From b29c448254fbc2000ea986a828cc6ec7dbbe41aa Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Fri, 9 Nov 2012 10:49:21 +0100 Subject: * cmdline/apt-get.cc: - do not call Mark{Install,Delete} from the autoremove code with the FromUser bit set to avoid modifying the auto-installed bit --- test/integration/test-bug-604222-new-and-autoremove | 2 +- test/integration/test-bug-618848-always-respect-user-requests | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'test') diff --git a/test/integration/test-bug-604222-new-and-autoremove b/test/integration/test-bug-604222-new-and-autoremove index 5820fb0dc..ea73c5775 100755 --- a/test/integration/test-bug-604222-new-and-autoremove +++ b/test/integration/test-bug-604222-new-and-autoremove @@ -51,7 +51,7 @@ Building dependency tree... MarkInstall libvtk5.4 [ i386 ] < none -> 5.4.2-8 > ( libs ) FU=0 MarkKeep libvtk5-dev [ i386 ] < none -> 5.4.2-8 > ( libdevel ) FU=0 MarkKeep libvtk5-dev [ i386 ] < none -> 5.4.2-8 > ( libdevel ) FU=0 - MarkDelete libvtk5.4 [ i386 ] < none -> 5.4.2-8 > ( libs ) FU=1 + MarkDelete libvtk5.4 [ i386 ] < none -> 5.4.2-8 > ( libs ) FU=0 The following extra packages will be installed: libavcodec52 libopenal-dev The following NEW packages will be installed: diff --git a/test/integration/test-bug-618848-always-respect-user-requests b/test/integration/test-bug-618848-always-respect-user-requests index 5148be640..1ebadf280 100755 --- a/test/integration/test-bug-618848-always-respect-user-requests +++ b/test/integration/test-bug-618848-always-respect-user-requests @@ -16,11 +16,11 @@ setupaptarchive testequal 'Reading package lists... Building dependency tree... MarkDelete libdb4.8 [ i386 ] < 1.0 > ( other ) FU=1 - MarkDelete exim4-daemon-light [ i386 ] < 1.0 > ( other ) FU=1 + MarkDelete exim4-daemon-light [ i386 ] < 1.0 > ( other ) FU=0 MarkInstall exim4-daemon-heavy [ i386 ] < none -> 1.0 > ( other ) FU=0 Ignore MarkInstall of libdb4.8 [ i386 ] < 1.0 > ( other ) as its mode (Delete) is protected MarkDelete exim4-daemon-heavy [ i386 ] < none -> 1.0 > ( other ) FU=0 - MarkDelete exim4 [ i386 ] < 1.0 > ( other ) FU=1 + MarkDelete exim4 [ i386 ] < 1.0 > ( other ) FU=0 The following packages will be REMOVED: exim4 exim4-daemon-light libdb4.8 MarkDelete exim4 [ i386 ] < 1.0 > ( other ) FU=1 -- cgit v1.2.3 From 0f2def05fc907a1349a0800dd0f4f7c3a0b99fca Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Fri, 1 Feb 2013 07:07:33 +0100 Subject: add a integration test for bug 1078697 --- .../test-bug-1078697-missing-source-hashes | 35 ++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100755 test/integration/test-bug-1078697-missing-source-hashes (limited to 'test') diff --git a/test/integration/test-bug-1078697-missing-source-hashes b/test/integration/test-bug-1078697-missing-source-hashes new file mode 100755 index 000000000..6fcb856b5 --- /dev/null +++ b/test/integration/test-bug-1078697-missing-source-hashes @@ -0,0 +1,35 @@ +#!/bin/sh +set -e + +TESTDIR=$(readlink -f $(dirname $0)) +. $TESTDIR/framework +setupenvironment +configarchitecture "i386" + +msgtest 'Test apt-ftparchive source with missing hashes in .dsc' + +touch aptarchive/foo_1.0.tar.gz +cat > aptarchive/foo_1.0.dsc << EOF +Format: 3.0 (native) +Source: foo +Binary: foo +Architecture: all +Version: 1.0 +Package-List: + foo deb admin extra +Files: + d41d8cd98f00b204e9800998ecf8427e 0 foo_1.0.tar.gz +EOF + +# check for the SHA hashes +aptftparchive sources aptarchive/ > aptarchive/Sources 2>/dev/null || msgfail +test -n "$(grep Checksums-Sha512 aptarchive/Sources)" && msgpass || msgfail + +for hash in sha512sum sha256sum sha1sum; do + for f in foo_1.0.tar.gz foo_1.0.dsc; do + SUM=$($hash aptarchive/$f | cut -d' ' -f1) + msgtest "Test $hash hash matches for $f" + NEEDLE="$SUM $(stat -c%s aptarchive/$f) $f" + test -n "$SUM" && test -n "$(grep "$NEEDLE" aptarchive/Sources)" && msgpass || msgfail + done +done -- cgit v1.2.3 From 9bfd7b57d82285fd99ae1ae6147c22af15fdbea0 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Sun, 24 Feb 2013 16:20:43 +0100 Subject: * apt-pkg/depcache.cc: - prefer to install packages which have an already installed M-A:same sibling while choosing providers (LP: #1130419) --- ...u-bug-1130419-prefer-installed-ma-same-siblings | 104 +++++++++++++++++++++ 1 file changed, 104 insertions(+) create mode 100755 test/integration/test-ubuntu-bug-1130419-prefer-installed-ma-same-siblings (limited to 'test') diff --git a/test/integration/test-ubuntu-bug-1130419-prefer-installed-ma-same-siblings b/test/integration/test-ubuntu-bug-1130419-prefer-installed-ma-same-siblings new file mode 100755 index 000000000..af6b7b504 --- /dev/null +++ b/test/integration/test-ubuntu-bug-1130419-prefer-installed-ma-same-siblings @@ -0,0 +1,104 @@ +#!