diff options
| author | David Kalnischkies <david@kalnischkies.de> | 2016-05-04 11:10:08 +0200 |
|---|---|---|
| committer | David Kalnischkies <david@kalnischkies.de> | 2016-05-04 12:12:27 +0200 |
| commit | 761a5ad2ec07f097b05c32427bd0ebddfd587987 (patch) | |
| tree | 37601497dbb8dd8b3ec73f3bba7a95bad377a30c | |
| parent | 737ce3135d332e3b6165ac1fac5c68e21ba1bdba (diff) | |
tests: allow to disable generation of InRelease/Release.gpg file
If the test just signs release files to throw away one of them to test
the other, we can just as well save the time and not create it.
Git-Dch: Ignore
| -rw-r--r-- | test/integration/framework | 18 | ||||
| -rwxr-xr-x | test/integration/test-apt-update-nofallback | 8 | ||||
| -rwxr-xr-x | test/integration/test-hashsum-verification | 2 | ||||
| -rwxr-xr-x | test/integration/test-releasefile-date-older | 13 | ||||
| -rwxr-xr-x | test/integration/test-releasefile-verification | 31 | ||||
| -rwxr-xr-x | test/integration/test-ubuntu-bug-784473-InRelease-one-message-only | 6 |
6 files changed, 33 insertions, 45 deletions
diff --git a/test/integration/framework b/test/integration/framework index 7eaa36415..1f843babf 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -1134,11 +1134,21 @@ signreleasefiles() { fi local GPG="aptkey --quiet --keyring ${KEY}.pub --secret-keyring ${KEY}.sec --readonly adv --batch --yes --digest-algo ${APT_TESTS_DIGEST_ALGO:-SHA512}" for RELEASE in $(find "${REPODIR}/" -name Release); do - testsuccess $GPG "$@" $SIGUSERS --armor --detach-sign --sign --output "${RELEASE}.gpg" "${RELEASE}" - local INRELEASE="$(echo "${RELEASE}" | sed 's#/Release$#/InRelease#')" - testsuccess $GPG "$@" $SIGUSERS --clearsign --output "$INRELEASE" "$RELEASE" # we might have set a specific date for the Release file, so copy it - touch -d "$(stat --format "%y" ${RELEASE})" "${RELEASE}.gpg" "${INRELEASE}" + local DATE="$(stat --format "%y" "${RELEASE}")" + if [ "$APT_DONT_SIGN" = 'Release.gpg' ]; then + rm -f "${RELEASE}.gpg" + else + testsuccess $GPG "$@" $SIGUSERS --armor --detach-sign --sign --output "${RELEASE}.gpg" "${RELEASE}" + touch -d "$DATE" "${RELEASE}.gpg" + fi + local INRELEASE="${RELEASE%/*}/InRelease" + if [ "$APT_DONT_SIGN" = 'InRelease' ]; then + rm -f "$INRELEASE" + else + testsuccess $GPG "$@" $SIGUSERS --clearsign --output "$INRELEASE" "$RELEASE" + touch -d "$DATE" "${INRELEASE}" + fi done if [ -f "$SECEXPIREBAK" ] && [ -f "$PUBEXPIREBAK" ]; then mv -f "$SECEXPIREBAK" "${REXKEY}.sec" diff --git a/test/integration/test-apt-update-nofallback b/test/integration/test-apt-update-nofallback index d9166eefd..4db67ee5d 100755 --- a/test/integration/test-apt-update-nofallback +++ b/test/integration/test-apt-update-nofallback @@ -9,8 +9,7 @@ set -e simulate_mitm_and_inject_evil_package() { redatereleasefiles '+1 hour' - rm -f "$APTARCHIVE/dists/unstable/InRelease" - rm -f "$APTARCHIVE/dists/unstable/Release.gpg" + rm -f "$APTARCHIVE/dists/unstable/InRelease" "$APTARCHIVE/dists/unstable/Release.gpg" inject_evil_package } @@ -126,11 +125,10 @@ test_cve_2012_0214() listcurrentlistsdirectory > lists.before # do what CVE-2012-0214 did - rm "$APTARCHIVE/dists/unstable/InRelease" - rm "$APTARCHIVE/dists/unstable/Release.gpg" + rm "$APTARCHIVE/dists/unstable/InRelease" "$APTARCHIVE/dists/unstable/Release.gpg" inject_evil_package # build valid Release file - aptftparchive -qq release ./aptarchive > aptarchive/dists/unstable/Release + aptftparchive -qq release ./aptarchive > aptarchive/dists/unstable/Release assert_update_is_refused_and_last_good_state_used testfileequal lists.before "$(listcurrentlistsdirectory)" diff --git a/test/integration/test-hashsum-verification b/test/integration/test-hashsum-verification index a31be6bcb..31923bd87 100755 --- a/test/integration/test-hashsum-verification +++ b/test/integration/test-hashsum-verification @@ -44,7 +44,6 @@ SHA256: xb306e66e5e6a7169c8d281a888539d1fdca9cecc99ae605717df579d5b9c166 527 Packages.lzma x9585d0e66b74c9385727fbea11fea9ab33c716b18a32f3036f037a2b9b57120 572 Packages.xz EOF - cp aptarchive/Release aptarchive/InRelease } # fake our downloadable file @@ -56,7 +55,6 @@ runtest() { prepare "${PKGFILE}" rm -rf rootdir/var/lib/apt/lists signreleasefiles 'Joe Sixpack' - find aptarchive/ -name "$DELETEFILE" -delete # test signed release file msgtest 'apt-get update gets the expected hashsum mismatch' diff --git a/test/integration/test-releasefile-date-older b/test/integration/test-releasefile-date-older index 2d6746b10..e38ddc3c5 100755 --- a/test/integration/test-releasefile-date-older +++ b/test/integration/test-releasefile-date-older @@ -26,40 +26,43 @@ testsuccess aptget update testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)" msgmsg 'Release.gpg file is silently rejected if' 'new Date is before old Date' +export APT_DONT_SIGN='InRelease' rm -rf rootdir/var/lib/apt/lists generatereleasefiles 'now' 'now + 7 days' signreleasefiles -find aptarchive -name 'InRelease' -delete testsuccess aptget update listcurrentlistsdirectory > listsdir.lst redatereleasefiles 'now - 2 days' -find aptarchive -name 'InRelease' -delete testsuccess aptget update testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)" +unset APT_DONT_SIGN msgmsg 'Crisscross InRelease/Release.gpg file is silently rejected if' 'new Date is before old Date' +export APT_DONT_SIGN='Release.gpg' rm -rf rootdir/var/lib/apt/lists generatereleasefiles 'now' 'now + 7 days' signreleasefiles -find aptarchive -name 'Release.gpg' -delete testsuccess aptget update +export APT_DONT_SIGN='InRelease' listcurrentlistsdirectory > listsdir.lst redatereleasefiles 'now - 2 days' -find aptarchive -name 'InRelease' -delete testsuccess aptget update testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)" +unset APT_DONT_SIGN msgmsg 'Crisscross Release.gpg/InRelease file is silently rejected if' 'new Date is before old Date' +export APT_DONT_SIGN='InRelease' rm -rf rootdir/var/lib/apt/lists generatereleasefiles 'now' 'now + 7 days' signreleasefiles find aptarchive -name 'InRelease' -delete testsuccess aptget update +export APT_DONT_SIGN='Release.gpg' listcurrentlistsdirectory > listsdir.lst redatereleasefiles 'now - 2 days' -find aptarchive -name 'Release.gpg' -delete testsuccess aptget update testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)" +unset APT_DONT_SIGN msgmsg 'Release file has' 'no Date and no Valid-Until field' rm -rf rootdir/var/lib/apt/lists diff --git a/test/integration/test-releasefile-verification b/test/integration/test-releasefile-verification index 24e7830aa..a95c20fd4 100755 --- a/test/integration/test-releasefile-verification +++ b/test/integration/test-releasefile-verification @@ -99,12 +99,10 @@ updatewithwarnings() { } runtest() { - local DELETEFILE="$1" msgmsg 'Cold archive signed by' 'Joe Sixpack' prepare "${PKGFILE}" rm -rf rootdir/var/lib/apt/lists signreleasefiles 'Joe Sixpack' - find aptarchive/ -name "$DELETEFILE" -delete successfulaptgetupdate testsuccessequal "$(cat "${PKGFILE}") " aptcache show apt @@ -113,7 +111,6 @@ runtest() { msgmsg 'Good warm archive signed by' 'Joe Sixpack' prepare "${PKGFILE}-new" signreleasefiles 'Joe Sixpack' - find aptarchive/ -name "$DELETEFILE" -delete successfulaptgetupdate testsuccessequal "$(cat "${PKGFILE}-new") " aptcache show apt @@ -124,7 +121,6 @@ runtest() { rm -rf rootdir/var/lib/apt/lists cp keys/rexexpired.pub rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg signreleasefiles 'Rex Expired' - find aptarchive/ -name "$DELETEFILE" -delete updatewithwarnings '^W: .