diff options
author | David Kalnischkies <david@kalnischkies.de> | 2015-06-08 15:22:01 +0200 |
---|---|---|
committer | David Kalnischkies <david@kalnischkies.de> | 2015-06-09 12:57:36 +0200 |
commit | 8d041b4f4f353079268039dcbfd8b5e575196b66 (patch) | |
tree | b7b98628e0ef408ab413aed1665de87f6679c3ce /test/integration/test-cve-2013-1051-InRelease-parsing | |
parent | 9b8c28f430a8fbe73252cc3e87b6e88e9d5063d9 (diff) |
do not request files if we expect an IMS hit
If we have a file on disk and the hashes are the same in the new Release
file and the old one we have on disk we know that if we ask the server
for the file, we will at best get an IMS hit – at worse the server
doesn't support this and sends us the (unchanged) file and we have to
run all our checks on it again for nothing. So, we can save ourselves
(and the servers) some unneeded requests if we figure this out on our
own.
Diffstat (limited to 'test/integration/test-cve-2013-1051-InRelease-parsing')
-rwxr-xr-x | test/integration/test-cve-2013-1051-InRelease-parsing | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/test/integration/test-cve-2013-1051-InRelease-parsing b/test/integration/test-cve-2013-1051-InRelease-parsing index e38e40cc9..d99174553 100755 --- a/test/integration/test-cve-2013-1051-InRelease-parsing +++ b/test/integration/test-cve-2013-1051-InRelease-parsing @@ -39,10 +39,15 @@ sed -i '/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ s/^$/ / cat aptarchive/dists/stable/Release >> aptarchive/dists/stable/InRelease touch -d '+1hour' aptarchive/dists/stable/InRelease -# ensure the update fails -# useful for debugging to add "-o Debug::pkgAcquire::auth=true" -msgtest 'apt-get update for should fail with the modified' 'InRelease' -aptget update 2>&1 | grep -E -q '(Writing more data than expected|Hash Sum mismatch)' > /dev/null && msgpass || msgfail +# ensure the update doesn't load bad data as good data +# Note that we will pick up the InRelease itself as we download no other +# indexes which would trigger a hashsum mismatch, but we ignore the 'bad' +# part of the InRelease +listcurrentlistsdirectory | sed '/_InRelease/ d' > listsdir.lst +msgtest 'apt-get update should ignore unsigned data in the' 'InRelease' +testsuccessequal "Get:1 http://localhost:8080 stable InRelease [$(stat -c%s aptarchive/dists/stable/InRelease) B] +Reading package lists..." --nomsg aptget update +testfileequal './listsdir.lst' "$(listcurrentlistsdirectory | sed '/_InRelease/ d')" # ensure there is no package testfailureequal 'Reading package lists... |