From 0854ad8b8016d0132741a267492d72cfa0d3bd8e Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Thu, 21 Jun 2012 12:32:56 +0200 Subject: check when finished downloading the InRelease file if it has the expected gpg clearsign signature and if not download Release/Release.gpg instead --- apt-pkg/acquire-item.cc | 10 +++++++++- apt-pkg/contrib/fileutl.cc | 20 ++++++++++++++++++++ apt-pkg/contrib/fileutl.h | 4 ++++ apt-pkg/indexcopy.cc | 6 +----- 4 files changed, 34 insertions(+), 6 deletions(-) diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index a30e98858..9723cddac 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -1235,9 +1235,17 @@ void pkgAcqMetaIndex::Done(string Message,unsigned long long Size,string Hash, / } else { + // if we expect a ClearTextSignature (InRelase), ensure that + // this is what we get and if not fail to queue a + // Release/Release.gpg, see #346386 + if (SigFile == DestFile && !IsPgpClearTextSignature(DestFile)) + { + Failed(Message, Cfg); + return; + } + // There was a signature file, so pass it to gpgv for // verification - if (_config->FindB("Debug::pkgAcquire::Auth", false)) std::cerr << "Metaindex acquired, queueing gpg verification (" << SigFile << "," << DestFile << ")\n"; diff --git a/apt-pkg/contrib/fileutl.cc b/apt-pkg/contrib/fileutl.cc index 1808489d7..7af5f5f5e 100644 --- a/apt-pkg/contrib/fileutl.cc +++ b/apt-pkg/contrib/fileutl.cc @@ -824,6 +824,26 @@ bool ExecWait(pid_t Pid,const char *Name,bool Reap) } /*}}}*/ +// IsPgpClearTextSignature - Check if a file is Pgp/GPG clearsigned /*{{{*/ +// --------------------------------------------------------------------- +/* */ +bool IsPgpClearTextSignature(string const &FileName) +{ + static const char* SIGMSG = "-----BEGIN PGP SIGNED MESSAGE-----\n"; + char buffer[sizeof(SIGMSG)]; + FILE* gpg = fopen(FileName.c_str(), "r"); + if (gpg == NULL) + return false; + + char const * const test = fgets(buffer, sizeof(buffer), gpg); + fclose(gpg); + if (test == NULL || strcmp(buffer, SIGMSG) != 0) + return false; + + return true; +} + + // FileFd::Open - Open a file /*{{{*/ // --------------------------------------------------------------------- /* The most commonly used open mode combinations are given with Mode */ diff --git a/apt-pkg/contrib/fileutl.h b/apt-pkg/contrib/fileutl.h index 1ca41cb7d..c51add66e 100644 --- a/apt-pkg/contrib/fileutl.h +++ b/apt-pkg/contrib/fileutl.h @@ -179,6 +179,8 @@ bool WaitFd(int Fd,bool write = false,unsigned long timeout = 0); pid_t ExecFork(); bool ExecWait(pid_t Pid,const char *Name,bool Reap = false); +bool IsPgpClearTextSignature(std::string const &FileName); + // File string manipulators std::string flNotDir(std::string File); std::string flNotFile(std::string File); @@ -186,4 +188,6 @@ std::string flNoLink(std::string File); std::string flExtension(std::string File); std::string flCombine(std::string Dir,std::string File); + + #endif diff --git a/apt-pkg/indexcopy.cc b/apt-pkg/indexcopy.cc index e29e2819c..db3d10ecd 100644 --- a/apt-pkg/indexcopy.cc +++ b/apt-pkg/indexcopy.cc @@ -648,16 +648,12 @@ bool SigVerify::RunGPGV(std::string const &File, std::string const &FileGPG, { if (File == FileGPG) { - #define SIGMSG "-----BEGIN PGP SIGNED MESSAGE-----\n" - char buffer[sizeof(SIGMSG)]; FILE* gpg = fopen(File.c_str(), "r"); if (gpg == NULL) return _error->Errno("RunGPGV", _("Could not open file %s"), File.c_str()); - char const * const test = fgets(buffer, sizeof(buffer), gpg); fclose(gpg); - if (test == NULL || strcmp(buffer, SIGMSG) != 0) + if (!IsPgpClearTextSignature(File)) return _error->Error(_("File %s doesn't start with a clearsigned message"), File.c_str()); - #undef SIGMSG } -- cgit v1.2.3 From 479a2beb0f5605652689d74a78dd224b69ba2e8f Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Thu, 21 Jun 2012 13:19:04 +0200 Subject: update comments and add one FIXME for the next ABI break --- apt-pkg/acquire-item.cc | 6 +++++- apt-pkg/contrib/fileutl.h | 1 + 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index 9723cddac..ddd3300f9 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -1235,10 +1235,14 @@ void pkgAcqMetaIndex::Done(string Message,unsigned long long Size,string