You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

105 lines
3.8 KiB

  1. #!/bin/sh
  2. set -e
  3. TESTDIR="$(readlink -f "$(dirname "$0")")"
  4. . "$TESTDIR/framework"
  5. setupenvironment
  6. configarchitecture 'i386'
  7. insertpackage 'wheezy' 'apt' 'all' '0.8.15'
  8. setupaptarchive --no-update
  9. # we don't complain as the server could have just sent a 'Hit' here and this
  10. # 'downgrade attack' is usually performed by out-of-sync mirrors. Valid-Until
  11. # catches the 'real' downgrade attacks (expect that it finds stale mirrors).
  12. # Scaring users with an error here serves hence no point.
  13. msgmsg 'InRelease file is silently rejected if' 'new Date is before old Date'
  14. rm -rf rootdir/var/lib/apt/lists
  15. generatereleasefiles 'now' 'now + 7 days'
  16. signreleasefiles
  17. testsuccess aptget update
  18. listcurrentlistsdirectory > listsdir.lst
  19. redatereleasefiles 'now - 2 days'
  20. testsuccess aptget update
  21. testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
  22. msgmsg 'Release.gpg file is silently rejected if' 'new Date is before old Date'
  23. export APT_DONT_SIGN='InRelease'
  24. rm -rf rootdir/var/lib/apt/lists
  25. generatereleasefiles 'now' 'now + 7 days'
  26. signreleasefiles
  27. testsuccess aptget update
  28. listcurrentlistsdirectory > listsdir.lst
  29. redatereleasefiles 'now - 2 days'
  30. testsuccess aptget update
  31. testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
  32. unset APT_DONT_SIGN
  33. msgmsg 'Crisscross InRelease/Release.gpg file is silently rejected if' 'new Date is before old Date'
  34. export APT_DONT_SIGN='Release.gpg'
  35. rm -rf rootdir/var/lib/apt/lists
  36. generatereleasefiles 'now' 'now + 7 days'
  37. signreleasefiles
  38. testsuccess aptget update
  39. export APT_DONT_SIGN='InRelease'
  40. listcurrentlistsdirectory > listsdir.lst
  41. redatereleasefiles 'now - 2 days'
  42. testsuccess aptget update
  43. testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
  44. unset APT_DONT_SIGN
  45. msgmsg 'Crisscross Release.gpg/InRelease file is silently rejected if' 'new Date is before old Date'
  46. export APT_DONT_SIGN='InRelease'
  47. rm -rf rootdir/var/lib/apt/lists
  48. generatereleasefiles 'now' 'now + 7 days'
  49. signreleasefiles
  50. find aptarchive -name 'InRelease' -delete
  51. testsuccess aptget update
  52. export APT_DONT_SIGN='Release.gpg'
  53. listcurrentlistsdirectory > listsdir.lst
  54. redatereleasefiles 'now - 2 days'
  55. testsuccess aptget update
  56. testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
  57. unset APT_DONT_SIGN
  58. msgmsg 'Release file has' 'no Date and no Valid-Until field'
  59. rm -rf rootdir/var/lib/apt/lists
  60. generatereleasefiles 'now'
  61. sed -i '/^Date: / d' $(find ./aptarchive -name 'Release')
  62. signreleasefiles
  63. testwarning aptget update
  64. listcurrentlistsdirectory > listsdir.lst
  65. # have no effect as Date is unknown
  66. testwarning aptget update -o Acquire::Min-ValidTime=$((3600*24*30))
  67. testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
  68. testwarning aptget update -o Acquire::Max-ValidTime=1
  69. testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
  70. sed -i '/^Codename: / a\
  71. Another-Field: yes' $(find aptarchive/ -name 'Release')
  72. touch -d 'now + 1 day' $(find aptarchive/ -name 'Release')
  73. signreleasefiles "${2:-Joe Sixpack}"
  74. testwarning aptget update
  75. testsuccess cmp $(find aptarchive/ -name 'InRelease') $(find rootdir/var/lib/apt/ -name '*_InRelease')
  76. msgmsg 'Release file has' 'no Date field, but Valid-Until expired'
  77. rm -rf rootdir/var/lib/apt/lists
  78. generatereleasefiles 'now' 'now - 2 days'
  79. sed -i '/^Date: / d' $(find ./aptarchive -name 'Release')
  80. signreleasefiles
  81. testfailure aptget update
  82. listcurrentlistsdirectory > listsdir.lst
  83. # have no effect as Date is unknown
  84. testfailure aptget update -o Acquire::Min-ValidTime=$((3600*24*30))
  85. testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
  86. testfailure aptget update -o Acquire::Max-ValidTime=1
  87. testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
  88. msgmsg 'Release file has' 'no Date field, but Valid-Until is good'
  89. rm -rf rootdir/var/lib/apt/lists
  90. generatereleasefiles 'now' 'now + 2 days'
  91. sed -i '/^Date: / d' $(find ./aptarchive -name 'Release')
  92. signreleasefiles
  93. testwarning aptget update