summaryrefslogtreecommitdiff
path: root/test
AgeCommit message (Collapse)Author
2014-10-07use _apt:root only for partial directoriesDavid Kalnischkies
Using a different user for calling methods is intended to protect us from methods running amok (via remotely exploited bugs) by limiting what can be done by them. By using root:root for the final directories and just have the files in partial writeable by the methods we enhance this in sofar as a method can't modify already verified data in its parent directory anymore. As a side effect, this also clears most of the problems you could have if the final directories are shared without user-sharing or if these directories disappear as they are now again root owned and only the partial directories contain _apt owned files (usually none if apt isn't running) and the directory itself is autocreated with the right permissions.
2014-10-07ensure partial dirs are 0700 and owned by _apt:rootDavid Kalnischkies
Reworks the API involved in creating and setting up the fetcher to be a bit more pleasent to look at and work with as e.g. an empty string for no lock isn't very nice. With the lock we can also stop creating all our partial directories "just in case". This way we can also be a bit more aggressive with the partial directory itself as with a lock, we know we will gone need it.
2014-10-06fix testMichael Vogt
2014-10-06cleanup pkgAcq*::Failed()Michael Vogt
2014-10-06Rework pkgAcqMeta{Index,Sig,ClearSig}::Done() for readabilityMichael Vogt
Move common code out but do not use subclassing for ::Done to make it easier to understand what each class is doing when its done
2014-10-06update testMichael Vogt
2014-10-02cleanup around pkgAcqMetaSig and improved testsMichael Vogt
2014-10-02donkults fixesMichael Vogt
2014-10-01fix leftover files from Acquire::GzipIndexMichael Vogt
2014-10-01hack around test-apt-update-unauth failureMichael Vogt
2014-10-01fix test-apt-update-nofallback testMichael Vogt
2014-10-01update test/integration/test-releasefile-verificationMichael Vogt
2014-10-01Use Acquire::Allow{InsecureRepositories,DowngradeToInsecureRepositories}Michael Vogt
The configuration key Acquire::AllowInsecureRepositories controls if apt allows loading of unsigned repositories at all. The configuration Acquire::AllowDowngradeToInsecureRepositories controls if a signed repository can ever become unsigned. This should really never be needed but we provide it to avoid having to mess around in /var/lib/apt/lists if there is a use-case for this (which I can't think of right now).
2014-09-29Merge remote-tracking branch 'debian/debian/experimental' into feature/acq-transMichael Vogt
2014-09-29more test fixesMichael Vogt
2014-09-29Test if TMPDIR is a directory in apt-key and if not unset itMichael Vogt
This prevents a failure in mktemp -d - it will blindly trust TMPDIR and not use something else if the dir is not there.
2014-09-29test fixesMichael Vogt
2014-09-29Merge remote-tracking branch 'upstream/debian/experimental' into ↵Michael Vogt
feature/acq-trans Conflicts: apt-pkg/acquire-item.cc apt-pkg/acquire-item.h methods/gpgv.cc
2014-09-29Merge branch 'debian/sid' into debian/experimentalMichael Vogt
Conflicts: apt-pkg/acquire-item.cc
2014-09-28allow options between command and -- on commandlineDavid Kalnischkies
This used to work before we implemented a stricter commandline parser and e.g. the dd-schroot-cmd command constructs commandlines like this. Reported-By: Helmut Grohne
2014-09-27cleanup partial directory of lists in apt-get cleanDavid Kalnischkies
Not really the intended usecase for apt-get clean, but users expect it to help them in recovery and it can't really hurt as this directory should be empty if everything was fine and proper anyway. Closes: #762889
2014-09-27allow fetcher setup without directory creationDavid Kalnischkies
apt-get download and changelog as well as apt-helper reuse the acquire system for their own proposes without requiring the directories the fetcher wants to create, which is a problem if you run them as non-root and the directories do not exist as it greets you with: E: Archives directory /var/cache/apt/archives/partial is missing. - Acquire (13: Permission denied) Closes: 762898
2014-09-27add gnupg and gnupg2 as test-dependencyDavid Kalnischkies
apt can work with both, so it has an or-dependency on them, but the tests want to play with both of them. Git-Dch: Ignore
2014-09-27ensure apt-key del handles 16-byte key idsJames McCoy
The original patch does not apply against the rewritten apt-key, but an additional test doesn't hurt. Closes: 754436
2014-09-27add --readonly option for apt-key advDavid Kalnischkies
Some advanced commands can be executed without the keyring being modified like --verify, so this adds an option to disable the mergeback and uses it for our gpg calling code. Git-Dch: Ignore
2014-09-27use only one --keyring in gpg interactionsDavid Kalnischkies
We were down to at most two keyrings before, but gnupg upstream plans dropping support for multiple keyrings in the longrun, so with a single keyring we hope to be future proof – and 'apt-key adv' isn't a problem anymore as every change to the keys is merged back, so we have now the same behavior as before, but support an unlimited amount of trusted.gpg.d keyrings.
