#!/bin/sh set -e TESTDIR="$(readlink -f "$(dirname "$0")")" . "$TESTDIR/framework" setupenvironment configarchitecture 'native' insertpackage 'unstable' 'unrelated' 'all' '1.0' 'stable' insertsource 'unstable' 'unrelated' 'all' '1.0' 'stable' echo 'ni ni ni' > aptarchive/knights setupaptarchive changetowebserver -o 'aptwebserver::overwrite::.*InRelease::filename=/knights' -o 'aptwebserver::overwrite::.*::filename=/knights' msgtest 'Acquire test file from the webserver to check' 'overwrite' if downloadfile http://localhost:${APTHTTPPORT}/holygrail ./knights-talking >/dev/null; then msgpass else msgfail fi testfileequal knights-talking 'ni ni ni' ensure_n_canary_strings_in_dir() { local DIR="$1" local CANARY_STRING="$2" local EXPECTED_N="$3" msgtest "Testing in $DIR for $EXPECTED_N canary" "$CANARY_STRING" local N=$(grep "$CANARY_STRING" $DIR/* 2>/dev/null |wc -l ) test "$N" = "$EXPECTED_N" && msgpass || msgfail "Expected $EXPECTED_N canaries, got $N" } runtests() { LISTS='rootdir/var/lib/apt/lists' rm -rf "$LISTS" testfailure aptget update testsuccess grep "$1" rootdir/tmp/testfailure.output ensure_n_canary_strings_in_dir "$LISTS" 'ni ni ni' 0 testequal 'auxfiles lock partial' ls "$LISTS" # and again with pre-existing files with "valid data" which should remain for f in Release Release.gpg main_binary-amd64_Packages main_source_Sources; do echo 'peng neee-wom' > "$LISTS/localhost:${APTHTTPPORT}_dists_stable_${f}" chmod 644 "$LISTS/localhost:${APTHTTPPORT}_dists_stable_${f}" done testfailure aptget update testsuccess grep "$1" rootdir/tmp/testfailure.output ensure_n_canary_strings_in_dir "$LISTS" 'peng neee-wom' 4 ensure_n_canary_strings_in_dir "$LISTS" 'ni ni ni' 0 # and now with a pre-existing InRelease file echo 'peng neee-wom' > "$LISTS/localhost:${APTHTTPPORT}_dists_stable_InRelease" chmod 644 "$LISTS/localhost:${APTHTTPPORT}_dists_stable_InRelease" rm -f "$LISTS/localhost:${APTHTTPPORT}_dists_stable_Release" "$LISTS/localhost:${APTHTTPPORT}_dists_stable_Release.gpg" msgtest 'excpected failure of' 'apt-get update' testfailure aptget update testsuccess grep "$1" rootdir/tmp/testfailure.output ensure_n_canary_strings_in_dir "$LISTS" 'peng neee-wom' 3 ensure_n_canary_strings_in_dir "$LISTS" 'ni ni ni' 0 } runtests '^E:.*Clearsigned file .*NOSPLIT.*' webserverconfig 'aptwebserver::overwrite::.*InRelease::filename' '/404' runtests '^E:.*Signed file .*NODATA.*' webserverconfig 'aptwebserver::overwrite::.*::filename' '/404' webserverconfig 'aptwebserver::httpcode::404' '511 Network Authentication Required' rm -rf rootdir/var/lib/apt/lists testfailureequal "Err:1 http://localhost:${APTHTTPPORT} unstable InRelease 511 Network Authentication Required Reading package lists... E: Failed to fetch http://localhost:${APTHTTPPORT}/dists/unstable/InRelease 511 Network Authentication Required E: The repository 'http://localhost:${APTHTTPPORT} unstable InRelease' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details." aptget update # on S3 all files get a 403. If we accept unsigned, lets be liberal in non-existence acceptance webserverconfig 'aptwebserver::httpcode::404' '403 Forbidden' rm -rf rootdir/var/lib/apt/lists testfailureequal "Err:1 http://localhost:${APTHTTPPORT} unstable InRelease 403 Forbidden Reading package lists... E: Failed to fetch http://localhost:${APTHTTPPORT}/dists/unstable/InRelease 403 Forbidden E: The repository 'http://localhost:${APTHTTPPORT} unstable InRelease' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details." apt update sed -i 's#^deb\(-src\)\? #deb\1 [allow-insecure=yes] #' rootdir/etc/apt/sources.list.d/* testfailure apt update testequal "Ign:1 http://localhost:${APTHTTPPORT} unstable InRelease 403 Forbidden Ign:2 http://localhost:${APTHTTPPORT} unstable Release 403 Forbidden" head -n 4 rootdir/tmp/testfailure.output