#!/bin/sh set -e TESTDIR=$(readlink -f $(dirname $0)) . $TESTDIR/framework setupenvironment configarchitecture "i386" buildsimplenativepackage 'good-pkg' 'all' '1.0' 'stable' setupaptarchive # now exchange to the Packages file, note that this could be # done via MITM too cat > aptarchive/dists/stable/main/binary-i386/Packages < aptarchive/dists/stable/main/binary-i386/Packages.$extension done # add a space into the BEGIN PGP SIGNATURE PART/END PGP SIGNATURE part # to trick apt - this is still legal to gpg(v) sed -i '/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ s/^$/ /g' aptarchive/dists/stable/InRelease # and append our own hashes for the modified Packages files cat >> aptarchive/dists/stable/InRelease <> aptarchive/dists/stable/InRelease # Sources s="$(sha512sum aptarchive/dists/stable/main/source/Sources$comp | cut -f1 -d' ') $(stat -c %s aptarchive/dists/stable/main/source/Sources$comp) main/source/Sources$comp" echo " $s" >> aptarchive/dists/stable/InRelease done; # deliver this changetowebserver # ensure the update fails # useful for debugging to add "-o Debug::pkgAcquire::auth=true" if aptget update -qq; then msgfail "apt-get update should NOT work for MITM" exit 1 fi # ensure there is no package testequal 'Reading package lists... Building dependency tree... E: Unable to locate package bad-mitm' aptget install bad-mitm # and verify that its not picked up #testequal 'N: Unable to locate package bad-mitm' aptcache policy bad-mitm # and that the right one is used #testequal 'good-pkg: #+ Installed: (none) #+ Candidate: 1.0 #+ Version table: #+ 1.0 0 #+ 500 http://localhost/ stable/main i386 Packages' aptcache policy good-pkg