/bin/sh +set -e + +TESTDIR=$(readlink -f $(dirname $0)) +. $TESTDIR/framework +setupenvironment +configarchitecture 'amd64' 'i386' + +insertpackage 'stable' 'libmesa' 'amd64,i386' '1' 'Multi-Arch: same' +insertpackage 'stable' 'libmesa-lts' 'amd64,i386' '1' 'Provides: libmesa +Conflicts: libmesa +Multi-Arch: same' +insertpackage 'stable' 'steam' 'i386' '1' 'Depends: libmesa' + +insertpackage 'unstable' 'libmesa' 'amd64,i386' '2' 'Multi-Arch: same' +insertpackage 'unstable' 'libmesa-lts' 'amd64,i386' '2' 'Provides: libmesa +Conflicts: libmesa +Multi-Arch: same' +insertpackage 'unstable' 'steam' 'i386' '2' 'Depends: libmesa' + +setupaptarchive + +testequal 'Reading package lists... +Building dependency tree... +The following extra packages will be installed: + libmesa:i386 +The following NEW packages will be installed: + libmesa:i386 steam:i386 +0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. +Inst libmesa:i386 (1 stable [i386]) +Inst steam:i386 (1 stable [i386]) +Conf libmesa:i386 (1 stable [i386]) +Conf steam:i386 (1 stable [i386])' aptget install steam -st stable +testequal 'Reading package lists... +Building dependency tree... +The following extra packages will be installed: + libmesa:i386 +The following NEW packages will be installed: + libmesa:i386 steam:i386 +0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. +Inst libmesa:i386 (2 unstable [i386]) +Inst steam:i386 (2 unstable [i386]) +Conf libmesa:i386 (2 unstable [i386]) +Conf steam:i386 (2 unstable [i386])' aptget install steam -st unstable + +cp rootdir/var/lib/dpkg/status default-status.dpkg +insertinstalledpackage 'libmesa' 'amd64' '1' 'Multi-Arch: same' +testequal 'Reading package lists... +Building dependency tree... +The following extra packages will be installed: + libmesa:i386 +The following NEW packages will be installed: + libmesa:i386 steam:i386 +0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. +Inst libmesa:i386 (1 stable [i386]) +Inst steam:i386 (1 stable [i386]) +Conf libmesa:i386 (1 stable [i386]) +Conf steam:i386 (1 stable [i386])' aptget install steam -st stable +testequal 'Reading package lists... +Building dependency tree... +The following extra packages will be installed: + libmesa libmesa:i386 +The following NEW packages will be installed: + libmesa:i386 steam:i386 +The following packages will be upgraded: + libmesa +1 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. +Inst libmesa [1] (2 unstable [amd64]) +Inst libmesa:i386 (2 unstable [i386]) +Inst steam:i386 (2 unstable [i386]) +Conf libmesa (2 unstable [amd64]) +Conf libmesa:i386 (2 unstable [i386]) +Conf steam:i386 (2 unstable [i386])' aptget install steam -st unstable + +cp default-status.dpkg rootdir/var/lib/dpkg/status +insertinstalledpackage 'libmesa-lts' 'amd64' '1' 'Provides: libmesa +Conflicts: libmesa +Multi-Arch: same' +testequal 'Reading package lists... +Building dependency tree... +The following extra packages will be installed: + libmesa-lts:i386 +The following NEW packages will be installed: + libmesa-lts:i386 steam:i386 +0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. +Inst libmesa-lts:i386 (1 stable [i386]) +Inst steam:i386 (1 stable [i386]) +Conf libmesa-lts:i386 (1 stable [i386]) +Conf steam:i386 (1 stable [i386])' aptget install steam -st stable +testequal 'Reading package lists... +Building dependency tree... +The following extra packages will be installed: + libmesa-lts libmesa-lts:i386 +The following NEW packages will be installed: + libmesa-lts:i386 steam:i386 +The following packages will be upgraded: + libmesa-lts +1 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. +Inst libmesa-lts [1] (2 unstable [amd64]) +Inst libmesa-lts:i386 (2 unstable [i386]) +Inst steam:i386 (2 unstable [i386]) +Conf libmesa-lts (2 unstable [amd64]) +Conf libmesa-lts:i386 (2 unstable [i386]) +Conf steam:i386 (2 unstable [i386])' aptget install steam -st unstable -- cgit v1.2.3 From 55971004215609a02ca19c59bd058da20729ba11 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Thu, 14 Mar 2013 14:26:43 +0100 Subject: * SECURITY UPDATE: InRelease verification bypass - CVE-2013-1051 * apt-pkg/deb/debmetaindex.cc, test/integration/test-bug-595691-empty-and-broken-archive-files, test/integration/test-releasefile-verification: - disable InRelease downloading until the verification issue is fixed, thanks to Ansgar Burchardt for finding the flaw --- .../test-bug-595691-empty-and-broken-archive-files | 30 ++++++++-------------- test/integration/test-releasefile-verification | 4 +-- 2 files changed, 13 insertions(+), 21 deletions(-) (limited to 'test') diff --git a/test/integration/test-bug-595691-empty-and-broken-archive-files b/test/integration/test-bug-595691-empty-and-broken-archive-files index 63883b380..4611b8b8e 100755 --- a/test/integration/test-bug-595691-empty-and-broken-archive-files +++ b/test/integration/test-bug-595691-empty-and-broken-archive-files @@ -13,7 +13,7 @@ setupflataptarchive testaptgetupdate() { rm -rf rootdir/var/lib/apt aptget update 2>> testaptgetupdate.diff >> testaptgetupdate.diff || true - sed -i -e '/^Fetched / d' -e '/Ign / d' -e 's#\[[0-9]* [kMGTPY]*B\]#\[\]#' testaptgetupdate.diff + sed -i -e '/^Fetched / d' -e '/Ign / d' -e '/Release/ d' -e 's#Get:[0-9]\+ #Get: #' -e 's#\[[0-9]* [kMGTPY]*B\]#\[\]#' testaptgetupdate.diff GIVEN="$1" shift msgtest "Test for correctness of" "apt-get update with $*" @@ -81,22 +81,18 @@ testoverfile() { setupcompressor "$1" createemptyfile 'en' - testaptgetupdate "Get:1 file: InRelease [] -Reading package lists..." "empty file en.$COMPRESS over file" + testaptgetupdate 'Reading package lists...' "empty file en.$COMPRESS over file" createemptyarchive 'en' - testaptgetupdate "Get:1 file: InRelease [] -Reading package lists..." "empty archive en.$COMPRESS over file" + testaptgetupdate 'Reading package lists...' "empty archive en.$COMPRESS over file" createemptyarchive 'Packages' # FIXME: Why omits the file transport the Packages Get line? #Get:3 file: Packages [] - testaptgetupdate "Get:1 file: InRelease [] -Reading package lists..." "empty archive Packages.$COMPRESS over file" + testaptgetupdate 'Reading package lists...' "empty archive Packages.$COMPRESS over file" createemptyfile 'Packages' - testaptgetupdate "Get:1 file: InRelease [] -Err file: Packages + testaptgetupdate "Err file: Packages Empty files can't be valid archives W: Failed to fetch ${COMPRESSOR}:$(readlink -f aptarchive/Packages.$COMPRESS) Empty files can't be valid archives @@ -107,26 +103,22 @@ testoverhttp() { setupcompressor "$1" createemptyfile 'en' - testaptgetupdate "Get:1 http://localhost InRelease [] -Get:2 http://localhost Packages [] -Get:3 http://localhost Translation-en + testaptgetupdate "Get: http://localhost Packages [] +Get: http://localhost Translation-en Reading package lists..." "empty file en.$COMPRESS over http" createemptyarchive 'en' - testaptgetupdate "Get:1 http://localhost InRelease [] -Get:2 http://localhost Packages [] -Get:3 http://localhost Translation-en [] + testaptgetupdate "Get: http://localhost Packages [] +Get: http://localhost Translation-en [] Reading package lists..." "empty archive en.$COMPRESS over http" createemptyarchive 'Packages' - testaptgetupdate "Get:1 http://localhost InRelease [] -Get:2 http://localhost Packages [] + testaptgetupdate "Get: http://localhost Packages [] Reading package lists..." "empty archive Packages.$COMPRESS over http" createemptyfile 'Packages' #FIXME: we should response with a good error message instead - testaptgetupdate "Get:1 http://localhost InRelease [] -Get:2 http://localhost Packages + testaptgetupdate "Get: http://localhost Packages Err http://localhost Packages Empty files can't be valid archives W: Failed to fetch ${COMPRESSOR}:$(readlink -f rootdir/var/lib/apt/lists/partial/localhost:8080_Packages) Empty files can't be valid archives diff --git a/test/integration/test-releasefile-verification b/test/integration/test-releasefile-verification index d3ea91de5..01fb2e529 100755 --- a/test/integration/test-releasefile-verification +++ b/test/integration/test-releasefile-verification @@ -184,5 +184,5 @@ runtest2 DELETEFILE="InRelease" runtest -DELETEFILE="Release.gpg" -runtest +#DELETEFILE="Release.gpg" +#runtest -- cgit v1.2.3 From 2d3fe9cfadb33556b7563a98bb5a4698888e6c40 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Fri, 15 Mar 2013 18:53:53 +0100 Subject: - if ExecGPGV deals with a clear-signed file it will split this file into data and signatures, pass it to gpgv for verification and recombines it after that in a known-good way without unsigned blocks and whitespaces resulting usually in more or less the same file as before, but later code can be sure about the format * apt-pkg/deb/debmetaindex.cc: - reenable InRelease by default --- .../test-ubuntu-bug-784473-InRelease-one-message-only | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) (limited to 'test') diff --git a/test/integration/test-ubuntu-bug-784473-InRelease-one-message-only b/test/integration/test-ubuntu-bug-784473-InRelease-one-message-only index d97011914..fad5488fb 100755 --- a/test/integration/test-ubuntu-bug-784473-InRelease-one-message-only +++ b/test/integration/test-ubuntu-bug-784473-InRelease-one-message-only @@ -26,6 +26,14 @@ MD5Sum: 2182897e0a2a0c09e760beaae117a015 2023 Packages.diff/Index 1b895931853981ad8204d2439821b999 4144 Packages.gz'; echo; cat ${RELEASE}.old;) > ${RELEASE} done -aptget update -qq > /dev/null 2> starts-with-unsigned.msg -sed -i 's#File .*InRelease#File InRelease#' starts-with-unsigned.msg -testfileequal starts-with-unsigned.msg "W: GPG error: file: unstable InRelease: File InRelease doesn't start with a clearsigned message" + +msgtest 'The unsigned garbage before signed block is' 'ignored' +aptget update -qq > /dev/null 2>&1 && msgpass || msgfail + +ROOTDIR="$(readlink -f .)" +testequal "Package files: + 100 ${ROOTDIR}/rootdir/var/lib/dpkg/status + release a=now + 500 file:${ROOTDIR}/aptarchive/ unstable/main i386 Packages + release a=unstable,n=unstable,c=main +Pinned packages:" aptcache policy -- cgit v1.2.3 From ad000f6b68f9216412a6a70bcfe6cb11fb0c2fe6 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Sat, 16 Mar 2013 10:08:28 +0100 Subject: add testcase and update changelog --- test/integration/test-inrelease-verification-fail | 80 +++++++++++++++++++++++ 1 file changed, 80 insertions(+) create mode 100755 test/integration/test-inrelease-verification-fail (limited to 'test') diff --git a/test/integration/test-inrelease-verification-fail b/test/integration/test-inrelease-verification-fail new file mode 100755 index 000000000..5cbf1ab4d --- /dev/null +++ b/test/integration/test-inrelease-verification-fail @@ -0,0 +1,80 @@ +#!/bin/sh + +set -e + +TESTDIR=$(readlink -f $(dirname $0)) +. $TESTDIR/framework + +setupenvironment +configarchitecture "i386" + +buildsimplenativepackage 'good-pkg' 'all' '1.0' 'stable' + +setupaptarchive + +# now exchange to the Packages file, note that this could be +# done via MITM too +cat > aptarchive/dists/stable/main/binary-i386/Packages < aptarchive/dists/stable/main/binary-i386/Packages.$extension +done + +# add a space into the BEGIN PGP SIGNATURE PART/END PGP SIGNATURE part +# to trick apt - this is still legal to gpg(v) +sed -i '/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ s/^$/ /g' aptarchive/dists/stable/InRelease + +# and append our own hashes for the modified Packages files +cat >> aptarchive/dists/stable/InRelease <> aptarchive/dists/stable/InRelease + # Sources + s="$(sha512sum aptarchive/dists/stable/main/source/Sources$comp | cut -f1 -d' ') $(stat -c %s aptarchive/dists/stable/main/source/Sources$comp) main/source/Sources$comp" + echo " $s" >> aptarchive/dists/stable/InRelease +done; + +# deliver this +changetowebserver + +# ensure the update fails +# useful for debugging to add "-o Debug::pkgAcquire::auth=true" +if aptget update -qq; then + msgfail "apt-get update should NOT work for MITM" + exit 1 +fi + +# ensure there is no package +testequal 'Reading package lists... +Building dependency tree... +E: Unable to locate package bad-mitm' aptget install bad-mitm + +# and verify that its not picked up +#testequal 'N: Unable to locate package bad-mitm' aptcache policy bad-mitm + +# and that the right one is used +#testequal 'good-pkg: +#+ Installed: (none) +#+ Candidate: 1.0 +#+ Version table: +#+ 1.0 0 +#+ 500 http://localhost/ stable/main i386 Packages' aptcache policy good-pkg -- cgit v1.2.3 From d4ddc5b94d6abbd33a3001d27ff5d9698be3f820 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Sun, 17 Mar 2013 19:51:02 +0100 Subject: * test/libapt/assert.h, test/libapt/run-tests: - exit with status 1 on test failure --- test/libapt/assert.h | 2 ++ test/libapt/run-tests | 9 ++++++++- 2 files changed, 10 insertions(+), 1 deletion(-) (limited to 'test') diff --git a/test/libapt/assert.h b/test/libapt/assert.h index fdf6740c6..113c057ed 100644 --- a/test/libapt/assert.h +++ b/test/libapt/assert.h @@ -1,4 +1,5 @@ #include +#include #define equals(x,y) assertEquals(y, x, __LINE__) #define equalsNot(x,y) assertEqualsNot(y, x, __LINE__) @@ -6,6 +7,7 @@ template < typename X, typename Y > void OutputAssertEqual(X expect, char const* compare, Y get, unsigned