diff options
Diffstat (limited to 'test')
19 files changed, 319 insertions, 172 deletions
diff --git a/test/integration/framework b/test/integration/framework index 7eaa36415..ea577c04e 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -421,6 +421,9 @@ EOF echo 'Acquire::gpgv::Options { "--weak-digest"; "sha1"; };' > rootdir/etc/apt/apt.conf.d/no-sha1 fi + # most tests just need one signed Release file, not both + export APT_DONT_SIGN='Release.gpg' + msgdone "info" } @@ -1134,11 +1137,21 @@ signreleasefiles() { fi local GPG="aptkey --quiet --keyring ${KEY}.pub --secret-keyring ${KEY}.sec --readonly adv --batch --yes --digest-algo ${APT_TESTS_DIGEST_ALGO:-SHA512}" for RELEASE in $(find "${REPODIR}/" -name Release); do - testsuccess $GPG "$@" $SIGUSERS --armor --detach-sign --sign --output "${RELEASE}.gpg" "${RELEASE}" - local INRELEASE="$(echo "${RELEASE}" | sed 's#/Release$#/InRelease#')" - testsuccess $GPG "$@" $SIGUSERS --clearsign --output "$INRELEASE" "$RELEASE" # we might have set a specific date for the Release file, so copy it - touch -d "$(stat --format "%y" ${RELEASE})" "${RELEASE}.gpg" "${INRELEASE}" + local DATE="$(stat --format "%y" "${RELEASE}")" + if [ "$APT_DONT_SIGN" = 'Release.gpg' ]; then + rm -f "${RELEASE}.gpg" + else + testsuccess $GPG "$@" $SIGUSERS --armor --detach-sign --sign --output "${RELEASE}.gpg" "${RELEASE}" + touch -d "$DATE" "${RELEASE}.gpg" + fi + local INRELEASE="${RELEASE%/*}/InRelease" + if [ "$APT_DONT_SIGN" = 'InRelease' ]; then + rm -f "$INRELEASE" + else + testsuccess $GPG "$@" $SIGUSERS --clearsign --output "$INRELEASE" "$RELEASE" + touch -d "$DATE" "${INRELEASE}" + fi done if [ -f "$SECEXPIREBAK" ] && [ -f "$PUBEXPIREBAK" ]; then mv -f "$SECEXPIREBAK" "${REXKEY}.sec" @@ -1684,8 +1697,9 @@ testfailure() { local EXITCODE=$? if expr match "$1" '^apt.*' >/dev/null; then if [ "$1" = 'aptkey' ]; then - if grep -q -E " Can't check signature: " "$OUTPUT" || \ - grep -q -E " BAD signature from " "$OUTPUT"; then + if grep -q " Can't check signature: + BAD signature from + signature could not be verified" "$OUTPUT"; then msgpass else msgfailoutput "run failed with exitcode ${EXITCODE}, but no signature error" "$OUTPUT" "$@" diff --git a/test/integration/test-apt-acquire-additional-files b/test/integration/test-apt-acquire-additional-files index afeeadd4f..ff04b6346 100755 --- a/test/integration/test-apt-acquire-additional-files +++ b/test/integration/test-apt-acquire-additional-files @@ -51,15 +51,15 @@ readfile() { done } -testequal "$(readfile Contents-amd64 Contents-all)" aptget indextargets --no-release-info --format '$(FILENAME)' 'Created-By: Contents' -testempty aptget indextargets --format '$(FILENAME)' 'Created-By: Contents' +testequal "$(readfile Contents-amd64 Contents-all)" aptget indextargets --no-release-info --format '$(FILENAME)' 'Identifier: Contents' +testempty aptget indextargets --format '$(FILENAME)' 'Identifier: Contents' # lets fake the existence of a compressed Contents file touch "./rootdir/var/lib/apt/lists/localhost:${APTHTTPPORT}_dists_unstable_main_Contents-amd64.gz" chmod 644 "./rootdir/var/lib/apt/lists/localhost:${APTHTTPPORT}_dists_unstable_main_Contents-amd64.gz" -testequal "$(readfile Contents-amd64.gz)" aptget indextargets --format '$(FILENAME)' 'Created-By: Contents' +testequal "$(readfile Contents-amd64.gz)" aptget indextargets --format '$(FILENAME)' 'Identifier: Contents' touch "./rootdir/var/lib/apt/lists/localhost:${APTHTTPPORT}_dists_unstable_main_Contents-all.gz" chmod 644 "./rootdir/var/lib/apt/lists/localhost:${APTHTTPPORT}_dists_unstable_main_Contents-all.gz" -testequal "$(readfile Contents-amd64.gz Contents-all.gz)" aptget indextargets --format '$(FILENAME)' 'Created-By: Contents' +testequal "$(readfile Contents-amd64.gz Contents-all.gz)" aptget indextargets --format '$(FILENAME)' 'Identifier: Contents' testequal "'http://localhost:${APTHTTPPORT}/dists/unstable/InRelease' localhost:${APTHTTPPORT}_dists_unstable_InRelease 0 'http://localhost:${APTHTTPPORT}/dists/unstable/main/source/Sources.xz' localhost:${APTHTTPPORT}_dists_unstable_main_source_Sources 0 @@ -72,7 +72,7 @@ testequal "'http://localhost:${APTHTTPPORT}/dists/unstable/InRelease' localhost: # apt believes the Contents files we faked are good testsuccessequal "Hit:1 http://localhost:${APTHTTPPORT} unstable InRelease Reading package lists..." aptget update -testequal "$(readfile Contents-amd64.gz Contents-all.gz)" aptget indextargets --format '$(FILENAME)' 'Created-By: Contents' +testequal "$(readfile Contents-amd64.gz Contents-all.gz)" aptget indextargets --format '$(FILENAME)' 'Identifier: Contents' find rootdir/var/lib/apt/lists -name '*Contents*' -delete @@ -91,13 +91,13 @@ Reading package lists..." aptget update testequal "rootdir/var/lib/apt/lists/localhost:${APTHTTPPORT}_dists_unstable_main_Contents-amd64" find rootdir/var/lib/apt/lists -name '*Contents-amd64*' testequal "rootdir/var/lib/apt/lists/localhost:${APTHTTPPORT}_dists_unstable_main_Contents-all" find rootdir/var/lib/apt/lists -name '*Contents-all*' -testequal "$(readfile Contents-amd64 Contents-all)" aptget indextargets --format '$(FILENAME)' 'Created-By: Contents' +testequal "$(readfile Contents-amd64 Contents-all)" aptget indextargets --format '$(FILENAME)' 'Identifier: Contents' testsuccess cmp "rootdir/var/lib/apt/lists/localhost:${APTHTTPPORT}_dists_unstable_main_Contents-amd64" 'aptarchive/dists/unstable/main/Contents-amd64' testsuccess cmp "rootdir/var/lib/apt/lists/localhost:${APTHTTPPORT}_dists_unstable_main_Contents-all" 'aptarchive/dists/unstable/main/Contents-all' rm ./rootdir/var/lib/apt/lists/localhost:${APTHTTPPORT}_dists_unstable_main_Contents-amd64 \ ./rootdir/var/lib/apt/lists/localhost:${APTHTTPPORT}_dists_unstable_main_Contents-all -testempty aptget indextargets --format '$(FILENAME)' 'Created-By: Contents' +testempty aptget indextargets --format '$(FILENAME)' 'Identifier: Contents' # if we asked for keeping it compressed, keep it msgmsg "Normal Contents file with KeepCompressed" @@ -109,13 +109,13 @@ Reading package lists..." aptget update testequal "rootdir/var/lib/apt/lists/localhost:${APTHTTPPORT}_dists_unstable_main_Contents-amd64.$LOWCOSTEXT" find rootdir/var/lib/apt/lists -name '*Contents-amd64*' testequal "rootdir/var/lib/apt/lists/localhost:${APTHTTPPORT}_dists_unstable_main_Contents-all.$LOWCOSTEXT" find rootdir/var/lib/apt/lists -name '*Contents-all*' -testequal "$(readfile Contents-amd64.$LOWCOSTEXT Contents-all.$LOWCOSTEXT)" aptget indextargets --format '$(FILENAME)' 'Created-By: Contents' +testequal "$(readfile Contents-amd64.$LOWCOSTEXT Contents-all.$LOWCOSTEXT)" aptget indextargets --format '$(FILENAME)' 'Identifier: Contents' testequal "$(apthelper cat-file rootdir/var/lib/apt/lists/localhost:${APTHTTPPORT}_dists_unstable_main_Contents-amd64.$LOWCOSTEXT)" apthelper cat-file 'aptarchive/dists/unstable/main/Contents-amd64.gz' testequal "$(apthelper cat-file rootdir/var/lib/apt/lists/localhost:${APTHTTPPORT}_dists_unstable_main_Contents-all.