From 3f732aa6ad0a81b6a6942a61fd5ed26a26590e8e Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Tue, 28 Apr 2015 23:42:03 +0200 Subject: a pin of 1000 always means downgrade allowed The documentation says this, but the code only agreed while evaluating specific packages, but not generics. These needed a pin above 1000 to have the same effect. The code causing this makes references to a 'second pesduo status file', but nowhere is explained what this might stand for and/or what it was, so we do the only reasonable thing: Remove all references and do as documented. --- .../test-bug-543966-downgrade-below-1000-pin | 84 +++++++++++--------- test/integration/test-policy-pinning | 92 ++++++++++------------ 2 files changed, 86 insertions(+), 90 deletions(-) (limited to 'test/integration') diff --git a/test/integration/test-bug-543966-downgrade-below-1000-pin b/test/integration/test-bug-543966-downgrade-below-1000-pin index d37539b9f..485df999c 100755 --- a/test/integration/test-bug-543966-downgrade-below-1000-pin +++ b/test/integration/test-bug-543966-downgrade-below-1000-pin @@ -24,58 +24,66 @@ testsuccessequal "base-files: 5.0.0 0 500 file:${APTARCHIVE} unstable/main i386 Packages" aptcache policy base-files -o apt::pin=0 -echo 'Package: base-files +writepin() { + echo "Package: $1 Pin: release a=unstable -Pin-Priority: 99' > rootdir/etc/apt/preferences +Pin-Priority: $2" > rootdir/etc/apt/preferences +} -testsuccessequal "base-files: + + +testpinning() { + local PKGPIN='' + local PKGPINPRIO='0' + local REPPINPRIO='' + if [ "$1" != '*' ]; then + PKGPINPRIO='' + REPPINPRIO=' 500' + PKGPIN='Package pin: 5.0.0 + ' + fi + writepin "$1" '99' + testsuccessequal "base-files: Installed: 5.0.0-1 Candidate: 5.0.0-1 - Package pin: 5.0.0 - Version table: - *** 5.0.0-1 99 + ${PKGPIN}Version table: + *** 5.0.0-1 ${PKGPINPRIO:-99} 100 $STATUS - 5.0.0 99 - 500 file:${APTARCHIVE} unstable/main i386 Packages" aptcache policy base-files -o apt::pin=99 + 5.0.0 ${PKGPINPRIO:-99} + ${REPPINPRIO:- 99} file:${APTARCHIVE} unstable/main i386 Packages" aptcache policy base-files -o apt::pin=99 -echo 'Package: base-files -Pin: release a=unstable -Pin-Priority: 100' > rootdir/etc/apt/preferences - -testsuccessequal "base-files: + writepin "$1" '100' + testsuccessequal "base-files: Installed: 5.0.0-1 Candidate: 5.0.0-1 - Package pin: 5.0.0 - Version table: - *** 5.0.0-1 100 + ${PKGPIN}Version table: + *** 5.0.0-1 ${PKGPINPRIO:-100} 100 $STATUS - 5.0.0 100 - 500 file:${APTARCHIVE} unstable/main i386 Packages" aptcache policy base-files -o apt::pin=100 + 5.0.0 ${PKGPINPRIO:-100} + ${REPPINPRIO:- 100} file:${APTARCHIVE} unstable/main i386 Packages" aptcache policy base-files -o apt::pin=100 -echo 'Package: base-files -Pin: release a=unstable -Pin-Priority: 999' > rootdir/etc/apt/preferences - -testsuccessequal "base-files: + writepin "$1" '999' + testsuccessequal "base-files: Installed: 5.0.0-1 Candidate: 5.0.0-1 - Package pin: 5.0.0 - Version table: - *** 5.0.0-1 999 + ${PKGPIN}Version table: + *** 5.0.0-1 ${PKGPINPRIO:-999} 100 $STATUS - 5.0.0 999 - 500 file:${APTARCHIVE} unstable/main i386 Packages" aptcache policy base-files -o apt::pin=999 - -echo 'Package: base-files -Pin: release a=unstable -Pin-Priority: 1000' > rootdir/etc/apt/preferences + 5.0.0 ${PKGPINPRIO:-999} + ${REPPINPRIO:- 999} file:${APTARCHIVE} unstable/main i386 Packages" aptcache policy base-files -o apt::pin=999 -testsuccessequal "base-files: + writepin "$1" '1000' + testsuccessequal "base-files: Installed: 5.0.0-1 Candidate: 5.0.0 - Package pin: 5.0.0 - Version table: - *** 5.0.0-1 1000 + ${PKGPIN}Version table: + *** 5.0.0-1 ${PKGPINPRIO:-1000} 100 $STATUS - 5.0.0 1000 - 500 file:${APTARCHIVE} unstable/main i386 Packages" aptcache policy base-files -o apt::pin=1000 + 5.0.0 ${PKGPINPRIO:-1000} + ${REPPINPRIO:-1000} file:${APTARCHIVE} unstable/main