summaryrefslogtreecommitdiff
path: root/test/integration
AgeCommit message (Collapse)Author
2016-11-02keep Release.gpg on untrusted to trusted IMS-HitDavid Kalnischkies
A user relying on the deprecated behaviour of apt-get to accept a source with an unknown pubkey to install a package containing the key expects that the following 'apt-get update' causes the source to be considered as trusted, but in case the source hadn't changed in the meantime this wasn't happening: The source kept being untrusted until the Release file was changed. This only effects sources not using InRelease and only apt-get, the apt binary downright refuses this course of actions, but it is a common way of adding external sources. Closes: 838779
2016-11-02don't install new deps of candidates for kept back pkgsDavid Kalnischkies
In effect this is an extension of the 6 years old commit a8dfff90aa740889eb99d00fde5d70908d9fd88a which uses the autoremover to remove packages again from the solution which are no longer needed to be there. Commonly these are dependencies of packages we end up not installed due to problem resolver decisions. Slightly less common is the situation we deal with here: a package which we wanted to upgrade sporting a new dependency, but ended up holding back. The problem is that all versions of an installed reverse dependencies can bring back a "garbage" package – we need to do this as there is nothing inherently wrong in having garbage packages installed or upgrade them, which itself would have garbage dependencies, so just blindly killing all new garbage packages would prevent the upgrade (and actually generate errors). What we should be doing is looking only at the version we will have on the system, disregarding all old/new reverse dependencies. Reported-By: Stuart Prescott (themill) on IRC
2016-09-18VersionHash: Do not skip too long dependency linesJulian Andres Klode
If the dependency line does not contain spaces in the repository but does in the dpkg status file (because dpkg normalized the dependency list), the dpkg line might be longer than the line in the repository. If it now happens to be longer than 1024 characters, it would be skipped, causing the hashes to be out of date. Note that we have to bump the minor cache version again as this changes the format slightly, and we might get mismatches with an older src cache otherwise. Fixes Debian/apt#23
2016-09-07test: Always install dpkg into our tests, regardless of MAJulian Andres Klode
Even if we only configure a single architecture, install dpkg, so dpkg can assert multi arch correctly. This also has the nice side effect of making single architecture and multiple architecture test cases more uniform. This fixes a regression from f878d3a862128bc1385616751ae1d78246b1bd01 ("test: Assert multi-arch in the chroot").
2016-09-07test: framework: Ensure copied status files have trailing linesJulian Andres Klode
If we copied one of the existing status files, we might not have a trailing newline, so let's add one. Gbp-Dch: ignore
2016-09-07edsp: try 2 to read responses even if writing failedDavid Kalnischkies
Commit b60c8a89c281f2bb945d426d2215cbf8f5760738 improved the situation, but due to inconsistency mostly for planners, not for solvers. As the idea of hiding errors if we show another error is a bit scary (as the extern error might be a followup of our intern error, rather than the reason for our intern error as it is at the moment) we don't discard the errors, but if we got an extern error we show them directly removing them from the error list at the end of the run – that list will contain the extern error which hopefully gives us the best of both worlds. The problem itself is the same as before: The externals exiting before apt is done talking to them. Reported-By: Johannes 'josch' Schauer on IRC
2016-09-02acquire: Use priority queues and a 3 stage pipeline designJulian Andres Klode
Employ a priority queue instead of a normal queue to hold the items; and only add items to the running pipeline if their priority is the same or higher than the priority of items in the queue. The priorities are designed for a 3 stage pipeline system: In stage 1, all Release files and .diff/Index files are fetched. This allows us to determine what files remain to be fetched, and thus ensures a usable progress reporting. In stage 2, all Pdiff patches are fetched, so we can apply them in parallel with fetching other files in stage 3. In stage 3, all other files are fetched (complete index files such as Contents, Packages). Performance improvements, mainly from fetching the pdiff patches before complete files, so they can be applied in parallel: For the 01 Sep 2016 03:35:23 UTC -> 02 Sep 2016 09:25:37 update of Debian unstable and testing with Contents and appstream for amd64 and i386, update time reduced from 37 seconds to 24-28 seconds. Previously, apt would first download new DEP11 icon tarballs and metadata files, causing the CPU to be idle. By fetching the diffs in stage 2, we can now patch our contents and Packages files while we are downloading the DEP11 stuff.
