diff options
Diffstat (limited to 'test')
| -rw-r--r-- | test/integration/framework | 7 | ||||
| -rwxr-xr-x | test/integration/test-apt-update-ims | 12 | ||||
| -rwxr-xr-x | test/integration/test-apt-update-nofallback | 5 | ||||
| -rwxr-xr-x | test/integration/test-apt-update-not-modified | 4 | ||||
| -rwxr-xr-x | test/integration/test-apt-update-rollback | 4 | ||||
| -rwxr-xr-x | test/integration/test-releasefile-date-older | 62 | ||||
| -rwxr-xr-x | test/integration/test-releasefile-valid-until | 37 | ||||
| -rwxr-xr-x | test/integration/test-releasefile-verification | 70 |
8 files changed, 121 insertions, 80 deletions
diff --git a/test/integration/framework b/test/integration/framework index 8c8936ead..b253deb91 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -1164,9 +1164,9 @@ testfileequal() { shift msgtest "Test for correctness of file" "$FILE" if [ -z "$*" ]; then - echo -n "" | checkdiff $FILE - && msgpass || msgfail + echo -n "" | checkdiff - $FILE && msgpass || msgfail else - echo "$*" | checkdiff $FILE - && msgpass || msgfail + echo "$*" | checkdiff - $FILE && msgpass || msgfail fi } @@ -1547,7 +1547,8 @@ aptautotest_aptcdrom_add() { aptautotest_aptget_update "$@"; } testaptautotestnodpkgwarning() { local TESTCALL="$1" while [ -n "$2" ]; do - if expr match "$2" '^-[a-z]*s' >/dev/null 2>&1; then return; fi + if expr match "$2" '^-[a-z]*s' >/dev/null 2>&1; then return; fi # simulation mode + if expr match "$2" '^-dy\?' >/dev/null 2>&1; then return; fi # download-only mode shift done testfailure grep '^dpkg: warning:.*ignor.*' "${TMPWORKINGDIRECTORY}/rootdir/tmp-before/${TESTCALL}.output" diff --git a/test/integration/test-apt-update-ims b/test/integration/test-apt-update-ims index f091bffaa..7385e701a 100755 --- a/test/integration/test-apt-update-ims +++ b/test/integration/test-apt-update-ims @@ -43,7 +43,7 @@ runtest() { testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)" # ensure that we still do a hash check for other files on ims hit of Release - if grep -q '^Hit .* \(InRelease\|Release.gpg\)$' expected.output ; then + if grep -q '^Hit .* InRelease$' expected.output || ! grep -q '^Ign .* Release\(\.gpg\)\?$' expected.output; then $TEST aptget update -o Debug::Acquire::gpgv=1 cp rootdir/tmp/${TEST}.output goodsign.output testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)" @@ -66,7 +66,6 @@ msgmsg 'Release/Release.gpg' EXPECT='Ign http://localhost:8080 unstable InRelease 404 Not Found Hit http://localhost:8080 unstable Release -Hit http://localhost:8080 unstable Release.gpg Reading package lists...' find aptarchive -name 'InRelease' -delete echo 'Acquire::GzipIndexes "0";' > rootdir/etc/apt/apt.conf.d/02compressindex @@ -81,7 +80,7 @@ Hit http://localhost:8080 unstable Release Ign http://localhost:8080 unstable Release.gpg 404 Not Found Reading package lists... -W: The data from 'http://localhost:8080 unstable Release.gpg' is not signed. Packages from that repository can not be authenticated." +W: The data from 'http://localhost:8080 unstable Release' is not signed. Packages from that repository can not be authenticated." find aptarchive -name 'Release.gpg' -delete echo 'Acquire::GzipIndexes "0";' > rootdir/etc/apt/apt.conf.d/02compressindex runtest 'warning' @@ -108,8 +107,7 @@ msgmsg 'expired Release/Release.gpg' EXPECT='Ign http://localhost:8080 unstable InRelease 404 Not Found Hit http://localhost:8080 unstable Release -Hit http://localhost:8080 unstable Release.gpg -E: Release file for http://localhost:8080/dists/unstable/Release.gpg is expired (invalid since). Updates for this repository will not be applied.' +E: Release file for http://localhost:8080/dists/unstable/Release is expired (invalid since). Updates for this repository will not be applied.' find aptarchive -name 'InRelease' -delete echo 'Acquire::GzipIndexes "0";' > rootdir/etc/apt/apt.conf.d/02compressindex runtest 'failure' @@ -122,8 +120,8 @@ EXPECT="Ign http://localhost:8080 unstable InRelease Hit http://localhost:8080 unstable Release Ign http://localhost:8080 unstable Release.gpg 404 Not Found -W: The data from 'http://localhost:8080 unstable Release.gpg' is not signed. Packages from that repository can not be authenticated. -E: Release file for http://localhost:8080/dists/unstable/InRelease is expired (invalid since). Updates for this repository will not be applied." +W: The data from 'http://localhost:8080 unstable Release' is not signed. Packages from that repository can not be authenticated. +E: Release file for http://localhost:8080/dists/unstable/Release is expired (invalid since). Updates for this repository will not be applied." find aptarchive -name 'Release.gpg' -delete echo 'Acquire::GzipIndexes "0";' > rootdir/etc/apt/apt.conf.d/02compressindex runtest 'failure' 'warning' diff --git a/test/integration/test-apt-update-nofallback b/test/integration/test-apt-update-nofallback index 71576de81..db4430ea3 100755 --- a/test/integration/test-apt-update-nofallback +++ b/test/integration/test-apt-update-nofallback @@ -8,6 +8,7 @@ set -e simulate_mitm_and_inject_evil_package() { + redatereleasefiles '+1 hour' rm -f $APTARCHIVE/dists/unstable/InRelease rm -f $APTARCHIVE/dists/unstable/Release.gpg inject_evil_package @@ -31,7 +32,7 @@ EOF assert_update_is_refused_and_last_good_state_used() { - testfailureequal "E: The repository 'file: unstable Release.gpg' is no longer signed." aptget update -qq + testfailuremsg "E: The repository 'file: unstable Release' is no longer signed." aptget update assert_repo_is_intact } @@ -193,7 +194,7 @@ test_release_gpg_to_invalid_release_release_gpg() echo "Some evil data" >> $APTARCHIVE/dists/unstable/Release inject_evil_package - testwarningequal "W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: file: unstable Release.gpg: The following signatures were invalid: BADSIG 5A90D141DBAC8DAE Joe Sixpack (APT Testcases Dummy) <joe@example.org> + testwarningequal "W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: file: unstable Release: The following signatures were invalid: BADSIG 5A90D141DBAC8DAE Joe Sixpack (APT Testcases Dummy) <joe@example.org> W: Failed to fetch file:${APTARCHIVE}/dists/unstable/Release.gpg The following signatures were invalid: BADSIG 5A90D141DBAC8DAE Joe Sixpack (APT Testcases Dummy) <joe@example.org> diff --git a/test/integration/test-apt-update-not-modified b/test/integration/test-apt-update-not-modified index a67ecb760..b1d55c156 100755 --- a/test/integration/test-apt-update-not-modified +++ b/test/integration/test-apt-update-not-modified @@ -56,7 +56,6 @@ Reading package lists..." aptget update testsuccessequal "Ign $1 unstable InRelease 404 Not Found Hit $1 unstable Release -Hit $1 unstable Release.gpg Reading package lists..." aptget update testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)" @@ -66,7 +65,6 @@ Reading package lists..." aptget update testsuccessequal "Ign $1 unstable InRelease 404 Not Found Hit $1 unstable Release -Hit $1 unstable Release.gpg Reading package lists..." aptget update testfileequal 'listsdir-without-amd64.lst' "$(listcurrentlistsdirectory)" @@ -75,7 +73,6 @@ Reading package lists..." aptget update testsuccessequal "Ign $1 unstable InRelease 404 Not Found Hit $1 unstable Release -Hit $1 unstable