#!/bin/sh set -e TESTDIR="$(readlink -f "$(dirname "$0")")" . "$TESTDIR/framework" setupenvironment configarchitecture 'i386' insertpackage 'unstable' 'foo' 'all' '1' setupaptarchive --no-update changetohttpswebserver --authorization="$(printf '%s' 'star@irc:hunter2' | base64 )" echo 'See, when YOU type hunter2, it shows to us as *******' > aptarchive/bash echo 'Debug::Acquire::netrc "true";' > rootdir/etc/apt/apt.conf.d/netrcdebug.conf testauthfailure() { testfailure apthelper download-file "${1}/bash" ./downloaded/bash # crappy test, but http and https output are wastely different… testsuccess grep 401 rootdir/tmp/testfailure.output testfailure test -s ./downloaded/bash } testauthsuccess() { testsuccess apthelper download-file "${1}/bash" ./downloaded/bash testfileequal ./downloaded/bash "$(cat aptarchive/bash)" testfilestats ./downloaded/bash '%U:%G:%a' '=' "${TEST_DEFAULT_USER}:${TEST_DEFAULT_GROUP}:644" rm -f ./downloaded/bash # lets see if got/retains acceptable permissions if [ -n "$AUTHCONF" ]; then if [ "$(id -u)" = '0' ]; then testfilestats "$AUTHCONF" '%U:%G:%a' '=' "_apt:$(id -gn):600" else testfilestats "$AUTHCONF" '%U:%G:%a' '=' "${TEST_DEFAULT_USER}:${TEST_DEFAULT_GROUP}:600" fi fi rm -rf rootdir/var/lib/apt/lists if expr index "$1" '@' >/dev/null; then testsuccesswithnotice aptget update else testsuccess aptget update fi testsuccessequal 'Reading package lists... Building dependency tree... The following NEW packages will be installed: foo 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Inst foo (1 unstable [all]) Conf foo (1 unstable [all])' aptget install foo -s } authfile() { local AUTHCONF='rootdir/etc/apt/auth.conf' rm -f "$AUTHCONF" printf '%s' "$1" > "$AUTHCONF" chmod 600 "$AUTHCONF" } runtest() { # unauthorized fails authfile '' testauthfailure "$1" # good auth authfile 'machine localhost login star@irc password hunter2' testauthsuccess "$1" # bad auth authfile 'machine localhost login anonymous password hunter2' testauthfailure "$1" # 2 stanzas: unmatching + good auth authfile 'machine debian.org login debian password jessie machine localhost login star@irc password hunter2' testauthsuccess "$1" } msgmsg 'server basic auth' rewritesourceslist "http://localhost:${APTHTTPPORT}" runtest "http://localhost:${APTHTTPPORT}" rewritesourceslist "http://star%40irc:hunter2@localhost:${APTHTTPPORT}" authfile '' testauthsuccess "http://star%40irc:hunter2@localhost:${APTHTTPPORT}" rewritesourceslist "https://localhost:${APTHTTPSPORT}" runtest "https://localhost:${APTHTTPSPORT}" rewritesourceslist "http://localhost:${APTHTTPPORT}" msgmsg 'proxy to server basic auth' webserverconfig 'aptwebserver::request::absolute' 'uri' # using ip instead of localhost avoids picking up the auth for the repo # for the proxy as well as we serve them both over the same server… export http_proxy="http://127.0.0.1:${APTHTTPPORT}" runtest "http://localhost:${APTHTTPPORT}" unset http_proxy msgmsg 'proxy basic auth to server basic auth' webserverconfig 'aptwebserver::proxy-authorization' "$(printf 'moon:deer2' | base64)" export http_proxy="http://moon:deer2@localhost:${APTHTTPPORT}" runtest "http://localhost:${APTHTTPPORT}" msgmsg 'proxy basic auth to server' authfile '' webserverconfig 'aptwebserver::authorization' '' testauthsuccess "http://localhost:${APTHTTPPORT}"