Hash, / } else { + // FIXME: move this into pkgAcqMetaClearSig::Done on the next + // ABI break + // if we expect a ClearTextSignature (InRelase), ensure that // this is what we get and if not fail to queue a // Release/Release.gpg, see #346386 - if (SigFile == DestFile && !IsPgpClearTextSignature(DestFile)) + if (SigFile == DestFile && + !IsPgpClearTextSignature(DestFile)) { Failed(Message, Cfg); return; diff --git a/apt-pkg/contrib/fileutl.h b/apt-pkg/contrib/fileutl.h index c51add66e..a9cb45e9a 100644 --- a/apt-pkg/contrib/fileutl.h +++ b/apt-pkg/contrib/fileutl.h @@ -179,6 +179,7 @@ bool WaitFd(int Fd,bool write = false,unsigned long timeout = 0); pid_t ExecFork(); bool ExecWait(pid_t Pid,const char *Name,bool Reap = false); +// check if the given file starts with a PGP cleartext signature bool IsPgpClearTextSignature(std::string const &FileName); // File string manipulators -- cgit v1.2.3 From 947878508fbd153766a9ded131a04260ca4c7a83 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 9 Jul 2012 17:38:06 +0200 Subject: * apt-pkg/contrib/strutl.cc: - support \n and \r\n line endings in ReadMessages --- apt-pkg/contrib/strutl.cc | 5 +++-- debian/changelog | 8 ++++++++ 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/apt-pkg/contrib/strutl.cc b/apt-pkg/contrib/strutl.cc index ca096d736..df11a80ad 100644 --- a/apt-pkg/contrib/strutl.cc +++ b/apt-pkg/contrib/strutl.cc @@ -752,7 +752,8 @@ bool ReadMessages(int Fd, vector &List) // Look for the end of the message for (char *I = Buffer; I + 1 < End; I++) { - if (I[0] != '\n' || I[1] != '\n') + if (I[1] != '\n' || + (strncmp(I, "\n\n", 2) != 0 && strncmp(I, "\r\n\r\n", 4) != 0)) continue; // Pull the message out @@ -760,7 +761,7 @@ bool ReadMessages(int Fd, vector &List) PartialMessage += Message; // Fix up the buffer - for (; I < End && *I == '\n'; I++); + for (; I < End && (*I == '\r' || *I == '\n'); ++I); End -= I-Buffer; memmove(Buffer,I,End-Buffer); I = Buffer; diff --git a/debian/changelog b/debian/changelog index 1505aad53..7a8c63d04 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +apt (0.9.8~exp1) UNRELEASED; urgency=low + + [ David Kalnischkies ] + * apt-pkg/contrib/strutl.cc: + - support \n and \r\n line endings in ReadMessages + + -- David Kalnischkies Mon, 09 Jul 2012 17:36:40 +0200 + apt (0.9.7.1) unstable; urgency=low [ Program translation updates ] -- cgit v1.2.3 From e6cd40dc17722bbe6c9d734c3a58b39a18c34174 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 9 Jul 2012 17:38:40 +0200 Subject: start implementing an extremely simple webserver for testing APT --- test/integration/framework | 7 +- test/integration/skip-aptwebserver | 25 ++++ test/interactive-helper/aptwebserver.cc | 216 ++++++++++++++++++++++++++++++++ test/interactive-helper/makefile | 7 ++ 4 files changed, 254 insertions(+), 1 deletion(-) create mode 100755 test/integration/skip-aptwebserver create mode 100644 test/interactive-helper/aptwebserver.cc diff --git a/test/integration/framework b/test/integration/framework index 2d6ada117..a514bef20 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -688,7 +688,12 @@ signreleasefiles() { } changetowebserver() { - if which weborf > /dev/null; then + if test -x ${BUILDDIRECTORY}/aptwebserver; then + cd aptarchive + LD_LIBRARY_PATH=${BUILDDIRECTORY} ${BUILDDIRECTORY}/aptwebserver 2> /dev/null > /dev/null & + addtrap "kill $!;" + cd - > /dev/null + elif which weborf > /dev/null; then weborf -xb aptarchive/ 2>&1 > /dev/null & addtrap "kill $!;" elif which gatling > /dev/null; then diff --git a/test/integration/skip-aptwebserver b/test/integration/skip-aptwebserver new file mode 100755 index 000000000..0622941ce --- /dev/null +++ b/test/integration/skip-aptwebserver @@ -0,0 +1,25 @@ +#!