You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

72 lines
3.1 KiB

  1. #!/bin/sh
  2. set -e
  3. TESTDIR="$(readlink -f "$(dirname "$0")")"
  4. . "$TESTDIR/framework"
  5. setupenvironment
  6. configarchitecture 'i386'
  7. insertpackage 'stable' 'good-pkg' 'all' '1.0'
  8. setupaptarchive
  9. changetowebserver
  10. ARCHIVE="http://localhost:${APTHTTPPORT}"
  11. msgtest 'Initial apt-get update should work with' 'InRelease'
  12. testsuccess --nomsg aptget update
  13. # check that the setup is correct
  14. testsuccessequal "good-pkg:
  15. Installed: (none)
  16. Candidate: 1.0
  17. Version table:
  18. 1.0 500
  19. 500 ${ARCHIVE} stable/main all Packages" aptcache policy good-pkg
  20. # now exchange to the Packages file, note that this could be
  21. # done via MITM too
  22. insertpackage 'stable' 'bad-mitm' 'all' '1.0'
  23. # this builds compressed files and a new (unsigned) Release
  24. buildaptarchivefromfiles '+1hour'
  25. # add a space into the BEGIN PGP SIGNATURE PART/END PGP SIGNATURE part
  26. # to trick apt - this is still legal to gpg(v)
  27. sed -i '/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ s/^$/ /g' aptarchive/dists/stable/InRelease
  28. # we append the (evil unsigned) Release file to the (good signed) InRelease
  29. cat aptarchive/dists/stable/Release >> aptarchive/dists/stable/InRelease
  30. touch -d '+1hour' aptarchive/dists/stable/InRelease
  31. # ensure the update doesn't load bad data as good data
  32. # Note that we will pick up the InRelease itself as we download no other
  33. # indexes which would trigger a hashsum mismatch, but we ignore the 'bad'
  34. # part of the InRelease
  35. listcurrentlistsdirectory | sed '/_InRelease/ d' > listsdir.lst
  36. msgtest 'apt-get update should ignore unsigned data in the' 'InRelease'
  37. testwarningequal "Get:1 http://localhost:${APTHTTPPORT} stable InRelease [$(stat -c%s aptarchive/dists/stable/InRelease) B]
  38. Err:1 http://localhost:${APTHTTPPORT} stable InRelease
  39. Splitting up ${TMPWORKINGDIRECTORY}/rootdir/var/lib/apt/lists/partial/localhost:${APTHTTPPORT}_dists_stable_InRelease into data and signature failed
  40. Reading package lists...
  41. W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://localhost:${APTHTTPPORT} stable InRelease: Splitting up ${TMPWORKINGDIRECTORY}/rootdir/var/lib/apt/lists/partial/localhost:${APTHTTPPORT}_dists_stable_InRelease into data and signature failed
  42. W: Failed to fetch http://localhost:${APTHTTPPORT}/dists/stable/InRelease Splitting up ${TMPWORKINGDIRECTORY}/rootdir/var/lib/apt/lists/partial/localhost:${APTHTTPPORT}_dists_stable_InRelease into data and signature failed
  43. W: Some index files failed to download. They have been ignored, or old ones used instead." --nomsg aptget update
  44. testfileequal './listsdir.lst' "$(listcurrentlistsdirectory | sed '/_InRelease/ d')"
  45. # ensure there is no package
  46. testfailureequal 'Reading package lists...
  47. Building dependency tree...
  48. E: Unable to locate package bad-mitm' aptget install bad-mitm -s
  49. # and verify that its not picked up
  50. testsuccessequal 'N: Unable to locate package bad-mitm' aptcache policy bad-mitm
  51. # and that the right one is used
  52. testsuccessequal "good-pkg:
  53. Installed: (none)
  54. Candidate: 1.0
  55. Version table:
  56. 1.0 500
  57. 500 ${ARCHIVE} stable/main all Packages" aptcache policy good-pkg