From fe0f7911b650918e1d511b3453664a07f6d966d0 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Thu, 20 Jan 2011 14:53:52 +0100 Subject: - try downloading clearsigned InRelease before trying Release.gpg * apt-pkg/deb/deblistparser.cc: - rewrite LoadReleaseInfo to cope with clearsigned Releasefiles --- test/integration/Packages-releasefile-verification | 18 +++ .../Packages-releasefile-verification-new | 21 +++ test/integration/framework | 7 + test/integration/marvinparanoid.pub | Bin 0 -> 629 bytes test/integration/marvinparanoid.sec | Bin 0 -> 1280 bytes .../test-bug-595691-empty-and-broken-archive-files | 32 ++--- test/integration/test-releasefile-verification | 160 +++++++++++++++++++++ 7 files changed, 218 insertions(+), 20 deletions(-) create mode 100644 test/integration/Packages-releasefile-verification create mode 100644 test/integration/Packages-releasefile-verification-new create mode 100644 test/integration/marvinparanoid.pub create mode 100644 test/integration/marvinparanoid.sec create mode 100755 test/integration/test-releasefile-verification (limited to 'test/integration') diff --git a/test/integration/Packages-releasefile-verification b/test/integration/Packages-releasefile-verification new file mode 100644 index 000000000..29a385f4f --- /dev/null +++ b/test/integration/Packages-releasefile-verification @@ -0,0 +1,18 @@ +Package: apt +Version: 0.7.25.3 +Architecture: i386 +Maintainer: APT Development Team +Installed-Size: 5244 +Replaces: libapt-pkg-dev (<< 0.3.7), libapt-pkg-doc (<< 0.3.7) +Provides: libapt-pkg-libc6.9-6-4.8 +Suggests: aptitude | synaptic | wajig, dpkg-dev, apt-doc, bzip2, lzma, python-apt +Filename: apt.deb +Size: 0 +MD5sum: d41d8cd98f00b204e9800998ecf8427e +Description: Advanced front-end for dpkg + This is Debian's next generation front-end for the dpkg package manager. + It provides the apt-get utility and APT dselect method that provides a + simpler, safer way to install and upgrade packages. + . + APT features complete installation ordering, multiple source capability + and several other unique features, see the Users Guide in apt-doc. diff --git a/test/integration/Packages-releasefile-verification-new b/test/integration/Packages-releasefile-verification-new new file mode 100644 index 000000000..e3b2edf1f --- /dev/null +++ b/test/integration/Packages-releasefile-verification-new @@ -0,0 +1,21 @@ +Package: apt +Priority: important +Section: admin +Installed-Size: 5672 +Maintainer: APT Development Team +Architecture: i386 +Version: 0.8.0~pre1 +Replaces: manpages-pl (<< 20060617-3~) +Provides: libapt-pkg4.10 +Suggests: aptitude | synaptic | wajig, dpkg-dev, apt-doc, bzip2, lzma, python-apt +Conflicts: python-apt (<< 0.7.93.2~) +Filename: apt.deb +Size: 0 +MD5sum: d41d8cd98f00b204e9800998ecf8427e +Description: Advanced front-end for dpkg + This is Debian's next generation front-end for the dpkg package manager. + It provides the apt-get utility and APT dselect method that provides a + simpler, safer way to install and upgrade packages. + . + APT features complete installation ordering, multiple source capability + and several other unique features, see the Users Guide in apt-doc. diff --git a/test/integration/framework b/test/integration/framework index 5d54e49b6..cb3fca35d 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -383,6 +383,7 @@ buildaptarchivefromfiles() { generatereleasefiles() { msgninfo "\tGenerate Release files… " + local DATE="${1:-now}" if [ -e aptarchive/dists ]; then for dir in $(find ./aptarchive/dists -mindepth 1 -maxdepth 1 -type d); do local CODENAME="$(echo "$dir" | cut -d'/' -f 4)" @@ -395,6 +396,11 @@ NotAutomatic: yes' $dir/Release else aptftparchive -qq release ./aptarchive | sed -e '/0 Release$/ d' > aptarchive/Release # remove the self reference fi + if [ "$DATE" != "now" ]; then + for release in $(find ./aptarchive -name 'Release'); do + touch -d "$1" $release + done + fi msgdone "info" } @@ -455,6 +461,7 @@ signreleasefiles() { done for RELEASE in $(find aptarchive/ -name Release); do gpg --yes --no-default-keyring $SECKEYS $PUBKEYS --default-key "$SIGNER" -abs -o ${RELEASE}.gpg ${RELEASE} + gpg --yes --no-default-keyring $SECKEYS $PUBKEYS --default-key "$SIGNER" --clearsign -o "$(echo "${RELEASE}" | sed 's#/Release$#/InRelease#')" $RELEASE done msgdone "info" } diff --git a/test/integration/marvinparanoid.pub