From 148c049150cc39f2e40894c1684dc2aefea1117e Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Fri, 12 Aug 2016 22:13:09 +0200 Subject: http(s): allow empty values for header fields MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It seems completely pointless from a server-POV to sent empty header fields, so most of them don't do it (simply proven by this limitation existing since day one) – but it is technically allowed by the RFC as the surounding whitespaces are optional and Github seems to like sending "X-Geo-Block-List:\r\n" since recently (bug reports in other http clients indicate July) at least sometimes as the reporter claims to have seen it on https only even through it can happen with both. Closes: 834048 --- test/integration/test-bug-778375-server-has-no-reason-phrase | 1 + 1 file changed, 1 insertion(+) (limited to 'test/integration') diff --git a/test/integration/test-bug-778375-server-has-no-reason-phrase b/test/integration/test-bug-778375-server-has-no-reason-phrase index bce41235f..28e31e069 100755 --- a/test/integration/test-bug-778375-server-has-no-reason-phrase +++ b/test/integration/test-bug-778375-server-has-no-reason-phrase @@ -11,6 +11,7 @@ echo 'found' > aptarchive/working changetohttpswebserver -o 'aptwebserver::redirect::replace::/redirectme/=/' \ -o 'aptwebserver::httpcode::200=200' -o 'aptwebserver::httpcode::404=404' \ -o 'aptwebserver::httpcode::301=301' +webserverconfig 'aptwebserver::empty-response-header::' 'foobar' testdownload() { rm -f downfile -- cgit v1.2.3 From d94b1d80d8326334d17f6a43061368e783b8e0aa Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Thu, 11 Aug 2016 18:24:35 +0200 Subject: don't sent Range requests if we know its not accepted If the server told us in a previous request that it isn't supporting Ranges with bytes via an Accept-Ranges header missing bytes, we don't try to formulate requests using Ranges. --- test/integration/test-apt-update-transactions | 2 +- test/integration/test-bug-lp1445239-download-loop | 1 - test/integration/test-partial-file-support | 8 +++++++- test/integration/test-releasefile-verification | 2 -- 4 files changed, 8 insertions(+), 5 deletions(-) (limited to 'test/integration') diff --git a/test/integration/test-apt-update-transactions b/test/integration/test-apt-update-transactions index d8154b283..ab678c133 100755 --- a/test/integration/test-apt-update-transactions +++ b/test/integration/test-apt-update-transactions @@ -82,7 +82,7 @@ testsetup 'file' changetowebserver webserverconfig 'aptwebserver::support::modified-since' 'false' "$1" webserverconfig 'aptwebserver::support::last-modified' 'false' "$1" # curl is clever and sees hits here also -webserverconfig 'aptwebserver::support::range' 'false' "$1" +webserverconfig 'aptwebserver::response-header::Accept-Ranges' 'none' "$1" testsetup 'http' diff --git a/test/integration/test-bug-lp1445239-download-loop b/test/integration/test-bug-lp1445239-download-loop index a12d5252d..6802840a5 100755 --- a/test/integration/test-bug-lp1445239-download-loop +++ b/test/integration/test-bug-lp1445239-download-loop @@ -12,7 +12,6 @@ setupenvironment configarchitecture 'amd64' changetowebserver -webserverconfig 'aptwebserver::support::range' 'true' TESTFILE='aptarchive/testfile' dd if=/dev/zero of=$TESTFILE bs=100k count=1 2>/dev/null diff --git a/test/integration/test-partial-file-support b/test/integration/test-partial-file-support index 1c5d120d8..9b5eed1e5 100755 --- a/test/integration/test-partial-file-support +++ b/test/integration/test-partial-file-support @@ -96,6 +96,7 @@ followuprequest() { testrun() { webserverconfig 'aptwebserver::support::range' 'true' + webserverconfig 'aptwebserver::response-header::Accept-Ranges' 'bytes' local DOWN='./downloaded/testfile' copysource $TESTFILE 0 $DOWN @@ -125,7 +126,11 @@ testrun() { testdownloadfile 'old data' "${1}/testfile" "$DOWN" '=' testwebserverlaststatuscode '200' "$DOWNLOADLOG" - webserverconfig 'aptwebserver::support::range' 'false' + if [ "${1%%:*}" = 'https' ] && expr match "$1" "^.