Release.gpg Get:1 $1 unstable/main amd64 Packages [$(stat -c '%s' 'aptarchive/dists/unstable/main/binary-amd64/Packages.gz') B] Reading package lists..." aptget update testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)" @@ -85,7 +82,6 @@ Reading package lists..." aptget update testsuccessequal "Ign $1 unstable InRelease 404 Not Found Get:1 $1 unstable Release [$(stat -c '%s' 'aptarchive/dists/unstable/Release') B] -Get:2 $1 unstable Release.gpg [$(stat -c '%s' 'aptarchive/dists/unstable/Release.gpg') B] Reading package lists..." aptget update webserverconfig 'aptwebserver::support::modified-since' 'true' webserverconfig 'aptwebserver::support::last-modified' 'true' diff --git a/test/integration/test-apt-update-rollback b/test/integration/test-apt-update-rollback index 29fe1ab56..b464a04a1 100755 --- a/test/integration/test-apt-update-rollback +++ b/test/integration/test-apt-update-rollback @@ -78,7 +78,7 @@ test_inrelease_to_valid_release() { rm $APTARCHIVE/dists/unstable/Release.gpg # update fails - testfailureequal "E: The repository 'file: unstable Release.gpg' is no longer signed." aptget update -qq + testfailureequal "E: The repository 'file: unstable Release' is no longer signed." aptget update -qq # test that security downgrade was not successful testfileequal lists.before "$(listcurrentlistsdirectory)" @@ -101,7 +101,7 @@ test_inrelease_to_release_reverts_all() { break_repository_sources_index '+1hour' # ensure error - testfailureequal "E: The repository 'file: unstable Release.gpg' is no longer signed." aptget update -qq # -o Debug::acquire::transaction=1 + testfailureequal "E: The repository 'file: unstable Release' is no longer signed." aptget update -qq # -o Debug::acquire::transaction=1 # ensure that the Packages file is also rolled back testfileequal lists.before "$(listcurrentlistsdirectory)" diff --git a/test/integration/test-releasefile-date-older b/test/integration/test-releasefile-date-older new file mode 100755 index 000000000..5cdc34fac --- /dev/null +++ b/test/integration/test-releasefile-date-older @@ -0,0 +1,62 @@ +#!/bin/sh +set -e + +TESTDIR=$(readlink -f $(dirname $0)) +. $TESTDIR/framework +setupenvironment +configarchitecture 'i386' + +insertpackage 'wheezy' 'apt' 'all' '0.8.15' + +setupaptarchive --no-update + +# we don't complain as the server could have just sent a 'Hit' here and this +# 'downgrade attack' is usually performed by out-of-sync mirrors. Valid-Until +# catches the 'real' downgrade attacks (expect that it finds stale mirrors). +# Scaring users with an error here serves hence no point. + +msgmsg 'InRelease file is silently rejected if' 'new Date is before old Date' +rm -rf rootdir/var/lib/apt/lists +generatereleasefiles 'now' 'now + 7 days' +signreleasefiles +testsuccess aptget update +listcurrentlistsdirectory > listsdir.lst +redatereleasefiles 'now - 2 days' +testsuccess aptget update +testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)" + +msgmsg 'Release.gpg file is silently rejected if' 'new Date is before old Date' +rm -rf rootdir/var/lib/apt/lists +generatereleasefiles 'now' 'now + 7 days' +signreleasefiles +find aptarchive -name 'InRelease' -delete +testsuccess aptget update +listcurrentlistsdirectory > listsdir.lst +redatereleasefiles 'now - 2 days' +find aptarchive -name 'InRelease' -delete +testsuccess aptget update +testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)" + +msgmsg 'Crisscross InRelease/Release.gpg file is silently rejected if' 'new Date is before old Date' +rm -rf rootdir/var/lib/apt/lists +generatereleasefiles 'now' 'now + 7 days' +signreleasefiles +find aptarchive -name 'Release.gpg' -delete +testsuccess aptget update +listcurrentlistsdirectory > listsdir.lst +redatereleasefiles 'now - 2 days' +find aptarchive -name 'InRelease' -delete +testsuccess aptget update +testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)" + +msgmsg 'Crisscross Release.gpg/InRelease file is silently rejected if' 'new Date is before old Date' +rm -rf rootdir/var/lib/apt/lists +generatereleasefiles 'now' 'now + 7 days' +signreleasefiles +find aptarchive -name 'InRelease' -delete +testsuccess aptget update +listcurrentlistsdirectory > listsdir.lst +redatereleasefiles 'now - 2 days' +find aptarchive -name 'Release.gpg' -delete +testsuccess aptget update +testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)" diff --git a/test/integration/test-releasefile-valid-until b/test/integration/test-releasefile-valid-until index 0d9a91254..e000abf5d 100755 --- a/test/integration/test-releasefile-valid-until +++ b/test/integration/test-releasefile-valid-until @@ -16,13 +16,12 @@ setupaptarchive --no-update runtest() { local MSG="$1" - msgtest "$1" "$2" + msgtest "Release file is $MSG as it has" "$2" rm -rf rootdir/var/lib/apt/lists - aptget clean generatereleasefiles "$3" "$4" signreleasefiles shift 4 - if expr match "$MSG" '.*accepted.*' >/dev/null; then + if [ "$MSG" = 'accepted' ]; then testsuccess --nomsg aptget update "$@" testfailure grep -q 'is expired' rootdir/tmp/testsuccess.output else @@ -31,19 +30,19 @@ runtest() { fi } -runtest 'Release file is accepted as it has' 'no Until' '' '' -runtest 'Release file is accepted as it has' 'no Until and good Max-Valid' '' '' -o Acquire::Max-ValidTime=3600 -runtest 'Release file is rejected as it has' 'no Until, but bad Max-Valid' 'now - 2 days' '' -o Acquire::Max-ValidTime=3600 -runtest 'Release file is accepted as it has' 'good Until' 'now - 3 days' 'now + 1 day' -runtest 'Release file is rejected as it has' 'bad Until' 'now - 7 days' 'now - 4 days' -runtest 'Release file is rejected as it has' 'bad Until (ignore good Max-Valid)' 'now - 7 days' 'now - 4 days' -o Acquire::Max-ValidTime=1209600 -runtest 'Release file is rejected as it has' 'bad Max-Valid (bad Until)' 'now - 7 days' 'now - 4 days' -o Acquire::Max-ValidTime=86400 -runtest 'Release file is rejected as it has' 'bad Max-Valid (good Until)' 'now - 7 days' 'now + 4 days' -o Acquire::Max-ValidTime=86400 -runtest 'Release file is accepted as it has' 'good labeled Max-Valid' 'now - 7 days' 'now + 4 days' -o Acquire::Max-ValidTime=86400 -o Acquire::Max-ValidTime::Testcases=1209600 -runtest 'Release file is rejected as it has' 'bad labeled Max-Valid' 'now - 7 days' 'now + 4 days' -o Acquire::Max-ValidTime=1209600 -o Acquire::Max-ValidTime::Testcases=86400 -runtest 'Release file is accepted as it has' 'good Until (good Min-Valid, no Max-Valid)' 'now - 7 days' 'now + 1 days' -o Acquire::Min-ValidTime=1209600 -runtest 'Release file is accepted as it has' 'good Min-Valid (bad Until, no Max-Valid)' 'now - 7 days' 'now - 4 days' -o Acquire::Min-ValidTime=1209600 -runtest 'Release file is accepted as it has' 'good Min-Valid (bad Until, good Max-Valid) <' 'now - 7 days' 'now - 2 days' -o Acquire::Min-ValidTime=1209600 -o Acquire::Max-ValidTime=2419200 -runtest 'Release file is rejected as it has' 'bad Max-Valid (bad Until, good Min-Valid) >' 'now - 7 days' 'now - 2 days' -o Acquire::Max-ValidTime=12096 -o Acquire::Min-ValidTime=2419200 -runtest 'Release file is rejected as it has' 'bad Max-Valid (bad Until, bad Min-Valid) <' 'now - 7 days' 'now - 2 days' -o Acquire::Min-ValidTime=12096 -o Acquire::Max-ValidTime=241920 -runtest 'Release file is