/bin/sh +set -e + +TESTDIR=$(readlink -f $(dirname $0)) +. $TESTDIR/framework + +setupenvironment +configarchitecture 'amd64' + +buildsimplenativepackage 'apt' 'all' '1.0' 'stable' + +setupaptarchive +changetowebserver + +rm -rf rootdir/var/lib/apt/lists +aptget update -qq +testequal 'Hit http://localhost stable InRelease +Hit http://localhost stable/main Sources +Hit http://localhost stable/main amd64 Packages +Hit http://localhost stable/main Translation-en +Reading package lists...' aptget update + +mv rootdir/var/lib/apt/lists/localhost* rootdir/var/lib/apt/lists/partial +aptget update + diff --git a/test/interactive-helper/aptwebserver.cc b/test/interactive-helper/aptwebserver.cc new file mode 100644 index 000000000..7a3624b6e --- /dev/null +++ b/test/interactive-helper/aptwebserver.cc @@ -0,0 +1,216 @@ +#include +#include +#include +#include + +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include + +char const * const httpcodeToStr(int httpcode) { /*{{{*/ + switch (httpcode) { + // Informational 1xx + case 100: return "100 Continue"; + case 101: return "101 Switching Protocols"; + // Successful 2xx + case 200: return "200 OK"; + case 201: return "201 Created"; + case 202: return "202 Accepted"; + case 203: return "203 Non-Authoritative Information"; + case 204: return "204 No Content"; + case 205: return "205 Reset Content"; + case 206: return "206 Partial Conent"; + // Redirections 3xx + case 300: return "300 Multiple Choices"; + case 301: return "301 Moved Permanently"; + case 302: return "302 Found"; + case 303: return "303 See Other"; + case 304: return "304 Not Modified"; + case 305: return "304 Use Proxy"; + case 307: return "307 Temporary Redirect"; + // Client errors 4xx + case 400: return "400 Bad Request"; + case 401: return "401 Unauthorized"; + case 402: return "402 Payment Required"; + case 403: return "403 Forbidden"; + case 404: return "404 Not Found"; + case 405: return "405 Method Not Allowed"; + case 406: return "406 Not Acceptable"; + case 407: return "Proxy Authentication Required"; + case 408: return "Request Time-out"; + case 409: return "Conflict"; + case 410: return "Gone"; + case 411: return "Length Required"; + case 412: return "Precondition Failed"; + case 413: return "Request Entity Too Large"; + case 414: return "Request-URI Too Large"; + case 415: return "Unsupported Media Type"; + case 416: return "Requested range not satisfiable"; + case 417: return "Expectation Failed"; + // Server error 5xx + case 500: return "Internal Server Error"; + case 501: return "Not Implemented"; + case 502: return "Bad Gateway"; + case 503: return "Service Unavailable"; + case 504: return "Gateway Time-out"; + case 505: return "HTTP Version not supported"; + } + return NULL; +} /*}}}*/ +void addFileHeaders(std::list &headers, FileFd &data) { /*{{{*/ + std::ostringstream contentlength; + contentlength << "Content-Length: " << data.FileSize(); + headers.push_back(contentlength.str()); + + std::string lastmodified("Last-Modified: "); + lastmodified.append(TimeRFC1123(data.ModificationTime())); + headers.push_back(lastmodified); +} /*}}}*/ +bool sendHead(int client, int httpcode, std::list &headers) { /*{{{*/ + string response("HTTP/1.1 "); + response.append(httpcodeToStr(httpcode)); + headers.push_front(response); + + headers.push_back("Server: APT webserver"); + + std::string date("Date: "); + date.append(TimeRFC1123(time(NULL))); + headers.push_back(date); + + std::clog << ">>> RESPONSE >>>" << std::endl; + bool Success = true; + for (std::list::const_iterator h = headers.begin(); + Success == true && h != headers.end(); ++h) { + Success &= FileFd::Write(client, h->c_str(), h->size()); + Success &= FileFd::Write(client, "\r\n", 2); + std::clog << *h << std::endl; + } + Success &= FileFd::Write(client, "\r\n", 2); + std::clog << "<<<<<<<<<<<<<<<<" << std::endl; + return Success; +} /*}}}*/ +bool sendFile(int client, FileFd &data) { /*{{{*/ + bool Success = true; + char buffer[500]; + unsigned long long actual = 0; + while ((Success &= data.Read(buffer, sizeof(buffer), &actual)) == true) { + if (actual == 0) + break; + Success &= FileFd::Write(client, buffer, actual); + } + Success &= FileFd::Write(client, "\r\n", 2); + return Success; +} /*}}}*/ +bool sendData(int client, std::string &data) { /*{{{*/ + bool Success = true; + Success &= FileFd::Write(client, data.c_str(), data.size()); + Success &= FileFd::Write(client, "\r\n", 2); + return Success; +} /*}}}*/ +void sendError(int client, int httpcode, string request, bool content) { /*{{{*/ + std::list headers; + sendHead(client, httpcode, headers); + if (content == false) + return; + string response(""); + response.append(httpcodeToStr(httpcode)).append(""); + response.append("

