diff options
Diffstat (limited to 'test/integration')
-rw-r--r-- | test/integration/exploid-keyring-with-dupe-keys.pub | bin | 0 -> 3986 bytes | |||
-rw-r--r-- | test/integration/exploid-keyring-with-dupe-subkeys.pub | bin | 0 -> 2016 bytes | |||
-rw-r--r-- | test/integration/framework | 20 | ||||
-rwxr-xr-x | test/integration/skip-aptwebserver | 25 | ||||
-rwxr-xr-x | test/integration/skip-bug-602412-dequote-redirect | 38 | ||||
-rwxr-xr-x | test/integration/test-apt-key-net-update | 95 | ||||
-rwxr-xr-x | test/integration/test-bug-602412-dequote-redirect | 29 | ||||
-rwxr-xr-x | test/integration/test-bug-666772-multiarch-arch-all-build-deps | 118 | ||||
-rwxr-xr-x | test/integration/test-ubuntu-bug-346386-apt-get-update-paywall | 47 |
9 files changed, 329 insertions, 43 deletions
diff --git a/test/integration/exploid-keyring-with-dupe-keys.pub b/test/integration/exploid-keyring-with-dupe-keys.pub Binary files differnew file mode 100644 index 000000000..642952a40 --- /dev/null +++ b/test/integration/exploid-keyring-with-dupe-keys.pub diff --git a/test/integration/exploid-keyring-with-dupe-subkeys.pub b/test/integration/exploid-keyring-with-dupe-subkeys.pub Binary files differnew file mode 100644 index 000000000..02d4e6ee8 --- /dev/null +++ b/test/integration/exploid-keyring-with-dupe-subkeys.pub diff --git a/test/integration/framework b/test/integration/framework index 57bf555af..bec321240 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -690,20 +690,30 @@ signreleasefiles() { } changetowebserver() { - if which weborf > /dev/null; then - weborf -xb aptarchive/ 2>&1 > /dev/null & + if [ -n "$1" ] && ! test -x ${BUILDDIRECTORY}/aptwebserver; then + msgdie 'Need the aptwebserver when passing arguments' + fi + + local LOG='/dev/null' + if test -x ${BUILDDIRECTORY}/aptwebserver; then + cd aptarchive + LD_LIBRARY_PATH=${BUILDDIRECTORY} ${BUILDDIRECTORY}/aptwebserver $@ 2> $LOG > $LOG & + addtrap "kill $!;" + cd - > /dev/null + elif which weborf > /dev/null; then + weborf -xb aptarchive/ 2> $LOG > $LOG & addtrap "kill $!;" elif which gatling > /dev/null; then cd aptarchive - gatling -p 8080 -F -S 2>&1 > /dev/null & + gatling -p 8080 -F -S 2> $LOG > $LOG & addtrap "kill $!;" cd - > /dev/null elif which lighttpd > /dev/null; then echo "server.document-root = \"$(readlink -f ./aptarchive)\" server.port = 8080 server.stat-cache-engine = \"disable\"" > lighttpd.conf - lighttpd -t -f lighttpd.conf >/dev/null || msgdie 'Can not change to webserver: our lighttpd config is invalid' - lighttpd -D -f lighttpd.conf 2>/dev/null >/dev/null & + lighttpd -t -f lighttpd.conf 2> $LOG > $LOG || msgdie 'Can not change to webserver: our lighttpd config is invalid' + lighttpd -D -f lighttpd.conf 2> $LOG > $LOG & addtrap "kill $!;" else msgdie 'You have to install weborf or lighttpd first' diff --git a/test/integration/skip-aptwebserver b/test/integration/skip-aptwebserver new file mode 100755 index 000000000..0622941ce --- /dev/null +++ b/test/integration/skip-aptwebserver @@ -0,0 +1,25 @@ +#!/bin/sh +set -e + +TESTDIR=$(readlink -f $(dirname $0)) +. $TESTDIR/framework + +setupenvironment +configarchitecture 'amd64' + +buildsimplenativepackage 'apt' 'all' '1.0' 'stable' + +setupaptarchive +changetowebserver + +rm -rf rootdir/var/lib/apt/lists +aptget update -qq +testequal 'Hit http://localhost stable InRelease +Hit http://localhost stable/main Sources +Hit http://localhost stable/main amd64 Packages +Hit http://localhost stable/main Translation-en +Reading package lists...' aptget update + +mv rootdir/var/lib/apt/lists/localhost* rootdir/var/lib/apt/lists/partial +aptget update + diff --git a/test/integration/skip-bug-602412-dequote-redirect b/test/integration/skip-bug-602412-dequote-redirect deleted file mode 100755 index 689b671ce..000000000 --- a/test/integration/skip-bug-602412-dequote-redirect +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/sh -set -e - -TESTDIR=$(readlink -f $(dirname $0)) -. $TESTDIR/framework -setupenvironment -configarchitecture 'i386' - -if ! which lighttpd > /dev/null; then - msgdie 'You need lighttpd for this testcase, sorry…' - exit 1 -fi - -buildsimplenativepackage 'unrelated' 'all' '0.5~squeeze1' 'unstable' - -setupaptarchive - -echo "server.modules = ( \"mod_redirect\" ) -server.document-root = \"$(readlink -f ./aptarchive)\" -server.port = 8080 -server.stat-cache-engine = \"disable\" -url.redirect = ( \"^/pool/(.