summaryrefslogtreecommitdiff
path: root/test/integration/test-apt-update-nofallback
Commit message (Collapse)AuthorAgeFilesLines
* tests: try to support spaces in TMPDIRDavid Kalnischkies2015-09-141-17/+13
| | | | | | | | Not all tests work yet, most notable the cdrom tests, but those require changes in libapt itself to have a proper fix and what we have fixed so far is good enough progress for now. Git-Dch: Ignore
* fix various typos reported by codespellDavid Kalnischkies2015-08-271-1/+1
| | | | Reported-By: codespell
* Replace --force-yes by various options starting with --allowJulian Andres Klode2015-08-141-1/+1
| | | | This enables more fine grained control over such exceptions.
* drop extra newline in 'Failed to fetch' and 'GPG error' messageDavid Kalnischkies2015-08-101-4/+0
| | | | | | I never understood why there is an extra newline in those messages, so now is as good time as any to drop them. Lets see if someone complains with a good reason to keep it…
* enhance "hit paywall" error message to mention the probable causeDavid Kalnischkies2015-08-101-3/+2
| | | | | | | | | Reporting errors from Done() is bad for progress reporting and such, so factoring this out is a good idea and we start with moving the supposed- to-be clearsigned file isn't clearsigned out first – improving the error message in the process as we use the same message for a similar case (NODATA) as this is what I have to look at with the venue wifi at DebCamp and the old errormessage doesn't really say anything.
* show URI.Path in all acquire item descriptionsDavid Kalnischkies2015-06-111-3/+3
| | | | | | | | | | | | | | It is a rather strange sight that index items use SiteOnly which strips the Path, while e.g. deb files are downloaded with NoUserPassword which does not. Important to note here is that for the file transport Path is pretty important as there is no Host which would be displayed by Site, which always resulted in "interesting" unspecific errors for "file:". Adding a 'middle' ground between the two which does show the Path but potentially modifies it (it strips a pending / at the end if existing) solves this "file:" issue, syncs the output and in the end helps to identify which file is meant exactly in progress output and co as a single site can have multiple repositories in different paths.
* rework hashsum verification in the acquire systemDavid Kalnischkies2015-06-091-5/+6
| | | | | | | | | | | | | | | | | | | | | Having every item having its own code to verify the file(s) it handles is an errorprune process and easy to break, especially if items move through various stages (download, uncompress, patching, …). With a giant rework we centralize (most of) the verification to have a better enforcement rate and (hopefully) less chance for bugs, but it breaks the ABI bigtime in exchange – and as we break it anyway, it is broken even harder. It shouldn't effect most frontends as they don't deal with the acquire system at all or implement their own items, but some do and will need to be patched (might be an opportunity to use apt on-board material). The theory is simple: Items implement methods to decide if hashes need to be checked (in this stage) and to return the expected hashes for this item (in this stage). The verification itself is done in worker message passing which has the benefit that a hashsum error is now a proper error for the acquire system rather than a Done() which is later revised to a Failed().
* treat older Release files than we already have as an IMSHitDavid Kalnischkies2015-05-181-2/+3
| | | | | | | | | | | | | | | | | | | | | Valid-Until protects us from long-living downgrade attacks, but not all repositories have it and an attacker could still use older but still valid files to downgrade us. While this makes it sounds like a security improvement now, its a bit theoretical at best as an attacker with capabilities to pull this off could just as well always keep us days (but in the valid period) behind and always knows which state we have, as we tell him with the If-Modified-Since header. This is also why this is 'silently' ignored and treated as an IMSHit rather than screamed at the user as this can at best be an annoyance for attackers. An error here would 'regularily' be encountered by users by out-of-sync mirrors serving a single run (e.g. load balancer) or in two consecutive runs on the other hand, so it would just help teaching people ignore it. That said, most of the code churn is caused by enforcing this additional requirement. Crisscross from InRelease to Release.gpg is e.g. very unlikely in practice, but if we would ignore it an attacker could sidestep it this way.
* test exitcode as well as string equalityDavid Kalnischkies2015-03-161-6/+6
| | | | | | | | We use test{success,failure} now all over the place in the framework, so its only consequencial to do this in the situations in which we test for a specific output as well. Git-Dch: Ignore
* chown finished partial files earlierDavid Kalnischkies2014-10-231-1/+1
| | | | | | | | | | | | | | | | | partial files are chowned by the Item baseclass to let the methods work with them. Now, this baseclass is also responsible for chowning the files back to root instead of having various deeper levels do this. The consequence is that all overloaded Failed() methods now call the Item::Failed base as their first step. The same is done for Done(). The effect is that even in partial files usually don't belong to _apt anymore, helping sneakernets and reducing possibilities of a bad method modifying files not belonging to them. The change is supported by the framework not only supporting being run as root, but with proper permission management, too, so that privilege dropping can be tested with them.
* testcases: do not allow warnings in testsuccessDavid Kalnischkies2014-10-201-4/+4
| | | | | | | | | | Adds a new testwarning which tests for zero exit and the presents of a warning in the output, failing if either is not the case or if an error is found, too. This allows us to change testsuccess to accept only totally successful executions (= without warnings) which should help finding regressions. Git-Dch: Ignore
* check lists/ content in tests doing rollbackDavid Kalnischkies2014-10-201-6/+19
| | | | Git-Dch: Ignore
* display errortext for all Err as well as Ign logsDavid Kalnischkies2014-10-071-1/+1
| | | | | | | consistently using Item::Failed in all specializec classes helps setting up some information bits otherwise unset, so some errors had an empty reason as an error. Ign is upgraded to display the error message we ignored to further help in understanding what happens.
* fix test-apt-update-nofallback testMichael Vogt2014-10-011-1/+5
|
* Use Acquire::Allow{InsecureRepositories,DowngradeToInsecureRepositories}Michael Vogt2014-10-011-0/+23
| | | | | | | | | | | The configuration key Acquire::AllowInsecureRepositories controls if apt allows loading of unsigned repositories at all. The configuration Acquire::AllowDowngradeToInsecureRepositories controls if a signed repository can ever become unsigned. This should really never be needed but we provide it to avoid having to mess around in /var/lib/apt/lists if there is a use-case for this (which I can't think of right now).
* Do not allow going from authenticated to unauthenticated repoMichael Vogt2014-09-261-0/+207
Also rework the way we load the Release file, so it only after Release.gpg verified the Release file. The rational is that we never want to load untrusted data into our parsers. Only stuff verified with gpg or by its hashes get loaded. To load untrusted data you now need to use apt-get update --allow-unauthenticated.