diff options
Diffstat (limited to 'test/integration/framework')
| -rw-r--r-- | test/integration/framework | 147 |
1 files changed, 93 insertions, 54 deletions
diff --git a/test/integration/framework b/test/integration/framework index 7923e23d9..a8d6bf3d0 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -43,10 +43,16 @@ msgtest() { printf "…${CNORMAL} " } msgpass() { printf "${CPASS}PASS${CNORMAL}\n"; } -msgskip() { printf "${CWARNING}SKIP${CNORMAL}\n" >&2; } +msgskip() { + if [ $# -gt 0 ]; then printf "${CWARNING}SKIP: $*${CNORMAL}\n" >&2; + else printf "${CWARNING}SKIP${CNORMAL}\n" >&2; fi +} msgfail() { if [ $# -gt 0 ]; then printf "${CFAIL}FAIL: $*${CNORMAL}\n" >&2; else printf "${CFAIL}FAIL${CNORMAL}\n" >&2; fi + if [ -n "$APT_DEBUG_TESTS" ]; then + bash + fi EXIT_CODE=$((EXIT_CODE+1)); } @@ -102,10 +108,10 @@ runapt() { local CMD="$1" shift case $CMD in - sh|aptitude|*/*) ;; + sh|aptitude|*/*|command) ;; *) CMD="${BUILDDIRECTORY}/$CMD";; esac - MALLOC_PERTURB_=21 MALLOC_CHECK_=2 APT_CONFIG="$(getaptconfig)" LD_LIBRARY_PATH=${BUILDDIRECTORY} $CMD "$@" + MALLOC_PERTURB_=21 MALLOC_CHECK_=2 APT_CONFIG="$(getaptconfig)" LD_LIBRARY_PATH=${LIBRARYPATH} $CMD "$@" } aptconfig() { runapt apt-config "$@"; } aptcache() { runapt apt-cache "$@"; } @@ -129,18 +135,9 @@ dpkgcheckbuilddeps() { command dpkg-checkbuilddeps --admindir=${TMPWORKINGDIRECTORY}/rootdir/var/lib/dpkg "$@" } gdb() { - echo "gdb: run »$*«" - CMD="$1" + local CMD="$1" shift - - APT_CONFIG=aptconfig.conf LD_LIBRARY_PATH=${LIBRARYPATH} command gdb ${BUILDDIRECTORY}/$CMD --args ${BUILDDIRECTORY}/$CMD "$@" -} -gpg() { - # see apt-key for the whole trickery. Setup is done in setupenvironment - command gpg --ignore-time-conflict --no-options --no-default-keyring \ - --homedir "${TMPWORKINGDIRECTORY}/gnupghome" \ - --no-auto-check-trustdb --trust-model always \ - "$@" + runapt command gdb --quiet -ex run "${BUILDDIRECTORY}/$CMD" --args "${BUILDDIRECTORY}/$CMD" "$@" } exitwithstatus() { @@ -173,9 +170,16 @@ addtrap() { setupenvironment() { TMPWORKINGDIRECTORY=$(mktemp -d) - TESTDIRECTORY=$(readlink -f $(dirname $0)) + addtrap "cd /; rm -rf $TMPWORKINGDIRECTORY;" msgninfo "Preparing environment for ${CCMD}$(basename $0)${CINFO} in ${TMPWORKINGDIRECTORY}… " + if [ "$(id -u)" = '0' ]; then + # relax permissions so that running as root with user switching works + umask 022 + chmod o+rx "$TMPWORKINGDIRECTORY" + fi + + TESTDIRECTORY=$(readlink -f $(dirname $0)) # allow overriding the default BUILDDIR location BUILDDIRECTORY=${APT_INTEGRATION_TESTS_BUILD_DIR:-"${TESTDIRECTORY}/../../build/bin"} LIBRARYPATH=${APT_INTEGRATION_TESTS_LIBRARY_PATH:-"${BUILDDIRECTORY}"} @@ -186,12 +190,11 @@ setupenvironment() { test -x "${BUILDDIRECTORY}/apt-get" || msgdie "You need to build tree first" # ----- - addtrap "cd /; rm -rf $TMPWORKINGDIRECTORY;" cd $TMPWORKINGDIRECTORY mkdir rootdir aptarchive keys cd rootdir mkdir -p etc/apt/apt.conf.d etc/apt/sources.list.d etc/apt/trusted.gpg.d etc/apt/preferences.d - mkdir -p var/cache var/lib/apt var/log tmp + mkdir -p usr/bin var/cache var/lib/apt var/log tmp mkdir -p var/lib/dpkg/info var/lib/dpkg/updates var/lib/dpkg/triggers touch var/lib/dpkg/available mkdir -p usr/lib/apt @@ -219,12 +222,23 @@ setupenvironment() { cp "${TESTDIRECTORY}/${SOURCESSFILE}" aptarchive/Sources fi cp $(find $TESTDIRECTORY -name '*.pub' -o -name '*.sec') keys/ + chmod 644 $(find keys -name '*.pub' -o -name '*.sec') ln -s ${TMPWORKINGDIRECTORY}/keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg + echo "Dir \"${TMPWORKINGDIRECTORY}/rootdir\";" > aptconfig.conf echo "Dir::state::status \"${TMPWORKINGDIRECTORY}/rootdir/var/lib/dpkg/status\";" >> aptconfig.conf echo "Debug::NoLocking \"true\";" >> aptconfig.conf echo "APT::Get::Show-User-Simulation-Note \"false\";" >> aptconfig.conf echo "Dir::Bin::Methods \"${METHODSDIR}\";" >> aptconfig.conf + # store apt-key were we can access it, even if we run it as a different user + # destroys coverage reporting though, so just do it for root for now + if [ "$(id -u)" = '0' ]; then + cp "${BUILDDIRECTORY}/apt-key" "${TMPWORKINGDIRECTORY}/rootdir/usr/bin/" + chmod o+rx "${TMPWORKINGDIRECTORY}/rootdir/usr/bin/apt-key" + echo "Dir::Bin::apt-key \"${TMPWORKINGDIRECTORY}/rootdir/usr/bin/apt-key\";" >> aptconfig.conf + else + echo "Dir::Bin::apt-key \"${BUILDDIRECTORY}/apt-key\";" >> aptconfig.conf + fi echo "Dir::Bin::dpkg \"fakeroot\";" >> aptconfig.conf echo "DPKG::options:: \"dpkg\";" >> aptconfig.conf echo "DPKG::options:: \"--root=${TMPWORKINGDIRECTORY}/rootdir\";" >> aptconfig.conf @@ -235,25 +249,28 @@ setupenvironment() { fi echo "DPKG::options:: \"--log=${TMPWORKINGDIRECTORY}/rootdir/var/log/dpkg.log\";" >> aptconfig.conf echo 'quiet::NoUpdate "true";' >> aptconfig.conf - echo "Acquire::https::CaInfo \"${TESTDIR}/apt.pem\";" > rootdir/etc/apt/apt.conf.d/99https - echo "Apt::Cmd::Disable-Script-Warning \"1\";" > rootdir/etc/apt/apt.conf.d/apt-binary + echo 'quiet::NoStatistic "true";' >> aptconfig.conf + # too distracting for users, but helpful to detect changes + echo 'Acquire::Progress::Ignore::ShowErrorText "true";' >> aptconfig.conf + # in testcases, it can appear as if localhost has a rotation setup, + # hide this as we can't really deal with it properly + echo 'Acquire::Failure::ShowIP "false";' >> aptconfig.conf + + cp "${TESTDIRECTORY}/apt.pem" "${TMPWORKINGDIRECTORY}/rootdir/etc/webserver.pem" + if [ "$(id -u)" = '0' ]; then + chown _apt:root "${TMPWORKINGDIRECTORY}/rootdir/etc/webserver.pem" + fi + echo "Acquire::https::CaInfo \"${TMPWORKINGDIRECTORY}/rootdir/etc/webserver.pem\";" > rootdir/etc/apt/apt.conf.d/99https + echo "Apt::Cmd::Disable-Script-Warning \"1\";" > rootdir/etc/apt/apt.conf.d/apt-binary configcompression '.' 