You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

205 lines
7.5 KiB

  1. #!/bin/sh
  2. #
  3. # test that apt-get update is transactional
  4. #
  5. set -e
  6. avoid_ims_hit() {
  7. touch -d '+1hour' aptarchive/dists/unstable/main/binary-i386/Packages*
  8. touch -d '+1hour' aptarchive/dists/unstable/main/source/Sources*
  9. touch -d '+1hour' aptarchive/dists/unstable/*Release*
  10. touch -d '-1hour' rootdir/var/lib/apt/lists/*
  11. }
  12. create_fresh_archive()
  13. {
  14. rm -rf aptarchive/*
  15. rm -f rootdir/var/lib/apt/lists/_* rootdir/var/lib/apt/lists/partial/*
  16. insertpackage 'unstable' 'old' 'all' '1.0'
  17. setupaptarchive --no-update
  18. }
  19. add_new_package() {
  20. insertpackage 'unstable' 'new' 'all' '1.0'
  21. insertsource 'unstable' 'new' 'all' '1.0'
  22. setupaptarchive --no-update "$@"
  23. }
  24. break_repository_sources_index() {
  25. printf 'xxx' > "$APTARCHIVE/dists/unstable/main/source/Sources"
  26. compressfile "$APTARCHIVE/dists/unstable/main/source/Sources" "$@"
  27. }
  28. start_with_good_inrelease() {
  29. create_fresh_archive
  30. testsuccess aptget update
  31. listcurrentlistsdirectory > lists.before
  32. testsuccessequal 'old/unstable 1.0 all' apt list -qq
  33. }
  34. test_inrelease_to_new_inrelease() {
  35. msgmsg 'Test InRelease to new InRelease works fine'
  36. start_with_good_inrelease
  37. add_new_package '+1hour'
  38. testsuccess aptget update -o Debug::Acquire::Transaction=1
  39. testsuccessequal 'new/unstable 1.0 all
  40. old/unstable 1.0 all' apt list -qq
  41. }
  42. test_inrelease_to_broken_hash_reverts_all() {
  43. msgmsg 'Test InRelease to broken InRelease reverts everything'
  44. start_with_good_inrelease
  45. add_new_package '+1hour'
  46. # break the Sources file
  47. break_repository_sources_index '+1hour'
  48. # test the error condition
  49. testfailureequal "W: Failed to fetch file:${APTARCHIVE}/dists/unstable/main/source/Sources.gz Hash Sum mismatch
  50. E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq
  51. # ensure that the Packages file is also rolled back
  52. testfileequal lists.before "$(listcurrentlistsdirectory)"
  53. testfailureequal "E: Unable to locate package new" aptget install new -s -qq
  54. }
  55. test_inrelease_to_valid_release() {
  56. msgmsg 'Test InRelease to valid Release'
  57. start_with_good_inrelease
  58. add_new_package '+1hour'
  59. # switch to a unsigned repo now
  60. rm "$APTARCHIVE/dists/unstable/InRelease"
  61. rm "$APTARCHIVE/dists/unstable/Release.gpg"
  62. # update fails
  63. testfailureequal "E: The repository 'file:${APTARCHIVE} unstable Release' is no longer signed." aptget update -qq
  64. # test that security downgrade was not successful
  65. testfileequal lists.before "$(listcurrentlistsdirectory)"
  66. testsuccess aptget install old -s
  67. testfailure aptget install new -s
  68. testnotempty find "${ROOTDIR}/var/lib/apt/lists" -name '*_InRelease'
  69. testempty find "${ROOTDIR}/var/lib/apt/lists" -name '*_Release'
  70. }
  71. test_inrelease_to_release_reverts_all() {
  72. msgmsg 'Test InRelease to broken Release reverts everything'
  73. start_with_good_inrelease
  74. # switch to a unsigned repo now
  75. add_new_package '+1hour'
  76. rm "$APTARCHIVE/dists/unstable/InRelease"
  77. rm "$APTARCHIVE/dists/unstable/Release.gpg"
  78. # break it
  79. break_repository_sources_index '+1hour'
  80. # ensure error
  81. testfailureequal "E: The repository 'file:${APTARCHIVE} unstable Release' is no longer signed." aptget update -qq # -o Debug::acquire::transaction=1
  82. # ensure that the Packages file is also rolled back
  83. testfileequal lists.before "$(listcurrentlistsdirectory)"
  84. testsuccess aptget install old -s
  85. testfailure aptget install new -s
  86. testnotempty find "${ROOTDIR}/var/lib/apt/lists" -name '*_InRelease'
  87. testempty find "${ROOTDIR}/var/lib/apt/lists" -name '*_Release'
  88. }
  89. test_unauthenticated_to_invalid_inrelease() {
  90. msgmsg 'Test UnAuthenticated to invalid InRelease reverts everything'
  91. create_fresh_archive
  92. rm "$APTARCHIVE/dists/unstable/InRelease"
  93. rm "$APTARCHIVE/dists/unstable/Release.gpg"
  94. testwarning aptget update --allow-insecure-repositories
  95. listcurrentlistsdirectory > lists.before
  96. testfailureequal "WARNING: The following packages cannot be authenticated!