rejected as it has' 'bad Max-Valid (bad Until, bad Min-Valid) >' 'now - 7 days' 'now - 2 days' -o Acquire::Max-ValidTime=12096 -o Acquire::Min-ValidTime=241920 +runtest 'accepted' 'no Until' '' '' +runtest 'accepted' 'no Until and good Max-Valid' '' '' -o Acquire::Max-ValidTime=3600 +runtest 'rejected' 'no Until, but bad Max-Valid' 'now - 2 days' '' -o Acquire::Max-ValidTime=3600 +runtest 'accepted' 'good Until' 'now - 3 days' 'now + 1 day' +runtest 'rejected' 'bad Until' 'now - 7 days' 'now - 4 days' +runtest 'rejected' 'bad Until (ignore good Max-Valid)' 'now - 7 days' 'now - 4 days' -o Acquire::Max-ValidTime=1209600 +runtest 'rejected' 'bad Max-Valid (bad Until)' 'now - 7 days' 'now - 4 days' -o Acquire::Max-ValidTime=86400 +runtest 'rejected' 'bad Max-Valid (good Until)' 'now - 7 days' 'now + 4 days' -o Acquire::Max-ValidTime=86400 +runtest 'accepted' 'good labeled Max-Valid' 'now - 7 days' 'now + 4 days' -o Acquire::Max-ValidTime=86400 -o Acquire::Max-ValidTime::Testcases=1209600 +runtest 'rejected' 'bad labeled Max-Valid' 'now - 7 days' 'now + 4 days' -o Acquire::Max-ValidTime=1209600 -o Acquire::Max-ValidTime::Testcases=86400 +runtest 'accepted' 'good Until (good Min-Valid, no Max-Valid)' 'now - 7 days' 'now + 1 days' -o Acquire::Min-ValidTime=1209600 +runtest 'accepted' 'good Min-Valid (bad Until, no Max-Valid)' 'now - 7 days' 'now - 4 days' -o Acquire::Min-ValidTime=1209600 +runtest 'accepted' 'good Min-Valid (bad Until, good Max-Valid) <' 'now - 7 days' 'now - 2 days' -o Acquire::Min-ValidTime=1209600 -o Acquire::Max-ValidTime=2419200 +runtest 'rejected' 'bad Max-Valid (bad Until, good Min-Valid) >' 'now - 7 days' 'now - 2 days' -o Acquire::Max-ValidTime=12096 -o Acquire::Min-ValidTime=2419200 +runtest 'rejected' 'bad Max-Valid (bad Until, bad Min-Valid) <' 'now - 7 days' 'now - 2 days' -o Acquire::Min-ValidTime=12096 -o Acquire::Max-ValidTime=241920 +runtest 'rejected' 'bad Max-Valid (bad Until, bad Min-Valid) >' 'now - 7 days' 'now - 2 days' -o Acquire::Max-ValidTime=12096 -o Acquire::Min-ValidTime=241920 diff --git a/test/integration/test-releasefile-verification b/test/integration/test-releasefile-verification index 363b7fe5b..469ed34d2 100755 --- a/test/integration/test-releasefile-verification +++ b/test/integration/test-releasefile-verification @@ -91,25 +91,9 @@ touch aptarchive/apt.deb PKGFILE="${TESTDIR}/$(echo "$(basename $0)" | sed 's#^test-#Packages-#')" -updatesuccess() { - local LOG='update.log' - if aptget update >$LOG 2>&1 || grep -q -E '^(W|E): ' $LOG; then - msgpass - else - cat $LOG - msgfail - fi -} - -updatefailure() { - local LOG='update.log' - aptget update >$LOG 2>&1 || true - if grep -q -E "$1" $LOG; then - msgpass - else - cat $LOG - msgfail - fi +updatewithwarnings() { + testwarning aptget update + testsuccess grep -E "$1" rootdir/tmp/testwarning.output } runtest() { @@ -117,8 +101,8 @@ runtest() { rm -rf rootdir/var/lib/apt/lists signreleasefiles 'Joe Sixpack' find aptarchive/ -name "$DELETEFILE" -delete - msgtest 'Cold archive signed by' 'Joe Sixpack' - updatesuccess + msgmsg 'Cold archive signed by' 'Joe Sixpack' + testsuccess aptget update testsuccessequal "$(cat ${PKGFILE}) " aptcache show apt installaptold @@ -126,8 +110,8 @@ runtest() { prepare ${PKGFILE}-new signreleasefiles 'Joe Sixpack' find aptarchive/ -name "$DELETEFILE" -delete - msgtest 'Good warm archive signed by' 'Joe Sixpack' - updatesuccess + msgmsg 'Good warm archive signed by' 'Joe Sixpack' + testsuccess aptget update testsuccessequal "$(cat ${PKGFILE}-new) " aptcache show apt installaptnew @@ -137,8 +121,8 @@ runtest() { cp keys/rexexpired.pub rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg signreleasefiles 'Rex Expired' find aptarchive/ -name "$DELETEFILE" -delete - msgtest 'Cold archive signed by' 'Rex Expired' - updatefailure '^W: .