summaryrefslogtreecommitdiff
path: root/test/integration
diff options
context:
space:
mode:
authorDavid Kalnischkies <david@kalnischkies.de>2015-10-13 11:37:39 +0200
committerDavid Kalnischkies <david@kalnischkies.de>2015-11-04 18:04:01 +0100
commitf18f2338a17d3037ac0d6f81a7f1a37df6eaca01 (patch)
tree238910fae9d19be36ba3f62903eb52f28d417606 /test/integration
parentbce8e59b81e5bdfa46501c25bc1b3fca60a69cb8 (diff)
rework errors and warnings around insecure repositories
Insecure (aka unsigned) repositories are bad, period. We want to get right of them finally and as a first step we are printing scary warnings. This is already done, this commit just changes the messages to be more consistent and prevents them from being displayed if authenticity is guaranteed some other way (as indicated with trusted=yes). The idea is to first print the pure fact like "repository isn't signed" as a warning (and later as an error), while giving an explaination in a immediately following notice (which is displayed only in quiet level 0: so in interactive use, not in scripts and alike). Closes: 796549
Diffstat (limited to 'test/integration')
-rw-r--r--test/integration/framework11
-rwxr-xr-xtest/integration/test-apt-get-update-unauth-warning8
-rwxr-xr-xtest/integration/test-apt-update-ims11
-rwxr-xr-xtest/integration/test-bug-596498-trusted-unsigned-repo6
-rwxr-xr-xtest/integration/test-sourceslist-trusted-options4
5 files changed, 30 insertions, 10 deletions
diff --git a/test/integration/framework b/test/integration/framework
index a9acd83a9..b4220c8b5 100644
--- a/test/integration/framework
+++ b/test/integration/framework
@@ -1665,6 +1665,17 @@ testfailuremsg() {
testoutputequal "$COMPAREFILE" echo "$CMP"
msggroup
}
+testwarningmsg() {
+ msggroup 'testwarningmsg'
+ local CMP="$1"
+ shift
+ testwarning "$@"
+ msgtest 'Check that the output of the previous warned command has expected' 'warnings'
+ local COMPAREFILE="${TMPWORKINGDIRECTORY}/rootdir/tmp/testwarningmsg.comparefile"
+ grep '^\(W\|E\):' "${TMPWORKINGDIRECTORY}/rootdir/tmp/testwarning.output" > "$COMPAREFILE" 2>&1 || true
+ testoutputequal "$COMPAREFILE" echo "$CMP"
+ msggroup
+}
testfilestats() {
msggroup 'testfilestats'
diff --git a/test/integration/test-apt-get-update-unauth-warning b/test/integration/test-apt-get-update-unauth-warning
index b2d79eb2b..fad1cf627 100755
--- a/test/integration/test-apt-get-update-unauth-warning
+++ b/test/integration/test-apt-get-update-unauth-warning
@@ -27,8 +27,9 @@ Get:2 file:$APTARCHIVE unstable Release
Err:2 file:$APTARCHIVE unstable Release
File not found
Reading package lists...
-W: The repository 'file:$APTARCHIVE unstable Release' does not have a Release file. This is deprecated, please contact the owner of the repository.
-E: Use --allow-insecure-repositories to force the update" aptget update --no-allow-insecure-repositories
+E: The repository 'file:$APTARCHIVE unstable Release' does not have a Release file.
+N: Updating such a repository securily is impossible and therefore disabled by default.
+N: Use --allow-insecure-repositories to force an insecure update" aptget update --no-allow-insecure-repositories -q=0
# no package foo
testsuccessequal 'Listing...' apt list foo
@@ -78,7 +79,8 @@ Get:3 file:$APTARCHIVE unstable/main Sources [$(filesize 'Sources') B]
Get:4 file:$APTARCHIVE unstable/main i386 Packages [$(filesize 'Packages') B]
Get:5 file:$APTARCHIVE unstable/main Translation-en [$(filesize 'Translations') B]
Reading package lists...
-W: The repository 'file:$APTARCHIVE unstable Release' does not have a Release file. This is deprecated, please contact the owner of the repository." aptget update --allow-insecure-repositories
+W: The repository 'file:$APTARCHIVE unstable Release' does not have a Release file.
+N: Data from such a repository can not be authenticated and is therefore potentially dangerous to use." aptget update --allow-insecure-repositories -q=0
# ensure we can not install the package
testfailureequal "WARNING: The following packages cannot be authenticated!
foo
diff --git a/test/integration/test-apt-update-ims b/test/integration/test-apt-update-ims
index bc7a2b1bf..3a66a546f 100755
--- a/test/integration/test-apt-update-ims
+++ b/test/integration/test-apt-update-ims
@@ -37,7 +37,7 @@ runtest() {
# check that I-M-S header is kept in redirections
echo "$EXPECT" | sed -e 's#(invalid since [^)]\+)#(invalid since)#' > expected.output
- $TEST aptget update -o Debug::pkgAcquire::Worker=0 -o Debug::Acquire::http=0
+ $TEST aptget update -o Debug::pkgAcquire::Worker=0 -o Debug::Acquire::http=0 -q=0
sed -i -e 's#(invalid since [^)]\+)#(invalid since)#' rootdir/tmp/${TEST}.output
testequal "$(cat expected.output)" cat rootdir/tmp/${TEST}.output
testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
@@ -80,7 +80,8 @@ Hit:2 http://localhost:${APTHTTPPORT} unstable Release
Ign:3 http://localhost:${APTHTTPPORT} unstable Release.gpg
404 Not Found
Reading package lists...