*/redirectme$" >/dev/null; then + webserverconfig 'aptwebserver::response-header::Accept-Ranges' 'none' + else + webserverconfig 'aptwebserver::support::range' 'false' + fi copysource $TESTFILE 20 $DOWN testdownloadfile 'no server support' "${1}/testfile" "$DOWN" '=' @@ -148,4 +153,5 @@ changetohttpswebserver serverconfigs "https://localhost:${APTHTTPSPORT}" webserverconfig 'aptwebserver::redirect::replace::/redirectme/' "https://localhost:${APTHTTPSPORT}/" +serverconfigs "https://localhost:${APTHTTPSPORT}/redirectme" serverconfigs "http://localhost:${APTHTTPPORT}/redirectme" diff --git a/test/integration/test-releasefile-verification b/test/integration/test-releasefile-verification index 82e48ffa8..fec7b1302 100755 --- a/test/integration/test-releasefile-verification +++ b/test/integration/test-releasefile-verification @@ -12,8 +12,6 @@ buildaptarchive setupflataptarchive changetowebserver -webserverconfig 'aptwebserver::support::range' 'false' - prepare() { local DATE="${2:-now}" if [ "$DATE" = 'now' ]; then -- cgit v1.2.3 From ad9416611ab83f7799f2dcb4bf7f3ef30e9fe6f8 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Sun, 14 Aug 2016 13:12:08 +0200 Subject: retry without same redirection mirror on 404 errors If 9b8034a9fd40b4d05075fda719e61f6eb4c45678 serves the Release files from a partial mirror we will end up getting 404 for some of the indexes. Instead of giving up, we will instead ignore our same redirection mirror constrain and ask the redirection service as a potential hashsum mismatch is better than keeping the certain 404 error. --- .../test-handle-redirect-as-used-mirror-change | 24 ++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) (limited to 'test/integration') diff --git a/test/integration/test-handle-redirect-as-used-mirror-change b/test/integration/test-handle-redirect-as-used-mirror-change index 2f6431e66..2e8fbeff6 100755 --- a/test/integration/test-handle-redirect-as-used-mirror-change +++ b/test/integration/test-handle-redirect-as-used-mirror-change @@ -44,10 +44,28 @@ testsuccess apthelper download-file "http://localhost:${APTHTTPPORT}/redirectme/ testsuccess test -s inrelease cd - >/dev/null +webserverconfig "aptwebserver::redirect::replace::http://0.0.0.0:${APTHTTPPORT}/dists/unstable/InRelease" "http://0.0.0.0:${APTHTTPPORT}/storage/dists/unstable/InRelease" +mkdir -p aptarchive/storage/dists/unstable +mv aptarchive/dists/unstable/InRelease aptarchive/storage/dists/unstable +rm -rf rootdir/var/lib/apt/lists +testsuccessequal "Get:1 http://0.0.0.0:${APTHTTPPORT}/storage unstable InRelease [$(stat -c %s aptarchive/storage/dists/unstable/InRelease) B] +Ign:2 http://0.0.0.0:${APTHTTPPORT}/storage unstable/main Sources + 404 Not Found +Ign:3 http://0.0.0.0:${APTHTTPPORT}/storage unstable/main all Packages + 404 Not Found +Ign:4 http://0.0.0.0:${APTHTTPPORT}/storage unstable/main Translation-en + 404 Not Found +Get:2 http://0.0.0.0:${APTHTTPPORT} unstable/main Sources [$(stat -c %s aptarchive/dists/unstable/main/source/Sources.gz) B] +Get:3 http://0.0.0.0:${APTHTTPPORT} unstable/main all Packages [$(stat -c %s aptarchive/dists/unstable/main/binary-all/Packages.gz) B] +Get:4 http://0.0.0.0:${APTHTTPPORT} unstable/main Translation-en [$(stat -c %s aptarchive/dists/unstable/main/i18n/Translation-en.gz) B] +Reading package lists... +Building dependency tree... +All packages are up to date." apt update + find aptarchive -name 'InRelease' -delete rm -rf rootdir/var/lib/apt/lists -testsuccessequal "Ign:1 http://0.0.0.0:${APTHTTPPORT} unstable InRelease +testsuccessequal "Ign:1 http://0.0.0.0:${APTHTTPPORT}/storage unstable InRelease 404 Not Found Get:2 http://0.0.0.0:${APTHTTPPORT} unstable Release [$(stat -c %s aptarchive/dists/unstable/Release) B] Get:3 http://0.0.0.0:${APTHTTPPORT} unstable Release.gpg [$(stat -c %s aptarchive/dists/unstable/Release.gpg) B] @@ -56,9 +74,7 @@ Get:5 http://0.0.0.0:${APTHTTPPORT} unstable/main all Packages [$(stat -c %s apt Get:6 http://0.0.0.0:${APTHTTPPORT} unstable/main Translation-en [$(stat -c %s aptarchive/dists/unstable/main/i18n/Translation-en.gz) B] Reading package lists..." aptget update -testsuccessequal "Ign:1 http://0.0.0.0:${APTHTTPPORT} unstable InRelease +testsuccessequal "Ign:1 http://0.0.0.0:${APTHTTPPORT}/storage unstable InRelease 404 Not Found Hit:2 http://0.0.0.0:${APTHTTPPORT} unstable Release Reading package lists..." aptget update - - -- cgit v1.2.3 From 77e274f5ad23d79294f28ecc9868fc6f534214a4 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Tue, 16 Aug 2016 07:47:44 +0200 Subject: support compression and by-hash for .diff/Index files In af81ab9030229b4ce6cbe28f0f0831d4896fda01 by-hash got implemented as a special compression type for our usual index files like Packages. Missing in this scheme was the special .diff/Index index file containing the info about individual patches for this index file. Deriving from the index file class directly we inherent the compression handling infrastructure and in this way also by-hash nearly for free. Closes: #824926 --- test/integration/test-pdiff-usage | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) (limited to 'test/integration') diff --git a/test/integration/test-pdiff-usage b/test/integration/test-pdiff-usage index 39d847203..59a3fd8af 100755 --- a/test/integration/test-pdiff-usage +++ b/test/integration/test-pdiff-usage @@ -35,6 +35,7 @@ wasmergeused() { fi testsuccess apt update "$@" + #apt update "$@" 2>&1 | tee rootdir/tmp/testsuccess.output msgtest 'No intermediate patch files' 'still exist' local EDS="$(find rootdir/var/lib/apt/lists -name '*.ed' -o -name '*.ed.*')" @@ -116,6 +117,34 @@ SHA256-Download: testsuccessequal "$(cat "${PKGFILE}-new") " aptcache show apt newstuff + msgmsg "Testcase: apply with compressed Index and one patch: $*" + cp "${PKGFILE}-new" aptarchive/Packages + compressfile 'aptarchive/Packages' + cat "$PATCHINDEX" | gzip > "${PATCHINDEX}.gz" + generatereleasefiles '+1hour' + signreleasefiles + find aptarchive -name 'Packages*' -type f -delete + rm "$PATCHINDEX" + rm -rf rootdir/var/lib/apt/lists + cp -a rootdir/var/lib/apt/lists-bak rootdir/var/lib/apt/lists + wasmergeused "$@" + testnopackage oldstuff + testsuccessequal "$(cat "${PKGFILE}-new") +" aptcache show apt newstuff + + msgmsg "Testcase: apply with by-hash compressed Index and one patch: $*" + local NORMAL="$(readlink -f "./aptarchive/Packages.diff")" + local BYHASH="${NORMAL}/by-hash/SHA256" + mkdir -p "${BYHASH}" + find "${NORMAL}/" -maxdepth 1 -name "Index*" -exec mv '{}' "$BYHASH" \; + ln -s "${BYHASH}/Index.gz" "${BYHASH}/$(sha256sum "${BYHASH}/Index.gz" | cut -f1 -d' ')" + rm -rf rootdir/var/lib/apt/lists + cp -a rootdir/var/lib/apt/lists-bak rootdir/var/lib/apt/lists + wasmergeused "$@" -o Acquire::By-Hash=force + testnopackage oldstuff + testsuccessequal "$(cat "${PKGFILE}-new") +" aptcache show apt newstuff + msgmsg "Testcase: SHA1-only patches are not used: $*" find aptarchive -name 'Packages*' -type f -delete cp "${PKGFILE}-new" aptarchive/Packages -- cgit v1.2.3 From f036d9bb539a5ed2b4c43a0c26a9cdfa5671298b Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Tue, 16 Aug 2016 07:38:18 +0200 Subject: tests: set source directory for gdb Helps interactive gdb calls find the source code. Gbp-Dch: Ignore --- test/integration/framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'test/integration') diff --git a/test/integration/framework b/test/integration/framework index 8a95d79bb..8d124858b 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -216,7 +216,7 @@ gdb() { if [ "${CMD##*/}" = "$CMD" ]; then CMD="${BUILDDIRECTORY}/${CMD}" fi - runapt command gdb --quiet -ex run "$CMD" --args "$CMD" "$@" + runapt command gdb --quiet -ex "directory '$SOURCEDIRECTORY'" -ex