diff options
author | David Kalnischkies <david@kalnischkies.de> | 2016-03-17 16:36:14 +0100 |
---|---|---|
committer | David Kalnischkies <david@kalnischkies.de> | 2016-06-22 14:05:01 +0200 |
commit | ab94dcece2465f824bea80fc9158bf9a028b2e87 (patch) | |
tree | d4aed383e010d64ca5a689216b36ab28929c06a8 /test | |
parent | 57f7fb6511fcc7c55ee7a88475d15385093c048e (diff) |
handle weak-security repositories as unauthenticated
APT can be forced to deal with repositories which have no security
features whatsoever, so just giving up on repositories which "just" fail
our current criteria of good security features is the wrong incentive.
Of course, repositories are better of fixing their setup to provide the
minimum of security features, but sometimes this isn't possible:
Historic repositories for example which do not change (anymore).
That also fixes problem with repositories which are marked as trusted,
but are providing only weak security features which would fail the
parsing of the Release file.
Closes: 827364
Diffstat (limited to 'test')
-rwxr-xr-x | test/integration/test-apt-update-weak-hashes | 158 |
1 files changed, 138 insertions, 20 deletions
diff --git a/test/integration/test-apt-update-weak-hashes b/test/integration/test-apt-update-weak-hashes index 18674ecd2..9395b10b0 100755 --- a/test/integration/test-apt-update-weak-hashes +++ b/test/integration/test-apt-update-weak-hashes @@ -7,6 +7,7 @@ TESTDIR="$(readlink -f "$(dirname "$0")")" setupenvironment configarchitecture 'i386' confighashes 'MD5' +export APT_DONT_SIGN='' insertpackage 'unstable' 'foo' 'i386' '1.0' insertsource 'unstable' 'foo' 'any' '1.0' @@ -14,27 +15,144 @@ insertsource 'unstable' 'foo' 'any' '1.0' setupaptarchive --no-update APTARCHIVE="$(readlink -f ./aptarchive)" -msgmsg 'Release contains only weak hashes' -FILENAME="${APTARCHIVE}/dists/unstable/InRelease" -MANGLED="$(readlink -f ./rootdir)/var/lib/apt/lists/partial/$(echo "$FILENAME" | sed 's#/#_#g')" -testfailuremsg "E: Failed to fetch file:${FILENAME} No Hash entry in Release file ${MANGLED} which is considered strong enough for security purposes -E: Some index files failed to download. They have been ignored, or old ones used instead." apt update -testnopackage foo -testnosrcpackage foo +testnopkg() { + testnopackage "$@" + testnosrcpackage "$@" +} +testbadpkg() { + testempty find rootdir/var/lib/apt/lists -maxdepth 1 -name '*InRelease' -o -name '*Release.gpg' + testnotempty find rootdir/var/lib/apt/lists -maxdepth 1 -name '*Release' + testnotempty apt show "$@" + testnotempty apt showsrc "$@" + testfailureequal "WARNING: The following packages cannot be authenticated! + $* +E: There were unauthenticated packages and -y was used without --allow-unauthenticated" aptget install -qq -y "$@" + testfailureequal "WARNING: The following packages cannot be authenticated! + $* +E: Some packages could not be authenticated" aptget source -qq "$@" +} -msgmsg 'Release contains no hashes' -sed -i -e '/^ / d' -e '/^MD5Sum:/ d' "$APTARCHIVE/dists/unstable/Release" +testrun() { + local TYPE="$1" + local FILENAME="$2" + shift 2 + local MANGLED="$(readlink -f ./rootdir)/var/lib/apt/lists/partial/$(echo "$FILENAME" | sed 's#/#_#g')" + msgmsg "$TYPE contains only weak hashes" + confighashes 'MD5' + generatereleasefiles + signreleasefiles + preparetest + if [ -z "$1" ]; then + listcurrentlistsdirectory > lists.before + testfailuremsg "W: No Hash entry in Release file ${MANGLED} which is considered strong enough for security purposes +E: The repository 'file:${APTARCHIVE} unstable $(basename "$FILENAME")' provides only weak security information. +N: Updating from such a repository can't be done securely, and is therefore disabled by default. +N: See apt-secure(8) manpage for repository creation and user configuration details." apt update + testfileequal lists.before "$(listcurrentlistsdirectory)" + testnopkg 'foo' + else + testwarningmsg "W: No Hash entry in Release file ${MANGLED} which is considered strong enough for security purposes +W: The repository 'file:${APTARCHIVE} unstable $(basename "$FILENAME")' provides only weak security information. +N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use. +N: See apt-secure(8) manpage for repository creation and user configuration details." apt update "$@" + testbadpkg 'foo' + fi + + msgmsg "$TYPE contains no hashes" + generatereleasefiles + sed -i -e '/^ / d' -e '/^MD5Sum:/ d' "$APTARCHIVE/dists/unstable/Release" + signreleasefiles + preparetest + if [ -z "$1" ]; then + listcurrentlistsdirectory > lists.before + testfailuremsg "W: No Hash entry in Release file ${MANGLED} +E: The repository 'file:${APTARCHIVE} unstable $(basename "$FILENAME")' provides only weak security information. +N: Updating from such a repository can't be done securely, and is therefore disabled by default. +N: See apt-secure(8) manpage for repository creation and user configuration details." apt update + testfileequal lists.before "$(listcurrentlistsdirectory)" + testnopkg 'foo' + else + testwarningmsg "W: No Hash entry in Release file ${MANGLED} +W: The repository 'file:${APTARCHIVE} unstable $(basename "$FILENAME")' provides only weak security information. +N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use. +N: See apt-secure(8) manpage for repository creation and user configuration details." apt update "$@" + testbadpkg 'foo' + fi + + msgmsg "$TYPE contains only weak hashes for some files" + confighashes 'MD5' 'SHA256' + generatereleasefiles + sed -i '/^ [0-9a-fA-Z]\{64\} .*Sources$/d' "$APTARCHIVE/dists/unstable/Release" + signreleasefiles + preparetest + # trust is a repository property, so individual files can't be insecure + testwarningmsg "W: Skipping acquire of configured file 'main/source/Sources' as repository 'file:${APTARCHIVE} unstable InRelease' provides only weak security information for it" apt update "$@" + testsuccess apt show foo + testnosrcpackage foo +} + +genericprepare() { + rm -rf rootdir/var/lib/apt/lists + mkdir -p rootdir/var/lib/apt/lists/partial + touch rootdir/var/lib/apt/lists/lock + local RELEASEGPG="$(readlink -f ./rootdir)/var/lib/apt/lists/partial/$(echo "${APTARCHIVE}/dists/unstable/Release.gpg" | sed 's#/#_#g')" + touch "$RELEASEGPG" + chmod 644 "$RELEASEGPG" + local INRELEASE="$(readlink -f ./rootdir)/var/lib/apt/lists/partial/$(echo "${APTARCHIVE}/dists/unstable/InRelease" | sed 's#/#_#g')" + touch "$INRELEASE" + chmod 644 "$INRELEASE" +} +preparetest() { + rm -f "${APTARCHIVE}/dists/unstable/Release" "${APTARCHIVE}/dists/unstable/Release.gpg" + genericprepare +} +testrun 'InRelease' "${APTARCHIVE}/dists/unstable/InRelease" +testrun 'InRelease' "${APTARCHIVE}/dists/unstable/InRelease" --allow-insecure-repositories -o APT::Get::List-Cleanup=0 + +preparetest() { + rm -f "${APTARCHIVE}/dists/unstable/InRelease" + genericprepare +} +testrun 'Release+Release.gpg' "${APTARCHIVE}/dists/unstable/Release" +testrun 'Release+Release.gpg' "${APTARCHIVE}/dists/unstable/Release" --allow-insecure-repositories -o APT::Get::List-Cleanup=0 + +preparetest() { + rm -f "${APTARCHIVE}/dists/unstable/InRelease" "${APTARCHIVE}/dists/unstable/Release.gpg" + genericprepare +} + +msgmsg 'Moving between Release files with good and bad hashes' +rm -rf rootdir/var/lib/apt/lists +confighashes 'MD5' +generatereleasefiles 'now - 1 day' signreleasefiles -testfailuremsg "E: Failed to fetch file:${FILENAME} No Hash entry in Release file ${MANGLED} -E: Some index files failed to download. They have been ignored, or old ones used instead." apt update -testnopackage foo -testnosrcpackage foo +testfailure apt update +testnopkg 'foo' +testwarning apt update --allow-insecure-repositories +testbadpkg 'foo' -msgmsg 'Release contains only weak hashes for some files' confighashes 'MD5' 'SHA256' -generatereleasefiles -sed -i '/^ [0-9a-fA-Z]\{64\} .*Sources$/d' "$APTARCHIVE/dists/unstable/Release" -signreleasefiles -testwarningmsg "W: Skipping acquire of configured file 'main/source/Sources' as repository 'file:${APTARCHIVE} unstable InRelease' provides only weak security information for it" apt update -testsuccess apt show foo -testnosrcpackage foo +rm -rf aptarchive/dists +insertpackage 'unstable' 'foo2' 'i386' '1.0' +insertsource 'unstable' 'foo2' 'any' '1.0' +setupaptarchive --no-update 'now - 12 hours' +testsuccess apt update +testnopkg foo +testnotempty find rootdir/var/lib/apt/lists -maxdepth 1 -name '*InRelease' -o -name '*Release.gpg' +testnotempty apt show foo2 +testnotempty apt showsrc foo2 + +confighashes 'MD5' +rm -rf aptarchive/dists +insertpackage 'unstable' 'foo3' 'i386' '1.0' +insertsource 'unstable' 'foo3' 'any' '1.0' +setupaptarchive --no-update +testfailure apt update +testnopkg foo +testnopkg foo3 +testnotempty find rootdir/var/lib/apt/lists -maxdepth 1 -name '*InRelease' -o -name '*Release.gpg' +testnotempty apt show foo2 +testnotempty apt showsrc foo2 +testwarning apt update --allow-insecure-repositories +testnopkg foo2 +testbadpkg foo3 |