-W: The data from 'http://localhost:${APTHTTPPORT} unstable Release' is not signed. Packages from that repository can not be authenticated."
+W: The repository 'http://localhost:${APTHTTPPORT} unstable Release' is not signed.
+N: Data from such a repository can not be authenticated and is therefore potentially dangerous to use."
find aptarchive -name 'Release.gpg' -delete
echo 'Acquire::GzipIndexes "0";' > rootdir/etc/apt/apt.conf.d/02compressindex
runtest 'warning'
@@ -123,7 +124,8 @@ Hit:2 http://localhost:${APTHTTPPORT} unstable Release
Ign:3 http://localhost:${APTHTTPPORT} unstable Release.gpg
404 Not Found
Reading package lists...
-W: The data from 'http://localhost:${APTHTTPPORT} unstable Release' is not signed. Packages from that repository can not be authenticated.
+W: The repository 'http://localhost:${APTHTTPPORT} unstable Release' is not signed.
+N: Data from such a repository can not be authenticated and is therefore potentially dangerous to use.
E: Release file for http://localhost:${APTHTTPPORT}/dists/unstable/Release is expired (invalid since). Updates for this repository will not be applied."
find aptarchive -name 'Release.gpg' -delete
echo 'Acquire::GzipIndexes "0";' > rootdir/etc/apt/apt.conf.d/02compressindex
@@ -159,7 +161,8 @@ Hit:3 http://localhost:${APTHTTPPORT} unstable/main Sources
Hit:4 http://localhost:${APTHTTPPORT} unstable/main amd64 Packages
Hit:5 http://localhost:${APTHTTPPORT} unstable/main Translation-en
Reading package lists...
-W: The repository 'http://localhost:${APTHTTPPORT} unstable Release' does not have a Release file. This is deprecated, please contact the owner of the repository."
+W: The repository 'http://localhost:${APTHTTPPORT} unstable Release' does not have a Release file.
+N: Data from such a repository can not be authenticated and is therefore potentially dangerous to use."
find aptarchive -name '*Release*' -delete
echo 'Acquire::GzipIndexes "0";
Acquire::PDiffs "0";' > rootdir/etc/apt/apt.conf.d/02compressindex
diff --git a/test/integration/test-bug-596498-trusted-unsigned-repo b/test/integration/test-bug-596498-trusted-unsigned-repo
index 94f280b81..a9e894bc9 100755
--- a/test/integration/test-bug-596498-trusted-unsigned-repo
+++ b/test/integration/test-bug-596498-trusted-unsigned-repo
@@ -8,6 +8,7 @@ configarchitecture 'i386'
buildsimplenativepackage 'cool' 'i386' '1.0' 'unstable'
+msgmsg 'default setup'
setupaptarchive
aptgetupdate() {
@@ -28,6 +29,7 @@ testsuccessequal "$PKGTEXT
$DOWNLOG
Download complete and in download only mode" aptget install cool --assume-no -d --allow-unauthenticated
+msgmsg 'sources marked trusted=no'
sed -i -e 's#\(deb\(-src\)\?\) #\1 [trusted=no] #' $DEBFILE
aptgetupdate 'testsuccess'
@@ -47,6 +49,7 @@ Download complete and in download only mode" aptget install cool:i386 --assume-n
configarchitecture 'i386'
find aptarchive/ \( -name 'Release.gpg' -o -name 'InRelease' \) -delete
+msgmsg 'unsigned repo'
sed -i -e 's#\(deb\(-src\)\?\) \[trusted=no\] #\1 #' $DEBFILE
aptgetupdate
@@ -63,8 +66,9 @@ Authentication warning overridden.
$DOWNLOG
Download complete and in download only mode" aptget install cool --assume-no -d --allow-unauthenticated
+msgmsg 'sources marked trusted=yes'
sed -i -e 's#\(deb\(-src\)\?\) #\1 [trusted=yes] #' $DEBFILE
-aptgetupdate
+aptgetupdate 'testsuccess'
testsuccessequal "$PKGTEXT
$DOWNLOG
diff --git a/test/integration/test-sourceslist-trusted-options b/test/integration/test-sourceslist-trusted-options
index 86036e242..78c705b0f 100755
--- a/test/integration/test-sourceslist-trusted-options
+++ b/test/integration/test-sourceslist-trusted-options
@@ -109,7 +109,7 @@ everythingsucceeds -t testing
msgmsg 'Test with trusted=yes option and good and unsigned sources'
cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
sed -i 's#^deb\(-src\)\? #deb\1 [trusted=yes] #' rootdir/etc/apt/sources.list.d/*
-aptgetupdate 'testwarning'
+aptgetupdate
everythingsucceeds
everythingsucceeds -t stable
everythingsucceeds -t testing
@@ -187,7 +187,7 @@ everythingfails -t testing
msgmsg 'Test with trusted=yes option and unsigned and good sources'
cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
sed -i 's#^deb\(-src\)\? #deb\1 [trusted=yes] #' rootdir/etc/apt/sources.list.d/*
-aptgetupdate 'testwarning'
+aptgetupdate
everythingsucceeds
everythingsucceeds -t stable
everythingsucceeds -t testing