run "$CMD" --args "$CMD" "$@" } lastmodification() { date -u -d "@$(stat -c '%Y' "${TMPWORKINGDIRECTORY}/$1")" -R -- cgit v1.2.3 From d6e9ec719e2824db0b90f344f71b6e853df05627 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Tue, 16 Aug 2016 13:42:30 +0200 Subject: tests: update self-sigs on our test keys MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit gpg upstream committed "gpgv: Tweak default options for extra security." applied on the 1.x and 2.x branches: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=e32c575e0f3704e7563048eea6d26844bdfc494b This commit includes "[…], but we should validate the key by its self signature for primary key, and back signature for subkey." Our testkeys are old and do not really considered best practices in the last years, so their most recent self-signature is SHA1-only which with this gpg commit and our testcases defaulting to --weak-digest sha1 are refused. So what we do here is just applying some of the recent best practices on top of our testcase keys. Gbp-Dch: Ignore --- test/integration/joesixpack.pub | Bin 639 -> 639 bytes test/integration/joesixpack.sec | Bin 1290 -> 1290 bytes test/integration/keyrings/test-archive-keyring.pub | Bin 979 -> 979 bytes test/integration/keyrings/test-archive-keyring.sec | Bin 1355 -> 1642 bytes test/integration/keyrings/test-master-keyring.pub | Bin 1199 -> 1199 bytes test/integration/keyrings/test-master-keyring.sec | Bin 2501 -> 2501 bytes test/integration/marvinparanoid.pub | Bin 629 -> 624 bytes test/integration/marvinparanoid.sec | Bin 1280 -> 1275 bytes test/integration/rexexpired.pub | Bin 1200 -> 1191 bytes test/integration/rexexpired.sec | Bin 2502 -> 2493 bytes 10 files changed, 0 insertions(+), 0 deletions(-) (limited to 'test/integration') diff --git a/test/integration/joesixpack.pub b/test/integration/joesixpack.pub index 2b40b97b6..cad056104 100644 Binary files a/test/integration/joesixpack.pub and b/test/integration/joesixpack.pub differ diff --git a/test/integration/joesixpack.sec b/test/integration/joesixpack.sec index 92aaada76..0dc5cd8f6 100644 Binary files a/test/integration/joesixpack.sec and b/test/integration/joesixpack.sec differ diff --git a/test/integration/keyrings/test-archive-keyring.pub b/test/integration/keyrings/test-archive-keyring.pub index d8d9d472b..325174086 100644 Binary files a/test/integration/keyrings/test-archive-keyring.pub and b/test/integration/keyrings/test-archive-keyring.pub differ diff --git a/test/integration/keyrings/test-archive-keyring.sec b/test/integration/keyrings/test-archive-keyring.sec index aece750e8..001f79569 100644 Binary files a/test/integration/keyrings/test-archive-keyring.sec and b/test/integration/keyrings/test-archive-keyring.sec differ diff --git a/test/integration/keyrings/test-master-keyring.pub b/test/integration/keyrings/test-master-keyring.pub index 33aa16796..9809d3259 100644 Binary files a/test/integration/keyrings/test-master-keyring.pub and b/test/integration/keyrings/test-master-keyring.pub differ diff --git a/test/integration/keyrings/test-master-keyring.sec b/test/integration/keyrings/test-master-keyring.sec index 9cb33176c..c5c5bfd5f 100644 Binary files a/test/integration/keyrings/test-master-keyring.sec and b/test/integration/keyrings/test-master-keyring.sec differ diff --git a/test/integration/marvinparanoid.pub b/test/integration/marvinparanoid.pub index 9a59c2e40..866dc1492 100644 Binary files a/test/integration/marvinparanoid.pub and b/test/integration/marvinparanoid.pub differ diff --git a/test/integration/marvinparanoid.sec b/test/integration/marvinparanoid.sec index ff54e8680..ace09f735 100644 Binary files a/test/integration/marvinparanoid.sec and b/test/integration/marvinparanoid.sec differ diff --git a/test/integration/rexexpired.pub b/test/integration/rexexpired.pub index 5ab2e489a..2d2c81c83 100644 Binary files a/test/integration/rexexpired.pub and