You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

test-apt-update-stale 1.5 KiB

support arch:all data e.g. in separate Packages file Based on a discussion with Niels Thykier who asked for Contents-all this implements apt trying for all architecture dependent files to get a file for the architecture all, which is treated internally now as an official architecture which is always around (like native). This way arch:all data can be shared instead of duplicated for each architecture requiring the user to download the same information again and again. There is one problem however: In Debian there is already a binary-all/ Packages file, but the binary-any files still include arch:all packages, so that downloading this file now would be a waste of time, bandwidth and diskspace. We therefore need a way to decide if it makes sense to download the all file for Packages in Debian or not. The obvious answer would be a special flag in the Release file indicating this, which would need to default to 'no' and every reasonable repository would override it to 'yes' in a few years time, but the flag would be there "forever". Looking closer at a Release file we see the field "Architectures", which doesn't include 'all' at the moment. With the idea outlined above that 'all' is a "proper" architecture now, we interpret this field as being authoritative in declaring which architectures are supported by this repository. If it says 'all', apt will try to get all, if not it will be skipped. This gives us another interesting feature: If I configure a source to download armel and mips, but it declares it supports only armel apt will now print a notice saying as much. Previously this was a very cryptic failure. If on the other hand the repository supports mips, too, but for some reason doesn't ship mips packages at the moment, this 'missing' file is silently ignored (= that is the same as the repository including an empty file). The Architectures field isn't mandatory through, so if it isn't there, we assume that every architecture is supported by this repository, which skips the arch:all if not listed in the release file.
5 years ago
support arch:all data e.g. in separate Packages file Based on a discussion with Niels Thykier who asked for Contents-all this implements apt trying for all architecture dependent files to get a file for the architecture all, which is treated internally now as an official architecture which is always around (like native). This way arch:all data can be shared instead of duplicated for each architecture requiring the user to download the same information again and again. There is one problem however: In Debian there is already a binary-all/ Packages file, but the binary-any files still include arch:all packages, so that downloading this file now would be a waste of time, bandwidth and diskspace. We therefore need a way to decide if it makes sense to download the all file for Packages in Debian or not. The obvious answer would be a special flag in the Release file indicating this, which would need to default to 'no' and every reasonable repository would override it to 'yes' in a few years time, but the flag would be there "forever". Looking closer at a Release file we see the field "Architectures", which doesn't include 'all' at the moment. With the idea outlined above that 'all' is a "proper" architecture now, we interpret this field as being authoritative in declaring which architectures are supported by this repository. If it says 'all', apt will try to get all, if not it will be skipped. This gives us another interesting feature: If I configure a source to download armel and mips, but it declares it supports only armel apt will now print a notice saying as much. Previously this was a very cryptic failure. If on the other hand the repository supports mips, too, but for some reason doesn't ship mips packages at the moment, this 'missing' file is silently ignored (= that is the same as the repository including an empty file). The Architectures field isn't mandatory through, so if it isn't there, we assume that every architecture is supported by this repository, which skips the arch:all if not listed in the release file.
5 years ago
1234567891011121314151617181920212223242526272829303132333435363738394041424344
  1. #!/bin/sh
  2. #
  3. # Ensure that a MITM can not stale the Packages/Sources without
  4. # raising a error message. Note that the Release file is protected
  5. # via the "Valid-Until" header
  6. #
  7. set -e
  8. TESTDIR="$(readlink -f "$(dirname "$0")")"
  9. . "$TESTDIR/framework"
  10. setupenvironment
  11. configarchitecture "i386"
  12. insertpackage 'unstable' 'foo' 'i386' '1.0'
  13. setupaptarchive --no-update
  14. changetowebserver
  15. echo "Acquire::Languages \"none\";" > rootdir/etc/apt/apt.conf.d/00nolanguages
  16. testsuccess aptget update -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::http=1
  17. listcurrentlistsdirectory > lists.before
  18. # insert new version
  19. mkdir aptarchive/dists/unstable/main/binary-i386/saved
  20. cp -p aptarchive/dists/unstable/main/binary-i386/Packages* \
  21. aptarchive/dists/unstable/main/binary-i386/saved
  22. insertpackage 'unstable' 'foo' 'i386' '2.0'
  23. touch -d '+1 hour' aptarchive/dists/unstable/main/binary-i386/Packages
  24. compressfile aptarchive/dists/unstable/main/binary-i386/Packages
  25. # ensure that we do not get a I-M-S hit for the Release file
  26. generatereleasefiles '+1hour'
  27. signreleasefiles
  28. # but now only deliver the previous Packages file instead of the new one
  29. # (simulating a stale attack)
  30. cp -p aptarchive/dists/unstable/main/binary-i386/saved/Packages* \
  31. aptarchive/dists/unstable/main/binary-i386/
  32. # ensure this raises an error
  33. testfailure aptget update -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::http=1
  34. testsuccess grep 'File has unexpected size' rootdir/tmp/testfailure.output
  35. testfileequal lists.before "$(listcurrentlistsdirectory)"