summaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
authorDavid Kalnischkies <david@kalnischkies.de>2016-05-01 14:43:23 +0200
committerDavid Kalnischkies <david@kalnischkies.de>2016-05-01 15:50:04 +0200
commit5f17b19f8f99eb6f80a10846d5891f53c16178dc (patch)
tree2f4e25ca49f00bea59ce43393d52909e9d8a7925 /test
parent87d468fe355c87325c943c40043a0bb236b2407f (diff)
warn if apt-key is run unconditionally in maintainerscript
We want to stop hard-depending on gnupg and for this it is essential that apt-key isn't used in any critical execution path, which maintainerscript are. Especially as it is likely that these script call apt-key either only for (potentially now outdated cleanup) or still not use the much simpler trusted.gpg.d infrastructure.
Diffstat (limited to 'test')
-rwxr-xr-xtest/integration/test-apt-key-used-in-maintainerscript34
1 files changed, 34 insertions, 0 deletions
diff --git a/test/integration/test-apt-key-used-in-maintainerscript b/test/integration/test-apt-key-used-in-maintainerscript
new file mode 100755
index 000000000..e5e96963f
--- /dev/null
+++ b/test/integration/test-apt-key-used-in-maintainerscript
@@ -0,0 +1,34 @@
+#!/bin/sh
+set -e
+
+TESTDIR="$(readlink -f "$(dirname "$0")")"
+. "$TESTDIR/framework"
+
+setupenvironment
+configarchitecture 'native'
+configdpkgnoopchroot
+
+buildingpkg() {
+ local PKG="$1"
+ shift
+ setupsimplenativepackage "$PKG" 'native' '1' 'unstable' "$@"
+ BUILDDIR="incoming/${PKG}-1"
+ echo '#!/bin/sh
+apt-key list' > "${BUILDDIR}/debian/postinst"
+ buildpackage "$BUILDDIR" 'unstable' 'main' 'native'
+ rm -rf "$BUILDDIR"
+}
+buildingpkg 'aptkeyuser-nodepends' 'Depends: unrelated'
+buildingpkg 'aptkeyuser-depends' 'Depends: gnupg'
+
+setupaptarchive
+
+insertinstalledpackage 'unrelated' 'native' '1'
+insertinstalledpackage 'gnupg' 'native' '1'
+
+testsuccess apt install aptkeyuser-depends -y
+testfailure grep '^Warning: This will BREAK' rootdir/tmp/testsuccess.output
+
+testsuccess apt install aptkeyuser-nodepends -y
+cp rootdir/tmp/testsuccess.output apt.output
+testsuccess grep '^Warning: This will BREAK' apt.output