b/test/integration/rexexpired.pub differ diff --git a/test/integration/rexexpired.sec b/test/integration/rexexpired.sec index dc00168cd..c431fd908 100644 Binary files a/test/integration/rexexpired.sec and b/test/integration/rexexpired.sec differ -- cgit v1.2.3 From 19fdf93d7363261227811a62157063081b9f1a5d Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Tue, 16 Aug 2016 15:46:19 +0200 Subject: add the gpg-classic variant to the gpgv/gnupg or-group We need to support partial upgrades anyhow, so we have to deal with the different versions and your tests try to ensure that we do, so we shouldn't make any explicit higher requirements. --- test/integration/framework | 45 ++++++-------------------- test/integration/test-apt-key | 34 ++++++++++++++----- test/integration/test-apt-key-net-update | 9 +----- test/integration/test-releasefile-verification | 5 ++- 4 files changed, 39 insertions(+), 54 deletions(-) (limited to 'test/integration') diff --git a/test/integration/framework b/test/integration/framework index 8d124858b..1e356ffaf 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -1856,49 +1856,24 @@ testwebserverlaststatuscode() { msggroup } -createlistofkeys() { - local OUTPUT="$1" - shift +mapkeynametokeyid() { while [ -n "$1" ]; do - # gpg 2.1.something starts printing [SC] at some point - if grep -q ' rsa2048/' "$OUTPUT" && grep -qF '[SC]' "$OUTPUT"; then - case "$1" in - *Joe*|*Sixpack*) echo 'pub rsa2048/DBAC8DAE 2010-08-18 [SC]';; - *Rex*|*Expired*) echo 'pub rsa2048/27CE74F9 2013-07-12 [SC] [expired: 2013-07-13]';; - *Marvin*|*Paranoid*) echo 'pub rsa2048/528144E2 2011-01-16 [SC]';; - oldarchive) echo 'pub rsa1024/F68C85A3 2013-12-19 [SC]';; - newarchive) echo 'pub rsa2048/DBAC8DAE 2010-08-18 [SC]';; - *) echo 'UNKNOWN KEY';; - esac - # gpg 2.1 has a slightly different output format - elif grep -q ' rsa2048/' "$OUTPUT"; then - case "$1" in - *Joe*|*Sixpack*) echo 'pub rsa2048/DBAC8DAE 2010-08-18';; - *Rex*|*Expired*) echo 'pub rsa2048/27CE74F9 2013-07-12 [expired: 2013-07-13]';; - *Marvin*|*Paranoid*) echo 'pub rsa2048/528144E2 2011-01-16';; - oldarchive) echo 'pub rsa1024/F68C85A3 2013-12-19';; - newarchive) echo 'pub rsa2048/DBAC8DAE 2010-08-18';; - *) echo 'UNKNOWN KEY';; - esac - else - case "$1" in - *Joe*|*Sixpack*) echo 'pub 2048R/DBAC8DAE 2010-08-18';; - *Rex*|*Expired*) echo 'pub 2048R/27CE74F9 2013-07-12 [expired: 2013-07-13]';; - *Marvin*|*Paranoid*) echo 'pub 2048R/528144E2 2011-01-16';; - oldarchive) echo 'pub 1024R/F68C85A3 2013-12-19';; - newarchive) echo 'pub 2048R/DBAC8DAE 2010-08-18';; - *) echo 'UNKNOWN KEY';; - esac - fi + case "$1" in + *Joe*|*Sixpack*|newarchive) echo '5A90D141DBAC8DAE';; + *Rex*|*Expired*) echo '4BC0A39C27CE74F9';; + *Marvin*|*Paranoid*) echo 'E8525D47528144E2';; + oldarchive) echo 'FDD2DB85F68C85A3';; + *) echo 'UNKNOWN KEY';; + esac shift done } testaptkeys() { local OUTPUT="${TMPWORKINGDIRECTORY}/rootdir/tmp/aptkeylist.output" - if ! aptkey list | grep '^pub' > "$OUTPUT"; then + if ! aptkey list --with-colon | grep '^pub' | cut -d':' -f 5 > "$OUTPUT"; then echo -n > "$OUTPUT" fi - testfileequal "$OUTPUT" "$(createlistofkeys "$OUTPUT" "$@")" + testfileequal "$OUTPUT" "$(mapkeynametokeyid "$@")" } pause() { diff --git a/test/integration/test-apt-key b/test/integration/test-apt-key index e777de1a4..eb5f998cf 100755 --- a/test/integration/test-apt-key +++ b/test/integration/test-apt-key @@ -41,7 +41,9 @@ APT::Key::RemovedKeys \"${KEYDIR}/rexexpired.pub\";" > "${ROOTDIR}/etc/apt/apt.c msgtest 'Check that paths in finger output are not' 'double-slashed' testfailure --nomsg grep '//' "${ROOTDIR}/tmp/testsuccess.output" - testsuccessequal 'gpg: key DBAC8DAE: "Joe Sixpack (APT Testcases Dummy) " not changed + testequalor2 'gpg: key DBAC8DAE: "Joe Sixpack (APT Testcases Dummy) " not changed +gpg: Total number processed: 1 +gpg: unchanged: 1' 'gpg: key 5A90D141DBAC8DAE: "Joe Sixpack (APT Testcases Dummy) " not changed