long const &line) { std::cerr << "Test FAILED: »" << expect << "« " << compare << " »" << get << "« at line " << line << std::endl; + std::exit(EXIT_FAILURE); } template < typename X, typename Y > diff --git a/test/libapt/run-tests b/test/libapt/run-tests index 45a3157f7..f18be6d2b 100755 --- a/test/libapt/run-tests +++ b/test/libapt/run-tests @@ -7,6 +7,7 @@ echo "Compiling the tests …" echo "Running all testcases …" LDPATH="$DIR/../../build/bin" EXT="_libapt_test" +EXIT_CODE=0 # detect if output is on a terminal (colorful) or better not if expr match "$(readlink -f /proc/$$/fd/1)" '/dev/pts/[0-9]\+' > /dev/null; then @@ -106,9 +107,15 @@ do fi echo -n "Testing with ${NAME} " - LD_LIBRARY_PATH=${LDPATH} ${testapp} ${tmppath} && echo "$TESTOKAY" || echo "$TESTFAIL" + if LD_LIBRARY_PATH=${LDPATH} ${testapp} ${tmppath} ; then + echo "$TESTOKAY" + else + echo "$TESTFAIL" + EXIT_CODE=1 + fi if [ -n "$tmppath" -a -d "$tmppath" ]; then rm -rf "$tmppath" fi done +exit $EXIT_CODE -- cgit v1.2.3 From 8c1dd12cb53ce141d8ade2c8abc619dcfa7f37a1 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Mon, 18 Mar 2013 08:08:37 +0100 Subject: * test/integration/framework: - continue after test failure but preserve exit status --- test/integration/framework | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'test') diff --git a/test/integration/framework b/test/integration/framework index 1c4872c8e..883b65bba 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -1,5 +1,7 @@ #!/bin/sh -- # no runable script, just for vi +TESTFAILURES="no" + # we all like colorful messages if expr match "$(readlink -f /proc/$$/fd/1)" '/dev/pts/[0-9]\+' > /dev/null && \ expr match "$(readlink -f /proc/$$/fd/2)" '/dev/pts/[0-9]\+' > /dev/null; then @@ -36,7 +38,7 @@ msgtest() { } msgpass() { echo "${CPASS}PASS${CNORMAL}" >&2; } msgskip() { echo "${CWARNING}SKIP${CNORMAL}" >&2; } -msgfail() { echo "${CFAIL}FAIL${CNORMAL}" >&2; } +msgfail() { echo "${CFAIL}FAIL${CNORMAL}" >&2; TESTFAILURES="yes"; } # enable / disable Debugging MSGLEVEL=${MSGLEVEL:-3} @@ -113,9 +115,13 @@ gdb() { APT_CONFIG=aptconfig.conf LD_LIBRARY_PATH=${BUILDDIRECTORY} $(which gdb) ${BUILDDIRECTORY}/$1 } +exitwithstatus() { + [ "$TESTFAILURES" = "yes" ] && exit 1 || exit 0; +} + addtrap() { CURRENTTRAP="$CURRENTTRAP $1" - trap "$CURRENTTRAP exit;" 0 HUP INT QUIT ILL ABRT FPE SEGV PIPE TERM + trap "$CURRENTTRAP exitwithstatus;" 0 HUP INT QUIT ILL ABRT FPE SEGV PIPE TERM } setupenvironment() { -- cgit v1.2.3 From f91bd741d223395cc3b1a609459e7d7226916e86 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Mon, 18 Mar 2013 11:38:19 +0100 Subject: report failures via exit and ensure we don't overflow --- test/integration/framework | 11 ++++++++--- test/integration/run-tests | 3 ++- 2 files changed, 10 insertions(+), 4 deletions(-) (limited to 'test') diff --git a/test/integration/framework b/test/integration/framework index 883b65bba..cdaa20627 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -1,6 +1,6 @@ #!/bin/sh -- # no runable script, just for vi -TESTFAILURES="no" +TESTFAILURES=0 # we all like colorful messages if expr match "$(readlink -f /proc/$$/fd/1)" '/dev/pts/[0-9]\+' > /dev/null && \ @@ -38,7 +38,7 @@ msgtest() { } msgpass() { echo "${CPASS}PASS${CNORMAL}" >&2; } msgskip() { echo "${CWARNING}SKIP${CNORMAL}" >&2; } -msgfail() { echo "${CFAIL}FAIL${CNORMAL}" >&2; TESTFAILURES="yes"; } +msgfail() { echo "${CFAIL}FAIL${CNORMAL}" >&2; TESTFAILURES=$((TESTFAILURES+1)); } # enable / disable Debugging MSGLEVEL=${MSGLEVEL:-3} @@ -116,7 +116,12 @@ gdb() { } exitwithstatus() { - [ "$TESTFAILURES" = "yes" ] && exit 1 || exit 0; + # error if we about to overflow, but ... + # "255 failures ought to be enough for everybody" + if [ $TESTFAILURES -gt 255 ]; then + msgdie "Total failure count $TESTFAILURES too big" + fi + exit $((TESTFAILURES <= 255 ? TESTFAILURES : 255)); } addtrap() { diff --git a/test/integration/run-tests b/test/integration/run-tests index 75f2ad662..18474b20f 100755 --- a/test/integration/run-tests +++ b/test/integration/run-tests @@ -37,4 +37,5 @@ for testcase in $(run-parts --list $DIR | grep '/test-'); do done echo "failures: $FAIL" -exit $FAIL +# ensure we don't overflow +exit $((FAIL <= 255 ? FAIL : 255)) -- cgit v1.2.3 From 5d76cee187ea6f1443c6afd0d1cf99f3555304ef Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Mon, 18 Mar 2013 11:46:20 +0100 Subject: test/integration/framework: use EXIT_CODE to be consistent with the run-tests code --- test/integration/framework | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'test') diff --git a/test/integration/framework b/test/integration/framework index cdaa20627..4a70573c8 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -1,6 +1,6 @@ #!