From a3f1d60cb75ab83f63a52a43c056a4752c8fdeb2 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Fri, 30 May 2014 14:47:56 +0200 Subject: Show unauthenticated warning for source packages as well This will show the same unauthenticated warning for source packages as for binary packages and will not download a source package if it is unauthenticated. This can be overridden with --allow-unauthenticated Closes: #749795 --- test/integration/test-apt-get-source-authenticated | 31 ++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100755 test/integration/test-apt-get-source-authenticated (limited to 'test/integration/test-apt-get-source-authenticated') diff --git a/test/integration/test-apt-get-source-authenticated b/test/integration/test-apt-get-source-authenticated new file mode 100755 index 000000000..2cee13923 --- /dev/null +++ b/test/integration/test-apt-get-source-authenticated @@ -0,0 +1,31 @@ +#!/bin/sh +# +# Regression test for debian bug #749795. Ensure that we fail with +# a error if apt-get source foo will download a source that comes +# from a unauthenticated repository +# +set -e + +TESTDIR=$(readlink -f $(dirname $0)) +. $TESTDIR/framework + +setupenvironment +configarchitecture "i386" + +# a "normal" package with source and binary +buildsimplenativepackage 'foo' 'all' '2.0' + +setupaptarchive --no-update + +APTARCHIVE=$(readlink -f ./aptarchive) +rm -f $APTARCHIVE/dists/unstable/*Release* + +# update without authenticated InRelease file +testsuccess aptget update + +# this all should fail +testfailure aptget install -y foo +testfailure aptget source foo + +# allow overriding the warning +testsuccess aptget source --allow-unauthenticated foo -- cgit v1.2.3 From bca84917c326fa3158e120147c8aecebe0789b47 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Fri, 26 Sep 2014 22:45:18 +0200 Subject: test fixes --- test/integration/test-apt-get-source-authenticated | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'test/integration/test-apt-get-source-authenticated') diff --git a/test/integration/test-apt-get-source-authenticated b/test/integration/test-apt-get-source-authenticated index 2cee13923..d73097b54 100755 --- a/test/integration/test-apt-get-source-authenticated +++ b/test/integration/test-apt-get-source-authenticated @@ -21,7 +21,7 @@ APTARCHIVE=$(readlink -f ./aptarchive) rm -f $APTARCHIVE/dists/unstable/*Release* # update without authenticated InRelease file -testsuccess aptget update +testsuccess aptget update --allow-unauthenticated # this all should fail testfailure aptget install -y foo -- cgit v1.2.3 From c99fe2e169243fc6e1a3278ce3768f0f521e260b Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 1 Oct 2014 12:21:55 +0200 Subject: Use Acquire::Allow{InsecureRepositories,DowngradeToInsecureRepositories} The configuration key Acquire::AllowInsecureRepositories controls if apt allows loading of unsigned repositories at all. The configuration Acquire::AllowDowngradeToInsecureRepositories controls if a signed repository can ever become unsigned. This should really never be needed but we provide it to avoid having to mess around in /var/lib/apt/lists if there is a use-case for this (which I can't think of right now). --- test/integration/test-apt-get-source-authenticated | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'test/integration/test-apt-get-source-authenticated') diff --git a/test/integration/test-apt-get-source-authenticated b/test/integration/test-apt-get-source-authenticated index d73097b54..d833ddd85 100755 --- a/test/integration/test-apt-get-source-authenticated +++ b/test/integration/test-apt-get-source-authenticated @@ -21,7 +21,7 @@ APTARCHIVE=$(readlink -f ./aptarchive) rm -f $APTARCHIVE/dists/unstable/*Release* # update without authenticated InRelease file -testsuccess aptget update --allow-unauthenticated +testsuccess aptget update --allow-insecure-repositories # this all should fail testfailure aptget install -y foo -- cgit v1.2.3 From 4fa34122cbe347d21b3a162ff2fa75dd2e73c3a8 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 