Merge branch 'feature/test-apt-key-net-update' into debian/sid

10 years ago · a2228a452b
8 changed files with 39 additions and 103 deletions
--- a/cmdline/apt-key.in
+++ b/cmdline/apt-key.in
@ -25,6 +25,9 @@ GPG_CMD="$GPG_CMD --no-auto-check-trustdb --trust-model always"

 GPG="$GPG_CMD"

+APT_DIR="/"
+eval $(apt-config shell APT_DIR Dir)
+
 MASTER_KEYRING='&keyring-master-filename;'
 eval $(apt-config shell MASTER_KEYRING APT::Key::MasterKeyring)
 ARCHIVE_KEYRING='&keyring-filename;'
@ -33,7 +36,7 @@ REMOVED_KEYS='&keyring-removed-filename;'
 eval $(apt-config shell REMOVED_KEYS APT::Key::RemovedKeys)
 ARCHIVE_KEYRING_URI='&keyring-uri;'
 eval $(apt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI)
-TMP_KEYRING=/var/lib/apt/keyrings/maybe-import-keyring.gpg
+TMP_KEYRING=${APT_DIR}/var/lib/apt/keyrings/maybe-import-keyring.gpg

 requires_root() {
 	if [ "$(id -u)" -ne 0 ]; then
@ -107,7 +110,11 @@ add_keys_with_verify_against_master_keyring() {
 # (otherwise it does not make sense from a security POV)
 net_update() {
    # Disabled for now as code is insecure (LP: #1013639 (and 857472, 1013128))
-    exit 1
+    APT_KEY_NET_UPDATE_ENABLED=""
+    eval $(apt-config shell APT_KEY_NET_UPDATE_ENABLED APT::Key::Net-Update-Enabled)
+    if [ -z "$APT_KEY_NET_UPDATE_ENABLED" ]; then
+        exit 1
+    fi

    if [ -z "$ARCHIVE_KEYRING_URI" ]; then
 	echo >&2 "ERROR: Your distribution is not supported in net-update as no uri for the archive-keyring is set"
@ -120,15 +127,15 @@ net_update() {
 	echo >&2 "ERROR: an installed wget is required for a network-based update"
 	exit 1
    fi
-    if [ ! -d /var/lib/apt/keyrings ]; then
-	mkdir -p /var/lib/apt/keyrings
+    if [ ! -d ${APT_DIR}/var/lib/apt/keyrings ]; then
+	mkdir -p ${APT_DIR}/var/lib/apt/keyrings
    fi
-    keyring=/var/lib/apt/keyrings/$(basename $ARCHIVE_KEYRING)
+    keyring=${APT_DIR}/var/lib/apt/keyrings/$(basename $ARCHIVE_KEYRING_URI)
    old_mtime=0
    if [ -e $keyring ]; then
 	old_mtime=$(stat -c %Y $keyring)
    fi
-    (cd  /var/lib/apt/keyrings; wget --timeout=90 -q -N $ARCHIVE_KEYRING_URI)
+    (cd  ${APT_DIR}/var/lib/apt/keyrings; wget --timeout=90 -q -N $ARCHIVE_KEYRING_URI)
    if [ ! -e $keyring ]; then
 	return
    fi
--- a/test/integration/exploid-keyring-with-dupe-keys.pub
+++ b/test/integration/exploid-keyring-with-dupe-keys.pub
--- a/test/integration/exploid-keyring-with-dupe-subkeys.pub
+++ b/test/integration/exploid-keyring-with-dupe-subkeys.pub
--- a/test/integration/keyrings/test-archive-keyring.pub
+++ b/test/integration/keyrings/test-archive-keyring.pub
--- a/test/integration/keyrings/test-archive-keyring.sec
+++ b/test/integration/keyrings/test-archive-keyring.sec
--- a/test/integration/keyrings/test-master-keyring.pub
+++ b/test/integration/keyrings/test-master-keyring.pub
--- a/test/integration/keyrings/test-master-keyring.sec
+++ b/test/integration/keyrings/test-master-keyring.sec
--- a/test/integration/test-apt-key-net-update
+++ b/test/integration/test-apt-key-net-update
@ -6,109 +6,38 @@ TESTDIR=$(readlink -f $(dirname $0))

 setupenvironment
 configarchitecture "i386"
+changetowebserver

-# mock
-requires_root() {
-    return 0
-}
+# setup env
+mkdir -p var/lib/apt/keyrings
+mkdir -p usr/share/keyrings

-# extract net_update() and import it
-func=$( sed -n -e '/^add_keys_with_verify_against_master_keyring/,/^}/p' ${BUILDDIRECTORY}/apt-key )
-eval "$func"
+# install the fake master keyring
+install -m0644 keys/test-master-keyring.pub usr/share/keyrings
+echo "APT::Key::MasterKeyring \"${TMPWORKINGDIRECTORY}/usr/share/keyrings/test-master-keyring.pub\";" >> ./aptconfig.conf