'gz' #'bz2' 'lzma' 'xz' - # gpg needs a trustdb to function, but it can't be invalid (not even empty) - # see also apt-key where this trickery comes from: - local TRUSTDBDIR="${TMPWORKINGDIRECTORY}/gnupghome" - mkdir "$TRUSTDBDIR" - chmod 700 "$TRUSTDBDIR" - # We also don't use a secret keyring, of course, but gpg panics and - # implodes if there isn't one available - and writeable for imports - local SECRETKEYRING="${TRUSTDBDIR}/secring.gpg" - touch $SECRETKEYRING - # now create the trustdb with an (empty) dummy keyring - # newer gpg versions are fine without it, but play it safe for now - gpg --quiet --check-trustdb --secret-keyring $SECRETKEYRING --keyring $SECRETKEYRING >/dev/null 2>&1 + # Acquire::AllowInsecureRepositories=false is not yet the default + # but we want it to be the default soon + configallowinsecurerepositories "false"; # cleanup the environment a bit - export PATH="${PATH}:/usr/local/sbin:/usr/sbin:/sbin" + # prefer our apt binaries over the system apt binaries + export PATH="${BUILDDIRECTORY}:${PATH}:/usr/local/sbin:/usr/sbin:/sbin" export LC_ALL=C.UTF-8 unset LANGUAGE APT_CONFIG unset GREP_OPTIONS DEB_BUILD_PROFILES @@ -325,6 +342,11 @@ configdpkg() { fi } +configallowinsecurerepositories() { + echo "Acquire::AllowInsecureRepositories \"$1\";" > rootdir/etc/apt/apt.conf.d/allow-insecure-repositories.conf + +} + configcompression() { while [ -n "$1" ]; do case "$1" in @@ -478,8 +500,8 @@ Package: $NAME" >> ${BUILDDIR}/debian/control | while read SRC; do echo "pool/${SRC}" >> ${BUILDDIR}/../${RELEASE}.${DISTSECTION}.srclist # if expr match "${SRC}" '.*\.dsc' >/dev/null 2>&1; then -# gpg --yes --secret-keyring ./keys/joesixpack.sec \ -# --keyring ./keys/joesixpack.pub --default-key 'Joe Sixpack' \ +# aptkey --keyring ./keys/joesixpack.pub --secret-keyring ./keys/joesixpack.sec --quiet --readonly \ +# adv --yes --default-key 'Joe Sixpack' \ # --clearsign -o "${BUILDDIR}/../${SRC}.sign" "${BUILDDIR}/../$SRC" # mv "${BUILDDIR}/../${SRC}.sign" "${BUILDDIR}/../$SRC" # fi @@ -733,7 +755,7 @@ buildaptarchivefromincoming() { aptftparchive -qq generate ftparchive.conf cd - > /dev/null msgdone "info" - generatereleasefiles + generatereleasefiles "$@" } buildaptarchivefromfiles() { @@ -848,24 +870,29 @@ setupflataptarchive() { } setupaptarchive() { - buildaptarchive + local NOUPDATE=0 + if [ "$1" = '--no-update' ]; then + NOUPDATE=1 + shift + fi + buildaptarchive "$@" if [ -e aptarchive/dists ]; then setupdistsaptarchive else setupflataptarchive fi - signreleasefiles - if [ "$1" != '--no-update' ]; then - msgninfo "\tSync APT's cache with the archive… " - aptget update -qq - msgdone "info" + signreleasefiles 'Joe Sixpack' + if [ "1" != "$NOUPDATE" ]; then + testsuccess aptget update -o Debug::pkgAcquire::Worker=true -o Debug::Acquire::gpgv=true fi } signreleasefiles() { local SIGNER="${1:-Joe Sixpack}" - local GPG="gpg --batch --yes" - msgninfo "\tSign archive with $SIGNER key… " + local REPODIR="${2:-aptarchive}" + local KEY="keys/$(echo "$SIGNER" | tr 'A-Z' 'a-z' | sed 's# ##g')" + local GPG="aptkey --quiet --keyring ${KEY}.pub --secret-keyring ${KEY}.sec --readonly adv --batch --yes" + msgninfo "\tSign archive with $SIGNER key $KEY… " local REXKEY='keys/rexexpired' local SECEXPIREBAK="${REXKEY}.sec.bak" local PUBEXPIREBAK="${REXKEY}.pub.bak" @@ -881,18 +908,15 @@ signreleasefiles() { cp $SECUNEXPIRED ${REXKEY}.sec cp $PUBUNEXPIRED ${REXKEY}.pub else - printf "expire\n1w\nsave\n" | $GPG --keyring ${REXKEY}.pub --secret-keyring ${REXKEY}.sec --command-fd 0 --edit-key "${SIGNER}" >/dev/null 2>&1 || true + if ! printf "expire\n1w\nsave\n" | $GPG --default-key "$SIGNER" --command-fd 0 --edit-key "${SIGNER}" >setexpire.gpg 2>&1; then + cat setexpire.gpg + exit 1 + fi cp ${REXKEY}.sec $SECUNEXPIRED cp ${REXKEY}.pub $PUBUNEXPIRED fi fi - for KEY in $(find keys/ -name '*.sec'); do - GPG="$GPG --secret-keyring $KEY" - done - for KEY in $(find keys/ -name '*.pub'); do - GPG="$GPG --keyring $KEY" - done - for RELEASE in $(find aptarchive/ -name Release); do + for RELEASE in $(find ${REPODIR}/ -name Release); do $GPG --default-key "$SIGNER" --armor --detach-sign --sign --output ${RELEASE}.gpg ${RELEASE} local INRELEASE="$(echo "${RELEASE}" | sed 's#/Release$#/InRelease#')" $GPG --default-key "$SIGNER" --clearsign --output $INRELEASE $RELEASE @@ -974,7 +998,7 @@ changetohttpswebserver() { changetowebserver --no-rewrite "$@" fi echo "pid = ${TMPWORKINGDIRECTORY}/aptarchive/stunnel.pid -cert = ${TESTDIRECTORY}/apt.pem +cert = ${TMPWORKINGDIRECTORY}/rootdir/etc/webserver.pem output = /dev/null [https] @@ -1174,9 +1198,10 @@ testsuccess() { if $@ >${OUTPUT} 2>&1; then msgpass else + local EXITCODE=$? echo >&2 cat >&2 $OUTPUT - msgfail + msgfail "exitcode $EXITCODE" fi } @@ -1188,14 +1213,28 @@ testfailure() { fi local OUTPUT="${TMPWORKINGDIRECTORY}/rootdir/tmp/testfailure.output" if $@ >${OUTPUT} 2>&1; then + local EXITCODE=$? echo >&2 cat >&2 $OUTPUT - msgfail + msgfail "exitcode $EXITCODE" else msgpass fi } +testaccessrights() { + msgtest "Test that file $1 has access rights set to" "$2" + if [ "$2" = "$(stat --format '%a' "$1")" ]; then + msgpass + else + echo >&2 + ls -l >&2 "$1" + echo -n >&2 "stat(1) reports access rights: " + stat --format '%a' "$1" + msgfail + fi +} + testwebserverlaststatuscode() { local DOWNLOG='rootdir/tmp/webserverstatus-testfile.log' local STATUS='rootdir/tmp/webserverstatus-statusfile.log' |