summaryrefslogtreecommitdiff
path: root/test/integration
diff options
context:
space:
mode:
Diffstat (limited to 'test/integration')
-rw-r--r--test/integration/exploid-keyring-with-dupe-keys.pubbin0 -> 3986 bytes
-rw-r--r--test/integration/exploid-keyring-with-dupe-subkeys.pubbin0 -> 2016 bytes
-rw-r--r--test/integration/framework20
-rwxr-xr-xtest/integration/skip-aptwebserver25
-rwxr-xr-xtest/integration/skip-bug-602412-dequote-redirect38
-rwxr-xr-xtest/integration/test-apt-key-net-update95
-rwxr-xr-xtest/integration/test-bug-602412-dequote-redirect29
-rwxr-xr-xtest/integration/test-bug-666772-multiarch-arch-all-build-deps118
-rwxr-xr-xtest/integration/test-ubuntu-bug-346386-apt-get-update-paywall47
9 files changed, 329 insertions, 43 deletions
diff --git a/test/integration/exploid-keyring-with-dupe-keys.pub b/test/integration/exploid-keyring-with-dupe-keys.pub
new file mode 100644
index 000000000..642952a40
--- /dev/null
+++ b/test/integration/exploid-keyring-with-dupe-keys.pub
Binary files differ
diff --git a/test/integration/exploid-keyring-with-dupe-subkeys.pub b/test/integration/exploid-keyring-with-dupe-subkeys.pub
new file mode 100644
index 000000000..02d4e6ee8
--- /dev/null
+++ b/test/integration/exploid-keyring-with-dupe-subkeys.pub
Binary files differ
diff --git a/test/integration/framework b/test/integration/framework
index 57bf555af..bec321240 100644
--- a/test/integration/framework
+++ b/test/integration/framework
@@ -690,20 +690,30 @@ signreleasefiles() {
}
changetowebserver() {
- if which weborf > /dev/null; then
- weborf -xb aptarchive/ 2>&1 > /dev/null &
+ if [ -n "$1" ] && ! test -x ${BUILDDIRECTORY}/aptwebserver; then
+ msgdie 'Need the aptwebserver when passing arguments'
+ fi
+
+ local LOG='/dev/null'
+ if test -x ${BUILDDIRECTORY}/aptwebserver; then
+ cd aptarchive
+ LD_LIBRARY_PATH=${BUILDDIRECTORY} ${BUILDDIRECTORY}/aptwebserver $@ 2> $LOG > $LOG &
+ addtrap "kill $!;"
+ cd - > /dev/null
+ elif which weborf > /dev/null; then
+ weborf -xb aptarchive/ 2> $LOG > $LOG &
addtrap "kill $!;"
elif which gatling > /dev/null; then
cd aptarchive
- gatling -p 8080 -F -S 2>&1 > /dev/null &
+ gatling -p 8080 -F -S 2> $LOG > $LOG &
addtrap "kill $!;"
cd - > /dev/null
elif which lighttpd > /dev/null; then
echo "server.document-root = \"$(readlink -f ./aptarchive)\"
server.port = 8080
server.stat-cache-engine = \"disable\"" > lighttpd.conf
- lighttpd -t -f lighttpd.conf >/dev/null || msgdie 'Can not change to webserver: our lighttpd config is invalid'
- lighttpd -D -f lighttpd.conf 2>/dev/null >/dev/null &
+ lighttpd -t -f lighttpd.conf 2> $LOG > $LOG || msgdie 'Can not change to webserver: our lighttpd config is invalid'
+ lighttpd -D -f lighttpd.conf 2> $LOG > $LOG &
addtrap "kill $!;"
else
msgdie 'You have to install weborf or lighttpd first'
diff --git a/test/integration/skip-aptwebserver b/test/integration/skip-aptwebserver
new file mode 100755
index 000000000..0622941ce
--- /dev/null
+++ b/test/integration/skip-aptwebserver
@@ -0,0 +1,25 @@
+#!/bin/sh
+set -e
+
+TESTDIR=$(readlink -f $(dirname $0))
+. $TESTDIR/framework
+
+setupenvironment
+configarchitecture 'amd64'
+
+buildsimplenativepackage 'apt' 'all' '1.0' 'stable'
+
+setupaptarchive
+changetowebserver
+
+rm -rf rootdir/var/lib/apt/lists
+aptget update -qq
