summaryrefslogtreecommitdiff
path: root/test/integration/test-releasefile-valid-until
Commit message (Collapse)AuthorAgeFilesLines
* tests: support spaces in path and TMPDIRDavid Kalnischkies2015-12-191-2/+2
| | | | | | | This doesn't allow all tests to run cleanly, but it at least allows to write tests which could run successfully in such environments. Git-Dch: Ignore
* add sources.list Check-Valid-Until and Valid-Until-{Max,Min} optionsDavid Kalnischkies2015-08-101-0/+9
| | | | | | | | | | | | | | | | | | These options could be set via configuration before, but the connection to the actual sources is so strong that they should really be set in the sources.list instead – especially as this can be done a lot more specific rather than e.g. disabling Valid-Until for all sources at once. Valid-Until-* names are chosen instead of the Min/Max-ValidTime as this seems like a better name and their use in the wild is probably low enough that this isn't going to confuse anyone if we have to names for the same thing in different areas. In the longrun, the config options should be removed, but for now documentation hinting at the new options is good enough as these are the kind of options you set once across many systems with different apt versions, so the new way should work everywhere first before we deprecate the old way.
* treat older Release files than we already have as an IMSHitDavid Kalnischkies2015-05-181-19/+18
| | | | | | | | | | | | | | | | | | | | | Valid-Until protects us from long-living downgrade attacks, but not all repositories have it and an attacker could still use older but still valid files to downgrade us. While this makes it sounds like a security improvement now, its a bit theoretical at best as an attacker with capabilities to pull this off could just as well always keep us days (but in the valid period) behind and always knows which state we have, as we tell him with the If-Modified-Since header. This is also why this is 'silently' ignored and treated as an IMSHit rather than screamed at the user as this can at best be an annoyance for attackers. An error here would 'regularily' be encountered by users by out-of-sync mirrors serving a single run (e.g. load balancer) or in two consecutive runs on the other hand, so it would just help teaching people ignore it. That said, most of the code churn is caused by enforcing this additional requirement. Crisscross from InRelease to Release.gpg is e.g. very unlikely in practice, but if we would ignore it an attacker could sidestep it this way.
* check for failure message in testsuccess/failureDavid Kalnischkies2014-10-201-73/+27
| | | | | | | | These functions check the exit code of the command, but for apt commands we can go further and require an error message for non-zero exits and none for zero exits. Git-Dch: Ignore
* add chronic-like testsuccess/testfailure helpersDavid Kalnischkies2013-08-121-16/+16
| | | | | | | | | | For many commands the output isn't stable (like then dpkg is called) but the exitcode is, so this helper enhances the common && msgpass || msgfail by generating automatically a msgtest and showing the output of the command in case of failure instead of discarding it unconditionally, the later being chronic-like behaviour Git-Dch: Ignore
* fix bashism (local outside function) and releasefile creation in testcasesDavid Kalnischkies2011-09-091-0/+5
|
* - add an Acquire::Min-ValidTime option (Closes: #640122)David Kalnischkies2011-09-051-0/+24
| | | | | * doc/apt.conf.5.xml: - reword Acquire::Max-ValidTime documentation to make clear that it doesn't provide the new Min-ValidTime functionality
* * apt-pkg/indexrecords.cc:David Kalnischkies2011-09-051-0/+66
- fix Acquire::Max-ValidTime option by interpreting it really as seconds as specified in the manpage and not as days