summaryrefslogtreecommitdiff
path: root/test/integration
diff options
context:
space:
mode:
Diffstat (limited to 'test/integration')
-rw-r--r--test/integration/framework7
-rwxr-xr-xtest/integration/test-apt-update-ims12
-rwxr-xr-xtest/integration/test-apt-update-nofallback5
-rwxr-xr-xtest/integration/test-apt-update-not-modified4
-rwxr-xr-xtest/integration/test-apt-update-rollback4
-rwxr-xr-xtest/integration/test-releasefile-date-older62
-rwxr-xr-xtest/integration/test-releasefile-valid-until37
-rwxr-xr-xtest/integration/test-releasefile-verification70
8 files changed, 121 insertions, 80 deletions
diff --git a/test/integration/framework b/test/integration/framework
index 8c8936ead..b253deb91 100644
--- a/test/integration/framework
+++ b/test/integration/framework
@@ -1164,9 +1164,9 @@ testfileequal() {
shift
msgtest "Test for correctness of file" "$FILE"
if [ -z "$*" ]; then
- echo -n "" | checkdiff $FILE - && msgpass || msgfail
+ echo -n "" | checkdiff - $FILE && msgpass || msgfail
else
- echo "$*" | checkdiff $FILE - && msgpass || msgfail
+ echo "$*" | checkdiff - $FILE && msgpass || msgfail
fi
}
@@ -1547,7 +1547,8 @@ aptautotest_aptcdrom_add() { aptautotest_aptget_update "$@"; }
testaptautotestnodpkgwarning() {
local TESTCALL="$1"
while [ -n "$2" ]; do
- if expr match "$2" '^-[a-z]*s' >/dev/null 2>&1; then return; fi
+ if expr match "$2" '^-[a-z]*s' >/dev/null 2>&1; then return; fi # simulation mode
+ if expr match "$2" '^-dy\?' >/dev/null 2>&1; then return; fi # download-only mode
shift
done
testfailure grep '^dpkg: warning:.*ignor.*' "${TMPWORKINGDIRECTORY}/rootdir/tmp-before/${TESTCALL}.output"
diff --git a/test/integration/test-apt-update-ims b/test/integration/test-apt-update-ims
index f091bffaa..7385e701a 100755
--- a/test/integration/test-apt-update-ims
+++ b/test/integration/test-apt-update-ims
@@ -43,7 +43,7 @@ runtest() {
testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
# ensure that we still do a hash check for other files on ims hit of Release
- if grep -q '^Hit .* \(InRelease\|Release.gpg\)$' expected.output ; then
+ if grep -q '^Hit .* InRelease$' expected.output || ! grep -q '^Ign .* Release\(\.gpg\)\?$' expected.output; then
$TEST aptget update -o Debug::Acquire::gpgv=1
cp rootdir/tmp/${TEST}.output goodsign.output
testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
@@ -66,7 +66,6 @@ msgmsg 'Release/Release.gpg'
EXPECT='Ign http://localhost:8080 unstable InRelease
404 Not Found
Hit http://localhost:8080 unstable Release
-Hit http://localhost:8080 unstable Release.gpg
Reading package lists...'
find aptarchive -name 'InRelease' -delete
echo 'Acquire::GzipIndexes "0";' > rootdir/etc/apt/apt.conf.d/02compressindex
@@ -81,7 +80,7 @@ Hit http://localhost:8080 unstable Release
Ign http://localhost:8080 unstable Release.gpg
404 Not Found
Reading package lists...
-W: The data from 'http://localhost:8080 unstable Release.gpg' is not signed. Packages from that repository can not be authenticated."
+W: The data from 'http://localhost:8080 unstable Release' is not signed. Packages from that repository can not be authenticated."
find aptarchive -name 'Release.gpg' -delete
echo 'Acquire::GzipIndexes "0";' > rootdir/etc/apt/apt.conf.d/02compressindex
runtest 'warning'
@@ -108,8 +107,7 @@ msgmsg 'expired Release/Release.gpg'
EXPECT='Ign http://localhost:8080 unstable InRelease
404 Not Found
Hit http://localhost:8080 unstable Release
-Hit http://localhost:8080 unstable Release.gpg
-E: Release file for http://localhost:8080/dists/unstable/Release.gpg is expired (invalid since). Updates for this repository will not be applied.'
