summaryrefslogtreecommitdiff
path: root/test/integration
AgeCommit message (Collapse)Author
2014-10-01update test/integration/test-releasefile-verificationMichael Vogt
2014-10-01Use Acquire::Allow{InsecureRepositories,DowngradeToInsecureRepositories}Michael Vogt
The configuration key Acquire::AllowInsecureRepositories controls if apt allows loading of unsigned repositories at all. The configuration Acquire::AllowDowngradeToInsecureRepositories controls if a signed repository can ever become unsigned. This should really never be needed but we provide it to avoid having to mess around in /var/lib/apt/lists if there is a use-case for this (which I can't think of right now).
2014-09-29Merge remote-tracking branch 'debian/debian/experimental' into feature/acq-transMichael Vogt
2014-09-29more test fixesMichael Vogt
2014-09-29Test if TMPDIR is a directory in apt-key and if not unset itMichael Vogt
This prevents a failure in mktemp -d - it will blindly trust TMPDIR and not use something else if the dir is not there.
2014-09-29test fixesMichael Vogt
2014-09-29Merge remote-tracking branch 'upstream/debian/experimental' into ↵Michael Vogt
feature/acq-trans Conflicts: apt-pkg/acquire-item.cc apt-pkg/acquire-item.h methods/gpgv.cc
2014-09-29Merge branch 'debian/sid' into debian/experimentalMichael Vogt
Conflicts: apt-pkg/acquire-item.cc
2014-09-27cleanup partial directory of lists in apt-get cleanDavid Kalnischkies
Not really the intended usecase for apt-get clean, but users expect it to help them in recovery and it can't really hurt as this directory should be empty if everything was fine and proper anyway. Closes: #762889
2014-09-27allow fetcher setup without directory creationDavid Kalnischkies
apt-get download and changelog as well as apt-helper reuse the acquire system for their own proposes without requiring the directories the fetcher wants to create, which is a problem if you run them as non-root and the directories do not exist as it greets you with: E: Archives directory /var/cache/apt/archives/partial is missing. - Acquire (13: Permission denied) Closes: 762898
2014-09-27add gnupg and gnupg2 as test-dependencyDavid Kalnischkies
apt can work with both, so it has an or-dependency on them, but the tests want to play with both of them. Git-Dch: Ignore
2014-09-27ensure apt-key del handles 16-byte key idsJames McCoy
The original patch does not apply against the rewritten apt-key, but an additional test doesn't hurt. Closes: 754436
2014-09-27add --readonly option for apt-key advDavid Kalnischkies
Some advanced commands can be executed without the keyring being modified like --verify, so this adds an option to disable the mergeback and uses it for our gpg calling code. Git-Dch: Ignore
2014-09-27use only one --keyring in gpg interactionsDavid Kalnischkies
We were down to at most two keyrings before, but gnupg upstream plans dropping support for multiple keyrings in the longrun, so with a single keyring we hope to be future proof – and 'apt-key adv' isn't a problem anymore as every change to the keys is merged back, so we have now the same behavior as before, but support an unlimited amount of trusted.gpg.d keyrings.
2014-09-27add --secret-keyring option for apt-keyDavid Kalnischkies
For some advanced usecases it might be handy to specify the secret keyring to be used (e.g. as it is used in the testcases), but specifying it via a normal option for gnupg might not be available forever: http://lists.gnupg.org/pipermail/gnupg-users/2013-August/047180.html Git-Dch: Ignore
2014-09-27allow to specify fingerprints in 'apt-key del'David Kalnischkies
2014-09-27add a test for apt-key export{,all}David Kalnischkies
Git-Dch: Ignore
2014-09-27use apt-key to wrap gpg calls in testcasesDavid Kalnischkies
beside testing apt-key a bit it also avoids duplicating gpghome setup code in apt-key and the test framework Git-Dch: Ignore
2014-09-27support gnupg2 as drop-in replacement for gnupgDavid Kalnischkies
If both are available APT will still prefer gpg over gpg2 as it is a bit more lightweight, but it shouldn't be a problem to use one or the other (at least at the moment, who knows what will happen in the future).
