From 5a23c56d6852a27d45c2ae227b43060f7beac051 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Wed, 4 May 2016 11:45:35 +0200 Subject: tests: disable generation of Release.gpg by default Most tests just need a signed repository and don't care if it signed by an InRelease file or a Release.gpg file, so we can save some time by just generating one of them by default. Sounds like not much, but quickly adds up to a few seconds with the amount of tests we have accumulated by now. Git-Dch: Ignore --- test/integration/framework | 3 +++ test/integration/test-apt-update-expected-size | 1 + test/integration/test-apt-update-ims | 1 + test/integration/test-apt-update-nofallback | 17 ++++++++--------- test/integration/test-apt-update-not-modified | 1 + test/integration/test-apt-update-rollback | 12 ++++-------- .../test-bug-633350-do-not-kill-last-char-in-Release | 15 ++------------- test/integration/test-hashsum-verification | 12 ++++-------- test/integration/test-releasefile-verification | 5 +++-- 9 files changed, 27 insertions(+), 40 deletions(-) diff --git a/test/integration/framework b/test/integration/framework index 1f843babf..1f4da97f0 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -421,6 +421,9 @@ EOF echo 'Acquire::gpgv::Options { "--weak-digest"; "sha1"; };' > rootdir/etc/apt/apt.conf.d/no-sha1 fi + # most tests just need one signed Release file, not both + export APT_DONT_SIGN='Release.gpg' + msgdone "info" } diff --git a/test/integration/test-apt-update-expected-size b/test/integration/test-apt-update-expected-size index ee0eae981..f7b825d98 100755 --- a/test/integration/test-apt-update-expected-size +++ b/test/integration/test-apt-update-expected-size @@ -10,6 +10,7 @@ configcompression '.' 'gz' insertpackage 'unstable' 'apt' 'i386' '1.0' +export APT_DONT_SIGN='' setupaptarchive --no-update cp -a aptarchive/dists aptarchive/dists.good diff --git a/test/integration/test-apt-update-ims b/test/integration/test-apt-update-ims index 9635d8dd6..e1ffd5240 100755 --- a/test/integration/test-apt-update-ims +++ b/test/integration/test-apt-update-ims @@ -10,6 +10,7 @@ insertpackage 'unstable' 'unrelated' 'all' '0.5~squeeze1' insertpackage 'unstable' 'unrelated2' 'amd64' '0.5~squeeze1' insertsource 'unstable' 'unrelated' 'all' '0.5~squeeze1' +export APT_DONT_SIGN="" setupaptarchive --no-update changetowebserver diff --git a/test/integration/test-apt-update-nofallback b/test/integration/test-apt-update-nofallback index 4db67ee5d..c8a008214 100755 --- a/test/integration/test-apt-update-nofallback +++ b/test/integration/test-apt-update-nofallback @@ -58,7 +58,7 @@ setupaptarchive_with_lists_clean() test_from_inrelease_to_unsigned() { - # setup archive with InRelease file + export APT_DONT_SIGN='Release.gpg' setupaptarchive_with_lists_clean testsuccess aptget update listcurrentlistsdirectory > lists.before @@ -70,9 +70,8 @@ test_from_inrelease_to_unsigned() test_from_release_gpg_to_unsigned() { - # setup archive with Release/Release.gpg (but no InRelease) + export APT_DONT_SIGN='InRelease' setupaptarchive_with_lists_clean - rm "$APTARCHIVE/dists/unstable/InRelease" testsuccess aptget update listcurrentlistsdirectory > lists.before @@ -83,6 +82,7 @@ test_from_release_gpg_to_unsigned() test_from_inrelease_to_unsigned_with_override() { + export APT_DONT_SIGN='Release.gpg' # setup archive with InRelease file setupaptarchive_with_lists_clean testsuccess aptget update @@ -119,13 +119,13 @@ test_cve_2012_0214() # # Still worth having a regression test the simulates the condition - # setup archive with InRelease + export APT_DONT_SIGN='Release.gpg' setupaptarchive_with_lists_clean testsuccess aptget update listcurrentlistsdirectory > lists.before # do what CVE-2012-0214 did - rm "$APTARCHIVE/dists/unstable/InRelease" "$APTARCHIVE/dists/unstable/Release.gpg" + rm -f "$APTARCHIVE/dists/unstable/InRelease" "$APTARCHIVE/dists/unstable/Release.gpg" inject_evil_package # build valid Release file aptftparchive -qq release ./aptarchive > aptarchive/dists/unstable/Release @@ -139,7 +139,7 @@ test_cve_2012_0214() test_subvert_inrelease() { - # setup archive with InRelease + export APT_DONT_SIGN='Release.gpg' setupaptarchive_with_lists_clean testsuccess aptget update listcurrentlistsdirectory > lists.before @@ -157,7 +157,7 @@ E: Some index files failed to download. They have been ignored, or old ones used test_inrelease_to_invalid_inrelease() { - # setup archive with InRelease + export APT_DONT_SIGN='Release.gpg' setupaptarchive_with_lists_clean testsuccess aptget update listcurrentlistsdirectory > lists.before @@ -178,9 +178,8 @@ W: Some index files failed to download. They have been ignored, or old ones used test_release_gpg_to_invalid_release_release_gpg() { - # setup archive with InRelease + export APT_DONT_SIGN='InRelease' setupaptarchive_with_lists_clean - rm "$APTARCHIVE/dists/unstable/InRelease" testsuccess aptget update listcurrentlistsdirectory > lists.before diff --git a/test/integration/test-apt-update-not-modified b/test/integration/test-apt-update-not-modified index c81a05b2c..a164a213d 100755 --- a/test/integration/test-apt-update-not-modified +++ b/test/integration/test-apt-update-not-modified @@ -10,6 +10,7 @@ confighashes 'SHA256' insertpackage 'unstable' 'apt' 'amd64,i386' '1.0' +export APT_DONT_SIGN='' setupaptarchive --no-update methodtest() { diff --git a/test/integration/test-apt-update-rollback b/test/integration/test-apt-update-rollback index d343baeae..643798bec 100755 --- a/test/integration/test-apt-update-rollback +++ b/test/integration/test-apt-update-rollback @@ -82,8 +82,7 @@ test_inrelease_to_valid_release() { add_new_package '+1hour' # switch to a unsigned repo now - rm "$APTARCHIVE/dists/unstable/InRelease" - rm "$APTARCHIVE/dists/unstable/Release.gpg" + rm -f "$APTARCHIVE/dists/unstable/InRelease" "$APTARCHIVE/dists/unstable/Release.gpg" # update fails testfailureequal "E: The repository 'file:${APTARCHIVE} unstable Release' is no longer signed." aptget update -qq @@ -102,8 +101,7 @@ test_inrelease_to_release_reverts_all() { # switch to a unsigned repo now add_new_package '+1hour' - rm "$APTARCHIVE/dists/unstable/InRelease" - rm "$APTARCHIVE/dists/unstable/Release.gpg" + rm -f "$APTARCHIVE/dists/unstable/InRelease" "$APTARCHIVE/dists/unstable/Release.gpg" # break it break_repository_sources_index '+1hour' @@ -122,8 +120,7 @@ test_inrelease_to_release_reverts_all() { test_unauthenticated_to_invalid_inrelease() { msgmsg 'Test UnAuthenticated to invalid InRelease reverts everything' create_fresh_archive - rm "$APTARCHIVE/dists/unstable/InRelease" - rm "$APTARCHIVE/dists/unstable/Release.gpg" + rm -f "$APTARCHIVE/dists/unstable/InRelease" "$APTARCHIVE/dists/unstable/Release.gpg" testwarning aptget update --allow-insecure-repositories listcurrentlistsdirectory > lists.before @@ -191,9 +188,8 @@ TESTDIR="$(readlink -f "$(dirname "$0")")" setupenvironment configarchitecture "i386" +export APT_DONT_SIGN='Release.gpg' -# setup the archive and ensure we have a single package that installs fine -setupaptarchive APTARCHIVE="$(readlink -f ./aptarchive)" ROOTDIR="${TMPWORKINGDIRECTORY}/rootdir" APTARCHIVE_LISTS="$(echo "$APTARCHIVE" | tr "/" "_" )" diff --git a/test/integration/test-bug-633350-do-not-kill-last-char-in-Release b/test/integration/test-bug-633350-do-not-kill-last-char-in-Release index c0802e8b5..d7dd261f6 100755 --- a/test/integration/test-bug-633350-do-not-kill-last-char-in-Release +++ b/test/integration/test-bug-633350-do-not-kill-last-char-in-Release @@ -8,20 +8,9 @@ configarchitecture 'amd64' insertpackage 'unstable' 'cool' 'amd64' '1.0' +export APT_DONT_SIGN='InRelease' setupaptarchive --no-update echo 'NotAutomatic: yes' >> aptarchive/dists/unstable/Release - signreleasefiles -find aptarchive/dists -name 'InRelease' -delete - -rm -rf rootdir/var/lib/apt/lists - -OUTPUT="$(aptget update 2>&1)" -msgtest 'Check that parsing happens without warnings' 'with missing newline' -if echo "${OUTPUT}" | grep '^W:' > /dev/null; then - msgfail - echo "${OUTPUT}" -else - msgpass -fi +testsuccess aptget update diff --git a/test/integration/test-hashsum-verification b/test/integration/test-hashsum-verification index 31923bd87..a514b85e2 100755 --- a/test/integration/test-hashsum-verification +++ b/test/integration/test-hashsum-verification @@ -46,9 +46,6 @@ SHA256: EOF } -# fake our downloadable file -touch aptarchive/apt.deb - PKGFILE="${TESTDIR}/$(echo "$(basename $0)" | sed 's#^test-#Packages-#')" runtest() { @@ -63,12 +60,12 @@ runtest() { msgtest 'No package from the source available' testfailureequal --nomsg 'N: Unable to locate package apt E: No packages found' aptcache show apt - msgtest 'No Packages file in /var/lib/apt/lists' - [ "$(ls rootdir/var/lib/apt/lists/*Package* 2>/dev/null | grep -v FAILED 2>/dev/null)" = "" ] && msgpass || msgfail - + msgtest 'No Packages file in /var/lib/apt/lists' + testempty find rootdir/var/lib/apt/lists -maxdepth 1 -name '*Package*' + # now with the unsigned Release file rm -rf rootdir/var/lib/apt/lists - rm aptarchive/InRelease aptarchive/Release.gpg + rm -f aptarchive/InRelease aptarchive/Release.gpg msgtest 'unsigned apt-get update gets the expected hashsum mismatch' testfailure --nomsg aptget update --allow-insecure-repositories testsuccess grep "Hash Sum mismatch" rootdir/tmp/testfailure.output @@ -81,6 +78,5 @@ for COMPRESSEDINDEXES in 'false' 'true'; do else msgmsg 'Run tests with GzipIndexes disabled' fi - runtest done diff --git a/test/integration/test-releasefile-verification b/test/integration/test-releasefile-verification index a95c20fd4..217319cab 100755 --- a/test/integration/test-releasefile-verification +++ b/test/integration/test-releasefile-verification @@ -7,6 +7,7 @@ TESTDIR="$(readlink -f "$(dirname "$0")")" setupenvironment configarchitecture "i386" +export APT_DONT_SIGN='Release.gpg' buildaptarchive setupflataptarchive changetowebserver @@ -368,7 +369,7 @@ runtest3() { export APT_DONT_SIGN="$DELETEFILE" msgmsg "Running test with deletion of $DELETEFILE and $1 digest" runtest - unset APT_DONT_SIGN + export APT_DONT_SIGN='Release.gpg' done } @@ -424,7 +425,7 @@ runfailure() { testsuccessequal "$(cat "${PKGFILE}") " aptcache show apt failaptold - unset APT_DONT_SIGN + export APT_DONT_SIGN='Release.gpg' done } runfailure -- cgit v1.2.3