Do not consider SHA1 usable

SHA1 is not reasonably secure anymore, so we should not consider it
usable anymore. The test suite is adjusted to account for this.

1 files changed, 23 insertions, 14 deletions

diff --git a/test/integration/test-ubuntu-bug-1098738-apt-get-source-md5sum b/test/integration/test-ubuntu-bug-1098738-apt-get-source-md5sum
index 015a803bc..7ac993d39 100755
--- a/test/integration/test-ubuntu-bug-1098738-apt-get-source-md5sum
+++ b/test/integration/test-ubuntu-bug-1098738-apt-get-source-md5sum
@@ -17,6 +17,15 @@ Files:
  9604ba9427a280db542279d9ed78400b 3 pkg-md5-ok_1.0.dsc
  db5570bf61464b46e2bde31ed61a7dc6 3 pkg-md5-ok_1.0.tar.gz
 
+Package: pkg-sha1-ok
+Binary: pkg-sha1-ok
+Version: 1.0
+Maintainer: Joe Sixpack <joe@example.org>
+Architecture: all
+Files:
+ 324f464e6151a92cf57b26ef95dcfcf2059a8c44 3 pkg-sha1-ok_1.0.dsc
+ 680254bad1d7ca0d65ec46aaa315d363abf6a50a 3 pkg-sha1-ok_1.0.tar.gz
+
 Package: pkg-sha256-ok
 Binary: pkg-sha256-ok
 Version: 1.0
@@ -139,7 +148,7 @@ Checksums-Sha256:
 EOF
 
 # create fetchable files
-for x in 'pkg-md5-ok' 'pkg-sha256-ok' 'pkg-sha256-bad' 'pkg-no-md5' \
+for x in 'pkg-md5-ok' 'pkg-sha1-ok' 'pkg-sha256-ok' 'pkg-sha256-bad' 'pkg-no-md5' \
 	 'pkg-mixed-ok' 'pkg-mixed-sha1-bad' 'pkg-mixed-sha2-bad' \
 	 'pkg-md5-agree' 'pkg-md5-disagree' 'pkg-sha256-disagree' \
 	 'pkg-md5-bad'; do
@@ -230,6 +239,7 @@ Download complete and in download only mode" aptget source --allow-unauthenticat
 }
 
 testnohash pkg-md5-ok
+testnohash pkg-sha1-ok
 testok pkg-sha256-ok
 testkeep pkg-sha256-ok
 
@@ -255,29 +265,28 @@ testfailure --nomsg test -e pkg-no-md5_1.0.dsc -a -e pkg-no-md5_1.0.tar.gz
 
 # deal with cases in which we haven't for all files the same checksum type
 # mostly pathologic as this shouldn't happen, but just to be sure
-testok pkg-mixed-ok
-testfailureequal "Reading package lists...
-Need to get 6 B of source archives.
+testsuccessequal "Reading package lists...
+Skipping download of file 'pkg-mixed-ok_1.0.tar.gz' as requested hashsum is not available for authentication
+Need to get 3 B of source archives.
+Get:1 http://localhost:${APTHTTPPORT}  pkg-mixed-ok 1.0 (dsc) [3 B]
+Download complete and in download only mode" aptget source -d pkg-mixed-ok
+
+testsuccessequal  "Reading package lists...
+Skipping download of file 'pkg-mixed-sha1-bad_1.0.dsc' as requested hashsum is not available for authentication
+Need to get 3 B of source archives.
 Get:1 http://localhost:${APTHTTPPORT}  pkg-mixed-sha1-bad 1.0 (tar) [3 B]
-Get:2 http://localhost:${APTHTTPPORT}  pkg-mixed-sha1-bad 1.0 (dsc) [3 B]
-Err:2 http://localhost:${APTHTTPPORT}  pkg-mixed-sha1-bad 1.0 (dsc)
-  Hash Sum mismatch
-E: Failed to fetch http://localhost:${APTHTTPPORT}/pkg-mixed-sha1-bad_1.0.dsc  Hash Sum mismatch
-
-E: Failed to fetch some archives." aptget source -d pkg-mixed-sha1-bad
+Download complete and in download only mode" aptget source -d pkg-mixed-sha1-bad
 msgtest 'Only tar file is downloaded as the dsc has hashsum mismatch' 'pkg-mixed-sha1-bad'
 testsuccess --nomsg test ! -e pkg-mixed-sha1-bad_1.0.dsc -a -e pkg-mixed-sha1-bad_1.0.tar.gz
 testfailureequal "Reading package lists...
-Need to get 6 B of source archives.
+Skipping download of file 'pkg-mixed-sha2-bad_1.0.dsc' as requested hashsum is not available for authentication
+Need to get 3 B of source archives.
 Get:1 http://localhost:${APTHTTPPORT}  pkg-mixed-sha2-bad 1.0 (tar) [3 B]
 Err:1 http://localhost:${APTHTTPPORT}  pkg-mixed-sha2-bad 1.0 (tar)
   Hash Sum mismatch
-Get:2 http://localhost:${APTHTTPPORT}  pkg-mixed-sha2-bad 1.0 (dsc) [3 B]
 E: Failed to fetch http://localhost:${APTHTTPPORT}/pkg-mixed-sha2-bad_1.0.tar.gz  Hash Sum mismatch
 
 E: Failed to fetch some archives." aptget source -d pkg-mixed-sha2-bad
-msgtest 'Only dsc file is downloaded as the tar has hashsum mismatch' 'pkg-mixed-sha2-bad'
-testsuccess --nomsg test -e pkg-mixed-sha2-bad_1.0.dsc -a ! -e pkg-mixed-sha2-bad_1.0.tar.gz
 
 # it gets even more pathologic: multiple entries for one file, some even disagreeing!
 testnohash pkg-md5-agree