summaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
authorDavid Kalnischkies <david@kalnischkies.de>2014-10-15 03:47:50 +0200
committerDavid Kalnischkies <david@kalnischkies.de>2014-10-15 03:47:50 +0200
commit68ba0b7f4e1c03edfb6f621e7e7314ea610af96b (patch)
treede275968bbc64bbf58bd365477821d825b995968 /test
parent460601d53039b1d1b5688a8cd58bae10fb746f57 (diff)
testcases runable as root
Running the testcases is usually not a good idea, but it can be handy to check if the privilege dropping works. Git-Dch: Ignore
Diffstat (limited to 'test')
-rw-r--r--test/integration/framework31
-rwxr-xr-xtest/integration/test-apt-get-changelog9
-rwxr-xr-xtest/integration/test-apt-get-download13
-rwxr-xr-xtest/integration/test-apt-get-update-unauth-warning2
-rwxr-xr-xtest/integration/test-bug-254770-segfault-if-cache-not-buildable14
-rwxr-xr-xtest/integration/test-bug-738785-switch-protocol8
-rwxr-xr-xtest/integration/test-sourceslist-trusted-options2
7 files changed, 61 insertions, 18 deletions
diff --git a/test/integration/framework b/test/integration/framework
index 96b867788..a8d6bf3d0 100644
--- a/test/integration/framework
+++ b/test/integration/framework
@@ -43,7 +43,10 @@ msgtest() {
printf "…${CNORMAL} "
}
msgpass() { printf "${CPASS}PASS${CNORMAL}\n"; }
-msgskip() { printf "${CWARNING}SKIP${CNORMAL}\n" >&2; }
+msgskip() {
+ if [ $# -gt 0 ]; then printf "${CWARNING}SKIP: $*${CNORMAL}\n" >&2;
+ else printf "${CWARNING}SKIP${CNORMAL}\n" >&2; fi
+}
msgfail() {
if [ $# -gt 0 ]; then printf "${CFAIL}FAIL: $*${CNORMAL}\n" >&2;
else printf "${CFAIL}FAIL${CNORMAL}\n" >&2; fi
@@ -170,6 +173,12 @@ setupenvironment() {
addtrap "cd /; rm -rf $TMPWORKINGDIRECTORY;"
msgninfo "Preparing environment for ${CCMD}$(basename $0)${CINFO} in ${TMPWORKINGDIRECTORY}… "
+ if [ "$(id -u)" = '0' ]; then
+ # relax permissions so that running as root with user switching works
+ umask 022
+ chmod o+rx "$TMPWORKINGDIRECTORY"
+ fi
+
TESTDIRECTORY=$(readlink -f $(dirname $0))
# allow overriding the default BUILDDIR location
BUILDDIRECTORY=${APT_INTEGRATION_TESTS_BUILD_DIR:-"${TESTDIRECTORY}/../../build/bin"}
@@ -185,7 +194,7 @@ setupenvironment() {
mkdir rootdir aptarchive keys
cd rootdir
mkdir -p etc/apt/apt.conf.d etc/apt/sources.list.d etc/apt/trusted.gpg.d etc/apt/preferences.d
- mkdir -p var/cache var/lib/apt var/log tmp
+ mkdir -p usr/bin var/cache var/lib/apt var/log tmp
mkdir -p var/lib/dpkg/info var/lib/dpkg/updates var/lib/dpkg/triggers
touch var/lib/dpkg/available
mkdir -p usr/lib/apt
@@ -221,7 +230,15 @@ setupenvironment() {
echo "Debug::NoLocking \"true\";" >> aptconfig.conf
echo "APT::Get::Show-User-Simulation-Note \"false\";" >> aptconfig.conf
echo "Dir::Bin::Methods \"${METHODSDIR}\";" >> aptconfig.conf
- echo "Dir::Bin::apt-key \"${BUILDDIRECTORY}/apt-key\";" >> aptconfig.conf
+ # store apt-key were we can access it, even if we run it as a different user
+ # destroys coverage reporting though, so just do it for root for now
+ if [ "$(id -u)" = '0' ]; then
+ cp "${BUILDDIRECTORY}/apt-key" "${TMPWORKINGDIRECTORY}/rootdir/usr/bin/"
+ chmod o+rx "${TMPWORKINGDIRECTORY}/rootdir/usr/bin/apt-key"
+ echo "Dir::Bin::apt-key \"${TMPWORKINGDIRECTORY}/rootdir/usr/bin/apt-key\";" >> aptconfig.conf
+ else
+ echo "Dir::Bin::apt-key \"${BUILDDIRECTORY}/apt-key\";" >> aptconfig.conf
+ fi
echo "Dir::Bin::dpkg \"fakeroot\";" >> aptconfig.conf
echo "DPKG::options:: \"dpkg\";" >> aptconfig.conf
echo "DPKG::options:: \"--root=${TMPWORKINGDIRECTORY}/rootdir\";" >> aptconfig.conf
@@ -239,7 +256,11 @@ setupenvironment() {
# hide this as we can't really deal with it properly
echo 'Acquire::Failure::ShowIP "false";' >> aptconfig.conf
- echo "Acquire::https::CaInfo \"${TESTDIR}/apt.pem\";" > rootdir/etc/apt/apt.conf.d/99https