2014-09-27add --secret-keyring option for apt-keyDavid Kalnischkies
For some advanced usecases it might be handy to specify the secret keyring to be used (e.g. as it is used in the testcases), but specifying it via a normal option for gnupg might not be available forever: http://lists.gnupg.org/pipermail/gnupg-users/2013-August/047180.html Git-Dch: Ignore
2014-09-27allow to specify fingerprints in 'apt-key del'David Kalnischkies
2014-09-27add a test for apt-key export{,all}David Kalnischkies
Git-Dch: Ignore
2014-09-27use apt-key to wrap gpg calls in testcasesDavid Kalnischkies
beside testing apt-key a bit it also avoids duplicating gpghome setup code in apt-key and the test framework Git-Dch: Ignore
2014-09-27support gnupg2 as drop-in replacement for gnupgDavid Kalnischkies
If both are available APT will still prefer gpg over gpg2 as it is a bit more lightweight, but it shouldn't be a problem to use one or the other (at least at the moment, who knows what will happen in the future).
2014-09-27use apt-key adv (+ gnupg) instead of gpgv for verifyDavid Kalnischkies
apt-key does the keyring merge as we need it, so we just call it instead of reimplementing it to do the merging before gpgv. This means we don't use gpgv anymore (we never depended on it explicitly - bad style), but it also means that the message in apt-cdrom add is a bit less friendly as it says loudly "untrusted key", but for a one-time command its okay.
2014-09-27fix progress output for (dist-)upgrade calculationDavid Kalnischkies
Previously, we had a start and a done of the calculation printed by higher-level code, but this got intermixed by progress reporting from an external solver or the output of autoremove code… The higherlevel code is now only responsible for instantiating a progress object of its choosing (if it wants progress after all) and the rest will be handled by the upgrade code. Either it is used to show the progress of the external solver or the internal solver will give some hints about its overall progress. The later isn't really a proper progress as it will jump forward after each substep, but that is at least a bit better than before without any progress indication. Fixes also the 'strange' non-display of this progress line in -q=1, while all others are shown, which is reflected by all testcase changes.
2014-09-26test fixesMichael Vogt
2014-09-26Do not allow going from authenticated to unauthenticated repoMichael Vogt
Also rework the way we load the Release file, so it only after Release.gpg verified the Release file. The rational is that we never want to load untrusted data into our parsers. Only stuff verified with gpg or by its hashes get loaded. To load untrusted data you now need to use apt-get update --allow-unauthenticated.
2014-09-26Print warning for unauthenticated repositoriesMichael Vogt
2014-09-25rewrite compressed indexes test to check with all compressorsDavid Kalnischkies
Git-Dch: Ignore
2014-09-23make pdiff transactional (but at the cost of a CopyFile()Michael Vogt
2014-09-23cleanup, fix test-apt-update-unauth as the behavior of apt changedMichael Vogt
2014-09-23Merge remote-tracking branch 'debian/debian/experimental' into feature/acq-transMichael Vogt
2014-09-23Merge remote-tracking branch 'upstream/debian/experimental' into ↵Michael Vogt
feature/acq-trans Conflicts: apt-pkg/acquire-item.cc apt-pkg/acquire-item.h methods/copy.cc test/integration/test-hashsum-verification
2014-09-23fix testsMichael Vogt
2014-09-23Merge branch 'debian/sid' into debian/experimentalMichael Vogt
Conflicts: apt-pkg/acquire-item.cc apt-pkg/acquire-item.h apt-pkg/cachefilter.h configure.ac debian/changelog
2014-09-21generalize Acquire::GzipIndexMichael Vogt
2014-09-20relax grep to support newer curl output formatDavid Kalnischkies
Git-Dch: Ignore
2014-09-19Fix regression when copy: is used for a relative pathMichael Vogt
When we do a ReverifyAfterIMS() we use the copy: method to verify the hashes again. If the user uses -o Dir=./something/relative this fails because we use the URI class in copy.cc that strips away the leading relative part. By not using URI this is fixed. Closes: #762160
2014-09-19test/integration/test-apt-update-file: improve testMichael Vogt
2014-09-17improve test for commit daff4aMichael Vogt
2014-09-17Fix regression for file:/// uris from CVE-2014-0487Michael Vogt
Do not run ReverifyAfterIMS() for local file URIs as this will causes apt to mess around in the file:/// uri space. This is wrong in itself, but it will also cause a incorrect verification failure when the archive and the lists directory are on different partitions as rename().
2014-09-16SECURITY UPDATE for CVE-2014-{0488,0487,0489}Michael Vogt
incorrect invalidating of unauthenticated data (CVE-2014-0488) incorect verification of 304 reply (CVE-2014-0487) incorrect verification of Acquire::Gzip indexes (CVE-2014-0489)