summaryrefslogtreecommitdiff
path: root/test/integration/test-cve-2013-1051-InRelease-parsing
diff options
context:
space:
mode:
authorMichael Vogt <mvo@debian.org>2015-06-23 12:17:35 +0100
committerMichael Vogt <mvo@debian.org>2015-06-23 12:17:35 +0100
commit245dde96193702f7f51389d3583dee547f8ba366 (patch)
tree6cf8c191641c760bcc6a6c08fb0ff65d27e0cffd /test/integration/test-cve-2013-1051-InRelease-parsing
parent5530255b5f3ad7de2e23dfcb39ce325001126501 (diff)
parentc8a4ce6cbed57ae108dc955d4a850f9b129a0693 (diff)
Merge remote-tracking branch 'donkult/debian/experimental' into debian/experimental
Diffstat (limited to 'test/integration/test-cve-2013-1051-InRelease-parsing')
-rwxr-xr-xtest/integration/test-cve-2013-1051-InRelease-parsing23
1 files changed, 14 insertions, 9 deletions
diff --git a/test/integration/test-cve-2013-1051-InRelease-parsing b/test/integration/test-cve-2013-1051-InRelease-parsing
index 8f9803991..933cbbd92 100755
--- a/test/integration/test-cve-2013-1051-InRelease-parsing
+++ b/test/integration/test-cve-2013-1051-InRelease-parsing
@@ -12,12 +12,12 @@ insertpackage 'stable' 'good-pkg' 'all' '1.0'
setupaptarchive
changetowebserver
-ARCHIVE='http://localhost:8080/'
+ARCHIVE='http://localhost:8080'
msgtest 'Initial apt-get update should work with' 'InRelease'
testsuccess --nomsg aptget update
# check that the setup is correct
-testequal "good-pkg:
+testsuccessequal "good-pkg:
Installed: (none)
Candidate: 1.0
Version table:
@@ -39,21 +39,26 @@ sed -i '/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ s/^$/ /
cat aptarchive/dists/stable/Release >> aptarchive/dists/stable/InRelease
touch -d '+1hour' aptarchive/dists/stable/InRelease
-# ensure the update fails
-# useful for debugging to add "-o Debug::pkgAcquire::auth=true"
-msgtest 'apt-get update for should fail with the modified' 'InRelease'
-aptget update 2>&1 | grep -E -q '(Writing more data than expected|Hash Sum mismatch)' > /dev/null && msgpass || msgfail
+# ensure the update doesn't load bad data as good data
+# Note that we will pick up the InRelease itself as we download no other
+# indexes which would trigger a hashsum mismatch, but we ignore the 'bad'
+# part of the InRelease
+listcurrentlistsdirectory | sed '/_InRelease/ d' > listsdir.lst
+msgtest 'apt-get update should ignore unsigned data in the' 'InRelease'
+testsuccessequal "Get:1 http://localhost:8080 stable InRelease [$(stat -c%s aptarchive/dists/stable/InRelease) B]
+Reading package lists..." --nomsg aptget update
+testfileequal './listsdir.lst' "$(listcurrentlistsdirectory | sed '/_InRelease/ d')"
# ensure there is no package
-testequal 'Reading package lists...
+testfailureequal 'Reading package lists...
Building dependency tree...
E: Unable to locate package bad-mitm' aptget install bad-mitm -s
# and verify that its not picked up
-testequal 'N: Unable to locate package bad-mitm' aptcache policy bad-mitm -q=0
+testsuccessequal 'N: Unable to locate package bad-mitm' aptcache policy bad-mitm -q=0
# and that the right one is used
-testequal "good-pkg:
+testsuccessequal "good-pkg:
Installed: (none)
Candidate: 1.0
Version table: