diff options
| author | Michael Vogt <mvo@ubuntu.com> | 2014-10-01 12:21:55 +0200 |
|---|---|---|
| committer | Michael Vogt <mvo@ubuntu.com> | 2014-10-01 13:05:26 +0200 |
| commit | c99fe2e169243fc6e1a3278ce3768f0f521e260b (patch) | |
| tree | 8b9c5141f4e90a02a1b342692b217c3567684a1d /test/integration/test-apt-update-nofallback | |
| parent | 8d266656767f6c7c3946700c7052d0b8b6212742 (diff) | |
Use Acquire::Allow{InsecureRepositories,DowngradeToInsecureRepositories}
The configuration key Acquire::AllowInsecureRepositories controls if
apt allows loading of unsigned repositories at all.
The configuration Acquire::AllowDowngradeToInsecureRepositories
controls if a signed repository can ever become unsigned. This
should really never be needed but we provide it to avoid having
to mess around in /var/lib/apt/lists if there is a use-case for
this (which I can't think of right now).
Diffstat (limited to 'test/integration/test-apt-update-nofallback')
| -rwxr-xr-x | test/integration/test-apt-update-nofallback | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/test/integration/test-apt-update-nofallback b/test/integration/test-apt-update-nofallback index 4e8ea9916..a53226e18 100755 --- a/test/integration/test-apt-update-nofallback +++ b/test/integration/test-apt-update-nofallback @@ -78,6 +78,25 @@ test_from_release_gpg_to_unsigned() assert_update_is_refused_and_last_good_state_used } +test_from_inrelease_to_unsigned_with_override() +{ + # setup archive with InRelease file + setupaptarchive_with_lists_clean + testsuccess aptget update + + # simulate moving to a unsigned but otherwise valid repo + simulate_mitm_and_inject_evil_package + generatereleasefiles + + # and ensure we can update to it (with enough force) + testsuccess aptget update --allow-insecure-repositories \ + -o Acquire::AllowDowngradeToInsecureRepositories=1 + # but that the individual packages are still considered untrusted + testequal "WARNING: The following packages cannot be authenticated! + evil +E: There are problems and -y was used without --force-yes" aptget install -qq -y evil +} + test_cve_2012_0214() { # see https://bugs.launchpad.net/ubuntu/+source/apt/+bug/947108 @@ -205,3 +224,7 @@ test_inrelease_to_invalid_inrelease # ensure we revert to last good state if Release/Release.gpg does not verify msgmsg "test_release_gpg_to_invalid_release_release_gpg" test_release_gpg_to_invalid_release_release_gpg + +# ensure we can ovveride the downgrade error +msgmsg "test_from_inrelease_to_unsigned" +test_from_inrelease_to_unsigned_with_override |