*)$\" => \"/newpool/\$1\", - \"^/dists/(.*)$\" => \"/newdists/\$1\" )" > lighttpd.conf - -mv aptarchive/pool aptarchive/newpool -mv aptarchive/dists aptarchive/newdists - -lighttpd -t -f lighttpd.conf >/dev/null || msgdie 'Can not change to webserver: our lighttpd config is invalid' -lighttpd -D -f lighttpd.conf 2>/dev/null >/dev/null & -addtrap "kill $!;" - -APTARCHIVE="file://$(readlink -f ./aptarchive)" -for LIST in $(find rootdir/etc/apt/sources.list.d/ -name 'apt-test-*.list'); do - sed -i $LIST -e "s#$APTARCHIVE#http://localhost:8080/#" -done - -aptget update || msgdie 'apt-get update failed' -aptget install unrelated --download-only || msgdie 'downloading package failed' diff --git a/test/integration/test-apt-key-net-update b/test/integration/test-apt-key-net-update new file mode 100755 index 000000000..d5205836f --- /dev/null +++ b/test/integration/test-apt-key-net-update @@ -0,0 +1,95 @@ +#!/bin/sh +set -e + +TESTDIR=$(readlink -f $(dirname $0)) +. $TESTDIR/framework + +setupenvironment +configarchitecture "i386" + +# mock +requires_root() { + return 0 +} + +# extract net_update() and import it +func=$( sed -n -e '/^add_keys_with_verify_against_master_keyring/,/^}/p' ${BUILDDIRECTORY}/apt-key ) +eval "$func" + +mkdir -p ./etc/apt +TRUSTEDFILE=./etc/apt/trusted.gpg +mkdir -p ./var/lib/apt/keyrings +TMP_KEYRING=./var/lib/apt/keyrings/maybe-import-keyring.gpg +GPG_CMD="gpg --ignore-time-conflict --no-options --no-default-keyring" +GPG="$GPG_CMD --keyring $TRUSTEDFILE" +MASTER_KEYRING=/usr/share/keyrings/ubuntu-master-keyring.gpg + + +msgtest "add_keys_with_verify_against_master_keyring" +if [ ! -e $MASTER_KEYRING ]; then + echo -n "No $MASTER_KEYRING found" + msgskip + exit 0 +fi + +# test bad keyring and ensure its not added (LP: #857472) +ADD_KEYRING=./keys/exploid-keyring-with-dupe-keys.pub +if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then + msgfail +else + msgpass +fi + +# ensure the keyring is still empty +gpg_out=$($GPG --list-keys) +msgtest "Test if keyring is empty" +if [ -n "" ]; then + msgfail +else + msgpass +fi + + +# test another possible attack vector using subkeys (LP: #1013128) +msgtest "add_keys_with_verify_against_master_keyring with subkey attack" +ADD_KEYRING=./keys/exploid-keyring-with-dupe-subkeys.pub +if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then + msgfail +else + msgpass +fi + +# ensure the keyring is still empty +gpg_out=$($GPG --list-keys) +msgtest "Test if keyring is empty" +if [ -n "" ]; then + msgfail +else + msgpass +fi + + +# test good keyring and ensure we get no errors +ADD_KEYRING=/usr/share/keyrings/ubuntu-archive-keyring.gpg +if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then + msgpass +else + msgfail +fi + +testequal './etc/apt/trusted.gpg +--------------------- +pub 1024D/437D05B5 2004-09-12 +uid Ubuntu Archive Automatic Signing Key <ftpmaster@ubuntu.com> +sub 2048g/79164387 2004-09-12 + +pub 1024D/FBB75451 2004-12-30 +uid Ubuntu CD Image Automatic Signing Key <cdimage@ubuntu.com> + +pub 4096R/C0B21F32 2012-05-11 +uid Ubuntu Archive Automatic Signing Key (2012) <ftpmaster@ubuntu.com> + +pub 4096R/EFE21092 2012-05-11 +uid Ubuntu CD Image Automatic Signing Key (2012) <cdimage@ubuntu.com> +' $GPG --list-keys + diff --git a/test/integration/test-bug-602412-dequote-redirect b/test/integration/test-bug-602412-dequote-redirect new file mode 100755 index 000000000..f1e67c6d8 --- /dev/null +++ b/test/integration/test-bug-602412-dequote-redirect @@ -0,0 +1,29 @@ +#!