summaryrefslogtreecommitdiff
path: root/test/integration
diff options
context:
space:
mode:
authorMichael Vogt <mvo@debian.org>2013-12-29 16:04:42 +0100
committerMichael Vogt <mvo@debian.org>2013-12-29 16:04:42 +0100
commitf99a02461efe5183a00d5e73da197b85f93cf57a (patch)
tree1286d59d9700b4626111347bce45820a7cad6aba /test/integration
parenta127de147900050d3dbc3644ed468428749c46fd (diff)
parent23bd09778261c945b460b46d855b1a6ef998cfd8 (diff)
Merge remote-tracking branch 'mvo/debian/sid' into debian/sid
Diffstat (limited to 'test/integration')
-rw-r--r--test/integration/exploid-keyring-with-dupe-keys.pubbin3986 -> 0 bytes
-rw-r--r--test/integration/exploid-keyring-with-dupe-subkeys.pubbin2016 -> 0 bytes
-rw-r--r--test/integration/framework17
-rw-r--r--test/integration/keyrings/test-archive-keyring.pubbin0 -> 979 bytes
-rw-r--r--test/integration/keyrings/test-archive-keyring.secbin0 -> 1355 bytes
-rw-r--r--test/integration/keyrings/test-master-keyring.pubbin0 -> 1199 bytes
-rw-r--r--test/integration/keyrings/test-master-keyring.secbin0 -> 2501 bytes
-rwxr-xr-xtest/integration/test-apt-key-net-update123
-rwxr-xr-xtest/integration/test-bug-728500-tempdir18
-rwxr-xr-xtest/integration/test-bug-732746-preferences32
10 files changed, 89 insertions, 101 deletions
diff --git a/test/integration/exploid-keyring-with-dupe-keys.pub b/test/integration/exploid-keyring-with-dupe-keys.pub
deleted file mode 100644
index 642952a40..000000000
--- a/test/integration/exploid-keyring-with-dupe-keys.pub
+++ /dev/null
Binary files differ
diff --git a/test/integration/exploid-keyring-with-dupe-subkeys.pub b/test/integration/exploid-keyring-with-dupe-subkeys.pub
deleted file mode 100644
index 02d4e6ee8..000000000
--- a/test/integration/exploid-keyring-with-dupe-subkeys.pub
+++ /dev/null
Binary files differ
diff --git a/test/integration/framework b/test/integration/framework
index 89b5bb0e4..a28363768 100644
--- a/test/integration/framework
+++ b/test/integration/framework
@@ -102,6 +102,9 @@ aptget() { runapt apt-get $*; }
aptftparchive() { runapt apt-ftparchive $*; }
aptkey() { runapt apt-key $*; }
aptmark() { runapt apt-mark $*; }
+aptwebserver() {
+ LD_LIBRARY_PATH=${APTWEBSERVERBINDIR} ${APTWEBSERVERBINDIR}/aptwebserver $*;
+}
dpkg() {
$(which dpkg) --root=${TMPWORKINGDIRECTORY}/rootdir --force-not-root --force-bad-path --log=${TMPWORKINGDIRECTORY}/rootdir/var/log/dpkg.log $*
}
@@ -154,8 +157,14 @@ setupenvironment() {
TMPWORKINGDIRECTORY=$(mktemp -d)
TESTDIRECTORY=$(readlink -f $(dirname $0))
msgninfo "Preparing environment for ${CCMD}$(basename $0)${CINFO} in ${TMPWORKINGDIRECTORY}… "
- BUILDDIRECTORY="${TESTDIRECTORY}/../../build/bin"
+
+ # allow overriding the default BUILDDIR location
+ BUILDDIRECTORY=${APT_INTEGRATION_TESTS_BUILD_DIR:-"${TESTDIRECTORY}/../../build/bin"}
+ METHODSDIR=${APT_INTEGRATION_TESTS_METHODS_DIR:-"${BUILDDIRECTORY}/methods"}
+ APTWEBSERVERBINDIR=${APT_INTEGRATION_TESTS_WEBSERVER_BIN_DIR:-"${BUILDDIRECTORY}"}
test -x "${BUILDDIRECTORY}/apt-get" || msgdie "You need to build tree first"
+ # -----
+
addtrap "cd /; rm -rf $TMPWORKINGDIRECTORY;"
cd $TMPWORKINGDIRECTORY
mkdir rootdir aptarchive keys
@@ -181,7 +190,7 @@ setupenvironment() {
echo "Dir::state::status \"${TMPWORKINGDIRECTORY}/rootdir/var/lib/dpkg/status\";" >> aptconfig.conf
echo "Debug::NoLocking \"true\";" >> aptconfig.conf
echo "APT::Get::Show-User-Simulation-Note \"false\";" >> aptconfig.conf
- echo "Dir::Bin::Methods \"${BUILDDIRECTORY}/methods\";" >> aptconfig.conf
+ echo "Dir::Bin::Methods \"${METHODSDIR}\";" >> aptconfig.conf
echo "Dir::Bin::dpkg \"fakeroot\";" >> aptconfig.conf
echo "DPKG::options:: \"dpkg\";" >> aptconfig.conf
echo "DPKG::options:: \"--root=${TMPWORKINGDIRECTORY}/rootdir\";" >> aptconfig.conf
@@ -822,9 +831,9 @@ changetowebserver() {
shift
fi
local LOG='/dev/null'