2016-09-01support long keyid and fingerprint in gpgv's GOODSIGDavid Kalnischkies
In gpgv1 GOODSIG (and the other messages of status-fd) are documented as sending the long keyid. In gpgv2 it is documented to be either long keyid or the fingerprint. At the moment it is still the long keyid, but the documentation hints at the possibility of changing this. We care about this for Signed-By support as we detect this way if the right fingerprint has signed this file (or not). The check itself is done via VALIDSIG which always is a fingerprint, but there must also be a GOODSIG (as expired sigs are valid, too) found to be accepted which wouldn't be found in the fingerprint-case and the signature hence refused.
2016-09-01test-apt-cdrom: Fix for gnupg 2.1.15Julian Andres Klode
gpg annoyingly changed its output and broke our test suite again by adding two extra lines about key type and issuer. Really annoying. Those lines also have more than one space after the colon, so let's use \s* there - and also change the other lines to support variable length whitespace in case gpg decides to break things there too.
2016-08-31test/integration/test-srcrecord: Make executableJulian Andres Klode
I actually tried to amend the previous commit, but apparently I forgot to add the file mode change. Gbp-Dch: ignore
2016-08-31Fix segfault and out-of-bounds read in Binary fieldsJulian Andres Klode
If a Binary field contains one or more spaces before a comma, the code produced a segmentation fault, as it accidentally set a pointer to 0 instead of the value of the pointer. If the comma is at the beginning of the field, the code would create a binStartNext that points one element before the start of the string, which is undefined behavior. We also need to check that we do not exit the string during the replacement of spaces before commas: A string of the form " ," would normally exit the boundary of the Buffer: binStartNext = offset 1 ',' binEnd = offset 0 ' ' isspace_ascii(*binEnd) = true => --binEnd => binEnd = - 1 We get rid of the problem by only allowing spaces to be eliminated if they are not the first character of the buffer: binStartNext = offset 1 ',' binEnd = offset 0 ' ' binEnd > buffer = false, isspace_ascii(*binEnd) = true => exit loop => binEnd remains 0
2016-08-30test: Pass -d to dpkg-buildpackageJulian Andres Klode
This works around an issue on Fedora where dpkg complains about missing build-essential: dpkg-checkbuilddeps: Unmet build dependencies: build-essential:native Gbp-Dch: ignore
2016-08-29test, travis: Quieter testing with a new -qq modeJulian Andres Klode
Introduce a new -qq mode for our integration test framework, and make travis use it. The new -qq mode sets MSGLEVEL to 1. In MSGLEVEL=1, no messages are generated for passed tests, and all testcase filenames are printed in the same line. Also install first in travis, do not ls the installed output and run the install with chronic, so we only get output if it failed. Gbp-Dch: ignore
2016-08-29don't loop on pinning pkgs from absolute debs by regexDavid Kalnischkies
An absolute filename for a *.deb file starts with a /. A package with the name of the file is inserted in the cache which is provided by the "real" package for internal reasons. The pinning code detects a regex based wildcard by having the regex start with /. That is no problem as a / can not be included in a package name… expect that our virtual filename package can and does. We fix this two ways actually: First, a regex is only being considered a regex if it also ends with / (we don't support flags). That stops our problem with the virtual filename packages already, but to be sure we also do not enter the loop if matcher and package name are equal. It has to be noted that the creation of pins for virtual packages like the here effected filename packages is pointless as only versions can be pinned, but checking that a package is really purely virtual is too costly compared to just creating an unused pin. Closes: 835818
2016-08-29randomize acquire order for same type index filesDavid Kalnischkies
Without randomizing the order in which we download the index files we leak needlessly information to the mirrors of which architecture is native or foreign on this system. More importantly, we leak the order in which description translations will be used which in most cases will e.g. have the native tongue first. Note that the leak effect in practice is limited as apt detects if a file it wants to download is already available in the latest version from a previous download and does not query the server in such cases. Combined with the fact that Translation files are usually updated infrequently and not all at the same time, so a mirror can never be sure if it got asked about all files the user wants.
