From 9082a1fc7be02f58cbe18a34539c6a3436463dd0 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Fri, 14 Feb 2014 00:30:58 +0100 Subject: allow http protocol to switch to https switch protocols at random is a bad idea if e.g. http can switch to file, so we limit the possibilities to http to http and http to https. As very few people (less than 1% according to popcon) have https installed this likely changes nothing in terms of failure. The commit is adding a friendly hint which package needs to be installed though. --- test/integration/test-bug-738785-switch-protocol | 52 ++++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100755 test/integration/test-bug-738785-switch-protocol (limited to 'test/integration/test-bug-738785-switch-protocol') diff --git a/test/integration/test-bug-738785-switch-protocol b/test/integration/test-bug-738785-switch-protocol new file mode 100755 index 000000000..d3469f34f --- /dev/null +++ b/test/integration/test-bug-738785-switch-protocol @@ -0,0 +1,52 @@ +#!/bin/sh +set -e + +TESTDIR=$(readlink -f $(dirname $0)) +. $TESTDIR/framework + +setupenvironment +configarchitecture "i386" + +buildsimplenativepackage 'apt' 'all' '1.0' 'stable' + +# setup http redirecting to https +setupaptarchive --no-update +changetowebserver -o 'aptwebserver::redirect::replace::/redirectme/=https://localhost:4433/' \ + -o 'aptwebserver::support::http=false' +changetohttpswebserver +sed -i -e 's#:4433/#:8080/redirectme#' -e 's# https:# http:#' rootdir/etc/apt/sources.list.d/* + +testsuccess aptget update -o Debug::Acquire::http=1 -o Debug::Acquire::https=1 -o Debug::pkgAcquire::Worker=1 + +msgtest 'Test that the webserver does not answer' 'http requests' +downloadfile 'http://localhost:8080//pool/apt_1.0/changelog' >/dev/null 2>&1 && msgfail || msgpass + +echo 'Apt::Changelogs::Server "http://localhost:8080/redirectme";' > rootdir/etc/apt/apt.conf.d/changelog.conf +testequal "'http://localhost:8080/redirectme/pool/apt_1.0/changelog'" aptget changelog apt --print-uris + +testsuccess aptget changelog apt -d +testsuccess test -s apt.changelog +rm -f apt.changelog + +testsuccess aptget download apt +testsuccess test -s apt_1.0_all.deb +rm apt_1.0_all.deb + +testsuccess aptget install apt -y +testdpkginstalled 'apt' + +# create a copy of all methods, expect https +eval `aptconfig shell METHODS Dir::Bin::Methods/d` +COPYMETHODS='usr/lib/apt/methods' +rm rootdir/$COPYMETHODS +mkdir -p rootdir/$COPYMETHODS +cd rootdir/$COPYMETHODS +find $METHODS \! -type d | while read meth; do + ln -s $meth +done +rm https +cd - >/dev/null +echo "Dir::Bin::Methods \"${COPYMETHODS}\";" >> aptconfig.conf + +aptget download apt +testsuccess test ! -e apt_1.0_all.deb -- cgit v1.2.3 From dc95fee18e8df2b00404c7d0f321f5b78e00f170 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Fri, 14 Feb 2014 17:11:07 +0100 Subject: disable https->http redirects in libcurl This change prevents changing the protocol from https to http. --- test/integration/test-bug-738785-switch-protocol | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'test/integration/test-bug-738785-switch-protocol') diff --git a/test/integration/test-bug-738785-switch-protocol b/test/integration/test-bug-738785-switch-protocol index d3469f34f..bc3c6dbad 100755 --- a/test/integration/test-bug-738785-switch-protocol +++ b/test/integration/test-bug-738785-switch-protocol @@ -19,7 +19,7 @@ sed -i -e 's#:4433/#:8080/redirectme#' -e 's# https:# http:#' rootdir/etc/apt/so testsuccess aptget update -o Debug::Acquire::http=1 -o Debug::Acquire::https=1 -o Debug::pkgAcquire::Worker=1 msgtest 'Test that the webserver does not answer' 