From bca84917c326fa3158e120147c8aecebe0789b47 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Fri, 26 Sep 2014 22:45:18 +0200 Subject: test fixes --- test/integration/test-bug-738785-switch-protocol | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'test/integration/test-bug-738785-switch-protocol') diff --git a/test/integration/test-bug-738785-switch-protocol b/test/integration/test-bug-738785-switch-protocol index 1e5748eae..4ff044515 100755 --- a/test/integration/test-bug-738785-switch-protocol +++ b/test/integration/test-bug-738785-switch-protocol @@ -60,4 +60,4 @@ mv rootdir/${COPYMETHODS}.bak rootdir/${COPYMETHODS} # check that downgrades from https to http are not allowed webserverconfig 'aptwebserver::support::http' 'true' sed -i -e 's#:8080/redirectme#:4433/downgrademe#' -e 's# http:# https:#' rootdir/etc/apt/sources.list.d/* -testfailure aptget update +testfailure aptget update --allow-unauthenticated -- cgit v1.2.3 From c99fe2e169243fc6e1a3278ce3768f0f521e260b Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 1 Oct 2014 12:21:55 +0200 Subject: Use Acquire::Allow{InsecureRepositories,DowngradeToInsecureRepositories} The configuration key Acquire::AllowInsecureRepositories controls if apt allows loading of unsigned repositories at all. The configuration Acquire::AllowDowngradeToInsecureRepositories controls if a signed repository can ever become unsigned. This should really never be needed but we provide it to avoid having to mess around in /var/lib/apt/lists if there is a use-case for this (which I can't think of right now). --- test/integration/test-bug-738785-switch-protocol | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'test/integration/test-bug-738785-switch-protocol') diff --git a/test/integration/test-bug-738785-switch-protocol b/test/integration/test-bug-738785-switch-protocol index 4ff044515..f81bba4b9 100755 --- a/test/integration/test-bug-738785-switch-protocol +++ b/test/integration/test-bug-738785-switch-protocol @@ -60,4 +60,4 @@ mv rootdir/${COPYMETHODS}.bak rootdir/${COPYMETHODS} # check that downgrades from https to http are not allowed webserverconfig 'aptwebserver::support::http' 'true' sed -i -e 's#:8080/redirectme#:4433/downgrademe#' -e 's# http:# https:#' rootdir/etc/apt/sources.list.d/* -testfailure aptget update --allow-unauthenticated +testfailure aptget update --allow-insecure-repositories -- cgit v1.2.3 From 68ba0b7f4e1c03edfb6f621e7e7314ea610af96b Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Wed, 15 Oct 2014 03:47:50 +0200 Subject: testcases runable as root Running the testcases is usually not a good idea, but it can be handy to check if the privilege dropping works. Git-Dch: Ignore --- test/integration/test-bug-738785-switch-protocol | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'test/integration/test-bug-738785-switch-protocol') diff --git a/test/integration/test-bug-738785-switch-protocol b/test/integration/test-bug-738785-switch-protocol index f81bba4b9..f450e5e5a 100755 --- a/test/integration/test-bug-738785-switch-protocol +++ b/test/integration/test-bug-738785-switch-protocol @@ -49,8 +49,14 @@ rm https cd - >/dev/null echo "Dir::Bin::Methods \"${COPYMETHODS}\";" >> aptconfig.conf -testequal "E: The method driver $(pwd)/rootdir/usr/lib/apt/methods/https could not be found. +if [ "$(id -u)" = '0' ]; then + testequal "Can't drop privileges for downloading as file '$(pwd)/apt_1.0_all.deb' couldn't be accessed by user '_apt'. +E: The method driver $(pwd)/rootdir/usr/lib/apt/methods/https could not be found. N: Is the package apt-transport-https installed?" aptget download apt -q=0 +else + testequal "E: The method driver $(pwd)/rootdir/usr/lib/apt/methods/https could not be found. +N: Is the package apt-transport-https installed?" aptget download apt -q=0 +fi testsuccess test ! -e apt_1.0_all.deb # revert to all methods -- cgit v1.2.3 From 03aa08472dcd689572a46ce6efdb1dccf6136334 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Thu, 23 Oct 2014 01:28:05 +0200 Subject: chown finished partial files earlier partial files are chowned by the Item baseclass to let the methods work with them. Now, this baseclass is also responsible for chowning the files back to root instead of having various deeper levels do this. The consequence is that all overloaded Failed() methods now call the Item::Failed base as their first step. The same is done for Done(). The effect is that even in partial files usually don't belong to _apt anymore, helping sneakernets and reducing possibilities of a bad method modifying files not belonging to them. The change is supported by the framework not only supporting being run as root, but with proper permission management, too, so that privilege dropping can be tested with