$LOWCOSTEXT)" apthelper cat-file 'aptarchive/dists/unstable/main/Contents-all.gz' rm ./rootdir/var/lib/apt/lists/localhost:${APTHTTPPORT}_dists_unstable_main_Contents-amd64.$LOWCOSTEXT rm ./rootdir/var/lib/apt/lists/localhost:${APTHTTPPORT}_dists_unstable_main_Contents-all.$LOWCOSTEXT -testempty aptget indextargets --format '$(FILENAME)' 'Created-By: Contents' +testempty aptget indextargets --format '$(FILENAME)' 'Identifier: Contents' msgmsg "Compressed Contents file" # and no automatic uncompress based on the name please, @@ -128,8 +128,9 @@ Acquire::IndexTargets::deb::Contents { }; EOF -# the last line is utter bogus of course, but how should apt know… -testequal "'http://localhost:${APTHTTPPORT}/dists/unstable/InRelease' localhost:${APTHTTPPORT}_dists_unstable_InRelease 0 +runthistest() { + # the last lines are utter bogus of course, but how should apt know… + testequal "'http://localhost:${APTHTTPPORT}/dists/unstable/InRelease' localhost:${APTHTTPPORT}_dists_unstable_InRelease 0 'http://localhost:${APTHTTPPORT}/dists/unstable/main/source/Sources.xz' localhost:${APTHTTPPORT}_dists_unstable_main_source_Sources 0 'http://localhost:${APTHTTPPORT}/dists/unstable/main/binary-amd64/Packages.xz' localhost:${APTHTTPPORT}_dists_unstable_main_binary-amd64_Packages 0 'http://localhost:${APTHTTPPORT}/dists/unstable/main/binary-all/Packages.xz' localhost:${APTHTTPPORT}_dists_unstable_main_binary-all_Packages 0 @@ -137,17 +138,82 @@ testequal "'http://localhost:${APTHTTPPORT}/dists/unstable/InRelease' localhost: 'http://localhost:${APTHTTPPORT}/dists/unstable/main/Contents-amd64.gz.xz' localhost:${APTHTTPPORT}_dists_unstable_main_Contents-amd64.gz 0 'http://localhost:${APTHTTPPORT}/dists/unstable/main/Contents-all.gz.xz' localhost:${APTHTTPPORT}_dists_unstable_main_Contents-all.gz 0 " aptget update --print-uris -testsuccessequal "Hit:1 http://localhost:${APTHTTPPORT} unstable InRelease + testsuccessequal "Hit:1 http://localhost:${APTHTTPPORT} unstable InRelease Get:2 http://localhost:${APTHTTPPORT} unstable/main amd64 Contents.gz [$(stat -c%s aptarchive/dists/unstable/main/Contents-amd64.gz) B] Get:3 http://localhost:${APTHTTPPORT} unstable/main all Contents.gz [$(stat -c%s aptarchive/dists/unstable/main/Contents-all.gz) B] Reading package lists..." aptget update -testequal "rootdir/var/lib/apt/lists/localhost:${APTHTTPPORT}_dists_unstable_main_Contents-amd64.gz" find rootdir/var/lib/apt/lists -name '*Contents-amd64*' -testequal "rootdir/var/lib/apt/lists/localhost:${APTHTTPPORT}_dists_unstable_main_Contents-all.gz" find rootdir/var/lib/apt/lists -name '*Contents-all*' -testequal "$(readfile Contents-amd64.gz Contents-all.gz)" aptget indextargets --format '$(FILENAME)' 'Created-By: Contents' -testsuccess cmp "rootdir/var/lib/apt/lists/localhost:${APTHTTPPORT}_dists_unstable_main_Contents-amd64.gz" 'aptarchive/dists/unstable/main/Contents-amd64.gz' -testsuccess cmp "rootdir/var/lib/apt/lists/localhost:${APTHTTPPORT}_dists_unstable_main_Contents-all.gz" 'aptarchive/dists/unstable/main/Contents-all.gz' + testequal "rootdir/var/lib/apt/lists/localhost:${APTHTTPPORT}_dists_unstable_main_Contents-amd64.gz" find rootdir/var/lib/apt/lists -name '*Contents-amd64*' + testequal "rootdir/var/lib/apt/lists/localhost:${APTHTTPPORT}_dists_unstable_main_Contents-all.gz" find rootdir/var/lib/apt/lists -name '*Contents-all*' + testequal "$(readfile Contents-amd64.gz Contents-all.gz)" aptget indextargets --format '$(FILENAME)' 'Identifier: Contents' + testsuccess cmp "rootdir/var/lib/apt/lists/localhost:${APTHTTPPORT}_dists_unstable_main_Contents-amd64.gz" 'aptarchive/dists/unstable/main/Contents-amd64.gz' + testsuccess cmp "rootdir/var/lib/apt/lists/localhost:${APTHTTPPORT}_dists_unstable_main_Contents-all.gz" 'aptarchive/dists/unstable/main/Contents-all.gz' +} +runthistest + +msgmsg "Compressed Contents file from native architecture" +echo 'Acquire::IndexTargets::deb::Contents::MetaKey "$(COMPONENT)/Contents-$(NATIVE_ARCHITECTURE).gz";' >> rootdir/etc/apt/apt.conf.d/content-target.conf +rm ./rootdir/var/lib/apt/lists/localhost:${APTHTTPPORT}_dists_unstable_main_Contents-amd64.gz +rm ./rootdir/var/lib/apt/lists/localhost:${APTHTTPPORT}_dists_unstable_main_Contents-all.gz +testempty aptget indextargets --format '$(FILENAME)' 'Identifier: Contents' +runthistest + +msgmsg "Contents with 3 MetaKeys, first match" +rm ./rootdir/var/lib/apt/lists/localhost:${APTHTTPPORT}_dists_unstable_main_Contents-amd64.gz +rm ./rootdir/var/lib/apt/lists/localhost:${APTHTTPPORT}_dists_unstable_main_Contents-all.gz +testempty aptget indextargets --format '$(FILENAME)' 'Identifier: Contents' +cat > rootdir/etc/apt/apt.conf.d/content-target.conf <<EOF +Acquire::IndexTargets::deb::Contents3 { + MetaKey "main/Contents-all"; + ShortDescription "Contents3"; + Description "\$(RELEASE) all Contents3"; + Fallback-Of "Contents2"; + Identifier "Contents"; +}; +Acquire::IndexTargets::deb::Contents { + MetaKey "\$(COMPONENT)/Contents-amd64"; + ShortDescription "Contents"; + Description "\$(RELEASE)/\$(COMPONENT) amd64 Contents"; +}; +Acquire::IndexTargets::deb::Contents2 { + MetaKey "Contents-all"; + ShortDescription "Contents2"; + Description "\$(RELEASE) all Contents2"; + Fallback-Of "Contents"; + Identifier "Contents"; +}; +EOF +testequal "'http://localhost:${APTHTTPPORT}/dists/unstable/InRelease' localhost:${APTHTTPPORT}_dists_unstable_InRelease 0 +'http://localhost:${APTHTTPPORT}/dists/unstable/main/source/Sources.xz' localhost:${APTHTTPPORT}_dists_unstable_main_source_Sources 0 +'http://localhost:${APTHTTPPORT}/dists/unstable/main/binary-amd64/Packages.xz' localhost:${APTHTTPPORT}_dists_unstable_main_binary-amd64_Packages 0 +'http://localhost:${APTHTTPPORT}/dists/unstable/main/binary-all/Packages.xz' localhost:${APTHTTPPORT}_dists_unstable_main_binary-all_Packages 0 +'http://localhost:${APTHTTPPORT}/dists/unstable/main/i18n/Translation-en.xz' localhost:${APTHTTPPORT}_dists_unstable_main_i18n_Translation-en 0 +'http://localhost:${APTHTTPPORT}/dists/unstable/main/Contents-amd64.xz' localhost:${APTHTTPPORT}_dists_unstable_main_Contents-amd64 0 " aptget update --print-uris +testsuccessequal "Hit:1 http://localhost:${APTHTTPPORT} unstable InRelease +Get:2 http://localhost:${APTHTTPPORT} unstable/main amd64 Contents [$(stat -c%s aptarchive/dists/unstable/main/Contents-amd64.gz) B] +Reading package lists..." aptget update +testequal "rootdir/var/lib/apt/lists/localhost:${APTHTTPPORT}_dists_unstable_main_Contents-amd64" find rootdir/var/lib/apt/lists -name '*Contents*' +testequal "$(readfile Contents-amd64)" aptget indextargets --format '$(FILENAME)' 'Identifier: Contents' +testsuccess cmp "rootdir/var/lib/apt/lists/localhost:${APTHTTPPORT}_dists_unstable_main_Contents-amd64" 'aptarchive/dists/unstable/main/Contents-amd64' + +msgmsg "Contents with 3 MetaKeys, third match" +rm ./rootdir/var/lib/apt/lists/localhost:${APTHTTPPORT}_dists_unstable_main_Contents-amd64 +testempty aptget indextargets --format '$(FILENAME)' 