From 002b1bc46b18e9d309d337ddb15a6ccdfb6c9dde Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Thu, 15 Oct 2015 09:35:52 +0200 Subject: refer to apt-secure(8) in unsecure repositories warning The manpage is also slightly updated to work better as a central hub to push people from all angles into the right directions without writting a book disguised as an error message. --- test/integration/framework | 4 +- .../integration/test-apt-get-update-unauth-warning | 5 +- .../test-apt-update-failure-propagation | 82 ++++++++++++++++++++++ test/integration/test-apt-update-ims | 7 +- test/integration/test-apt-update-nofallback | 4 +- 5 files changed, 95 insertions(+), 7 deletions(-) create mode 100755 test/integration/test-apt-update-failure-propagation (limited to 'test') diff --git a/test/integration/framework b/test/integration/framework index b4220c8b5..8b85cb71e 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -1661,7 +1661,7 @@ testfailuremsg() { testfailure "$@" msgtest 'Check that the output of the previous failed command has expected' 'failures and warnings' local COMPAREFILE="${TMPWORKINGDIRECTORY}/rootdir/tmp/testfailuremsg.comparefile" - grep '^\(W\|E\):' "${TMPWORKINGDIRECTORY}/rootdir/tmp/testfailure.output" > "$COMPAREFILE" 2>&1 || true + grep '^\(W\|E\|N\):' "${TMPWORKINGDIRECTORY}/rootdir/tmp/testfailure.output" > "$COMPAREFILE" 2>&1 || true testoutputequal "$COMPAREFILE" echo "$CMP" msggroup } @@ -1672,7 +1672,7 @@ testwarningmsg() { testwarning "$@" msgtest 'Check that the output of the previous warned command has expected' 'warnings' local COMPAREFILE="${TMPWORKINGDIRECTORY}/rootdir/tmp/testwarningmsg.comparefile" - grep '^\(W\|E\):' "${TMPWORKINGDIRECTORY}/rootdir/tmp/testwarning.output" > "$COMPAREFILE" 2>&1 || true + grep '^\(W\|E\|N\):' "${TMPWORKINGDIRECTORY}/rootdir/tmp/testwarning.output" > "$COMPAREFILE" 2>&1 || true testoutputequal "$COMPAREFILE" echo "$CMP" msggroup } diff --git a/test/integration/test-apt-get-update-unauth-warning b/test/integration/test-apt-get-update-unauth-warning index fad1cf627..f1515a9c8 100755 --- a/test/integration/test-apt-get-update-unauth-warning +++ b/test/integration/test-apt-get-update-unauth-warning @@ -29,7 +29,7 @@ Err:2 file:$APTARCHIVE unstable Release Reading package lists... E: The repository 'file:$APTARCHIVE unstable Release' does not have a Release file. N: Updating such a repository securily is impossible and therefore disabled by default. -N: Use --allow-insecure-repositories to force an insecure update" aptget update --no-allow-insecure-repositories -q=0 +N: See apt-secure(8) manpage for repository creation and user configuration details." aptget update --no-allow-insecure-repositories -q=0 # no package foo testsuccessequal 'Listing...' apt list foo @@ -80,7 +80,8 @@ Get:4 file:$APTARCHIVE unstable/main i386 Packages [$(filesize 'Packages') B] Get:5 file:$APTARCHIVE unstable/main Translation-en [$(filesize 'Translations') B] Reading package lists... W: The repository 'file:$APTARCHIVE unstable Release' does not have a Release file. -N: Data from such a repository can not be authenticated and is therefore potentially dangerous to use." aptget update --allow-insecure-repositories -q=0 +N: Data from such a repository can not be authenticated and is therefore potentially dangerous to use. +N: See apt-secure(8) manpage for repository creation and user configuration details." aptget update --allow-insecure-repositories -q=0 # ensure we can not install the package testfailureequal "WARNING: The following packages cannot be authenticated! foo diff --git a/test/integration/test-apt-update-failure-propagation b/test/integration/test-apt-update-failure-propagation new file mode 100755 index 000000000..713f09db7 --- /dev/null +++ b/test/integration/test-apt-update-failure-propagation @@ -0,0 +1,82 @@ +#!/bin/sh +set -e + +TESTDIR="$(readlink -f "$(dirname "$0")")" +. "$TESTDIR/framework" +setupenvironment +configarchitecture 'amd64' + +buildsimplenativepackage 'foo' 'all' '1' 'stable' +buildsimplenativepackage 'foo' 'all' '2' 'sid' +setupaptarchive --no-update + +NEWMETHODS="$(readlink -f rootdir)/usr/lib/apt/methods" +OLDMETHODS="$(readlink -f rootdir/usr/lib/apt/methods)" +rm "$NEWMETHODS" +mkdir "$NEWMETHODS" +backupIFS="$IFS" +IFS="$(printf "\n\b")" +for METH in $(find "$OLDMETHODS" ! -type d); do + ln -s "$OLDMETHODS/$(basename "$METH")" "$NEWMETHODS" +done +IFS="$backupIFS" + +changetohttpswebserver +for FILE in rootdir/etc/apt/sources.list.d/*-sid-* ; do + sed -i -e 's#https:#http:#' -e "s#:${APTHTTPSPORT}/#:${APTHTTPPORT}/#" "$FILE" +done + +pretest() { + rm -rf rootdir/var/lib/apt/lists + testsuccessequal 'N: Unable to locate package foo' aptcache policy foo -q=0 +} +pretest +testsuccess aptget update +testsuccessequal "foo: + Installed: (none) + Candidate: 2 + Version table: + 2 500 + 500 