+E: Release file for http://localhost:8080/dists/unstable/Release is expired (invalid since). Updates for this repository will not be applied.'
find aptarchive -name 'InRelease' -delete
echo 'Acquire::GzipIndexes "0";' > rootdir/etc/apt/apt.conf.d/02compressindex
runtest 'failure'
@@ -122,8 +120,8 @@ EXPECT="Ign http://localhost:8080 unstable InRelease
Hit http://localhost:8080 unstable Release
Ign http://localhost:8080 unstable Release.gpg
404 Not Found
-W: The data from 'http://localhost:8080 unstable Release.gpg' is not signed. Packages from that repository can not be authenticated.
-E: Release file for http://localhost:8080/dists/unstable/InRelease is expired (invalid since). Updates for this repository will not be applied."
+W: The data from 'http://localhost:8080 unstable Release' is not signed. Packages from that repository can not be authenticated.
+E: Release file for http://localhost:8080/dists/unstable/Release is expired (invalid since). Updates for this repository will not be applied."
find aptarchive -name 'Release.gpg' -delete
echo 'Acquire::GzipIndexes "0";' > rootdir/etc/apt/apt.conf.d/02compressindex
runtest 'failure' 'warning'
diff --git a/test/integration/test-apt-update-nofallback b/test/integration/test-apt-update-nofallback
index 71576de81..db4430ea3 100755
--- a/test/integration/test-apt-update-nofallback
+++ b/test/integration/test-apt-update-nofallback
@@ -8,6 +8,7 @@ set -e
simulate_mitm_and_inject_evil_package()
{
+ redatereleasefiles '+1 hour'
rm -f $APTARCHIVE/dists/unstable/InRelease
rm -f $APTARCHIVE/dists/unstable/Release.gpg
inject_evil_package
@@ -31,7 +32,7 @@ EOF
assert_update_is_refused_and_last_good_state_used()
{
- testfailureequal "E: The repository 'file: unstable Release.gpg' is no longer signed." aptget update -qq
+ testfailuremsg "E: The repository 'file: unstable Release' is no longer signed." aptget update
assert_repo_is_intact
}
@@ -193,7 +194,7 @@ test_release_gpg_to_invalid_release_release_gpg()
echo "Some evil data" >> $APTARCHIVE/dists/unstable/Release
inject_evil_package
- testwarningequal "W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: file: unstable Release.gpg: The following signatures were invalid: BADSIG 5A90D141DBAC8DAE Joe Sixpack (APT Testcases Dummy) <joe@example.org>
+ testwarningequal "W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: file: unstable Release: The following signatures were invalid: BADSIG 5A90D141DBAC8DAE Joe Sixpack (APT Testcases Dummy) <joe@example.org>
W: Failed to fetch file:${APTARCHIVE}/dists/unstable/Release.gpg The following signatures were invalid: BADSIG 5A90D141DBAC8DAE Joe Sixpack (APT Testcases Dummy) <joe@example.org>
diff --git a/test/integration/test-apt-update-not-modified b/test/integration/test-apt-update-not-modified
index a67ecb760..b1d55c156 100755
--- a/test/integration/test-apt-update-not-modified
+++ b/test/integration/test-apt-update-not-modified
@@ -56,7 +56,6 @@ Reading package lists..." aptget update
testsuccessequal "Ign $1 unstable InRelease
404 Not Found
Hit $1 unstable Release
-Hit $1 unstable Release.gpg
Reading package lists..." aptget update
testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
@@ -66,7 +65,6 @@ Reading package lists..." aptget update
testsuccessequal "Ign $1 unstable InRelease
404 Not Found
Hit $1 unstable Release
-Hit $1 unstable Release.gpg
Reading package lists..." aptget update
testfileequal 'listsdir-without-amd64.lst' "$(listcurrentlistsdirectory)"
@@ -75,7 +73,6 @@ Reading package lists..." aptget update
testsuccessequal "Ign $1 unstable InRelease
404 Not Found
Hit $1 unstable Release