/bin/sh -- # no runable script, just for vi -TESTFAILURES=0 +EXIT_CODE=0 # we all like colorful messages if expr match "$(readlink -f /proc/$$/fd/1)" '/dev/pts/[0-9]\+' > /dev/null && \ @@ -38,7 +38,7 @@ msgtest() { } msgpass() { echo "${CPASS}PASS${CNORMAL}" >&2; } msgskip() { echo "${CWARNING}SKIP${CNORMAL}" >&2; } -msgfail() { echo "${CFAIL}FAIL${CNORMAL}" >&2; TESTFAILURES=$((TESTFAILURES+1)); } +msgfail() { echo "${CFAIL}FAIL${CNORMAL}" >&2; EXIT_CODE=$((EXIT_CODE+1)); } # enable / disable Debugging MSGLEVEL=${MSGLEVEL:-3} @@ -118,10 +118,10 @@ gdb() { exitwithstatus() { # error if we about to overflow, but ... # "255 failures ought to be enough for everybody" - if [ $TESTFAILURES -gt 255 ]; then - msgdie "Total failure count $TESTFAILURES too big" + if [ $EXIT_CODE -gt 255 ]; then + msgdie "Total failure count $EXIT_CODE too big" fi - exit $((TESTFAILURES <= 255 ? TESTFAILURES : 255)); + exit $((EXIT_CODE <= 255 ? EXIT_CODE : 255)); } addtrap() { -- cgit v1.2.3 From c8b860fb8d0f1531f99db4fad74f5892c6806f1b Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Mon, 18 Mar 2013 12:10:35 +0100 Subject: fix pkgTagSection::Exists() and add test --- test/libapt/makefile | 9 ++++++- test/libapt/tagfile_test.cc | 57 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 65 insertions(+), 1 deletion(-) create mode 100644 test/libapt/tagfile_test.cc (limited to 'test') diff --git a/test/libapt/makefile b/test/libapt/makefile index 5e225f240..953e455e0 100644 --- a/test/libapt/makefile +++ b/test/libapt/makefile @@ -93,8 +93,15 @@ SLIBS = -lapt-pkg SOURCE = cdromreducesourcelist_test.cc include $(PROGRAM_H) -# text IndexCopy::ConvertToSourceList +# test IndexCopy::ConvertToSourceList PROGRAM = IndexCopyToSourceList${BASENAME} SLIBS = -lapt-pkg SOURCE = indexcopytosourcelist_test.cc include $(PROGRAM_H) + +# test tagfile +PROGRAM = PkgTagFile${BASENAME} +SLIBS = -lapt-pkg +SOURCE = tagfile_test.cc +include $(PROGRAM_H) + diff --git a/test/libapt/tagfile_test.cc b/test/libapt/tagfile_test.cc new file mode 100644 index 000000000..2e2144f99 --- /dev/null +++ b/test/libapt/tagfile_test.cc @@ -0,0 +1,57 @@ +#include +#include + +#include "assert.h" +#include +#include + +char *tempfile = NULL; +int tempfile_fd = -1; + +void remove_tmpfile(void) +{ + if (tempfile_fd > 0) + close(tempfile_fd); + if (tempfile != NULL) { + unlink(tempfile); + free(tempfile); + } +} + +int main(int argc, char *argv[]) +{ + FileFd fd; + const char contents[] = "FieldA-12345678: the value of the field"; + atexit(remove_tmpfile); + tempfile = strdup("apt-test.XXXXXXXX"); + tempfile_fd = mkstemp(tempfile); + + /* (Re-)Open (as FileFd), write and seek to start of the temp file */ + equals(fd.OpenDescriptor(tempfile_fd, FileFd::ReadWrite), true); + equals(fd.Write(contents, strlen(contents)), true); + equals(fd.Seek(0), true); + + pkgTagFile tfile(&fd); + pkgTagSection section; + equals(tfile.Step(section), true); + + /* It has one field */ + equals(section.Count(), 1); + + /* ... and it is called FieldA-12345678 */ + equals(section.Exists("FieldA-12345678"), true); + + /* its value is correct */ + equals(section.FindS("FieldA-12345678"), std::string("the value of the field")); + /* A non-existent field has an empty string as value */ + equals(section.FindS("FieldB-12345678"), std::string()); + + /* ... and Exists does not lie about missing fields... */ + equalsNot(section.Exists("FieldB-12345678"), true); + + /* There is only one section in this tag file */ + equals(tfile.Step(section), false); + + /* clean up handled by atexit handler, so just return here */ + return 0; +} -- cgit v1.2.3 From 0c98ee5ade6bb660bf23b09d759e0bb3c52068b9 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Mon, 18 Mar 2013 13:52:43 +0100 Subject: test/libapt/tagfile_test.cc: add missing "unistd.h" (thanks to Niels Thykier) --- test/libapt/tagfile_test.cc | 1 + 1 file changed, 1 insertion(+) (limited to 'test') diff --git a/test/libapt/tagfile_test.cc b/test/libapt/tagfile_test.cc index 2e2144f99..d12c74c95 100644 --- a/test/libapt/tagfile_test.cc +++ b/test/libapt/tagfile_test.cc @@ -4,6 +4,7 @@ #include "assert.h" #include #include +#include char *tempfile = NULL; int tempfile_fd = -1; -- cgit v1.2.3 From 34747d46be3a15105d896266d8043f55d04e7735 