summaryrefslogtreecommitdiff
path: root/test/integration
diff options
context:
space:
mode:
authorDavid Kalnischkies <david@kalnischkies.de>2015-06-24 19:31:22 +0200
committerDavid Kalnischkies <david@kalnischkies.de>2015-08-10 17:25:26 +0200
commitb0d408547734100bf86781615f546487ecf390d9 (patch)
tree8e88e2394ce15a4ac5a070b59a0cf4b74d748859 /test/integration
parent0741daeb7ab870b4dd62a93fa12a1cf6330f9a72 (diff)
implement Signed-By option for sources.list
Limits which key(s) can be used to sign a repository. Not immensely useful from a security perspective all by itself, but if the user has additional measures in place to confine a repository (like pinning) an attacker who gets the key for such a repository is limited to its potential and can't use the key to sign its attacks for an other (maybe less limited) repository… (yes, this is as weak as it sounds, but having the capability might come in handy for implementing other stuff later).
Diffstat (limited to 'test/integration')
-rw-r--r--test/integration/framework23
-rwxr-xr-xtest/integration/test-apt-key37
-rwxr-xr-xtest/integration/test-releasefile-verification47
3 files changed, 93 insertions, 14 deletions
diff --git a/test/integration/framework b/test/integration/framework
index 059cba9fb..6ae5003f7 100644
--- a/test/integration/framework
+++ b/test/integration/framework
@@ -1414,14 +1414,23 @@ testfailure() {
else
local EXITCODE=$?
if expr match "$1" '^apt.*' >/dev/null; then
- if grep -q -E ' runtime error: ' "$OUTPUT"; then
- msgfailoutput 'compiler detected undefined behavior' "$OUTPUT" "$@"
- elif grep -q -E '==ERROR' "$OUTPUT"; then
- msgfailoutput 'compiler sanitizers reported errors' "$OUTPUT" "$@"
- elif ! grep -q -E '^E: ' "$OUTPUT"; then
- msgfailoutput "run failed with exitcode ${EXITCODE}, but with no errors" "$OUTPUT" "$@"
+ if [ "$1" = 'aptkey' ]; then
+ if grep -q -E " Can't check signature: " "$OUTPUT" || \
+ grep -q -E " BAD signature from " "$OUTPUT"; then
+ msgpass
+ else
+ msgfailoutput "run failed with exitcode ${EXITCODE}, but no signature error" "$OUTPUT" "$@"
+ fi
else
- msgpass
+ if grep -q -E ' runtime error: ' "$OUTPUT"; then
+ msgfailoutput 'compiler detected undefined behavior' "$OUTPUT" "$@"
+ elif grep -q -E '==ERROR' "$OUTPUT"; then
+ msgfailoutput 'compiler sanitizers reported errors' "$OUTPUT" "$@"
+ elif ! grep -q -E '^E: ' "$OUTPUT"; then
+ msgfailoutput "run failed with exitcode ${EXITCODE}, but with no errors" "$OUTPUT" "$@"
+ else
+ msgpass
+ fi
fi
else
msgpass
diff --git a/test/integration/test-apt-key b/test/integration/test-apt-key
index 486acccc8..e1be08c65 100755
--- a/test/integration/test-apt-key
+++ b/test/integration/test-apt-key
@@ -73,7 +73,7 @@ pub 2048R/DBAC8DAE 2010-08-18'
testsuccess aptkey --fakeroot del DBAC8DAE
testempty aptkey list
- msgtest 'Test key removal with' 'lowercase key ID' #keylength somewher between 8byte and short
+ msgtest 'Test key removal with' 'lowercase key ID' #keylength somewhere between 8byte and short
cleanplate
cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
testsuccess --nomsg aptkey --fakeroot del d141dbac8dae
@@ -166,6 +166,40 @@ pub 2048R/528144E2 2011-01-16'
msgtest 'Test merge-back of' 'removed duplicate keys'
testsuccess --nomsg aptkey adv --batch --yes --delete-keys DBAC8DAE
testaptkeys 'pub 2048R/528144E2 2011-01-16'
+
+ cleanplate
+ cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
+ cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg
+ msgtest 'Test signing a file' 'with a key'
+ echo 'Verify me. This is my signature.' > signature
+ testsuccess --nomsg aptkey --quiet --keyring keys/marvinparanoid.pub --secret-keyring keys/marvinparanoid.sec --readonly \
+ adv --batch --yes --default-key 'Marvin' --armor --detach-sign --sign --output signature.gpg signature
+
+ msgtest 'Test verify a file' 'with all keys'