'Identifier: Contents' +echo 'Acquire::IndexTargets::deb::Contents::MetaKey "$(COMPONENT)/Contents-i386";' >> rootdir/etc/apt/apt.conf.d/content-target.conf +testequal "'http://localhost:${APTHTTPPORT}/dists/unstable/InRelease' localhost:${APTHTTPPORT}_dists_unstable_InRelease 0 +'http://localhost:${APTHTTPPORT}/dists/unstable/main/source/Sources.xz' localhost:${APTHTTPPORT}_dists_unstable_main_source_Sources 0 +'http://localhost:${APTHTTPPORT}/dists/unstable/main/binary-amd64/Packages.xz' localhost:${APTHTTPPORT}_dists_unstable_main_binary-amd64_Packages 0 +'http://localhost:${APTHTTPPORT}/dists/unstable/main/binary-all/Packages.xz' localhost:${APTHTTPPORT}_dists_unstable_main_binary-all_Packages 0 +'http://localhost:${APTHTTPPORT}/dists/unstable/main/i18n/Translation-en.xz' localhost:${APTHTTPPORT}_dists_unstable_main_i18n_Translation-en 0 +'http://localhost:${APTHTTPPORT}/dists/unstable/main/Contents-i386.xz' localhost:${APTHTTPPORT}_dists_unstable_main_Contents-i386 0 " aptget update --print-uris +testsuccessequal "Hit:1 http://localhost:${APTHTTPPORT} unstable InRelease +Get:2 http://localhost:${APTHTTPPORT} unstable all Contents3 [$(stat -c%s aptarchive/dists/unstable/main/Contents-all.gz) B] +Reading package lists..." aptget update +testequal "rootdir/var/lib/apt/lists/localhost:${APTHTTPPORT}_dists_unstable_main_Contents-all" find rootdir/var/lib/apt/lists -name '*Contents*' +testequal "$(readfile Contents-all)" aptget indextargets --format '$(FILENAME)' 'Identifier: Contents' +testsuccess cmp "rootdir/var/lib/apt/lists/localhost:${APTHTTPPORT}_dists_unstable_main_Contents-all" 'aptarchive/dists/unstable/main/Contents-all' +rm ./rootdir/var/lib/apt/lists/localhost:${APTHTTPPORT}_dists_unstable_main_Contents-all rm -f rootdir/etc/apt/apt.conf.d/content-target.conf msgmsg "No Contents file" diff --git a/test/integration/test-apt-key b/test/integration/test-apt-key index ddb9bf9d2..666136098 100755 --- a/test/integration/test-apt-key +++ b/test/integration/test-apt-key @@ -179,10 +179,14 @@ gpg: unchanged: 1' aptkey --fakeroot update cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg msgtest 'Test signing a file' 'with a key' echo 'Verify me. This is my signature.' > signature + echo 'lalalalala' > signature2 testsuccess --nomsg aptkey --quiet --keyring keys/marvinparanoid.pub --secret-keyring keys/marvinparanoid.sec --readonly \ adv --batch --yes --default-key 'Marvin' --armor --detach-sign --sign --output signature.gpg signature testsuccess test -s signature.gpg -a -s signature + msgtest 'Test verify a file' 'with no sig' + testfailure --nomsg aptkey --quiet --readonly --keyring keys/testcase-multikey.pub verify signature signature2 + for GPGV in '' 'gpgv' 'gpgv2'; do echo "APT::Key::GPGVCommand \"$GPGV\";" > rootdir/etc/apt/apt.conf.d/00gpgvcmd @@ -210,7 +214,6 @@ gpg: unchanged: 1' aptkey --fakeroot update testfailure --nomsg aptkey --quiet --readonly --keyid 'Kalnischkies' verify signature.gpg signature msgtest 'Test verify fails on' 'bad file' - echo 'lalalalala' > signature2 testfailure --nomsg aptkey --quiet --readonly verify signature.gpg signature2 done rm -f rootdir/etc/apt/apt.conf.d/00gpgvcmd @@ -257,7 +260,6 @@ gpg: unchanged: 1' aptkey --fakeroot update testfailure --nomsg aptkey --quiet --readonly --keyid 'Kalnischkies' verify signature.gpg signature msgtest 'Test verify fails on' 'bad doublesigned file' - echo 'lalalalala' > signature2 testfailure --nomsg aptkey --quiet --readonly verify signature.gpg signature2 done rm -f rootdir/etc/apt/apt.conf.d/00gpgvcmd diff --git a/test/integration/test-apt-key-used-in-maintainerscript b/test/integration/test-apt-key-used-in-maintainerscript new file mode 100755 index 000000000..e5e96963f --- /dev/null +++ b/test/integration/test-apt-key-used-in-maintainerscript @@ -0,0 +1,34 @@ +#!/bin/sh +set -e + +TESTDIR="$(readlink -f "$(dirname "$0")")" +. "$TESTDIR/framework" + +setupenvironment +configarchitecture 'native' +configdpkgnoopchroot + +buildingpkg() { + local PKG="$1" + shift + setupsimplenativepackage "$PKG" 'native' '1' 'unstable' "$@" + BUILDDIR="incoming/${PKG}-1" + echo '#!/bin/sh +apt-key list' > "${BUILDDIR}/debian/postinst" + buildpackage "$BUILDDIR" 'unstable' 'main' 'native' + rm -rf "$BUILDDIR" +} +buildingpkg 'aptkeyuser-nodepends' 'Depends: unrelated' +buildingpkg 'aptkeyuser-depends' 'Depends: gnupg' + +setupaptarchive + +insertinstalledpackage 'unrelated' 'native' '1' +insertinstalledpackage 'gnupg' 'native' '1' + +testsuccess apt install aptkeyuser-depends -y +testfailure grep '^Warning: This will BREAK' rootdir/tmp/testsuccess.output + +testsuccess apt install aptkeyuser-nodepends -y +cp rootdir/tmp/testsuccess.output apt.output +testsuccess grep '^Warning: This will BREAK' apt.output diff --git a/test/integration/test-apt-update-expected-size b/test/integration/test-apt-update-expected-size index ee0eae981..f7b825d98 100755 --- a/test/integration/test-apt-update-expected-size +++ b/test/integration/test-apt-update-expected-size @@ -10,6 +10,7 @@ configcompression '.' 'gz' insertpackage 'unstable' 'apt' 'i386' '1.0' +export APT_DONT_SIGN='' setupaptarchive --no-update cp -a aptarchive/dists aptarchive/dists.good diff --git a/test/integration/test-apt-update-ims b/test/integration/test-apt-update-ims index 9635d8dd6..e1ffd5240 100755 --- a/test/integration/test-apt-update-ims +++ b/test/integration/test-apt-update-ims @@ -10,6 +10,7 @@ insertpackage 'unstable' 'unrelated' 'all' '0.5~squeeze1' insertpackage 'unstable' 'unrelated2' 'amd64' '0.5~squeeze1' insertsource 'unstable' 'unrelated' 'all' '0.5~squeeze1' +export APT_DONT_SIGN="" setupaptarchive --no-update changetowebserver diff --git a/test/integration/test-apt-update-nofallback b/test/integration/test-apt-update-nofallback index d9166eefd..c8a008214 100755 --- a/test/integration/test-apt-update-nofallback +++ b/test/integration/test-apt-update-nofallback @@ -9,8 +9,7 @@ set -e simulate_mitm_and_inject_evil_package() { redatereleasefiles '+1 hour' - rm -f "$APTARCHIVE/dists/unstable/InRelease" - rm -f "$APTARCHIVE/dists/unstable/Release.gpg" + rm -f "$APTARCHIVE/dists/unstable/InRelease" "$APTARCHIVE/dists/unstable/Release.gpg" inject_evil_package } @@ -59,7 +58,7 @@ setupaptarchive_with_lists_clean() test_from_inrelease_to_unsigned() { - # setup archive with InRelease file + export APT_DONT_SIGN='Release.gpg' setupaptarchive_with_lists_clean testsuccess aptget update listcurrentlistsdirectory > lists.before @@ -71,9 +70,8 @@ test_from_inrelease_to_unsigned() test_from_release_gpg_to_unsigned() { - # setup archive with Release/Release.gpg (but no InRelease) + export APT_DONT_SIGN='InRelease' setupaptarchive_with_lists_clean - rm "$APTARCHIVE/dists/unstable/InRelease" testsuccess aptget update listcurrentlistsdirectory > lists.before @@ -84,6 +82,7 @@ test_from_release_gpg_to_unsigned() test_from_inrelease_to_unsigned_with_override() { + export APT_DONT_SIGN='Release.gpg' # setup archive with InRelease file