2014-09-27use apt-key adv (+ gnupg) instead of gpgv for verifyDavid Kalnischkies
apt-key does the keyring merge as we need it, so we just call it instead of reimplementing it to do the merging before gpgv. This means we don't use gpgv anymore (we never depended on it explicitly - bad style), but it also means that the message in apt-cdrom add is a bit less friendly as it says loudly "untrusted key", but for a one-time command its okay.
2014-09-27fix progress output for (dist-)upgrade calculationDavid Kalnischkies
Previously, we had a start and a done of the calculation printed by higher-level code, but this got intermixed by progress reporting from an external solver or the output of autoremove code… The higherlevel code is now only responsible for instantiating a progress object of its choosing (if it wants progress after all) and the rest will be handled by the upgrade code. Either it is used to show the progress of the external solver or the internal solver will give some hints about its overall progress. The later isn't really a proper progress as it will jump forward after each substep, but that is at least a bit better than before without any progress indication. Fixes also the 'strange' non-display of this progress line in -q=1, while all others are shown, which is reflected by all testcase changes.
2014-09-26test fixesMichael Vogt
2014-09-26Do not allow going from authenticated to unauthenticated repoMichael Vogt
Also rework the way we load the Release file, so it only after Release.gpg verified the Release file. The rational is that we never want to load untrusted data into our parsers. Only stuff verified with gpg or by its hashes get loaded. To load untrusted data you now need to use apt-get update --allow-unauthenticated.
2014-09-26Print warning for unauthenticated repositoriesMichael Vogt
2014-09-25rewrite compressed indexes test to check with all compressorsDavid Kalnischkies
Git-Dch: Ignore
2014-09-23make pdiff transactional (but at the cost of a CopyFile()Michael Vogt
2014-09-23cleanup, fix test-apt-update-unauth as the behavior of apt changedMichael Vogt
2014-09-23Merge remote-tracking branch 'debian/debian/experimental' into feature/acq-transMichael Vogt
2014-09-23Merge remote-tracking branch 'upstream/debian/experimental' into ↵Michael Vogt
feature/acq-trans Conflicts: apt-pkg/acquire-item.cc apt-pkg/acquire-item.h methods/copy.cc test/integration/test-hashsum-verification
2014-09-23fix testsMichael Vogt
2014-09-23Merge branch 'debian/sid' into debian/experimentalMichael Vogt
Conflicts: apt-pkg/acquire-item.cc apt-pkg/acquire-item.h apt-pkg/cachefilter.h configure.ac debian/changelog
2014-09-21generalize Acquire::GzipIndexMichael Vogt
2014-09-20relax grep to support newer curl output formatDavid Kalnischkies
Git-Dch: Ignore
2014-09-19Fix regression when copy: is used for a relative pathMichael Vogt
When we do a ReverifyAfterIMS() we use the copy: method to verify the hashes again. If the user uses -o Dir=./something/relative this fails because we use the URI class in copy.cc that strips away the leading relative part. By not using URI this is fixed. Closes: #762160
2014-09-19test/integration/test-apt-update-file: improve testMichael Vogt
2014-09-17improve test for commit daff4aMichael Vogt
2014-09-17Fix regression for file:/// uris from CVE-2014-0487Michael Vogt
Do not run ReverifyAfterIMS() for local file URIs as this will causes apt to mess around in the file:/// uri space. This is wrong in itself, but it will also cause a incorrect verification failure when the archive and the lists directory are on different partitions as rename().