+testequal 'Hit http://localhost stable InRelease
+Hit http://localhost stable/main Sources
+Hit http://localhost stable/main amd64 Packages
+Hit http://localhost stable/main Translation-en
+Reading package lists...' aptget update
+
+mv rootdir/var/lib/apt/lists/localhost* rootdir/var/lib/apt/lists/partial
+aptget update
+
diff --git a/test/integration/skip-bug-602412-dequote-redirect b/test/integration/skip-bug-602412-dequote-redirect
deleted file mode 100755
index 689b671ce..000000000
--- a/test/integration/skip-bug-602412-dequote-redirect
+++ /dev/null
@@ -1,38 +0,0 @@
-#!/bin/sh
-set -e
-
-TESTDIR=$(readlink -f $(dirname $0))
-. $TESTDIR/framework
-setupenvironment
-configarchitecture 'i386'
-
-if ! which lighttpd > /dev/null; then
- msgdie 'You need lighttpd for this testcase, sorry…'
- exit 1
-fi
-
-buildsimplenativepackage 'unrelated' 'all' '0.5~squeeze1' 'unstable'
-
-setupaptarchive
-
-echo "server.modules = ( \"mod_redirect\" )
-server.document-root = \"$(readlink -f ./aptarchive)\"
-server.port = 8080
-server.stat-cache-engine = \"disable\"
-url.redirect = ( \"^/pool/(.*)$\" => \"/newpool/\$1\",
- \"^/dists/(.*)$\" => \"/newdists/\$1\" )" > lighttpd.conf
-
-mv aptarchive/pool aptarchive/newpool
-mv aptarchive/dists aptarchive/newdists
-
-lighttpd -t -f lighttpd.conf >/dev/null || msgdie 'Can not change to webserver: our lighttpd config is invalid'
-lighttpd -D -f lighttpd.conf 2>/dev/null >/dev/null &
-addtrap "kill $!;"
-
-APTARCHIVE="file://$(readlink -f ./aptarchive)"
-for LIST in $(find rootdir/etc/apt/sources.list.d/ -name 'apt-test-*.list'); do
- sed -i $LIST -e "s#$APTARCHIVE#http://localhost:8080/#"
-done
-
-aptget update || msgdie 'apt-get update failed'
-aptget install unrelated --download-only || msgdie 'downloading package failed'
diff --git a/test/integration/test-apt-key-net-update b/test/integration/test-apt-key-net-update
new file mode 100755
index 000000000..d5205836f
--- /dev/null
+++ b/test/integration/test-apt-key-net-update
@@ -0,0 +1,95 @@
+#!/bin/sh
+set -e
+
+TESTDIR=$(readlink -f $(dirname $0))
+. $TESTDIR/framework
+
+setupenvironment
+configarchitecture "i386"
+
+# mock
+requires_root() {
+ return 0
+}
+
+# extract net_update() and import it
+func=$( sed -n -e '/^add_keys_with_verify_against_master_keyring/,/^}/p' ${BUILDDIRECTORY}/apt-key )
+eval "$func"
+
+mkdir -p ./etc/apt
+TRUSTEDFILE=./etc/apt/trusted.gpg
+mkdir -p ./var/lib/apt/keyrings
+TMP_KEYRING=./var/lib/apt/keyrings/maybe-import-keyring.gpg
+GPG_CMD="gpg --ignore-time-conflict --no-options --no-default-keyring"
+GPG="$GPG_CMD --keyring $TRUSTEDFILE"
+MASTER_KEYRING=/usr/share/keyrings/ubuntu-master-keyring.gpg
+
+
+msgtest "add_keys_with_verify_against_master_keyring"
+if [ ! -e $MASTER_KEYRING ]; then
+ echo -n "No $MASTER_KEYRING found"
+ msgskip
+ exit 0
+fi
+
+# test bad keyring and ensure its not added (LP: #857472)
+ADD_KEYRING=./keys/exploid-keyring-with-dupe-keys.pub
+if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then
+ msgfail
+else
+ msgpass
+fi
+
+# ensure the keyring is still empty
+gpg_out=$($GPG --list-keys)
+msgtest "Test if keyring is empty"
+if [ -n "" ]; then
+ msgfail
+else
+ msgpass
+fi
+
+
+# test another possible attack vector using subkeys (LP: #1013128)
+msgtest "add_keys_with_verify_against_master_keyring with subkey attack"