setupaptarchive_with_lists_clean testsuccess aptget update @@ -120,17 +119,16 @@ test_cve_2012_0214() # # Still worth having a regression test the simulates the condition - # setup archive with InRelease + export APT_DONT_SIGN='Release.gpg' setupaptarchive_with_lists_clean testsuccess aptget update listcurrentlistsdirectory > lists.before # do what CVE-2012-0214 did - rm "$APTARCHIVE/dists/unstable/InRelease" - rm "$APTARCHIVE/dists/unstable/Release.gpg" + rm -f "$APTARCHIVE/dists/unstable/InRelease" "$APTARCHIVE/dists/unstable/Release.gpg" inject_evil_package # build valid Release file - aptftparchive -qq release ./aptarchive > aptarchive/dists/unstable/Release + aptftparchive -qq release ./aptarchive > aptarchive/dists/unstable/Release assert_update_is_refused_and_last_good_state_used testfileequal lists.before "$(listcurrentlistsdirectory)" @@ -141,7 +139,7 @@ test_cve_2012_0214() test_subvert_inrelease() { - # setup archive with InRelease + export APT_DONT_SIGN='Release.gpg' setupaptarchive_with_lists_clean testsuccess aptget update listcurrentlistsdirectory > lists.before @@ -159,7 +157,7 @@ E: Some index files failed to download. They have been ignored, or old ones used test_inrelease_to_invalid_inrelease() { - # setup archive with InRelease + export APT_DONT_SIGN='Release.gpg' setupaptarchive_with_lists_clean testsuccess aptget update listcurrentlistsdirectory > lists.before @@ -180,9 +178,8 @@ W: Some index files failed to download. They have been ignored, or old ones used test_release_gpg_to_invalid_release_release_gpg() { - # setup archive with InRelease + export APT_DONT_SIGN='InRelease' setupaptarchive_with_lists_clean - rm "$APTARCHIVE/dists/unstable/InRelease" testsuccess aptget update listcurrentlistsdirectory > lists.before diff --git a/test/integration/test-apt-update-not-modified b/test/integration/test-apt-update-not-modified index c81a05b2c..a164a213d 100755 --- a/test/integration/test-apt-update-not-modified +++ b/test/integration/test-apt-update-not-modified @@ -10,6 +10,7 @@ confighashes 'SHA256' insertpackage 'unstable' 'apt' 'amd64,i386' '1.0' +export APT_DONT_SIGN='' setupaptarchive --no-update methodtest() { diff --git a/test/integration/test-apt-update-rollback b/test/integration/test-apt-update-rollback index d343baeae..643798bec 100755 --- a/test/integration/test-apt-update-rollback +++ b/test/integration/test-apt-update-rollback @@ -82,8 +82,7 @@ test_inrelease_to_valid_release() { add_new_package '+1hour' # switch to a unsigned repo now - rm "$APTARCHIVE/dists/unstable/InRelease" - rm "$APTARCHIVE/dists/unstable/Release.gpg" + rm -f "$APTARCHIVE/dists/unstable/InRelease" "$APTARCHIVE/dists/unstable/Release.gpg" # update fails testfailureequal "E: The repository 'file:${APTARCHIVE} unstable Release' is no longer signed." aptget update -qq @@ -102,8 +101,7 @@ test_inrelease_to_release_reverts_all() { # switch to a unsigned repo now add_new_package '+1hour' - rm "$APTARCHIVE/dists/unstable/InRelease" - rm "$APTARCHIVE/dists/unstable/Release.gpg" + rm -f "$APTARCHIVE/dists/unstable/InRelease" "$APTARCHIVE/dists/unstable/Release.gpg" # break it break_repository_sources_index '+1hour' @@ -122,8 +120,7 @@ test_inrelease_to_release_reverts_all() { test_unauthenticated_to_invalid_inrelease() { msgmsg 'Test UnAuthenticated to invalid InRelease reverts everything' create_fresh_archive - rm "$APTARCHIVE/dists/unstable/InRelease" - rm "$APTARCHIVE/dists/unstable/Release.gpg" + rm -f "$APTARCHIVE/dists/unstable/InRelease" "$APTARCHIVE/dists/unstable/Release.gpg" testwarning aptget update --allow-insecure-repositories listcurrentlistsdirectory > lists.before @@ -191,9 +188,8 @@ TESTDIR="$(readlink -f "$(dirname "$0")")" setupenvironment configarchitecture "i386" +export APT_DONT_SIGN='Release.gpg' -# setup the archive and ensure we have a single package that installs fine -setupaptarchive APTARCHIVE="$(readlink -f ./aptarchive)" ROOTDIR="${TMPWORKINGDIRECTORY}/rootdir" APTARCHIVE_LISTS="$(echo "$APTARCHIVE" | tr "/" "_" )" diff --git a/test/integration/test-bug-633350-do-not-kill-last-char-in-Release b/test/integration/test-bug-633350-do-not-kill-last-char-in-Release index c0802e8b5..d7dd261f6 100755 --- a/test/integration/test-bug-633350-do-not-kill-last-char-in-Release +++ b/test/integration/test-bug-633350-do-not-kill-last-char-in-Release @@ -8,20 +8,9 @@ configarchitecture 'amd64' insertpackage 'unstable' 'cool' 'amd64' '1.0' +export APT_DONT_SIGN='InRelease' setupaptarchive --no-update echo 'NotAutomatic: yes' >> aptarchive/dists/unstable/Release - signreleasefiles -find aptarchive/dists -name 'InRelease' -delete - -rm -rf rootdir/var/lib/apt/lists - -OUTPUT="$(aptget update 2>&1)" -msgtest 'Check that parsing happens without warnings' 'with missing newline' -if echo "${OUTPUT}" | grep '^W:' > /dev/null; then - msgfail - echo "${OUTPUT}" -else - msgpass -fi +testsuccess aptget update diff --git a/test/integration/test-handle-redirect-as-used-mirror-change b/test/integration/test-handle-redirect-as-used-mirror-change index e9370930a..2f6431e66 100755 --- a/test/integration/test-handle-redirect-as-used-mirror-change +++ b/test/integration/test-handle-redirect-as-used-mirror-change @@ -9,6 +9,7 @@ configcompression '.' 'gz' buildsimplenativepackage 'unrelated' 'all' '0.5~squeeze1' 'unstable' +export APT_DONT_SIGN='' setupaptarchive --no-update changetowebserver webserverconfig 'aptwebserver::redirect::replace::/redirectme/' "http://0.0.0.0:${APTHTTPPORT}/" @@ -37,3 +38,27 @@ Location: http://0.0.0.0:${APTHTTPPORT}/dists/unstable/InRelease Location: http://0.0.0.0:${APTHTTPPORT}/dists/unstable/main/source/Sources.gz Location: http://0.0.0.0:${APTHTTPPORT}/dists/unstable/main/binary-all/Packages.gz Location: http://0.0.0.0:${APTHTTPPORT}/dists/unstable/main/i18n/Translation-en.gz" grep '^Location:' aptarchive/webserver.log + +cd downloaded +testsuccess apthelper download-file "http://localhost:${APTHTTPPORT}/redirectme/dists/unstable/InRelease" inrelease +testsuccess test -s inrelease +cd - >/dev/null + +find aptarchive -name 'InRelease' -delete +rm -rf rootdir/var/lib/apt/lists + +testsuccessequal "Ign:1 http://0.0.0.0:${APTHTTPPORT} unstable InRelease + 404 Not Found +Get:2 http://0.0.0.0:${APTHTTPPORT} unstable Release [$(stat -c %s aptarchive/dists/unstable/Release) B] +Get:3 http://0.0.0.0:${APTHTTPPORT} unstable Release.gpg [$(stat -c %s aptarchive/dists/unstable/Release.gpg) B] +Get:4 http://0.0.0.0:${APTHTTPPORT} unstable/main Sources [$(stat -c %s aptarchive/dists/unstable/main/source/Sources.gz) B] +Get:5 http://0.0.0.0:${APTHTTPPORT} unstable/main all Packages [$(stat -c %s aptarchive/dists/unstable/main/binary-all/Packages.gz) B] +Get:6 http://0.0.0.0:${APTHTTPPORT} unstable/main Translation-en [$(stat -c %s aptarchive/dists/unstable/main/i18n/Translation-en.gz) B] +Reading package lists..." aptget update + +testsuccessequal "Ign:1 http://0.0.0.0:${APTHTTPPORT} unstable InRelease + 404 Not Found +Hit:2 http://0.0.0.0:${APTHTTPPORT} unstable Release +Reading package lists..." aptget update + + diff --git a/test/integration/test-hashsum-verification b/test/integration/test-hashsum-verification index a31be6bcb..a514b85e2 100755 --- a/test/integration/test-hashsum-verification +++ b/test/integration/test-hashsum-verification @@ -44,19 +44,14 @@ SHA256: xb306e66e5e6a7169c8d281a888539d1fdca9cecc99ae605717df579d5b9c166 527 Packages.lzma x9585d0e66b74c9385727fbea11fea9ab33c716b18a32f3036f037a2b9b57120 572 Packages.xz EOF - cp aptarchive/Release aptarchive/InRelease } -# fake our downloadable file -touch aptarchive/apt.deb - PKGFILE="${TESTDIR}/$(echo "$(basename $0)" | sed 's#^test-#Packages-#')" runtest() { prepare "${PKGFILE}" rm -rf rootdir/var/lib/apt/lists signreleasefiles 'Joe Sixpack' - find aptarchive/ -name "$DELETEFILE" -delete # test signed release file msgtest 'apt-get update gets the expected hashsum mismatch' @@ -65,12 +60,12 @@ runtest() { msgtest 'No package from the source available' testfailureequal --nomsg 'N: Unable to locate package apt E: No packages found' aptcache show apt - msgtest 'No Packages file in /var/lib/apt/lists' - [ "$(ls rootdir/var/lib/apt/lists/*Package* 2>/dev/null | grep -v FAILED 2>/dev/null)" = "" ] && msgpass || msgfail - + msgtest 'No Packages file in /var/lib/apt/lists' + testempty find rootdir/var/lib/apt/lists -maxdepth 1 -name '*Package*' + # now with the unsigned Release file rm -rf rootdir/var/lib/apt/lists - rm aptarchive/InRelease aptarchive/Release.gpg + rm -f aptarchive/InRelease aptarchive/Release.gpg msgtest 'unsigned apt-get update gets the expected hashsum mismatch' testfailure --nomsg aptget update --allow-insecure-repositories testsuccess grep "Hash Sum mismatch" rootdir/tmp/testfailure.output @@ -83,6 +78,5 @@ for COMPRESSEDINDEXES in 'false' 'true'; do else msgmsg 'Run tests with GzipIndexes disabled' fi - runtest done diff --git a/test/integration/test-releasefile-date-older b/test/integration/test-releasefile-date-older index 2d6746b10..e38ddc3c5 100755 --- a/test/integration/test-releasefile-date-older +++ b/test/integration/test-releasefile-date-older @@ -26,40 +26,43 @@ testsuccess aptget update testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)" msgmsg 'Release.gpg file is silently rejected if' 'new Date is before old Date' +export APT_DONT_SIGN='InRelease' rm -rf rootdir/var/lib/apt/lists generatereleasefiles 'now' 'now + 7 days' signreleasefiles -find aptarchive -name 'InRelease' -delete testsuccess aptget update listcurrentlistsdirectory > listsdir.lst redatereleasefiles 'now - 2 days' -find aptarchive -name 'InRelease' -delete testsuccess aptget update testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)" +unset APT_DONT_SIGN msgmsg 'Crisscross InRelease/Release.gpg file is silently rejected if' 'new Date is before old Date' +export APT_DONT_SIGN='Release.gpg' rm -rf rootdir/var/lib/apt/lists generatereleasefiles 'now' 'now + 7 days' signreleasefiles -find aptarchive -name 'Release.gpg' -delete testsuccess aptget update +export APT_DONT_SIGN='InRelease' listcurrentlistsdirectory > listsdir.lst redatereleasefiles 'now - 2 days' -find aptarchive -name 'InRelease' -delete testsuccess aptget update testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)" +unset APT_DONT_SIGN msgmsg 'Crisscross Release.gpg/InRelease file is silently rejected if' 'new Date is before old Date' +export APT_DONT_SIGN='InRelease' rm -rf rootdir/var/lib/apt/lists generatereleasefiles 'now' 'now + 7 days' signreleasefiles find aptarchive -name 'InRelease' -delete testsuccess aptget update +export APT_DONT_SIGN='Release.gpg' listcurrentlistsdirectory > listsdir.lst redatereleasefiles 'now - 2 days' -find aptarchive -name 'Release.gpg' -delete testsuccess aptget update testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)" +unset APT_DONT_SIGN msgmsg 'Release file has' 'no Date and no Valid-Until field' rm -rf rootdir/var/lib/apt/lists diff --git a/test/integration/test-releasefile-verification b/test/integration/test-releasefile-verification index 24e7830aa..217319cab 100755 --- a/test/integration/test-releasefile-verification +++ b/test/integration/test-releasefile-verification @@ -7,6 +7,7 @@ TESTDIR="$(readlink -f "$(dirname "$0")")" setupenvironment configarchitecture "i386" +export APT_DONT_SIGN='Release.gpg' buildaptarchive setupflataptarchive changetowebserver @@ -99,12 +100,10 @@ updatewithwarnings() { } runtest() { - local DELETEFILE="$1" msgmsg 'Cold archive signed by' 'Joe Sixpack' prepare "${PKGFILE}" rm -rf rootdir/var/lib/apt/lists signreleasefiles 'Joe Sixpack' - find aptarchive/ -name "$DELETEFILE" -delete successfulaptgetupdate testsuccessequal "$(cat "${PKGFILE}") " aptcache show apt @@ -113,7 +112,6 @@ runtest() { msgmsg 'Good warm archive signed by' 'Joe Sixpack' prepare "${PKGFILE}-new" signreleasefiles 'Joe Sixpack' - find aptarchive/ -name "$DELETEFILE" -delete successfulaptgetupdate testsuccessequal "$(cat "${PKGFILE}-new") " aptcache show apt @@ -124,7 +122,6 @@ runtest() { rm -rf rootdir/var/lib/apt/lists cp keys/rexexpired.pub rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg signreleasefiles 'Rex Expired' - find aptarchive/ -name "$DELETEFILE" -delete updatewithwarnings '^W: .* EXPKEYSIG' testsuccessequal "$(cat "${PKGFILE}") " aptcache show apt @@ -144,7 +141,6 @@ runtest() { prepare "${PKGFILE}" rm -rf rootdir/var/lib/apt/lists signreleasefiles 'Joe Sixpack' 'aptarchive' --faked-system-time "20070924T154812" --default-sig-expire 2016-04-01 - find aptarchive/ -name "$DELETEFILE" -delete updatewithwarnings '^W: .* EXPSIG' testsuccessequal "$(cat "${PKGFILE}") " aptcache show apt @@ -158,7 +154,6 @@ runtest() { prepare "${PKGFILE}" rm -rf rootdir/var/lib/apt/lists signreleasefiles 'Joe Sixpack,Marvin Paranoid' - find aptarchive/ -name "$DELETEFILE" -delete successfulaptgetupdate 'NO_PUBKEY' testsuccessequal "$(cat "${PKGFILE}") " aptcache show apt @@ -168,7 +163,6 @@ runtest() { prepare "${PKGFILE}" rm -rf rootdir/var/lib/apt/lists signreleasefiles 'Joe Sixpack,Rex Expired' - find aptarchive/ -name "$DELETEFILE" -delete cp keys/rexexpired.pub rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg successfulaptgetupdate 'EXPKEYSIG' rm -f rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg @@ -180,7 +174,6 @@ runtest() { prepare "${PKGFILE}" rm -rf rootdir/var/lib/apt/lists signreleasefiles 'Marvin Paranoid' - find aptarchive/ -name "$DELETEFILE" -delete updatewithwarnings '^W: .* NO_PUBKEY' testsuccessequal "$(cat "${PKGFILE}") " aptcache show apt @@ -189,7 +182,6 @@ runtest() { msgmsg 'Bad warm archive signed by' 'Joe Sixpack' prepare "${PKGFILE}-new" signreleasefiles 'Joe Sixpack' - find aptarchive/ -name "$DELETEFILE" -delete successfulaptgetupdate testsuccessequal "$(cat "${PKGFILE}-new") " aptcache show apt @@ -199,7 +191,6 @@ runtest() { prepare "${PKGFILE}" rm -rf rootdir/var/lib/apt/lists signreleasefiles 'Joe Sixpack' - find aptarchive/ -name "$DELETEFILE" -delete successfulaptgetupdate testsuccessequal "$(cat "${PKGFILE}") " aptcache show apt @@ -208,7 +199,6 @@ runtest() { msgmsg 'Good warm archive signed by' 'Marvin Paranoid' prepare "${PKGFILE}-new" signreleasefiles 'Marvin Paranoid' - find aptarchive/ -name "$DELETEFILE" -delete updatewithwarnings '^W: .