-Hit $1 unstable Release.gpg
Get:1 $1 unstable/main amd64 Packages [$(stat -c '%s' 'aptarchive/dists/unstable/main/binary-amd64/Packages.gz') B]
Reading package lists..." aptget update
testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
@@ -85,7 +82,6 @@ Reading package lists..." aptget update
testsuccessequal "Ign $1 unstable InRelease
404 Not Found
Get:1 $1 unstable Release [$(stat -c '%s' 'aptarchive/dists/unstable/Release') B]
-Get:2 $1 unstable Release.gpg [$(stat -c '%s' 'aptarchive/dists/unstable/Release.gpg') B]
Reading package lists..." aptget update
webserverconfig 'aptwebserver::support::modified-since' 'true'
webserverconfig 'aptwebserver::support::last-modified' 'true'
diff --git a/test/integration/test-apt-update-rollback b/test/integration/test-apt-update-rollback
index 29fe1ab56..b464a04a1 100755
--- a/test/integration/test-apt-update-rollback
+++ b/test/integration/test-apt-update-rollback
@@ -78,7 +78,7 @@ test_inrelease_to_valid_release() {
rm $APTARCHIVE/dists/unstable/Release.gpg
# update fails
- testfailureequal "E: The repository 'file: unstable Release.gpg' is no longer signed." aptget update -qq
+ testfailureequal "E: The repository 'file: unstable Release' is no longer signed." aptget update -qq
# test that security downgrade was not successful
testfileequal lists.before "$(listcurrentlistsdirectory)"
@@ -101,7 +101,7 @@ test_inrelease_to_release_reverts_all() {
break_repository_sources_index '+1hour'
# ensure error
- testfailureequal "E: The repository 'file: unstable Release.gpg' is no longer signed." aptget update -qq # -o Debug::acquire::transaction=1
+ testfailureequal "E: The repository 'file: unstable Release' is no longer signed." aptget update -qq # -o Debug::acquire::transaction=1
# ensure that the Packages file is also rolled back
testfileequal lists.before "$(listcurrentlistsdirectory)"
diff --git a/test/integration/test-releasefile-date-older b/test/integration/test-releasefile-date-older
new file mode 100755
index 000000000..5cdc34fac
--- /dev/null
+++ b/test/integration/test-releasefile-date-older
@@ -0,0 +1,62 @@
+#!/bin/sh
+set -e
+
+TESTDIR=$(readlink -f $(dirname $0))
+. $TESTDIR/framework
+setupenvironment
+configarchitecture 'i386'
+
+insertpackage 'wheezy' 'apt' 'all' '0.8.15'
+
+setupaptarchive --no-update
+
+# we don't complain as the server could have just sent a 'Hit' here and this
+# 'downgrade attack' is usually performed by out-of-sync mirrors. Valid-Until
+# catches the 'real' downgrade attacks (expect that it finds stale mirrors).
+# Scaring users with an error here serves hence no point.
+
+msgmsg 'InRelease file is silently rejected if' 'new Date is before old Date'
+rm -rf rootdir/var/lib/apt/lists
+generatereleasefiles 'now' 'now + 7 days'
+signreleasefiles
+testsuccess aptget update
+listcurrentlistsdirectory > listsdir.lst
+redatereleasefiles 'now - 2 days'
+testsuccess aptget update
+testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
+
+msgmsg 'Release.gpg file is silently rejected if' 'new Date is before old Date'
+rm -rf rootdir/var/lib/apt/lists
+generatereleasefiles 'now' 'now + 7 days'
+signreleasefiles
+find aptarchive -name 'InRelease' -delete
+testsuccess aptget update
+listcurrentlistsdirectory > listsdir.lst
+redatereleasefiles 'now - 2 days'
+find aptarchive -name 'InRelease' -delete
+testsuccess aptget update
+testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
+
+msgmsg 'Crisscross InRelease/Release.gpg file is silently rejected if' 'new Date is before old Date'
+rm -rf rootdir/var/lib/apt/lists
+generatereleasefiles 'now' 'now + 7 days'
+signreleasefiles
