diff options
author | Michael Vogt <mvo@debian.org> | 2013-12-29 16:04:42 +0100 |
---|---|---|
committer | Michael Vogt <mvo@debian.org> | 2013-12-29 16:04:42 +0100 |
commit | f99a02461efe5183a00d5e73da197b85f93cf57a (patch) | |
tree | 1286d59d9700b4626111347bce45820a7cad6aba /test/integration | |
parent | a127de147900050d3dbc3644ed468428749c46fd (diff) | |
parent | 23bd09778261c945b460b46d855b1a6ef998cfd8 (diff) |
Merge remote-tracking branch 'mvo/debian/sid' into debian/sid
Diffstat (limited to 'test/integration')
-rw-r--r-- | test/integration/exploid-keyring-with-dupe-keys.pub | bin | 3986 -> 0 bytes | |||
-rw-r--r-- | test/integration/exploid-keyring-with-dupe-subkeys.pub | bin | 2016 -> 0 bytes | |||
-rw-r--r-- | test/integration/framework | 17 | ||||
-rw-r--r-- | test/integration/keyrings/test-archive-keyring.pub | bin | 0 -> 979 bytes | |||
-rw-r--r-- | test/integration/keyrings/test-archive-keyring.sec | bin | 0 -> 1355 bytes | |||
-rw-r--r-- | test/integration/keyrings/test-master-keyring.pub | bin | 0 -> 1199 bytes | |||
-rw-r--r-- | test/integration/keyrings/test-master-keyring.sec | bin | 0 -> 2501 bytes | |||
-rwxr-xr-x | test/integration/test-apt-key-net-update | 123 | ||||
-rwxr-xr-x | test/integration/test-bug-728500-tempdir | 18 | ||||
-rwxr-xr-x | test/integration/test-bug-732746-preferences | 32 |
10 files changed, 89 insertions, 101 deletions
diff --git a/test/integration/exploid-keyring-with-dupe-keys.pub b/test/integration/exploid-keyring-with-dupe-keys.pub Binary files differdeleted file mode 100644 index 642952a40..000000000 --- a/test/integration/exploid-keyring-with-dupe-keys.pub +++ /dev/null diff --git a/test/integration/exploid-keyring-with-dupe-subkeys.pub b/test/integration/exploid-keyring-with-dupe-subkeys.pub Binary files differdeleted file mode 100644 index 02d4e6ee8..000000000 --- a/test/integration/exploid-keyring-with-dupe-subkeys.pub +++ /dev/null diff --git a/test/integration/framework b/test/integration/framework index 89b5bb0e4..a28363768 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -102,6 +102,9 @@ aptget() { runapt apt-get $*; } aptftparchive() { runapt apt-ftparchive $*; } aptkey() { runapt apt-key $*; } aptmark() { runapt apt-mark $*; } +aptwebserver() { + LD_LIBRARY_PATH=${APTWEBSERVERBINDIR} ${APTWEBSERVERBINDIR}/aptwebserver $*; +} dpkg() { $(which dpkg) --root=${TMPWORKINGDIRECTORY}/rootdir --force-not-root --force-bad-path --log=${TMPWORKINGDIRECTORY}/rootdir/var/log/dpkg.log $* } @@ -154,8 +157,14 @@ setupenvironment() { TMPWORKINGDIRECTORY=$(mktemp -d) TESTDIRECTORY=$(readlink -f $(dirname $0)) msgninfo "Preparing environment for ${CCMD}$(basename $0)${CINFO} in ${TMPWORKINGDIRECTORY}… " - BUILDDIRECTORY="${TESTDIRECTORY}/../../build/bin" + + # allow overriding the default BUILDDIR location + BUILDDIRECTORY=${APT_INTEGRATION_TESTS_BUILD_DIR:-"${TESTDIRECTORY}/../../build/bin"} + METHODSDIR=${APT_INTEGRATION_TESTS_METHODS_DIR:-"${BUILDDIRECTORY}/methods"} + APTWEBSERVERBINDIR=${APT_INTEGRATION_TESTS_WEBSERVER_BIN_DIR:-"${BUILDDIRECTORY}"} test -x "${BUILDDIRECTORY}/apt-get" || msgdie "You need to build tree first" + # ----- + addtrap "cd /; rm -rf $TMPWORKINGDIRECTORY;" cd $TMPWORKINGDIRECTORY mkdir rootdir aptarchive keys @@ -181,7 +190,7 @@ setupenvironment() { echo "Dir::state::status \"${TMPWORKINGDIRECTORY}/rootdir/var/lib/dpkg/status\";" >> aptconfig.conf echo "Debug::NoLocking \"true\";" >> aptconfig.conf echo "APT::Get::Show-User-Simulation-Note \"false\";" >> aptconfig.conf - echo "Dir::Bin::Methods \"${BUILDDIRECTORY}/methods\";" >> aptconfig.conf + echo "Dir::Bin::Methods \"${METHODSDIR}\";" >> aptconfig.conf echo "Dir::Bin::dpkg \"fakeroot\";" >> aptconfig.conf echo "DPKG::options:: \"dpkg\";" >> aptconfig.conf echo "DPKG::options:: \"--root=${TMPWORKINGDIRECTORY}/rootdir\";" >> aptconfig.conf @@ -822,9 +831,9 @@ changetowebserver() { shift fi local LOG='/dev/null' - if test -x ${BUILDDIRECTORY}/aptwebserver; then + if test -x ${APTWEBSERVERBINDIR}/aptwebserver; then cd aptarchive - LD_LIBRARY_PATH=${BUILDDIRECTORY} ${BUILDDIRECTORY}/aptwebserver -o aptwebserver::fork=1 "$@" >$LOG 2>&1 + aptwebserver -o aptwebserver::fork=1 "$@" >$LOG 2>&1 local PID="$(cat aptwebserver.pid)" if [ -z "$PID" ]; then msgdie 'Could not fork aptwebserver successfully' diff --git a/test/integration/keyrings/test-archive-keyring.pub b/test/integration/keyrings/test-archive-keyring.pub Binary files differnew file mode 100644 index 000000000..d8d9d472b --- /dev/null +++ b/test/integration/keyrings/test-archive-keyring.pub diff --git a/test/integration/keyrings/test-archive-keyring.sec b/test/integration/keyrings/test-archive-keyring.sec Binary files differnew file mode 100644 index 000000000..aece750e8 --- /dev/null +++ b/test/integration/keyrings/test-archive-keyring.sec diff --git a/test/integration/keyrings/test-master-keyring.pub b/test/integration/keyrings/test-master-keyring.pub Binary files differnew file mode 100644 index 000000000..33aa16796 --- /dev/null +++ b/test/integration/keyrings/test-master-keyring.pub diff --git a/test/integration/keyrings/test-master-keyring.sec b/test/integration/keyrings/test-master-keyring.sec Binary files differnew file mode 100644 index 000000000..9cb33176c --- /dev/null +++ b/test/integration/keyrings/test-master-keyring.sec diff --git a/test/integration/test-apt-key-net-update b/test/integration/test-apt-key-net-update index 73545aff7..4b38cd9b5 100755 --- a/test/integration/test-apt-key-net-update +++ b/test/integration/test-apt-key-net-update @@ -6,109 +6,38 @@ TESTDIR=$(readlink -f $(dirname $0)) setupenvironment configarchitecture "i386" +changetowebserver -# mock -requires_root() { - return 0 -} +# setup env +mkdir -p var/lib/apt/keyrings +mkdir -p usr/share/keyrings -# extract net_update() and import it -func=$( sed -n -e '/^add_keys_with_verify_against_master_keyring/,/^}/p' ${BUILDDIRECTORY}/apt-key ) -eval "$func" +# install the fake master keyring +install -m0644 keys/test-master-keyring.pub usr/share/keyrings +echo "APT::Key::MasterKeyring \"${TMPWORKINGDIRECTORY}/usr/share/keyrings/test-master-keyring.pub\";" >> ./aptconfig.conf -mkdir -p ./etc/apt -TRUSTEDFILE=./etc/apt/trusted.gpg -mkdir -p ./var/lib/apt/keyrings -TMP_KEYRING=./var/lib/apt/keyrings/maybe-import-keyring.gpg -GPG_CMD="gpg --ignore-time-conflict --no-options --no-default-keyring" +# setup archive-keyring +mkdir -p aptarchive/ubuntu/project +install -m0644 keys/test-archive-keyring.pub aptarchive/ubuntu/project/ +echo 'APT::Key::ArchiveKeyringURI "http://localhost:8080/ubuntu/project/test-archive-keyring.pub";' >> ./aptconfig.conf +echo 'APT::Key::Net-Update-Enabled "1";' >> ./aptconfig.conf -# FIXME: instead of copying this use apt-key and the buildin apt webserver -# to do a real test +# test against the "real" webserver +testequal 'Checking for new archive signing keys now +gpg: key F68C85A3: public key "Test Automatic Archive Signing Key <ftpmaster@example.com>" imported +gpg: Total number processed: 1 +gpg: imported: 1 (RSA: 1)' aptkey --fakeroot net-update -# COPYIED from apt-key.in -------------- -# gpg needs a trustdb to function, but it can't be invalid (not even empty) -# so we create a temporary directory to store our fresh readable trustdb in -TRUSTDBDIR="$(mktemp -d)" -CURRENTTRAP="${CURRENTTRAP} rm -rf '${TRUSTDBDIR}';" -trap "${CURRENTTRAP}" 0 HUP INT QUIT ILL ABRT FPE SEGV PIPE TERM -chmod 700 "$TRUSTDBDIR" -# We also don't use a secret keyring, of course, but gpg panics and -# implodes if there isn't one available - and writeable for imports -SECRETKEYRING="${TRUSTDBDIR}/secring.gpg" -touch $SECRETKEYRING -GPG_CMD="$GPG_CMD --secret-keyring $SECRETKEYRING" -GPG_CMD="$GPG_CMD --trustdb-name ${TRUSTDBDIR}/trustdb.gpg" -#----------------------------------------- END COPY +# now try a different one +# setup archive-keyring +mkdir -p aptarchive/ubuntu/project +install -m0644 keys/marvinparanoid.pub aptarchive/ubuntu/project/ +echo 'APT::Key::ArchiveKeyringURI "http://localhost:8080/ubuntu/project/marvinparanoid.pub";' >> ./aptconfig.conf +echo 'APT::Key::Net-Update-Enabled "1";' >> ./aptconfig.conf -GPG="$GPG_CMD --keyring $TRUSTEDFILE" -MASTER_KEYRING=/usr/share/keyrings/ubuntu-master-keyring.gpg +# test against the "real" webserver +testequal "Checking for new archive signing keys now +Key 'E8525D47528144E2' not added. It is not signed with a master key" aptkey --fakeroot net-update -msgtest "add_keys_with_verify_against_master_keyring" -if [ ! -e $MASTER_KEYRING ]; then - echo -n "No $MASTER_KEYRING found" - msgskip - exit 0 -fi - -# test bad keyring and ensure its not added (LP: #857472) -ADD_KEYRING=./keys/exploid-keyring-with-dupe-keys.pub -if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then - msgfail -else - msgpass -fi - -# ensure the keyring is still empty -gpg_out=$($GPG --list-keys) -msgtest "Test if keyring is empty" -if [ -n "" ]; then - msgfail -else - msgpass -fi - - -# test another possible attack vector using subkeys (LP: #1013128) -msgtest "add_keys_with_verify_against_master_keyring with subkey attack" -ADD_KEYRING=./keys/exploid-keyring-with-dupe-subkeys.pub -if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then - msgfail -else - msgpass -fi - -# ensure the keyring is still empty -gpg_out=$($GPG --list-keys) -msgtest "Test if keyring is empty" -if [ -n "" ]; then - msgfail -else - msgpass -fi - - -# test good keyring and ensure we get no errors -ADD_KEYRING=/usr/share/keyrings/ubuntu-archive-keyring.gpg -if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then - msgpass -else - msgfail -fi - -testequal './etc/apt/trusted.gpg ---------------------- -pub 1024D/437D05B5 2004-09-12 -uid Ubuntu Archive Automatic Signing Key <ftpmaster@ubuntu.com> -sub 2048g/79164387 2004-09-12 - -pub 1024D/FBB75451 2004-12-30 -uid Ubuntu CD Image Automatic Signing Key <cdimage@ubuntu.com> - -pub 4096R/C0B21F32 2012-05-11 -uid Ubuntu Archive Automatic Signing Key (2012) <ftpmaster@ubuntu.com> - -pub 4096R/EFE21092 2012-05-11 -uid Ubuntu CD Image Automatic Signing Key (2012) <cdimage@ubuntu.com> -' $GPG --list-keys diff --git a/test/integration/test-bug-728500-tempdir b/test/integration/test-bug-728500-tempdir new file mode 100755 index 000000000..0606538a1 --- /dev/null +++ b/test/integration/test-bug-728500-tempdir @@ -0,0 +1,18 @@ +#!/bin/sh + +set -e + +TESTDIR=$(readlink -f $(dirname $0)) +. $TESTDIR/framework +setupenvironment +configarchitecture 'i386' + +buildsimplenativepackage 'coolstuff' 'all' '1.0' 'unstable' + +setupaptarchive +changetowebserver + +msgtest 'Test with incorect TMPDIR' +export TMPDIR=/does-not-exists +aptget update && msgpass || msgfail +unset TMPDIR
\ No newline at end of file diff --git a/test/integration/test-bug-732746-preferences b/test/integration/test-bug-732746-preferences new file mode 100755 index 000000000..b31f98aa0 --- /dev/null +++ b/test/integration/test-bug-732746-preferences @@ -0,0 +1,32 @@ +#!/bin/sh +set -e + +TESTDIR=$(readlink -f $(dirname $0)) +. $TESTDIR/framework +setupenvironment +configarchitecture 'i386' + +insertinstalledpackage 'bar' 'i386' '1.0' + +cat > rootdir/etc/apt/preferences << EOF +# random test comment header + +# commented out by puppy^Wpuppet +#Package: foo +#Pin: origin "ftp.debian.org" +#Pin: 800 + +Package: bar +Pin: version 1.0 +Pin-Priority: 700 + +#Package: bar +#Pin: version 1.0 +#Pin: 800 +EOF + +testequal "Reading package lists... +Building dependency tree..." aptget check + +msgtest "Ensure policy is applied" +aptcache policy bar|grep -q "*** 1.0 700" && msgpass || msgfail |