2016-08-27Merge branch 'portability/freebsd'Julian Andres Klode
2016-08-26test: Use :$(id -gn) instead of :root (when run as root)Julian Andres Klode
On BSD systems, the root group is wheel, not root, so let's just use the default group here. Gbp-Dch: ignore
2016-08-26test: Assert multi-arch in the chrootJulian Andres Klode
The host system might not have a dpkg installed, which makes dpkg fail with: dpkg not recorded as installed, cannot check for multi-arch support! That's entirely useless of course. We want to know if dpkg could support multi-arch in our chroot, so we pseudo-install dpkg into the chroot and pretend it's version is one version higher than the minimum dpkg version, so dpkg --assert-multi-arch works on recent dpkgs. Gbp-Dch: ignore
2016-08-26changelog: Respect Dir setting for local changelog gettingJulian Andres Klode
This fixes issues with chroots, but the goal here was to get the test suite working on systems without dpkg.
2016-08-26Lower-case uname -r output in kernel autoremove helperJulian Andres Klode
This is needed on FreeBSD which has versions like 11.0-RC1, otherwise the tests would fail.
2016-08-26test: More portable check for dpkg versionsJulian Andres Klode
This check should work regardless if dpkg was installed by dpkg or by a native package manager like RPM or pkg. Gbp-Dch: ignore
2016-08-26test: Use a file to determine TEST_DEFAULT_GROUPJulian Andres Klode
This is more safe against sticky bits. For example, in FreeBSD all files created in /tmp have the group set to wheel. Gbp-Dch: ignore
2016-08-26test: Allow db_dump-5 instead of db_dumpJulian Andres Klode
Gbp-Dch: ignore
2016-08-26Always pass a directory to find before an optionJulian Andres Klode
On BSD systems, we cannot simply use find -name or stuff, we always have to pass a directory name first. Gbp-Dch: ignore
2016-08-26test: Fix invalid quoting in variable expansionJulian Andres Klode
This breaks the tests with FreeBSD's shell, and is not needed - it works fine without it. Gbp-Dch: ignore
2016-08-26test: Use printf "%b\n" instead of echo for strings with '\'Julian Andres Klode
Use of echo with special characters is not portable. On a normal POSIX system, the behavior with backslash escaped strings is implementation-defined. On an XSI-conformant system, they must be interpreted. A way out is the printf command - printf "%b" specifies that the following argument is to be printed with backslash escapes interpreted. Gbp-Dch: ignore
2016-08-26test: Make sure we always find a dpkg in status fileJulian Andres Klode
Especially on non-Debian platforms, dpkg might not list itself on the host system, and thus dpkg --assert-multi-arch fails. Gbp-Dch: ignore
2016-08-26test: Avoid use of /proc/self/fdJulian Andres Klode
Use /dev/fd in test-bug-712116-dpkg-pre-install-pkgs-hook-multiarch, skip test-no-fds-leaked-to-maintainer-scripts (it is not guaranteed that /dev/fd contains all file descriptors), and avoid the unneeded use of /proc/fd in another test case. Gbp-Dch: ignore
2016-08-26test: Explicitly pass --admindir=var/lib/dpkg to dpkgJulian Andres Klode
Our test suite assumes that dpkg's admindir is var/lib/dpkg. This might not always be true; for example, on FreeBSD, it is located at /var/db/dpkg. Gbp-Dch: ignore
2016-08-26test: Fix building of noopchrootJulian Andres Klode
Gbp-Dch: ignore
2016-08-26test: Get rid of debhelper rules.tiny example depJulian Andres Klode
Gbp-Dch: ignore
2016-08-26test: Allow moreutils-parallel instead of parallelJulian Andres Klode
That's what it's called on FreeBSD. Gbp-Dch: ignore
2016-08-26test: Allow stunnel to be used instead of stunnel4Julian Andres Klode
This is needed for Fedora and FreeBSD. Gbp-Dch: ignore
2016-08-26test: Substitute GNU commands for other commands where availableJulian Andres Klode
We are simply checking for gnuCMD and gCMD for each command we are interested in. Gbp-Dch: ignore
2016-08-26test: Use C locale instead of C.UTF-8Julian Andres Klode
Gbp-Dch: ignore
2016-08-26Make directory paths configurableJulian Andres Klode
This allows other vendors to use different paths, or to build your own APT in /opt for testing. Note that this uses + 1 in some places, as the paths we receive are absolute, but we need to strip of the initial /.
