From bca84917c326fa3158e120147c8aecebe0789b47 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Fri, 26 Sep 2014 22:45:18 +0200 Subject: test fixes --- apt-pkg/acquire-item.cc | 41 +++++++++++----------- test/integration/test-apt-get-source-authenticated | 2 +- .../integration/test-apt-get-update-unauth-warning | 14 ++++++-- test/integration/test-apt-update-rollback | 16 ++++----- test/integration/test-apt-update-unauth | 2 +- .../test-bug-717891-abolute-uris-for-proxies | 2 +- test/integration/test-bug-738785-switch-protocol | 2 +- test/integration/test-policy-pinning | 3 +- 8 files changed, 46 insertions(+), 36 deletions(-) diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index 7fad5605d..b8317b13d 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -1316,7 +1316,6 @@ void pkgAcqMetaBase::AbortTransaction() std::clog << "AbortTransaction: " << TransactionManager << std::endl; // ensure the toplevel is in error state too - Status = pkgAcquire::Item::StatError; for (std::vector::iterator I = Transaction.begin(); I != Transaction.end(); ++I) { @@ -1542,6 +1541,7 @@ void pkgAcqMetaSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf)/*{{{*/ _error->Error("The repository '%s' is no longer signed.", URIDesc.c_str()); Rename(MetaIndexFile, MetaIndexFile+".FAILED"); + Status = pkgAcquire::Item::StatError; TransactionManager->AbortTransaction(); return; } @@ -1561,16 +1561,16 @@ void pkgAcqMetaSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf)/*{{{*/ } // only allow going further if the users explicitely wants it - if(_config->FindB("APT::Get::AllowUnauthenticated", false)) - { - _error->Warning("Please use --allow-unauthenticated"); - } - else + if(_config->FindB("APT::Get::AllowUnauthenticated", false) == true) { // we parse the indexes here because at this point the user wanted // a repository that may potentially harm him MetaIndexParser->Load(MetaIndexFile); ((pkgAcqMetaIndex*)TransactionManager)->QueueIndexes(true); + } + else + { + _error->Warning("Use --allow-unauthenticated to force the update"); } // FIXME: this is used often (e.g. in pkgAcqIndexTrans) so refactor @@ -1793,12 +1793,12 @@ void pkgAcqMetaIndex::AuthDone(string Message) /*{{{*/ // Download further indexes with verification // - // we do not need to download indexfiles if the Release file has not - // changed because without a changed release file there are no new hashes - // and we ensure that the repository is always "complete" (i.e. all - // that is in the release file is downloaded) - if(IMSHit == false) - QueueIndexes(true); + // it would be really nice if we could simply do + // if (IMSHit == false) QueueIndexes(true) + // and skip the download if the Release file has not changed + // - but right now the list cleaner will needs to be tricked + // to not delete all our packages/source indexes in this case + QueueIndexes(true); #if 0 // is it a clearsigned MetaIndex file? @@ -2012,19 +2012,20 @@ void pkgAcqMetaIndex::Failed(string Message, DestFile = FinalFile; } + _error->Warning(_("The data from '%s' is not signed. Packages " + "from that repository can not be authenticated."), + URIDesc.c_str()); + // No Release file was present, or verification failed, so fall // back to queueing Packages files without verification // only allow going further if the users explicitely wants it - if(_config->FindB("APT::Get::AllowUnauthenticated", false)) + if(_config->FindB("APT::Get::AllowUnauthenticated", false) == true) { - // warn if the repository is unsinged - _error->Warning(_("The data from '%s' is not signed. Packages " - "from that repository can not be authenticated."), - URIDesc.c_str()); - _error->Warning("Please use --allow-unauthenticated"); - } else { QueueIndexes(false); - } + } else { + // warn if the repository is unsinged + _error->Warning("Use --allow-unauthenticated to force the update"); + } } /*}}}*/ diff --git a/test/integration/test-apt-get-source-authenticated b/test/integration/test-apt-get-source-authenticated index 2cee13923..d73097b54 100755 --- a/test/integration/test-apt-get-source-authenticated +++ b/test/integration/test-apt-get-source-authenticated @@ -21,7 +21,7 @@ APTARCHIVE=$(readlink -f ./aptarchive) rm -f $APTARCHIVE/dists/unstable/*Release* # update without authenticated InRelease file -testsuccess aptget update +testsuccess aptget update --allow-unauthenticated # this all should fail testfailure aptget install -y foo diff --git a/test/integration/test-apt-get-update-unauth-warning b/test/integration/test-apt-get-update-unauth-warning index 4411a7430..b1c676738 100755 --- a/test/integration/test-apt-get-update-unauth-warning +++ b/test/integration/test-apt-get-update-unauth-warning @@ -18,11 +18,21 @@ setupaptarchive --no-update APTARCHIVE=$(readlink -f ./aptarchive) rm -f $APTARCHIVE/dists/unstable/*Release* -# update without authenticated InRelease file +# update without authenticated files leads to warning testequal "Ign file: unstable InRelease Ign file: unstable Release Reading package lists... -W: The data from 