summaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
Diffstat (limited to 'test')
-rw-r--r--test/integration/framework18
-rwxr-xr-xtest/integration/test-apt-update-nofallback8
-rwxr-xr-xtest/integration/test-hashsum-verification2
-rwxr-xr-xtest/integration/test-releasefile-date-older13
-rwxr-xr-xtest/integration/test-releasefile-verification31
-rwxr-xr-xtest/integration/test-ubuntu-bug-784473-InRelease-one-message-only6
6 files changed, 33 insertions, 45 deletions
diff --git a/test/integration/framework b/test/integration/framework
index 7eaa36415..1f843babf 100644
--- a/test/integration/framework
+++ b/test/integration/framework
@@ -1134,11 +1134,21 @@ signreleasefiles() {
fi
local GPG="aptkey --quiet --keyring ${KEY}.pub --secret-keyring ${KEY}.sec --readonly adv --batch --yes --digest-algo ${APT_TESTS_DIGEST_ALGO:-SHA512}"
for RELEASE in $(find "${REPODIR}/" -name Release); do
- testsuccess $GPG "$@" $SIGUSERS --armor --detach-sign --sign --output "${RELEASE}.gpg" "${RELEASE}"
- local INRELEASE="$(echo "${RELEASE}" | sed 's#/Release$#/InRelease#')"
- testsuccess $GPG "$@" $SIGUSERS --clearsign --output "$INRELEASE" "$RELEASE"
# we might have set a specific date for the Release file, so copy it
- touch -d "$(stat --format "%y" ${RELEASE})" "${RELEASE}.gpg" "${INRELEASE}"
+ local DATE="$(stat --format "%y" "${RELEASE}")"
+ if [ "$APT_DONT_SIGN" = 'Release.gpg' ]; then
+ rm -f "${RELEASE}.gpg"
+ else
+ testsuccess $GPG "$@" $SIGUSERS --armor --detach-sign --sign --output "${RELEASE}.gpg" "${RELEASE}"
+ touch -d "$DATE" "${RELEASE}.gpg"
+ fi
+ local INRELEASE="${RELEASE%/*}/InRelease"
+ if [ "$APT_DONT_SIGN" = 'InRelease' ]; then
+ rm -f "$INRELEASE"
+ else
+ testsuccess $GPG "$@" $SIGUSERS --clearsign --output "$INRELEASE" "$RELEASE"
+ touch -d "$DATE" "${INRELEASE}"
+ fi
done
if [ -f "$SECEXPIREBAK" ] && [ -f "$PUBEXPIREBAK" ]; then
mv -f "$SECEXPIREBAK" "${REXKEY}.sec"
diff --git a/test/integration/test-apt-update-nofallback b/test/integration/test-apt-update-nofallback
index d9166eefd..4db67ee5d 100755
--- a/test/integration/test-apt-update-nofallback
+++ b/test/integration/test-apt-update-nofallback
@@ -9,8 +9,7 @@ set -e
simulate_mitm_and_inject_evil_package()
{
redatereleasefiles '+1 hour'
- rm -f "$APTARCHIVE/dists/unstable/InRelease"
- rm -f "$APTARCHIVE/dists/unstable/Release.gpg"
+ rm -f "$APTARCHIVE/dists/unstable/InRelease" "$APTARCHIVE/dists/unstable/Release.gpg"
inject_evil_package
}
@@ -126,11 +125,10 @@ test_cve_2012_0214()
listcurrentlistsdirectory > lists.before
# do what CVE-2012-0214 did
- rm "$APTARCHIVE/dists/unstable/InRelease"
- rm "$APTARCHIVE/dists/unstable/Release.gpg"
+ rm "$APTARCHIVE/dists/unstable/InRelease" "$APTARCHIVE/dists/unstable/Release.gpg"
inject_evil_package
# build valid Release file
- aptftparchive -qq release ./aptarchive > aptarchive/dists/unstable/Release
+ aptftparchive -qq release ./aptarchive > aptarchive/dists/unstable/Release
assert_update_is_refused_and_last_good_state_used
