diff options
Diffstat (limited to 'test/integration')
-rw-r--r-- | test/integration/framework | 25 | ||||
-rwxr-xr-x | test/integration/run-tests | 3 | ||||
-rwxr-xr-x | test/integration/test-apt-cdrom | 2 | ||||
-rwxr-xr-x | test/integration/test-apt-get-download | 2 | ||||
-rwxr-xr-x | test/integration/test-cve-2013-1051-InRelease-parsing | 61 | ||||
-rwxr-xr-x | test/integration/test-ubuntu-bug-784473-InRelease-one-message-only | 14 |
6 files changed, 98 insertions, 9 deletions
diff --git a/test/integration/framework b/test/integration/framework index 11f1c7be2..9b01c3161 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -1,5 +1,7 @@ #!/bin/sh -- # no runable script, just for vi +EXIT_CODE=0 + # we all like colorful messages if expr match "$(readlink -f /proc/$$/fd/1)" '/dev/pts/[0-9]\+' > /dev/null && \ expr match "$(readlink -f /proc/$$/fd/2)" '/dev/pts/[0-9]\+' > /dev/null; then @@ -36,7 +38,7 @@ msgtest() { } msgpass() { echo "${CPASS}PASS${CNORMAL}" >&2; } msgskip() { echo "${CWARNING}SKIP${CNORMAL}" >&2; } -msgfail() { echo "${CFAIL}FAIL${CNORMAL}" >&2; } +msgfail() { echo "${CFAIL}FAIL${CNORMAL}" >&2; EXIT_CODE=$((EXIT_CODE+1)); } # enable / disable Debugging MSGLEVEL=${MSGLEVEL:-3} @@ -113,9 +115,18 @@ gdb() { APT_CONFIG=aptconfig.conf LD_LIBRARY_PATH=${BUILDDIRECTORY} $(which gdb) ${BUILDDIRECTORY}/$1 } +exitwithstatus() { + # error if we about to overflow, but ... + # "255 failures ought to be enough for everybody" + if [ $EXIT_CODE -gt 255 ]; then + msgdie "Total failure count $EXIT_CODE too big" + fi + exit $((EXIT_CODE <= 255 ? EXIT_CODE : 255)); +} + addtrap() { CURRENTTRAP="$CURRENTTRAP $1" - trap "$CURRENTTRAP exit;" 0 HUP INT QUIT ILL ABRT FPE SEGV PIPE TERM + trap "$CURRENTTRAP exitwithstatus;" 0 HUP INT QUIT ILL ABRT FPE SEGV PIPE TERM } setupenvironment() { @@ -328,9 +339,15 @@ Package: $NAME" >> ${BUILDDIR}/debian/control fi echo '3.0 (native)' > ${BUILDDIR}/debian/source/format - local SRCS="$( (cd ${BUILDDIR}/..; dpkg-source -b ${NAME}-${VERSION} 2>&1) | grep '^dpkg-source: info: building' | grep -o '[a-z0-9._+~-]*$')" - for SRC in $SRCS; do + (cd ${BUILDDIR}/..; dpkg-source -b ${NAME}-${VERSION} 2>&1) | sed -n 's#^dpkg-source: info: building [^ ]\+ in ##p' \ + | while read SRC; do echo "pool/${SRC}" >> ${BUILDDIR}/../${RELEASE}.${DISTSECTION}.srclist +# if expr match "${SRC}" '.*\.dsc' >/dev/null 2>&1; then +# gpg --yes --no-default-keyring --secret-keyring ./keys/joesixpack.sec \ +# --keyring ./keys/joesixpack.pub --default-key 'Joe Sixpack' \ +# --clearsign -o "${BUILDDIR}/../${SRC}.sign" "${BUILDDIR}/../$SRC" +# mv "${BUILDDIR}/../${SRC}.sign" "${BUILDDIR}/../$SRC" +# fi done for arch in $(echo "$ARCH" | sed -e 's#,#\n#g' | sed -e "s#^native\$#$(getarchitecture 'native')#"); do diff --git a/test/integration/run-tests b/test/integration/run-tests index 75f2ad662..18474b20f 100755 --- a/test/integration/run-tests +++ b/test/integration/run-tests @@ -37,4 +37,5 @@ for testcase in $(run-parts --list $DIR | grep '/test-'); do done echo "failures: $FAIL" -exit $FAIL +# ensure we don't overflow +exit $((FAIL <= 255 ? FAIL : 255)) diff --git a/test/integration/test-apt-cdrom b/test/integration/test-apt-cdrom index f24c99b36..f1c4fd9d3 100755 --- a/test/integration/test-apt-cdrom +++ b/test/integration/test-apt-cdrom @@ -24,6 +24,8 @@ cat Translation-de | xz --format=lzma > Translation-de.lzma cat Translation-de | xz > Translation-de.xz rm Translation-en Translation-de cd - > /dev/null +addtrap "chmod -R +w $PWD/rootdir/media/cdrom/dists/;" +chmod -R -w rootdir/media/cdrom/dists aptcdrom add -m -o quiet=1 > apt-cdrom.log 2>&1 sed -i -e '/^Using CD-ROM/ d' -e '/gpgv/ d' -e '/^Identifying/ d' -e '/Reading / d' apt-cdrom.log diff --git a/test/integration/test-apt-get-download b/test/integration/test-apt-get-download index b164f7dba..420b2e380 100755 --- a/test/integration/test-apt-get-download +++ b/test/integration/test-apt-get-download @@ -26,7 +26,7 @@ testdownload apt_1.0_all.deb apt stable testdownload apt_2.0_all.deb apt DEBFILE="$(readlink -f aptarchive)/pool/apt_2.0_all.deb" -testequal "'file://${DEBFILE}' apt_2.0_all.deb $(stat -c%s $DEBFILE) sha256:$(sha256sum $DEBFILE | cut -d' ' -f 1)" aptget download apt --print-uris +testequal "'file://${DEBFILE}' apt_2.0_all.deb $(stat -c%s $DEBFILE) sha512:$(sha512sum $DEBFILE | cut -d' ' -f 1)" aptget download apt --print-uris # deb:677887 testequal "E: Can't find a source to download version '1.0' of 'vrms:i386'" aptget download vrms diff --git a/test/integration/test-cve-2013-1051-InRelease-parsing b/test/integration/test-cve-2013-1051-InRelease-parsing new file mode 100755 index 000000000..bd68fccf6 --- /dev/null +++ b/test/integration/test-cve-2013-1051-InRelease-parsing @@ -0,0 +1,61 @@ +#!/bin/sh +set -e + +TESTDIR=$(readlink -f $(dirname $0)) +. $TESTDIR/framework + +setupenvironment +configarchitecture 'i386' + +insertpackage 'stable' 'good-pkg' 'all' '1.0' + +setupaptarchive + +changetowebserver +ARCHIVE='http://localhost/' +msgtest 'Initial apt-get update should work with' 'InRelease' +aptget update -qq && msgpass || msgfail + +# check that the setup is correct +testequal "good-pkg: + Installed: (none) + Candidate: 1.0 + Version table: + 1.0 0 + 500 ${ARCHIVE} stable/main i386 Packages" aptcache policy good-pkg + +# now exchange to the Packages file, note that this could be +# done via MITM too +insertpackage 'stable' 'bad-mitm' 'all' '1.0' + +# this builds compressed files and a new (unsigned) Release +buildaptarchivefromfiles '+1hour' + +# add a space into the BEGIN PGP SIGNATURE PART/END PGP SIGNATURE part +# to trick apt - this is still legal to gpg(v) +sed -i '/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ s/^$/ /g' aptarchive/dists/stable/InRelease + +# we append the (evil unsigned) Release file to the (good signed) InRelease +cat aptarchive/dists/stable/Release >> aptarchive/dists/stable/InRelease + + +# ensure the update fails +# useful for debugging to add "-o Debug::pkgAcquire::auth=true" +msgtest 'apt-get update for should fail with the modified' 'InRelease' +aptget update 2>&1 | grep -q 'Hash Sum mismatch' > /dev/null && msgpass || msgfail + +# ensure there is no package +testequal 'Reading package lists... +Building dependency tree... +E: Unable to locate package bad-mitm' aptget install bad-mitm -s + +# and verify that its not picked up +testequal 'N: Unable to locate package bad-mitm' aptcache policy bad-mitm -q=0 + +# and that the right one is used +testequal "good-pkg: + Installed: (none) + Candidate: 1.0 + Version table: + 1.0 0 + 500 ${ARCHIVE} stable/main i386 Packages" aptcache policy good-pkg diff --git a/test/integration/test-ubuntu-bug-784473-InRelease-one-message-only b/test/integration/test-ubuntu-bug-784473-InRelease-one-message-only index d97011914..fad5488fb 100755 --- a/test/integration/test-ubuntu-bug-784473-InRelease-one-message-only +++ b/test/integration/test-ubuntu-bug-784473-InRelease-one-message-only @@ -26,6 +26,14 @@ MD5Sum: 2182897e0a2a0c09e760beaae117a015 2023 Packages.diff/Index 1b895931853981ad8204d2439821b999 4144 Packages.gz'; echo; cat ${RELEASE}.old;) > ${RELEASE} done -aptget update -qq > /dev/null 2> starts-with-unsigned.msg -sed -i 's#File .*InRelease#File InRelease#' starts-with-unsigned.msg -testfileequal starts-with-unsigned.msg "W: GPG error: file: unstable InRelease: File InRelease doesn't start with a clearsigned message" + +msgtest 'The unsigned garbage before signed block is' 'ignored' +aptget update -qq > /dev/null 2>&1 && msgpass || msgfail + +ROOTDIR="$(readlink -f .)" +testequal "Package files: + 100 ${ROOTDIR}/rootdir/var/lib/dpkg/status + release a=now + 500 file:${ROOTDIR}/aptarchive/ unstable/main i386 Packages + release a=unstable,n=unstable,c=main +Pinned packages:" aptcache policy |