#!/bin/sh
set -e

TESTDIR="$(readlink -f "$(dirname "$0")")"
. "$TESTDIR/framework"
setupenvironment
configarchitecture 'i386'

insertpackage 'wheezy' 'apt' 'all' '0.8.15'

setupaptarchive --no-update

# we don't complain as the server could have just sent a 'Hit' here and this
# 'downgrade attack' is usually performed by out-of-sync mirrors. Valid-Until
# catches the 'real' downgrade attacks (expect that it finds stale mirrors).
# Scaring users with an error here serves hence no point.

msgmsg 'InRelease file is silently rejected if' 'new Date is before old Date'
rm -rf rootdir/var/lib/apt/lists
generatereleasefiles 'now' 'now + 7 days'
signreleasefiles
testsuccess aptget update
listcurrentlistsdirectory > listsdir.lst
redatereleasefiles 'now - 2 days'
testsuccess aptget update
testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"

msgmsg 'Release.gpg file is silently rejected if' 'new Date is before old Date'
export APT_DONT_SIGN='InRelease'
rm -rf rootdir/var/lib/apt/lists
generatereleasefiles 'now' 'now + 7 days'
signreleasefiles
testsuccess aptget update
listcurrentlistsdirectory > listsdir.lst
redatereleasefiles 'now - 2 days'
testsuccess aptget update
testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
unset APT_DONT_SIGN

msgmsg 'Crisscross InRelease/Release.gpg file is silently rejected if' 'new Date is before old Date'
export APT_DONT_SIGN='Release.gpg'
rm -rf rootdir/var/lib/apt/lists
generatereleasefiles 'now' 'now + 7 days'
signreleasefiles
testsuccess aptget update
export APT_DONT_SIGN='InRelease'
listcurrentlistsdirectory > listsdir.lst
redatereleasefiles 'now - 2 days'
testsuccess aptget update
testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
unset APT_DONT_SIGN

msgmsg 'Crisscross Release.gpg/InRelease file is silently rejected if' 'new Date is before old Date'
export APT_DONT_SIGN='InRelease'
rm -rf rootdir/var/lib/apt/lists
generatereleasefiles 'now' 'now + 7 days'
signreleasefiles
find aptarchive -name 'InRelease' -delete
testsuccess aptget update
export APT_DONT_SIGN='Release.gpg'
listcurrentlistsdirectory > listsdir.lst
redatereleasefiles 'now - 2 days'
testsuccess aptget update
testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
unset APT_DONT_SIGN

msgmsg 'Release file has' 'no Date and no Valid-Until field'
rm -rf rootdir/var/lib/apt/lists
generatereleasefiles 'now'
sed -i '/^Date: / d' $(find ./aptarchive -name 'Release')
signreleasefiles
testwarning aptget update
listcurrentlistsdirectory > listsdir.lst
# have no effect as Date is unknown
testwarning aptget update -o Acquire::Min-ValidTime=$((3600*24*30))
testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
testwarning aptget update -o Acquire::Max-ValidTime=1
testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
sed -i '/^Codename: / a\
Another-Field: yes' $(find aptarchive/ -name 'Release')
touch -d 'now + 1 day' $(find aptarchive/ -name 'Release')
signreleasefiles "${2:-Joe Sixpack}"
testwarning aptget update
testsuccess cmp $(find aptarchive/ -name 'InRelease')  $(find rootdir/var/lib/apt/ -name '*_InRelease')

msgmsg 'Release file has' 'no Date field, but Valid-Until expired'
rm -rf rootdir/var/lib/apt/lists
generatereleasefiles 'now' 'now - 2 days'
sed -i '/^Date: / d' $(find ./aptarchive -name 'Release')
signreleasefiles
testfailure aptget update
listcurrentlistsdirectory > listsdir.lst
# have no effect as Date is unknown
testfailure aptget update -o Acquire::Min-ValidTime=$((3600*24*30))
testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
testfailure aptget update -o Acquire::Max-ValidTime=1
testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"

msgmsg 'Release file has' 'no Date field, but Valid-Until is good'
rm -rf rootdir/var/lib/apt/lists
generatereleasefiles 'now' 'now + 2 days'
sed -i '/^Date: / d' $(find ./aptarchive -name 'Release')
signreleasefiles
testwarning aptget update