From 846bc058cb0c1bf7ce7c2fb30b9c277e96e9eaf7 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Sat, 18 Oct 2014 22:46:48 +0200 Subject: check lists/ content in tests doing rollback Git-Dch: Ignore --- test/integration/framework | 9 +++++++++ test/integration/test-apt-update-expected-size | 5 +++-- test/integration/test-apt-update-file | 24 +++++++++++------------- test/integration/test-apt-update-ims | 4 ++-- test/integration/test-apt-update-nofallback | 25 +++++++++++++++++++------ test/integration/test-apt-update-rollback | 10 +++++++++- test/integration/test-apt-update-stale | 17 +++++++---------- test/integration/test-apt-update-transactions | 19 +++++++++---------- test/integration/test-apt-update-unauth | 15 ++++++--------- 9 files changed, 75 insertions(+), 53 deletions(-) diff --git a/test/integration/framework b/test/integration/framework index 8ccbe7f6d..d9851a48c 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -1277,6 +1277,15 @@ pause() { read IGNORE } +listcurrentlistsdirectory() { + find rootdir/var/lib/apt/lists -maxdepth 1 -type d | while read line; do + stat --format '%U:%G:%a:%n' "$line" + done + find rootdir/var/lib/apt/lists -maxdepth 1 \! -type d | while read line; do + stat --format '%U:%G:%a:%s:%y:%n' "$line" + done +} + ### The following tests are run by most test methods automatically to check ### general things about commands executed without writing the test every time. diff --git a/test/integration/test-apt-update-expected-size b/test/integration/test-apt-update-expected-size index a039e9e1c..b71853406 100755 --- a/test/integration/test-apt-update-expected-size +++ b/test/integration/test-apt-update-expected-size @@ -34,8 +34,9 @@ mv aptarchive/dists/unstable/InRelease.good aptarchive/dists/unstable/InRelease # append junk at the end of the Packages.gz/Packages SIZE="$(stat --printf=%s aptarchive/dists/unstable/main/binary-i386/Packages)" -echo "1234567890" >> aptarchive/dists/unstable/main/binary-i386/Packages.gz -echo "1234567890" >> aptarchive/dists/unstable/main/binary-i386/Packages +find aptarchive -name 'Packages*' | while read pkg; do + echo "1234567890" >> "$pkg" +done NEW_SIZE="$(stat --printf=%s aptarchive/dists/unstable/main/binary-i386/Packages)" rm -f rootdir/var/lib/apt/lists/localhost* testequal "W: Failed to fetch http://localhost:8080/dists/unstable/main/binary-i386/Packages Writing more data than expected ($NEW_SIZE > $SIZE) diff --git a/test/integration/test-apt-update-file b/test/integration/test-apt-update-file index e6332dc3b..1ecf9a38a 100755 --- a/test/integration/test-apt-update-file +++ b/test/integration/test-apt-update-file @@ -10,28 +10,26 @@ TESTDIR=$(readlink -f $(dirname $0)) setupenvironment configarchitecture "amd64" -configcompression 'bz2' 'gz' +configcompression 'bz2' 'gz' -insertpackage 'unstable' 'foo' 'all' '1.0' +insertpackage 'unstable' 'foo' 'all' '1' +insertsource 'unstable' 'foo' 'all' '1' setupaptarchive --no-update # ensure the archive is not writable +addtrap 'prefix' 'chmod 750 aptarchive/dists/unstable/main/binary-amd64;' chmod 550 aptarchive/dists/unstable/main/binary-amd64 -testsuccess aptget update -qq -testsuccess aptget update -qq -aptget update -qq -o Debug::pkgAcquire::Auth=1 2> output.log +testsuccess aptget update +testsuccess aptget update -o Debug::pkgAcquire::Auth=1 +cp -a rootdir/tmp/testsuccess.output rootdir/tmp/update.output -# ensure that the hash of the uncompressed file was verified even on a local -# ims hit +# ensure that the hash of the uncompressed file was verified even on a local ims hit canary="SHA512:$(bzcat aptarchive/dists/unstable/main/binary-amd64/Packages.bz2 | sha512sum |cut -f1 -d' ')" -grep -q -- "- $canary" output.log +testsuccess grep -- "$canary" rootdir/tmp/update.output # foo is still available testsuccess aptget install -s foo - -# the cleanup should still work -chmod 750 aptarchive/dists/unstable/main/binary-amd64 - - +testsuccess aptcache showsrc foo +testsuccess aptget source foo --print-uris diff --git a/test/integration/test-apt-update-ims b/test/integration/test-apt-update-ims index 6746837a4..eece0c84c 100755 --- a/test/integration/test-apt-update-ims +++ b/test/integration/test-apt-update-ims @@ -8,7 +8,7 @@ configarchitecture 'amd64' buildsimplenativepackage 'unrelated' 'all' '0.5~squeeze1' 'unstable' -setupaptarchive +setupaptarchive --no-update changetowebserver runtest() { @@ -23,7 +23,7 @@ runtest() { testequal "$EXPECT" aptget update -o Debug::pkgAcquire::Worker=0 -o Debug::Acquire::http=0 # ensure that we still do a hash check on ims hit - msgtest 'Test I-M-S reverify' + msgtest 'Test I-M-S' 'reverify' aptget update -o Debug::pkgAcquire::Auth=1 2>&1 | grep -A1 'RecivedHash:' | grep -q -- '- SHA' && msgpass || msgfail # ensure no leftovers in partial diff --git a/test/integration/test-apt-update-nofallback b/test/integration/test-apt-update-nofallback index 321472c2e..12977129f 100755 --- a/test/integration/test-apt-update-nofallback +++ b/test/integration/test-apt-update-nofallback @@ -39,8 +39,9 @@ assert_update_is_refused_and_last_good_state_used() assert_repo_is_intact() { testequal "foo/unstable 2.0 all" apt list -q - testsuccess "" aptget install -y -s foo - testfailure "" aptget install -y evil + testsuccess aptget install -y -s foo + testfailure aptget install -y evil + testsuccess aptget source foo --print-uris LISTDIR=rootdir/var/lib/apt/lists if ! ( ls $LISTDIR/*InRelease >/dev/null 2>&1 || @@ -62,9 +63,11 @@ test_from_inrelease_to_unsigned() # setup archive with InRelease file setupaptarchive_with_lists_clean testsuccess aptget update + listcurrentlistsdirectory > lists.before simulate_mitm_and_inject_evil_package assert_update_is_refused_and_last_good_state_used + testfileequal lists.before "$(listcurrentlistsdirectory)" } test_from_release_gpg_to_unsigned() @@ -73,9 +76,11 @@ test_from_release_gpg_to_unsigned() setupaptarchive_with_lists_clean rm $APTARCHIVE/dists/unstable/InRelease testsuccess aptget update + listcurrentlistsdirectory > lists.before simulate_mitm_and_inject_evil_package assert_update_is_refused_and_last_good_state_used + testfileequal lists.before "$(listcurrentlistsdirectory)" } test_from_inrelease_to_unsigned_with_override() @@ -118,6 +123,7 @@ test_cve_2012_0214() # setup archive with InRelease setupaptarchive_with_lists_clean testsuccess aptget update + listcurrentlistsdirectory > lists.before # do what CVE-2012-0214 did rm $APTARCHIVE/dists/unstable/InRelease @@ -127,6 +133,7 @@ test_cve_2012_0214() aptftparchive -qq release ./aptarchive > aptarchive/dists/unstable/Release assert_update_is_refused_and_last_good_state_used + testfileequal lists.before "$(listcurrentlistsdirectory)" # ensure there is no _Release file downloaded testfailure ls rootdir/var/lib/apt/lists/*_Release @@ -137,6 +144,7 @@ test_subvert_inrelease() # setup archive with InRelease setupaptarchive_with_lists_clean testsuccess aptget update + listcurrentlistsdirectory > lists.before # replace InRelease with something else mv $APTARCHIVE/dists/unstable/Release $APTARCHIVE/dists/unstable/InRelease @@ -146,6 +154,7 @@ test_subvert_inrelease() E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq # ensure we keep the repo + testfileequal lists.before "$(listcurrentlistsdirectory)" assert_repo_is_intact } @@ -154,6 +163,7 @@ test_inrelease_to_invalid_inrelease() # setup archive with InRelease setupaptarchive_with_lists_clean testsuccess aptget update + listcurrentlistsdirectory > lists.before # now remove InRelease and subvert Release do no longer verify sed -i 's/Codename.*/Codename: evil!'/ $APTARCHIVE/dists/unstable/InRelease @@ -166,8 +176,9 @@ W: Failed to fetch file:${APTARCHIVE}/dists/unstable/InRelease The following si W: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq # ensure we keep the repo + testfailure grep 'evil' rootdir/var/lib/apt/lists/*InRelease + testfileequal lists.before "$(listcurrentlistsdirectory)" assert_repo_is_intact - testfailure grep "evil" rootdir/var/lib/apt/lists/*InRelease } test_release_gpg_to_invalid_release_release_gpg() @@ -176,6 +187,7 @@ test_release_gpg_to_invalid_release_release_gpg() setupaptarchive_with_lists_clean rm $APTARCHIVE/dists/unstable/InRelease testsuccess aptget update + listcurrentlistsdirectory > lists.before # now subvert Release do no longer verify echo "Some evil data" >> $APTARCHIVE/dists/unstable/Release @@ -187,8 +199,9 @@ W: Failed to fetch