+ testsuccess --nomsg aptkey --quiet --readonly verify signature.gpg signature
+
+ msgtest 'Test verify a file' 'with good keyring'
+ testsuccess --nomsg aptkey --quiet --readonly --keyring keys/testcase-multikey.pub verify signature.gpg signature
+
+ msgtest 'Test fail verify a file' 'with bad keyring'
+ testfailure --nomsg aptkey --quiet --readonly --keyring keys/joesixpack.pub verify signature.gpg signature
+
+ msgtest 'Test fail verify a file' 'with non-existing keyring'
+ testfailure --nomsg aptkey --quiet --readonly --keyring keys/does-not-exist.pub verify signature.gpg signature
+ testfailure test -e keys/does-not-exist.pub
+
+ msgtest 'Test verify a file' 'with good keyid'
+ testsuccess --nomsg aptkey --quiet --readonly --keyid 'Paranoid' verify signature.gpg signature
+
+ msgtest 'Test fail verify a file' 'with bad keyid'
+ testfailure --nomsg aptkey --quiet --readonly --keyid 'Sixpack' verify signature.gpg signature
+
+ msgtest 'Test fail verify a file' 'with non-existing keyid'
+ testfailure --nomsg aptkey --quiet --readonly --keyid 'Kalnischkies' verify signature.gpg signature
+
+ msgtest 'Test verify fails on' 'bad file'
+ echo 'lalalalala' > signature
+ testfailure --nomsg aptkey --quiet --readonly verify signature.gpg signature
}
setupgpgcommand() {
@@ -187,4 +221,3 @@ setupgpgcommand 'gpg'
testrun
setupgpgcommand 'gpg2'
testrun
-
diff --git a/test/integration/test-releasefile-verification b/test/integration/test-releasefile-verification
index e8419524c..1c3953c8b 100755
--- a/test/integration/test-releasefile-verification
+++ b/test/integration/test-releasefile-verification
@@ -139,11 +139,6 @@ runtest() {
failaptold
prepare ${PKGFILE}-new
- # weborf doesn't support If-Range
- for release in $(find rootdir/var/lib/apt/lists/partial/ -name '*Release'); do
- rm $release
- touch $release
- done
signreleasefiles 'Joe Sixpack'
find aptarchive/ -name "$DELETEFILE" -delete
msgmsg 'Bad warm archive signed by' 'Joe Sixpack'
@@ -191,6 +186,48 @@ runtest() {
testsuccessequal "$(cat ${PKGFILE}-new)
" aptcache show apt
installaptnew
+
+ prepare ${PKGFILE}
+ rm -rf rootdir/var/lib/apt/lists
+ signreleasefiles 'Marvin Paranoid'
+ find aptarchive/ -name "$DELETEFILE" -delete
+ msgmsg 'Cold archive signed by good keyring' 'Marvin Paranoid'
+ local MARVIN="$(readlink -f keys/marvinparanoid.pub)"
+ sed -i "s#^\(deb\(-src\)\?\) #\1 [signed-by=$MARVIN] #" rootdir/etc/apt/sources.list.d/*
+ testsuccess aptget update -o Debug::pkgAcquire::Worker=1
+ testsuccessequal "$(cat ${PKGFILE})
+" aptcache show apt
+ installaptold
+
+ rm -rf rootdir/var/lib/apt/lists
+ signreleasefiles 'Joe Sixpack'
+ find aptarchive/ -name "$DELETEFILE" -delete
+ msgmsg 'Cold archive signed by bad keyring' 'Joe Sixpack'
+ updatewithwarnings '^W: .* NO_PUBKEY'
+
+ sed -i "s#^\(deb\(-src\)\?\) \[signed-by=$MARVIN\] #\1 #" rootdir/etc/apt/sources.list.d/*
+ local MARVIN="$(aptkey --keyring $MARVIN finger | grep 'Key fingerprint' | cut -d'=' -f 2 | tr -d ' ')"
+
+ prepare ${PKGFILE}
+ rm -rf rootdir/var/lib/apt/lists
+ signreleasefiles 'Marvin Paranoid'
+ find aptarchive/ -name "$DELETEFILE" -delete
+ msgmsg 'Cold archive signed by good keyid' 'Marvin Paranoid'
+ sed -i "s#^\(deb\(-src\)\?\) #\1 [signed-by=$MARVIN] #" rootdir/etc/apt/sources.list.d/*
+ cp keys/marvinparanoid.pub rootdir/etc/apt/trusted.gpg.d/marvinparanoid.gpg
+ testsuccess aptget update -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1
+ testsuccessequal "$(cat ${PKGFILE})
+" aptcache show apt
+ installaptold
+ rm -f rootdir/etc/apt/trusted.gpg.d/marvinparanoid.gpg
+
+ rm -rf rootdir/var/lib/apt/lists
+ signreleasefiles 'Joe Sixpack'
+ find aptarchive/ -name "$DELETEFILE" -delete
+ msgmsg 'Cold archive signed by bad keyid' 'Joe Sixpack'
+ updatewithwarnings '^W: .* NO_PUBKEY'
+
+ sed -i "s#^\(deb\(-src\)\?\) \[signed-by=$MARVIN\] #\1 #" rootdir/etc/apt/sources.list.d/*
}
runtest2() {