summaryrefslogtreecommitdiff
path: root/test/integration
diff options
context:
space:
mode:
authorMichael Vogt <michael.vogt@ubuntu.com>2013-04-30 10:44:16 +0200
committerMichael Vogt <michael.vogt@ubuntu.com>2013-04-30 10:44:16 +0200
commit3599bca5211077f5456a40adb5cec1bcbee8c3ae (patch)
tree221627b7ef4e3d6d294fbaaab425f2400734bd93 /test/integration
parent6029901a2cf49aac035590960d84572b56f28933 (diff)
parentb5595da902e62af7c295f1603ae5b43ba4cef281 (diff)
merged from the debian-sid branch
Diffstat (limited to 'test/integration')
-rw-r--r--test/integration/framework25
-rwxr-xr-xtest/integration/run-tests3
-rwxr-xr-xtest/integration/test-apt-cdrom2
-rwxr-xr-xtest/integration/test-apt-get-download2
-rwxr-xr-xtest/integration/test-cve-2013-1051-InRelease-parsing61
-rwxr-xr-xtest/integration/test-ubuntu-bug-784473-InRelease-one-message-only14
6 files changed, 98 insertions, 9 deletions
diff --git a/test/integration/framework b/test/integration/framework
index 11f1c7be2..9b01c3161 100644
--- a/test/integration/framework
+++ b/test/integration/framework
@@ -1,5 +1,7 @@
#!/bin/sh -- # no runable script, just for vi
+EXIT_CODE=0
+
# we all like colorful messages
if expr match "$(readlink -f /proc/$$/fd/1)" '/dev/pts/[0-9]\+' > /dev/null && \
expr match "$(readlink -f /proc/$$/fd/2)" '/dev/pts/[0-9]\+' > /dev/null; then
@@ -36,7 +38,7 @@ msgtest() {
}
msgpass() { echo "${CPASS}PASS${CNORMAL}" >&2; }
msgskip() { echo "${CWARNING}SKIP${CNORMAL}" >&2; }
-msgfail() { echo "${CFAIL}FAIL${CNORMAL}" >&2; }
+msgfail() { echo "${CFAIL}FAIL${CNORMAL}" >&2; EXIT_CODE=$((EXIT_CODE+1)); }
# enable / disable Debugging
MSGLEVEL=${MSGLEVEL:-3}
@@ -113,9 +115,18 @@ gdb() {
APT_CONFIG=aptconfig.conf LD_LIBRARY_PATH=${BUILDDIRECTORY} $(which gdb) ${BUILDDIRECTORY}/$1
}
+exitwithstatus() {
+ # error if we about to overflow, but ...
+ # "255 failures ought to be enough for everybody"
+ if [ $EXIT_CODE -gt 255 ]; then
+ msgdie "Total failure count $EXIT_CODE too big"
+ fi
+ exit $((EXIT_CODE <= 255 ? EXIT_CODE : 255));
+}
+
addtrap() {
CURRENTTRAP="$CURRENTTRAP $1"
- trap "$CURRENTTRAP exit;" 0 HUP INT QUIT ILL ABRT FPE SEGV PIPE TERM
+ trap "$CURRENTTRAP exitwithstatus;" 0 HUP INT QUIT ILL ABRT FPE SEGV PIPE TERM
}
setupenvironment() {
@@ -328,9 +339,15 @@ Package: $NAME" >> ${BUILDDIR}/debian/control
fi
echo '3.0 (native)' > ${BUILDDIR}/debian/source/format
- local SRCS="$( (cd ${BUILDDIR}/..; dpkg-source -b ${NAME}-${VERSION} 2>&1) | grep '^dpkg-source: info: building' | grep -o '[a-z0-9._+~-]*$')"
- for SRC in $SRCS; do
+ (cd ${BUILDDIR}/..; dpkg-source -b ${NAME}-${VERSION} 2>&1) | sed -n 's#^dpkg-source: info: building [^ ]\+ in ##p' \
+ | while read SRC; do
echo "pool/${SRC}" >> ${BUILDDIR}/../${RELEASE}.${DISTSECTION}.srclist
+# if expr match "${SRC}" '.*\.dsc' >/dev/null 2>&1; then
+# gpg --yes --no-default-keyring --secret-keyring ./keys/joesixpack.sec \
+# --keyring ./keys/joesixpack.pub --default-key 'Joe Sixpack' \
+# --clearsign -o "${BUILDDIR}/../${SRC}.sign" "${BUILDDIR}/../$SRC"
+# mv "${BUILDDIR}/../${SRC}.sign" "${BUILDDIR}/../$SRC"
+# fi
done
for arch in $(echo "$ARCH" | sed -e 's#,#\n#g' | sed -e "s#^native\$#$(getarchitecture 'native')#"); do
diff --git a/test/integration/run-tests b/test/integration/run-tests
index 75f2ad662..18474b20f 100755
--- a/test/integration/run-tests
+++ b/test/integration/run-tests
@@ -37,4 +37,5 @@ for testcase in $(run-parts --list $DIR | grep '/test-'); do
done
echo "failures: $FAIL"
-exit $FAIL
+# ensure we don't overflow
+exit $((FAIL <= 255 ? FAIL : 255))
diff --git a/test/integration/test-apt-cdrom b/test/integration/test-apt-cdrom
index f24c99b36..f1c4fd9d3 100755
--- a/test/integration/test-apt-cdrom
+++ b/test/integration/test-apt-cdrom
@@ -24,6 +24,8 @@ cat Translation-de | xz --format=lzma > Translation-de.lzma
cat Translation-de | xz > Translation-de.xz
rm Translation-en Translation-de
cd - > /dev/null
+addtrap "chmod -R +w $PWD/rootdir/media/cdrom/dists/;"
+chmod -R -w rootdir/media/cdrom/dists
aptcdrom add -m -o quiet=1 > apt-cdrom.log 2>&1
sed -i -e '/^Using CD-ROM/ d' -e '/gpgv/ d' -e '/^Identifying/ d' -e '/Reading / d' apt-cdrom.log