* NO_PUBKEY' testsuccessequal "$(cat "${PKGFILE}") " aptcache show apt @@ -218,7 +208,6 @@ runtest() { prepare "${PKGFILE}-new" cp keys/rexexpired.pub rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg signreleasefiles 'Rex Expired' - find aptarchive/ -name "$DELETEFILE" -delete updatewithwarnings '^W: .* EXPKEYSIG' testsuccessequal "$(cat "${PKGFILE}") " aptcache show apt @@ -228,7 +217,6 @@ runtest() { msgmsg 'Good warm archive signed by' 'Joe Sixpack' prepare "${PKGFILE}-new" signreleasefiles - find aptarchive/ -name "$DELETEFILE" -delete successfulaptgetupdate testsuccessequal "$(cat "${PKGFILE}-new") " aptcache show apt @@ -238,7 +226,6 @@ runtest() { prepare "${PKGFILE}" rm -rf rootdir/var/lib/apt/lists signreleasefiles 'Marvin Paranoid' - find aptarchive/ -name "$DELETEFILE" -delete local MARVIN="$(readlink -f keys/marvinparanoid.pub)" sed -i "s#^\(deb\(-src\)\?\) #\1 [signed-by=$MARVIN] #" rootdir/etc/apt/sources.list.d/* successfulaptgetupdate @@ -249,7 +236,6 @@ runtest() { msgmsg 'Cold archive signed by bad keyring' 'Joe Sixpack' rm -rf rootdir/var/lib/apt/lists signreleasefiles 'Joe Sixpack' - find aptarchive/ -name "$DELETEFILE" -delete updatewithwarnings '^W: .* NO_PUBKEY' sed -i "s#^\(deb\(-src\)\?\) \[signed-by=$MARVIN\] #\1 #" rootdir/etc/apt/sources.list.d/* @@ -257,14 +243,12 @@ runtest() { msgmsg 'Cold archive signed by bad keyid' 'Joe Sixpack' rm -rf rootdir/var/lib/apt/lists signreleasefiles 'Joe Sixpack' - find aptarchive/ -name "$DELETEFILE" -delete sed -i "s#^\(deb\(-src\)\?\) #\1 [signed-by=$MARVIN] #" rootdir/etc/apt/sources.list.d/* updatewithwarnings '^W: .* be verified because the public key is not available: .*' msgmsg 'Cold archive signed by good keyid' 'Marvin Paranoid' rm -rf rootdir/var/lib/apt/lists signreleasefiles 'Marvin Paranoid' - find aptarchive/ -name "$DELETEFILE" -delete cp keys/marvinparanoid.pub rootdir/etc/apt/trusted.gpg.d/marvinparanoid.gpg successfulaptgetupdate testsuccessequal "$(cat "${PKGFILE}") @@ -274,7 +258,6 @@ runtest() { msgmsg 'Cold archive signed by good keyid' 'Marvin Paranoid,Joe Sixpack' rm -rf rootdir/var/lib/apt/lists signreleasefiles 'Marvin Paranoid,Joe Sixpack' - find aptarchive/ -name "$DELETEFILE" -delete successfulaptgetupdate 'NoPubKey: GOODSIG' testsuccessequal "$(cat "${PKGFILE}") " aptcache show apt @@ -284,7 +267,6 @@ runtest() { msgmsg 'Cold archive signed by good keyids' 'Joe Sixpack' rm -rf rootdir/var/lib/apt/lists signreleasefiles 'Joe Sixpack' - find aptarchive/ -name "$DELETEFILE" -delete sed -i "s#^\(deb\(-src\)\?\) \[signed-by=$MARVIN\] #\1 [signed-by=${SIXPACK},${MARVIN}] #" rootdir/etc/apt/sources.list.d/* successfulaptgetupdate testsuccessequal "$(cat "${PKGFILE}") @@ -306,7 +288,6 @@ runtest() { cp -a rootdir/var/lib/apt/lists rootdir/var/lib/apt/lists-bak prepare "${PKGFILE}-new" signreleasefiles 'Joe Sixpack' - find aptarchive/ -name "$DELETEFILE" -delete msgmsg 'Warm archive with signed-by' 'Joe Sixpack' sed -i "/^Valid-Until: / a\ @@ -364,8 +345,7 @@ runtest2() { # package verification. msgmsg 'Warm archive signed by' 'nobody' prepare "${PKGFILE}-new" - find aptarchive/ -name InRelease -delete - find aptarchive/ -name Release.gpg -delete + find aptarchive/ \( -name InRelease -o -name Release.gpg \) -delete updatewithwarnings 'W: .* no longer signed.' testsuccessequal "$(cat "${PKGFILE}-new") " aptcache show apt @@ -386,8 +366,10 @@ runtest3() { runtest2 for DELETEFILE in 'InRelease' 'Release.gpg'; do + export APT_DONT_SIGN="$DELETEFILE" msgmsg "Running test with deletion of $DELETEFILE and $1 digest" - runtest "$DELETEFILE" + runtest + export APT_DONT_SIGN='Release.gpg' done } @@ -422,11 +404,11 @@ msgmsg "Running test with apt-untrusted digest" echo "APT::Hashes::$APT_TESTS_DIGEST_ALGO::Untrusted \"yes\";" > rootdir/etc/apt/apt.conf.d/truststate runfailure() { for DELETEFILE in 'InRelease' 'Release.gpg'; do + export APT_DONT_SIGN="$DELETEFILE" msgmsg 'Cold archive signed by' 'Joe Sixpack' prepare "${PKGFILE}" rm -rf rootdir/var/lib/apt/lists signreleasefiles 'Joe Sixpack' - find aptarchive/ -name "$DELETEFILE" -delete testfailure aptget update --no-allow-insecure-repositories -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1 testsuccess grep 'The following signatures were invalid' rootdir/tmp/testfailure.output testnopackage 'apt' @@ -437,13 +419,13 @@ runfailure() { prepare "${PKGFILE}" rm -rf rootdir/var/lib/apt/lists signreleasefiles 'Marvin Paranoid' - find aptarchive/ -name "$DELETEFILE" -delete testfailure aptget update --no-allow-insecure-repositories -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1 testnopackage 'apt' updatewithwarnings '^W: .* NO_PUBKEY' testsuccessequal "$(cat "${PKGFILE}") " aptcache show apt failaptold + export APT_DONT_SIGN='Release.gpg' done } runfailure diff --git a/test/integration/test-sourceslist-lang-plusminus-options b/test/integration/test-sourceslist-lang-plusminus-options index 3f4ea953a..abdb64793 100755 --- a/test/integration/test-sourceslist-lang-plusminus-options +++ b/test/integration/test-sourceslist-lang-plusminus-options @@ -11,7 +11,7 @@ testlangs() { local LANGS="$2" shift 2 rm -f gotlangs.list - aptget indextargets --no-release-info 'Created-By: Translations' "$@" --format '$(LANGUAGE)' | sort -u > gotlangs.list + aptget indextargets --no-release-info 'Identifier: Translations' "$@" --format '$(LANGUAGE)' | sort -u > gotlangs.list if [ -z "$LANGS" ]; then echo -n | tr ',' '\n' | sort | checkdiff - gotlangs.list && msgpass || msgfail else @@ -45,7 +45,7 @@ testlangs 'lang=de_DE' 'de_DE' echo 'deb [lang=none] http://example.org/debian stable rocks' > rootdir/etc/apt/sources.list testlangs 'lang=none' '' testequal 'amd64 -all' aptget indextargets --no-release-info 'Created-By: Packages' --format '$(ARCHITECTURE)' +all' aptget indextargets --no-release-info 'Identifier: Packages' --format '$(ARCHITECTURE)' echo 'deb [lang+=pt] http://example.org/debian stable rocks' > rootdir/etc/apt/sources.list testlangs 'lang+=pt' 'en,de,de_DE,pt' diff --git a/test/integration/test-sourceslist-target-plusminus-options b/test/integration/test-sourceslist-target-plusminus-options index 8197f068d..e4ce8e282 100755 --- a/test/integration/test-sourceslist-target-plusminus-options +++ b/test/integration/test-sourceslist-target-plusminus-options @@ -27,10 +27,17 @@ Acquire::IndexTargets::deb::Contents { ShortDescription "Contents"; Description "\$(RELEASE)/\$(COMPONENT) \$(ARCHITECTURE) Contents"; }; +Acquire::IndexTargets::deb::Contents2 { + MetaKey "Contents-\$(ARCHITECTURE)"; + ShortDescription "Contents2"; + Description "\$(RELEASE) \$(ARCHITECTURE) Contents2"; + Fallback-Of "Contents"; + Identifier "Contents"; +}; EOF echo 'deb http://example.org/debian stable