testfileequal lists.before "$(listcurrentlistsdirectory)"
diff --git a/test/integration/test-hashsum-verification b/test/integration/test-hashsum-verification
index a31be6bcb..31923bd87 100755
--- a/test/integration/test-hashsum-verification
+++ b/test/integration/test-hashsum-verification
@@ -44,7 +44,6 @@ SHA256:
xb306e66e5e6a7169c8d281a888539d1fdca9cecc99ae605717df579d5b9c166 527 Packages.lzma
x9585d0e66b74c9385727fbea11fea9ab33c716b18a32f3036f037a2b9b57120 572 Packages.xz
EOF
- cp aptarchive/Release aptarchive/InRelease
}
# fake our downloadable file
@@ -56,7 +55,6 @@ runtest() {
prepare "${PKGFILE}"
rm -rf rootdir/var/lib/apt/lists
signreleasefiles 'Joe Sixpack'
- find aptarchive/ -name "$DELETEFILE" -delete
# test signed release file
msgtest 'apt-get update gets the expected hashsum mismatch'
diff --git a/test/integration/test-releasefile-date-older b/test/integration/test-releasefile-date-older
index 2d6746b10..e38ddc3c5 100755
--- a/test/integration/test-releasefile-date-older
+++ b/test/integration/test-releasefile-date-older
@@ -26,40 +26,43 @@ testsuccess aptget update
testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
msgmsg 'Release.gpg file is silently rejected if' 'new Date is before old Date'
+export APT_DONT_SIGN='InRelease'
rm -rf rootdir/var/lib/apt/lists
generatereleasefiles 'now' 'now + 7 days'
signreleasefiles
-find aptarchive -name 'InRelease' -delete
testsuccess aptget update
listcurrentlistsdirectory > listsdir.lst
redatereleasefiles 'now - 2 days'
-find aptarchive -name 'InRelease' -delete
testsuccess aptget update
testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
+unset APT_DONT_SIGN
msgmsg 'Crisscross InRelease/Release.gpg file is silently rejected if' 'new Date is before old Date'
+export APT_DONT_SIGN='Release.gpg'
rm -rf rootdir/var/lib/apt/lists
generatereleasefiles 'now' 'now + 7 days'
signreleasefiles
-find aptarchive -name 'Release.gpg' -delete
testsuccess aptget update
+export APT_DONT_SIGN='InRelease'
listcurrentlistsdirectory > listsdir.lst
redatereleasefiles 'now - 2 days'
-find aptarchive -name 'InRelease' -delete
testsuccess aptget update
testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
+unset APT_DONT_SIGN
msgmsg 'Crisscross Release.gpg/InRelease file is silently rejected if' 'new Date is before old Date'
+export APT_DONT_SIGN='InRelease'
rm -rf rootdir/var/lib/apt/lists
generatereleasefiles 'now' 'now + 7 days'
signreleasefiles
find aptarchive -name 'InRelease' -delete
testsuccess aptget update
+export APT_DONT_SIGN='Release.gpg'
listcurrentlistsdirectory > listsdir.lst
redatereleasefiles 'now - 2 days'
-find aptarchive -name 'Release.gpg' -delete
testsuccess aptget update
testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
+unset APT_DONT_SIGN
msgmsg 'Release file has' 'no Date and no Valid-Until field'
rm -rf rootdir/var/lib/apt/lists
diff --git a/test/integration/test-releasefile-verification b/test/integration/test-releasefile-verification
index 24e7830aa..a95c20fd4 100755
--- a/test/integration/test-releasefile-verification
+++ b/test/integration/test-releasefile-verification
@@ -99,12 +99,10 @@ updatewithwarnings() {
}
runtest() {
- local DELETEFILE="$1"
msgmsg 'Cold archive signed by' 'Joe Sixpack'
prepare "${PKGFILE}"
rm -rf rootdir/var/lib/apt/lists
signreleasefiles 'Joe Sixpack'
- find aptarchive/ -name "$DELETEFILE" -delete
successfulaptgetupdate
testsuccessequal "$(cat "${PKGFILE}")
" aptcache show apt
@@ -113,7 +111,6 @@ runtest() {
msgmsg 'Good warm archive signed by' 'Joe Sixpack'
prepare "${PKGFILE}-new"
signreleasefiles 'Joe Sixpack'
- find aptarchive/ -name "$DELETEFILE" -delete
successfulaptgetupdate
testsuccessequal "$(cat "${PKGFILE}-new")
" aptcache show apt
@@ -124,7 +121,6 @@ runtest() {
rm -rf rootdir/var/lib/apt/lists
cp keys/rexexpired.pub rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg
signreleasefiles 'Rex Expired'
- find aptarchive/ -name "$DELETEFILE" -delete
updatewithwarnings '^W: .* EXPKEYSIG'
testsuccessequal "$(cat "${PKGFILE}")
" aptcache show apt
@@ -144,7 +140,6 @@ runtest() {
prepare "${PKGFILE}"
rm -rf rootdir/var/lib/apt/lists
signreleasefiles 'Joe Sixpack' 'aptarchive' --faked-system-time "20070924T154812" --default-sig-expire 2016-04-01
- find aptarchive/ -name "$DELETEFILE" -delete
updatewithwarnings '^W: .* EXPSIG'
testsuccessequal "$(cat "${PKGFILE}")
" aptcache show apt
@@ -158,7 +153,6 @@ runtest() {
prepare "${PKGFILE}"
rm -rf rootdir/var/lib/apt/lists
signreleasefiles 'Joe Sixpack,Marvin Paranoid'
- find aptarchive/ -name "$DELETEFILE" -delete
successfulaptgetupdate 'NO_PUBKEY'
testsuccessequal "$(cat "${PKGFILE}")
" aptcache show apt
@@ -168,7 +162,6 @@ runtest() {
prepare "${PKGFILE}"
rm -rf rootdir/var/lib/apt/lists
signreleasefiles 'Joe Sixpack,Rex Expired'
- find aptarchive/ -name "$DELETEFILE" -delete
cp keys/rexexpired.pub rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg
successfulaptgetupdate 'EXPKEYSIG'
rm -f rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg
@@ -180,7 +173,6 @@ runtest() {
prepare "${PKGFILE}"
rm -rf rootdir/var/lib/apt/lists
signreleasefiles 'Marvin Paranoid'
- find aptarchive/ -name "$DELETEFILE" -delete
updatewithwarnings '^W: .* NO_PUBKEY'
testsuccessequal "$(cat "${PKGFILE}")
" aptcache show apt
@@ -189,7 +181,6 @@ runtest() {
msgmsg 'Bad warm archive signed by' 'Joe Sixpack'
prepare "${PKGFILE}-new"
signreleasefiles 'Joe Sixpack'
- find aptarchive/ -name "$DELETEFILE" -delete
successfulaptgetupdate
testsuccessequal "$(cat "${PKGFILE}-new")
" aptcache show apt
@@ -199,7 +190,6 @@ runtest() {
prepare "${PKGFILE}"
rm -rf rootdir/var/lib/apt/lists
signreleasefiles 'Joe Sixpack'
- find aptarchive/ -name "$DELETEFILE" -delete
successfulaptgetupdate
testsuccessequal "$(cat "${PKGFILE}")
" aptcache show apt
@@ -208,7 +198,6 @@ runtest() {
msgmsg 'Good warm archive signed by' 'Marvin Paranoid'
prepare "${PKGFILE}-new"
signreleasefiles 'Marvin Paranoid'
- find aptarchive/ -name "$DELETEFILE" -delete
