From 68ba0b7f4e1c03edfb6f621e7e7314ea610af96b Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Wed, 15 Oct 2014 03:47:50 +0200 Subject: testcases runable as root Running the testcases is usually not a good idea, but it can be handy to check if the privilege dropping works. Git-Dch: Ignore --- test/integration/framework | 31 ++++++++++++++++++---- test/integration/test-apt-get-changelog | 9 +++---- test/integration/test-apt-get-download | 13 +++++++-- .../integration/test-apt-get-update-unauth-warning | 2 +- ...test-bug-254770-segfault-if-cache-not-buildable | 14 +++++++--- test/integration/test-bug-738785-switch-protocol | 8 +++++- test/integration/test-sourceslist-trusted-options | 2 +- 7 files changed, 61 insertions(+), 18 deletions(-) (limited to 'test') diff --git a/test/integration/framework b/test/integration/framework index 96b867788..a8d6bf3d0 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -43,7 +43,10 @@ msgtest() { printf "…${CNORMAL} " } msgpass() { printf "${CPASS}PASS${CNORMAL}\n"; } -msgskip() { printf "${CWARNING}SKIP${CNORMAL}\n" >&2; } +msgskip() { + if [ $# -gt 0 ]; then printf "${CWARNING}SKIP: $*${CNORMAL}\n" >&2; + else printf "${CWARNING}SKIP${CNORMAL}\n" >&2; fi +} msgfail() { if [ $# -gt 0 ]; then printf "${CFAIL}FAIL: $*${CNORMAL}\n" >&2; else printf "${CFAIL}FAIL${CNORMAL}\n" >&2; fi @@ -170,6 +173,12 @@ setupenvironment() { addtrap "cd /; rm -rf $TMPWORKINGDIRECTORY;" msgninfo "Preparing environment for ${CCMD}$(basename $0)${CINFO} in ${TMPWORKINGDIRECTORY}… " + if [ "$(id -u)" = '0' ]; then + # relax permissions so that running as root with user switching works + umask 022 + chmod o+rx "$TMPWORKINGDIRECTORY" + fi + TESTDIRECTORY=$(readlink -f $(dirname $0)) # allow overriding the default BUILDDIR location BUILDDIRECTORY=${APT_INTEGRATION_TESTS_BUILD_DIR:-"${TESTDIRECTORY}/../../build/bin"} @@ -185,7 +194,7 @@ setupenvironment() { mkdir rootdir aptarchive keys cd rootdir mkdir -p etc/apt/apt.conf.d etc/apt/sources.list.d etc/apt/trusted.gpg.d etc/apt/preferences.d - mkdir -p var/cache var/lib/apt var/log tmp + mkdir -p usr/bin var/cache var/lib/apt var/log tmp mkdir -p var/lib/dpkg/info var/lib/dpkg/updates var/lib/dpkg/triggers touch var/lib/dpkg/available mkdir -p usr/lib/apt @@ -221,7 +230,15 @@ setupenvironment() { echo "Debug::NoLocking \"true\";" >> aptconfig.conf echo "APT::Get::Show-User-Simulation-Note \"false\";" >> aptconfig.conf echo "Dir::Bin::Methods \"${METHODSDIR}\";" >> aptconfig.conf - echo "Dir::Bin::apt-key \"${BUILDDIRECTORY}/apt-key\";" >> aptconfig.conf + # store apt-key were we can access it, even if we run it as a different user + # destroys coverage reporting though, so just do it for root for now + if [ "$(id -u)" = '0' ]; then + cp "${BUILDDIRECTORY}/apt-key" "${TMPWORKINGDIRECTORY}/rootdir/usr/bin/" + chmod o+rx "${TMPWORKINGDIRECTORY}/rootdir/usr/bin/apt-key" + echo "Dir::Bin::apt-key \"${TMPWORKINGDIRECTORY}/rootdir/usr/bin/apt-key\";" >> aptconfig.conf + else + echo "Dir::Bin::apt-key \"${BUILDDIRECTORY}/apt-key\";" >> aptconfig.conf + fi echo "Dir::Bin::dpkg \"fakeroot\";" >> aptconfig.conf echo "DPKG::options:: \"dpkg\";" >> aptconfig.conf echo "DPKG::options:: \"--root=${TMPWORKINGDIRECTORY}/rootdir\";" >> aptconfig.conf @@ -239,7 +256,11 @@ setupenvironment() { # hide this as we can't really deal with it properly