them. --- test/integration/test-bug-738785-switch-protocol | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) (limited to 'test/integration/test-bug-738785-switch-protocol') diff --git a/test/integration/test-bug-738785-switch-protocol b/test/integration/test-bug-738785-switch-protocol index f450e5e5a..e50c84dbf 100755 --- a/test/integration/test-bug-738785-switch-protocol +++ b/test/integration/test-bug-738785-switch-protocol @@ -25,6 +25,7 @@ downloadfile 'http://localhost:8080/pool/apt_1.0/changelog' changelog >/dev/null echo 'Apt::Changelogs::Server "http://localhost:8080/redirectme";' > rootdir/etc/apt/apt.conf.d/changelog.conf testequal "'http://localhost:8080/redirectme/pool/apt_1.0/changelog'" aptget changelog apt --print-uris +cd downloaded testsuccess aptget changelog apt -d testsuccess test -s apt.changelog rm -f apt.changelog @@ -32,6 +33,7 @@ rm -f apt.changelog testsuccess aptget download apt testsuccess test -s apt_1.0_all.deb rm apt_1.0_all.deb +cd - >/dev/null testsuccess aptget install apt -y testdpkginstalled 'apt' @@ -49,15 +51,11 @@ rm https cd - >/dev/null echo "Dir::Bin::Methods \"${COPYMETHODS}\";" >> aptconfig.conf -if [ "$(id -u)" = '0' ]; then - testequal "Can't drop privileges for downloading as file '$(pwd)/apt_1.0_all.deb' couldn't be accessed by user '_apt'. -E: The method driver $(pwd)/rootdir/usr/lib/apt/methods/https could not be found. -N: Is the package apt-transport-https installed?" aptget download apt -q=0 -else - testequal "E: The method driver $(pwd)/rootdir/usr/lib/apt/methods/https could not be found. +cd downloaded +testequal "E: The method driver $(readlink -f './../')/rootdir/usr/lib/apt/methods/https could not be found. N: Is the package apt-transport-https installed?" aptget download apt -q=0 -fi testsuccess test ! -e apt_1.0_all.deb +cd - >/dev/null # revert to all methods rm -rf rootdir/$COPYMETHODS -- cgit v1.2.3 From e52aad5208281837f13018363118ff73aaaabf45 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Sat, 25 Oct 2014 13:37:05 +0200 Subject: tests: enhance output of grep and test fails Git-Dch: Ignore --- test/integration/test-bug-738785-switch-protocol | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'test/integration/test-bug-738785-switch-protocol') diff --git a/test/integration/test-bug-738785-switch-protocol b/test/integration/test-bug-738785-switch-protocol index e50c84dbf..0f458e099 100755 --- a/test/integration/test-bug-738785-switch-protocol +++ b/test/integration/test-bug-738785-switch-protocol @@ -54,7 +54,7 @@ echo "Dir::Bin::Methods \"${COPYMETHODS}\";" >> aptconfig.conf cd downloaded testequal "E: The method driver $(readlink -f './../')/rootdir/usr/lib/apt/methods/https could not be found. N: Is the package apt-transport-https installed?" aptget download apt -q=0 -testsuccess test ! -e apt_1.0_all.deb +testfailure test -e apt_1.0_all.deb cd - >/dev/null # revert to all methods -- cgit v1.2.3 From 25b86db159fbc3c043628e285c0c1ef24dec2c6e Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Tue, 10 Mar 2015 00:59:44 +0100 Subject: test exitcode as well as string equality We use test{success,failure} now all over the place in the framework, so its only consequencial to do this in the situations in which we test for a specific output as well. Git-Dch: Ignore --- test/integration/test-bug-738785-switch-protocol | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'test/integration/test-bug-738785-switch-protocol') diff --git a/test/integration/test-bug-738785-switch-protocol b/test/integration/test-bug-738785-switch-protocol index 0f458e099..f6336ffe3 100755 --- a/test/integration/test-bug-738785-switch-protocol +++ b/test/integration/test-bug-738785-switch-protocol @@ -23,7 +23,7 @@ msgtest 'Test that the webserver does not answer' 'http requests' downloadfile 'http://localhost:8080/pool/apt_1.0/changelog' changelog >/dev/null 2>&1 && msgfail || msgpass echo 'Apt::Changelogs::Server "http://localhost:8080/redirectme";' > rootdir/etc/apt/apt.conf.d/changelog.conf -testequal "'http://localhost:8080/redirectme/pool/apt_1.0/changelog'" aptget changelog apt --print-uris +testsuccessequal "'http://localhost:8080/redirectme/pool/apt_1.0/changelog'" aptget changelog apt --print-uris cd downloaded testsuccess aptget changelog apt -d @@ -52,7 +52,7 @@ cd - >/dev/null echo "Dir::Bin::Methods \"${COPYMETHODS}\";" >> aptconfig.conf cd downloaded -testequal "E: The method driver $(readlink -f './../')/rootdir/usr/lib/apt/methods/https could not be found. +testfailureequal "E: The method driver $(readlink -f './../')/rootdir/usr/lib/apt/methods/https could not be found. N: Is the package apt-transport-https installed?" aptget download apt -q=0 testfailure test -e apt_1.0_all.deb cd - >/dev/null -- cgit v1.2.3