").append(httpcodeToStr(httpcode)).append(""); + response.append(request).append(""); + sendData(client, response); +} /*}}}*/ + +int main(int argc, const char *argv[]) +{ + // create socket, bind and listen to it {{{ + int sock = socket(AF_INET6, SOCK_STREAM, 0); + if(sock < 0 ) { + _error->Errno("aptwerbserver", "Couldn't create socket"); + _error->DumpErrors(std::cerr); + return 1; + } + + // ensure that we accept all connections: v4 or v6 + int const iponly = 0; + setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, &iponly, sizeof(iponly)); + // to not linger to an address + int const enable = 1; + setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &enable, sizeof(enable)); + + struct sockaddr_in6 locAddr; + memset(&locAddr, 0, sizeof(locAddr)); + locAddr.sin6_family = AF_INET6; + locAddr.sin6_port = htons(8080); + locAddr.sin6_addr = in6addr_any; + + if (bind(sock, (struct sockaddr*) &locAddr, sizeof(locAddr)) < 0) { + _error->Errno("aptwerbserver", "Couldn't bind"); + _error->DumpErrors(std::cerr); + return 2; + } + + listen(sock, 1); + /*}}}*/ + + std::vector messages; + int client; + while ((client = accept(sock, NULL, NULL)) != -1) { + std::clog << "ACCEPT client " << client << " on socket " << sock << std::endl; + + while (ReadMessages(client, messages)) { + for (std::vector::const_iterator m = messages.begin(); + m != messages.end(); ++m) { + std::clog << ">>> REQUEST >>>>" << std::endl << *m << std::endl << "<<<<<<<<<<<<<<<<" << std::endl; + std::list headers; + bool sendContent = true; + if (strncmp(m->c_str(), "HEAD ", 5) == 0) + sendContent = false; + if (strncmp(m->c_str(), "GET ", 4) != 0) + sendError(client, 501, *m, true); + + std::string host = LookupTag(*m, "Host", ""); + if (host.empty() == true) { + // RFC 2616 ยง14.23 Host + sendError(client, 400, *m, sendContent); + continue; + } + + size_t const filestart = m->find(' ', 5); + string filename = m->substr(5, filestart - 5); + + if (RealFileExists(filename) == false) + sendError(client, 404, *m, sendContent); + else { + FileFd data(filename, FileFd::ReadOnly); + std::string condition = LookupTag(*m, "If-Modified-Since", ""); + if (condition.empty() == false) { + time_t cache; + if (RFC1123StrToTime(condition.c_str(), cache) == true && cache >= data.ModificationTime()) { + sendError(client, 304, *m, false); + continue; + } + } + addFileHeaders(headers, data); + sendHead(client, 200, headers); + if (sendContent == true) + sendFile(client, data); + } + } + _error->DumpErrors(std::cerr); + messages.clear(); + } + + std::clog << "CLOSE client " << client << " on socket " << sock << std::endl; + close(client); + } + return 0; +} diff --git a/test/interactive-helper/makefile b/test/interactive-helper/makefile index 10d1e44ec..fee94cd77 100644 --- a/test/interactive-helper/makefile +++ b/test/interactive-helper/makefile @@ -37,3 +37,10 @@ include $(PROGRAM_H) #SLIBS = -lapt-pkg -lrpm #SOURCE = rpmver.cc #include $(PROGRAM_H) + +# very simple webserver for APT testing +PROGRAM=aptwebserver +SLIBS = -lapt-pkg +LIB_MAKES = apt-pkg/makefile +SOURCE = aptwebserver.cc +include $(PROGRAM_H) -- cgit v1.2.3 From 90d1d54ef2a68bd443815f26e9e2b578a1d7c419 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Tue, 10 Jul 2012 11:35:56 +0200 Subject: add commandline, add configurable port, add --simulate-paywall to simulate a broken webserver that intercepts connections and returns nonsese --- test/interactive-helper/aptwebserver.cc | 52 ++++++++++++++++++++++++++++----- 1 file changed, 45 insertions(+), 7 deletions(-) diff --git a/test/interactive-helper/aptwebserver.cc b/test/interactive-helper/aptwebserver.cc index 7a3624b6e..3c476ad05 100644 --- a/test/interactive-helper/aptwebserver.cc +++ b/test/interactive-helper/aptwebserver.cc @@ -2,6 +2,8 @@ #include #include #include +#include +#include #include #include @@ -66,6 +68,7 @@ char const * const httpcodeToStr(int httpcode) { /*{{{*/ } return NULL; } /*}}}*/ + void addFileHeaders(std::list &headers, FileFd &data) { /*{{{*/ std::ostringstream contentlength; contentlength << "Content-Length: " << data.FileSize(); @@ -98,6 +101,7 @@ bool sendHead(int client, int httpcode, std::list &headers) { /*{{{ std::clog << "<<<<<<<<<<<<<<<<" << std::endl; return Success; } /*}}}*/ + bool sendFile(int client, FileFd &data) { /*{{{*/ bool Success = true; char buffer[500]; @@ -110,12 +114,14 @@ bool sendFile(int client, FileFd &data) { /*{{{*/ Success &= FileFd::Write(client, "\r\n", 2); return Success; } /*}}}*/ + bool sendData(int client, std::string &data) { /*{{{*/ bool Success = true; Success &= FileFd::Write(client, data.c_str(), data.size()); Success &= FileFd::Write(client, "\r\n", 2); return Success; } /*}}}*/ + void sendError(int client, int httpcode, string request, bool content) { /*{{{*/ std::list headers; sendHead(client, httpcode, headers); @@ -131,6 +137,19 @@ void sendError(int client, int httpcode, string request, bool content) { /*{{{*/ int main(int argc, const char *argv[]) { + CommandLine::Args Args[] = { + {0, "simulate-paywall", "aptwebserver::Simulate-Paywall", + CommandLine::Boolean}, + {0, "port", "aptwebserver::port", CommandLine::HasArg}, + {0,0,0,0} + }; + + CommandLine CmdL(Args, _config); + if(pkgInitConfig(*_config) == false || CmdL.Parse(argc,argv) == false) { + _error->DumpErrors(); + exit(1); + } + // create socket, bind and listen to it {{{ int sock = socket(AF_INET6, SOCK_STREAM, 0); if(sock < 0 ) { @@ -139,6 +158,10 @@ int main(int argc, const char *argv[]) return 1; } + // get the port + int const port = _config->FindI("aptwebserver::port", 8080); + bool const simulate_broken_server = _config->FindB("aptwebserver::Simulate-Paywall", false); + // ensure that we accept all connections: v4 or v6 int const iponly = 0; setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, &iponly, sizeof(iponly)); @@ -149,7 +172,7 @@ int main(int argc, const char *argv[]) struct sockaddr_in6 locAddr; memset(&locAddr, 0, sizeof(locAddr)); locAddr.sin6_family = AF_INET6; - locAddr.sin6_port = htons(8080); + locAddr.sin6_port = htons(port); locAddr.sin6_addr = in6addr_any; if (bind(sock, (struct sockaddr*) &locAddr, sizeof(locAddr)) < 0) { @@ -158,18 +181,26 @@ int main(int argc, const char *argv[]) return 2; } + if (simulate_broken_server) { + std::clog << "Simulating a broken web server that return nonsense " + "for all querries" << std::endl; + } else { + std::clog << "Serving ANY file on port: " << port << std::endl; + } + listen(sock, 1); - /*}}}*/ std::vector messages; int client; while ((client = accept(sock, NULL, NULL)) != -1) { - std::clog << "ACCEPT client " << client << " on socket " << sock << std::endl; + std::clog << "ACCEPT client " << client + << " on socket " << sock << std::endl; while (ReadMessages(client, messages)) { for (std::vector::const_iterator m = messages.begin(); m != messages.end(); ++m) { - std::clog << ">>> REQUEST >>>>" << std::endl << *m << std::endl << "<<<<<<<<<<<<<<<<" << std::endl; + std::clog << ">>> REQUEST >>>>" << std::endl << *m + << std::endl << "<<<<<<<<<<<<<<<<" << std::endl; std::list headers; bool sendContent = true; if (strncmp(m->c_str(), "HEAD ", 5) == 0) @@ -187,14 +218,20 @@ int main(int argc, const char *argv[]) size_t const filestart = m->find(' ', 5); string filename = m->substr(5, filestart - 5); - if (RealFileExists(filename) == false) + if (simulate_broken_server == true) { + sendHead(client, 200, headers); + string data("ni ni ni"); + sendData(client, data); + } + else if (RealFileExists(filename) == false) sendError(client, 404, *m, sendContent); else { FileFd data(filename, FileFd::ReadOnly); std::string condition = LookupTag(*m, "If-Modified-Since", ""); if (condition.empty() == false) { time_t cache; - if (RFC1123StrToTime(condition.c_str(), cache) == true && cache >= data.ModificationTime()) { + if (RFC1123StrToTime(condition.c_str(), cache) == true && + cache >= data.ModificationTime()) { sendError(client, 304, *m, false); continue; } @@ -209,7 +246,8 @@ int main(int argc, const char *argv[]) messages.clear(); } - std::clog << "CLOSE client " << client << " on socket " << sock << std::endl; + std::clog << "CLOSE client " << client + << " on socket " << sock << std::endl; close(client); } return 0; -- cgit v1.2.3 From