From 84eec207be35b8c117c430296d4c212b079c00c1 Mon Sep 17 00:00:00 2001
From: David Kalnischkies <david@kalnischkies.de>
Date: Thu, 6 Oct 2016 18:30:51 +0200
Subject: keep Release.gpg on untrusted to trusted IMS-Hit

A user relying on the deprecated behaviour of apt-get to accept a source
with an unknown pubkey to install a package containing the key expects
that the following 'apt-get update' causes the source to be considered
as trusted, but in case the source hadn't changed in the meantime this
wasn't happening: The source kept being untrusted until the Release file
was changed.

This only effects sources not using InRelease and only apt-get, the apt
binary downright refuses this course of actions, but it is a common way
of adding external sources.

Closes: 838779
---
 ...est-bug-838779-untrusted-to-trusted-Release-hit | 46 ++++++++++++++++++++++
 1 file changed, 46 insertions(+)
 create mode 100755 test/integration/test-bug-838779-untrusted-to-trusted-Release-hit

(limited to 'test')

diff --git a/test/integration/test-bug-838779-untrusted-to-trusted-Release-hit b/test/integration/test-bug-838779-untrusted-to-trusted-Release-hit
new file mode 100755
index 000000000..6fcc2b8e1
--- /dev/null
+++ b/test/integration/test-bug-838779-untrusted-to-trusted-Release-hit
@@ -0,0 +1,46 @@
+#!/bin/sh
+set -e
+
+TESTDIR="$(readlink -f "$(dirname "$0")")"
+. "$TESTDIR/framework"
+setupenvironment
+configarchitecture 'amd64'
+
+buildsimplenativepackage 'foo' 'all' '1' 'stable'
+
+export APT_DONT_SIGN=''
+setupaptarchive --no-update
+
+changetowebserver
+
+testsuccess aptget update
+testdpkgnotinstalled 'foo'
+testsuccess apt install foo -y
+testdpkginstalled 'foo'
+testsuccess apt purge foo -y
+testdpkgnotinstalled 'foo'
+
+msgmsg 'Untrusted to trusted hit' 'InRelease'
+rm -rf rootdir/var/lib/apt/lists rootdir/var/cache/apt/archives
+mv rootdir/etc/apt/trusted.gpg.d rootdir/etc/apt/trusted.gpg.d-bak
+testwarning aptget update
+testfailure apt install foo -y
+testdpkgnotinstalled 'foo'
+mv rootdir/etc/apt/trusted.gpg.d-bak rootdir/etc/apt/trusted.gpg.d
+testsuccess aptget update
+testsuccess apt install foo -y
+testdpkginstalled 'foo'
+testsuccess apt purge foo -y
+testdpkgnotinstalled 'foo'
+
+msgmsg 'Untrusted to trusted hit' 'Release.gpg'
+find aptarchive -name 'InRelease' -delete
+rm -rf rootdir/var/lib/apt/lists rootdir/var/cache/apt/archives
+mv rootdir/etc/apt/trusted.gpg.d rootdir/etc/apt/trusted.gpg.d-bak
+testwarning aptget update
+testfailure apt install foo -y
+testdpkgnotinstalled 'foo'
+mv rootdir/etc/apt/trusted.gpg.d-bak rootdir/etc/apt/trusted.gpg.d
+testsuccess aptget update
+testsuccess apt install foo -y
+testdpkginstalled 'foo'
-- 
cgit v1.2.3