From e05672e88678f520b2db59599e939345ad0b6e53 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Thu, 31 Jul 2014 09:53:13 +0200 Subject: Rework TransactionID stuff --- test/integration/test-apt-update-rollback | 180 ++++++++++++++++++++++++++++++ 1 file changed, 180 insertions(+) create mode 100755 test/integration/test-apt-update-rollback (limited to 'test/integration/test-apt-update-rollback') diff --git a/test/integration/test-apt-update-rollback b/test/integration/test-apt-update-rollback new file mode 100755 index 000000000..cd28f1f1f --- /dev/null +++ b/test/integration/test-apt-update-rollback @@ -0,0 +1,180 @@ +#!/bin/sh +# +# test that apt-get update is transactional +# +set -e + +avoid_ims_hit() { + touch -d '+1hour' aptarchive/dists/unstable/main/binary-i386/Packages* + touch -d '+1hour' aptarchive/dists/unstable/main/source/Sources* + touch -d '+1hour' aptarchive/dists/unstable/*Release* + + touch -d '-1hour' rootdir/var/lib/apt/lists/* +} + +create_fresh_archive() +{ + rm -rf aptarchive/* + rm -f rootdir/var/lib/apt/lists/_* rootdir/var/lib/apt/lists/partial/* + + insertpackage 'unstable' 'old' 'all' '1.0' + + setupaptarchive +} + +add_new_package() { + insertpackage "unstable" "new" "all" "1.0" + insertsource "unstable" "new" "all" "1.0" + + setupaptarchive --no-update + + avoid_ims_hit +} + +break_repository_sources_index() { + printf "xxx" > $APTARCHIVE/dists/unstable/main/source/Sources + gzip -c $APTARCHIVE/dists/unstable/main/source/Sources > \ + $APTARCHIVE/dists/unstable/main/source/Sources.gz + avoid_ims_hit +} + +test_inrelease_to_new_inrelease() { + msgmsg "Test InRelease to new InRelease works fine" + create_fresh_archive + testequal "old/unstable 1.0 all" apt list -q + + add_new_package + testsuccess aptget update + + testequal "new/unstable 1.0 all +old/unstable 1.0 all" apt list -q +} + +test_inrelease_to_broken_hash_reverts_all() { + msgmsg "Test InRelease to broken InRelease reverts everything" + create_fresh_archive + add_new_package + # break the Sources file + break_repository_sources_index + + # test the error condition + testequal "W: Failed to fetch file:${APTARCHIVE}/dists/unstable/InRelease + +W: Failed to fetch copy:${APTARCHIVE}/dists/unstable/main/source/Sources Hash Sum mismatch + +W: Failed to fetch copy:${APTARCHIVE}/dists/unstable/main/binary-i386/Packages + +E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq + # ensure that the Packages file is also rolled back + testequal "E: Unable to locate package new" aptget install new -s -qq +} + +test_inreleae_to_valid_release() { + msgmsg "Test InRelease to valid Release" + create_fresh_archive + add_new_package + # switch to a unsinged repo now + rm $APTARCHIVE/dists/unstable/InRelease + rm $APTARCHIVE/dists/unstable/Release.gpg + avoid_ims_hit + + # update works + testsuccess aptget update -o Debug::Acquire::Transaction=1 + + # test that we can install the new packages but do no longer have a sig + testsuccess aptget install old -s + testsuccess aptget install new -s + testfailure ls $ROOTDIR/var/lib/apt/lists/*_InRelease + testfailure ls $ROOTDIR/var/lib/apt/lists/*_Release.gpg + testsuccess ls $ROOTDIR/var/lib/apt/lists/*_Release +} + +test_inreleae_to_release_reverts_all() { + msgmsg "Test InRelease to broken Release reverts everything" + create_fresh_archive + + # switch to a unsinged repo now + add_new_package + rm $APTARCHIVE/dists/unstable/InRelease + rm $APTARCHIVE/dists/unstable/Release.gpg + # break it + break_repository_sources_index + + # ensure error + testequal "W: Failed to fetch file:$APTARCHIVE/dists/unstable/InRelease + +W: Failed to fetch file:$APTARCHIVE/dists/unstable/Release + +W: Failed to fetch file:$APTARCHIVE/dists/unstable/Release.gpg + +W: Failed to fetch copy:$APTARCHIVE/dists/unstable/main/source/Sources Hash Sum mismatch + +W: Failed to fetch copy:$APTARCHIVE/dists/unstable/main/binary-i386/Packages + +E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq # -o Debug::acquire::transaction=1 + + # ensure that the Packages file is also rolled back + testsuccess aptget install old -s + testfailure aptget install new -s + testsuccess ls $ROOTDIR/var/lib/apt/lists/*_InRelease + testfailure ls $ROOTDIR/var/lib/apt/lists/*_Release +} + +test_unauthenticated_to_invalid_inrelease() { + msgmsg "Test UnAuthenticated to invalid InRelease reverts everything" + create_fresh_archive + rm $APTARCHIVE/dists/unstable/InRelease + rm $APTARCHIVE/dists/unstable/Release.gpg + avoid_ims_hit + + testsuccess aptget update -qq + testequal "WARNING: The following packages cannot be authenticated! + old +E: There are problems and -y was used without --force-yes" aptget install -qq -y old + + # go to authenticated but not correct + add_new_package + break_repository_sources_index + + testequal "W: Hashsum mismatch $ROOTDIR/var/lib/apt/lists/${APTARCHIVE_LISTS}_dists_unstable_main_source_Sources +W: Failed to fetch file:$APTARCHIVE/dists/unstable/InRelease + +W: Failed to fetch copy:$APTARCHIVE/dists/unstable/main/source/Sources Hash Sum mismatch + +E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq + + testfailure ls rootdir/var/lib/apt/lists/*_InRelease + testequal "WARNING: The following packages cannot be authenticated! + old +E: There are problems and -y was used without --force-yes" aptget install -qq -y old +} + +TESTDIR=$(readlink -f $(dirname $0)) +. $TESTDIR/framework + +setupenvironment +configarchitecture "i386" + +# setup the archive and ensure we have a single package that installs fine +setupaptarchive +APTARCHIVE=$(readlink -f ./aptarchive) +ROOTDIR=${TMPWORKINGDIRECTORY}/rootdir +APTARCHIVE_LISTS="$(echo $APTARCHIVE | tr "/" "_" )" + +# test the following cases: +# - InRelease -> broken InRelease revert to previous state +# - empty lists dir and broken remote leaves nothing on the system +# - InRelease -> hashsum mismatch for one file reverts all files to previous state +# - Release/Release.gpg -> hashsum mismatch +# - InRelease -> Release with hashsum mismatch revert entire state and kills Release +# - Release -> InRelease with broken Sig/Hash removes InRelease +# going from Release/Release.gpg -> InRelease and vice versa +# - unauthenticated -> invalid InRelease + +test_inrelease_to_new_inrelease +test_inrelease_to_broken_hash_reverts_all + +test_inreleae_to_valid_release +test_inreleae_to_release_reverts_all + +#test_unauthenticated_to_invalid_inrelease -- cgit v1.2.3 From 6d979490c13e9d8004942507c99d152c22184a27 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Thu, 31 Jul 2014 10:02:27 +0200 Subject: make test_unauthenticated_to_invalid_inrelease work --- test/integration/test-apt-update-rollback | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'test/integration/test-apt-update-rollback') diff --git a/test/integration/test-apt-update-rollback b/test/integration/test-apt-update-rollback index cd28f1f1f..9771f0edc 100755 --- a/test/integration/test-apt-update-rollback +++ b/test/integration/test-apt-update-rollback @@ -136,11 +136,12 @@ E: There are problems and -y was used without --force-yes" aptget install -qq -y add_new_package break_repository_sources_index - testequal "W: Hashsum mismatch $ROOTDIR/var/lib/apt/lists/${APTARCHIVE_LISTS}_dists_unstable_main_source_Sources -W: Failed to fetch file:$APTARCHIVE/dists/unstable/InRelease - + testequal "W: Failed to fetch file:$APTARCHIVE/dists/unstable/InRelease + W: Failed to fetch copy:$APTARCHIVE/dists/unstable/main/source/Sources Hash Sum mismatch +W: Failed to fetch copy:$APTARCHIVE/dists/unstable/main/binary-i386/Packages + E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq testfailure ls rootdir/var/lib/apt/lists/*_InRelease @@ -177,4 +178,4 @@ test_inrelease_to_broken_hash_reverts_all test_inreleae_to_valid_release test_inreleae_to_release_reverts_all -#test_unauthenticated_to_invalid_inrelease +test_unauthenticated_to_invalid_inrelease -- cgit v1.2.3 From c5fced388848b967f0ce076656cad5366517f981 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Thu, 31 Jul 2014 18:40:05 +0200 Subject: ensure InRelease->Release is transactional as well --- test/integration/test-apt-update-rollback | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'test/integration/test-apt-update-rollback') diff --git a/test/integration/test-apt-update-rollback b/test/integration/test-apt-update-rollback index 9771f0edc..c16e4f480 100755 --- a/test/integration/test-apt-update-rollback +++ b/test/integration/test-apt-update-rollback @@ -150,6 +150,22 @@ E: Some index files failed to download. They have been ignored, or old ones used E: There are problems and -y was used without --force-yes" aptget install -qq -y old } +test_inrelease_to_unauth_inrelease() { + msgmsg "Test InRelease to InRelease without sig" + create_fresh_archive + signreleasefiles 'Marvin Paranoid' + avoid_ims_hit + + testsuccess aptget update -qq + + testequal "WARNING: The following packages cannot be authenticated! + old +E: There are problems and -y was used without --force-yes" aptget install -qq -y old + + testfailure ls rootdir/var/lib/apt/lists/*_InRelease + testsuccess ls rootdir/var/lib/apt/lists/*_Release +} + TESTDIR=$(readlink -f $(dirname $0)) . $TESTDIR/framework @@ -179,3 +195,5 @@ test_inreleae_to_valid_release test_inreleae_to_release_reverts_all test_unauthenticated_to_invalid_inrelease + +test_inrelease_to_unauth_inrelease -- cgit v1.2.3 From 21638c3af355b3997fadd169495551568af6acfe Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Thu, 31 Jul 2014 19:24:36 +0200 Subject: fail early (again) on gpg sig failures --- test/integration/test-apt-update-rollback | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) (limited to 'test/integration/test-apt-update-rollback') diff --git a/test/integration/test-apt-update-rollback b/test/integration/test-apt-update-rollback index c16e4f480..a6297792e 100755 --- a/test/integration/test-apt-update-rollback +++ b/test/integration/test-apt-update-rollback @@ -156,14 +156,13 @@ test_inrelease_to_unauth_inrelease() { signreleasefiles 'Marvin Paranoid' avoid_ims_hit - testsuccess aptget update -qq + testequal "W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: file: unstable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E8525D47528144E2 - testequal "WARNING: The following packages cannot be authenticated! - old -E: There are problems and -y was used without --force-yes" aptget install -qq -y old +W: Failed to fetch file:$APTARCHIVE/dists/unstable/InRelease - testfailure ls rootdir/var/lib/apt/lists/*_InRelease - testsuccess ls rootdir/var/lib/apt/lists/*_Release +W: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq + + testsuccess ls rootdir/var/lib/apt/lists/*_InRelease } TESTDIR=$(readlink -f $(dirname $0)) -- cgit v1.2.3 From 80976dd5452a9cfbe0c4f6229c729711ba685a5f Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Fri, 1 Aug 2014 11:06:47 +0200 Subject: mve MetaKey into pkgAcqBaseIndex --- test/integration/test-apt-update-rollback | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'test/integration/test-apt-update-rollback') diff --git a/test/integration/test-apt-update-rollback b/test/integration/test-apt-update-rollback index a6297792e..d7078d217 100755 --- a/test/integration/test-apt-update-rollback +++ b/test/integration/test-apt-update-rollback @@ -44,7 +44,9 @@ test_inrelease_to_new_inrelease() { testequal "old/unstable 1.0 all" apt list -q add_new_package - testsuccess aptget update + aptget update -o Debug::Acquire::Transaction=1 + + testsuccess aptget update -o Debug::Acquire::Transaction=1 testequal "new/unstable 1.0 all old/unstable 1.0 all" apt list -q -- cgit v1.2.3 From 81273628cc3022641756b05e78256d59b7bd7c51 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Fri, 1 Aug 2014 11:46:16 +0200 Subject: fix transactionid passing --- test/integration/test-apt-update-rollback | 1 - 1 file changed, 1 deletion(-) (limited to 'test/integration/test-apt-update-rollback') diff --git a/test/integration/test-apt-update-rollback b/test/integration/test-apt-update-rollback index d7078d217..4eef2aecf 100755 --- a/test/integration/test-apt-update-rollback +++ b/test/integration/test-apt-update-rollback @@ -44,7 +44,6 @@ test_inrelease_to_new_inrelease() { testequal "old/unstable 1.0 all" apt list -q add_new_package - aptget update -o Debug::Acquire::Transaction=1 testsuccess aptget update -o Debug::Acquire::Transaction=1 -- cgit v1.2.3 From 7abcfdde365d2f1110b1f1189e3fce04abdac98c Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Fri, 1 Aug 2014 17:13:15 +0200 Subject: check hashes of compressed files as well --- test/integration/test-apt-update-rollback | 29 +++++++++++++++++------------ 1 file changed, 17 insertions(+), 12 deletions(-) (limited to 'test/integration/test-apt-update-rollback') diff --git a/test/integration/test-apt-update-rollback b/test/integration/test-apt-update-rollback index 4eef2aecf..b8a2b0791 100755 --- a/test/integration/test-apt-update-rollback +++ b/test/integration/test-apt-update-rollback @@ -61,9 +61,7 @@ test_inrelease_to_broken_hash_reverts_all() { # test the error condition testequal "W: Failed to fetch file:${APTARCHIVE}/dists/unstable/InRelease -W: Failed to fetch copy:${APTARCHIVE}/dists/unstable/main/source/Sources Hash Sum mismatch - -W: Failed to fetch copy:${APTARCHIVE}/dists/unstable/main/binary-i386/Packages +W: Failed to fetch file:${APTARCHIVE}/dists/unstable/main/source/Sources Hash Sum mismatch E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq # ensure that the Packages file is also rolled back @@ -108,9 +106,7 @@ W: Failed to fetch file:$APTARCHIVE/dists/unstable/Release W: Failed to fetch file:$APTARCHIVE/dists/unstable/Release.gpg -W: Failed to fetch copy:$APTARCHIVE/dists/unstable/main/source/Sources Hash Sum mismatch - -W: Failed to fetch copy:$APTARCHIVE/dists/unstable/main/binary-i386/Packages +W: Failed to fetch file:$APTARCHIVE/dists/unstable/main/source/Sources Hash Sum mismatch E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq # -o Debug::acquire::transaction=1 @@ -139,9 +135,7 @@ E: There are problems and -y was used without --force-yes" aptget install -qq -y testequal "W: Failed to fetch file:$APTARCHIVE/dists/unstable/InRelease -W: Failed to fetch copy:$APTARCHIVE/dists/unstable/main/source/Sources Hash Sum mismatch - -W: Failed to fetch copy:$APTARCHIVE/dists/unstable/main/binary-i386/Packages +W: Failed to fetch file:$APTARCHIVE/dists/unstable/main/source/Sources Hash Sum mismatch E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq @@ -166,6 +160,19 @@ W: Some index files failed to download. They have been ignored, or old ones used testsuccess ls rootdir/var/lib/apt/lists/*_InRelease } +test_inrelease_to_broken_gzip() { + msgmsg "Test InRelease to broken gzip" + create_fresh_archive + # append junk at the end of the gzip, this + echo "lala" >> $APTARCHIVE/dists/unstable/main/source/Sources.gz + # remove uncompressed file, otherwise apt will just fallback fetching + # that + rm $APTARCHIVE/dists/unstable/main/source/Sources + avoid_ims_hit + + testfailure aptget update +} + TESTDIR=$(readlink -f $(dirname $0)) . $TESTDIR/framework @@ -190,10 +197,8 @@ APTARCHIVE_LISTS="$(echo $APTARCHIVE | tr "/" "_" )" test_inrelease_to_new_inrelease test_inrelease_to_broken_hash_reverts_all - test_inreleae_to_valid_release test_inreleae_to_release_reverts_all - test_unauthenticated_to_invalid_inrelease - test_inrelease_to_unauth_inrelease +test_inrelease_to_broken_gzip -- cgit v1.2.3 From 183160cb20cd4aa86e78657bf060bf688edce703 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Fri, 1 Aug 2014 17:15:53 +0200 Subject: make errors more consistent --- test/integration/test-apt-update-rollback | 16 +++------------- 1 file changed, 3 insertions(+), 13 deletions(-) (limited to 'test/integration/test-apt-update-rollback') diff --git a/test/integration/test-apt-update-rollback b/test/integration/test-apt-update-rollback index b8a2b0791..24027787e 100755 --- a/test/integration/test-apt-update-rollback +++ b/test/integration/test-apt-update-rollback @@ -59,9 +59,7 @@ test_inrelease_to_broken_hash_reverts_all() { break_repository_sources_index # test the error condition - testequal "W: Failed to fetch file:${APTARCHIVE}/dists/unstable/InRelease - -W: Failed to fetch file:${APTARCHIVE}/dists/unstable/main/source/Sources Hash Sum mismatch + testequal "W: Failed to fetch file:${APTARCHIVE}/dists/unstable/main/source/Sources Hash Sum mismatch E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq # ensure that the Packages file is also rolled back @@ -100,13 +98,7 @@ test_inreleae_to_release_reverts_all() { break_repository_sources_index # ensure error - testequal "W: Failed to fetch file:$APTARCHIVE/dists/unstable/InRelease - -W: Failed to fetch file:$APTARCHIVE/dists/unstable/Release - -W: Failed to fetch file:$APTARCHIVE/dists/unstable/Release.gpg - -W: Failed to fetch file:$APTARCHIVE/dists/unstable/main/source/Sources Hash Sum mismatch + testequal "W: Failed to fetch file:$APTARCHIVE/dists/unstable/main/source/Sources Hash Sum mismatch E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq # -o Debug::acquire::transaction=1 @@ -133,9 +125,7 @@ E: There are problems and -y was used without --force-yes" aptget install -qq -y add_new_package break_repository_sources_index - testequal "W: Failed to fetch file:$APTARCHIVE/dists/unstable/InRelease - -W: Failed to fetch file:$APTARCHIVE/dists/unstable/main/source/Sources Hash Sum mismatch + testequal "W: Failed to fetch file:$APTARCHIVE/dists/unstable/main/source/Sources Hash Sum mismatch E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq -- cgit v1.2.3 From 67f2f9e2ed2f48833926abb7c31cca4a57ebfec1 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Fri, 1 Aug 2014 17:20:19 +0200 Subject: add gzip test and todo --- test/integration/test-apt-update-rollback | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'test/integration/test-apt-update-rollback') diff --git a/test/integration/test-apt-update-rollback b/test/integration/test-apt-update-rollback index 24027787e..ccd7f57ff 100755 --- a/test/integration/test-apt-update-rollback +++ b/test/integration/test-apt-update-rollback @@ -185,6 +185,10 @@ APTARCHIVE_LISTS="$(echo $APTARCHIVE | tr "/" "_" )" # going from Release/Release.gpg -> InRelease and vice versa # - unauthenticated -> invalid InRelease +# stuff to do: +# - ims-hit +# - gzip-index tests + test_inrelease_to_new_inrelease test_inrelease_to_broken_hash_reverts_all test_inreleae_to_valid_release -- cgit v1.2.3 From bca84917c326fa3158e120147c8aecebe0789b47 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Fri, 26 Sep 2014 22:45:18 +0200 Subject: test fixes --- test/integration/test-apt-update-rollback | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) (limited to 'test/integration/test-apt-update-rollback') diff --git a/test/integration/test-apt-update-rollback b/test/integration/test-apt-update-rollback index ccd7f57ff..a88b0042b 100755 --- a/test/integration/test-apt-update-rollback +++ b/test/integration/test-apt-update-rollback @@ -75,15 +75,14 @@ test_inreleae_to_valid_release() { rm $APTARCHIVE/dists/unstable/Release.gpg avoid_ims_hit - # update works - testsuccess aptget update -o Debug::Acquire::Transaction=1 + # update fails + testequal "E: The repository 'file: unstable Release.gpg' is no longer signed." aptget update -qq # test that we can install the new packages but do no longer have a sig testsuccess aptget install old -s - testsuccess aptget install new -s - testfailure ls $ROOTDIR/var/lib/apt/lists/*_InRelease - testfailure ls $ROOTDIR/var/lib/apt/lists/*_Release.gpg - testsuccess ls $ROOTDIR/var/lib/apt/lists/*_Release + testfailure aptget install new -s + testsuccess ls $ROOTDIR/var/lib/apt/lists/*_InRelease + testfailure ls $ROOTDIR/var/lib/apt/lists/*_Release } test_inreleae_to_release_reverts_all() { @@ -98,9 +97,7 @@ test_inreleae_to_release_reverts_all() { break_repository_sources_index # ensure error - testequal "W: Failed to fetch file:$APTARCHIVE/dists/unstable/main/source/Sources Hash Sum mismatch - -E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq # -o Debug::acquire::transaction=1 + testequal "E: The repository 'file: unstable Release.gpg' is no longer signed." aptget update -qq # -o Debug::acquire::transaction=1 # ensure that the Packages file is also rolled back testsuccess aptget install old -s @@ -112,6 +109,7 @@ E: Some index files failed to download. They have been ignored, or old ones used test_unauthenticated_to_invalid_inrelease() { msgmsg "Test UnAuthenticated to invalid InRelease reverts everything" create_fresh_archive + rm -rf rootdir/var/lib/apt/lists/* rm $APTARCHIVE/dists/unstable/InRelease rm $APTARCHIVE/dists/unstable/Release.gpg avoid_ims_hit -- cgit v1.2.3 From e1bd768b762bd74221f9089133883723a7307f9b Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Mon, 29 Sep 2014 11:03:02 +0200 Subject: test fixes --- test/integration/test-apt-update-rollback | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'test/integration/test-apt-update-rollback') diff --git a/test/integration/test-apt-update-rollback b/test/integration/test-apt-update-rollback index a88b0042b..e37be9554 100755 --- a/test/integration/test-apt-update-rollback +++ b/test/integration/test-apt-update-rollback @@ -114,7 +114,7 @@ test_unauthenticated_to_invalid_inrelease() { rm $APTARCHIVE/dists/unstable/Release.gpg avoid_ims_hit - testsuccess aptget update -qq + testsuccess aptget update -qq --allow-unauthenticated testequal "WARNING: The following packages cannot be authenticated! old E: There are problems and -y was used without --force-yes" aptget install -qq -y old -- cgit v1.2.3 From c99fe2e169243fc6e1a3278ce3768f0f521e260b Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 1 Oct 2014 12:21:55 +0200 Subject: Use Acquire::Allow{InsecureRepositories,DowngradeToInsecureRepositories} The configuration key Acquire::AllowInsecureRepositories controls if apt allows loading of unsigned repositories at all. The configuration Acquire::AllowDowngradeToInsecureRepositories controls if a signed repository can ever become unsigned. This should really never be needed but we provide it to avoid having to mess around in /var/lib/apt/lists if there is a use-case for this (which I can't think of right now). --- test/integration/test-apt-update-rollback | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'test/integration/test-apt-update-rollback') diff --git a/test/integration/test-apt-update-rollback b/test/integration/test-apt-update-rollback index e37be9554..ee8bc6926 100755 --- a/test/integration/test-apt-update-rollback +++ b/test/integration/test-apt-update-rollback @@ -114,7 +114,7 @@ test_unauthenticated_to_invalid_inrelease() { rm $APTARCHIVE/dists/unstable/Release.gpg avoid_ims_hit - testsuccess aptget update -qq --allow-unauthenticated + testsuccess aptget update -qq --allow-insecure-repositories testequal "WARNING: The following packages cannot be authenticated! old E: There are problems and -y was used without --force-yes" aptget install -qq -y old -- cgit v1.2.3 From 4dbfe436c60880f2625e4d3a9d0127a83dd6276e Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Tue, 7 Oct 2014 01:46:30 +0200 Subject: display errortext for all Err as well as Ign logs consistently using Item::Failed in all specializec classes helps setting up some information bits otherwise unset, so some errors had an empty reason as an error. Ign is upgraded to display the error message we ignored to further help in understanding what happens. --- test/integration/test-apt-update-rollback | 101 +++++++++++++++--------------- 1 file changed, 50 insertions(+), 51 deletions(-) (limited to 'test/integration/test-apt-update-rollback') diff --git a/test/integration/test-apt-update-rollback b/test/integration/test-apt-update-rollback index ee8bc6926..5b9c200fe 100755 --- a/test/integration/test-apt-update-rollback +++ b/test/integration/test-apt-update-rollback @@ -19,44 +19,44 @@ create_fresh_archive() insertpackage 'unstable' 'old' 'all' '1.0' - setupaptarchive + setupaptarchive --no-update } add_new_package() { insertpackage "unstable" "new" "all" "1.0" insertsource "unstable" "new" "all" "1.0" - setupaptarchive --no-update - - avoid_ims_hit + setupaptarchive --no-update "$@" } break_repository_sources_index() { - printf "xxx" > $APTARCHIVE/dists/unstable/main/source/Sources - gzip -c $APTARCHIVE/dists/unstable/main/source/Sources > \ - $APTARCHIVE/dists/unstable/main/source/Sources.gz - avoid_ims_hit + printf 'xxx' > $APTARCHIVE/dists/unstable/main/source/Sources + compressfile "$APTARCHIVE/dists/unstable/main/source/Sources" "$@" } -test_inrelease_to_new_inrelease() { - msgmsg "Test InRelease to new InRelease works fine" +start_with_good_inrelease() { create_fresh_archive + testsuccess aptget update testequal "old/unstable 1.0 all" apt list -q +} - add_new_package +test_inrelease_to_new_inrelease() { + msgmsg 'Test InRelease to new InRelease works fine' + start_with_good_inrelease + add_new_package '+1hour' testsuccess aptget update -o Debug::Acquire::Transaction=1 - testequal "new/unstable 1.0 all old/unstable 1.0 all" apt list -q } test_inrelease_to_broken_hash_reverts_all() { - msgmsg "Test InRelease to broken InRelease reverts everything" - create_fresh_archive - add_new_package + msgmsg 'Test InRelease to broken InRelease reverts everything' + start_with_good_inrelease + + add_new_package '+1hour' # break the Sources file - break_repository_sources_index + break_repository_sources_index '+1hour' # test the error condition testequal "W: Failed to fetch file:${APTARCHIVE}/dists/unstable/main/source/Sources Hash Sum mismatch @@ -66,14 +66,14 @@ E: Some index files failed to download. They have been ignored, or old ones used testequal "E: Unable to locate package new" aptget install new -s -qq } -test_inreleae_to_valid_release() { - msgmsg "Test InRelease to valid Release" - create_fresh_archive - add_new_package - # switch to a unsinged repo now +test_inrelease_to_valid_release() { + msgmsg 'Test InRelease to valid Release' + start_with_good_inrelease + + add_new_package '+1hour' + # switch to a unsigned repo now rm $APTARCHIVE/dists/unstable/InRelease rm $APTARCHIVE/dists/unstable/Release.gpg - avoid_ims_hit # update fails testequal "E: The repository 'file: unstable Release.gpg' is no longer signed." aptget update -qq @@ -85,16 +85,17 @@ test_inreleae_to_valid_release() { testfailure ls $ROOTDIR/var/lib/apt/lists/*_Release } -test_inreleae_to_release_reverts_all() { - msgmsg "Test InRelease to broken Release reverts everything" - create_fresh_archive +test_inrelease_to_release_reverts_all() { + msgmsg 'Test InRelease to broken Release reverts everything' + start_with_good_inrelease - # switch to a unsinged repo now - add_new_package + # switch to a unsigned repo now + add_new_package '+1hour' rm $APTARCHIVE/dists/unstable/InRelease rm $APTARCHIVE/dists/unstable/Release.gpg + # break it - break_repository_sources_index + break_repository_sources_index '+1hour' # ensure error testequal "E: The repository 'file: unstable Release.gpg' is no longer signed." aptget update -qq # -o Debug::acquire::transaction=1 @@ -107,21 +108,19 @@ test_inreleae_to_release_reverts_all() { } test_unauthenticated_to_invalid_inrelease() { - msgmsg "Test UnAuthenticated to invalid InRelease reverts everything" + msgmsg 'Test UnAuthenticated to invalid InRelease reverts everything' create_fresh_archive - rm -rf rootdir/var/lib/apt/lists/* rm $APTARCHIVE/dists/unstable/InRelease rm $APTARCHIVE/dists/unstable/Release.gpg - avoid_ims_hit - - testsuccess aptget update -qq --allow-insecure-repositories + + testsuccess aptget update --allow-insecure-repositories testequal "WARNING: The following packages cannot be authenticated! old E: There are problems and -y was used without --force-yes" aptget install -qq -y old - + # go to authenticated but not correct - add_new_package - break_repository_sources_index + add_new_package '+1hour' + break_repository_sources_index '+1hour' testequal "W: Failed to fetch file:$APTARCHIVE/dists/unstable/main/source/Sources Hash Sum mismatch @@ -134,14 +133,14 @@ E: There are problems and -y was used without --force-yes" aptget install -qq -y } test_inrelease_to_unauth_inrelease() { - msgmsg "Test InRelease to InRelease without sig" - create_fresh_archive - signreleasefiles 'Marvin Paranoid' - avoid_ims_hit - + msgmsg 'Test InRelease to InRelease without good sig' + start_with_good_inrelease + + signreleasefiles 'Marvin Paranoid' '+1hour' + testequal "W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: file: unstable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E8525D47528144E2 -W: Failed to fetch file:$APTARCHIVE/dists/unstable/InRelease +W: Failed to fetch file:$APTARCHIVE/dists/unstable/InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E8525D47528144E2 W: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq @@ -150,13 +149,13 @@ W: Some index files failed to download. They have been ignored, or old ones used test_inrelease_to_broken_gzip() { msgmsg "Test InRelease to broken gzip" - create_fresh_archive - # append junk at the end of the gzip, this + start_with_good_inrelease + + # append junk at the end of the compressed file echo "lala" >> $APTARCHIVE/dists/unstable/main/source/Sources.gz - # remove uncompressed file, otherwise apt will just fallback fetching - # that + touch -d '+2min' $APTARCHIVE/dists/unstable/main/source/Sources.gz + # remove uncompressed file to avoid fallback rm $APTARCHIVE/dists/unstable/main/source/Sources - avoid_ims_hit testfailure aptget update } @@ -174,7 +173,7 @@ ROOTDIR=${TMPWORKINGDIRECTORY}/rootdir APTARCHIVE_LISTS="$(echo $APTARCHIVE | tr "/" "_" )" # test the following cases: -# - InRelease -> broken InRelease revert to previous state +# - InRelease -> broken InRelease revert to previous state # - empty lists dir and broken remote leaves nothing on the system # - InRelease -> hashsum mismatch for one file reverts all files to previous state # - Release/Release.gpg -> hashsum mismatch @@ -184,13 +183,13 @@ APTARCHIVE_LISTS="$(echo $APTARCHIVE | tr "/" "_" )" # - unauthenticated -> invalid InRelease # stuff to do: -# - ims-hit +# - ims-hit # - gzip-index tests test_inrelease_to_new_inrelease test_inrelease_to_broken_hash_reverts_all -test_inreleae_to_valid_release -test_inreleae_to_release_reverts_all +test_inrelease_to_valid_release +test_inrelease_to_release_reverts_all test_unauthenticated_to_invalid_inrelease test_inrelease_to_unauth_inrelease test_inrelease_to_broken_gzip -- cgit v1.2.3 From 9d653a6de2ca952247cc4e628256259d225570a6 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 13 Oct 2014 09:54:21 +0200 Subject: fix compile and tests error MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit I am pretty sure I did that before committing broken stuff… Git-Dch: Ignore --- test/integration/test-apt-update-rollback | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'test/integration/test-apt-update-rollback') diff --git a/test/integration/test-apt-update-rollback b/test/integration/test-apt-update-rollback index 5b9c200fe..220c3052b 100755 --- a/test/integration/test-apt-update-rollback +++ b/test/integration/test-apt-update-rollback @@ -136,7 +136,7 @@ test_inrelease_to_unauth_inrelease() { msgmsg 'Test InRelease to InRelease without good sig' start_with_good_inrelease - signreleasefiles 'Marvin Paranoid' '+1hour' + signreleasefiles 'Marvin Paranoid' testequal "W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: file: unstable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E8525D47528144E2 -- cgit v1.2.3 From 846bc058cb0c1bf7ce7c2fb30b9c277e96e9eaf7 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Sat, 18 Oct 2014 22:46:48 +0200 Subject: check lists/ content in tests doing rollback Git-Dch: Ignore --- test/integration/test-apt-update-rollback | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'test/integration/test-apt-update-rollback') diff --git a/test/integration/test-apt-update-rollback b/test/integration/test-apt-update-rollback index 220c3052b..d33411da4 100755 --- a/test/integration/test-apt-update-rollback +++ b/test/integration/test-apt-update-rollback @@ -37,6 +37,7 @@ break_repository_sources_index() { start_with_good_inrelease() { create_fresh_archive testsuccess aptget update + listcurrentlistsdirectory > lists.before testequal "old/unstable 1.0 all" apt list -q } @@ -63,6 +64,7 @@ test_inrelease_to_broken_hash_reverts_all() { E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq # ensure that the Packages file is also rolled back + testfileequal lists.before "$(listcurrentlistsdirectory)" testequal "E: Unable to locate package new" aptget install new -s -qq } @@ -78,7 +80,8 @@ test_inrelease_to_valid_release() { # update fails testequal "E: The repository 'file: unstable Release.gpg' is no longer signed." aptget update -qq - # test that we can install the new packages but do no longer have a sig + # test that security downgrade was not successful + testfileequal lists.before "$(listcurrentlistsdirectory)" testsuccess aptget install old -s testfailure aptget install new -s testsuccess ls $ROOTDIR/var/lib/apt/lists/*_InRelease @@ -101,6 +104,7 @@ test_inrelease_to_release_reverts_all() { testequal "E: The repository 'file: unstable Release.gpg' is no longer signed." aptget update -qq # -o Debug::acquire::transaction=1 # ensure that the Packages file is also rolled back + testfileequal lists.before "$(listcurrentlistsdirectory)" testsuccess aptget install old -s