da3ebfe79d570c3aeb5f0a407cfec7996f44420c Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Tue, 10 Jul 2012 12:01:46 +0200 Subject: add failing regression test for bug #346386 --- test/integration/framework | 9 ++++++++- test/integration/test-ubuntu-bug346386 | 19 +++++++++++++++++++ test/interactive-helper/aptwebserver.cc | 8 ++++---- 3 files changed, 31 insertions(+), 5 deletions(-) create mode 100755 test/integration/test-ubuntu-bug346386 diff --git a/test/integration/framework b/test/integration/framework index a514bef20..bf46ae0c5 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -687,10 +687,17 @@ signreleasefiles() { msgdone "info" } +simulatebrokenwebserver() { + if ! test -x ${BUILDDIRECTORY}/aptwebserver; then + msgdie 'Need the aptwebserver to simulate broken connections' + fi + changetowebserver '--simulate-paywall' +} + changetowebserver() { if test -x ${BUILDDIRECTORY}/aptwebserver; then cd aptarchive - LD_LIBRARY_PATH=${BUILDDIRECTORY} ${BUILDDIRECTORY}/aptwebserver 2> /dev/null > /dev/null & + LD_LIBRARY_PATH=${BUILDDIRECTORY} ${BUILDDIRECTORY}/aptwebserver $@ 2> /dev/null > /dev/null & addtrap "kill $!;" cd - > /dev/null elif which weborf > /dev/null; then diff --git a/test/integration/test-ubuntu-bug346386 b/test/integration/test-ubuntu-bug346386 new file mode 100755 index 000000000..57004f343 --- /dev/null +++ b/test/integration/test-ubuntu-bug346386 @@ -0,0 +1,19 @@ +#!/bin/sh +set -e + +TESTDIR=$(readlink -f $(dirname $0)) +. $TESTDIR/framework + +setupenvironment +configarchitecture 'amd64' + +buildsimplenativepackage 'apt' 'all' '1.0' 'stable' + +setupaptarchive +simulatebrokenwebserver + +rm -rf rootdir/var/lib/apt/lists +aptget update +testequal 'partial' "$(ls rootdir/var/lib/apt/lists/)" + + diff --git a/test/interactive-helper/aptwebserver.cc b/test/interactive-helper/aptwebserver.cc index 3c476ad05..c7b815925 100644 --- a/test/interactive-helper/aptwebserver.cc +++ b/test/interactive-helper/aptwebserver.cc @@ -244,11 +244,11 @@ int main(int argc, const char *argv[]) } _error->DumpErrors(std::cerr); messages.clear(); - } - std::clog << "CLOSE client " << client - << " on socket " << sock << std::endl; - close(client); + std::clog << "CLOSE client " << client + << " on socket " << sock << std::endl; + close(client); + } } return 0; } -- cgit v1.2.3 From a38a00b981de3031a51e76c8a2e220b59557c469 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Tue, 10 Jul 2012 12:26:15 +0200 Subject: always send content-length via the new addDataHeaders() to ensure w3m/curl are happy too for 404 pages and to comply with the http 1.1 spec --- test/interactive-helper/aptwebserver.cc | 34 +++++++++++++++++++++------------ 1 file changed, 22 insertions(+), 12 deletions(-) diff --git a/test/interactive-helper/aptwebserver.cc b/test/interactive-helper/aptwebserver.cc index c7b815925..ebe04d2a3 100644 --- a/test/interactive-helper/aptwebserver.cc +++ b/test/interactive-helper/aptwebserver.cc @@ -78,6 +78,13 @@ void addFileHeaders(std::list &headers, FileFd &data) { /*{{{*/ lastmodified.append(TimeRFC1123(data.ModificationTime())); headers.push_back(lastmodified); } /*}}}*/ + +void addDataHeaders(std::list &headers, std::string &data) {/*{{{*/ + std::ostringstream contentlength; + contentlength << "Content-Length: " << data.size(); + headers.push_back(contentlength.str()); +} /*}}}*/ + bool sendHead(int client, int httpcode, std::list &headers) { /*{{{*/ string response("HTTP/1.1 "); response.append(httpcodeToStr(httpcode)); @@ -124,14 +131,16 @@ bool sendData(int client, std::string &data) { /*{{{*/ void sendError(int client, int httpcode, string request, bool content) { /*{{{*/ std::list headers; + string response; + if (content == true) { + response.append(""); + response.append(httpcodeToStr(httpcode)).append(""); + response.append("

").append(httpcodeToStr(httpcode)).append(""); + response.append(request).append(""); + addDataHeaders(headers, response); + } sendHead(client, httpcode, headers); - if (content == false) - return; - string response(""); - response.append(httpcodeToStr(httpcode)).append(""); - response.append("