http://localhost:${APTHTTPPORT} sid/main amd64 Packages + 1 500 + 500 https://localhost:${APTHTTPSPORT} stable/main amd64 Packages" aptcache policy foo + +pretest +mv aptarchive/dists/stable aptarchive/dists/stable.good +testfailuremsg "E: The repository 'https://localhost:${APTHTTPSPORT} stable Release' does not have a Release file." aptget update +testfailureequal "Hit:1 http://localhost:${APTHTTPPORT} sid InRelease +Ign:2 https://localhost:${APTHTTPSPORT} stable InRelease + 404 Not Found +Err:3 https://localhost:${APTHTTPSPORT} stable Release + 404 Not Found +Reading package lists... +E: The repository 'https://localhost:${APTHTTPSPORT} stable Release' does not have a Release file. +N: Updating such a repository securily is impossible and therefore disabled by default. +N: See apt-secure(8) manpage for repository creation and user configuration details." aptget update -q=0 +mv aptarchive/dists/stable.good aptarchive/dists/stable +posttest() { + testsuccessequal "foo: + Installed: (none) + Candidate: 2 + Version table: + 2 500 + 500 http://localhost:${APTHTTPPORT} sid/main amd64 Packages" aptcache policy foo +} +posttest + +pretest +rm "${NEWMETHODS}/https" +testfailuremsg "E: The method driver ${TMPWORKINGDIRECTORY}/rootdir/usr/lib/apt/methods/https could not be found. +W: Failed to fetch https://localhost:${APTHTTPSPORT}/dists/stable/InRelease +E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update +posttest + +ln -s "$OLDMETHODS/https" "$NEWMETHODS" +pretest +for FILE in rootdir/etc/apt/sources.list.d/*-stable-* ; do + # lets see how many testservers run also Doom + sed -i -e "s#:${APTHTTPSPORT}/#:666/#" "$FILE" +done +testwarningmsg "W: Failed to fetch https://localhost:666/dists/stable/InRelease Failed to connect to localhost port 666: Connection refused +W: Some index files failed to download. They have been ignored, or old ones used instead." aptget update +posttest diff --git a/test/integration/test-apt-update-ims b/test/integration/test-apt-update-ims index 3a66a546f..4c25186f5 100755 --- a/test/integration/test-apt-update-ims +++ b/test/integration/test-apt-update-ims @@ -81,7 +81,8 @@ Ign:3 http://localhost:${APTHTTPPORT} unstable Release.gpg 404 Not Found Reading package lists... W: The repository 'http://localhost:${APTHTTPPORT} unstable Release' is not signed. -N: Data from such a repository can not be authenticated and is therefore potentially dangerous to use." +N: Data from such a repository can not be authenticated and is therefore potentially dangerous to use. +N: See apt-secure(8) manpage for repository creation and user configuration details." find aptarchive -name 'Release.gpg' -delete echo 'Acquire::GzipIndexes "0";' > rootdir/etc/apt/apt.conf.d/02compressindex runtest 'warning' @@ -126,6 +127,7 @@ Ign:3 http://localhost:${APTHTTPPORT} unstable Release.gpg Reading package lists... W: The repository 'http://localhost:${APTHTTPPORT} unstable Release' is not signed. N: Data from such a repository can not be authenticated and is therefore potentially dangerous to use. +N: See apt-secure(8) manpage for repository creation and user configuration details. E: Release file for http://localhost:${APTHTTPPORT}/dists/unstable/Release is expired (invalid since). Updates for this repository will not be applied." find aptarchive -name 'Release.gpg' -delete echo 'Acquire::GzipIndexes "0";' > rootdir/etc/apt/apt.conf.d/02compressindex @@ -162,7 +164,8 @@ Hit:4 http://localhost:${APTHTTPPORT} unstable/main amd64 Packages Hit:5 http://localhost:${APTHTTPPORT} unstable/main Translation-en Reading package lists... W: The repository 'http://localhost:${APTHTTPPORT} unstable Release' does not have a Release file. -N: Data from such a repository can not be authenticated and is therefore potentially dangerous to use." +N: Data from such a repository can not be authenticated and is therefore potentially dangerous to use. +N: See apt-secure(8) manpage for repository creation and user configuration details." find aptarchive -name '*Release*' -delete echo 'Acquire::GzipIndexes "0"; Acquire::PDiffs "0";' > rootdir/etc/apt/apt.conf.d/02compressindex diff --git a/test/integration/test-apt-update-nofallback b/test/integration/test-apt-update-nofallback index e82483da3..1b23d4f11 100755 --- a/test/integration/test-apt-update-nofallback +++ b/test/integration/test-apt-update-nofallback @@ -33,7 +33,9 @@ EOF assert_update_is_refused_and_last_good_state_used() { - testfailuremsg "E: The repository 'file:${APTARCHIVE} unstable Release' is no longer signed." aptget update + testfailuremsg "E: The repository 'file:${APTARCHIVE} unstable Release' is no longer signed. +N: Updating such a repository securily is impossible and therefore disabled by default. +N: See apt-secure(8) manpage for repository creation and user configuration details." aptget update -q=0 assert_repo_is_intact } -- cgit v1.2.3