blob: 5cbf1ab4d8bd30647f03e7a961bcad948d40934d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
|
#!/bin/sh
set -e
TESTDIR=$(readlink -f $(dirname $0))
. $TESTDIR/framework
setupenvironment
configarchitecture "i386"
buildsimplenativepackage 'good-pkg' 'all' '1.0' 'stable'
setupaptarchive
# now exchange to the Packages file, note that this could be
# done via MITM too
cat > aptarchive/dists/stable/main/binary-i386/Packages <<EOF
Package: bad-mitm
Installed-Size: 108
Architecture: all
Version: 0.5-3
Filename: pool/bad-mitm.deb
Size: 14348
SHA256: e9b9a3859940c5882b35d56c0097667e552d87b662778c2c451fe6db657b0519
Description: Evil package
EOF
for pair in "gzip:gz" "bzip2:bz2" "lzma:lzma" "xz:xz"; do
compressor=$(echo $pair|cut -f1 -d:)
extension=$(echo $pair|cut -f2 -d:)
$compressor -c aptarchive/dists/stable/main/binary-i386/Packages > aptarchive/dists/stable/main/binary-i386/Packages.$extension
done
# add a space into the BEGIN PGP SIGNATURE PART/END PGP SIGNATURE part
# to trick apt - this is still legal to gpg(v)
sed -i '/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ s/^$/ /g' aptarchive/dists/stable/InRelease
# and append our own hashes for the modified Packages files
cat >> aptarchive/dists/stable/InRelease <<EOF
Origin: Ansgar
Codename: evilevil
Suite: stable
Date: Sun, 03 Jun 2012 13:26:11 UTC
Architectures: i386
Components: main
SHA512:
EOF
for comp in "" ".gz" ".bz2" ".xz" ".lzma"; do
# Packages
s="$(sha512sum aptarchive/dists/stable/main/binary-i386/Packages$comp | cut -f1 -d' ') $(stat -c %s aptarchive/dists/stable/main/binary-i386/Packages$comp) main/binary-i386/Packages$comp"
echo " $s" >> aptarchive/dists/stable/InRelease
# Sources
s="$(sha512sum aptarchive/dists/stable/main/source/Sources$comp | cut -f1 -d' ') $(stat -c %s aptarchive/dists/stable/main/source/Sources$comp) main/source/Sources$comp"
echo " $s" >> aptarchive/dists/stable/InRelease
done;
# deliver this
changetowebserver
# ensure the update fails
# useful for debugging to add "-o Debug::pkgAcquire::auth=true"
if aptget update -qq; then
msgfail "apt-get update should NOT work for MITM"
exit 1
fi
# ensure there is no package
testequal 'Reading package lists...
Building dependency tree...
E: Unable to locate package bad-mitm' aptget install bad-mitm
# and verify that its not picked up
#testequal 'N: Unable to locate package bad-mitm' aptcache policy bad-mitm
# and that the right one is used
#testequal 'good-pkg:
#+ Installed: (none)
#+ Candidate: 1.0
#+ Version table:
#+ 1.0 0
#+ 500 http://localhost/ stable/main i386 Packages' aptcache policy good-pkg
|