+ADD_KEYRING=./keys/exploid-keyring-with-dupe-subkeys.pub
+if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then
+ msgfail
+else
+ msgpass
+fi
+
+# ensure the keyring is still empty
+gpg_out=$($GPG --list-keys)
+msgtest "Test if keyring is empty"
+if [ -n "" ]; then
+ msgfail
+else
+ msgpass
+fi
+
+
+# test good keyring and ensure we get no errors
+ADD_KEYRING=/usr/share/keyrings/ubuntu-archive-keyring.gpg
+if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then
+ msgpass
+else
+ msgfail
+fi
+
+testequal './etc/apt/trusted.gpg
+---------------------
+pub 1024D/437D05B5 2004-09-12
+uid Ubuntu Archive Automatic Signing Key <ftpmaster@ubuntu.com>
+sub 2048g/79164387 2004-09-12
+
+pub 1024D/FBB75451 2004-12-30
+uid Ubuntu CD Image Automatic Signing Key <cdimage@ubuntu.com>
+
+pub 4096R/C0B21F32 2012-05-11
+uid Ubuntu Archive Automatic Signing Key (2012) <ftpmaster@ubuntu.com>
+
+pub 4096R/EFE21092 2012-05-11
+uid Ubuntu CD Image Automatic Signing Key (2012) <cdimage@ubuntu.com>
+' $GPG --list-keys
+
diff --git a/test/integration/test-bug-602412-dequote-redirect b/test/integration/test-bug-602412-dequote-redirect
new file mode 100755
index 000000000..f1e67c6d8
--- /dev/null
+++ b/test/integration/test-bug-602412-dequote-redirect
@@ -0,0 +1,29 @@
+#!/bin/sh
+set -e
+
+TESTDIR=$(readlink -f $(dirname $0))
+. $TESTDIR/framework
+setupenvironment
+configarchitecture 'amd64'
+
+buildsimplenativepackage 'unrelated' 'all' '0.5~squeeze1' 'unstable'
+
+setupaptarchive
+changetowebserver -o aptwebserver::redirect::replace::/pool/=/newpool/ \
+ -o aptwebserver::redirect::replace::/dists/=/newdists/
+
+mv aptarchive/pool aptarchive/newpool
+mv aptarchive/dists aptarchive/newdists
+
+msgtest 'Test redirection works in' 'apt-get update'
+aptget update -qq && msgpass || msgfail
+
+# check that I-M-S header is kept in redirections
+testequal 'Hit http://localhost unstable InRelease
+Hit http://localhost unstable/main Sources
+Hit http://localhost unstable/main amd64 Packages
+Hit http://localhost unstable/main Translation-en
+Reading package lists...' aptget update
+
+msgtest 'Test redirection works in' 'package download'
+aptget install unrelated --download-only -qq && msgpass || msgfail
diff --git a/test/integration/test-bug-666772-multiarch-arch-all-build-deps b/test/integration/test-bug-666772-multiarch-arch-all-build-deps
new file mode 100755
index 000000000..cfae1fef3
--- /dev/null
+++ b/test/integration/test-bug-666772-multiarch-arch-all-build-deps
@@ -0,0 +1,118 @@
+#!/bin/sh
+set -e
+
+TESTDIR=$(readlink -f $(dirname $0))
+. $TESTDIR/framework
+setupenvironment
+configarchitecture 'amd64' 'armhf'
+
+insertinstalledpackage 'build-essential' 'all' '11.5'
+
+insertpackage 'unstable' 'doxygen' 'all' '1.0' 'Depends: language-support, language-tool'
+insertpackage 'unstable' 'libc6' 'amd64,armhf' '1.0' 'Multi-Arch: same'
+insertpackage 'unstable' 'libc6-dev' 'amd64,armhf' '1.0' 'Depends: libc6
+Multi-Arch: same'
+insertpackage 'unstable' 'language-support' 'amd64,armhf' '1.0' 'Multi-Arch: foreign'
+insertpackage 'unstable' 'language-tool' 'amd64,armhf' '1.0'
+
+insertsource 'unstable' 'apt' 'any' '0.8.15' 'Build-Depends: doxygen, libc6-dev'
+
+setupaptarchive
+
+testequal 'Reading package lists...
