From 1da3b7b8e15b642135b54684e70a0c271471f07a Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Thu, 11 Jun 2015 10:56:31 +0200 Subject: show URI.Path in all acquire item descriptions It is a rather strange sight that index items use SiteOnly which strips the Path, while e.g. deb files are downloaded with NoUserPassword which does not. Important to note here is that for the file transport Path is pretty important as there is no Host which would be displayed by Site, which always resulted in "interesting" unspecific errors for "file:". Adding a 'middle' ground between the two which does show the Path but potentially modifies it (it strips a pending / at the end if existing) solves this "file:" issue, syncs the output and in the end helps to identify which file is meant exactly in progress output and co as a single site can have multiple repositories in different paths. --- test/integration/test-releasefile-verification | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'test/integration/test-releasefile-verification') diff --git a/test/integration/test-releasefile-verification b/test/integration/test-releasefile-verification index 469ed34d2..e8419524c 100755 --- a/test/integration/test-releasefile-verification +++ b/test/integration/test-releasefile-verification @@ -41,7 +41,7 @@ The following NEW packages will be installed: apt 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. After this operation, 5370 kB of additional disk space will be used. -Get:1 http://localhost:8080/ apt 0.7.25.3 +Get:1 http://localhost:8080 apt 0.7.25.3 Download complete and in download only mode' aptget install apt -dy } @@ -54,7 +54,7 @@ The following NEW packages will be installed: apt 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. After this operation, 5808 kB of additional disk space will be used. -Get:1 http://localhost:8080/ apt 0.8.0~pre1 +Get:1 http://localhost:8080 apt 0.8.0~pre1 Download complete and in download only mode' aptget install apt -dy } -- cgit v1.2.3 From b0d408547734100bf86781615f546487ecf390d9 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Wed, 24 Jun 2015 19:31:22 +0200 Subject: implement Signed-By option for sources.list MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Limits which key(s) can be used to sign a repository. Not immensely useful from a security perspective all by itself, but if the user has additional measures in place to confine a repository (like pinning) an attacker who gets the key for such a repository is limited to its potential and can't use the key to sign its attacks for an other (maybe less limited) repository… (yes, this is as weak as it sounds, but having the capability might come in handy for implementing other stuff later). --- test/integration/test-releasefile-verification | 47 +++++++++++++++++++++++--- 1 file changed, 42 insertions(+), 5 deletions(-) (limited to 'test/integration/test-releasefile-verification') diff --git a/test/integration/test-releasefile-verification b/test/integration/test-releasefile-verification index e8419524c..1c3953c8b 100755 --- a/test/integration/test-releasefile-verification +++ b/test/integration/test-releasefile-verification @@ -139,11 +139,6 @@ runtest() { failaptold prepare ${PKGFILE}-new - # weborf doesn't support If-Range - for release in $(find rootdir/var/lib/apt/lists/partial/ -name '*Release'); do - rm $release - touch $release - done signreleasefiles 'Joe Sixpack' find aptarchive/ -name "$DELETEFILE" -delete msgmsg 'Bad warm archive signed by' 'Joe Sixpack' @@ -191,6 +186,48 @@ runtest() { testsuccessequal "$(cat ${PKGFILE}-new) " aptcache show apt installaptnew + + prepare ${PKGFILE} + rm -rf rootdir/var/lib/apt/lists + signreleasefiles 'Marvin Paranoid' + find aptarchive/ -name "$DELETEFILE" -delete + msgmsg 'Cold archive signed by good keyring' 'Marvin Paranoid' + local MARVIN="$(readlink -f keys/marvinparanoid.pub)" + sed -i "s#^\(deb\(-src\)\?\) #\1 [signed-by=$MARVIN] #" rootdir/etc/apt/sources.list.d/* + testsuccess aptget update -o Debug::pkgAcquire::Worker=1 + testsuccessequal "$(cat ${PKGFILE}) +" aptcache show apt + installaptold + + rm -rf rootdir/var/lib/apt/lists + signreleasefiles 'Joe Sixpack' + find aptarchive/ -name "$DELETEFILE" -delete + msgmsg 'Cold archive signed by bad keyring' 'Joe Sixpack' + updatewithwarnings '^W: .* NO_PUBKEY' + + sed -i "s#^\(deb\(-src\)\?\) \[signed-by=$MARVIN\] #\1 #" rootdir/etc/apt/sources.list.d/* + local MARVIN="$(aptkey --keyring $MARVIN finger | grep 'Key fingerprint' | cut -d'=' -f 2 | tr -d ' ')" + + prepare ${PKGFILE} + rm -rf rootdir/var/lib/apt/lists + signreleasefiles 'Marvin Paranoid' + find aptarchive/ -name "$DELETEFILE" -delete + msgmsg 'Cold archive signed by good keyid' 'Marvin Paranoid' + sed -i "s#^\(deb\(-src\)\?\) #\1 [signed-by=$MARVIN] #" rootdir/etc/apt/sources.list.d/* + cp keys/marvinparanoid.pub rootdir/etc/apt/trusted.gpg.d/marvinparanoid.gpg + testsuccess aptget update -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1 + testsuccessequal "$(cat ${PKGFILE}) +" aptcache show apt + installaptold + rm -f rootdir/etc/apt/trusted.gpg.d/marvinparanoid.gpg + + rm -rf rootdir/var/lib/apt/lists + signreleasefiles 'Joe Sixpack' + find aptarchive/ -name "$DELETEFILE" -delete + msgmsg 'Cold archive signed by bad keyid' 'Joe Sixpack' + updatewithwarnings '^W: .* NO_PUBKEY' + + sed -i "s#^\(deb\(-src\)\?