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 18 Mar 2013 17:06:51 +0100 Subject: rename testcase to mention CVE number, make the code more consistent with the rest and add some more tests (by fixing commented ones) --- .../test-cve-2013-1051-InRelease-parsing | 61 +++++++++++++++++ test/integration/test-inrelease-verification-fail | 80 ---------------------- 2 files changed, 61 insertions(+), 80 deletions(-) create mode 100755 test/integration/test-cve-2013-1051-InRelease-parsing delete mode 100755 test/integration/test-inrelease-verification-fail (limited to 'test') diff --git a/test/integration/test-cve-2013-1051-InRelease-parsing b/test/integration/test-cve-2013-1051-InRelease-parsing new file mode 100755 index 000000000..bd68fccf6 --- /dev/null +++ b/test/integration/test-cve-2013-1051-InRelease-parsing @@ -0,0 +1,61 @@ +#!/bin/sh +set -e + +TESTDIR=$(readlink -f $(dirname $0)) +. $TESTDIR/framework + +setupenvironment +configarchitecture 'i386' + +insertpackage 'stable' 'good-pkg' 'all' '1.0' + +setupaptarchive + +changetowebserver +ARCHIVE='http://localhost/' +msgtest 'Initial apt-get update should work with' 'InRelease' +aptget update -qq && msgpass || msgfail + +# check that the setup is correct +testequal "good-pkg: + Installed: (none) + Candidate: 1.0 + Version table: + 1.0 0 + 500 ${ARCHIVE} stable/main i386 Packages" aptcache policy good-pkg + +# now exchange to the Packages file, note that this could be +# done via MITM too +insertpackage 'stable' 'bad-mitm' 'all' '1.0' + +# this builds compressed files and a new (unsigned) Release +buildaptarchivefromfiles '+1hour' + +# add a space into the BEGIN PGP SIGNATURE PART/END PGP SIGNATURE part +# to trick apt - this is still legal to gpg(v) +sed -i '/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ s/^$/ /g' aptarchive/dists/stable/InRelease + +# we append the (evil unsigned) Release file to the (good signed) InRelease +cat aptarchive/dists/stable/Release >> aptarchive/dists/stable/InRelease + + +# ensure the update fails +# useful for debugging to add "-o Debug::pkgAcquire::auth=true" +msgtest 'apt-get update for should fail with the modified' 'InRelease' +aptget update 2>&1 | grep -q 'Hash Sum mismatch' > /dev/null && msgpass || msgfail + +# ensure there is no package +testequal 'Reading package lists... +Building dependency tree... +E: Unable to locate package bad-mitm' aptget install bad-mitm -s + +# and verify that its not picked up +testequal 'N: Unable to locate package bad-mitm' aptcache policy bad-mitm -q=0 + +# and that the right one is used +testequal "good-pkg: + Installed: (none) + Candidate: 1.0 + Version table: + 1.0 0 + 500 ${ARCHIVE} stable/main i386 Packages" aptcache policy good-pkg diff --git a/test/integration/test-inrelease-verification-fail b/test/integration/test-inrelease-verification-fail deleted file mode 100755 index 5cbf1ab4d..000000000 --- a/test/integration/test-inrelease-verification-fail +++ /dev/null @@ -1,80 +0,0 @@ -#!/bin/sh - -set -e - -TESTDIR=$(readlink -f $(dirname $0)) -. $TESTDIR/framework - -setupenvironment -configarchitecture "i386" - -buildsimplenativepackage 'good-pkg' 'all' '1.0' 'stable' - -setupaptarchive - -# now exchange to the Packages file, note that this could be -# done via MITM too -cat > aptarchive/dists/stable/main/binary-i386/Packages < aptarchive/dists/stable/main/binary-i386/Packages.$extension -done - -# add a space into the BEGIN PGP SIGNATURE PART/END PGP SIGNATURE part -# to trick apt - this is still legal to gpg(v) -sed -i '/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ s/^$/ /g' aptarchive/dists/stable/InRelease - -# and append our own hashes for the modified Packages files -cat >> aptarchive/dists/stable/InRelease <> aptarchive/dists/stable/InRelease - # Sources - s="$(sha512sum aptarchive/dists/stable/main/source/Sources$comp | cut -f1 -d' ') $(stat -c %s aptarchive/dists/stable/main/source/Sources$comp) main/source/Sources$comp" - echo " $s" >> aptarchive/dists/stable/InRelease -done; - -# deliver this -changetowebserver - -# ensure the update fails -# useful for debugging to add "-o Debug::pkgAcquire::auth=true" -if aptget update -qq; then - msgfail "apt-get update should NOT work for MITM" - exit 1 -fi - -# ensure there is no package -testequal 'Reading package lists... -Building dependency tree... -E: Unable to locate package bad-mitm' aptget install bad-mitm - -# and verify that its not picked up -#testequal 'N: Unable to locate package bad-mitm' aptcache policy