+Building dependency tree...
+The following NEW packages will be installed:
+ doxygen language-support language-tool libc6 libc6-dev
+0 upgraded, 5 newly installed, 0 to remove and 0 not upgraded.
+Inst language-support (1.0 unstable [amd64])
+Inst language-tool (1.0 unstable [amd64])
+Inst doxygen (1.0 unstable [all])
+Inst libc6 (1.0 unstable [amd64])
+Inst libc6-dev (1.0 unstable [amd64])
+Conf language-support (1.0 unstable [amd64])
+Conf language-tool (1.0 unstable [amd64])
+Conf doxygen (1.0 unstable [all])
+Conf libc6 (1.0 unstable [amd64])
+Conf libc6-dev (1.0 unstable [amd64])' aptget build-dep apt -s
+
+testequal 'Reading package lists...
+Building dependency tree...
+The following NEW packages will be installed:
+ doxygen language-support language-tool libc6:armhf libc6-dev:armhf
+0 upgraded, 5 newly installed, 0 to remove and 0 not upgraded.
+Inst language-support (1.0 unstable [amd64])
+Inst language-tool (1.0 unstable [amd64])
+Inst doxygen (1.0 unstable [all])
+Inst libc6:armhf (1.0 unstable [armhf])
+Inst libc6-dev:armhf (1.0 unstable [armhf])
+Conf language-support (1.0 unstable [amd64])
+Conf language-tool (1.0 unstable [amd64])
+Conf doxygen (1.0 unstable [all])
+Conf libc6:armhf (1.0 unstable [armhf])
+Conf libc6-dev:armhf (1.0 unstable [armhf])' aptget build-dep apt -s -a armhf
+
+configarchitecture 'armhf' 'amd64'
+
+testequal 'Reading package lists...
+Building dependency tree...
+The following NEW packages will be installed:
+ doxygen language-support language-tool libc6 libc6-dev
+0 upgraded, 5 newly installed, 0 to remove and 0 not upgraded.
+Inst language-support (1.0 unstable [armhf])
+Inst language-tool (1.0 unstable [armhf])
+Inst doxygen (1.0 unstable [all])
+Inst libc6 (1.0 unstable [armhf])
+Inst libc6-dev (1.0 unstable [armhf])
+Conf language-support (1.0 unstable [armhf])
+Conf language-tool (1.0 unstable [armhf])
+Conf doxygen (1.0 unstable [all])
+Conf libc6 (1.0 unstable [armhf])
+Conf libc6-dev (1.0 unstable [armhf])' aptget build-dep apt -s
+
+testequal 'Reading package lists...
+Building dependency tree...
+The following NEW packages will be installed:
+ doxygen language-support language-tool libc6:amd64 libc6-dev:amd64
+0 upgraded, 5 newly installed, 0 to remove and 0 not upgraded.
+Inst language-support (1.0 unstable [armhf])
+Inst language-tool (1.0 unstable [armhf])
+Inst doxygen (1.0 unstable [all])
+Inst libc6:amd64 (1.0 unstable [amd64])
+Inst libc6-dev:amd64 (1.0 unstable [amd64])
+Conf language-support (1.0 unstable [armhf])
+Conf language-tool (1.0 unstable [armhf])
+Conf doxygen (1.0 unstable [all])
+Conf libc6:amd64 (1.0 unstable [amd64])
+Conf libc6-dev:amd64 (1.0 unstable [amd64])' aptget build-dep apt -s -a amd64
+
+configarchitecture 'amd64' 'armhf'
+
+insertinstalledpackage 'language-support' 'armhf' '0.5' 'Multi-Arch: foreign'
+
+testequal 'Reading package lists...
