#!/bin/sh
set -e
TESTDIR="$(readlink -f "$(dirname "$0")")"
. "$TESTDIR/framework"

setupenvironment
configarchitecture "i386"

buildsimplenativepackage 'foo' 'all' '1' 'stable'
setupaptarchive --no-update
changetohttpswebserver

# User has mirror method configured in apt >= 1.6~alpha6 &
# Eve has enough MITM control over the network to
# a) have the mirror file include at least two mirrors and
# b) can send her bad InRelease files for both mirrors
sed -i -e 's# https:# mirror+https:#' -e 's#/ stable#/mirror.txt stable#' rootdir/etc/apt/sources.list.d/*-stable-*
echo "http://localhost:${APTHTTPPORT}
https://localhost:${APTHTTPSPORT}" > aptarchive/mirror.txt

# real Eve would do something worse…
sed -i "/^Date: / a\
Evil: yes" $(find ./aptarchive -name 'Release' -o -name 'InRelease')

# progress display shows that the InRelease file was bad,
# but it is used anyhow as the bad file causes a fallback to
# a request to the second mirror which completes successful
# causing apt to believe the verify completed successfully…
testfailure apt update
testfailure grep '^Evil:' rootdir/var/lib/apt/lists/*Release
testfailure apt show foo