echo 'Acquire::Failure::ShowIP "false";' >> aptconfig.conf - echo "Acquire::https::CaInfo \"${TESTDIR}/apt.pem\";" > rootdir/etc/apt/apt.conf.d/99https + cp "${TESTDIRECTORY}/apt.pem" "${TMPWORKINGDIRECTORY}/rootdir/etc/webserver.pem" + if [ "$(id -u)" = '0' ]; then + chown _apt:root "${TMPWORKINGDIRECTORY}/rootdir/etc/webserver.pem" + fi + echo "Acquire::https::CaInfo \"${TMPWORKINGDIRECTORY}/rootdir/etc/webserver.pem\";" > rootdir/etc/apt/apt.conf.d/99https echo "Apt::Cmd::Disable-Script-Warning \"1\";" > rootdir/etc/apt/apt.conf.d/apt-binary configcompression '.' 'gz' #'bz2' 'lzma' 'xz' @@ -977,7 +998,7 @@ changetohttpswebserver() { changetowebserver --no-rewrite "$@" fi echo "pid = ${TMPWORKINGDIRECTORY}/aptarchive/stunnel.pid -cert = ${TESTDIRECTORY}/apt.pem +cert = ${TMPWORKINGDIRECTORY}/rootdir/etc/webserver.pem output = /dev/null [https] diff --git a/test/integration/test-apt-get-changelog b/test/integration/test-apt-get-changelog index 02d6c39ab..76a32a122 100755 --- a/test/integration/test-apt-get-changelog +++ b/test/integration/test-apt-get-changelog @@ -26,19 +26,18 @@ testequal "'http://localhost:8080//pool/apt_1.0/changelog'" aptget changelog apt testequal "'http://localhost:8080//pool/apt_1.0/changelog' 'http://localhost:8080//pool/apt_1.0/changelog'" aptget changelog apt apt --print-uris -aptget changelog apt -qq > apt.changelog -testfileequal 'apt.changelog' "$(cat aptarchive/pool/apt_1.0/changelog)" -rm apt.changelog +testsuccess aptget changelog apt -qq +testfileequal 'rootdir/tmp/testsuccess.output' "$(cat aptarchive/pool/apt_1.0/changelog)" testsuccess aptget changelog apt -d testfileequal 'apt.changelog' "$(cat aptarchive/pool/apt_1.0/changelog)" -rm apt.changelog aptarchive/pool/apt_1.0/changelog +rm -f apt.changelog aptarchive/pool/apt_1.0/changelog testequal "$(cat aptarchive/pool/apt_1.0.changelog)" aptget changelog apt \ -qq -o APT::Changelogs::Server='http://not-on-the-main-server:8080/' testsuccess aptget changelog apt -d testfileequal 'apt.changelog' "$(cat aptarchive/pool/apt_1.0.changelog)" -rm apt.changelog aptarchive/pool/apt_1.0.changelog +rm -f apt.changelog aptarchive/pool/apt_1.0.changelog testequal 'E: changelog download failed' aptget changelog apt -qq -o APT::Changelogs::Server='http://not-on-the-main-server:8080/' diff --git a/test/integration/test-apt-get-download b/test/integration/test-apt-get-download index 0514542b3..9a154e5fb 100755 --- a/test/integration/test-apt-get-download +++ b/test/integration/test-apt-get-download @@ -11,18 +11,27 @@ buildsimplenativepackage 'apt' 'all' '1.0' 'stable' buildsimplenativepackage 'apt' 'all' '2.0' 'unstable' insertinstalledpackage 'vrms' 'all' '1.0' +OLD_UMASK="$(umask)" umask 0027 +setupaptarchive --no-update +umask "$OLD_UMASK" -setupaptarchive - +# directories should be readable by everyone +find aptarchive/dists -type d | while read dir; do + chmod o+rx "$dir" +done # apt-ftparchive knows how to chmod files find aptarchive/dists -name '*Packages*' -type f | while read file; do testaccessrights "$file" '644' + chmod 640 "$file" done # created by the framework without special care find aptarchive/dists -name '*Release*' -type f | while read file; do testaccessrights "$file" '640' done + +testsuccess aptget update + # all copied files are properly chmodded find rootdir/var/lib/apt/lists -type f | while read file; do testaccessrights "$file" '644' diff --git a/test/integration/test-apt-get-update-unauth-warning b/test/integration/test-apt-get-update-unauth-warning index fe0cb45a4..0389415c1 100755 --- a/test/integration/test-apt-get-update-unauth-warning +++ b/test/integration/test-apt-get-update-unauth-warning @@ -24,7 +24,7 @@ testequal "Ign file: unstable InRelease Err file: unstable Release File not found W: The repository 'file: unstable Release' does not have a Release file. This is deprecated, please contact the owner of the repository. -E: Use --allow-insecure-repositories to force the update" aptget update +E: Use --allow-insecure-repositories to force the update" aptget update --no-allow-insecure-repositories # no package foo testequal "Listing..." apt list foo diff --git a/test/integration/test-bug-254770-segfault-if-cache-not-buildable b/test/integration/test-bug-254770-segfault-if-cache-not-buildable index 59102ddc9..6ae8944b2 100755 --- a/test/integration/test-bug-254770-segfault-if-cache-not-buildable +++ b/test/integration/test-bug-254770-segfault-if-cache-not-buildable @@ -3,17 +3,25 @@ set -e TESTDIR=$(readlink -f $(dirname $0)) . $TESTDIR/framework + +msgtest 'Test run as' 'non-root' +if [ "$(id -u)" = '0' ]; then + msgskip 'root has by definition no problems accessing files' + exit 0 +else + msgpass +fi + setupenvironment configarchitecture "i386" setupaptarchive -CURRENTTRAP="chmod a+x rootdir/var/lib/dpkg; $CURRENTTRAP" -trap "$CURRENTTRAP" 0 HUP INT QUIT ILL ABRT FPE SEGV PIPE TERM +addtrap 'prefix' 'chmod a+x rootdir/var/lib/dpkg;' chmod a-x rootdir/var/lib/dpkg testsegfault() { msgtest "No segfault in" "$*" - local TEST="$($* 2>&1 | grep -v 'E:')" + local TEST="$("$@" 2>&1 | grep -v 'E:')" if [ -z "$TEST" ]; then msgpass else diff --git a/test/integration/test-bug-738785-switch-protocol b/test/integration/test-bug-738785-switch-protocol index f81bba4b9..f450e5e5a 100755 --- a/test/integration/test-bug-738785-switch-protocol +++ b/test/integration/test-bug-738785-switch-protocol @@ -49,8 +49,14 @@ rm https cd - >/dev/null echo "Dir::Bin::Methods \"${COPYMETHODS}\";" >> aptconfig.conf -testequal "E: The method driver $(pwd)/rootdir/usr/lib/apt/methods/https could not be found. +if [ "$(id -u)" = '0' ]; then + testequal "Can't drop privileges for downloading as file '$(pwd)/apt_1.0_all.deb' couldn't be accessed by user '_apt'. +E: The method driver $(pwd)/rootdir/usr/lib/apt/methods/https could not be found. N: Is the package apt-transport-https installed?" aptget download apt -q=0 +else + testequal "E: The method driver $(pwd)/rootdir/usr/lib/apt/methods/https could not be found. +N: Is the package apt-transport-https installed?" aptget download apt -q=0 +fi testsuccess test ! -e apt_1.0_all.deb # revert to all methods diff --git a/test/integration/test-sourceslist-trusted-options b/test/integration/test-sourceslist-trusted-options index 1178df46a..c954f2f4f 100755 --- a/test/integration/test-sourceslist-trusted-options +++ b/test/integration/test-sourceslist-trusted-options @@ -62,7 +62,7 @@ aptgetupdate() { insecureaptgetupdate() { rm -rf rootdir/var/lib/apt/lists - testfailure aptget update + testfailure aptget update --no-allow-insecure-repositories rm -rf rootdir/var/lib/apt/lists testsuccess aptget update --allow-insecure-repositories } -- cgit v1.2.3