2016-08-25treat .ddeb files like .deb, especially for dpkgDavid Kalnischkies
Ubuntu uses *.ddeb files for their debug packages, but the interface we are using since f495992428a396e0f98886c9a761a804aa161c68 to talk to dpkg isn't supporting *.ddeb files. This used to work previously as apt itself isn't caring about the filenames at all and if they are explicitly mentioned dpkg will accept all, too. It might or might not be a good idea to patch dpkg, too, but regardless of it happening, we don't want to couple us to closely to dpkg for this minor feature but testing for this at runtime as it would delay shipping the fix for the too long commandlines further. It is also questionable if it is really a good idea to allow any file extension to be used here (like .foobar in the testcase), but we used to and we tend to avoid breaking existing usecases if we can help it. As a bonus, this also allows the installation of ddeb files directly from the commandline as you can with deb files already. We continue to ignore udeb through as the user-mistake to useful ratio is too high. LP: #1616909
2016-08-25show apt-key warnings in apt updateDavid Kalnischkies
In 105503b4b470c124bc0c271bd8a50e25ecbe9133 we got a warning implemented for unreadable files which greatly improves the behavior of apt update already as everything will work as long as we don't need the keys included in these files. The behavior if they are needed is still strange through as update will fail claiming missing keys and a manual test (which the user will likely perform as root) will be successful. Passing the new warning generated by apt-key through to apt is a bit strange from an interface point of view, but basically duplicating the warning code in multiple places doesn't feel right either. That means we have no translation for the message through as apt-key has no i18n yet. It also means that if the user has a bunch of sources each of them will generate a warning for each unreadable file which could result in quite a few duplicated warnings, but "too many" is better than none. Closes: 834973
2016-08-25apt-key: warn instead of fail on unreadable keyringsDavid Kalnischkies
apt-key has inconsistent behaviour if it can't read a keyring file: Commands like 'list' skipped silently over such keyrings while 'verify' failed hard resulting in apt to report cconfusing gpg errors (#834973). As a first step we teach apt-key to be more consistent here skipping in all commands over unreadable keyrings, but issuing a warning in the process, which is as usual for apt commands displayed at the end of the run.