* EXPKEYSIG' testsuccessequal "$(cat "${PKGFILE}") " aptcache show apt @@ -144,7 +140,6 @@ runtest() { prepare "${PKGFILE}" rm -rf rootdir/var/lib/apt/lists signreleasefiles 'Joe Sixpack' 'aptarchive' --faked-system-time "20070924T154812" --default-sig-expire 2016-04-01 - find aptarchive/ -name "$DELETEFILE" -delete updatewithwarnings '^W: .* EXPSIG' testsuccessequal "$(cat "${PKGFILE}") " aptcache show apt @@ -158,7 +153,6 @@ runtest() { prepare "${PKGFILE}" rm -rf rootdir/var/lib/apt/lists signreleasefiles 'Joe Sixpack,Marvin Paranoid' - find aptarchive/ -name "$DELETEFILE" -delete successfulaptgetupdate 'NO_PUBKEY' testsuccessequal "$(cat "${PKGFILE}") " aptcache show apt @@ -168,7 +162,6 @@ runtest() { prepare "${PKGFILE}" rm -rf rootdir/var/lib/apt/lists signreleasefiles 'Joe Sixpack,Rex Expired' - find aptarchive/ -name "$DELETEFILE" -delete cp keys/rexexpired.pub rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg successfulaptgetupdate 'EXPKEYSIG' rm -f rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg @@ -180,7 +173,6 @@ runtest() { prepare "${PKGFILE}" rm -rf rootdir/var/lib/apt/lists signreleasefiles 'Marvin Paranoid' - find aptarchive/ -name "$DELETEFILE" -delete updatewithwarnings '^W: .* NO_PUBKEY' testsuccessequal "$(cat "${PKGFILE}") " aptcache show apt @@ -189,7 +181,6 @@ runtest() { msgmsg 'Bad warm archive signed by' 'Joe Sixpack' prepare "${PKGFILE}-new" signreleasefiles 'Joe Sixpack' - find aptarchive/ -name "$DELETEFILE" -delete successfulaptgetupdate testsuccessequal "$(cat "${PKGFILE}-new") " aptcache show apt @@ -199,7 +190,6 @@ runtest() { prepare "${PKGFILE}" rm -rf rootdir/var/lib/apt/lists signreleasefiles 'Joe Sixpack' - find aptarchive/ -name "$DELETEFILE" -delete successfulaptgetupdate testsuccessequal "$(cat "${PKGFILE}") " aptcache show apt @@ -208,7 +198,6 @@ runtest() { msgmsg 'Good warm archive signed by' 'Marvin Paranoid' prepare "${PKGFILE}-new" signreleasefiles 'Marvin Paranoid' - find aptarchive/ -name "$DELETEFILE" -delete updatewithwarnings '^W: .* NO_PUBKEY' testsuccessequal "$(cat "${PKGFILE}") " aptcache show apt @@ -218,7 +207,6 @@ runtest() { prepare "${PKGFILE}-new" cp keys/rexexpired.pub rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg signreleasefiles 'Rex Expired' - find aptarchive/ -name "$DELETEFILE" -delete updatewithwarnings '^W: .* EXPKEYSIG' testsuccessequal "$(cat "${PKGFILE}") " aptcache show apt @@ -228,7 +216,6 @@ runtest() { msgmsg 'Good warm archive signed by' 'Joe Sixpack' prepare "${PKGFILE}-new" signreleasefiles - find aptarchive/ -name "$DELETEFILE" -delete successfulaptgetupdate testsuccessequal "$(cat "${PKGFILE}-new") " aptcache show apt @@ -238,7 +225,6 @@ runtest() { prepare "${PKGFILE}" rm -rf rootdir/var/lib/apt/lists signreleasefiles 'Marvin Paranoid' - find aptarchive/ -name "$DELETEFILE" -delete local MARVIN="$(readlink -f keys/marvinparanoid.pub)" sed -i "s#^\(deb\(-src\)\?\) #\1 [signed-by=$MARVIN] #" rootdir/etc/apt/sources.list.d/* successfulaptgetupdate @@ -249,7 +235,6 @@ runtest() { msgmsg 'Cold archive signed by bad keyring' 'Joe Sixpack' rm -rf rootdir/var/lib/apt/lists signreleasefiles 'Joe Sixpack' - find aptarchive/ -name "$DELETEFILE" -delete updatewithwarnings '^W: .* NO_PUBKEY' sed -i "s#^\(deb\(-src\)\?\) \[signed-by=$MARVIN\] #\1 #" rootdir/etc/apt/sources.list.d/* @@ -257,14 +242,12 @@ runtest() { msgmsg 'Cold archive signed by bad keyid' 'Joe Sixpack' rm -rf rootdir/var/lib/apt/lists signreleasefiles 'Joe Sixpack' - find aptarchive/ -name "$DELETEFILE" -delete sed -i "s#^\(deb\(-src\)\?\) #\1 [signed-by=$MARVIN] #" rootdir/etc/apt/sources.list.d/* updatewithwarnings '^W: .* be verified because the public key is not available: .