gpg: Total number processed: 1 gpg: unchanged: 1' aptkey --fakeroot update @@ -185,8 +187,9 @@ gpg: unchanged: 1' aptkey --fakeroot update msgtest 'Test verify a file' 'with no sig' testfailure --nomsg aptkey --quiet --readonly --keyring "${KEYDIR}/testcase-multikey.pub" verify "${SIGNATURE}" "${SIGNATURE}2" - for GPGV in '' 'gpgv' 'gpgv2'; do + for GPGV in '' 'gpgv' 'gpgv1' 'gpgv2'; do echo "APT::Key::GPGVCommand \"$GPGV\";" > "${ROOTDIR}/etc/apt/apt.conf.d/00gpgvcmd" + if [ -n "$GPGV" ] && ! command dpkg -l gnupg1 2>&1 | grep -q '^ii'; then continue; fi msgtest 'Test verify a file' 'with all keys' testsuccess --nomsg aptkey --quiet --readonly verify "${SIGNATURE}.gpg" "${SIGNATURE}" @@ -229,8 +232,9 @@ gpg: unchanged: 1' aptkey --fakeroot update adv --batch --yes -u 'Marvin' -u 'Joe' --armor --detach-sign --sign --output "${SIGNATURE}.gpg" "${SIGNATURE}" testsuccess test -s "${SIGNATURE}.gpg" -a -s "${SIGNATURE}" - for GPGV in '' 'gpgv' 'gpgv2'; do + for GPGV in '' 'gpgv' 'gpgv1' 'gpgv2'; do echo "APT::Key::GPGVCommand \"$GPGV\";" > "${ROOTDIR}/etc/apt/apt.conf.d/00gpgvcmd" + if [ -n "$GPGV" ] && ! command dpkg -l gnupg1 2>&1 | grep -q '^ii'; then continue; fi msgtest 'Test verify a doublesigned file' 'with all keys' testsuccess --nomsg aptkey --quiet --readonly verify "${SIGNATURE}.gpg" "${SIGNATURE}" @@ -265,11 +269,25 @@ gpg: unchanged: 1' aptkey --fakeroot update } setupgpgcommand() { - echo "APT::Key::GPGCommand \"$1\";" > "${ROOTDIR}/etc/apt/apt.conf.d/00gpgcmd" - msgmsg 'Force tests to be run with' "$1" + local GPGEXE; + if command dpkg -l gnupg1 2>&1 | grep -q '^ii'; then + if [ "$1" = '1' ]; then + GPGEXE='gpg1' + else + GPGEXE='gpg' + fi + else + if [ "$1" = '1' ]; then + GPGEXE='gpg' + else + GPGEXE='gpg2' + fi + fi + msgmsg 'Force tests to be run with' "$GPGEXE" + echo "APT::Key::GPGCommand \"$GPGEXE\";" > "${ROOTDIR}/etc/apt/apt.conf.d/00gpgcmd" testsuccess aptkey --readonly adv --version cp "${ROOTDIR}/tmp/testsuccess.output" "${TMPWORKINGDIRECTORY}/aptkey.version" - testsuccess grep "^gpg (GnuPG) $2\." "${TMPWORKINGDIRECTORY}/aptkey.version" + testsuccess grep "^gpg (GnuPG) $1\." "${TMPWORKINGDIRECTORY}/aptkey.version" } # run with default (whatever this is) in current CWD with relative paths @@ -285,7 +303,7 @@ cd inaccessible chmod 600 ../inaccessible testfilestats "${TMPWORKINGDIRECTORY}/inaccessible" '%a' '=' '600' -setupgpgcommand 'gpg' '1' +setupgpgcommand '1' testrun -setupgpgcommand 'gpg2' '2' +setupgpgcommand '2' testrun diff --git a/test/integration/test-apt-key-net-update b/test/integration/test-apt-key-net-update index 990fb5ad2..b9f716e10 100755 --- a/test/integration/test-apt-key-net-update +++ b/test/integration/test-apt-key-net-update @@ -24,14 +24,7 @@ echo 'APT::Key::Net-Update-Enabled "1";' >> ./aptconfig.conf # test against the "real" webserver testsuccess aptkey --fakeroot net-update -testequalor2 'Checking for new archive signing keys now -gpg: key F68C85A3: public key "Test Automatic Archive Signing Key " imported -gpg: Total number processed: 1 -gpg: imported: 1 (RSA: 1)' 'Checking for new archive signing keys now -gpg: key F68C85A3: public key "Test Automatic Archive Signing Key " imported -gpg: Total number processed: 1 -gpg: imported: 1' cat rootdir/tmp/testsuccess.output - +testfailure grep 'not added' rootdir/tmp/testsuccess.output testaptkeys 'oldarchive' 'newarchive' # now try a different one diff --git a/test/integration/test-releasefile-verification b/test/integration/test-releasefile-verification index fec7b1302..20ca613da 100755 --- a/test/integration/test-releasefile-verification +++ b/test/integration/test-releasefile-verification @@ -237,7 +237,7 @@ runtest() { updatewithwarnings '^W: .* NO_PUBKEY' sed -i "s#^\(deb\(-src\)\?