* KEYEXPIRED' + msgmsg 'Cold archive signed by' 'Rex Expired' + updatewithwarnings '^W: .* KEYEXPIRED' testsuccessequal "$(cat ${PKGFILE}) " aptcache show apt failaptold @@ -148,8 +132,8 @@ runtest() { rm -rf rootdir/var/lib/apt/lists signreleasefiles 'Marvin Paranoid' find aptarchive/ -name "$DELETEFILE" -delete - msgtest 'Cold archive signed by' 'Marvin Paranoid' - updatefailure '^W: .* NO_PUBKEY' + msgmsg 'Cold archive signed by' 'Marvin Paranoid' + updatewithwarnings '^W: .* NO_PUBKEY' testsuccessequal "$(cat ${PKGFILE}) " aptcache show apt failaptold @@ -162,8 +146,8 @@ runtest() { done signreleasefiles 'Joe Sixpack' find aptarchive/ -name "$DELETEFILE" -delete - msgtest 'Bad warm archive signed by' 'Joe Sixpack' - updatesuccess + msgmsg 'Bad warm archive signed by' 'Joe Sixpack' + testsuccess aptget update testsuccessequal "$(cat ${PKGFILE}-new) " aptcache show apt installaptnew @@ -173,8 +157,8 @@ runtest() { rm -rf rootdir/var/lib/apt/lists signreleasefiles 'Joe Sixpack' find aptarchive/ -name "$DELETEFILE" -delete - msgtest 'Cold archive signed by' 'Joe Sixpack' - updatesuccess + msgmsg 'Cold archive signed by' 'Joe Sixpack' + testsuccess aptget update testsuccessequal "$(cat ${PKGFILE}) " aptcache show apt installaptold @@ -182,8 +166,8 @@ runtest() { prepare ${PKGFILE}-new signreleasefiles 'Marvin Paranoid' find aptarchive/ -name "$DELETEFILE" -delete - msgtest 'Good warm archive signed by' 'Marvin Paranoid' - updatefailure '^W: .* NO_PUBKEY' + msgmsg 'Good warm archive signed by' 'Marvin Paranoid' + updatewithwarnings '^W: .* NO_PUBKEY' testsuccessequal "$(cat ${PKGFILE}) " aptcache show apt installaptold @@ -192,8 +176,8 @@ runtest() { cp keys/rexexpired.pub rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg signreleasefiles 'Rex Expired' find aptarchive/ -name "$DELETEFILE" -delete - msgtest 'Good warm archive signed by' 'Rex Expired' - updatefailure '^W: .* KEYEXPIRED' + msgmsg 'Good warm archive signed by' 'Rex Expired' + updatewithwarnings '^W: .* KEYEXPIRED' testsuccessequal "$(cat ${PKGFILE}) " aptcache show apt installaptold @@ -202,8 +186,8 @@ runtest() { prepare ${PKGFILE}-new signreleasefiles find aptarchive/ -name "$DELETEFILE" -delete - msgtest 'Good warm archive signed by' 'Joe Sixpack' - updatesuccess + msgmsg 'Good warm archive signed by' 'Joe Sixpack' + testsuccess aptget update testsuccessequal "$(cat ${PKGFILE}-new) " aptcache show apt installaptnew @@ -213,24 +197,24 @@ runtest2() { prepare ${PKGFILE} rm -rf rootdir/var/lib/apt/lists signreleasefiles 'Joe Sixpack' - msgtest 'Cold archive signed by' 'Joe Sixpack' - updatesuccess + msgmsg 'Cold archive signed by' 'Joe Sixpack' + testsuccess aptget update # New .deb but now an unsigned archive. For example MITM to circumvent # package verification. prepare ${PKGFILE}-new find aptarchive/ -name InRelease -delete find aptarchive/ -name Release.gpg -delete - msgtest 'Warm archive signed by' 'nobody' - updatesuccess + msgmsg 'Warm archive signed by' 'nobody' + updatewithwarnings 'W: .* no longer signed.' testsuccessequal "$(cat ${PKGFILE}-new) " aptcache show apt failaptnew # Unsigned archive from the beginning must also be detected. rm -rf rootdir/var/lib/apt/lists - msgtest 'Cold archive signed by' 'nobody' - updatesuccess + msgmsg 'Cold archive signed by' 'nobody' + updatewithwarnings 'W: .* is not signed.' testsuccessequal "$(cat ${PKGFILE}-new) " aptcache show apt failaptnew |