summaryrefslogtreecommitdiff
path: root/test/libapt/hashsums_test.cc
AgeCommit message (Collapse)Author
2016-03-13Do not consider SHA1 usableJulian Andres Klode
SHA1 is not reasonably secure anymore, so we should not consider it usable anymore. The test suite is adjusted to account for this.
2015-09-01use unusable-for-security hashes for integrity checksDavid Kalnischkies
We want to declare some hashes as not enough for security, so that a user will need --allow-unauthenticated or similar to get data secured only by those hashes, but we can still us these hashes for integrity checks if we got them.
2015-06-09rework hashsum verification in the acquire systemDavid Kalnischkies
Having every item having its own code to verify the file(s) it handles is an errorprune process and easy to break, especially if items move through various stages (download, uncompress, patching, …). With a giant rework we centralize (most of) the verification to have a better enforcement rate and (hopefully) less chance for bugs, but it breaks the ABI bigtime in exchange – and as we break it anyway, it is broken even harder. It shouldn't effect most frontends as they don't deal with the acquire system at all or implement their own items, but some do and will need to be patched (might be an opportunity to use apt on-board material). The theory is simple: Items implement methods to decide if hashes need to be checked (in this stage) and to return the expected hashes for this item (in this stage). The verification itself is done in worker message passing which has the benefit that a hashsum error is now a proper error for the acquire system rather than a Done() which is later revised to a Failed().
2015-04-19calculate only expected hashes in methodsDavid Kalnischkies
Methods get told which hashes are expected by the acquire system, which means we can use this list to restrict what we calculate in the methods as any extra we are calculating is wasted effort as we can't compare it with anything anyway. Adding support for a new hash algorithm is therefore 'free' now and if a algorithm is no longer provided in a repository for a file, we automatically stop calculating it. In practice this results in a speed-up in Debian as we don't have SHA512 here (so far), so we practically stop calculating it.
2014-10-24promote filesize to a hashstringDavid Kalnischkies
It is a very simple hashstring, which is why it isn't contributing to the usability of a list of them, but it is also trivial to check and calculate, so it doesn't hurt checking it either as it can combined even with the simplest other hashes greatly complicate attacks on them as you suddenly need a same-size hash collision, which is usually a lot harder to achieve.
2014-05-09use HashStringList in the acquire systemDavid Kalnischkies
It is not very extensible to have the supported Hashes hardcoded everywhere and especially if it is part of virtual method names. It is also possible that a method does not support the 'best' hash (yet), so we might end up not being able to verify a file even though we have a common subset of supported hashes. And those are just two of the cases in which it is handy to have a more dynamic selection. The downside is that this is a MAJOR API break, but the HashStringList has a string constructor for compatibility, so with a bit of luck the few frontends playing with the acquire system directly are okay.
2014-05-09add a simple container for HashStringsDavid Kalnischkies
APT supports more than just one HashString and even allows to enforce the usage of a specific hash. This class is intended to help with storage and passing around of the HashStrings. Git-Dch: Ignore
2014-04-16use Google C++ Testing Framework for libapt testsDavid Kalnischkies
My commit 45df0ad2 from 26. Nov 2009 had a little remark: "The commit also includes a very very simple testapp." This was never intended to be permanent, but as usually… The commit adds the needed make magic to compile gtest statically as it is required and links it against a small runner. All previous testcase binaries are reimplemented in gtest and combined in this runner. While most code is a 1:1 translation some had to be rewritten like compareversion_test.cc, but the coverage remains the same.
2014-03-13cleanup headers and especially #includes everywhereDavid Kalnischkies
Beside being a bit cleaner it hopefully also resolves oddball problems I have with high levels of parallel jobs. Git-Dch: Ignore Reported-By: iwyu (include-what-you-use)
2014-03-13warning: unused parameter ‘foo’ [-Wunused-parameter]David Kalnischkies
Reported-By: gcc -Wunused-parameter Git-Dch: Ignore
2013-09-03use FileFd in HashSum test to unbreak non-linux portsDavid Kalnischkies
The testcode happily mixes FILE* operations and direct access to fds which is even a bit suprising that it works on linux and worked so long for non-linux ports, so we switch to usage of FileFd instead which provides us with simple fd-only operations. Its overkill for this test as its a bare file and we ask for the descriptor all the time, but it shouldn't hurt to implicitly test it a bit this way. Closes: 721723 Thanks: Aaron M. Ucko
2012-05-02add a simple test for HashSumValue classesDavid Kalnischkies
2011-09-19do not pollute namespace in the headers with using (Closes: #500198)David Kalnischkies
2011-07-29test/libapt/hashsums_test.cc: add a test for HashString and VerifyFileMichael Vogt
2011-07-13test that AddFD for single summations works, tooDavid Kalnischkies
2011-07-13move hash test to libapt-testcases and add a few more testsDavid Kalnischkies