testfailure aptget install new -s testsuccess ls $ROOTDIR/var/lib/apt/lists/*_InRelease @@ -114,6 +118,7 @@ test_unauthenticated_to_invalid_inrelease() { rm $APTARCHIVE/dists/unstable/Release.gpg testsuccess aptget update --allow-insecure-repositories + listcurrentlistsdirectory > lists.before testequal "WARNING: The following packages cannot be authenticated! old E: There are problems and -y was used without --force-yes" aptget install -qq -y old @@ -126,6 +131,7 @@ E: There are problems and -y was used without --force-yes" aptget install -qq -y E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq + testfileequal lists.before "$(listcurrentlistsdirectory)" testfailure ls rootdir/var/lib/apt/lists/*_InRelease testequal "WARNING: The following packages cannot be authenticated! old @@ -144,6 +150,7 @@ W: Failed to fetch file:$APTARCHIVE/dists/unstable/InRelease The following sign W: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq + testfileequal lists.before "$(listcurrentlistsdirectory)" testsuccess ls rootdir/var/lib/apt/lists/*_InRelease } @@ -158,6 +165,7 @@ test_inrelease_to_broken_gzip() { rm $APTARCHIVE/dists/unstable/main/source/Sources testfailure aptget update + testfileequal lists.before "$(listcurrentlistsdirectory)" } TESTDIR=$(readlink -f $(dirname $0)) -- cgit v1.2.3 From 4fa34122cbe347d21b3a162ff2fa75dd2e73c3a8 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 20 Oct 2014 10:23:41 +0200 Subject: testcases: do not allow warnings in testsuccess Adds a new testwarning which tests for zero exit and the presents of a warning in the output, failing if either is not the case or if an error is found, too. This allows us to change testsuccess to accept only totally successful executions (= without warnings) which should help finding regressions. Git-Dch: Ignore --- test/integration/test-apt-update-rollback | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'test/integration/test-apt-update-rollback') diff --git a/test/integration/test-apt-update-rollback b/test/integration/test-apt-update-rollback index d33411da4..9efc194a0 100755 --- a/test/integration/test-apt-update-rollback +++ b/test/integration/test-apt-update-rollback @@ -117,7 +117,7 @@ test_unauthenticated_to_invalid_inrelease() { rm $APTARCHIVE/dists/unstable/InRelease rm $APTARCHIVE/dists/unstable/Release.gpg - testsuccess aptget update --allow-insecure-repositories + testwarning aptget update --allow-insecure-repositories listcurrentlistsdirectory > lists.before testequal "WARNING: The following packages cannot be authenticated! old -- cgit v1.2.3 From 25b86db159fbc3c043628e285c0c1ef24dec2c6e Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Tue, 10 Mar 2015 00:59:44 +0100 Subject: test exitcode as well as string equality We use test{success,failure} now all over the place in the framework, so its only consequencial to do this in the situations in which we test for a specific output as well. Git-Dch: Ignore --- test/integration/test-apt-update-rollback | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) (limited to 'test/integration/test-apt-update-rollback') diff --git a/test/integration/test-apt-update-rollback b/test/integration/test-apt-update-rollback index 9efc194a0..f4500b69d 100755 --- a/test/integration/test-apt-update-rollback +++ b/test/integration/test-apt-update-rollback @@ -38,7 +38,7 @@ start_with_good_inrelease() { create_fresh_archive testsuccess aptget update listcurrentlistsdirectory > lists.before - testequal "old/unstable 1.0 all" apt list -q + testsuccessequal "old/unstable 1.0 all" apt list -q } test_inrelease_to_new_inrelease() { @@ -47,7 +47,7 @@ test_inrelease_to_new_inrelease() { add_new_package '+1hour' testsuccess aptget update -o Debug::Acquire::Transaction=1 - testequal "new/unstable 1.0 all + testsuccessequal "new/unstable 1.0 all old/unstable 1.0 all" apt list -q } @@ -60,12 +60,12 @@ test_inrelease_to_broken_hash_reverts_all() { break_repository_sources_index '+1hour' # test the error condition - testequal "W: Failed to fetch file:${APTARCHIVE}/dists/unstable/main/source/Sources Hash Sum mismatch + testfailureequal "W: Failed to fetch file:${APTARCHIVE}/dists/unstable/main/source/Sources Hash Sum mismatch E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq # ensure that the Packages file is also rolled back testfileequal lists.before "$(listcurrentlistsdirectory)" - testequal "E: Unable to locate package new" aptget install new -s -qq + testfailureequal "E: Unable to locate package new" aptget install new -s -qq } test_inrelease_to_valid_release() { @@ -78,7 +78,7 @@ test_inrelease_to_valid_release() { rm $APTARCHIVE/dists/unstable/Release.gpg # update fails - testequal "E: The repository 'file: unstable Release.gpg' is no longer signed." aptget update -qq + testfailureequal "E: The repository 'file: unstable Release.gpg' is no longer signed." aptget update -qq # test that security downgrade was not successful testfileequal lists.before "$(listcurrentlistsdirectory)" @@ -101,7 +101,7 @@ test_inrelease_to_release_reverts_all() { break_repository_sources_index '+1hour' # ensure error - testequal "E: The repository 'file: unstable Release.gpg' is no longer signed." aptget update -qq # -o Debug::acquire::transaction=1 + testfailureequal "E: The repository 'file: unstable Release.gpg' is no longer signed." aptget update -qq # -o Debug::acquire::transaction=1 # ensure that the Packages file is also rolled back testfileequal lists.before "$(listcurrentlistsdirectory)" @@ -119,7 +119,7 @@ test_unauthenticated_to_invalid_inrelease() { testwarning aptget update --allow-insecure-repositories listcurrentlistsdirectory > lists.before - testequal "WARNING: The following packages cannot be authenticated! + testfailureequal "WARNING: The following packages cannot be authenticated! old E: There are problems and -y was used without --force-yes" aptget install -qq -y old @@ -127,13 +127,13 @@ E: There are problems and -y was used without --force-yes" aptget install -qq -y add_new_package '+1hour' break_repository_sources_index '+1hour' - testequal "W: Failed to fetch file:$APTARCHIVE/dists/unstable/main/source/Sources Hash Sum mismatch + testfailureequal "W: Failed to fetch file:$APTARCHIVE/dists/unstable/main/source/Sources Hash Sum mismatch E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq testfileequal lists.before "$(listcurrentlistsdirectory)" testfailure ls rootdir/var/lib/apt/lists/*_InRelease - testequal "WARNING: The following packages cannot be authenticated! + testfailureequal "WARNING: The following packages cannot be authenticated! old E: There are problems and -y was used without --force-yes" aptget install -qq -y old } @@ -144,7 +144,7 @@ test_inrelease_to_unauth_inrelease() { signreleasefiles 'Marvin Paranoid' - testequal "W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: file: unstable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E8525D47528144E2 + testwarningequal "W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: file: unstable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E8525D47528144E2 W: Failed to fetch file:$APTARCHIVE/dists/unstable/InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E8525D47528144E2 -- cgit v1.2.3 From 8eafc759544298211cd0bfaa3919afc0fadd47d1 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Wed, 13 May 2015 16:09:12 +0200 Subject: detect Releasefile IMS hits even if the server doesn't Not all servers we are talking to support If-Modified-Since and some are not even sending Last-Modified for us, so in an effort to detect such hits we run a hashsum check on the 'old' compared to the 'new' file, we got the hashes for the 'new' already for "free" from the methods anyway and hence just need to calculated the old ones. This allows us to detect hits even with unsupported servers, which in turn means we benefit from all the new hit behavior also here. --- test/integration/test-apt-update-rollback | 1 + 1 file changed, 1 insertion(+) (limited to 'test/integration/test-apt-update-rollback') diff --git a/test/integration/test-apt-update-rollback b/test/integration/test-apt-update-rollback index f4500b69d..29fe1ab56 100755 --- a/test/integration/test-apt-update-rollback +++ b/test/integration/test-apt-update-rollback @@ -158,6 +158,7 @@ test_inrelease_to_broken_gzip() { msgmsg "Test InRelease to broken gzip" start_with_good_inrelease + redatereleasefiles '+2hours' # append junk at the end of the compressed file echo "lala" >> $APTARCHIVE/dists/unstable/main/source/Sources.gz touch -d '+2min' $APTARCHIVE/dists/unstable/main/source/Sources.gz -- cgit v1.2.3 From 6bf93605fdb8e858d3f0a79a124c1d39f760094d Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 18 May 2015 22:15:06 +0200 Subject: treat older Release files than we already have as an IMSHit Valid-Until protects us from long-living downgrade attacks, but not all repositories have it and an attacker could still use older but still valid files to downgrade us. While this makes it sounds like a security improvement now, its a bit theoretical at best as an attacker with capabilities to pull this off could just as well always keep us days (but in the valid period) behind and always knows which state we have, as we tell him with the If-Modified-Since header. This is also why this is 'silently' ignored and treated as an IMSHit rather than screamed at the user as this can at best be an annoyance for attackers. An error here would 'regularily' be encountered by users by out-of-sync mirrors serving a single run (e.g. load balancer) or in two consecutive runs on the other hand, so it would just help teaching people ignore it. That said, most of the code churn is caused by enforcing this additional requirement. Crisscross from InRelease to Release.gpg is e.g. very unlikely in practice, but if we would ignore it an attacker could sidestep it this way. --- test/integration/test-apt-update-rollback | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'test/integration/test-apt-update-rollback') diff --git a/test/integration/test-apt-update-rollback b/test/integration/test-apt-update-rollback index 29fe1ab56..b464a04a1 100755 --- a/test/integration/test-apt-update-rollback +++ b/test/integration/test-apt-update-rollback @@ -78,7 +78,7 @@ test_inrelease_to_valid_release() { rm $APTARCHIVE/dists/unstable/Release.gpg # update fails - testfailureequal "E: The repository 'file: unstable Release.gpg' is no longer signed." aptget update -qq + testfailureequal "E: The repository 'file: unstable Release' is no longer signed." aptget update -qq # test that security downgrade was not successful testfileequal lists.before "$(listcurrentlistsdirectory)" @@ -101,7 +101,7 @@ test_inrelease_to_release_reverts_all() { break_repository_sources_index '+1hour' # ensure error - testfailureequal "E: The repository 'file: unstable Release.gpg' is no longer signed." aptget update -qq # -o Debug::acquire::transaction=1 + testfailureequal "E: The repository 'file: unstable Release' is no longer signed." aptget update -qq # -o Debug::acquire::transaction=1 # ensure that the Packages file is also rolled back testfileequal lists.before "$(listcurrentlistsdirectory)" -- cgit v1.2.3