+ cp "${TESTDIRECTORY}/apt.pem" "${TMPWORKINGDIRECTORY}/rootdir/etc/webserver.pem"
+ if [ "$(id -u)" = '0' ]; then
+ chown _apt:root "${TMPWORKINGDIRECTORY}/rootdir/etc/webserver.pem"
+ fi
+ echo "Acquire::https::CaInfo \"${TMPWORKINGDIRECTORY}/rootdir/etc/webserver.pem\";" > rootdir/etc/apt/apt.conf.d/99https
echo "Apt::Cmd::Disable-Script-Warning \"1\";" > rootdir/etc/apt/apt.conf.d/apt-binary
configcompression '.' 'gz' #'bz2' 'lzma' 'xz'
@@ -977,7 +998,7 @@ changetohttpswebserver() {
changetowebserver --no-rewrite "$@"
fi
echo "pid = ${TMPWORKINGDIRECTORY}/aptarchive/stunnel.pid
-cert = ${TESTDIRECTORY}/apt.pem
+cert = ${TMPWORKINGDIRECTORY}/rootdir/etc/webserver.pem
output = /dev/null
[https]
diff --git a/test/integration/test-apt-get-changelog b/test/integration/test-apt-get-changelog
index 02d6c39ab..76a32a122 100755
--- a/test/integration/test-apt-get-changelog
+++ b/test/integration/test-apt-get-changelog
@@ -26,19 +26,18 @@ testequal "'http://localhost:8080//pool/apt_1.0/changelog'" aptget changelog apt
testequal "'http://localhost:8080//pool/apt_1.0/changelog'
'http://localhost:8080//pool/apt_1.0/changelog'" aptget changelog apt apt --print-uris
-aptget changelog apt -qq > apt.changelog
-testfileequal 'apt.changelog' "$(cat aptarchive/pool/apt_1.0/changelog)"
-rm apt.changelog
+testsuccess aptget changelog apt -qq
+testfileequal 'rootdir/tmp/testsuccess.output' "$(cat aptarchive/pool/apt_1.0/changelog)"
testsuccess aptget changelog apt -d
testfileequal 'apt.changelog' "$(cat aptarchive/pool/apt_1.0/changelog)"
-rm apt.changelog aptarchive/pool/apt_1.0/changelog
+rm -f apt.changelog aptarchive/pool/apt_1.0/changelog
testequal "$(cat aptarchive/pool/apt_1.0.changelog)" aptget changelog apt \
-qq -o APT::Changelogs::Server='http://not-on-the-main-server:8080/'
testsuccess aptget changelog apt -d
testfileequal 'apt.changelog' "$(cat aptarchive/pool/apt_1.0.changelog)"
-rm apt.changelog aptarchive/pool/apt_1.0.changelog
+rm -f apt.changelog aptarchive/pool/apt_1.0.changelog
testequal 'E: changelog download failed' aptget changelog apt -qq -o APT::Changelogs::Server='http://not-on-the-main-server:8080/'
diff --git a/test/integration/test-apt-get-download b/test/integration/test-apt-get-download
index 0514542b3..9a154e5fb 100755
--- a/test/integration/test-apt-get-download
+++ b/test/integration/test-apt-get-download
@@ -11,18 +11,27 @@ buildsimplenativepackage 'apt' 'all' '1.0' 'stable'
buildsimplenativepackage 'apt' 'all' '2.0' 'unstable'
insertinstalledpackage 'vrms' 'all' '1.0'
+OLD_UMASK="$(umask)"
umask 0027
+setupaptarchive --no-update
+umask "$OLD_UMASK"
-setupaptarchive
-
+# directories should be readable by everyone
+find aptarchive/dists -type d | while read dir; do
+ chmod o+rx "$dir"
+done
# apt-ftparchive knows how to chmod files
find aptarchive/dists -name '*Packages*' -type f | while read file; do
testaccessrights "$file" '644'
+ chmod 640 "$file"
done
# created by the framework without special care
find aptarchive/dists -name '*Release*' -type f | while read file; do
testaccessrights "$file" '640'
done
+
+testsuccess aptget update
+
# all copied files are properly chmodded
find rootdir/var/lib/apt/lists -type f | while read file; do
testaccessrights "$file" '644'
diff --git a/test/integration/test-apt-get-update-unauth-warning b/test/integration/test-apt-get-update-unauth-warning
index fe0cb45a4..0389415c1 100755
--- a/test/integration/test-apt-get-update-unauth-warning
+++ b/test/integration/test-apt-get-update-unauth-warning
@@ -24,7 +24,7 @@ testequal "Ign file: unstable InRelease
Err file: unstable Release
File not found
W: The repository 'file: unstable Release' does not have a Release file. This is deprecated, please contact the owner of the repository.