+Building dependency tree...
+The following NEW packages will be installed:
+ doxygen language-tool libc6 libc6-dev
+0 upgraded, 4 newly installed, 0 to remove and 1 not upgraded.
+Inst language-tool (1.0 unstable [amd64])
+Inst doxygen (1.0 unstable [all])
+Inst libc6 (1.0 unstable [amd64])
+Inst libc6-dev (1.0 unstable [amd64])
+Conf language-tool (1.0 unstable [amd64])
+Conf doxygen (1.0 unstable [all])
+Conf libc6 (1.0 unstable [amd64])
+Conf libc6-dev (1.0 unstable [amd64])' aptget build-dep apt -s
+
+testequal 'Reading package lists...
+Building dependency tree...
+The following NEW packages will be installed:
+ doxygen language-tool libc6:armhf libc6-dev:armhf
+0 upgraded, 4 newly installed, 0 to remove and 1 not upgraded.
+Inst language-tool (1.0 unstable [amd64])
+Inst doxygen (1.0 unstable [all])
+Inst libc6:armhf (1.0 unstable [armhf])
+Inst libc6-dev:armhf (1.0 unstable [armhf])
+Conf language-tool (1.0 unstable [amd64])
+Conf doxygen (1.0 unstable [all])
+Conf libc6:armhf (1.0 unstable [armhf])
+Conf libc6-dev:armhf (1.0 unstable [armhf])' aptget build-dep apt -s -a armhf
diff --git a/test/integration/test-ubuntu-bug-346386-apt-get-update-paywall b/test/integration/test-ubuntu-bug-346386-apt-get-update-paywall
new file mode 100755
index 000000000..25cccf067
--- /dev/null
+++ b/test/integration/test-ubuntu-bug-346386-apt-get-update-paywall
@@ -0,0 +1,47 @@
+#!/bin/sh
+set -e
+
+ensure_n_canary_strings_in_dir() {
+ DIR=$1
+ CANARY_STRING=$2
+ EXPECTED_N=$3
+
+ msgtest "Testing for $EXPECTED_N canary strings '$CANARY_STRING' in in" "$DIR"
+
+ N=$(grep "$CANARY_STRING" $DIR/* 2>/dev/null |wc -l )
+ if [ "$N" = "$EXPECTED_N" ]; then
+ msgpass
+ return 0
+ else
+ msgfail "Expected $EXPECTED_N canaries, got $N"
+ return 1
+ fi
+}
+
+TESTDIR=$(readlink -f $(dirname $0))
+. $TESTDIR/framework
+
+setupenvironment
+configarchitecture 'native'
+
+insertpackage 'unstable' 'unrelated' 'all' '1.0' 'stable'
+
+setupaptarchive
+changetowebserver --simulate-paywall
+
+rm -rf rootdir/var/lib/apt/lists
+msgtest 'excpected failure of' 'apt-get update'
+aptget update -qq 2>/dev/null && msgfail || msgpass
+
+ensure_n_canary_strings_in_dir rootdir/var/lib/apt/lists/ 'ni ni ni' 0
+testequal 'partial' ls rootdir/var/lib/apt/lists/
+
+# again, this time with pre-existing files valid data
+for f in Release Release.gpg main_binary-amd64_Packages stable_main_source_Sources; do
+ echo "canary" > rootdir/var/lib/apt/lists/localhost:8080_dists_stable_${f}
+done
+
+# this will fail, the important part is that the canaries remain
+msgtest 'excpected failure of' 'apt-get update'
+aptget update -qq 2>/dev/null && msgfail || msgpass
+ensure_n_canary_strings_in_dir rootdir/var/lib/apt/lists/ 'canary' 4