/bin/sh +set -e + +TESTDIR=$(readlink -f $(dirname $0)) +. $TESTDIR/framework +setupenvironment +configarchitecture 'amd64' + +buildsimplenativepackage 'unrelated' 'all' '0.5~squeeze1' 'unstable' + +setupaptarchive +changetowebserver -o aptwebserver::redirect::replace::/pool/=/newpool/ \ + -o aptwebserver::redirect::replace::/dists/=/newdists/ + +mv aptarchive/pool aptarchive/newpool +mv aptarchive/dists aptarchive/newdists + +msgtest 'Test redirection works in' 'apt-get update' +aptget update -qq && msgpass || msgfail + +# check that I-M-S header is kept in redirections +testequal 'Hit http://localhost unstable InRelease +Hit http://localhost unstable/main Sources +Hit http://localhost unstable/main amd64 Packages +Hit http://localhost unstable/main Translation-en +Reading package lists...' aptget update + +msgtest 'Test redirection works in' 'package download' +aptget install unrelated --download-only -qq && msgpass || msgfail diff --git a/test/integration/test-bug-666772-multiarch-arch-all-build-deps b/test/integration/test-bug-666772-multiarch-arch-all-build-deps new file mode 100755 index 000000000..cfae1fef3 --- /dev/null +++ b/test/integration/test-bug-666772-multiarch-arch-all-build-deps @@ -0,0 +1,118 @@ +#!/bin/sh +set -e + +TESTDIR=$(readlink -f $(dirname $0)) +. $TESTDIR/framework +setupenvironment +configarchitecture 'amd64' 'armhf' + +insertinstalledpackage 'build-essential' 'all' '11.5' + +insertpackage 'unstable' 'doxygen' 'all' '1.0' 'Depends: language-support, language-tool' +insertpackage 'unstable' 'libc6' 'amd64,armhf' '1.0' 'Multi-Arch: same' +insertpackage 'unstable' 'libc6-dev' 'amd64,armhf' '1.0' 'Depends: libc6 +Multi-Arch: same' +insertpackage 'unstable' 'language-support' 'amd64,armhf' '1.0' 'Multi-Arch: foreign' +insertpackage 'unstable' 'language-tool' 'amd64,armhf' '1.0' + +insertsource 'unstable' 'apt' 'any' '0.8.15' 'Build-Depends: doxygen, libc6-dev' + +setupaptarchive + +testequal 'Reading package lists... +Building dependency tree... +The following NEW packages will be installed: + doxygen language-support language-tool libc6 libc6-dev +0 upgraded, 5 newly installed, 0 to remove and 0 not upgraded. +Inst language-support (1.0 unstable [amd64]) +Inst language-tool (1.0 unstable [amd64]) +Inst doxygen (1.0 unstable [all]) +Inst libc6 (1.0 unstable [amd64]) +Inst libc6-dev (1.0 unstable [amd64]) +Conf language-support (1.0 unstable [amd64]) +Conf language-tool (1.0 unstable [amd64]) +Conf doxygen (1.0 unstable [all]) +Conf libc6 (1.0 unstable [amd64]) +Conf libc6-dev (1.0 unstable [amd64])' aptget build-dep apt -s + +testequal 'Reading package lists... +Building dependency tree... +The following NEW packages will be installed: + doxygen language-support language-tool libc6:armhf libc6-dev:armhf +0 upgraded, 5 newly installed, 0 to remove and 0 not upgraded. +Inst language-support (1.0 unstable [amd64]) +Inst language-tool (1.0 unstable [amd64]) +Inst doxygen (1.0 unstable [all]) +Inst libc6:armhf (1.0 unstable [armhf]) +Inst libc6-dev:armhf (1.0 unstable [armhf]) +Conf language-support (1.0 unstable [amd64]) +Conf language-tool (1.0 unstable [amd64]) +Conf doxygen (1.0 unstable [all]) +Conf libc6:armhf (1.0 unstable [armhf]) +Conf libc6-dev:armhf (1.0 unstable [armhf])' aptget build-dep apt -s -a armhf + +configarchitecture 'armhf' 'amd64' + +testequal 'Reading package lists... +Building dependency tree... +The following NEW packages will be installed: + doxygen language-support language-tool libc6 libc6-dev +0 upgraded, 5 newly installed, 0 to remove and 0 not upgraded. +Inst language-support (1.0 unstable [armhf]) +Inst language-tool (1.0 unstable [armhf]) +Inst doxygen (1.0 unstable [all]) +Inst libc6 (1.0 unstable [armhf]) +Inst libc6-dev (1.0 unstable [armhf]) +Conf language-support (1.0 unstable [armhf]) +Conf language-tool (1.0 unstable [armhf]) +Conf doxygen (1.0 unstable [all]) +Conf libc6 (1.0 unstable [armhf]) +Conf libc6-dev (1.0 unstable [armhf])' aptget build-dep apt -s + +testequal 'Reading package lists... +Building dependency tree... +The following NEW packages will be installed: + doxygen language-support language-tool libc6:amd64 libc6-dev:amd64 +0 upgraded, 5 newly installed, 0 to remove and 0 not upgraded. +Inst language-support (1.0 unstable [armhf]) +Inst language-tool (1.0 unstable [armhf]) +Inst doxygen (1.0 unstable [all]) +Inst libc6:amd64 (1.0 unstable [amd64]) +Inst libc6-dev:amd64 (1.0 unstable [amd64]) +Conf language-support (1.0 unstable [armhf]) +Conf language-tool (1.0 unstable [armhf]) +Conf doxygen (1.0 unstable [all]) +Conf libc6:amd64 (1.0 unstable [amd64]) +Conf libc6-dev:amd64 (1.0 unstable [amd64])' aptget build-dep apt -s -a amd64 + +configarchitecture 'amd64' 'armhf' + +insertinstalledpackage 'language-support' 'armhf' '0.5' 'Multi-Arch: foreign' + +testequal 'Reading package lists... +Building dependency tree... +The following NEW packages will be installed: + doxygen language-tool libc6 libc6-dev +0 upgraded, 4 newly installed, 0 to remove and 1 not upgraded. +Inst language-tool (1.0 unstable [amd64]) +Inst doxygen (1.0 unstable [all]) +Inst libc6 (1.0 unstable [amd64]) +Inst libc6-dev (1.0 unstable [amd64]) +Conf language-tool (1.0 unstable [amd64]) +Conf doxygen (1.0 unstable [all]) +Conf libc6 (1.0 unstable [amd64]) +Conf libc6-dev (1.0 unstable [amd64])' aptget build-dep apt -s + +testequal 'Reading package lists... +Building dependency tree... +The following NEW packages will be installed: + doxygen language-tool libc6:armhf libc6-dev:armhf +0 upgraded, 4 newly installed, 0 to remove and 1 not upgraded. +Inst language-tool (1.0 unstable [amd64]) +Inst doxygen (1.0 unstable [all]) +Inst libc6:armhf (1.0 unstable [armhf]) +Inst libc6-dev:armhf (1.0 unstable [armhf]) +Conf language-tool (1.0 unstable [amd64]) +Conf doxygen (1.0 unstable [all]) +Conf libc6:armhf (1.0 unstable [armhf]) +Conf libc6-dev:armhf (1.0 unstable [armhf])' aptget build-dep apt -s -a armhf diff --git a/test/integration/test-ubuntu-bug-346386-apt-get-update-paywall b/test/integration/test-ubuntu-bug-346386-apt-get-update-paywall new file mode 100755 index 000000000..25cccf067 --- /dev/null +++ b/test/integration/test-ubuntu-bug-346386-apt-get-update-paywall @@ -0,0 +1,47 @@ +#!/bin/sh +set -e + +ensure_n_canary_strings_in_dir() { + DIR=$1 + CANARY_STRING=$2 + EXPECTED_N=$3 + + msgtest "Testing for $EXPECTED_N canary strings '$CANARY_STRING' in in" "$DIR" + + N=$(grep "$CANARY_STRING" $DIR/* 2>/dev/null |wc -l ) + if [ "$N" = "$EXPECTED_N" ]; then + msgpass + return 0 + else + msgfail "Expected $EXPECTED_N canaries, got $N" + return 1 + fi +} + +TESTDIR=$(readlink -f $(dirname $0)) +. $TESTDIR/framework + +setupenvironment +configarchitecture 'native' + +insertpackage 'unstable' 'unrelated' 'all' '1.0' 'stable' + +setupaptarchive +changetowebserver --simulate-paywall + +rm -rf rootdir/var/lib/apt/lists +msgtest 'excpected failure of' 'apt-get update' +aptget update -qq 2>/dev/null && msgfail || msgpass + +ensure_n_canary_strings_in_dir rootdir/var/lib/apt/lists/ 'ni ni ni' 0 +testequal 'partial' ls rootdir/var/lib/apt/lists/ + +# again, this time with pre-existing files valid data +for f in Release Release.gpg main_binary-amd64_Packages stable_main_source_Sources; do + echo "canary" > rootdir/var/lib/apt/lists/localhost:8080_dists_stable_${f} +done + +# this will fail, the important part is that the canaries remain +msgtest 'excpected failure of' 'apt-get update' +aptget update -qq 2>/dev/null && msgfail || msgpass +ensure_n_canary_strings_in_dir rootdir/var/lib/apt/lists/ 'canary' 4 |