+find aptarchive -name 'Release.gpg' -delete
+testsuccess aptget update
+listcurrentlistsdirectory > listsdir.lst
+redatereleasefiles 'now - 2 days'
+find aptarchive -name 'InRelease' -delete
+testsuccess aptget update
+testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
+
+msgmsg 'Crisscross Release.gpg/InRelease file is silently rejected if' 'new Date is before old Date'
+rm -rf rootdir/var/lib/apt/lists
+generatereleasefiles 'now' 'now + 7 days'
+signreleasefiles
+find aptarchive -name 'InRelease' -delete
+testsuccess aptget update
+listcurrentlistsdirectory > listsdir.lst
+redatereleasefiles 'now - 2 days'
+find aptarchive -name 'Release.gpg' -delete
+testsuccess aptget update
+testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
diff --git a/test/integration/test-releasefile-valid-until b/test/integration/test-releasefile-valid-until
index 0d9a91254..e000abf5d 100755
--- a/test/integration/test-releasefile-valid-until
+++ b/test/integration/test-releasefile-valid-until
@@ -16,13 +16,12 @@ setupaptarchive --no-update
runtest() {
local MSG="$1"
- msgtest "$1" "$2"
+ msgtest "Release file is $MSG as it has" "$2"
rm -rf rootdir/var/lib/apt/lists
- aptget clean
generatereleasefiles "$3" "$4"
signreleasefiles
shift 4
- if expr match "$MSG" '.*accepted.*' >/dev/null; then
+ if [ "$MSG" = 'accepted' ]; then
testsuccess --nomsg aptget update "$@"
testfailure grep -q 'is expired' rootdir/tmp/testsuccess.output
else
@@ -31,19 +30,19 @@ runtest() {
fi
}
-runtest 'Release file is accepted as it has' 'no Until' '' ''
-runtest 'Release file is accepted as it has' 'no Until and good Max-Valid' '' '' -o Acquire::Max-ValidTime=3600
-runtest 'Release file is rejected as it has' 'no Until, but bad Max-Valid' 'now - 2 days' '' -o Acquire::Max-ValidTime=3600
-runtest 'Release file is accepted as it has' 'good Until' 'now - 3 days' 'now + 1 day'
-runtest 'Release file is rejected as it has' 'bad Until' 'now - 7 days' 'now - 4 days'
-runtest 'Release file is rejected as it has' 'bad Until (ignore good Max-Valid)' 'now - 7 days' 'now - 4 days' -o Acquire::Max-ValidTime=1209600
-runtest 'Release file is rejected as it has' 'bad Max-Valid (bad Until)' 'now - 7 days' 'now - 4 days' -o Acquire::Max-ValidTime=86400
-runtest 'Release file is rejected as it has' 'bad Max-Valid (good Until)' 'now - 7 days' 'now + 4 days' -o Acquire::Max-ValidTime=86400
-runtest 'Release file is accepted as it has' 'good labeled Max-Valid' 'now - 7 days' 'now + 4 days' -o Acquire::Max-ValidTime=86400 -o Acquire::Max-ValidTime::Testcases=1209600
-runtest 'Release file is rejected as it has' 'bad labeled Max-Valid' 'now - 7 days' 'now + 4 days' -o Acquire::Max-ValidTime=1209600 -o Acquire::Max-ValidTime::Testcases=86400
-runtest 'Release file is accepted as it has' 'good Until (good Min-Valid, no Max-Valid)' 'now - 7 days' 'now + 1 days' -o Acquire::Min-ValidTime=1209600
-runtest 'Release file is accepted as it has' 'good Min-Valid (bad Until, no Max-Valid)' 'now - 7 days' 'now - 4 days' -o Acquire::Min-ValidTime=1209600
-runtest 'Release file is accepted as it has' 'good Min-Valid (bad Until, good Max-Valid) <' 'now - 7 days' 'now - 2 days' -o Acquire::Min-ValidTime=1209600 -o Acquire::Max-ValidTime=2419200
-runtest 'Release file is rejected as it has' 'bad Max-Valid (bad Until, good Min-Valid) >' 'now - 7 days' 'now - 2 days' -o Acquire::Max-ValidTime=12096 -o Acquire::Min-ValidTime=2419200
-runtest 'Release file is rejected as it has' 'bad Max-Valid (bad Until, bad Min-Valid) <' 'now - 7 days' 'now - 2 days' -o Acquire::Min-ValidTime=12096 -o Acquire::Max-ValidTime=241920