20 Oct 2014 10:23:41 +0200 Subject: testcases: do not allow warnings in testsuccess Adds a new testwarning which tests for zero exit and the presents of a warning in the output, failing if either is not the case or if an error is found, too. This allows us to change testsuccess to accept only totally successful executions (= without warnings) which should help finding regressions. Git-Dch: Ignore --- test/integration/test-apt-get-source-authenticated | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'test/integration/test-apt-get-source-authenticated') diff --git a/test/integration/test-apt-get-source-authenticated b/test/integration/test-apt-get-source-authenticated index d833ddd85..fedfc8308 100755 --- a/test/integration/test-apt-get-source-authenticated +++ b/test/integration/test-apt-get-source-authenticated @@ -21,7 +21,7 @@ APTARCHIVE=$(readlink -f ./aptarchive) rm -f $APTARCHIVE/dists/unstable/*Release* # update without authenticated InRelease file -testsuccess aptget update --allow-insecure-repositories +testwarning aptget update --allow-insecure-repositories # this all should fail testfailure aptget install -y foo -- cgit v1.2.3 From 03aa08472dcd689572a46ce6efdb1dccf6136334 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Thu, 23 Oct 2014 01:28:05 +0200 Subject: chown finished partial files earlier partial files are chowned by the Item baseclass to let the methods work with them. Now, this baseclass is also responsible for chowning the files back to root instead of having various deeper levels do this. The consequence is that all overloaded Failed() methods now call the Item::Failed base as their first step. The same is done for Done(). The effect is that even in partial files usually don't belong to _apt anymore, helping sneakernets and reducing possibilities of a bad method modifying files not belonging to them. The change is supported by the framework not only supporting being run as root, but with proper permission management, too, so that privilege dropping can be tested with them. --- test/integration/test-apt-get-source-authenticated | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'test/integration/test-apt-get-source-authenticated') diff --git a/test/integration/test-apt-get-source-authenticated b/test/integration/test-apt-get-source-authenticated index fedfc8308..f68c32386 100755 --- a/test/integration/test-apt-get-source-authenticated +++ b/test/integration/test-apt-get-source-authenticated @@ -25,7 +25,10 @@ testwarning aptget update --allow-insecure-repositories # this all should fail testfailure aptget install -y foo +cd downloaded testfailure aptget source foo - +testfailure test -e foo_2.0.dsc # allow overriding the warning -testsuccess aptget source --allow-unauthenticated foo +testsuccess aptget source --allow-unauthenticated foo -o Debug::pkgAcquire::Worker=1 +testsuccess test -s foo_2.0.dsc -a -L foo_2.0.dsc +testaccessrights 'foo_2.0.dsc' '777' -- cgit v1.2.3 From 4bb006d1ddcf1807474067dcbef9fb0bb5def0ac Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 17 Nov 2014 22:54:29 +0100 Subject: fix file ownership tests to work on kfreebsd While on linux files are created in /tmp with $USER:$USER, on my kfreebsd testmachine they are created with $USER:root, so we pull some strings here to make it work on both. --- test/integration/test-apt-get-source-authenticated | 1 - 1 file changed, 1 deletion(-) (limited to 'test/integration/test-apt-get-source-authenticated') diff --git a/test/integration/test-apt-get-source-authenticated b/test/integration/test-apt-get-source-authenticated index f68c32386..685bc566b 100755 --- a/test/integration/test-apt-get-source-authenticated +++ b/test/integration/test-apt-get-source-authenticated @@ -31,4 +31,3 @@ testfailure test -e foo_2.0.dsc # allow overriding the warning testsuccess aptget source --allow-unauthenticated foo -o Debug::pkgAcquire::Worker=1 testsuccess test -s foo_2.0.dsc -a -L foo_2.0.dsc -testaccessrights 'foo_2.0.dsc' '777' -- cgit v1.2.3