").append(httpcodeToStr(httpcode)).append(""); - response.append(request).append(""); sendData(client, response); } /*}}}*/ @@ -219,8 +228,9 @@ int main(int argc, const char *argv[]) string filename = m->substr(5, filestart - 5); if (simulate_broken_server == true) { + string data("ni ni ni\n"); + addDataHeaders(headers, data); sendHead(client, 200, headers); - string data("ni ni ni"); sendData(client, data); } else if (RealFileExists(filename) == false) @@ -244,11 +254,11 @@ int main(int argc, const char *argv[]) } _error->DumpErrors(std::cerr); messages.clear(); - - std::clog << "CLOSE client " << client - << " on socket " << sock << std::endl; - close(client); } + + std::clog << "CLOSE client " << client + << " on socket " << sock << std::endl; + close(client); } return 0; } -- cgit v1.2.3 From 3ce22d4f714414d6deb8b044c5b08a8fe7a78967 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Tue, 10 Jul 2012 13:19:54 +0200 Subject: cleanup, thanks to donkult for his feedback --- test/integration/framework | 9 +++------ test/integration/test-ubuntu-bug346386 | 2 +- test/interactive-helper/aptwebserver.cc | 2 +- 3 files changed, 5 insertions(+), 8 deletions(-) diff --git a/test/integration/framework b/test/integration/framework index bf46ae0c5..8f37d4a03 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -687,14 +687,11 @@ signreleasefiles() { msgdone "info" } -simulatebrokenwebserver() { - if ! test -x ${BUILDDIRECTORY}/aptwebserver; then - msgdie 'Need the aptwebserver to simulate broken connections' +changetowebserver() { + if [ -n "$1" ] && ! test -x ${BUILDDIRECTORY}/aptwebserver; then + msgdie 'Need the aptwebserver when passing arguments' fi - changetowebserver '--simulate-paywall' -} -changetowebserver() { if test -x ${BUILDDIRECTORY}/aptwebserver; then cd aptarchive LD_LIBRARY_PATH=${BUILDDIRECTORY} ${BUILDDIRECTORY}/aptwebserver $@ 2> /dev/null > /dev/null & diff --git a/test/integration/test-ubuntu-bug346386 b/test/integration/test-ubuntu-bug346386 index 57004f343..a5f502853 100755 --- a/test/integration/test-ubuntu-bug346386 +++ b/test/integration/test-ubuntu-bug346386 @@ -10,7 +10,7 @@ configarchitecture 'amd64' buildsimplenativepackage 'apt' 'all' '1.0' 'stable' setupaptarchive -simulatebrokenwebserver +changetowebserver --simulate-paywall rm -rf rootdir/var/lib/apt/lists aptget update diff --git a/test/interactive-helper/aptwebserver.cc b/test/interactive-helper/aptwebserver.cc index ebe04d2a3..8fbb9eab9 100644 --- a/test/interactive-helper/aptwebserver.cc +++ b/test/interactive-helper/aptwebserver.cc @@ -154,7 +154,7 @@ int main(int argc, const char *argv[]) }; CommandLine CmdL(Args, _config); - if(pkgInitConfig(*_config) == false || CmdL.Parse(argc,argv) == false) { + if(CmdL.Parse(argc,argv) == false) { _error->DumpErrors(); exit(1); } -- cgit v1.2.3 From 549b49394848d051dc116600571df55d7160eeaa Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Tue, 10 Jul 2012 14:10:19 +0200 Subject: improve test some more --- test/integration/framework | 1 + test/integration/test-ubuntu-bug346386 | 32 ++++++++++++++++++++++++++++++-- 2 files changed, 31 insertions(+), 2 deletions(-) diff --git a/test/integration/framework b/test/integration/framework index 8f37d4a03..d15fd0e01 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -688,6 +688,7 @@ signreleasefiles() { } changetowebserver() { + if [ -n "$1" ] && ! test -x ${BUILDDIRECTORY}/aptwebserver; then msgdie 'Need the aptwebserver when passing arguments' fi diff --git a/test/integration/test-ubuntu-bug346386 b/test/integration/test-ubuntu-bug346386 index a5f502853..1fbfb5ca4 100755 --- a/test/integration/test-ubuntu-bug346386 +++ b/test/integration/test-ubuntu-bug346386 @@ -1,6 +1,24 @@ #!