file:${APTARCHIVE}/dists/unstable/Release.gpg W: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq + testfailure grep 'evil' rootdir/var/lib/apt/lists/*Release + testfileequal lists.before "$(listcurrentlistsdirectory)" assert_repo_is_intact - testfailure grep "evil" rootdir/var/lib/apt/lists/*Release } @@ -229,6 +242,6 @@ test_inrelease_to_invalid_inrelease msgmsg "test_release_gpg_to_invalid_release_release_gpg" test_release_gpg_to_invalid_release_release_gpg -# ensure we can ovveride the downgrade error -msgmsg "test_from_inrelease_to_unsigned" +# ensure we can override the downgrade error +msgmsg "test_from_inrelease_to_unsigned_with_override" test_from_inrelease_to_unsigned_with_override diff --git a/test/integration/test-apt-update-rollback b/test/integration/test-apt-update-rollback index 220c3052b..d33411da4 100755 --- a/test/integration/test-apt-update-rollback +++ b/test/integration/test-apt-update-rollback @@ -37,6 +37,7 @@ break_repository_sources_index() { start_with_good_inrelease() { create_fresh_archive testsuccess aptget update + listcurrentlistsdirectory > lists.before testequal "old/unstable 1.0 all" apt list -q } @@ -63,6 +64,7 @@ test_inrelease_to_broken_hash_reverts_all() { E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq # ensure that the Packages file is also rolled back + testfileequal lists.before "$(listcurrentlistsdirectory)" testequal "E: Unable to locate package new" aptget install new -s -qq } @@ -78,7 +80,8 @@ test_inrelease_to_valid_release() { # update fails testequal "E: The repository 'file: unstable Release.gpg' is no longer signed." aptget update -qq - # test that we can install the new packages but do no longer have a sig + # test that security downgrade was not successful + testfileequal lists.before "$(listcurrentlistsdirectory)" testsuccess aptget install old -s testfailure aptget install new -s testsuccess ls $ROOTDIR/var/lib/apt/lists/*_InRelease @@ -101,6 +104,7 @@ test_inrelease_to_release_reverts_all() { testequal "E: The repository 'file: unstable Release.gpg' is no longer signed." aptget update -qq # -o Debug::acquire::transaction=1 # ensure that the Packages file is also rolled back + testfileequal lists.before "$(listcurrentlistsdirectory)" testsuccess aptget install old -s testfailure aptget install new -s testsuccess ls $ROOTDIR/var/lib/apt/lists/*_InRelease @@ -114,6 +118,7 @@ test_unauthenticated_to_invalid_inrelease() { rm $APTARCHIVE/dists/unstable/Release.gpg testsuccess aptget update --allow-insecure-repositories + listcurrentlistsdirectory > lists.before testequal "WARNING: The following packages cannot be authenticated! old E: There are problems and -y was used without --force-yes" aptget install -qq -y old @@ -126,6 +131,7 @@ E: There are problems and -y was used without --force-yes" aptget install -qq -y E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq + testfileequal lists.before "$(listcurrentlistsdirectory)" testfailure ls rootdir/var/lib/apt/lists/*_InRelease testequal "WARNING: The following packages cannot be authenticated! old @@ -144,6 +150,7 @@ W: Failed to fetch file:$APTARCHIVE/dists/unstable/InRelease The following sign W: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq + testfileequal lists.before "$(listcurrentlistsdirectory)" testsuccess ls rootdir/var/lib/apt/lists/*_InRelease } @@ -158,6 +165,7 @@ test_inrelease_to_broken_gzip() { rm $APTARCHIVE/dists/unstable/main/source/Sources testfailure aptget update + testfileequal lists.before "$(listcurrentlistsdirectory)" } TESTDIR=$(readlink -f $(dirname $0)) diff --git a/test/integration/test-apt-update-stale b/test/integration/test-apt-update-stale index 780ff79af..52f94591f 100755 --- a/test/integration/test-apt-update-stale +++ b/test/integration/test-apt-update-stale @@ -17,6 +17,7 @@ insertpackage 'unstable' 'foo' 'all' '1.0' setupaptarchive changetowebserver aptget update -qq +listcurrentlistsdirectory > lists.before # insert new version mkdir aptarchive/dists/unstable/main/binary-i386/saved @@ -24,23 +25,19 @@ cp -p aptarchive/dists/unstable/main/binary-i386/Packages* \ aptarchive/dists/unstable/main/binary-i386/saved insertpackage 'unstable' 'foo' 'all' '2.0' -# not using compressfile for compat