- if test -x ${BUILDDIRECTORY}/aptwebserver; then
+ if test -x ${APTWEBSERVERBINDIR}/aptwebserver; then
cd aptarchive
- LD_LIBRARY_PATH=${BUILDDIRECTORY} ${BUILDDIRECTORY}/aptwebserver -o aptwebserver::fork=1 "$@" >$LOG 2>&1
+ aptwebserver -o aptwebserver::fork=1 "$@" >$LOG 2>&1
local PID="$(cat aptwebserver.pid)"
if [ -z "$PID" ]; then
msgdie 'Could not fork aptwebserver successfully'
diff --git a/test/integration/keyrings/test-archive-keyring.pub b/test/integration/keyrings/test-archive-keyring.pub
new file mode 100644
index 000000000..d8d9d472b
--- /dev/null
+++ b/test/integration/keyrings/test-archive-keyring.pub
Binary files differ
diff --git a/test/integration/keyrings/test-archive-keyring.sec b/test/integration/keyrings/test-archive-keyring.sec
new file mode 100644
index 000000000..aece750e8
--- /dev/null
+++ b/test/integration/keyrings/test-archive-keyring.sec
Binary files differ
diff --git a/test/integration/keyrings/test-master-keyring.pub b/test/integration/keyrings/test-master-keyring.pub
new file mode 100644
index 000000000..33aa16796
--- /dev/null
+++ b/test/integration/keyrings/test-master-keyring.pub
Binary files differ
diff --git a/test/integration/keyrings/test-master-keyring.sec b/test/integration/keyrings/test-master-keyring.sec
new file mode 100644
index 000000000..9cb33176c
--- /dev/null
+++ b/test/integration/keyrings/test-master-keyring.sec
Binary files differ
diff --git a/test/integration/test-apt-key-net-update b/test/integration/test-apt-key-net-update
index 73545aff7..4b38cd9b5 100755
--- a/test/integration/test-apt-key-net-update
+++ b/test/integration/test-apt-key-net-update
@@ -6,109 +6,38 @@ TESTDIR=$(readlink -f $(dirname $0))
setupenvironment
configarchitecture "i386"
+changetowebserver
-# mock
-requires_root() {
- return 0
-}
+# setup env
+mkdir -p var/lib/apt/keyrings
+mkdir -p usr/share/keyrings
-# extract net_update() and import it
-func=$( sed -n -e '/^add_keys_with_verify_against_master_keyring/,/^}/p' ${BUILDDIRECTORY}/apt-key )
-eval "$func"
+# install the fake master keyring
+install -m0644 keys/test-master-keyring.pub usr/share/keyrings
+echo "APT::Key::MasterKeyring \"${TMPWORKINGDIRECTORY}/usr/share/keyrings/test-master-keyring.pub\";" >> ./aptconfig.conf
-mkdir -p ./etc/apt
-TRUSTEDFILE=./etc/apt/trusted.gpg
-mkdir -p ./var/lib/apt/keyrings
-TMP_KEYRING=./var/lib/apt/keyrings/maybe-import-keyring.gpg
-GPG_CMD="gpg --ignore-time-conflict --no-options --no-default-keyring"
+# setup archive-keyring
+mkdir -p aptarchive/ubuntu/project
+install -m0644 keys/test-archive-keyring.pub aptarchive/ubuntu/project/
+echo 'APT::Key::ArchiveKeyringURI "http://localhost:8080/ubuntu/project/test-archive-keyring.pub";' >> ./aptconfig.conf
+echo 'APT::Key::Net-Update-Enabled "1";' >> ./aptconfig.conf
-# FIXME: instead of copying this use apt-key and the buildin apt webserver
-# to do a real test
+# test against the "real" webserver
+testequal 'Checking for new archive signing keys now
+gpg: key F68C85A3: public key "Test Automatic Archive Signing Key <ftpmaster@example.com>" imported
+gpg: Total number processed: 1
+gpg: imported: 1 (RSA: 1)' aptkey --fakeroot net-update
-# COPYIED from apt-key.in --------------
-# gpg needs a trustdb to function, but it can't be invalid (not even empty)
-# so we create a temporary directory to store our fresh readable trustdb in
-TRUSTDBDIR="$(mktemp -d)"
-CURRENTTRAP="${CURRENTTRAP} rm -rf '${TRUSTDBDIR}';"
-trap "${CURRENTTRAP}" 0 HUP INT QUIT ILL ABRT FPE SEGV PIPE TERM
-chmod 700 "$TRUSTDBDIR"
-# We also don't use a secret keyring, of course, but gpg panics and
-# implodes if there isn't one available - and writeable for imports
-SECRETKEYRING="${TRUSTDBDIR}/secring.gpg"
-touch $SECRETKEYRING
-GPG_CMD="$GPG_CMD --secret-keyring $SECRETKEYRING"
-GPG_CMD="$GPG_CMD --trustdb-name ${TRUSTDBDIR}/trustdb.gpg"