diff --git a/test/integration/test-apt-get-download b/test/integration/test-apt-get-download
index b164f7dba..420b2e380 100755
--- a/test/integration/test-apt-get-download
+++ b/test/integration/test-apt-get-download
@@ -26,7 +26,7 @@ testdownload apt_1.0_all.deb apt stable
testdownload apt_2.0_all.deb apt
DEBFILE="$(readlink -f aptarchive)/pool/apt_2.0_all.deb"
-testequal "'file://${DEBFILE}' apt_2.0_all.deb $(stat -c%s $DEBFILE) sha256:$(sha256sum $DEBFILE | cut -d' ' -f 1)" aptget download apt --print-uris
+testequal "'file://${DEBFILE}' apt_2.0_all.deb $(stat -c%s $DEBFILE) sha512:$(sha512sum $DEBFILE | cut -d' ' -f 1)" aptget download apt --print-uris
# deb:677887
testequal "E: Can't find a source to download version '1.0' of 'vrms:i386'" aptget download vrms
diff --git a/test/integration/test-cve-2013-1051-InRelease-parsing b/test/integration/test-cve-2013-1051-InRelease-parsing
new file mode 100755
index 000000000..bd68fccf6
--- /dev/null
+++ b/test/integration/test-cve-2013-1051-InRelease-parsing
@@ -0,0 +1,61 @@
+#!/bin/sh
+set -e
+
+TESTDIR=$(readlink -f $(dirname $0))
+. $TESTDIR/framework
+
+setupenvironment
+configarchitecture 'i386'
+
+insertpackage 'stable' 'good-pkg' 'all' '1.0'
+
+setupaptarchive
+
+changetowebserver
+ARCHIVE='http://localhost/'
+msgtest 'Initial apt-get update should work with' 'InRelease'
+aptget update -qq && msgpass || msgfail
+
+# check that the setup is correct
+testequal "good-pkg:
+ Installed: (none)
+ Candidate: 1.0
+ Version table:
+ 1.0 0
+ 500 ${ARCHIVE} stable/main i386 Packages" aptcache policy good-pkg
+
+# now exchange to the Packages file, note that this could be
+# done via MITM too
+insertpackage 'stable' 'bad-mitm' 'all' '1.0'
+
+# this builds compressed files and a new (unsigned) Release
+buildaptarchivefromfiles '+1hour'
+
+# add a space into the BEGIN PGP SIGNATURE PART/END PGP SIGNATURE part
+# to trick apt - this is still legal to gpg(v)
+sed -i '/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ s/^$/ /g' aptarchive/dists/stable/InRelease
+
+# we append the (evil unsigned) Release file to the (good signed) InRelease
+cat aptarchive/dists/stable/Release >> aptarchive/dists/stable/InRelease
+
+
+# ensure the update fails
+# useful for debugging to add "-o Debug::pkgAcquire::auth=true"
+msgtest 'apt-get update for should fail with the modified' 'InRelease'
+aptget update 2>&1 | grep -q 'Hash Sum mismatch' > /dev/null && msgpass || msgfail
+
+# ensure there is no package
+testequal 'Reading package lists...
+Building dependency tree...
+E: Unable to locate package bad-mitm' aptget install bad-mitm -s
+
+# and verify that its not picked up
+testequal 'N: Unable to locate package bad-mitm' aptcache policy bad-mitm -q=0
+
+# and that the right one is used
+testequal "good-pkg:
+ Installed: (none)
+ Candidate: 1.0
+ Version table:
+ 1.0 0
+ 500 ${ARCHIVE} stable/main i386 Packages" aptcache policy good-pkg
diff --git a/test/integration/test-ubuntu-bug-784473-InRelease-one-message-only b/test/integration/test-ubuntu-bug-784473-InRelease-one-message-only
index d97011914..fad5488fb 100755
--- a/test/integration/test-ubuntu-bug-784473-InRelease-one-message-only
+++ b/test/integration/test-ubuntu-bug-784473-InRelease-one-message-only
@@ -26,6 +26,14 @@ MD5Sum:
2182897e0a2a0c09e760beaae117a015 2023 Packages.diff/Index
1b895931853981ad8204d2439821b999 4144 Packages.gz'; echo; cat ${RELEASE}.old;) > ${RELEASE}
done
-aptget update -qq > /dev/null 2> starts-with-unsigned.msg
-sed -i 's#File .*InRelease#File InRelease#' starts-with-unsigned.msg
-testfileequal starts-with-unsigned.msg "W: GPG error: file: unstable InRelease: File InRelease doesn't start with a clearsigned message"
+
+msgtest 'The unsigned garbage before signed block is' 'ignored'
+aptget update -qq > /dev/null 2>&1 && msgpass || msgfail
+
+ROOTDIR="$(readlink -f .)"
+testequal "Package files:
+ 100 ${ROOTDIR}/rootdir/var/lib/dpkg/status
+ release a=now
+ 500 file:${ROOTDIR}/aptarchive/ unstable/main i386 Packages
+ release a=unstable,n=unstable,c=main
+Pinned packages:" aptcache policy