#!/bin/sh set -e TESTDIR=$(readlink -f $(dirname $0)) . $TESTDIR/framework setupenvironment configarchitecture "i386" # mock requires_root() { return 0 } # extract net_update() and import it func=$( sed -n -e '/^add_keys_with_verify_against_master_keyring/,/^}/p' ${BUILDDIRECTORY}/apt-key ) eval "$func" mkdir -p ./etc/apt TRUSTEDFILE=./etc/apt/trusted.gpg mkdir -p ./var/lib/apt/keyrings TMP_KEYRING=./var/lib/apt/keyrings/maybe-import-keyring.gpg GPG_CMD="gpg --ignore-time-conflict --no-options --no-default-keyring" # FIXME: instead of copying this use apt-key and the buildin apt webserver # to do a real test # COPYIED from apt-key.in -------------- # gpg needs a trustdb to function, but it can't be invalid (not even empty) # so we create a temporary directory to store our fresh readable trustdb in TRUSTDBDIR="$(mktemp -d)" CURRENTTRAP="${CURRENTTRAP} rm -rf '${TRUSTDBDIR}';" trap "${CURRENTTRAP}" 0 HUP INT QUIT ILL ABRT FPE SEGV PIPE TERM chmod 700 "$TRUSTDBDIR" # We also don't use a secret keyring, of course, but gpg panics and # implodes if there isn't one available - and writeable for imports SECRETKEYRING="${TRUSTDBDIR}/secring.gpg" touch $SECRETKEYRING GPG_CMD="$GPG_CMD --secret-keyring $SECRETKEYRING" GPG_CMD="$GPG_CMD --trustdb-name ${TRUSTDBDIR}/trustdb.gpg" #----------------------------------------- END COPY GPG="$GPG_CMD --keyring $TRUSTEDFILE" MASTER_KEYRING=/usr/share/keyrings/ubuntu-master-keyring.gpg msgtest "add_keys_with_verify_against_master_keyring" if [ ! -e $MASTER_KEYRING ]; then echo -n "No $MASTER_KEYRING found" msgskip exit 0 fi # test bad keyring and ensure its not added (LP: #857472) ADD_KEYRING=./keys/exploid-keyring-with-dupe-keys.pub if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then msgfail else msgpass fi # ensure the keyring is still empty gpg_out=$($GPG --list-keys) msgtest "Test if keyring is empty" if [ -n "" ]; then msgfail else msgpass fi # test another possible attack vector using subkeys (LP: #1013128) msgtest "add_keys_with_verify_against_master_keyring with subkey attack" ADD_KEYRING=./keys/exploid-keyring-with-dupe-subkeys.pub if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then msgfail else msgpass fi # ensure the keyring is still empty gpg_out=$($GPG --list-keys) msgtest "Test if keyring is empty" if [ -n "" ]; then msgfail else msgpass fi # test good keyring and ensure we get no errors ADD_KEYRING=/usr/share/keyrings/ubuntu-archive-keyring.gpg if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then msgpass else msgfail fi testequal './etc/apt/trusted.gpg --------------------- pub 1024D/437D05B5 2004-09-12 uid Ubuntu Archive Automatic Signing Key <ftpmaster@ubuntu.com> sub 2048g/79164387 2004-09-12 pub 1024D/FBB75451 2004-12-30 uid Ubuntu CD Image Automatic Signing Key <cdimage@ubuntu.com> pub 4096R/C0B21F32 2012-05-11 uid Ubuntu Archive Automatic Signing Key (2012) <ftpmaster@ubuntu.com> pub 4096R/EFE21092 2012-05-11 uid Ubuntu CD Image Automatic Signing Key (2012) <cdimage@ubuntu.com> ' $GPG --list-keys