i386 Packages" aptcache policy base-files -o apt::pin=1000 +} + +msgmsg 'Tests with generic-form pin' +testpinning '*' +msgmsg 'Tests with specific-form pin' +testpinning 'base-files' diff --git a/test/integration/test-policy-pinning b/test/integration/test-policy-pinning index 15bf300ac..2675b51bc 100755 --- a/test/integration/test-policy-pinning +++ b/test/integration/test-policy-pinning @@ -25,70 +25,58 @@ testequalpolicy() { Pinned packages:" aptcache policy $* } -aptgetupdate() { - # just to be sure that no old files are used - rm -rf rootdir/var/lib/apt - if aptget update --allow-insecure-repositories -qq 2>&1 | grep '^E: '; then - msgwarn 'apt-get update failed with an error' - fi -} +testglobalpolicy() { + aptgetupdate -### not signed archive + testequalpolicy 100 500 + testequalpolicy 990 500 -t now -aptgetupdate + sed -i aptarchive/Release -e 1i"NotAutomatic: yes" + aptgetupdate -testequalpolicy 100 500 -testequalpolicy 990 500 -t now + testequalpolicy 100 1 -o Test=NotAutomatic + testequalpolicy 990 1 -o Test=NotAutomatic -t now -sed -i aptarchive/Release -e 1i"NotAutomatic: yes" -aptgetupdate + sed -i aptarchive/Release -e 1i"ButAutomaticUpgrades: yes" + aptgetupdate -testequalpolicy 100 1 -o Test=NotAutomatic -testequalpolicy 990 1 -o Test=NotAutomatic -t now + testequalpolicy 100 100 -o Test=ButAutomaticUpgrades + testequalpolicy 990 100 -o Test=ButAutomaticUpgrades -t now -sed -i aptarchive/Release -e 1i"ButAutomaticUpgrades: yes" -aptgetupdate + sed -i aptarchive/Release -e 's#NotAutomatic: yes#NotAutomatic: no#' -e '/ButAutomaticUpgrades: / d' + aptgetupdate -testequalpolicy 100 100 -o Test=ButAutomaticUpgrades -testequalpolicy 990 100 -o Test=ButAutomaticUpgrades -t now + testequalpolicy 100 500 -o Test=Automatic + testequalpolicy 990 500 -o Test=Automatic -t now -sed -i aptarchive/Release -e 's#NotAutomatic: yes#NotAutomatic: no#' -e '/ButAutomaticUpgrades: / d' -aptgetupdate - -testequalpolicy 100 500 -o Test=Automatic -testequalpolicy 990 500 -o Test=Automatic -t now - -sed -i aptarchive/Release -e '/NotAutomatic: / d' -e '/ButAutomaticUpgrades: / d' - -### signed but no key in trusted - -signreleasefiles 'Marvin Paranoid' -aptgetupdate -testequalpolicy 100 500 -testequalpolicy 990 500 -t now - -sed -i aptarchive/Release -e 1i"NotAutomatic: yes" -signreleasefiles 'Marvin Paranoid' -aptgetupdate - -testequalpolicy 100 1 -o Test=NotAutomatic -testequalpolicy 990 1 -o Test=NotAutomatic -t now - -sed -i aptarchive/Release -e 1i"ButAutomaticUpgrades: yes" -signreleasefiles 'Marvin Paranoid' -aptgetupdate + sed -i aptarchive/Release -e '/NotAutomatic: / d' -e '/ButAutomaticUpgrades: / d' +} -testequalpolicy 100 100 -o Test=ButAutomaticUpgrades -testequalpolicy 990 100 -o Test=ButAutomaticUpgrades -t now +msgmsg 'Test with not signed archive' +aptgetupdate() { + rm -rf rootdir/var/lib/apt + testwarning aptget update --allow-insecure-repositories +} +testglobalpolicy -sed -i aptarchive/Release -e 's#NotAutomatic: yes#NotAutomatic: no#' -e '/ButAutomaticUpgrades: / d' -signreleasefiles 'Marvin Paranoid' -aptgetupdate +msgmsg 'Test with signed but no key in trusted' +aptgetupdate() { + rm -rf rootdir/var/lib/apt + signreleasefiles 'Marvin Paranoid' + testwarning aptget update --allow-insecure-repositories +} +testglobalpolicy -testequalpolicy 100 500 -o Test=Automatic -testequalpolicy 990 500 -o Test=Automatic -t now +# much the same tests will be executed below in more detail again for this one +msgmsg 'Test with signed and valid key' +aptgetupdate() { + rm -rf rootdir/var/lib/apt + signreleasefiles 'Joe Sixpack' + testsuccess aptget update +} +testglobalpolicy -### signed and valid key +msgmsg 'Test with specific packages' buildsimplenativepackage "coolstuff" "all" "1.0" "stable" buildsimplenativepackage "coolstuff" "all" "2.0~bpo1" "backports" -- cgit v1.2.3