summaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
Diffstat (limited to 'test')
-rwxr-xr-xtest/integration/test-releasefile-verification61
1 files changed, 45 insertions, 16 deletions
diff --git a/test/integration/test-releasefile-verification b/test/integration/test-releasefile-verification
index 54483ba9a..ffb5073b6 100755
--- a/test/integration/test-releasefile-verification
+++ b/test/integration/test-releasefile-verification
@@ -97,6 +97,7 @@ updatewithwarnings() {
}
runtest() {
+ local DELETEFILE="$1"
msgmsg 'Cold archive signed by' 'Joe Sixpack'
prepare "${PKGFILE}"
rm -rf rootdir/var/lib/apt/lists
@@ -257,19 +258,14 @@ runtest2() {
}
runtest3() {
- export APT_TESTS_DIGEST_ALGO="$1"
- msgmsg "Running base test with digest $1"
+ echo "Debug::Acquire::gpgv::configdigest::truststate \"$1\";" > rootdir/etc/apt/apt.conf.d/truststate
+ msgmsg "Running base test with $1 digest"
runtest2
- DELETEFILE="InRelease"
- msgmsg "Running test with deletion of $DELETEFILE and digest $1"
- runtest
-
- DELETEFILE="Release.gpg"
- msgmsg "Running test with deletion of $DELETEFILE and digest $1"
- runtest
-
- unset APT_TESTS_DIGEST_ALGO
+ for DELETEFILE in 'InRelease' 'Release.gpg'; do
+ msgmsg "Running test with deletion of $DELETEFILE and $1 digest"
+ runtest "$DELETEFILE"
+ done
}
# diable some protection by default and ensure we still do the verification
@@ -278,17 +274,50 @@ cat > rootdir/etc/apt/apt.conf.d/weaken-security <<EOF
Acquire::AllowInsecureRepositories "1";
Acquire::AllowDowngradeToInsecureRepositories "1";
EOF
+# the hash marked as configureable in our gpgv method
+export APT_TESTS_DIGEST_ALGO='SHA224'
-# an all-round good hash
successfulaptgetupdate() {
testsuccess aptget update -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1
}
-runtest3 'SHA512'
+runtest3 'trusted'
-# a hash we consider weak and therefore warn about
-rm -f rootdir/etc/apt/apt.conf.d/no-sha1
successfulaptgetupdate() {
testwarning aptget update -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1
testsuccess grep 'uses weak digest algorithm' rootdir/tmp/testwarning.output
}
-runtest3 'SHA1'
+runtest3 'weak'
+
+msgmsg "Running test with apt-untrusted digest"
+echo "Debug::Acquire::gpgv::configdigest::truststate \"untrusted\";" > rootdir/etc/apt/apt.conf.d/truststate
+runfailure() {
+ for DELETEFILE in 'InRelease' 'Release.gpg'; do
+ msgmsg 'Cold archive signed by' 'Joe Sixpack'
+ prepare "${PKGFILE}"
+ rm -rf rootdir/var/lib/apt/lists
+ signreleasefiles 'Joe Sixpack'
+ find aptarchive/ -name "$DELETEFILE" -delete
+ testfailure aptget update --no-allow-insecure-repositories -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1
+ testsuccess grep 'The following signatures were invalid' rootdir/tmp/testfailure.output
+ testnopackage 'apt'
+ testwarning aptget update --allow-insecure-repositories -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1
+ failaptold
+
+ msgmsg 'Cold archive signed by' 'Marvin Paranoid'
+ prepare "${PKGFILE}"
+ rm -rf rootdir/var/lib/apt/lists
+ signreleasefiles 'Marvin Paranoid'
+ find aptarchive/ -name "$DELETEFILE" -delete
+ testfailure aptget update --no-allow-insecure-repositories -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1
+ testnopackage 'apt'
+ updatewithwarnings '^W: .* NO_PUBKEY'
+ testsuccessequal "$(cat "${PKGFILE}")
+" aptcache show apt
+ failaptold
+ done
+}
+runfailure
+
+msgmsg "Running test with gpgv-untrusted digest"
+export APT_TESTS_DIGEST_ALGO='MD5'
+runfailure