summaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
Diffstat (limited to 'test')
-rw-r--r--test/integration/framework12
-rwxr-xr-xtest/integration/test-apt-cdrom2
-rwxr-xr-xtest/integration/test-cve-2013-1051-InRelease-parsing61
-rwxr-xr-xtest/integration/test-ubuntu-bug-784473-InRelease-one-message-only14
4 files changed, 83 insertions, 6 deletions
diff --git a/test/integration/framework b/test/integration/framework
index 1c4872c8e..86e6ed7c3 100644
--- a/test/integration/framework
+++ b/test/integration/framework
@@ -114,7 +114,7 @@ gdb() {
}
addtrap() {
- CURRENTTRAP="$CURRENTTRAP $1"
+ CURRENTTRAP="$1 $CURRENTTRAP"
trap "$CURRENTTRAP exit;" 0 HUP INT QUIT ILL ABRT FPE SEGV PIPE TERM
}
@@ -328,9 +328,15 @@ Package: $NAME" >> ${BUILDDIR}/debian/control
fi
echo '3.0 (native)' > ${BUILDDIR}/debian/source/format
- local SRCS="$( (cd ${BUILDDIR}/..; dpkg-source -b ${NAME}-${VERSION} 2>&1) | grep '^dpkg-source: info: building' | grep -o '[a-z0-9._+~-]*$')"
- for SRC in $SRCS; do
+ (cd ${BUILDDIR}/..; dpkg-source -b ${NAME}-${VERSION} 2>&1) | sed -n 's#^dpkg-source: info: building [^ ]\+ in ##p' \
+ | while read SRC; do
echo "pool/${SRC}" >> ${BUILDDIR}/../${RELEASE}.${DISTSECTION}.srclist
+# if expr match "${SRC}" '.*\.dsc' >/dev/null 2>&1; then
+# gpg --yes --no-default-keyring --secret-keyring ./keys/joesixpack.sec \
+# --keyring ./keys/joesixpack.pub --default-key 'Joe Sixpack' \
+# --clearsign -o "${BUILDDIR}/../${SRC}.sign" "${BUILDDIR}/../$SRC"
+# mv "${BUILDDIR}/../${SRC}.sign" "${BUILDDIR}/../$SRC"
+# fi
done
for arch in $(echo "$ARCH" | sed -e 's#,#\n#g' | sed -e "s#^native\$#$(getarchitecture 'native')#"); do
diff --git a/test/integration/test-apt-cdrom b/test/integration/test-apt-cdrom
index f24c99b36..f1c4fd9d3 100755
--- a/test/integration/test-apt-cdrom
+++ b/test/integration/test-apt-cdrom
@@ -24,6 +24,8 @@ cat Translation-de | xz --format=lzma > Translation-de.lzma
cat Translation-de | xz > Translation-de.xz
rm Translation-en Translation-de
cd - > /dev/null
+addtrap "chmod -R +w $PWD/rootdir/media/cdrom/dists/;"
+chmod -R -w rootdir/media/cdrom/dists
aptcdrom add -m -o quiet=1 > apt-cdrom.log 2>&1
sed -i -e '/^Using CD-ROM/ d' -e '/gpgv/ d' -e '/^Identifying/ d' -e '/Reading / d' apt-cdrom.log
diff --git a/test/integration/test-cve-2013-1051-InRelease-parsing b/test/integration/test-cve-2013-1051-InRelease-parsing
new file mode 100755
index 000000000..bd68fccf6
--- /dev/null
+++ b/test/integration/test-cve-2013-1051-InRelease-parsing
@@ -0,0 +1,61 @@
+#!/bin/sh
+set -e
+
+TESTDIR=$(readlink -f $(dirname $0))
+. $TESTDIR/framework
+
+setupenvironment
+configarchitecture 'i386'
+
+insertpackage 'stable' 'good-pkg' 'all' '1.0'
+
+setupaptarchive
+
+changetowebserver
+ARCHIVE='http://localhost/'
+msgtest 'Initial apt-get update should work with' 'InRelease'
+aptget update -qq && msgpass || msgfail
+
+# check that the setup is correct
+testequal "good-pkg:
+ Installed: (none)
+ Candidate: 1.0
+ Version table:
+ 1.0 0
+ 500 ${ARCHIVE} stable/main i386 Packages" aptcache policy good-pkg
+
+# now exchange to the Packages file, note that this could be
+# done via MITM too
+insertpackage 'stable' 'bad-mitm' 'all' '1.0'
+
+# this builds compressed files and a new (unsigned) Release
+buildaptarchivefromfiles '+1hour'
+
+# add a space into the BEGIN PGP SIGNATURE PART/END PGP SIGNATURE part
+# to trick apt - this is still legal to gpg(v)
+sed -i '/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ s/^$/ /g' aptarchive/dists/stable/InRelease
+
+# we append the (evil unsigned) Release file to the (good signed) InRelease
+cat aptarchive/dists/stable/Release >> aptarchive/dists/stable/InRelease
+
+
+# ensure the update fails
+# useful for debugging to add "-o Debug::pkgAcquire::auth=true"
+msgtest 'apt-get update for should fail with the modified' 'InRelease'
+aptget update 2>&1 | grep -q 'Hash Sum mismatch' > /dev/null && msgpass || msgfail
+
+# ensure there is no package
+testequal 'Reading package lists...
+Building dependency tree...
+E: Unable to locate package bad-mitm' aptget install bad-mitm -s
+
+# and verify that its not picked up
+testequal 'N: Unable to locate package bad-mitm' aptcache policy bad-mitm -q=0
+
+# and that the right one is used
+testequal "good-pkg:
+ Installed: (none)
+ Candidate: 1.0
+ Version table:
+ 1.0 0
+ 500 ${ARCHIVE} stable/main i386 Packages" aptcache policy good-pkg
diff --git a/test/integration/test-ubuntu-bug-784473-InRelease-one-message-only b/test/integration/test-ubuntu-bug-784473-InRelease-one-message-only
index d97011914..fad5488fb 100755
--- a/test/integration/test-ubuntu-bug-784473-InRelease-one-message-only
+++ b/test/integration/test-ubuntu-bug-784473-InRelease-one-message-only
@@ -26,6 +26,14 @@ MD5Sum:
2182897e0a2a0c09e760beaae117a015 2023 Packages.diff/Index
1b895931853981ad8204d2439821b999 4144 Packages.gz'; echo; cat ${RELEASE}.old;) > ${RELEASE}
done
-aptget update -qq > /dev/null 2> starts-with-unsigned.msg
-sed -i 's#File .*InRelease#File InRelease#' starts-with-unsigned.msg
-testfileequal starts-with-unsigned.msg "W: GPG error: file: unstable InRelease: File InRelease doesn't start with a clearsigned message"
+
+msgtest 'The unsigned garbage before signed block is' 'ignored'
+aptget update -qq > /dev/null 2>&1 && msgpass || msgfail
+
+ROOTDIR="$(readlink -f .)"
+testequal "Package files:
+ 100 ${ROOTDIR}/rootdir/var/lib/dpkg/status
+ release a=now
+ 500 file:${ROOTDIR}/aptarchive/ unstable/main i386 Packages
+ release a=unstable,n=unstable,c=main
+Pinned packages:" aptcache policy