summaryrefslogtreecommitdiff
path: root/test/integration/test-cve-2013-1051-InRelease-parsing
Commit message (Collapse)AuthorAgeFilesLines
* Fail instead of warn for unsigned lines in InReleaseDavid Kalnischkies2019-01-231-2/+5
| | | | | | | | | | | | The warnings were introduced 2 years ago without any reports from the wild about them actually appearing for anyone, so now seems to be an as good time as any to switch them to errors. This allows rewritting the code by failing earlier instead of trying to keep going which makes the diff a bit hard to follow but should help simplifying reasoning about it. References: 6376dfb8dfb99b9d182c2fb13aa34b2ac89805e3
* warn if clearsigned file has ignored content partsDavid Kalnischkies2016-12-311-2/+4
| | | | | | | | | | | | | Clearsigned files like InRelease, .dsc, .changes and co can potentially include unsigned or additional messages blocks ignored by gpg in verification, but a potential source of trouble in our own parsing attempts – and an unneeded risk as the usecases for the clearsigned files we deal with do not reasonably include unsigned parts (like emails or some such). This commit changes the silent ignoring to warnings for now to get an impression on how widespread unintended unsigned parts are, but eventually we want to turn these into hard errors.
* tests: support spaces in path and TMPDIRDavid Kalnischkies2015-12-191-2/+2
| | | | | | | This doesn't allow all tests to run cleanly, but it at least allows to write tests which could run successfully in such environments. Git-Dch: Ignore
* tests: use quiet level 0 by default in testsDavid Kalnischkies2015-11-191-1/+1
| | | | Git-Dch: Ignore
* support arch:all data e.g. in separate Packages fileDavid Kalnischkies2015-11-041-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Based on a discussion with Niels Thykier who asked for Contents-all this implements apt trying for all architecture dependent files to get a file for the architecture all, which is treated internally now as an official architecture which is always around (like native). This way arch:all data can be shared instead of duplicated for each architecture requiring the user to download the same information again and again. There is one problem however: In Debian there is already a binary-all/ Packages file, but the binary-any files still include arch:all packages, so that downloading this file now would be a waste of time, bandwidth and diskspace. We therefore need a way to decide if it makes sense to download the all file for Packages in Debian or not. The obvious answer would be a special flag in the Release file indicating this, which would need to default to 'no' and every reasonable repository would override it to 'yes' in a few years time, but the flag would be there "forever". Looking closer at a Release file we see the field "Architectures", which doesn't include 'all' at the moment. With the idea outlined above that 'all' is a "proper" architecture now, we interpret this field as being authoritative in declaring which architectures are supported by this repository. If it says 'all', apt will try to get all, if not it will be skipped. This gives us another interesting feature: If I configure a source to download armel and mips, but it declares it supports only armel apt will now print a notice saying as much. Previously this was a very cryptic failure. If on the other hand the repository supports mips, too, but for some reason doesn't ship mips packages at the moment, this 'missing' file is silently ignored (= that is the same as the repository including an empty file). The Architectures field isn't mandatory through, so if it isn't there, we assume that every architecture is supported by this repository, which skips the arch:all if not listed in the release file.
* tests: don't use hardcoded port for http and httpsDavid Kalnischkies2015-09-151-2/+2
| | | | | | This allows running tests in parallel. Git-Dch: Ignore
* Fix test case breakage from the new policy implementationJulian Andres Klode2015-08-101-2/+2
| | | | Everything's working now.
* show URI.Path in all acquire item descriptionsDavid Kalnischkies2015-06-111-1/+1
| | | | | | | | | | | | | | It is a rather strange sight that index items use SiteOnly which strips the Path, while e.g. deb files are downloaded with NoUserPassword which does not. Important to note here is that for the file transport Path is pretty important as there is no Host which would be displayed by Site, which always resulted in "interesting" unspecific errors for "file:". Adding a 'middle' ground between the two which does show the Path but potentially modifies it (it strips a pending / at the end if existing) solves this "file:" issue, syncs the output and in the end helps to identify which file is meant exactly in progress output and co as a single site can have multiple repositories in different paths.
* do not request files if we expect an IMS hitDavid Kalnischkies2015-06-091-4/+9
| | | | | | | | | | If we have a file on disk and the hashes are the same in the new Release file and the old one we have on disk we know that if we ask the server for the file, we will at best get an IMS hit – at worse the server doesn't support this and sends us the (unchanged) file and we have to run all our checks on it again for nothing. So, we can save ourselves (and the servers) some unneeded requests if we figure this out on our own.
* test exitcode as well as string equalityDavid Kalnischkies2015-03-161-4/+4
| | | | | | | | We use test{success,failure} now all over the place in the framework, so its only consequencial to do this in the situations in which we test for a specific output as well. Git-Dch: Ignore
* fix test-cve-2013-1051-InRelease-parsing (fails now in the method)Michael Vogt2014-10-071-1/+1
|
* add chronic-like testsuccess/testfailure helpersDavid Kalnischkies2013-08-121-1/+1
| | | | | | | | | | For many commands the output isn't stable (like then dpkg is called) but the exitcode is, so this helper enhances the common && msgpass || msgfail by generating automatically a msgtest and showing the output of the command in case of failure instead of discarding it unconditionally, the later being chronic-like behaviour Git-Dch: Ignore
* simple fork and pidfile aptwebserverDavid Kalnischkies2013-06-241-1/+1
| | | | | | | | | | | Forking only after being ready to accept clients avoids running races with the tests which sometimes failed on the first 'apt-get update' (or similar) with the previous background-start and hope for the best… The commit fixes also some oversight output-order changes in regards to Description-md5 and (I-M-S) race conditions in various tests. Git-Dch: Ignore
* tests: add expected port for cve-2013-105 testcaseDavid Kalnischkies2013-06-091-1/+1
| | | | Git-Dch: Ignore
* rename testcase to mention CVE number, make the code more consistent withDavid Kalnischkies2013-03-181-0/+61
the rest and add some more tests (by fixing commented ones)