#!/bin/sh
#
# Ensure that a MITM can not stale the Packages/Sources without
# raising a error message. Note that the Release file is protected
# via the "Valid-Until" header
#
set -e

TESTDIR=$(readlink -f $(dirname $0))
. $TESTDIR/framework

setupenvironment
configarchitecture "i386"

insertpackage 'unstable' 'foo' 'all' '1.0'

setupaptarchive
changetowebserver
aptget update -qq
listcurrentlistsdirectory > lists.before

# insert new version
mkdir aptarchive/dists/unstable/main/binary-i386/saved
cp -p aptarchive/dists/unstable/main/binary-i386/Packages* \
     aptarchive/dists/unstable/main/binary-i386/saved
insertpackage 'unstable' 'foo' 'all' '2.0'

compressfile aptarchive/dists/unstable/main/binary-i386/Packages
# ensure that we do not get a I-M-S hit for the Release file

generatereleasefiles '+1hour'
signreleasefiles

# but now only deliver the previous Packages file instead of the new one
# (simulating a stale attack)
cp -p aptarchive/dists/unstable/main/binary-i386/saved/Packages* \
     aptarchive/dists/unstable/main/binary-i386/

# ensure this raises an error
testequal "W: Failed to fetch http://localhost:8080/dists/unstable/main/binary-i386/Packages  Hash Sum mismatch

E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq
testfileequal lists.before "$(listcurrentlistsdirectory)"