-E: Use --allow-insecure-repositories to force the update" aptget update
+E: Use --allow-insecure-repositories to force the update" aptget update --no-allow-insecure-repositories
# no package foo
testequal "Listing..." apt list foo
diff --git a/test/integration/test-bug-254770-segfault-if-cache-not-buildable b/test/integration/test-bug-254770-segfault-if-cache-not-buildable
index 59102ddc9..6ae8944b2 100755
--- a/test/integration/test-bug-254770-segfault-if-cache-not-buildable
+++ b/test/integration/test-bug-254770-segfault-if-cache-not-buildable
@@ -3,17 +3,25 @@ set -e
TESTDIR=$(readlink -f $(dirname $0))
. $TESTDIR/framework
+
+msgtest 'Test run as' 'non-root'
+if [ "$(id -u)" = '0' ]; then
+ msgskip 'root has by definition no problems accessing files'
+ exit 0
+else
+ msgpass
+fi
+
setupenvironment
configarchitecture "i386"
setupaptarchive
-CURRENTTRAP="chmod a+x rootdir/var/lib/dpkg; $CURRENTTRAP"
-trap "$CURRENTTRAP" 0 HUP INT QUIT ILL ABRT FPE SEGV PIPE TERM
+addtrap 'prefix' 'chmod a+x rootdir/var/lib/dpkg;'
chmod a-x rootdir/var/lib/dpkg
testsegfault() {
msgtest "No segfault in" "$*"
- local TEST="$($* 2>&1 | grep -v 'E:')"
+ local TEST="$("$@" 2>&1 | grep -v 'E:')"
if [ -z "$TEST" ]; then
msgpass
else
diff --git a/test/integration/test-bug-738785-switch-protocol b/test/integration/test-bug-738785-switch-protocol
index f81bba4b9..f450e5e5a 100755
--- a/test/integration/test-bug-738785-switch-protocol
+++ b/test/integration/test-bug-738785-switch-protocol
@@ -49,8 +49,14 @@ rm https
cd - >/dev/null
echo "Dir::Bin::Methods \"${COPYMETHODS}\";" >> aptconfig.conf
-testequal "E: The method driver $(pwd)/rootdir/usr/lib/apt/methods/https could not be found.
+if [ "$(id -u)" = '0' ]; then
+ testequal "Can't drop privileges for downloading as file '$(pwd)/apt_1.0_all.deb' couldn't be accessed by user '_apt'.
+E: The method driver $(pwd)/rootdir/usr/lib/apt/methods/https could not be found.
N: Is the package apt-transport-https installed?" aptget download apt -q=0
+else
+ testequal "E: The method driver $(pwd)/rootdir/usr/lib/apt/methods/https could not be found.
+N: Is the package apt-transport-https installed?" aptget download apt -q=0
+fi
testsuccess test ! -e apt_1.0_all.deb
# revert to all methods
diff --git a/test/integration/test-sourceslist-trusted-options b/test/integration/test-sourceslist-trusted-options
index 1178df46a..c954f2f4f 100755
--- a/test/integration/test-sourceslist-trusted-options
+++ b/test/integration/test-sourceslist-trusted-options
@@ -62,7 +62,7 @@ aptgetupdate() {
insecureaptgetupdate() {
rm -rf rootdir/var/lib/apt/lists
- testfailure aptget update
+ testfailure aptget update --no-allow-insecure-repositories
rm -rf rootdir/var/lib/apt/lists
testsuccess aptget update --allow-insecure-repositories
}