2016-08-24do not restore selections for already purged packagesDavid Kalnischkies
In most cases apt was already skipping the (re)setting of packages as to be removed/purged if dpkg had told us that it already did, but we haven't dealt with it in the most obvious of the cases: Selections set for packages we touched in this operation which either restores selections even dpkg would have overridden or e.g. tries to restore a purge selection for a package which was just purged – does not happen with apt itself as it isn't using selections in this way, but higher frontends like aptitude do. The result in the later case is a warning printed by dpkg that we try to set selections for an unknown package, which is harmless per se, but can be confusing for users and we really shouldn't cause warnings in dpkg if we can help it. Reported-By: Guillem Jover on IRC
2016-08-24do fail on weakhash/loop earlier in acquireDavid Kalnischkies
The bugreport shows a segfault caused by the code not doing the correct magical dance to remove an item from inside a queue in all cases. We could try hard to fix this, but it is actually better and also easier to perform these checks (which cause instant failure) earlier so that they haven't entered queue(s) yet, which in return makes cleanup trivial. The result is that we actually end up failing "too early" as if we wouldn't be careful download errors would be logged before that process was even started. Not a problem for the acquire system, but likely to confuse users and programs alike if they see the download process producing errors before apt was technically allowed to do an acquire (it didn't, so no violation, but it looks like it to the untrained eye). Closes: 835195
2016-08-23do dpkg --configure before --remove/--purge --pendingDavid Kalnischkies
Commit 7ec343309b7bc6001b465c870609b3c570026149 got us most of the way, but the last mile was botched by having the pending calls in the wrong order as this way we potentially 'force' dpkg to remove/purge a package it doesn't want to as another package still depends on it and the replacement isn't fully installed yet. So what we do now is a configure before remove and purge (all with --no-triggers) and finishing off with another configure pending call to take care of the triggers. Note that in the bugreport example our current planner is forcing dpkg to remove the package earlier via --force-depends which we could do for the pending calls as well and could be used as a workaround, but we want to do less forcing eventually. Closes: 835094
2016-08-17methods: read config in most to least specific orderDavid Kalnischkies
The implementation of the generic config fallback did the fallback in the wrong order so that the least specific option wasn't the last value picked but in fact the first one… doh! So in the bugreports case http -> https -> http::<hostname> -> https::<hostname> while it should have been the reverse as before. Regression-In: 30060442025824c491f58887ca7369f3c572fa57 Closes: 834642
2016-08-17add --with-source option and Packages/Sources supportDavid Kalnischkies
We support "./foobar.deb" as a way to install a deb file directly. Recently .changes files were added. This highlights a problem as you can't add the changes file without also trying to install all of them. Now, it could also be handy to add entire Packages/Sources files to perhaps get a bunch of packages in without installing them all implicitly. This commit introduces --with-source which allows to add *.deb, *.changes, *.dsc, source-dirs, Packages & Sources files (the later can also be compressed) without also installing them.
2016-08-17allow spaces in fingerprints for 'apt-key del'David Kalnischkies
Fingerprints tend to be displayed in space-separated octet pairs so be nice and allow delete to remove a key based on such a string rather than requiring that the user is deleting all the spaces manually.
2016-08-17add the gpg-classic variant to the gpgv/gnupg or-groupDavid Kalnischkies
We need to support partial upgrades anyhow, so we have to deal with the different versions and your tests try to ensure that we do, so we shouldn't make any explicit higher requirements.
2016-08-17tests: update self-sigs on our test keysDavid Kalnischkies
gpg upstream committed "gpgv: Tweak default options for extra security." applied on the 1.x and 2.x branches: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=e32c575e0f3704e7563048eea6d26844bdfc494b This commit includes "[…], but we should validate the key by its self signature for primary key, and back signature for subkey." Our testkeys are old and do not really considered best practices in the last years, so their most recent self-signature is SHA1-only which with this gpg commit and our testcases defaulting to --weak-digest sha1 are refused. So what we do here is just applying some of the recent best practices on top of our testcase keys. Gbp-Dch: Ignore
2016-08-17tests: set source directory for gdbDavid Kalnischkies
Helps interactive gdb calls find the source code. Gbp-Dch: Ignore
2016-08-17support compression and by-hash for .diff/Index filesDavid Kalnischkies
In af81ab9030229b4ce6cbe28f0f0831d4896fda01 by-hash got implemented as a special compression type for our usual index files like Packages. Missing in this scheme was the special .diff/Index index file containing the info about individual patches for this index file. Deriving from the index file class directly we inherent the compression handling infrastructure and in this way also by-hash nearly for free. Closes: #824926
2016-08-17retry without same redirection mirror on 404 errorsDavid Kalnischkies
If 9b8034a9fd40b4d05075fda719e61f6eb4c45678 serves the Release files from a partial mirror we will end up getting 404 for some of the indexes. Instead of giving up, we will instead ignore our same redirection mirror constrain and ask the redirection service as a potential hashsum mismatch is better than keeping the certain 404 error.