diff options
| author | David Kalnischkies <david@kalnischkies.de> | 2015-06-06 12:28:00 +0200 |
|---|---|---|
| committer | David Kalnischkies <david@kalnischkies.de> | 2015-06-09 12:57:35 +0200 |
| commit | 448c38bdcd72b52f11ec5f326f822cf57653f81c (patch) | |
| tree | 98f26e9d477e720c3448773f398e6b13e0e431c7 /test/integration/test-apt-update-not-modified | |
| parent | 58702f8563a443a7c6e66253b259c2488b877290 (diff) | |
rework hashsum verification in the acquire system
Having every item having its own code to verify the file(s) it handles
is an errorprune process and easy to break, especially if items move
through various stages (download, uncompress, patching, …). With a giant
rework we centralize (most of) the verification to have a better
enforcement rate and (hopefully) less chance for bugs, but it breaks the
ABI bigtime in exchange – and as we break it anyway, it is broken even
harder.
It shouldn't effect most frontends as they don't deal with the acquire
system at all or implement their own items, but some do and will need to
be patched (might be an opportunity to use apt on-board material).
The theory is simple: Items implement methods to decide if hashes need to
be checked (in this stage) and to return the expected hashes for this
item (in this stage). The verification itself is done in worker message
passing which has the benefit that a hashsum error is now a proper error
for the acquire system rather than a Done() which is later revised to a
Failed().
Diffstat (limited to 'test/integration/test-apt-update-not-modified')
| -rwxr-xr-x | test/integration/test-apt-update-not-modified | 30 |
1 files changed, 28 insertions, 2 deletions
diff --git a/test/integration/test-apt-update-not-modified b/test/integration/test-apt-update-not-modified index bac33d531..a490f00de 100755 --- a/test/integration/test-apt-update-not-modified +++ b/test/integration/test-apt-update-not-modified @@ -43,7 +43,9 @@ Version: 1 EOF compressfile aptarchive/dists/unstable/main/binary-amd64/Packages testfailureequal "Hit $1 unstable InRelease -Get:1 $1 unstable/main amd64 Packages [$(stat -c '%s' 'aptarchive/dists.good/unstable/main/binary-amd64/Packages.gz') B] +Get:1 $1 unstable/main amd64 Packages [$(stat -c '%s' 'aptarchive/dists/unstable/main/binary-amd64/Packages.gz') B] +Err $1 unstable/main amd64 Packages + Hash Sum mismatch W: Failed to fetch $1/dists/unstable/main/binary-amd64/Packages.gz Hash Sum mismatch E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update @@ -87,8 +89,32 @@ Hit $1 unstable Release Reading package lists..." aptget update testfileequal 'listsdir-without-amd64.lst' "$(listcurrentlistsdirectory)" - # readd arch so its downloaded again + # readd arch so its downloaded again… configarchitecture 'amd64' 'i386' + # … but oh noes, hashsum mismatch! + find aptarchive/dists/unstable/main/binary-amd64/ -type f -delete + cat >> aptarchive/dists/unstable/main/binary-amd64/Packages <<EOF + +Package: thisisbad +Architecture: amd64 +Version: 1 +EOF + compressfile aptarchive/dists/unstable/main/binary-amd64/Packages + testfailureequal "Ign $1 unstable InRelease + 404 Not Found +Hit $1 unstable Release +Get:1 $1 unstable/main amd64 Packages [$(stat -c '%s' 'aptarchive/dists/unstable/main/binary-amd64/Packages.gz') B] +Err $1 unstable/main amd64 Packages + Hash Sum mismatch +W: Failed to fetch $1/dists/unstable/main/binary-amd64/Packages.gz Hash Sum mismatch + +E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update + testfileequal 'listsdir-without-amd64.lst' "$(listcurrentlistsdirectory)" + rm -rf aptarchive/dists + cp -a aptarchive/dists.good aptarchive/dists + find aptarchive/dists -name 'InRelease' -delete + + # … now everything is fine again testsuccessequal "Ign $1 unstable InRelease 404 Not Found Hit $1 unstable Release |