\) \[signed-by=$MARVIN\] #\1 #" rootdir/etc/apt/sources.list.d/* } runtest2() { -- cgit v1.2.3 From 4e03c47de15164f2656d9655edab6fb3570cb2f2 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Tue, 7 Jul 2015 22:11:20 +0200 Subject: implement Signed-By without using gpg for verification The previous commit returns to the possibility of using just gpgv for verification proposes. There is one problem through: We can't enforce a specific keyid without using gpg, but our acquire method can as it parses gpgv output anyway, so it can deal with good signatures from not expected signatures and treats them as unknown keys instead. Git-Dch: Ignore --- test/integration/test-releasefile-verification | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'test/integration/test-releasefile-verification') diff --git a/test/integration/test-releasefile-verification b/test/integration/test-releasefile-verification index 1c3953c8b..759242514 100755 --- a/test/integration/test-releasefile-verification +++ b/test/integration/test-releasefile-verification @@ -92,7 +92,7 @@ touch aptarchive/apt.deb PKGFILE="${TESTDIR}/$(echo "$(basename $0)" | sed 's#^test-#Packages-#')" updatewithwarnings() { - testwarning aptget update + testwarning aptget update -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1 testsuccess grep -E "$1" rootdir/tmp/testwarning.output } @@ -225,7 +225,7 @@ runtest() { signreleasefiles 'Joe Sixpack' find aptarchive/ -name "$DELETEFILE" -delete msgmsg 'Cold archive signed by bad keyid' 'Joe Sixpack' - updatewithwarnings '^W: .* NO_PUBKEY' + updatewithwarnings '^W: .* be verified because the public key is not available: .*' sed -i "s#^\(deb\(-src\)\?\) \[signed-by=$MARVIN\] #\1 #" rootdir/etc/apt/sources.list.d/* } -- cgit v1.2.3 From 9112f77703c39d46e2e0471c48c8a5e1f93f4abf Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 13 Jul 2015 03:36:59 +0200 Subject: show or-groups in not-installed recommends and suggests lists Further abstracting our new ShowList allows to use it for containers of strings as well giving us the option to implement an or-groups display for the recommends and suggests lists which is a nice trick given that it also helps with migrating the last remaining other cases of old ShowList. --- test/integration/test-releasefile-verification | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'test/integration/test-releasefile-verification') diff --git a/test/integration/test-releasefile-verification b/test/integration/test-releasefile-verification index 759242514..06701c623 100755 --- a/test/integration/test-releasefile-verification +++ b/test/integration/test-releasefile-verification @@ -36,7 +36,7 @@ installaptold() { testsuccessequal 'Reading package lists... Building dependency tree... Suggested packages: - aptitude synaptic wajig dpkg-dev apt-doc bzip2 lzma python-apt + aptitude | synaptic | wajig dpkg-dev apt-doc bzip2 lzma python-apt The following NEW packages will be installed: apt 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. @@ -49,7 +49,7 @@ installaptnew() { testsuccessequal 'Reading package lists... Building dependency tree... Suggested packages: - aptitude synaptic wajig dpkg-dev apt-doc bzip2 lzma python-apt + aptitude | synaptic | wajig dpkg-dev apt-doc bzip2 lzma python-apt The following NEW packages will be installed: apt 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. @@ -62,7 +62,7 @@ failaptold() { testfailureequal 'Reading package lists... Building dependency tree... Suggested packages: - aptitude synaptic wajig dpkg-dev apt-doc bzip2 lzma python-apt + aptitude | synaptic | wajig dpkg-dev apt-doc bzip2 lzma python-apt The following NEW packages will be installed: apt 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. @@ -76,7 +76,7 @@ failaptnew() { testfailureequal 'Reading package lists... Building dependency tree... Suggested packages: - aptitude synaptic wajig dpkg-dev apt-doc bzip2 lzma python-apt + aptitude | synaptic | wajig dpkg-dev apt-doc bzip2 lzma python-apt The following NEW packages will be installed: apt 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. -- cgit v1.2.3 From b381a482eab0fc7b65b63cf0512ef1f97d775e34 Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Fri, 14 Aug 2015 11:49:45 +0200 Subject: Replace --force-yes by various options starting with --allow This enables more fine grained control over such exceptions. --- test/integration/test-releasefile-verification | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'test/integration/test-releasefile-verification') diff --git a/test/integration/test-releasefile-verification b/test/integration/test-releasefile-verification index 06701c623..c4d1455eb 100755 --- a/test/integration/test-releasefile-verification +++ b/test/integration/test-releasefile-verification @@ -69,7 +69,7 @@ The following NEW packages will be installed: After this operation, 5370 kB of additional disk space will be used. WARNING: The following packages cannot be authenticated! apt -E: There are problems and -y was used without --force-yes' aptget install apt -dy +E: There were unauthenticated packages and -y was used without --allow-unauthenticated' aptget install apt -dy } failaptnew() { @@ -83,7 +83,7 @@ The following NEW packages will be installed: After this operation, 5808 kB of additional disk space will be used. WARNING: The following packages cannot be authenticated! apt -E: There are problems and -y was used without --force-yes' aptget install apt -dy +E: There were unauthenticated packages and -y was used without --allow-unauthenticated' aptget install apt -dy } # fake our downloadable file -- cgit v1.2.3