\) \[signed-by=$MARVIN\] #\1 #" rootdir/etc/apt/sources.list.d/* - local MARVIN="$(aptkey --keyring $MARVIN finger | grep 'Key fingerprint' | cut -d'=' -f 2 | tr -d ' ')" + local MARVIN="$(aptkey --keyring $MARVIN finger --with-colons | grep '^fpr' | cut -d':' -f 10)" msgmsg 'Cold archive signed by bad keyid' 'Joe Sixpack' rm -rf rootdir/var/lib/apt/lists signreleasefiles 'Joe Sixpack' @@ -261,7 +261,7 @@ runtest() { " aptcache show apt installaptold - local SIXPACK="$(aptkey --keyring keys/joesixpack.pub finger | grep 'Key fingerprint' | cut -d'=' -f 2 | tr -d ' ')" + local SIXPACK="$(aptkey --keyring keys/joesixpack.pub finger --with-colons | grep '^fpr' | cut -d':' -f 10)" msgmsg 'Cold archive signed by good keyids' 'Joe Sixpack' rm -rf rootdir/var/lib/apt/lists signreleasefiles 'Joe Sixpack' @@ -271,7 +271,6 @@ runtest() { " aptcache show apt installaptold - local SIXPACK="$(aptkey --keyring keys/joesixpack.pub finger | grep 'Key fingerprint' | cut -d'=' -f 2 | tr -d ' ')" msgmsg 'Cold archive signed by good keyids' 'Joe Sixpack' rm -rf rootdir/var/lib/apt/lists sed -i "s#^\(deb\(-src\)\?\) \[signed-by=${SIXPACK},${MARVIN}\] #\1 [signed-by=${MARVIN},${SIXPACK}] #" rootdir/etc/apt/sources.list.d/* -- cgit v1.2.3 From e289907f5e7241034cb0d37055dc2cba4e3a19af Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Wed, 17 Aug 2016 08:10:29 +0200 Subject: allow spaces in fingerprints for 'apt-key del' Fingerprints tend to be displayed in space-separated octet pairs so be nice and allow delete to remove a key based on such a string rather than requiring that the user is deleting all the spaces manually. --- test/integration/test-apt-key | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'test/integration') diff --git a/test/integration/test-apt-key b/test/integration/test-apt-key index eb5f998cf..759ce1487 100755 --- a/test/integration/test-apt-key +++ b/test/integration/test-apt-key @@ -116,6 +116,14 @@ gpg: unchanged: 1' aptkey --fakeroot update testfailure test -e "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg" testsuccess cmp "${KEYDIR}/joesixpack.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg~" + msgtest 'Test key removal with' 'spaced fingerprint' + cleanplate + cp -a "${KEYDIR}/joesixpack.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg" + testsuccess --nomsg aptkey --fakeroot del '34A8 E9D1 8DB3 20F3 67E8 EAA0 5A90 D141 DBAC 8DAE' + testempty aptkey list + testfailure test -e "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg" + testsuccess cmp "${KEYDIR}/joesixpack.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg~" + msgtest 'Test key removal with' 'single key in softlink' cleanplate ln -s "$(readlink -f "${KEYDIR}/joesixpack.pub")" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg" -- cgit v1.2.3 From 8bd823d0a1f7e08ad94a7110bb118f73348133a1 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Tue, 16 Aug 2016 20:08:29 +0200 Subject: add --with-source option and Packages/Sources support We support "./foobar.deb" as a way to install a deb file directly. Recently .changes files were added. This highlights a problem as you can't add the changes file without also trying to install all of them. Now, it could also be handy to add entire Packages/Sources files to perhaps get a bunch of packages in without installing them all implicitly. This commit introduces --with-source which allows to add *.deb, *.changes, *.dsc, source-dirs, Packages & Sources files (the later can also be compressed) without also installing them. --- test/integration/test-apt-get-install-deb | 35 ++++++++++++++++++++++ .../test-apt-key-used-in-maintainerscript | 2 +- 2 files changed, 36 insertions(+), 1 deletion(-) (limited to 'test/integration') diff --git a/test/integration/test-apt-get-install-deb b/test/integration/test-apt-get-install-deb index 3aacc301d..5f2877dfd 100755 --- a/test/integration/test-apt-get-install-deb +++ b/test/integration/test-apt-get-install-deb @@ -64,6 +64,23 @@ Remv foo:i386 [1.0] Inst foo (1.0 local-deb [amd64]) Conf foo (1.0 local-deb [amd64])" aptget install ./incoming/foo_1.0_amd64.deb -s +testsuccessequal 'Reading package lists... +Building dependency tree... +Reading state information... +0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.' aptget install --with-source ./incoming/foo_1.0_amd64.deb -s + +testsuccessequal 'Reading package lists... +Building dependency tree... +Reading state information... +The following packages will be REMOVED: + foo:i386 +The following NEW packages will be installed: + foo +0 upgraded, 1 newly installed, 1 to remove and 0 not upgraded. +Remv foo:i386 [1.0] +Inst foo (1.0 local-deb [amd64]) +Conf foo (1.0 local-deb [amd64])' aptget install --with-source ./incoming/foo_1.0_amd64.deb foo -s + # Check that installing the local deb works if it is not the candidate echo "Package: foo Pin: version 1.0 @@ -133,3 +150,21 @@ fi sed -i -e '/^Depends: foo/ d' rootdir/var/lib/dpkg/status testsuccess aptget install -y ./incoming/pkg-as-it-should-be_0_all.deb testfailure grep 'is already the newest version' rootdir/tmp/testsuccess.output +testsuccess apt purge -y pkg-as-it-should-be + +echo "Package: pkg-as-it-should-be +Architecture: all +Version: 0 +Installed-Size: 2903 +Filename: incoming/pkg-as-it-should-be_0_all.deb +Size: $(stat -c %s incoming/pkg-as-it-should-be_0_all.deb) +SHA256: $(sha256sum incoming/pkg-as-it-should-be_0_all.deb | cut -d' ' -f 1) +" > Packages +testdpkgnotinstalled 'pkg-as-it-should-be' +testnopackage pkg-as-it-should-be +testsuccess apt install --with-source ./Packages pkg-as-it-should-be -s +testsuccess apt install --with-source ./Packages pkg-as-it-should-be --print-uris +testsuccess apt show --with-source ./Packages pkg-as-it-should-be +testequal 'Package: pkg-as-it-should-be' head -n1 rootdir/tmp/testsuccess.output +testsuccess apt install -y --with-source ./Packages pkg-as-it-should-be +testdpkginstalled 'pkg-as-it-should-be' diff --git a/test/integration/test-apt-key-used-in-maintainerscript b/test/integration/test-apt-key-used-in-maintainerscript index f7008084f..b5ed3279f 100755 --- a/test/integration/test-apt-key-used-in-maintainerscript +++ b/test/integration/test-apt-key-used-in-maintainerscript @@ -32,7 +32,7 @@ testdpkginstalled 'aptkeyuser-depends' testfailure grep '^Warning: This will BREAK' apt.output testsuccess grep '^Warning: apt-key' apt.output -testsuccess apt install ./incoming/aptkeyuser-nodepends_*.changes -y +testsuccess apt install --with-source ./incoming/aptkeyuser-nodepends_*.changes aptkeyuser-nodepends -y cp rootdir/tmp/testsuccess.output apt.output testdpkginstalled 'aptkeyuser-nodepends' testsuccess grep '^Warning: This will BREAK' apt.output -- cgit v1.2.3 From d1bdb73a96d01896ec8e213a0f14abc38d19a929 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Wed, 17 Aug 2016 21:53:05 +0200 Subject: methods: read config in most to least specific order MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The implementation of the generic config fallback did the fallback in the wrong order so that the least specific option wasn't the last value picked but in fact the first one… doh! So in the bugreports case http -> https -> http:: -> https:: while it should have been the reverse as before. Regression-In: 30060442025824c491f58887ca7369f3c572fa57 Closes: 834642 --- test/integration/test-bug-623443-fail-on-bad-proxies | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'test/integration') diff --git a/test/integration/test-bug-623443-fail-on-bad-proxies b/test/integration/test-bug-623443-fail-on-bad-proxies index 04542e0cd..d91a3ab8b 100755 --- a/test/integration/test-bug-623443-fail-on-bad-proxies +++ b/test/integration/test-bug-623443-fail-on-bad-proxies @@ -29,5 +29,6 @@ testfailure apt update unset http_proxy testsuccess grep 'Unsupported proxy configured' rootdir/tmp/testfailure.output - - +echo 'Acquire::http::Proxy "foo://example.org"; +Acquire::https::Proxy "DIRECT";' > rootdir/etc/apt/apt.conf.d/proxy.conf +testsuccess apt update -- cgit v1.2.3