From 2d3fe9cfadb33556b7563a98bb5a4698888e6c40 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Fri, 15 Mar 2013 18:53:53 +0100 Subject: - if ExecGPGV deals with a clear-signed file it will split this file into data and signatures, pass it to gpgv for verification and recombines it after that in a known-good way without unsigned blocks and whitespaces resulting usually in more or less the same file as before, but later code can be sure about the format * apt-pkg/deb/debmetaindex.cc: - reenable InRelease by default --- .../test-ubuntu-bug-784473-InRelease-one-message-only | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) (limited to 'test') diff --git a/test/integration/test-ubuntu-bug-784473-InRelease-one-message-only b/test/integration/test-ubuntu-bug-784473-InRelease-one-message-only index d97011914..fad5488fb 100755 --- a/test/integration/test-ubuntu-bug-784473-InRelease-one-message-only +++ b/test/integration/test-ubuntu-bug-784473-InRelease-one-message-only @@ -26,6 +26,14 @@ MD5Sum: 2182897e0a2a0c09e760beaae117a015 2023 Packages.diff/Index 1b895931853981ad8204d2439821b999 4144 Packages.gz'; echo; cat ${RELEASE}.old;) > ${RELEASE} done -aptget update -qq > /dev/null 2> starts-with-unsigned.msg -sed -i 's#File .*InRelease#File InRelease#' starts-with-unsigned.msg -testfileequal starts-with-unsigned.msg "W: GPG error: file: unstable InRelease: File InRelease doesn't start with a clearsigned message" + +msgtest 'The unsigned garbage before signed block is' 'ignored' +aptget update -qq > /dev/null 2>&1 && msgpass || msgfail + +ROOTDIR="$(readlink -f .)" +testequal "Package files: + 100 ${ROOTDIR}/rootdir/var/lib/dpkg/status + release a=now + 500 file:${ROOTDIR}/aptarchive/ unstable/main i386 Packages + release a=unstable,n=unstable,c=main +Pinned packages:" aptcache policy -- cgit v1.2.3 From ad000f6b68f9216412a6a70bcfe6cb11fb0c2fe6 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Sat, 16 Mar 2013 10:08:28 +0100 Subject: add testcase and update changelog --- test/integration/test-inrelease-verification-fail | 80 +++++++++++++++++++++++ 1 file changed, 80 insertions(+) create mode 100755 test/integration/test-inrelease-verification-fail (limited to 'test') diff --git a/test/integration/test-inrelease-verification-fail b/test/integration/test-inrelease-verification-fail new file mode 100755 index 000000000..5cbf1ab4d --- /dev/null +++ b/test/integration/test-inrelease-verification-fail @@ -0,0 +1,80 @@ +#!/bin/sh + +set -e + +TESTDIR=$(readlink -f $(dirname $0)) +. $TESTDIR/framework + +setupenvironment +configarchitecture "i386" + +buildsimplenativepackage 'good-pkg' 'all' '1.0' 'stable' + +setupaptarchive + +# now exchange to the Packages file, note that this could be +# done via MITM too +cat > aptarchive/dists/stable/main/binary-i386/Packages < aptarchive/dists/stable/main/binary-i386/Packages.$extension +done + +# add a space into the BEGIN PGP SIGNATURE PART/END PGP SIGNATURE part +# to trick apt - this is still legal to gpg(v) +sed -i '/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ s/^$/ /g' aptarchive/dists/stable/InRelease + +# and append our own hashes for the modified Packages files +cat >> aptarchive/dists/stable/InRelease <> aptarchive/dists/stable/InRelease + # Sources + s="$(sha512sum aptarchive/dists/stable/main/source/Sources$comp | cut -f1 -d' ') $(stat -c %s aptarchive/dists/stable/main/source/Sources$comp) main/source/Sources$comp" + echo " $s" >> aptarchive/dists/stable/InRelease +done; + +# deliver this +changetowebserver + +# ensure the update fails +# useful for debugging to add "-o Debug::pkgAcquire::auth=true" +if aptget update -qq; then + msgfail "apt-get update should NOT work for MITM" + exit 1 +fi + +# ensure there is no package +testequal 'Reading package lists... +Building dependency tree... +E: Unable to locate package bad-mitm' aptget install bad-mitm + +# and verify that its not picked up +#testequal 'N: Unable to locate package bad-mitm' aptcache policy bad-mitm + +# and that the right one is used +#testequal 'good-pkg: +#+ Installed: (none) +#+ Candidate: 1.0 +#+ Version table: +#+ 1.0 0 +#+ 500 http://localhost/ stable/main i386 Packages' aptcache policy good-pkg -- cgit v1.2.3 From 34747d46be3a15105d896266d8043f55d04e7735 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 18 Mar 2013 17:06:51 +0100 Subject: rename testcase to mention CVE number, make the code more consistent with the rest and add some more tests (by fixing commented ones) --- .../test-cve-2013-1051-InRelease-parsing | 61 +++++++++++++++++ test/integration/test-inrelease-verification-fail | 80 ---------------------- 2 files changed, 61 insertions(+), 80 deletions(-) create mode 100755 test/integration/test-cve-2013-1051-InRelease-parsing delete mode 100755 test/integration/test-inrelease-verification-fail (limited to 'test') diff --git a/test/integration/test-cve-2013-1051-InRelease-parsing b/test/integration/test-cve-2013-1051-InRelease-parsing new file mode 100755 index 000000000..bd68fccf6 --- /dev/null +++ b/test/integration/test-cve-2013-1051-InRelease-parsing @@ -0,0 +1,61 @@ +#!/bin/sh +set -e + +TESTDIR=$(readlink -f $(dirname $0)) +. $TESTDIR/framework + +setupenvironment +configarchitecture 'i386' + +insertpackage 'stable' 'good-pkg' 'all' '1.0' + +setupaptarchive + +changetowebserver +ARCHIVE='http://localhost/' +msgtest 'Initial apt-get update should work with' 'InRelease' +aptget update -qq && msgpass || msgfail + +# check that the setup is correct +testequal "good-pkg: + Installed: (none) + Candidate: 1.0 + Version table: + 1.0 0 + 500 ${ARCHIVE} stable/main i386 Packages" aptcache policy good-pkg + +# now exchange to the Packages file, note that this could be +# done via MITM too +insertpackage 'stable' 'bad-mitm' 'all' '1.0' + +# this builds compressed files and a new (unsigned) Release +buildaptarchivefromfiles '+1hour' + +# add a space into the BEGIN PGP SIGNATURE PART/END PGP SIGNATURE part +# to trick apt - this is still legal to gpg(v) +sed -i '/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ s/^$/ /g' aptarchive/dists/stable/InRelease + +# we append the (evil unsigned) Release file to the (good signed) InRelease +cat aptarchive/dists/stable/Release >> aptarchive/dists/stable/InRelease + + +# ensure the update fails +# useful for debugging to add "-o Debug::pkgAcquire::auth=true" +msgtest 'apt-get update for should fail with the modified' 'InRelease' +aptget update 2>&1 | grep -q 'Hash Sum mismatch' > /dev/null && msgpass || msgfail + +# ensure there is no package +testequal 'Reading package lists... +Building dependency tree... +E: Unable to locate package bad-mitm' aptget install bad-mitm -s + +# and verify that its not picked up +testequal 'N: Unable to locate package bad-mitm' aptcache policy bad-mitm -q=0 + +# and that the right one is used +testequal "good-pkg: + Installed: (none) + Candidate: 1.0 + Version table: + 1.0 0 + 500 ${ARCHIVE} stable/main i386 Packages" aptcache policy good-pkg diff --git a/test/integration/test-inrelease-verification-fail b/test/integration/test-inrelease-verification-fail deleted file mode 100755 index 5cbf1ab4d..000000000 --- a/test/integration/test-inrelease-verification-fail +++ /dev/null @@ -1,80 +0,0 @@ -#!/bin/sh - -set -e - -TESTDIR=$(readlink -f $(dirname $0)) -. $TESTDIR/framework - -setupenvironment -configarchitecture "i386" - -buildsimplenativepackage 'good-pkg' 'all' '1.0' 'stable' - -setupaptarchive - -# now exchange to the Packages file, note that this could be -# done via MITM too -cat > aptarchive/dists/stable/main/binary-i386/Packages < aptarchive/dists/stable/main/binary-i386/Packages.