-mkdir -p ./etc/apt
-TRUSTEDFILE=./etc/apt/trusted.gpg
-mkdir -p ./var/lib/apt/keyrings
-TMP_KEYRING=./var/lib/apt/keyrings/maybe-import-keyring.gpg
-GPG_CMD="gpg --ignore-time-conflict --no-options --no-default-keyring"
+# setup archive-keyring 
+mkdir -p aptarchive/ubuntu/project
+install -m0644 keys/test-archive-keyring.pub aptarchive/ubuntu/project/
+echo 'APT::Key::ArchiveKeyringURI "http://localhost:8080/ubuntu/project/test-archive-keyring.pub";' >> ./aptconfig.conf
+echo 'APT::Key::Net-Update-Enabled "1";' >> ./aptconfig.conf

-# FIXME: instead of copying this use apt-key and the buildin apt webserver
-#        to do a real test
+# test against the "real" webserver
+testequal 'Checking for new archive signing keys now
+gpg: key F68C85A3: public key "Test Automatic Archive Signing Key <ftpmaster@example.com>" imported
+gpg: Total number processed: 1
+gpg:               imported: 1  (RSA: 1)' aptkey --fakeroot net-update

-# COPYIED from apt-key.in --------------

-# gpg needs a trustdb to function, but it can't be invalid (not even empty)
-# so we create a temporary directory to store our fresh readable trustdb in
-TRUSTDBDIR="$(mktemp -d)"
-CURRENTTRAP="${CURRENTTRAP} rm -rf '${TRUSTDBDIR}';"
-trap "${CURRENTTRAP}" 0 HUP INT QUIT ILL ABRT FPE SEGV PIPE TERM
-chmod 700 "$TRUSTDBDIR"
-# We also don't use a secret keyring, of course, but gpg panics and
-# implodes if there isn't one available - and writeable for imports
-SECRETKEYRING="${TRUSTDBDIR}/secring.gpg"
-touch $SECRETKEYRING
-GPG_CMD="$GPG_CMD --secret-keyring $SECRETKEYRING"
-GPG_CMD="$GPG_CMD --trustdb-name ${TRUSTDBDIR}/trustdb.gpg"
-#----------------------------------------- END COPY
+# now try a different one
+# setup archive-keyring 
+mkdir -p aptarchive/ubuntu/project
+install -m0644 keys/marvinparanoid.pub aptarchive/ubuntu/project/
+echo 'APT::Key::ArchiveKeyringURI "http://localhost:8080/ubuntu/project/marvinparanoid.pub";' >> ./aptconfig.conf
+echo 'APT::Key::Net-Update-Enabled "1";' >> ./aptconfig.conf

-GPG="$GPG_CMD --keyring $TRUSTEDFILE"
-MASTER_KEYRING=/usr/share/keyrings/ubuntu-master-keyring.gpg
+# test against the "real" webserver
+testequal "Checking for new archive signing keys now
+Key 'E8525D47528144E2' not added. It is not signed with a master key" aptkey --fakeroot net-update

-msgtest "add_keys_with_verify_against_master_keyring"
-if [ ! -e $MASTER_KEYRING ]; then
-    echo -n "No $MASTER_KEYRING found"
-    msgskip 
-    exit 0
-fi
-
-# test bad keyring and ensure its not added (LP: #857472)
-ADD_KEYRING=./keys/exploid-keyring-with-dupe-keys.pub
-if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then
-    msgfail
-else
-    msgpass
-fi
-
-# ensure the keyring is still empty
-gpg_out=$($GPG --list-keys)
-msgtest "Test if keyring is empty"
-if [ -n "" ]; then
-    msgfail
-else
-    msgpass
-fi
-
-
-# test another possible attack vector using subkeys (LP: #1013128)
-msgtest "add_keys_with_verify_against_master_keyring with subkey attack"
-ADD_KEYRING=./keys/exploid-keyring-with-dupe-subkeys.pub
-if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then
-    msgfail
-else
-    msgpass
-fi
-
-# ensure the keyring is still empty
-gpg_out=$($GPG --list-keys)
-msgtest "Test if keyring is empty"
-if [ -n "" ]; then
-    msgfail
-else
-    msgpass
-fi
-
-
-# test good keyring and ensure we get no errors
-ADD_KEYRING=/usr/share/keyrings/ubuntu-archive-keyring.gpg
-if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then
-    msgpass
-else
-    msgfail
-fi
-
-testequal './etc/apt/trusted.gpg
---------------------
-pub   1024D/437D05B5 2004-09-12
-uid                  Ubuntu Archive Automatic Signing Key <ftpmaster@ubuntu.com>
-sub   2048g/79164387 2004-09-12
-
-pub   1024D/FBB75451 2004-12-30
-uid                  Ubuntu CD Image Automatic Signing Key <cdimage@ubuntu.com>
-
-pub   4096R/C0B21F32 2012-05-11
-uid                  Ubuntu Archive Automatic Signing Key (2012) <ftpmaster@ubuntu.com>
-
-pub   4096R/EFE21092 2012-05-11
-uid                  Ubuntu CD Image Automatic Signing Key (2012) <cdimage@ubuntu.com>
-' $GPG --list-keys