rocks' > rootdir/etc/apt/sources.list -testtargets 'default + Contents' 'Packages' 'Translations' 'Contents' +testtargets 'default + Contents' 'Packages' 'Translations' 'Contents' 'Contents2' echo 'deb [target=Packages] http://example.org/debian stable rocks' > rootdir/etc/apt/sources.list testtargets 'force Packages target' 'Packages' @@ -42,38 +49,40 @@ echo 'deb [target=Translations,Contents] http://example.org/debian stable rocks' testtargets 'force two targets' 'Contents' 'Translations' echo 'deb [target+=Translations,Contents] http://example.org/debian stable rocks' > rootdir/etc/apt/sources.list -testtargets 'add existing' 'Packages' 'Contents' 'Translations' +testtargets 'add existing' 'Packages' 'Contents' 'Translations' 'Contents2' echo 'deb [target+=AppStream] http://example.org/debian stable rocks' > rootdir/etc/apt/sources.list -testtargets 'add non-existing' 'Packages' 'Contents' 'Translations' +testtargets 'add non-existing' 'Packages' 'Contents' 'Translations' 'Contents2' echo 'deb [target-=Translations,Contents] http://example.org/debian stable rocks' > rootdir/etc/apt/sources.list -testtargets 'remove existing' 'Packages' +testtargets 'remove existing' 'Packages' 'Contents2' echo 'deb [target-=AppStream] http://example.org/debian stable rocks' > rootdir/etc/apt/sources.list -testtargets 'remove non-existing' 'Packages' 'Contents' 'Translations' +testtargets 'remove non-existing' 'Packages' 'Contents' 'Translations' 'Contents2' echo 'deb [AppStream=yes] http://example.org/debian stable rocks' > rootdir/etc/apt/sources.list -testtargets 'activate non-existing' 'Packages' 'Contents' 'Translations' +testtargets 'activate non-existing' 'Packages' 'Contents' 'Translations' 'Contents2' echo 'deb [AppStream=no] http://example.org/debian stable rocks' > rootdir/etc/apt/sources.list -testtargets 'deactivate non-existing' 'Packages' 'Contents' 'Translations' +testtargets 'deactivate non-existing' 'Packages' 'Contents' 'Translations' 'Contents2' echo 'deb [Contents=yes] http://example.org/debian stable rocks' > rootdir/etc/apt/sources.list -testtargets 'activate existing' 'Packages' 'Contents' 'Translations' +testtargets 'activate existing' 'Packages' 'Contents' 'Contents2' 'Translations' echo 'deb [Contents=no] http://example.org/debian stable rocks' > rootdir/etc/apt/sources.list testtargets 'deactivate existing' 'Packages' 'Translations' echo 'deb [target=Packages Contents=yes] http://example.org/debian stable rocks' > rootdir/etc/apt/sources.list -testtargets 'explicit + activate' 'Packages' 'Contents' +testtargets 'explicit + activate' 'Packages' 'Contents' 'Contents2' +echo 'deb [Contents=yes,target+=Contents] http://example.org/debian stable rocks' > rootdir/etc/apt/sources.list +testtargets 'duplications are okay' 'Packages' 'Translations' 'Contents' 'Contents2' -msgmsg 'Contents NOT as a default target' +msgmsg 'Contents NOT as a default target (but Contents2)' echo 'Acquire::IndexTargets::deb::Contents::DefaultEnabled "no";' > rootdir/etc/apt/apt.conf.d/content-target-notdefault.conf echo 'deb http://example.org/debian stable rocks' > rootdir/etc/apt/sources.list -testtargets 'default + Contents' 'Packages' 'Translations' +testtargets 'default + Contents' 'Packages' 'Translations' 'Contents2' echo 'deb [target=Packages] http://example.org/debian stable rocks' > rootdir/etc/apt/sources.list testtargets 'force Packages target' 'Packages' @@ -85,28 +94,31 @@ echo 'deb [target=Translations,Contents] http://example.org/debian stable rocks' testtargets 'force two targets' 'Contents' 'Translations' echo 'deb [target+=Translations,Contents] http://example.org/debian stable rocks' > rootdir/etc/apt/sources.list -testtargets 'add existing' 'Packages' 'Contents' 'Translations' +testtargets 'add existing' 'Packages' 'Contents' 'Translations' 'Contents2' echo 'deb [target+=AppStream] http://example.org/debian stable rocks' > rootdir/etc/apt/sources.list -testtargets 'add non-existing' 'Packages' 'Translations' +testtargets 'add non-existing' 'Packages' 'Translations' 'Contents2' echo 'deb [target-=Translations,Contents] http://example.org/debian stable rocks' > rootdir/etc/apt/sources.list -testtargets 'remove existing' 'Packages' +testtargets 'remove existing' 'Packages' 'Contents2' echo 'deb [target-=AppStream] http://example.org/debian stable rocks' > rootdir/etc/apt/sources.list -testtargets 'remove non-existing' 'Packages' 'Translations' +testtargets 'remove non-existing' 'Packages' 'Translations' 'Contents2' echo 'deb [AppStream=yes] http://example.org/debian stable rocks' > rootdir/etc/apt/sources.list -testtargets 'activate non-existing' 'Packages' 'Translations' +testtargets 'activate non-existing' 'Packages' 'Translations' 'Contents2' echo 'deb [AppStream=no] http://example.org/debian stable rocks' > rootdir/etc/apt/sources.list -testtargets 'deactivate non-existing' 'Packages' 'Translations' +testtargets 'deactivate non-existing' 'Packages' 'Translations' 'Contents2' echo 'deb [Contents=yes] http://example.org/debian stable rocks' > rootdir/etc/apt/sources.list -testtargets 'activate existing' 'Packages' 'Contents' 'Translations' +testtargets 'activate existing' 'Packages' 'Contents' 'Contents2' 'Translations' echo 'deb [Contents=no] http://example.org/debian stable rocks' > rootdir/etc/apt/sources.list testtargets 'deactivate existing' 'Packages' 'Translations' echo 'deb [target=Packages Contents=yes] http://example.org/debian stable rocks' > rootdir/etc/apt/sources.list -testtargets 'explicit + activate' 'Packages' 'Contents' +testtargets 'explicit + activate' 'Packages' 'Contents' 'Contents2' + +echo 'deb [Contents=yes,target+=Contents] http://example.org/debian stable rocks' > rootdir/etc/apt/sources.list +testtargets 'duplications are okay' 'Packages' 'Translations' 'Contents' 'Contents2' diff --git a/test/integration/test-ubuntu-bug-346386-apt-get-update-paywall b/test/integration/test-ubuntu-bug-346386-apt-get-update-paywall index 07c13434c..a756b5df2 100755 --- a/test/integration/test-ubuntu-bug-346386-apt-get-update-paywall +++ b/test/integration/test-ubuntu-bug-346386-apt-get-update-paywall @@ -13,7 +13,7 @@ insertsource 'unstable' 'unrelated' 'all' '1.0' 'stable' echo 'ni ni ni' > aptarchive/knights setupaptarchive -changetowebserver -o 'aptwebserver::overwrite::.*::filename=/knights' +changetowebserver -o 'aptwebserver::overwrite::.*InRelease::filename=/knights' -o 'aptwebserver::overwrite::.*::filename=/knights' msgtest 'Acquire test file from the webserver to check' 'overwrite' if downloadfile http://localhost:${APTHTTPPORT}/holygrail ./knights-talking >/dev/null; then @@ -34,34 +34,39 @@ ensure_n_canary_strings_in_dir() { test "$N" = "$EXPECTED_N" && msgpass || msgfail "Expected $EXPECTED_N canaries, got $N" } -LISTS='rootdir/var/lib/apt/lists' -rm -rf rootdir/var/lib/apt/lists -testfailure aptget update -testsuccess grep '^E:.*Clearsigned file .*NOSPLIT.