b/test/integration/marvinparanoid.pub new file mode 100644 index 000000000..9a59c2e40 Binary files /dev/null and b/test/integration/marvinparanoid.pub differ diff --git a/test/integration/marvinparanoid.sec b/test/integration/marvinparanoid.sec new file mode 100644 index 000000000..ff54e8680 Binary files /dev/null and b/test/integration/marvinparanoid.sec differ diff --git a/test/integration/test-bug-595691-empty-and-broken-archive-files b/test/integration/test-bug-595691-empty-and-broken-archive-files index 66792899a..c5379dca0 100755 --- a/test/integration/test-bug-595691-empty-and-broken-archive-files +++ b/test/integration/test-bug-595691-empty-and-broken-archive-files @@ -74,28 +74,24 @@ testoverfile() { setupcompressor "$1" createemptyfile 'en' - testaptgetupdate "Get:1 file: Release.gpg [] -Get:2 file: Release [] + testaptgetupdate "Get:1 file: InRelease [] Ign file:$(readlink -f aptarchive)/ Translation-en Reading package lists..." "empty file en.$COMPRESS over file" createemptyarchive 'en' - testaptgetupdate "Get:1 file: Release.gpg [] -Get:2 file: Release [] + testaptgetupdate "Get:1 file: InRelease [] Reading package lists..." "empty archive en.$COMPRESS over file" createemptyarchive 'Packages' # FIXME: Why omits the file transport the Packages Get line? #Get:3 file: Packages [] testaptgetupdate "Ign file:$(readlink -f aptarchive)/ Translation-en -Get:1 file: Release.gpg [] -Get:2 file: Release [] +Get:1 file: InRelease [] Reading package lists..." "empty archive Packages.$COMPRESS over file" createemptyfile 'Packages' testaptgetupdate "Ign file:$(readlink -f aptarchive)/ Translation-en -Get:1 file: Release.gpg [] -Get:2 file: Release [] +Get:1 file: InRelease [] Err file: Packages Undetermined Error W: Failed to fetch file:$(readlink -f aptarchive/Packages.$COMPRESS) Undetermined Error @@ -107,33 +103,29 @@ testoverhttp() { setupcompressor "$1" createemptyfile 'en' - testaptgetupdate "Get:1 http://localhost Release.gpg [] + testaptgetupdate "Get:1 http://localhost InRelease [] Get:2 http://localhost/ Translation-en -Get:3 http://localhost Release [] +Get:3 http://localhost Packages [] Ign http://localhost/ Translation-en -Get:4 http://localhost Packages [] Reading package lists..." "empty file en.$COMPRESS over http" createemptyarchive 'en' - testaptgetupdate "Get:1 http://localhost Release.gpg [] + testaptgetupdate "Get:1 http://localhost InRelease [] Get:2 http://localhost/ Translation-en [] -Get:3 http://localhost Release [] -Get:4 http://localhost Packages [] +Get:3 http://localhost Packages [] Reading package lists..." "empty archive en.$COMPRESS over http" createemptyarchive 'Packages' - testaptgetupdate "Get:1 http://localhost Release.gpg [] + testaptgetupdate "Get:1 http://localhost InRelease [] Ign http://localhost/ Translation-en -Get:2 http://localhost Release [] -Get:3 http://localhost Packages [] +Get:2 http://localhost Packages [] Reading package lists..." "empty archive Packages.$COMPRESS over http" createemptyfile 'Packages' #FIXME: we should response with a good error message instead - testaptgetupdate "Get:1 http://localhost Release.gpg [] + testaptgetupdate "Get:1 http://localhost InRelease [] Ign http://localhost/ Translation-en -Get:2 http://localhost Release [] -Get:3 http://localhost Packages +Get:2 http://localhost Packages Err http://localhost Packages Undetermined Error W: Failed to fetch http://localhost:8080/Packages.$COMPRESS Undetermined Error diff --git a/test/integration/test-releasefile-verification b/test/integration/test-releasefile-verification new file mode 100755 index 000000000..961c49895 --- /dev/null +++ b/test/integration/test-releasefile-verification @@ -0,0 +1,160 @@ +#!/bin/sh +set -e + +TESTDIR=$(readlink -f $(dirname $0)) +. $TESTDIR/framework + +setupenvironment +configarchitecture "i386" + +buildaptarchive +setupflataptarchive +changetowebserver + +prepare() { + local DATE="${2:-now}" + if [ "$DATE" = 'now' -a "$1" = "${PKGFILE}-new" ]; then + DATE='now + 6 days' + fi + for release in $(find rootdir/var/lib/apt/lists 2> /dev/null); do + touch -d 'now - 6 hours' $release + done + rm -rf rootdir/var/cache/apt/archives + rm -f rootdir/var/cache/apt/*.bin + cp $1 aptarchive/Packages + find aptarchive -name 'Release' -delete + cat aptarchive/Packages | gzip > aptarchive/Packages.gz + cat aptarchive/Packages | bzip2 > aptarchive/Packages.bz2 + cat aptarchive/Packages | lzma > aptarchive/Packages.lzma + generatereleasefiles "$DATE" +} + +installaptold() { + testequal 'Reading package lists... +Building dependency tree... +Suggested packages: + aptitude synaptic wajig dpkg-dev apt-doc bzip2 lzma python-apt +The following NEW packages will be installed: + apt +0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. +After this operation, 5370 kB of additional disk space will be used. +Get:1 http://localhost/ apt 0.7.25.3 +Download complete and in download only mode' aptget install apt -dy +} + +installaptnew() { + testequal 'Reading package lists... +Building dependency tree... +Suggested packages: + aptitude synaptic wajig dpkg-dev apt-doc bzip2 lzma python-apt +The following NEW packages will be installed: + apt +0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. +After this operation, 5808 kB of additional disk space will be used. +Get:1 http://localhost/ apt 0.8.0~pre1 +Download complete and in download only mode' aptget install apt -dy +} + +failaptold() { + testequal 'Reading package lists... +Building dependency tree... +Suggested packages: + aptitude synaptic wajig dpkg-dev apt-doc bzip2 lzma python-apt +The following NEW packages will be installed: + apt +0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. +After this operation, 5370 kB of additional disk space will be used. +WARNING: The following packages cannot be authenticated! + apt +E: There are problems and -y was used without --force-yes' aptget install apt -dy +} + +failaptnew() { + testequal 'Reading package lists... +Building dependency tree... +Suggested packages: + aptitude synaptic wajig dpkg-dev apt-doc bzip2 lzma python-apt +The following NEW packages will be installed: + apt +0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. +After this operation, 5808 kB of additional disk space will be used. +WARNING: The following packages cannot be authenticated! + apt +E: There are problems and -y was used without --force-yes' aptget install apt -dy +} + +# fake our downloadable file +touch aptarchive/apt.deb + +PKGFILE="${TESTDIR}/$(echo "$(basename $0)" | sed 's#^test-#Packages-#')" + +runtest() { + prepare ${PKGFILE} + rm -rf rootdir/var/lib/apt/lists + signreleasefiles 'Joe Sixpack' + find aptarchive/ -name "$DELETEFILE" -delete + msgtest 'Cold archive signed by' 'Joe Sixpack' + aptget update 2>&1 | grep -E '^(W|E): ' > /dev/null && msgfail || msgpass + testequal "$(cat ${PKGFILE}) +" aptcache show apt + installaptold + + prepare ${PKGFILE}-new + signreleasefiles 'Joe Sixpack' + find aptarchive/ -name "$DELETEFILE" -delete + msgtest 'Good warm archive signed by' 'Joe Sixpack' + aptget update 2>&1 | grep -E '^(W|E): ' > /dev/null && msgfail || msgpass + testequal "$(cat ${PKGFILE}-new) +" aptcache show apt + installaptnew + + + prepare ${PKGFILE} + rm -rf rootdir/var/lib/apt/lists + signreleasefiles 'Marvin Paranoid' + find aptarchive/ -name "$DELETEFILE" -delete + msgtest 'Cold archive signed by' 'Marvin Paranoid' + aptget update 2>&1 | grep -E '^(W|E): ' > /dev/null && msgpass || msgfail + testequal "$(cat ${PKGFILE}) +" aptcache show apt + failaptold + + prepare ${PKGFILE}-new + # weborf doesn't support If-Range + for release in $(find rootdir/var/lib/apt/lists/partial/ -name '*Release'); do + rm $release + touch $release + done + signreleasefiles 'Joe Sixpack' + find aptarchive/ -name "$DELETEFILE" -delete + msgtest 'Bad warm archive signed by' 'Joe Sixpack' + aptget update 2>&1 | grep -E '^(W|E): ' > /dev/null && msgfail || msgpass + testequal "$(cat ${PKGFILE}-new) +" aptcache show apt + installaptnew + + + prepare ${PKGFILE} + rm -rf rootdir/var/lib/apt/lists + signreleasefiles 'Joe Sixpack' + find aptarchive/ -name "$DELETEFILE" -delete + msgtest 'Cold archive signed by' 'Joe Sixpack' + aptget update 2>&1 | grep -E '^(W|E): ' > /dev/null && msgfail || msgpass + testequal "$(cat ${PKGFILE}) +" aptcache show apt + installaptold + + prepare ${PKGFILE}-new + signreleasefiles 'Marvin Paranoid' + find aptarchive/ -name "$DELETEFILE" -delete + msgtest 'Good warm archive signed by' 'Marvin Paranoid' + aptget update 2>&1 | grep -E '^(W|E): ' > /dev/null && msgpass || msgfail + testequal "$(cat ${PKGFILE}) +" aptcache show apt + installaptold +} + +DELETEFILE="InRelease" +runtest +DELETEFILE="Release.gpg" +runtest -- cgit v1.2.3