updatewithwarnings '^W: .* NO_PUBKEY'
testsuccessequal "$(cat "${PKGFILE}")
" aptcache show apt
@@ -218,7 +207,6 @@ runtest() {
prepare "${PKGFILE}-new"
cp keys/rexexpired.pub rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg
signreleasefiles 'Rex Expired'
- find aptarchive/ -name "$DELETEFILE" -delete
updatewithwarnings '^W: .* EXPKEYSIG'
testsuccessequal "$(cat "${PKGFILE}")
" aptcache show apt
@@ -228,7 +216,6 @@ runtest() {
msgmsg 'Good warm archive signed by' 'Joe Sixpack'
prepare "${PKGFILE}-new"
signreleasefiles
- find aptarchive/ -name "$DELETEFILE" -delete
successfulaptgetupdate
testsuccessequal "$(cat "${PKGFILE}-new")
" aptcache show apt
@@ -238,7 +225,6 @@ runtest() {
prepare "${PKGFILE}"
rm -rf rootdir/var/lib/apt/lists
signreleasefiles 'Marvin Paranoid'
- find aptarchive/ -name "$DELETEFILE" -delete
local MARVIN="$(readlink -f keys/marvinparanoid.pub)"
sed -i "s#^\(deb\(-src\)\?\) #\1 [signed-by=$MARVIN] #" rootdir/etc/apt/sources.list.d/*
successfulaptgetupdate
@@ -249,7 +235,6 @@ runtest() {
msgmsg 'Cold archive signed by bad keyring' 'Joe Sixpack'
rm -rf rootdir/var/lib/apt/lists
signreleasefiles 'Joe Sixpack'
- find aptarchive/ -name "$DELETEFILE" -delete
updatewithwarnings '^W: .* NO_PUBKEY'
sed -i "s#^\(deb\(-src\)\?\) \[signed-by=$MARVIN\] #\1 #" rootdir/etc/apt/sources.list.d/*
@@ -257,14 +242,12 @@ runtest() {
msgmsg 'Cold archive signed by bad keyid' 'Joe Sixpack'
rm -rf rootdir/var/lib/apt/lists
signreleasefiles 'Joe Sixpack'
- find aptarchive/ -name "$DELETEFILE" -delete
sed -i "s#^\(deb\(-src\)\?\) #\1 [signed-by=$MARVIN] #" rootdir/etc/apt/sources.list.d/*
updatewithwarnings '^W: .* be verified because the public key is not available: .*'
msgmsg 'Cold archive signed by good keyid' 'Marvin Paranoid'
rm -rf rootdir/var/lib/apt/lists
signreleasefiles 'Marvin Paranoid'
- find aptarchive/ -name "$DELETEFILE" -delete
cp keys/marvinparanoid.pub rootdir/etc/apt/trusted.gpg.d/marvinparanoid.gpg
successfulaptgetupdate
testsuccessequal "$(cat "${PKGFILE}")
@@ -274,7 +257,6 @@ runtest() {
msgmsg 'Cold archive signed by good keyid' 'Marvin Paranoid,Joe Sixpack'
rm -rf rootdir/var/lib/apt/lists
signreleasefiles 'Marvin Paranoid,Joe Sixpack'
- find aptarchive/ -name "$DELETEFILE" -delete
successfulaptgetupdate 'NoPubKey: GOODSIG'
testsuccessequal "$(cat "${PKGFILE}")
" aptcache show apt
@@ -284,7 +266,6 @@ runtest() {
msgmsg 'Cold archive signed by good keyids' 'Joe Sixpack'
rm -rf rootdir/var/lib/apt/lists
signreleasefiles 'Joe Sixpack'
- find aptarchive/ -name "$DELETEFILE" -delete
sed -i "s#^\(deb\(-src\)\?\) \[signed-by=$MARVIN\] #\1 [signed-by=${SIXPACK},${MARVIN}] #" rootdir/etc/apt/sources.list.d/*
successfulaptgetupdate
testsuccessequal "$(cat "${PKGFILE}")
@@ -306,7 +287,6 @@ runtest() {
cp -a rootdir/var/lib/apt/lists rootdir/var/lib/apt/lists-bak
prepare "${PKGFILE}-new"
signreleasefiles 'Joe Sixpack'
- find aptarchive/ -name "$DELETEFILE" -delete
msgmsg 'Warm archive with signed-by' 'Joe Sixpack'