-runtest 'Release file is rejected as it has' 'bad Max-Valid (bad Until, bad Min-Valid) >' 'now - 7 days' 'now - 2 days' -o Acquire::Max-ValidTime=12096 -o Acquire::Min-ValidTime=241920
+runtest 'accepted' 'no Until' '' ''
+runtest 'accepted' 'no Until and good Max-Valid' '' '' -o Acquire::Max-ValidTime=3600
+runtest 'rejected' 'no Until, but bad Max-Valid' 'now - 2 days' '' -o Acquire::Max-ValidTime=3600
+runtest 'accepted' 'good Until' 'now - 3 days' 'now + 1 day'
+runtest 'rejected' 'bad Until' 'now - 7 days' 'now - 4 days'
+runtest 'rejected' 'bad Until (ignore good Max-Valid)' 'now - 7 days' 'now - 4 days' -o Acquire::Max-ValidTime=1209600
+runtest 'rejected' 'bad Max-Valid (bad Until)' 'now - 7 days' 'now - 4 days' -o Acquire::Max-ValidTime=86400
+runtest 'rejected' 'bad Max-Valid (good Until)' 'now - 7 days' 'now + 4 days' -o Acquire::Max-ValidTime=86400
+runtest 'accepted' 'good labeled Max-Valid' 'now - 7 days' 'now + 4 days' -o Acquire::Max-ValidTime=86400 -o Acquire::Max-ValidTime::Testcases=1209600
+runtest 'rejected' 'bad labeled Max-Valid' 'now - 7 days' 'now + 4 days' -o Acquire::Max-ValidTime=1209600 -o Acquire::Max-ValidTime::Testcases=86400
+runtest 'accepted' 'good Until (good Min-Valid, no Max-Valid)' 'now - 7 days' 'now + 1 days' -o Acquire::Min-ValidTime=1209600
+runtest 'accepted' 'good Min-Valid (bad Until, no Max-Valid)' 'now - 7 days' 'now - 4 days' -o Acquire::Min-ValidTime=1209600
+runtest 'accepted' 'good Min-Valid (bad Until, good Max-Valid) <' 'now - 7 days' 'now - 2 days' -o Acquire::Min-ValidTime=1209600 -o Acquire::Max-ValidTime=2419200
+runtest 'rejected' 'bad Max-Valid (bad Until, good Min-Valid) >' 'now - 7 days' 'now - 2 days' -o Acquire::Max-ValidTime=12096 -o Acquire::Min-ValidTime=2419200
+runtest 'rejected' 'bad Max-Valid (bad Until, bad Min-Valid) <' 'now - 7 days' 'now - 2 days' -o Acquire::Min-ValidTime=12096 -o Acquire::Max-ValidTime=241920
+runtest 'rejected' 'bad Max-Valid (bad Until, bad Min-Valid) >' 'now - 7 days' 'now - 2 days' -o Acquire::Max-ValidTime=12096 -o Acquire::Min-ValidTime=241920
diff --git a/test/integration/test-releasefile-verification b/test/integration/test-releasefile-verification
index 363b7fe5b..469ed34d2 100755
--- a/test/integration/test-releasefile-verification
+++ b/test/integration/test-releasefile-verification
@@ -91,25 +91,9 @@ touch aptarchive/apt.deb
PKGFILE="${TESTDIR}/$(echo "$(basename $0)" | sed 's#^test-#Packages-#')"
-updatesuccess() {
- local LOG='update.log'
- if aptget update >$LOG 2>&1 || grep -q -E '^(W|E): ' $LOG; then
- msgpass
- else
- cat $LOG
- msgfail
- fi
-}
-
-updatefailure() {
- local LOG='update.log'
- aptget update >$LOG 2>&1 || true
- if grep -q -E "$1" $LOG; then
- msgpass
- else
- cat $LOG
- msgfail
- fi
+updatewithwarnings() {
+ testwarning aptget update
+ testsuccess grep -E "$1" rootdir/tmp/testwarning.output
}
runtest() {
@@ -117,8 +101,8 @@ runtest() {
rm -rf rootdir/var/lib/apt/lists
signreleasefiles 'Joe Sixpack'
find aptarchive/ -name "$DELETEFILE" -delete
- msgtest 'Cold archive signed by' 'Joe Sixpack'
- updatesuccess
+ msgmsg 'Cold archive signed by' 'Joe Sixpack'
+ testsuccess aptget update
testsuccessequal "$(cat ${PKGFILE})
" aptcache show apt
installaptold
@@ -126,8 +110,8 @@ runtest() {
prepare ${PKGFILE}-new
signreleasefiles 'Joe Sixpack'
find aptarchive/ -name "$DELETEFILE" -delete
- msgtest 'Good warm archive signed by' 'Joe Sixpack'
- updatesuccess
+ msgmsg 'Good warm archive signed by' 'Joe Sixpack'
+ testsuccess aptget update
testsuccessequal "$(cat ${PKGFILE}-new)
" aptcache show apt
installaptnew
@@ -137,8 +121,8 @@ runtest() {
