summaryrefslogtreecommitdiff
path: root/test/integration/test-apt-key-net-update
diff options
context:
space:
mode:
authorMichael Vogt <mvo@debian.org>2014-01-04 11:15:28 +0100
committerMichael Vogt <mvo@debian.org>2014-01-04 11:15:28 +0100
commitc93d14fc05b50a8ee8bb7804579c2912f34c676b (patch)
tree1f45c51bd8d3ab33de2610f1663b3ec8e5f49c02 /test/integration/test-apt-key-net-update
parente2fa0aa64d2249129543f82a213043d96469be1c (diff)
parent23bd09778261c945b460b46d855b1a6ef998cfd8 (diff)
Merge branch 'debian/sid' into feature/source-deb822
Diffstat (limited to 'test/integration/test-apt-key-net-update')
-rwxr-xr-xtest/integration/test-apt-key-net-update104
1 files changed, 26 insertions, 78 deletions
diff --git a/test/integration/test-apt-key-net-update b/test/integration/test-apt-key-net-update
index d5205836f..4b38cd9b5 100755
--- a/test/integration/test-apt-key-net-update
+++ b/test/integration/test-apt-key-net-update
@@ -6,90 +6,38 @@ TESTDIR=$(readlink -f $(dirname $0))
setupenvironment
configarchitecture "i386"
+changetowebserver
-# mock
-requires_root() {
- return 0
-}
+# setup env
+mkdir -p var/lib/apt/keyrings
+mkdir -p usr/share/keyrings
-# extract net_update() and import it
-func=$( sed -n -e '/^add_keys_with_verify_against_master_keyring/,/^}/p' ${BUILDDIRECTORY}/apt-key )
-eval "$func"
+# install the fake master keyring
+install -m0644 keys/test-master-keyring.pub usr/share/keyrings
+echo "APT::Key::MasterKeyring \"${TMPWORKINGDIRECTORY}/usr/share/keyrings/test-master-keyring.pub\";" >> ./aptconfig.conf
-mkdir -p ./etc/apt
-TRUSTEDFILE=./etc/apt/trusted.gpg
-mkdir -p ./var/lib/apt/keyrings
-TMP_KEYRING=./var/lib/apt/keyrings/maybe-import-keyring.gpg
-GPG_CMD="gpg --ignore-time-conflict --no-options --no-default-keyring"
-GPG="$GPG_CMD --keyring $TRUSTEDFILE"
-MASTER_KEYRING=/usr/share/keyrings/ubuntu-master-keyring.gpg
+# setup archive-keyring
+mkdir -p aptarchive/ubuntu/project
+install -m0644 keys/test-archive-keyring.pub aptarchive/ubuntu/project/
+echo 'APT::Key::ArchiveKeyringURI "http://localhost:8080/ubuntu/project/test-archive-keyring.pub";' >> ./aptconfig.conf
+echo 'APT::Key::Net-Update-Enabled "1";' >> ./aptconfig.conf
+# test against the "real" webserver
+testequal 'Checking for new archive signing keys now
+gpg: key F68C85A3: public key "Test Automatic Archive Signing Key <ftpmaster@example.com>" imported
+gpg: Total number processed: 1
+gpg: imported: 1 (RSA: 1)' aptkey --fakeroot net-update
-msgtest "add_keys_with_verify_against_master_keyring"
-if [ ! -e $MASTER_KEYRING ]; then
- echo -n "No $MASTER_KEYRING found"
- msgskip
- exit 0
-fi
-# test bad keyring and ensure its not added (LP: #857472)
-ADD_KEYRING=./keys/exploid-keyring-with-dupe-keys.pub
-if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then
- msgfail
-else
- msgpass
-fi
+# now try a different one
+# setup archive-keyring
+mkdir -p aptarchive/ubuntu/project
+install -m0644 keys/marvinparanoid.pub aptarchive/ubuntu/project/
+echo 'APT::Key::ArchiveKeyringURI "http://localhost:8080/ubuntu/project/marvinparanoid.pub";' >> ./aptconfig.conf
+echo 'APT::Key::Net-Update-Enabled "1";' >> ./aptconfig.conf
-# ensure the keyring is still empty
-gpg_out=$($GPG --list-keys)
-msgtest "Test if keyring is empty"
-if [ -n "" ]; then
- msgfail
-else
- msgpass
-fi
+# test against the "real" webserver
+testequal "Checking for new archive signing keys now
+Key 'E8525D47528144E2' not added. It is not signed with a master key" aptkey --fakeroot net-update
-# test another possible attack vector using subkeys (LP: #1013128)
-msgtest "add_keys_with_verify_against_master_keyring with subkey attack"
-ADD_KEYRING=./keys/exploid-keyring-with-dupe-subkeys.pub
-if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then
- msgfail
-else
- msgpass
-fi
-
-# ensure the keyring is still empty
-gpg_out=$($GPG --list-keys)
-msgtest "Test if keyring is empty"
-if [ -n "" ]; then
- msgfail
-else
- msgpass
-fi
-
-
-# test good keyring and ensure we get no errors
-ADD_KEYRING=/usr/share/keyrings/ubuntu-archive-keyring.gpg
-if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then
- msgpass
-else
- msgfail
-fi
-
-testequal './etc/apt/trusted.gpg
----------------------
-pub 1024D/437D05B5 2004-09-12
-uid Ubuntu Archive Automatic Signing Key <ftpmaster@ubuntu.com>
-sub 2048g/79164387 2004-09-12
-
-pub 1024D/FBB75451 2004-12-30
-uid Ubuntu CD Image Automatic Signing Key <cdimage@ubuntu.com>
-
-pub 4096R/C0B21F32 2012-05-11
-uid Ubuntu Archive Automatic Signing Key (2012) <ftpmaster@ubuntu.com>
-
-pub 4096R/EFE21092 2012-05-11
-uid Ubuntu CD Image Automatic Signing Key (2012) <cdimage@ubuntu.com>
-' $GPG --list-keys
-