*' rootdir/tmp/testfailure.output +runtests() { + LISTS='rootdir/var/lib/apt/lists' + rm -rf "$LISTS" + testfailure aptget update + testsuccess grep "$1" rootdir/tmp/testfailure.output -ensure_n_canary_strings_in_dir "$LISTS" 'ni ni ni' 0 -testequal 'lock + ensure_n_canary_strings_in_dir "$LISTS" 'ni ni ni' 0 + testequal 'lock partial' ls "$LISTS" -# and again with pre-existing files with "valid data" which should remain -for f in Release Release.gpg main_binary-amd64_Packages main_source_Sources; do - echo 'peng neee-wom' > "$LISTS/localhost:${APTHTTPPORT}_dists_stable_${f}" - chmod 644 "$LISTS/localhost:${APTHTTPPORT}_dists_stable_${f}" -done + # and again with pre-existing files with "valid data" which should remain + for f in Release Release.gpg main_binary-amd64_Packages main_source_Sources; do + echo 'peng neee-wom' > "$LISTS/localhost:${APTHTTPPORT}_dists_stable_${f}" + chmod 644 "$LISTS/localhost:${APTHTTPPORT}_dists_stable_${f}" + done -testfailure aptget update -testsuccess grep '^E:.*Clearsigned file .*NOSPLIT.*' rootdir/tmp/testfailure.output + testfailure aptget update + testsuccess grep "$1" rootdir/tmp/testfailure.output -ensure_n_canary_strings_in_dir "$LISTS" 'peng neee-wom' 4 -ensure_n_canary_strings_in_dir "$LISTS" 'ni ni ni' 0 + ensure_n_canary_strings_in_dir "$LISTS" 'peng neee-wom' 4 + ensure_n_canary_strings_in_dir "$LISTS" 'ni ni ni' 0 -# and now with a pre-existing InRelease file -echo 'peng neee-wom' > "$LISTS/localhost:${APTHTTPPORT}_dists_stable_InRelease" -chmod 644 "$LISTS/localhost:${APTHTTPPORT}_dists_stable_InRelease" -rm -f "$LISTS/localhost:${APTHTTPPORT}_dists_stable_Release" "$LISTS/localhost:${APTHTTPPORT}_dists_stable_Release.gpg" -msgtest 'excpected failure of' 'apt-get update' -testfailure aptget update -testsuccess grep '^E:.*Clearsigned file .*NOSPLIT.*' rootdir/tmp/testfailure.output + # and now with a pre-existing InRelease file + echo 'peng neee-wom' > "$LISTS/localhost:${APTHTTPPORT}_dists_stable_InRelease" + chmod 644 "$LISTS/localhost:${APTHTTPPORT}_dists_stable_InRelease" + rm -f "$LISTS/localhost:${APTHTTPPORT}_dists_stable_Release" "$LISTS/localhost:${APTHTTPPORT}_dists_stable_Release.gpg" + msgtest 'excpected failure of' 'apt-get update' + testfailure aptget update + testsuccess grep "$1" rootdir/tmp/testfailure.output -ensure_n_canary_strings_in_dir "$LISTS" 'peng neee-wom' 3 -ensure_n_canary_strings_in_dir "$LISTS" 'ni ni ni' 0 + ensure_n_canary_strings_in_dir "$LISTS" 'peng neee-wom' 3 + ensure_n_canary_strings_in_dir "$LISTS" 'ni ni ni' 0 +} +runtests '^E:.*Clearsigned file .*NOSPLIT.*' +webserverconfig 'aptwebserver::overwrite::.*InRelease::filename' '/404' +runtests '^E:.*Signed file .*NODATA.*' diff --git a/test/integration/test-ubuntu-bug-761175-remove-purge b/test/integration/test-ubuntu-bug-761175-remove-purge index 00f289b53..aae394ad8 100755 --- a/test/integration/test-ubuntu-bug-761175-remove-purge +++ b/test/integration/test-ubuntu-bug-761175-remove-purge @@ -23,35 +23,62 @@ buildcompizpkg 'all' 'all' '2.0' 'unstable' setupaptarchive runtests() { - testdpkgnotinstalled compiz-core-$1 - testsuccess aptget install compiz-core-$1 -t "${2:-unstable}" - testdpkginstalled compiz-core-$1 + local PKG="$1" + local RELEASE="${2}" + shift 2 + testdpkgnotinstalled compiz-core-${PKG} + testsuccess aptget install compiz-core-${PKG} -t "${RELEASE}" "$@" + testdpkginstalled compiz-core-${PKG} - testsuccess aptget remove compiz-core-$1 -y - testdpkgnotinstalled compiz-core-$1 - testdpkgstatus 'rc' '1' "compiz-core-$1" + testsuccess aptget remove compiz-core-${PKG} -y "$@" + testdpkgnotinstalled compiz-core-${PKG} + testdpkgstatus 'rc' '1' "compiz-core-${PKG}" - testsuccessequal "Reading package lists... + if [ -z "$1" ]; then + testsuccessequal "Reading package lists... Building dependency tree... Reading state information... The following packages will be REMOVED: - compiz-core-$1* + compiz-core-${PKG}* 0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded. -Purg compiz-core-$1" aptget purge compiz-core-$1 -s - testsuccess aptget purge compiz-core-$1 -y +Purg compiz-core-${PKG}" aptget purge compiz-core-${PKG} -s "$@" + else + # check that the rc-version isn't passed to the external resolver if its only in dpkg/status + export APT_EDSP_DUMP_FILENAME="${TMPWORKINGDIRECTORY}/dump-${PKG}.edsp" + testfailure aptget purge compiz-core-${PKG} -y "$@" -s --solver dump + testsuccessequal '2' grep -c "^Package: compiz-core-${PKG}\$" "$APT_EDSP_DUMP_FILENAME" + mv rootdir/etc/apt/sources.list.d/apt-test-stable-deb.list rootdir/etc/apt/sources.list.d/apt-test-stable-deb.disabled + testfailure aptget purge compiz-core-${PKG} -y "$@" -s --solver dump + testsuccessequal '1' grep -c "^Package: compiz-core-${PKG}\$" "$APT_EDSP_DUMP_FILENAME" + mv rootdir/etc/apt/sources.list.d/apt-test-stable-deb.disabled rootdir/etc/apt/sources.list.d/apt-test-stable-deb.list + + testsuccessequal "Reading package lists... +Building dependency tree... +Reading state information... +Execute external solver... +The following packages will be REMOVED: + compiz-core-${PKG}* +0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded. +Purg compiz-core-${PKG}" aptget purge compiz-core-${PKG} -s "$@" + fi + testsuccess aptget purge compiz-core-${PKG} -y "$@" echo -n '' > rootdir/var/lib/dpkg/available # dpkg -l < 1.16.2 reads the available file by default, where the package can be found - testequalor2 "dpkg-query: no packages found matching compiz-core-$1" "No packages found matching compiz-core-$1." dpkg -l compiz-core-$1 + testequalor2 "dpkg-query: no packages found matching compiz-core-${PKG}" "No packages found matching compiz-core-${PKG}." dpkg -l compiz-core-${PKG} +} +runtestround() { + runtests 'native' 'unstable' "$@" + runtests 'all' 'unstable' "$@" + runtests 'native' 'stable' "$@" + runtests 'all' 'stable' "$@" } +testround() { + msgmsg 'Test in multi arch environment' "$@" + configarchitecture 'amd64' 'i386' + runtestround "$@" -msgmsg 'Test in multi arch environment' -runtests 'native' -runtests 'all' -runtests 'native' 'stable' -runtests 'all' 'stable' - -msgmsg 'Test in single arch environment' -configarchitecture 'amd64' -runtests 'native' -runtests 'all' -runtests 'native' 'stable' -runtests 'all' 'stable' + msgmsg 'Test in single arch environment' "$@" + configarchitecture 'amd64' + runtestround "$@" +} +testround +testround --solver apt diff --git a/test/integration/test-ubuntu-bug-784473-InRelease-one-message-only b/test/integration/test-ubuntu-bug-784473-InRelease-one-message-only index 21d7129ae..fe42ba83d 100755 --- a/test/integration/test-ubuntu-bug-784473-InRelease-one-message-only +++ b/test/integration/test-ubuntu-bug-784473-InRelease-one-message-only @@ -8,11 +8,9 @@ configarchitecture 'i386' insertpackage 'unstable' 'apt' 'i386' '0.8.11' -setupaptarchive +export APT_DONT_SIGN='Release.gpg' +setupaptarchive --no-update -rm -rf rootdir/var/lib/apt/lists - -find aptarchive/ -name 'Release.gpg' -delete find aptarchive/ -name 'InRelease' -exec cp {} {}.old \; for RELEASE in $(find aptarchive/ -name 'InRelease'); do |