cp keys/rexexpired.pub rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg
signreleasefiles 'Rex Expired'
find aptarchive/ -name "$DELETEFILE" -delete
- msgtest 'Cold archive signed by' 'Rex Expired'
- updatefailure '^W: .* KEYEXPIRED'
+ msgmsg 'Cold archive signed by' 'Rex Expired'
+ updatewithwarnings '^W: .* KEYEXPIRED'
testsuccessequal "$(cat ${PKGFILE})
" aptcache show apt
failaptold
@@ -148,8 +132,8 @@ runtest() {
rm -rf rootdir/var/lib/apt/lists
signreleasefiles 'Marvin Paranoid'
find aptarchive/ -name "$DELETEFILE" -delete
- msgtest 'Cold archive signed by' 'Marvin Paranoid'
- updatefailure '^W: .* NO_PUBKEY'
+ msgmsg 'Cold archive signed by' 'Marvin Paranoid'
+ updatewithwarnings '^W: .* NO_PUBKEY'
testsuccessequal "$(cat ${PKGFILE})
" aptcache show apt
failaptold
@@ -162,8 +146,8 @@ runtest() {
done
signreleasefiles 'Joe Sixpack'
find aptarchive/ -name "$DELETEFILE" -delete
- msgtest 'Bad warm archive signed by' 'Joe Sixpack'
- updatesuccess
+ msgmsg 'Bad warm archive signed by' 'Joe Sixpack'
+ testsuccess aptget update
testsuccessequal "$(cat ${PKGFILE}-new)
" aptcache show apt
installaptnew
@@ -173,8 +157,8 @@ runtest() {
rm -rf rootdir/var/lib/apt/lists
signreleasefiles 'Joe Sixpack'
find aptarchive/ -name "$DELETEFILE" -delete
- msgtest 'Cold archive signed by' 'Joe Sixpack'
- updatesuccess
+ msgmsg 'Cold archive signed by' 'Joe Sixpack'
+ testsuccess aptget update
testsuccessequal "$(cat ${PKGFILE})
" aptcache show apt
installaptold
@@ -182,8 +166,8 @@ runtest() {
prepare ${PKGFILE}-new
signreleasefiles 'Marvin Paranoid'
find aptarchive/ -name "$DELETEFILE" -delete
- msgtest 'Good warm archive signed by' 'Marvin Paranoid'
- updatefailure '^W: .* NO_PUBKEY'
+ msgmsg 'Good warm archive signed by' 'Marvin Paranoid'
+ updatewithwarnings '^W: .* NO_PUBKEY'
testsuccessequal "$(cat ${PKGFILE})
" aptcache show apt
installaptold
@@ -192,8 +176,8 @@ runtest() {
cp keys/rexexpired.pub rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg
signreleasefiles 'Rex Expired'
find aptarchive/ -name "$DELETEFILE" -delete
- msgtest 'Good warm archive signed by' 'Rex Expired'
- updatefailure '^W: .* KEYEXPIRED'
+ msgmsg 'Good warm archive signed by' 'Rex Expired'
+ updatewithwarnings '^W: .* KEYEXPIRED'
testsuccessequal "$(cat ${PKGFILE})
" aptcache show apt
installaptold
@@ -202,8 +186,8 @@ runtest() {
prepare ${PKGFILE}-new
signreleasefiles
find aptarchive/ -name "$DELETEFILE" -delete
- msgtest 'Good warm archive signed by' 'Joe Sixpack'
- updatesuccess
+ msgmsg 'Good warm archive signed by' 'Joe Sixpack'
+ testsuccess aptget update
testsuccessequal "$(cat ${PKGFILE}-new)
" aptcache show apt
installaptnew
@@ -213,24 +197,24 @@ runtest2() {
prepare ${PKGFILE}
rm -rf rootdir/var/lib/apt/lists
signreleasefiles 'Joe Sixpack'
- msgtest 'Cold archive signed by' 'Joe Sixpack'
- updatesuccess
+ msgmsg 'Cold archive signed by' 'Joe Sixpack'
+ testsuccess aptget update
# New .deb but now an unsigned archive. For example MITM to circumvent
# package verification.
prepare ${PKGFILE}-new
find aptarchive/ -name InRelease -delete
find aptarchive/ -name Release.gpg -delete
- msgtest 'Warm archive signed by' 'nobody'
- updatesuccess
+ msgmsg 'Warm archive signed by' 'nobody'
+ updatewithwarnings 'W: .* no longer signed.'
testsuccessequal "$(cat ${PKGFILE}-new)
" aptcache show apt
failaptnew
# Unsigned archive from the beginning must also be detected.
rm -rf rootdir/var/lib/apt/lists
- msgtest 'Cold archive signed by' 'nobody'
- updatesuccess
+ msgmsg 'Cold archive signed by' 'nobody'
+ updatewithwarnings 'W: .* is not signed.'
testsuccessequal "$(cat ${PKGFILE}-new)
" aptcache show apt
failaptnew