'http requests' -downloadfile 'http://localhost:8080//pool/apt_1.0/changelog' >/dev/null 2>&1 && msgfail || msgpass +downloadfile 'http://localhost:8080/pool/apt_1.0/changelog' changelog >/dev/null 2>&1 && msgfail || msgpass echo 'Apt::Changelogs::Server "http://localhost:8080/redirectme";' > rootdir/etc/apt/apt.conf.d/changelog.conf testequal "'http://localhost:8080/redirectme/pool/apt_1.0/changelog'" aptget changelog apt --print-uris -- cgit v1.2.3 From 5543218acdbbeef1d9f6d118e0b86a765c341430 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Fri, 14 Feb 2014 18:35:35 +0100 Subject: honor option to disable pulses for the testcases Git-Dch: Ignore --- test/integration/test-bug-738785-switch-protocol | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'test/integration/test-bug-738785-switch-protocol') diff --git a/test/integration/test-bug-738785-switch-protocol b/test/integration/test-bug-738785-switch-protocol index bc3c6dbad..b51be244a 100755 --- a/test/integration/test-bug-738785-switch-protocol +++ b/test/integration/test-bug-738785-switch-protocol @@ -48,5 +48,6 @@ rm https cd - >/dev/null echo "Dir::Bin::Methods \"${COPYMETHODS}\";" >> aptconfig.conf -aptget download apt +testequal "E: The method driver $(pwd)/rootdir/usr/lib/apt/methods/https could not be found. +N: Is the package apt-transport-https installed?" aptget download apt -q=0 testsuccess test ! -e apt_1.0_all.deb -- cgit v1.2.3 From 889b0072a93a5afe9ffec93ab791d584c64754a0 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Fri, 14 Feb 2014 18:59:46 +0100 Subject: =?UTF-8?q?add=20a=20testcase=20to=20check=20for=20forbidden=20htt?= =?UTF-8?q?ps=E2=86=92http=20downgrades?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Git-Dch: Ignore --- test/integration/test-bug-738785-switch-protocol | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'test/integration/test-bug-738785-switch-protocol') diff --git a/test/integration/test-bug-738785-switch-protocol b/test/integration/test-bug-738785-switch-protocol index b51be244a..1e5748eae 100755 --- a/test/integration/test-bug-738785-switch-protocol +++ b/test/integration/test-bug-738785-switch-protocol @@ -12,6 +12,7 @@ buildsimplenativepackage 'apt' 'all' '1.0' 'stable' # setup http redirecting to https setupaptarchive --no-update changetowebserver -o 'aptwebserver::redirect::replace::/redirectme/=https://localhost:4433/' \ + -o 'aptwebserver::redirect::replace::/downgrademe/=http://localhost:8080/' \ -o 'aptwebserver::support::http=false' changetohttpswebserver sed -i -e 's#:4433/#:8080/redirectme#' -e 's# https:# http:#' rootdir/etc/apt/sources.list.d/* @@ -38,7 +39,7 @@ testdpkginstalled 'apt' # create a copy of all methods, expect https eval `aptconfig shell METHODS Dir::Bin::Methods/d` COPYMETHODS='usr/lib/apt/methods' -rm rootdir/$COPYMETHODS +mv rootdir/${COPYMETHODS} rootdir/${COPYMETHODS}.bak mkdir -p rootdir/$COPYMETHODS cd rootdir/$COPYMETHODS find $METHODS \! -type d | while read meth; do @@ -51,3 +52,12 @@ echo "Dir::Bin::Methods \"${COPYMETHODS}\";" >> aptconfig.conf testequal "E: The method driver $(pwd)/rootdir/usr/lib/apt/methods/https could not be found. N: Is the package apt-transport-https installed?" aptget download apt -q=0 testsuccess test ! -e apt_1.0_all.deb + +# revert to all methods +rm -rf rootdir/$COPYMETHODS +mv rootdir/${COPYMETHODS}.bak rootdir/${COPYMETHODS} + +# check that downgrades from https to http are not allowed +webserverconfig 'aptwebserver::support::http' 'true' +sed -i -e 's#:8080/redirectme#:4433/downgrademe#' -e 's# http:# https:#' rootdir/etc/apt/sources.list.d/* +testfailure aptget update -- cgit v1.2.3