with older apt releases -gzip -c aptarchive/dists/unstable/main/binary-i386/Packages > \ - aptarchive/dists/unstable/main/binary-i386/Packages.gz -generatereleasefiles -signreleasefiles - +compressfile aptarchive/dists/unstable/main/binary-i386/Packages # ensure that we do not get a I-M-S hit for the Release file -touch -d "+1hour" aptarchive/dists/unstable/*Release* + +generatereleasefiles '+1hour' +signreleasefiles # but now only deliver the previous Packages file instead of the new one # (simulating a stale attack) cp -p aptarchive/dists/unstable/main/binary-i386/saved/Packages* \ aptarchive/dists/unstable/main/binary-i386/ -# ensure this raises a error +# ensure this raises an error testequal "W: Failed to fetch http://localhost:8080/dists/unstable/main/binary-i386/Packages Hash Sum mismatch E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq - - +testfileequal lists.before "$(listcurrentlistsdirectory)" diff --git a/test/integration/test-apt-update-transactions b/test/integration/test-apt-update-transactions index 2fc5f1dad..fe352c762 100755 --- a/test/integration/test-apt-update-transactions +++ b/test/integration/test-apt-update-transactions @@ -25,40 +25,39 @@ restorefile() { mv "${1}.bak" "$1" } -listscheck() { - testequal "$(cat $1)" ls rootdir/var/lib/apt/lists -} - testrun() { # produce an unsigned repository find aptarchive \( -name 'Release.gpg' -o -name 'InRelease' \) -delete testfailure aptget update --no-allow-insecure-repositories - listscheck "$1" + testfileequal "$1" "$(listcurrentlistsdirectory)" # signed but broken signreleasefiles breakfile aptarchive/dists/unstable/main/binary-i386/Packages testfailure aptget update - listscheck "$1" + testfileequal "$1" "$(listcurrentlistsdirectory)" restorefile aptarchive/dists/unstable/main/binary-i386/Packages breakfile aptarchive/dists/unstable/main/source/Sources testfailure aptget update - listscheck "$1" + testfileequal "$1" "$(listcurrentlistsdirectory)" restorefile aptarchive/dists/unstable/main/source/Sources } testsetup() { msgmsg 'Test with no initial data over' "$1" rm -rf rootdir/var/lib/apt/lists - mkdir -p rootdir/var/lib/apt/lists/partial - ls rootdir/var/lib/apt/lists > listsdir.lst + mkdir -m 700 -p rootdir/var/lib/apt/lists/partial + if [ "$(id -u)" = '0' ]; then + chown _apt:root rootdir/var/lib/apt/lists/partial + fi + listcurrentlistsdirectory > listsdir.lst testrun 'listsdir.lst' msgmsg 'Test with initial data over' "$1" testsuccess aptget update - ls rootdir/var/lib/apt/lists > listsdir.lst + listcurrentlistsdirectory > listsdir.lst testrun 'listsdir.lst' } diff --git a/test/integration/test-apt-update-unauth b/test/integration/test-apt-update-unauth index b7ccd6cf3..1b5dbc6c4 100755 --- a/test/integration/test-apt-update-unauth +++ b/test/integration/test-apt-update-unauth @@ -16,7 +16,7 @@ configarchitecture "i386" insertpackage 'unstable' 'foo' 'all' '1.0' insertsource 'unstable' 'foo' 'all' '1.0' -setupaptarchive +setupaptarchive --no-update changetowebserver # FIXME: @@ -24,13 +24,10 @@ changetowebserver # reverified runtest() { # start unauthenticated - find rootdir/var/lib/apt/lists/ -type f | xargs rm -f - rm -f aptarchive/dists/unstable/*Release* + rm -rf rootdir/var/lib/apt/lists/ + find aptarchive/ -name '*Release*' -delete - testsuccess aptget update -qq --allow-insecure-repositories - - # FIXME: this really shouldn't be needed - rm -f rootdir/var/lib/apt/lists/partial/* + testsuccess aptget update --allow-insecure-repositories # become authenticated generatereleasefiles @@ -45,14 +42,14 @@ runtest() { # change the local packages file PKGS=$(ls rootdir/var/lib/apt/lists/*Packages*) echo "meep" > $PKGS - ls rootdir/var/lib/apt/lists/ > lists.before + listcurrentlistsdirectory > lists.before # update and ensure all is reverted on the hashsum failure testfailure aptget update -o Debug::Acquire::Transaction=0 -o Debug::pkgAcquire::Auth=1 -o Debug::pkgAcquire::worker=0 -o Debug::acquire::http=0 # ensure we have before what we have after msgtest 'Check rollback on going from' 'unauth -> auth' - ls rootdir/var/lib/apt/lists/ > lists.after + listcurrentlistsdirectory > lists.after if cmp lists.before lists.after; then msgpass else -- cgit v1.2.3