2014-09-16SECURITY UPDATE for CVE-2014-{0488,0487,0489}Michael Vogt
incorrect invalidating of unauthenticated data (CVE-2014-0488) incorect verification of 304 reply (CVE-2014-0487) incorrect verification of Acquire::Gzip indexes (CVE-2014-0489)
2014-09-09don't call pager in non-terminals for changelogDavid Kalnischkies
Most pagers are nice and default to running non-interactively if they aren't connected to a terminal and we relied on that. On ci.debian.net the configured pager is printing a header out of nowhere though, so if we are printing to a non-terminal we call "cat" instead. In the rework we also "remove" the dependency on sensible-utils in sofar as we call some alternatives if calling the utils fail. This seems to be the last problem preventing a "PASS" status on ci.debian.net, so we close the associated bugreport. Closes: 755040
2014-09-08fix progress report for upgrade and reinstallDavid Kalnischkies
APT treats upgrades like installs and dpkg is very similar in this, but prints still a slightly different processing message indicating that it is really an upgrade which we hadn't parsed so far, but this wasn't really visible as we quickly moved on to a 'known' state. More problematic was the reinstall case as apt hadn't recognized this for the package name detection, so that reinstalls had no progress since we introduced MultiArch.
2014-09-07fix and non-silent fail dpkg-overwrite error testDavid Kalnischkies
Commit cbcdd3ee9d86379d1b3a44e41ae8b17dc23111d0 removes the space at the end of the debfile name dpkg send to us and we previously had included in the pmerror message we printed on the statusfd. Git-Dch: Ignore
2014-09-07detect terminal output with 'test -t' in testsDavid Kalnischkies
Instead of trying to inspect /proc and the fds inside we use "test -t 1" instead as this is available and working on kfreebsd as well – not that something breaks if we wouldn't, but we like color. Git-Dch: Ignore
2014-09-07do use an 'unknown' arch-specification in testDavid Kalnischkies
Using 'kfreebsd' here makes the test fail on a kfreebsd system (obviously), so we just use something totally madeup in the hope that this is less like to conflict in the future. Git-Dch: Ignore
2014-09-07implement --full in apt searchDavid Kalnischkies
2014-09-07support regular expressions in 'apt search'David Kalnischkies
apt-cache search supported this since ever and in the code for apt was a fixme indicating this should be added here as well, so here we go.
2014-09-05Merge remote-tracking branch 'upstream/debian/experimental' into ↵Michael Vogt
feature/acq-trans
2014-09-05Merge branch 'debian/sid' into debian/experimentalMichael Vogt
Conflicts: apt-pkg/acquire-item.cc configure.ac debian/changelog doc/apt-verbatim.ent doc/po/apt-doc.pot doc/po/de.po doc/po/es.po doc/po/fr.po doc/po/it.po doc/po/ja.po doc/po/pt.po po/ar.po po/ast.po po/bg.po po/bs.po po/ca.po po/cs.po po/cy.po po/da.po po/de.po po/dz.po po/el.po po/es.po po/eu.po po/fi.po po/fr.po po/gl.po po/hu.po po/it.po po/ja.po po/km.po po/ko.po po/ku.po po/lt.po po/mr.po po/nb.po po/ne.po po/nl.po po/nn.po po/pl.po po/pt.po po/pt_BR.po po/ro.po po/ru.po po/sk.po po/sl.po po/sv.po po/th.po po/tl.po po/tr.po po/uk.po po/vi.po po/zh_CN.po po/zh_TW.po test/integration/test-ubuntu-bug-346386-apt-get-update-paywall
2014-09-05Fix incorrect upgradable listing in "apt list" (thanks to Michael Musenbrock)Michael Vogt
The "apt list" command was using only the pkgDepCache but not the pkgPolicy to figure out if a package is upgradable. This lead to incorrect display of upgradable package when the user used the policy to pin-down packages. Thanks to Michael Musenbrock for the initial patch. Closes: #753297
2014-09-03test/integration/test-ubuntu-bug-346386-apt-get-update-paywall: use ↵Michael Vogt
downloadfile()
2014-09-02Add testcase for apt list --all-versionsMichael Vogt
Dch-Ignore: true