1 files changed, 40 insertions, 0 deletions

diff --git a/test/integration/test-apt-update-weak-hashes b/test/integration/test-apt-update-weak-hashes
new file mode 100755
index 000000000..38c739099
--- /dev/null
+++ b/test/integration/test-apt-update-weak-hashes
@@ -0,0 +1,40 @@
+#!/bin/sh
+set -e
+
+TESTDIR="$(readlink -f "$(dirname "$0")")"
+. "$TESTDIR/framework"
+
+setupenvironment
+configarchitecture 'i386'
+confighashes 'MD5'
+
+insertpackage 'unstable' 'foo' 'i386' '1.0'
+insertsource 'unstable' 'foo' 'any' '1.0'
+
+setupaptarchive --no-update
+APTARCHIVE="$(readlink -f ./aptarchive)"
+
+msgmsg 'Release contains only weak hashes'
+FILENAME="${APTARCHIVE}/dists/unstable/InRelease"
+MANGLED="$(readlink -f ./rootdir)/var/lib/apt/lists/partial/$(echo "$FILENAME" | sed 's#/#_#g')"
+testfailuremsg "W: Failed to fetch file:${FILENAME}  No Hash entry in Release file ${MANGLED}, which is considered strong enough for security purposes
+E: Some index files failed to download. They have been ignored, or old ones used instead." apt update
+testnopackage foo
+testnosrcpackage foo
+
+msgmsg 'Release contains no hashes'
+sed -i -e '/^ / d' -e '/^MD5Sum:/ d' "$APTARCHIVE/dists/unstable/Release"
+signreleasefiles
+testfailuremsg "W: Failed to fetch file:${FILENAME}  No Hash entry in Release file ${MANGLED}
+E: Some index files failed to download. They have been ignored, or old ones used instead." apt update
+testnopackage foo
+testnosrcpackage foo
+
+msgmsg 'Release contains only weak hashes for some files'
+confighashes 'MD5' 'SHA256'
+generatereleasefiles
+sed -i '/^ [0-9a-fA-Z]\{64\} .*Sources$/d' "$APTARCHIVE/dists/unstable/Release"
+signreleasefiles
+testwarningmsg "W: Skipping acquire of configured file 'main/source/Sources' as repository 'file:${APTARCHIVE} unstable InRelease' provides only weak security information for it" apt update
+testsuccess apt show foo
+testnosrcpackage foo