sed -i "/^Valid-Until: / a\
@@ -364,8 +344,7 @@ runtest2() {
# package verification.
msgmsg 'Warm archive signed by' 'nobody'
prepare "${PKGFILE}-new"
- find aptarchive/ -name InRelease -delete
- find aptarchive/ -name Release.gpg -delete
+ find aptarchive/ \( -name InRelease -o -name Release.gpg \) -delete
updatewithwarnings 'W: .* no longer signed.'
testsuccessequal "$(cat "${PKGFILE}-new")
" aptcache show apt
@@ -386,8 +365,10 @@ runtest3() {
runtest2
for DELETEFILE in 'InRelease' 'Release.gpg'; do
+ export APT_DONT_SIGN="$DELETEFILE"
msgmsg "Running test with deletion of $DELETEFILE and $1 digest"
- runtest "$DELETEFILE"
+ runtest
+ unset APT_DONT_SIGN
done
}
@@ -422,11 +403,11 @@ msgmsg "Running test with apt-untrusted digest"
echo "APT::Hashes::$APT_TESTS_DIGEST_ALGO::Untrusted \"yes\";" > rootdir/etc/apt/apt.conf.d/truststate
runfailure() {
for DELETEFILE in 'InRelease' 'Release.gpg'; do
+ export APT_DONT_SIGN="$DELETEFILE"
msgmsg 'Cold archive signed by' 'Joe Sixpack'
prepare "${PKGFILE}"
rm -rf rootdir/var/lib/apt/lists
signreleasefiles 'Joe Sixpack'
- find aptarchive/ -name "$DELETEFILE" -delete
testfailure aptget update --no-allow-insecure-repositories -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1
testsuccess grep 'The following signatures were invalid' rootdir/tmp/testfailure.output
testnopackage 'apt'
@@ -437,13 +418,13 @@ runfailure() {
prepare "${PKGFILE}"
rm -rf rootdir/var/lib/apt/lists
signreleasefiles 'Marvin Paranoid'
- find aptarchive/ -name "$DELETEFILE" -delete
testfailure aptget update --no-allow-insecure-repositories -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1
testnopackage 'apt'
updatewithwarnings '^W: .* NO_PUBKEY'
testsuccessequal "$(cat "${PKGFILE}")
" aptcache show apt
failaptold
+ unset APT_DONT_SIGN
done
}
runfailure
diff --git a/test/integration/test-ubuntu-bug-784473-InRelease-one-message-only b/test/integration/test-ubuntu-bug-784473-InRelease-one-message-only
index 21d7129ae..fe42ba83d 100755
--- a/test/integration/test-ubuntu-bug-784473-InRelease-one-message-only
+++ b/test/integration/test-ubuntu-bug-784473-InRelease-one-message-only
@@ -8,11 +8,9 @@ configarchitecture 'i386'
insertpackage 'unstable' 'apt' 'i386' '0.8.11'
-setupaptarchive
+export APT_DONT_SIGN='Release.gpg'
+setupaptarchive --no-update
-rm -rf rootdir/var/lib/apt/lists
-
-find aptarchive/ -name 'Release.gpg' -delete
find aptarchive/ -name 'InRelease' -exec cp {} {}.old \;
for RELEASE in $(find aptarchive/ -name 'InRelease'); do