  97. old
  98. E: There were unauthenticated packages and -y was used without --allow-unauthenticated" aptget install -qq -y old
  99. # go to authenticated but not correct
  100. add_new_package '+1hour'
  101. break_repository_sources_index '+1hour'
  102. testfailureequal "W: Failed to fetch file:$APTARCHIVE/dists/unstable/main/source/Sources.gz Hash Sum mismatch
  103. E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq
  104. testfileequal lists.before "$(listcurrentlistsdirectory)"
  105. testempty find "${ROOTDIR}/var/lib/apt/lists" -maxdepth 1 -name '*_InRelease'
  106. testfailureequal "WARNING: The following packages cannot be authenticated!
  107. old
  108. E: There were unauthenticated packages and -y was used without --allow-unauthenticated" aptget install -qq -y old
  109. }
  110. test_inrelease_to_unauth_inrelease() {
  111. msgmsg 'Test InRelease to InRelease without good sig'
  112. start_with_good_inrelease
  113. signreleasefiles 'Marvin Paranoid'
  114. testwarningequal "W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: file:${APTARCHIVE} unstable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E8525D47528144E2
  115. W: Failed to fetch file:$APTARCHIVE/dists/unstable/InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E8525D47528144E2
  116. W: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq
  117. testfileequal lists.before "$(listcurrentlistsdirectory)"
  118. testnotempty find "${ROOTDIR}/var/lib/apt/lists" -name '*_InRelease'
  119. }
  120. test_inrelease_to_broken_gzip() {
  121. msgmsg "Test InRelease to broken gzip"
  122. start_with_good_inrelease
  123. break_repository_sources_index '+1hour'
  124. generatereleasefiles '+2hours'
  125. signreleasefiles
  126. # append junk at the end of the compressed file
  127. echo "lala" >> "$APTARCHIVE/dists/unstable/main/source/Sources.gz"
  128. touch -d '+2min' "$APTARCHIVE/dists/unstable/main/source/Sources.gz"
  129. # remove uncompressed file to avoid fallback
  130. rm "$APTARCHIVE/dists/unstable/main/source/Sources"
  131. testfailure aptget update
  132. testsuccess grep 'Hash Sum mismatch' rootdir/tmp/testfailure.output
  133. testfileequal lists.before "$(listcurrentlistsdirectory)"
  134. }
  135. TESTDIR="$(readlink -f "$(dirname "$0")")"
  136. . "$TESTDIR/framework"
  137. setupenvironment
  138. configarchitecture "i386"
  139. # setup the archive and ensure we have a single package that installs fine
  140. setupaptarchive
  141. APTARCHIVE="$(readlink -f ./aptarchive)"
  142. ROOTDIR="${TMPWORKINGDIRECTORY}/rootdir"
  143. APTARCHIVE_LISTS="$(echo "$APTARCHIVE" | tr "/" "_" )"
  144. # test the following cases:
  145. # - InRelease -> broken InRelease revert to previous state
  146. # - empty lists dir and broken remote leaves nothing on the system
  147. # - InRelease -> hashsum mismatch for one file reverts all files to previous state
  148. # - Release/Release.gpg -> hashsum mismatch
  149. # - InRelease -> Release with hashsum mismatch revert entire state and kills Release
  150. # - Release -> InRelease with broken Sig/Hash removes InRelease
  151. # going from Release/Release.gpg -> InRelease and vice versa
  152. # - unauthenticated -> invalid InRelease
  153. # stuff to do:
  154. # - ims-hit
  155. # - gzip-index tests
  156. test_inrelease_to_new_inrelease
  157. test_inrelease_to_broken_hash_reverts_all
  158. test_inrelease_to_valid_release
  159. test_inrelease_to_release_reverts_all
  160. test_unauthenticated_to_invalid_inrelease
  161. test_inrelease_to_unauth_inrelease
  162. test_inrelease_to_broken_gzip