bad-mitm - -# and that the right one is used -#testequal 'good-pkg: -#+ Installed: (none) -#+ Candidate: 1.0 -#+ Version table: -#+ 1.0 0 -#+ 500 http://localhost/ stable/main i386 Packages' aptcache policy good-pkg -- cgit v1.2.3 From f1828b6977972b4ef6da6401602b7938f6570c32 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 18 Mar 2013 19:36:55 +0100 Subject: - add method to open (maybe) clearsigned files transparently * ftparchive/writer.cc: - use OpenMaybeClearSignedFile to be free from detecting and skipping clearsigning metadata in dsc files --- test/integration/framework | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'test') diff --git a/test/integration/framework b/test/integration/framework index 1c4872c8e..2ef61ca84 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -328,9 +328,15 @@ Package: $NAME" >> ${BUILDDIR}/debian/control fi echo '3.0 (native)' > ${BUILDDIR}/debian/source/format - local SRCS="$( (cd ${BUILDDIR}/..; dpkg-source -b ${NAME}-${VERSION} 2>&1) | grep '^dpkg-source: info: building' | grep -o '[a-z0-9._+~-]*$')" - for SRC in $SRCS; do + (cd ${BUILDDIR}/..; dpkg-source -b ${NAME}-${VERSION} 2>&1) | sed -n 's#^dpkg-source: info: building [^ ]\+ in ##p' \ + | while read SRC; do echo "pool/${SRC}" >> ${BUILDDIR}/../${RELEASE}.${DISTSECTION}.srclist +# if expr match "${SRC}" '.*\.dsc' >/dev/null 2>&1; then +# gpg --yes --no-default-keyring --secret-keyring ./keys/joesixpack.sec \ +# --keyring ./keys/joesixpack.pub --default-key 'Joe Sixpack' \ +# --clearsign -o "${BUILDDIR}/../${SRC}.sign" "${BUILDDIR}/../$SRC" +# mv "${BUILDDIR}/../${SRC}.sign" "${BUILDDIR}/../$SRC" +# fi done for arch in $(echo "$ARCH" | sed -e 's#,#\n#g' | sed -e "s#^native\$#$(getarchitecture 'native')#"); do -- cgit v1.2.3 From 233b78083f6f79730fcb5a6faeb74e2a78b6038a Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 18 Mar 2013 22:57:08 +0100 Subject: * apt-pkg/deb/debindexfile.cc, apt-pkg/deb/deblistparser.cc: - use OpenMaybeClearSignedFile to be free from detecting and skipping clearsigning metadata in dsc and Release files We can't write a "clean" file to disk as not all acquire methods copy Release files before checking them (e.g. cdrom), so this reverts recombining, but uses the method we use for dsc files also in the two places we deal with Release files --- test/integration/framework | 2 +- test/integration/test-apt-cdrom | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) (limited to 'test') diff --git a/test/integration/framework b/test/integration/framework index 2ef61ca84..86e6ed7c3 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -114,7 +114,7 @@ gdb() { } addtrap() { - CURRENTTRAP="$CURRENTTRAP $1" + CURRENTTRAP="$1 $CURRENTTRAP" trap "$CURRENTTRAP exit;" 0 HUP INT QUIT ILL ABRT FPE SEGV PIPE TERM } diff --git a/test/integration/test-apt-cdrom b/test/integration/test-apt-cdrom index f24c99b36..f1c4fd9d3 100755 --- a/test/integration/test-apt-cdrom +++ b/test/integration/test-apt-cdrom @@ -24,6 +24,8 @@ cat Translation-de | xz --format=lzma > Translation-de.lzma cat Translation-de | xz > Translation-de.xz rm Translation-en Translation-de cd - > /dev/null +addtrap "chmod -R +w $PWD/rootdir/media/cdrom/dists/;" +chmod -R -w rootdir/media/cdrom/dists aptcdrom add -m -o quiet=1 > apt-cdrom.log 2>&1 sed -i -e '/^Using CD-ROM/ d' -e '/gpgv/ d' -e '/^Identifying/ d' -e '/Reading / d' apt-cdrom.log -- cgit v1.2.3 From 2f8f21c3d494328f0b4a544998fc6118b25b56c3 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Mon, 25 Mar 2013 08:56:42 +0100 Subject: merge patches from daniel to fix merge artifact and test failure --- test/integration/test-apt-get-download | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'test') diff --git a/test/integration/test-apt-get-download b/test/integration/test-apt-get-download index b164f7dba..420b2e380 100755 --- a/test/integration/test-apt-get-download +++ b/test/integration/test-apt-get-download @@ -26,7 +26,7 @@ testdownload apt_1.0_all.deb apt stable testdownload apt_2.0_all.deb apt DEBFILE="$(readlink -f aptarchive)/pool/apt_2.0_all.deb" -testequal "'file://${DEBFILE}' apt_2.0_all.deb $(stat -c%s $DEBFILE) sha256:$(sha256sum $DEBFILE | cut -d' ' -f 1)" aptget download apt --print-uris +testequal "'file://${DEBFILE}' apt_2.0_all.deb $(stat -c%s $DEBFILE) sha512:$(sha512sum $DEBFILE | cut -d' ' -f 1)" aptget download apt --print-uris # deb:677887 testequal "E: Can't find a source to download version '1.0' of 'vrms:i386'" aptget download vrms -- cgit v1.2.3