes.
Diffstat (limited to 'test/integration/framework')
| -rw-r--r-- | test/integration/framework | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/test/integration/framework b/test/integration/framework index ecce46d2e..bc84de184 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -460,6 +460,8 @@ EOF echo "Apt::Cmd::Disable-Script-Warning \"1\";" > rootdir/etc/apt/apt.conf.d/apt-binary export APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=no echo 'Acquire::Connect::AddrConfig "false";' > rootdir/etc/apt/apt.conf.d/connect-addrconfig + # Allow release files to be 10 hours in the future, rather than 10 seconds + echo 'Acquire::Max-FutureTime "'$((10 * 60 * 60))'";' > rootdir/etc/apt/apt.conf.d/future-time configcompression '.' 'gz' #'bz2' 'lzma' 'xz' confighashes 'SHA256' # these are tests, not security best-practices |