apt/test/integration, branch 1.6

apt/test/integration, branch 1.6_beta1 Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=1.6_beta1 2018-02-19T15:06:06Z Merge branch 'pu/not-valid-before' into 'master' 2018-02-19T15:06:06Z Julian Andres Klode jak@debian.org 2018-02-19T15:06:06Z urn:sha1:928ecff984be22632c27a69e072741e74491292c Check that Date of Release file is not in the future See merge request apt-team/apt!3 Check that Date of Release file is not in the future 2018-02-19T15:05:01Z Julian Andres Klode julian.klode@canonical.com 2018-01-29T15:15:41Z urn:sha1:9e5899cac1a6367e3769af52a724821880e538f6 By restricting the Date field to be in the past, an attacker cannot just create a repository from the future that would be accepted as a valid update for a repository. This check can be disabled by Acquire::Check-Date set to false. This will also disable Check-Valid-Until and any future date related checking, if any - the option means: "my computers date cannot be trusted." Modify the tests to allow repositories to be up to 10 hours in the future, so we can keep using hours there to simulate time changes. ensure correct file permissions for auxfiles 2018-02-19T14:56:09Z David Kalnischkies david@kalnischkies.de 2018-02-02T18:14:09Z urn:sha1:b3e7a16265e7c6c3b6892b9ec8a787d692ced6e6 The interesting takeaway here is perhaps that 'chmod +w' is effected by the umask – obvious in hindsight of course. The usual setup helps with hiding that applying that recursively on all directories (and files) isn't correct. Ensuring files will not be stored with the wrong permissions even if in strange umask contexts is trivial in comparison. Fixing the test also highlighted that it wasn't bulletproof as apt will automatically fix the permissions of the directories it works with, so for this test we actually need to introduce a shortcut in the code. Reported-By: Ubuntu autopkgtest CI tests: set debhelper compat 10 and R³ by default 2018-02-19T14:56:09Z David Kalnischkies david@kalnischkies.de 2018-01-27T01:15:35Z urn:sha1:7aaf9b2c63aa8bdd87de4c19dcf1742c686a1cc2 The testpackages hardly need debhelper at all, so any version would do, and they build without root rights by definition, but declaring it explicitly can't hurt and in the case of debhelper it would be sad if our testcases break one day because the old compat level is removed. Gbp-Dch: Ignore add apt-helper drop-privs command… 2018-02-19T14:56:09Z David Kalnischkies david@kalnischkies.de 2018-01-25T16:14:49Z urn:sha1:887e331abb6ac0a850e5d53de55f43c9ebdee5a2 Work around test-method-mirror failure by setting umask at start 2018-02-19T13:41:31Z Julian Andres Klode julian.klode@canonical.com 2018-02-19T13:41:31Z urn:sha1:bda3bce0197fe64819626f9ab116f72f80ce63c5 This fixes a test failure on autopkgtest. allow the apt/lists/auxfiles/ directory to be missing 2018-01-19T20:55:39Z David Kalnischkies david@kalnischkies.de 2018-01-19T01:20:40Z urn:sha1:38d444af2632219ab399dabadaaefaa4dcdd6ebf apt 1.6~alpha6 introduced aux requests to revamp the implementation of a-t-mirror. This already included the potential of running as non-root, but the detection wasn't complete resulting in errors or could produce spurious warnings along the way if the directory didn't exist yet. References: ef9677831f62a1554a888ebc7b162517d7881116 Closes: 887624 Introduce inrelease-path option for sources.list 2018-01-17T10:52:38Z Julian Andres Klode julian.klode@canonical.com 2018-01-16T15:53:46Z urn:sha1:698f9e3f9877be2aa181d6e40d3dc5c41ea318b7 Allow specifying an alternative path to the InRelease file, so you can have multiple versions of a repository, for example. Enabling this option disables fallback to Release and Release.gpg, so setting it to InRelease can be used to ensure that only that will be tried. We add two test cases: One for checking that it works, and another for checking that the fallback does not happen. Closes: #886745 add a testcase for the mirror method 2018-01-03T18:42:45Z David Kalnischkies david@kalnischkies.de 2017-11-18T13:21:14Z urn:sha1:8aadb98849ba2555f4596042c888da451d965dfd Gbp-Dch: Ignore allow a method to request auxiliary files 2018-01-03T17:55:41Z David Kalnischkies david@kalnischkies.de 2017-08-12T14:21:13Z urn:sha1:ef9677831f62a1554a888ebc7b162517d7881116 If a method needs a file to operate like e.g. mirror needs to get a list of mirrors before it can redirect the the actual requests to them. That could easily be solved by moving the logic into libapt directly, but by allowing a method to request other methods to do something we can keep this logic contained in the method and allow e.g. also methods which perform binary patching or similar things. Previously they would need to implement their own acquire system inside the existing one which in all likelyhood will not support the same features and methods nor operate with similar security compared to what we have already running 'above' the requesting method. That said, to avoid methods producing conflicts with "proper" files we are downloading a new directory is introduced to keep the auxiliary files in. [The message magic number 351 is a tribute to the german Grundgesetz article 35 paragraph 1 which defines that all authorities of the state(s) help each other on request.]