$extension -done - -# add a space into the BEGIN PGP SIGNATURE PART/END PGP SIGNATURE part -# to trick apt - this is still legal to gpg(v) -sed -i '/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ s/^$/ /g' aptarchive/dists/stable/InRelease - -# and append our own hashes for the modified Packages files -cat >> aptarchive/dists/stable/InRelease <> aptarchive/dists/stable/InRelease - # Sources - s="$(sha512sum aptarchive/dists/stable/main/source/Sources$comp | cut -f1 -d' ') $(stat -c %s aptarchive/dists/stable/main/source/Sources$comp) main/source/Sources$comp" - echo " $s" >> aptarchive/dists/stable/InRelease -done; - -# deliver this -changetowebserver - -# ensure the update fails -# useful for debugging to add "-o Debug::pkgAcquire::auth=true" -if aptget update -qq; then - msgfail "apt-get update should NOT work for MITM" - exit 1 -fi - -# ensure there is no package -testequal 'Reading package lists... -Building dependency tree... -E: Unable to locate package bad-mitm' aptget install bad-mitm - -# and verify that its not picked up -#testequal 'N: Unable to locate package bad-mitm' aptcache policy bad-mitm - -# and that the right one is used -#testequal 'good-pkg: -#+ Installed: (none) -#+ Candidate: 1.0 -#+ Version table: -#+ 1.0 0 -#+ 500 http://localhost/ stable/main i386 Packages' aptcache policy good-pkg -- cgit v1.2.3 From f1828b6977972b4ef6da6401602b7938f6570c32 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 18 Mar 2013 19:36:55 +0100 Subject: - add method to open (maybe) clearsigned files transparently * ftparchive/writer.cc: - use OpenMaybeClearSignedFile to be free from detecting and skipping clearsigning metadata in dsc files --- test/integration/framework | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'test') diff --git a/test/integration/framework b/test/integration/framework index 1c4872c8e..2ef61ca84 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -328,9 +328,15 @@ Package: $NAME" >> ${BUILDDIR}/debian/control fi echo '3.0 (native)' > ${BUILDDIR}/debian/source/format - local SRCS="$( (cd ${BUILDDIR}/..; dpkg-source -b ${NAME}-${VERSION} 2>&1) | grep '^dpkg-source: info: building' | grep -o '[a-z0-9._+~-]*$')" - for SRC in $SRCS; do + (cd ${BUILDDIR}/..; dpkg-source -b ${NAME}-${VERSION} 2>&1) | sed -n 's#^dpkg-source: info: building [^ ]\+ in ##p' \ + | while read SRC; do echo "pool/${SRC}" >> ${BUILDDIR}/../${RELEASE}.${DISTSECTION}.srclist +# if expr match "${SRC}" '.*\.dsc' >/dev/null 2>&1; then +# gpg --yes --no-default-keyring --secret-keyring ./keys/joesixpack.sec \ +# --keyring ./keys/joesixpack.pub --default-key 'Joe Sixpack' \ +# --clearsign -o "${BUILDDIR}/../${SRC}.sign" "${BUILDDIR}/../$SRC" +# mv "${BUILDDIR}/../${SRC}.sign" "${BUILDDIR}/../$SRC" +# fi done for arch in $(echo "$ARCH" | sed -e 's#,#\n#g' | sed -e "s#^native\$#$(getarchitecture 'native')#"); do -- cgit v1.2.3 From 233b78083f6f79730fcb5a6faeb74e2a78b6038a Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 18 Mar 2013 22:57:08 +0100 Subject: * apt-pkg/deb/debindexfile.cc, apt-pkg/deb/deblistparser.cc: - use OpenMaybeClearSignedFile to be free from detecting and skipping clearsigning metadata in dsc and Release files We can't write a "clean" file to disk as not all acquire methods copy Release files before checking them (e.g. cdrom), so this reverts recombining, but uses the method we use for dsc files also in the two places we deal with Release files --- test/integration/framework | 2 +- test/integration/test-apt-cdrom | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) (limited to 'test') diff --git a/test/integration/framework b/test/integration/framework index 2ef61ca84..86e6ed7c3 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -114,7 +114,7 @@ gdb() { } addtrap() { - CURRENTTRAP="$CURRENTTRAP $1" + CURRENTTRAP="$1 $CURRENTTRAP" trap "$CURRENTTRAP exit;" 0 HUP INT QUIT ILL ABRT FPE SEGV PIPE TERM } diff --git a/test/integration/test-apt-cdrom b/test/integration/test-apt-cdrom index f24c99b36..f1c4fd9d3 100755 --- a/test/integration/test-apt-cdrom +++ b/test/integration/test-apt-cdrom @@ -24,6 +24,8 @@ cat Translation-de | xz --format=lzma > Translation-de.lzma cat Translation-de | xz > Translation-de.xz rm Translation-en Translation-de cd - > /dev/null +addtrap "chmod -R +w $PWD/rootdir/media/cdrom/dists/;" +chmod -R -w rootdir/media/cdrom/dists aptcdrom add -m -o quiet=1 > apt-cdrom.log 2>&1 sed -i -e '/^Using CD-ROM/ d' -e '/gpgv/ d' -e '/^Identifying/ d' -e '/Reading / d' apt-cdrom.log -- cgit v1.2.3