summaryrefslogtreecommitdiff
path: root/test/integration/test-ubuntu-bug-346386-apt-get-update-paywall
diff options
context:
space:
mode:
authorDavid Kalnischkies <david@kalnischkies.de>2016-05-08 19:46:34 +0200
committerDavid Kalnischkies <david@kalnischkies.de>2016-05-08 19:46:34 +0200
commit2fac0dd5a7a62b67a869cd4c71c9d09159aaa31d (patch)
tree3749636ed93b8ed2d83be2e7b7e7997abafbf492 /test/integration/test-ubuntu-bug-346386-apt-get-update-paywall
parent39c724b4848ef8d85c8c425f982dda85f0df1277 (diff)
gpgv: show always webportal error on NODATA
gpg doesn't give use a UID on NODATA, which we were "expecting" (but not using for anything), but just an error number. Instead of collecting these as badsigners which will trigger a "invald signature" error with remarks like "NODATA 1" we instead adapt a message similar to the NODATA error of a clearsigned file (which is actually not reached anymore as we split them up, which fails with a NOSPLIT error, which uses the same general error message). In other words: Not a security relevant change, just a user experience improvement as we now point them to the most likely cause of the problem instead of saying "invalid signature" which would point them in the direction of the archive being broken (for everyone) instead. Closes: 823746
Diffstat (limited to 'test/integration/test-ubuntu-bug-346386-apt-get-update-paywall')
-rwxr-xr-xtest/integration/test-ubuntu-bug-346386-apt-get-update-paywall55
1 files changed, 30 insertions, 25 deletions
diff --git a/test/integration/test-ubuntu-bug-346386-apt-get-update-paywall b/test/integration/test-ubuntu-bug-346386-apt-get-update-paywall
index 07c13434c..a756b5df2 100755
--- a/test/integration/test-ubuntu-bug-346386-apt-get-update-paywall
+++ b/test/integration/test-ubuntu-bug-346386-apt-get-update-paywall
@@ -13,7 +13,7 @@ insertsource 'unstable' 'unrelated' 'all' '1.0' 'stable'
echo 'ni ni ni' > aptarchive/knights
setupaptarchive
-changetowebserver -o 'aptwebserver::overwrite::.*::filename=/knights'
+changetowebserver -o 'aptwebserver::overwrite::.*InRelease::filename=/knights' -o 'aptwebserver::overwrite::.*::filename=/knights'
msgtest 'Acquire test file from the webserver to check' 'overwrite'
if downloadfile http://localhost:${APTHTTPPORT}/holygrail ./knights-talking >/dev/null; then
@@ -34,34 +34,39 @@ ensure_n_canary_strings_in_dir() {
test "$N" = "$EXPECTED_N" && msgpass || msgfail "Expected $EXPECTED_N canaries, got $N"
}
-LISTS='rootdir/var/lib/apt/lists'
-rm -rf rootdir/var/lib/apt/lists
-testfailure aptget update
-testsuccess grep '^E:.*Clearsigned file .*NOSPLIT.*' rootdir/tmp/testfailure.output
+runtests() {
+ LISTS='rootdir/var/lib/apt/lists'
+ rm -rf "$LISTS"
+ testfailure aptget update
+ testsuccess grep "$1" rootdir/tmp/testfailure.output
-ensure_n_canary_strings_in_dir "$LISTS" 'ni ni ni' 0
-testequal 'lock
+ ensure_n_canary_strings_in_dir "$LISTS" 'ni ni ni' 0
+ testequal 'lock
partial' ls "$LISTS"
-# and again with pre-existing files with "valid data" which should remain
-for f in Release Release.gpg main_binary-amd64_Packages main_source_Sources; do
- echo 'peng neee-wom' > "$LISTS/localhost:${APTHTTPPORT}_dists_stable_${f}"
- chmod 644 "$LISTS/localhost:${APTHTTPPORT}_dists_stable_${f}"
-done
+ # and again with pre-existing files with "valid data" which should remain
+ for f in Release Release.gpg main_binary-amd64_Packages main_source_Sources; do
+ echo 'peng neee-wom' > "$LISTS/localhost:${APTHTTPPORT}_dists_stable_${f}"
+ chmod 644 "$LISTS/localhost:${APTHTTPPORT}_dists_stable_${f}"
+ done
-testfailure aptget update
-testsuccess grep '^E:.*Clearsigned file .*NOSPLIT.*' rootdir/tmp/testfailure.output
+ testfailure aptget update
+ testsuccess grep "$1" rootdir/tmp/testfailure.output
-ensure_n_canary_strings_in_dir "$LISTS" 'peng neee-wom' 4
-ensure_n_canary_strings_in_dir "$LISTS" 'ni ni ni' 0
+ ensure_n_canary_strings_in_dir "$LISTS" 'peng neee-wom' 4
+ ensure_n_canary_strings_in_dir "$LISTS" 'ni ni ni' 0
-# and now with a pre-existing InRelease file
-echo 'peng neee-wom' > "$LISTS/localhost:${APTHTTPPORT}_dists_stable_InRelease"
-chmod 644 "$LISTS/localhost:${APTHTTPPORT}_dists_stable_InRelease"
-rm -f "$LISTS/localhost:${APTHTTPPORT}_dists_stable_Release" "$LISTS/localhost:${APTHTTPPORT}_dists_stable_Release.gpg"
-msgtest 'excpected failure of' 'apt-get update'
-testfailure aptget update
-testsuccess grep '^E:.*Clearsigned file .*NOSPLIT.*' rootdir/tmp/testfailure.output
+ # and now with a pre-existing InRelease file
+ echo 'peng neee-wom' > "$LISTS/localhost:${APTHTTPPORT}_dists_stable_InRelease"
+ chmod 644 "$LISTS/localhost:${APTHTTPPORT}_dists_stable_InRelease"
+ rm -f "$LISTS/localhost:${APTHTTPPORT}_dists_stable_Release" "$LISTS/localhost:${APTHTTPPORT}_dists_stable_Release.gpg"
+ msgtest 'excpected failure of' 'apt-get update'
+ testfailure aptget update
+ testsuccess grep "$1" rootdir/tmp/testfailure.output
-ensure_n_canary_strings_in_dir "$LISTS" 'peng neee-wom' 3
-ensure_n_canary_strings_in_dir "$LISTS" 'ni ni ni' 0
+ ensure_n_canary_strings_in_dir "$LISTS" 'peng neee-wom' 3
+ ensure_n_canary_strings_in_dir "$LISTS" 'ni ni ni' 0
+}
+runtests '^E:.*Clearsigned file .*NOSPLIT.*'
+webserverconfig 'aptwebserver::overwrite::.*InRelease::filename' '/404'
+runtests '^E:.*Signed file .*NODATA.*'