*' msgmsg 'Cold archive signed by good keyid' 'Marvin Paranoid' rm -rf rootdir/var/lib/apt/lists signreleasefiles 'Marvin Paranoid' - find aptarchive/ -name "$DELETEFILE" -delete cp keys/marvinparanoid.pub rootdir/etc/apt/trusted.gpg.d/marvinparanoid.gpg successfulaptgetupdate testsuccessequal "$(cat "${PKGFILE}") @@ -274,7 +257,6 @@ runtest() { msgmsg 'Cold archive signed by good keyid' 'Marvin Paranoid,Joe Sixpack' rm -rf rootdir/var/lib/apt/lists signreleasefiles 'Marvin Paranoid,Joe Sixpack' - find aptarchive/ -name "$DELETEFILE" -delete successfulaptgetupdate 'NoPubKey: GOODSIG' testsuccessequal "$(cat "${PKGFILE}") " aptcache show apt @@ -284,7 +266,6 @@ runtest() { msgmsg 'Cold archive signed by good keyids' 'Joe Sixpack' rm -rf rootdir/var/lib/apt/lists signreleasefiles 'Joe Sixpack' - find aptarchive/ -name "$DELETEFILE" -delete sed -i "s#^\(deb\(-src\)\?\) \[signed-by=$MARVIN\] #\1 [signed-by=${SIXPACK},${MARVIN}] #" rootdir/etc/apt/sources.list.d/* successfulaptgetupdate testsuccessequal "$(cat "${PKGFILE}") @@ -306,7 +287,6 @@ runtest() { cp -a rootdir/var/lib/apt/lists rootdir/var/lib/apt/lists-bak prepare "${PKGFILE}-new" signreleasefiles 'Joe Sixpack' - find aptarchive/ -name "$DELETEFILE" -delete msgmsg 'Warm archive with signed-by' 'Joe Sixpack' sed -i "/^Valid-Until: / a\ @@ -364,8 +344,7 @@ runtest2() { # package verification. msgmsg 'Warm archive signed by' 'nobody' prepare "${PKGFILE}-new" - find aptarchive/ -name InRelease -delete - find aptarchive/ -name Release.gpg -delete + find aptarchive/ \( -name InRelease -o -name Release.gpg \) -delete updatewithwarnings 'W: .* no longer signed.' testsuccessequal "$(cat "${PKGFILE}-new") " aptcache show apt @@ -386,8 +365,10 @@ runtest3() { runtest2 for DELETEFILE in 'InRelease' 'Release.gpg'; do + export APT_DONT_SIGN="$DELETEFILE" msgmsg "Running test with deletion of $DELETEFILE and $1 digest" - runtest "$DELETEFILE" + runtest + unset APT_DONT_SIGN done } @@ -422,11 +403,11 @@ msgmsg "Running test with apt-untrusted digest" echo "APT::Hashes::$APT_TESTS_DIGEST_ALGO::Untrusted \"yes\";" > rootdir/etc/apt/apt.conf.d/truststate runfailure() { for DELETEFILE in 'InRelease' 'Release.gpg'; do + export APT_DONT_SIGN="$DELETEFILE" msgmsg 'Cold archive signed by' 'Joe Sixpack' prepare "${PKGFILE}" rm -rf rootdir/var/lib/apt/lists signreleasefiles 'Joe Sixpack' - find aptarchive/ -name "$DELETEFILE" -delete testfailure aptget update --no-allow-insecure-repositories -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1 testsuccess grep 'The following signatures were invalid' rootdir/tmp/testfailure.output testnopackage 'apt' @@ -437,13 +418,13 @@ runfailure() { prepare "${PKGFILE}" rm -rf rootdir/var/lib/apt/lists signreleasefiles 'Marvin Paranoid' - find aptarchive/ -name "$DELETEFILE" -delete testfailure aptget update --no-allow-insecure-repositories -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1 testnopackage 'apt' updatewithwarnings '^W: .* NO_PUBKEY' testsuccessequal "$(cat "${PKGFILE}") " aptcache show apt failaptold + unset APT_DONT_SIGN done } runfailure diff --git a/test/integration/test-ubuntu-bug-784473-InRelease-one-message-only b/test/integration/test-ubuntu-bug-784473-InRelease-one-message-only index 21d7129ae..fe42ba83d 100755 --- a/test/integration/test-ubuntu-bug-784473-InRelease-one-message-only +++ b/test/integration/test-ubuntu-bug-784473-InRelease-one-message-only @@ -8,11 +8,9 @@ configarchitecture 'i386' insertpackage 'unstable' 'apt' 'i386' '0.8.11' -setupaptarchive +export APT_DONT_SIGN='Release.gpg' +setupaptarchive --no-update -rm -rf rootdir/var/lib/apt/lists - -find aptarchive/ -name 'Release.gpg' -delete find aptarchive/ -name 'InRelease' -exec cp {} {}.old \; for RELEASE in $(find aptarchive/ -name 'InRelease'); do |