blob: 5f2109db9b8550393cdb910a215fc10ff81fc501 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
|
#!/bin/sh
set -e
TESTDIR="$(readlink -f "$(dirname "$0")")"
. "$TESTDIR/framework"
setupenvironment
configarchitecture 'native'
insertpackage 'unstable' 'unrelated' 'all' '1.0' 'stable'
insertsource 'unstable' 'unrelated' 'all' '1.0' 'stable'
echo 'ni ni ni' > aptarchive/knights
setupaptarchive
changetowebserver -o 'aptwebserver::overwrite::.*InRelease::filename=/knights' -o 'aptwebserver::overwrite::.*::filename=/knights'
msgtest 'Acquire test file from the webserver to check' 'overwrite'
if downloadfile http://localhost:${APTHTTPPORT}/holygrail ./knights-talking >/dev/null; then
msgpass
else
msgfail
fi
testfileequal knights-talking 'ni ni ni'
ensure_n_canary_strings_in_dir() {
local DIR="$1"
local CANARY_STRING="$2"
local EXPECTED_N="$3"
msgtest "Testing in $DIR for $EXPECTED_N canary" "$CANARY_STRING"
local N=$(grep "$CANARY_STRING" $DIR/* 2>/dev/null |wc -l )
test "$N" = "$EXPECTED_N" && msgpass || msgfail "Expected $EXPECTED_N canaries, got $N"
}
runtests() {
LISTS='rootdir/var/lib/apt/lists'
rm -rf "$LISTS"
testfailure aptget update
testsuccess grep "$1" rootdir/tmp/testfailure.output
ensure_n_canary_strings_in_dir "$LISTS" 'ni ni ni' 0
testequal 'auxfiles
lock
partial' ls "$LISTS"
# and again with pre-existing files with "valid data" which should remain
for f in Release Release.gpg main_binary-amd64_Packages main_source_Sources; do
echo 'peng neee-wom' > "$LISTS/localhost:${APTHTTPPORT}_dists_stable_${f}"
chmod 644 "$LISTS/localhost:${APTHTTPPORT}_dists_stable_${f}"
done
testfailure aptget update
testsuccess grep "$1" rootdir/tmp/testfailure.output
ensure_n_canary_strings_in_dir "$LISTS" 'peng neee-wom' 4
ensure_n_canary_strings_in_dir "$LISTS" 'ni ni ni' 0
# and now with a pre-existing InRelease file
echo 'peng neee-wom' > "$LISTS/localhost:${APTHTTPPORT}_dists_stable_InRelease"
chmod 644 "$LISTS/localhost:${APTHTTPPORT}_dists_stable_InRelease"
rm -f "$LISTS/localhost:${APTHTTPPORT}_dists_stable_Release" "$LISTS/localhost:${APTHTTPPORT}_dists_stable_Release.gpg"
msgtest 'excpected failure of' 'apt-get update'
testfailure aptget update
testsuccess grep "$1" rootdir/tmp/testfailure.output
ensure_n_canary_strings_in_dir "$LISTS" 'peng neee-wom' 3
ensure_n_canary_strings_in_dir "$LISTS" 'ni ni ni' 0
}
runtests '^E:.*Clearsigned file .*NOSPLIT.*'
webserverconfig 'aptwebserver::overwrite::.*InRelease::filename' '/404'
runtests '^E:.*Signed file .*NODATA.*'
webserverconfig 'aptwebserver::overwrite::.*::filename' '/404'
webserverconfig 'aptwebserver::httpcode::404' '511 Network Authentication Required'
rm -rf rootdir/var/lib/apt/lists
testfailureequal "Err:1 http://localhost:${APTHTTPPORT} unstable InRelease
511 Network Authentication Required
Reading package lists...
E: Failed to fetch http://localhost:${APTHTTPPORT}/dists/unstable/InRelease 511 Network Authentication Required
E: The repository 'http://localhost:${APTHTTPPORT} unstable InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details." aptget update
# on S3 all files get a 403. If we accept unsigned, lets be liberal in non-existence acceptance
webserverconfig 'aptwebserver::httpcode::404' '403 Forbidden'
rm -rf rootdir/var/lib/apt/lists
testfailureequal "Err:1 http://localhost:${APTHTTPPORT} unstable InRelease
403 Forbidden
Reading package lists...
E: Failed to fetch http://localhost:${APTHTTPPORT}/dists/unstable/InRelease 403 Forbidden
E: The repository 'http://localhost:${APTHTTPPORT} unstable InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details." apt update
sed -i 's#^deb\(-src\)\? #deb\1 [allow-insecure=yes] #' rootdir/etc/apt/sources.list.d/*
testfailure apt update
testequal "Ign:1 http://localhost:${APTHTTPPORT} unstable InRelease
403 Forbidden
Ign:2 http://localhost:${APTHTTPPORT} unstable Release
403 Forbidden" head -n 4 rootdir/tmp/testfailure.output
|