'file: unstable Release' is not signed. Packages from that repository can not be authenticated." aptget update +W: The data from 'file: unstable Release' is not signed. Packages from that repository can not be authenticated. +W: Use --allow-unauthenticated to force the update" aptget update + +# no package foo +testequal "Listing..." apt list foo + +# allow override +testequal "Ign file: unstable InRelease +Ign file: unstable Release +Reading package lists... +W: The data from 'file: unstable Release' is not signed. Packages from that repository can not be authenticated." aptget update --allow-unauthenticated # ensure we can not install the package testequal "WARNING: The following packages cannot be authenticated! diff --git a/test/integration/test-apt-update-rollback b/test/integration/test-apt-update-rollback index ccd7f57ff..a88b0042b 100755 --- a/test/integration/test-apt-update-rollback +++ b/test/integration/test-apt-update-rollback @@ -75,15 +75,14 @@ test_inreleae_to_valid_release() { rm $APTARCHIVE/dists/unstable/Release.gpg avoid_ims_hit - # update works - testsuccess aptget update -o Debug::Acquire::Transaction=1 + # update fails + testequal "E: The repository 'file: unstable Release.gpg' is no longer signed." aptget update -qq # test that we can install the new packages but do no longer have a sig testsuccess aptget install old -s - testsuccess aptget install new -s - testfailure ls $ROOTDIR/var/lib/apt/lists/*_InRelease - testfailure ls $ROOTDIR/var/lib/apt/lists/*_Release.gpg - testsuccess ls $ROOTDIR/var/lib/apt/lists/*_Release + testfailure aptget install new -s + testsuccess ls $ROOTDIR/var/lib/apt/lists/*_InRelease + testfailure ls $ROOTDIR/var/lib/apt/lists/*_Release } test_inreleae_to_release_reverts_all() { @@ -98,9 +97,7 @@ test_inreleae_to_release_reverts_all() { break_repository_sources_index # ensure error - testequal "W: Failed to fetch file:$APTARCHIVE/dists/unstable/main/source/Sources Hash Sum mismatch - -E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq # -o Debug::acquire::transaction=1 + testequal "E: The repository 'file: unstable Release.gpg' is no longer signed." aptget update -qq # -o Debug::acquire::transaction=1 # ensure that the Packages file is also rolled back testsuccess aptget install old -s @@ -112,6 +109,7 @@ E: Some index files failed to download. They have been ignored, or old ones used test_unauthenticated_to_invalid_inrelease() { msgmsg "Test UnAuthenticated to invalid InRelease reverts everything" create_fresh_archive + rm -rf rootdir/var/lib/apt/lists/* rm $APTARCHIVE/dists/unstable/InRelease rm $APTARCHIVE/dists/unstable/Release.gpg avoid_ims_hit diff --git a/test/integration/test-apt-update-unauth b/test/integration/test-apt-update-unauth index 4e08b5e35..2e46e3ace 100755 --- a/test/integration/test-apt-update-unauth +++ b/test/integration/test-apt-update-unauth @@ -26,7 +26,7 @@ runtest() { rm -f aptarchive/dists/unstable/*Release* # remove uncompressed version find aptarchive/ -name Packages | xargs rm -f - aptget update -qq + aptget update -qq --allow-unauthenticated # become authenticated generatereleasefiles diff --git a/test/integration/test-bug-717891-abolute-uris-for-proxies b/test/integration/test-bug-717891-abolute-uris-for-proxies index ac1d6ec11..a8947b5e2 100755 --- a/test/integration/test-bug-717891-abolute-uris-for-proxies +++ b/test/integration/test-bug-717891-abolute-uris-for-proxies @@ -12,7 +12,7 @@ setupaptarchive changetowebserver --request-absolute='uri' msgtest 'Check that absolute paths are' 'not accepted' -testfailure --nomsg aptget update +testfailure --nomsg aptget update --allow-unauthenticated echo 'Acquire::http::Proxy "http://localhost:8080";' > rootdir/etc/apt/apt.conf.d/99proxy diff --git a/test/integration/test-bug-738785-switch-protocol b/test/integration/test-bug-738785-switch-protocol index 1e5748eae..4ff044515 100755 --- a/test/integration/test-bug-738785-switch-protocol +++ b/test/integration/test-bug-738785-switch-protocol @@ -60,4 +60,4 @@ mv rootdir/${COPYMETHODS}.bak rootdir/${COPYMETHODS} # check that downgrades from https to http are not allowed webserverconfig 'aptwebserver::support::http' 'true' sed -i -e 's#:8080/redirectme#:4433/downgrademe#' -e 's# http:# https:#' rootdir/etc/apt/sources.list.d/* -testfailure aptget update +testfailure aptget update --allow-unauthenticated diff --git a/test/integration/test-policy-pinning b/test/integration/test-policy-pinning index 8eb4bcbad..2281d7a1d 100755 --- a/test/integration/test-policy-pinning +++ b/test/integration/test-policy-pinning @@ -28,7 +28,7 @@ Pinned packages:" aptcache policy $* aptgetupdate() { # just to be sure that no old files are used rm -rf rootdir/var/lib/apt - if aptget update -qq 2>&1 | grep '^E: '; then + if aptget update --allow-unauthenticated -qq 2>&1 | grep '^E: '; then msgwarn 'apt-get update failed with an error' fi } @@ -36,6 +36,7 @@ aptgetupdate() { ### not signed archive aptgetupdate + testequalpolicy 100 500 testequalpolicy 990 500 -t now -- cgit v1.2.3