diff options
author | Julian Andres Klode <jak@debian.org> | 2016-03-13 12:21:09 +0100 |
---|---|---|
committer | Julian Andres Klode <jak@debian.org> | 2016-03-13 13:01:14 +0100 |
commit | 51c04562559d0924aa52cc8c9b69901bc8a5c945 (patch) | |
tree | f31a91a41932f61a444c39374afadf43a3484bed /test/integration/test-ubuntu-bug-1098738-apt-get-source-md5sum | |
parent | e457c94165c9c4dfef8cea7c2f716700d1c84b3f (diff) |
Do not consider SHA1 usable
SHA1 is not reasonably secure anymore, so we should not consider it
usable anymore. The test suite is adjusted to account for this.
Diffstat (limited to 'test/integration/test-ubuntu-bug-1098738-apt-get-source-md5sum')
-rwxr-xr-x | test/integration/test-ubuntu-bug-1098738-apt-get-source-md5sum | 37 |
1 files changed, 23 insertions, 14 deletions
diff --git a/test/integration/test-ubuntu-bug-1098738-apt-get-source-md5sum b/test/integration/test-ubuntu-bug-1098738-apt-get-source-md5sum index 015a803bc..7ac993d39 100755 --- a/test/integration/test-ubuntu-bug-1098738-apt-get-source-md5sum +++ b/test/integration/test-ubuntu-bug-1098738-apt-get-source-md5sum @@ -17,6 +17,15 @@ Files: 9604ba9427a280db542279d9ed78400b 3 pkg-md5-ok_1.0.dsc db5570bf61464b46e2bde31ed61a7dc6 3 pkg-md5-ok_1.0.tar.gz +Package: pkg-sha1-ok +Binary: pkg-sha1-ok +Version: 1.0 +Maintainer: Joe Sixpack <joe@example.org> +Architecture: all +Files: + 324f464e6151a92cf57b26ef95dcfcf2059a8c44 3 pkg-sha1-ok_1.0.dsc + 680254bad1d7ca0d65ec46aaa315d363abf6a50a 3 pkg-sha1-ok_1.0.tar.gz + Package: pkg-sha256-ok Binary: pkg-sha256-ok Version: 1.0 @@ -139,7 +148,7 @@ Checksums-Sha256: EOF # create fetchable files -for x in 'pkg-md5-ok' 'pkg-sha256-ok' 'pkg-sha256-bad' 'pkg-no-md5' \ +for x in 'pkg-md5-ok' 'pkg-sha1-ok' 'pkg-sha256-ok' 'pkg-sha256-bad' 'pkg-no-md5' \ 'pkg-mixed-ok' 'pkg-mixed-sha1-bad' 'pkg-mixed-sha2-bad' \ 'pkg-md5-agree' 'pkg-md5-disagree' 'pkg-sha256-disagree' \ 'pkg-md5-bad'; do @@ -230,6 +239,7 @@ Download complete and in download only mode" aptget source --allow-unauthenticat } testnohash pkg-md5-ok +testnohash pkg-sha1-ok testok pkg-sha256-ok testkeep pkg-sha256-ok @@ -255,29 +265,28 @@ testfailure --nomsg test -e pkg-no-md5_1.0.dsc -a -e pkg-no-md5_1.0.tar.gz # deal with cases in which we haven't for all files the same checksum type # mostly pathologic as this shouldn't happen, but just to be sure -testok pkg-mixed-ok -testfailureequal "Reading package lists... -Need to get 6 B of source archives. +testsuccessequal "Reading package lists... +Skipping download of file 'pkg-mixed-ok_1.0.tar.gz' as requested hashsum is not available for authentication +Need to get 3 B of source archives. +Get:1 http://localhost:${APTHTTPPORT} pkg-mixed-ok 1.0 (dsc) [3 B] +Download complete and in download only mode" aptget source -d pkg-mixed-ok + +testsuccessequal "Reading package lists... +Skipping download of file 'pkg-mixed-sha1-bad_1.0.dsc' as requested hashsum is not available for authentication +Need to get 3 B of source archives. Get:1 http://localhost:${APTHTTPPORT} pkg-mixed-sha1-bad 1.0 (tar) [3 B] -Get:2 http://localhost:${APTHTTPPORT} pkg-mixed-sha1-bad 1.0 (dsc) [3 B] -Err:2 http://localhost:${APTHTTPPORT} pkg-mixed-sha1-bad 1.0 (dsc) - Hash Sum mismatch -E: Failed to fetch http://localhost:${APTHTTPPORT}/pkg-mixed-sha1-bad_1.0.dsc Hash Sum mismatch - -E: Failed to fetch some archives." aptget source -d pkg-mixed-sha1-bad +Download complete and in download only mode" aptget source -d pkg-mixed-sha1-bad msgtest 'Only tar file is downloaded as the dsc has hashsum mismatch' 'pkg-mixed-sha1-bad' testsuccess --nomsg test ! -e pkg-mixed-sha1-bad_1.0.dsc -a -e pkg-mixed-sha1-bad_1.0.tar.gz testfailureequal "Reading package lists... -Need to get 6 B of source archives. +Skipping download of file 'pkg-mixed-sha2-bad_1.0.dsc' as requested hashsum is not available for authentication +Need to get 3 B of source archives. Get:1 http://localhost:${APTHTTPPORT} pkg-mixed-sha2-bad 1.0 (tar) [3 B] Err:1 http://localhost:${APTHTTPPORT} pkg-mixed-sha2-bad 1.0 (tar) Hash Sum mismatch -Get:2 http://localhost:${APTHTTPPORT} pkg-mixed-sha2-bad 1.0 (dsc) [3 B] E: Failed to fetch http://localhost:${APTHTTPPORT}/pkg-mixed-sha2-bad_1.0.tar.gz Hash Sum mismatch E: Failed to fetch some archives." aptget source -d pkg-mixed-sha2-bad -msgtest 'Only dsc file is downloaded as the tar has hashsum mismatch' 'pkg-mixed-sha2-bad' -testsuccess --nomsg test -e pkg-mixed-sha2-bad_1.0.dsc -a ! -e pkg-mixed-sha2-bad_1.0.tar.gz # it gets even more pathologic: multiple entries for one file, some even disagreeing! testnohash pkg-md5-agree |