-#----------------------------------------- END COPY
+# now try a different one
+# setup archive-keyring
+mkdir -p aptarchive/ubuntu/project
+install -m0644 keys/marvinparanoid.pub aptarchive/ubuntu/project/
+echo 'APT::Key::ArchiveKeyringURI "http://localhost:8080/ubuntu/project/marvinparanoid.pub";' >> ./aptconfig.conf
+echo 'APT::Key::Net-Update-Enabled "1";' >> ./aptconfig.conf
-GPG="$GPG_CMD --keyring $TRUSTEDFILE"
-MASTER_KEYRING=/usr/share/keyrings/ubuntu-master-keyring.gpg
+# test against the "real" webserver
+testequal "Checking for new archive signing keys now
+Key 'E8525D47528144E2' not added. It is not signed with a master key" aptkey --fakeroot net-update
-msgtest "add_keys_with_verify_against_master_keyring"
-if [ ! -e $MASTER_KEYRING ]; then
- echo -n "No $MASTER_KEYRING found"
- msgskip
- exit 0
-fi
-
-# test bad keyring and ensure its not added (LP: #857472)
-ADD_KEYRING=./keys/exploid-keyring-with-dupe-keys.pub
-if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then
- msgfail
-else
- msgpass
-fi
-
-# ensure the keyring is still empty
-gpg_out=$($GPG --list-keys)
-msgtest "Test if keyring is empty"
-if [ -n "" ]; then
- msgfail
-else
- msgpass
-fi
-
-
-# test another possible attack vector using subkeys (LP: #1013128)
-msgtest "add_keys_with_verify_against_master_keyring with subkey attack"
-ADD_KEYRING=./keys/exploid-keyring-with-dupe-subkeys.pub
-if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then
- msgfail
-else
- msgpass
-fi
-
-# ensure the keyring is still empty
-gpg_out=$($GPG --list-keys)
-msgtest "Test if keyring is empty"
-if [ -n "" ]; then
- msgfail
-else
- msgpass
-fi
-
-
-# test good keyring and ensure we get no errors
-ADD_KEYRING=/usr/share/keyrings/ubuntu-archive-keyring.gpg
-if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then
- msgpass
-else
- msgfail
-fi
-
-testequal './etc/apt/trusted.gpg
----------------------
-pub 1024D/437D05B5 2004-09-12
-uid Ubuntu Archive Automatic Signing Key <ftpmaster@ubuntu.com>
-sub 2048g/79164387 2004-09-12
-
-pub 1024D/FBB75451 2004-12-30
-uid Ubuntu CD Image Automatic Signing Key <cdimage@ubuntu.com>
-
-pub 4096R/C0B21F32 2012-05-11
-uid Ubuntu Archive Automatic Signing Key (2012) <ftpmaster@ubuntu.com>
-
-pub 4096R/EFE21092 2012-05-11
-uid Ubuntu CD Image Automatic Signing Key (2012) <cdimage@ubuntu.com>
-' $GPG --list-keys
diff --git a/test/integration/test-bug-728500-tempdir b/test/integration/test-bug-728500-tempdir
new file mode 100755
index 000000000..0606538a1
--- /dev/null
+++ b/test/integration/test-bug-728500-tempdir
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+set -e
+
+TESTDIR=$(readlink -f $(dirname $0))
+. $TESTDIR/framework
+setupenvironment
+configarchitecture 'i386'
+
+buildsimplenativepackage 'coolstuff' 'all' '1.0' 'unstable'
+
+setupaptarchive
+changetowebserver
+
+msgtest 'Test with incorect TMPDIR'
+export TMPDIR=/does-not-exists
+aptget update && msgpass || msgfail
+unset TMPDIR \ No newline at end of file
diff --git a/test/integration/test-bug-732746-preferences b/test/integration/test-bug-732746-preferences
new file mode 100755
index 000000000..b31f98aa0
--- /dev/null
+++ b/test/integration/test-bug-732746-preferences
@@ -0,0 +1,32 @@
+#!/bin/sh
+set -e
+
+TESTDIR=$(readlink -f $(dirname $0))
+. $TESTDIR/framework
+setupenvironment
+configarchitecture 'i386'
+
+insertinstalledpackage 'bar' 'i386' '1.0'
+
+cat > rootdir/etc/apt/preferences << EOF
+# random test comment header
+
+# commented out by puppy^Wpuppet
+#Package: foo
+#Pin: origin "ftp.debian.org"
+#Pin: 800
+
+Package: bar
+Pin: version 1.0
+Pin-Priority: 700
+
+#Package: bar
+#Pin: version 1.0
+#Pin: 800
+EOF
+
+testequal "Reading package lists...
+Building dependency tree..." aptget check
+
+msgtest "Ensure policy is applied"
+aptcache policy bar|grep -q "*** 1.0 700" && msgpass || msgfail