/bin/sh set -e +ensure_n_canary_strings_in_dir() { + DIR=$1 + CANARY_STRING=$2 + EXPECTED_N=$3 + + msgtest "Testing for $EXPECTED_N canary strings '$CANARY_STRING' in in $DIR" + + + N=$(grep "$CANARY_STRING" $DIR/* 2>/dev/null |wc -l ) + if [ "$N" = "$EXPECTED_N" ]; then + msgpass + return 0 + else + msgfail "Expected $EXPECTED_N canaries, got $N" + return 1 + fi +} + TESTDIR=$(readlink -f $(dirname $0)) . $TESTDIR/framework @@ -13,7 +31,17 @@ setupaptarchive changetowebserver --simulate-paywall rm -rf rootdir/var/lib/apt/lists -aptget update -testequal 'partial' "$(ls rootdir/var/lib/apt/lists/)" +if aptget update -qq 2>/dev/null; then + msgfail "excpected apt-get update failure" +fi +ensure_n_canary_strings_in_dir rootdir/var/lib/apt/lists/ "ni ni ni" 0 +testequal 'partial' ls rootdir/var/lib/apt/lists/ +# again, this time with pre-existing files valid data +for f in Release Release.gpg main_binary-amd64_Packages stable_main_source_Sources; do + echo "canary" > rootdir/var/lib/apt/lists/localhost:8080_dists_stable_${f} +done +# this will fail, the important part is that the canaries remain +aptget update -qq 2>/dev/null || true +ensure_n_canary_strings_in_dir rootdir/var/lib/apt/lists/ "canary" 4 -- cgit v1.2.3 From 1c89c98a56df709b4c4477bbd7b86f4e32cee214 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Tue, 10 Jul 2012 15:08:06 +0200 Subject: cherry pick -r1846 from bzr+ssh://bazaar.launchpad.net/~mvo/apt/lp346386/ --- apt-pkg/contrib/fileutl.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apt-pkg/contrib/fileutl.cc b/apt-pkg/contrib/fileutl.cc index 20d2a02f5..d63195c7d 100644 --- a/apt-pkg/contrib/fileutl.cc +++ b/apt-pkg/contrib/fileutl.cc @@ -858,7 +858,7 @@ bool ExecWait(pid_t Pid,const char *Name,bool Reap) bool IsPgpClearTextSignature(string const &FileName) { static const char* SIGMSG = "-----BEGIN PGP SIGNED MESSAGE-----\n"; - char buffer[sizeof(SIGMSG)]; + char buffer[strlen(SIGMSG)+1]; FILE* gpg = fopen(FileName.c_str(), "r"); if (gpg == NULL) return false; -- cgit v1.2.3 From fe5804fc5010dd8f2e9406187bfc1f6afeb29c5a Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Tue, 10 Jul 2012 15:19:09 +0200 Subject: cherry pick -r1847 from bzr+ssh://bazaar.launchpad.net/~mvo/apt/lp346386/ --- apt-pkg/acquire-item.cc | 3 +-- apt-pkg/contrib/fileutl.cc | 4 ++-- apt-pkg/contrib/fileutl.h | 2 +- apt-pkg/indexcopy.cc | 2 +- 4 files changed, 5 insertions(+), 6 deletions(-) diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index ddd3300f9..665dd427e 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -1241,8 +1241,7 @@ void pkgAcqMetaIndex::Done(string Message,unsigned long long Size,string Hash, / // if we expect a ClearTextSignature (InRelase), ensure that // this is what we get and if not fail to queue a // Release/Release.gpg, see #346386 - if (SigFile == DestFile && - !IsPgpClearTextSignature(DestFile)) + if (SigFile == DestFile && !StartsWithGPGClearTextSignature(DestFile)) { Failed(Message, Cfg); return; diff --git a/apt-pkg/contrib/fileutl.cc b/apt-pkg/contrib/fileutl.cc index d63195c7d..960616f33 100644 --- a/apt-pkg/contrib/fileutl.cc +++ b/apt-pkg/contrib/fileutl.cc @@ -852,10 +852,10 @@ bool ExecWait(pid_t Pid,const char *Name,bool Reap) } /*}}}*/ -// IsPgpClearTextSignature - Check if a file is Pgp/GPG clearsigned /*{{{*/ +// StartsWithGPGClearTextSignature - Check if a file is Pgp/GPG clearsigned /*{{{*/ // --------------------------------------------------------------------- /* */ -bool IsPgpClearTextSignature(string const &FileName) +bool StartsWithGPGClearTextSignature(string const &FileName) { static const char* SIGMSG = "-----BEGIN PGP SIGNED MESSAGE-----\n"; char buffer[strlen(SIGMSG)+1]; diff --git a/apt-pkg/contrib/fileutl.h b/apt-pkg/contrib/fileutl.h index 1e16540f7..510b1c984 100644 --- a/apt-pkg/contrib/fileutl.h +++ b/apt-pkg/contrib/fileutl.h @@ -181,7 +181,7 @@ pid_t ExecFork(); bool ExecWait(pid_t Pid,const char *Name,bool Reap = false); // check if the given file starts with a PGP cleartext signature -bool IsPgpClearTextSignature(std::string const &FileName); +bool StartsWithGPGClearTextSignature(std::string const &FileName); // File string manipulators std::string flNotDir(std::string File); diff --git a/apt-pkg/indexcopy.cc b/apt-pkg/indexcopy.cc index db3d10ecd..ddf1909b7 100644 --- a/apt-pkg/indexcopy.cc +++ b/apt-pkg/indexcopy.cc @@ -652,7 +652,7 @@ bool SigVerify::RunGPGV(std::string const &File, std::string const &FileGPG, if (gpg == NULL) return _error->Errno("RunGPGV", _("Could not open file %s"), File.c_str()); fclose(gpg); - if (!IsPgpClearTextSignature(File)) + if (!StartsWithGPGClearTextSignature(File)) return _error->Error(_("File %s doesn't start with a clearsigned message"), File.c_str()); } -- cgit v1.2.3