summaryrefslogtreecommitdiff
path: root/test
Commit message (Collapse)AuthorAgeFilesLines
* Merge remote-tracking branch 'upstream/debian/experimental' into ↵Michael Vogt2014-11-0628-175/+615
|\ | | | | | | | | | | | | feature/no-more-acquire-guessing Conflicts: apt-pkg/acquire-item.cc
| * test/integration/test-apt-update-filesize-mismatch: use "basename file ↵Michael Vogt2014-11-041-1/+1
| | | | | | | | suffix" instead of -s for compatibility with older systems
| * tests: enhance output of grep and test failsDavid Kalnischkies2014-10-266-42/+64
| | | | | | | | Git-Dch: Ignore
| * rewrite ReadMessages()David Kalnischkies2014-10-261-0/+70
| | | | | | | | | | | | | | | | | | | | | | | | | | Central methods of our infrastructure like this one responsible for communication with our methods shouldn't be more complicated then they have to and not claim to have (albeit unlikely) bugs. While I am not sure about having improved the first part, the bug is now gone and a few explicit tests check that it stays that way, so nobody will notice the difference (hopefully) – expect that this should a very tiny bit faster as well as we don't manually proceed through the string. Git-Dch: Ignore
| * promote filesize to a hashstringDavid Kalnischkies2014-10-245-8/+127
| | | | | | | | | | | | | | | | | | It is a very simple hashstring, which is why it isn't contributing to the usability of a list of them, but it is also trivial to check and calculate, so it doesn't hurt checking it either as it can combined even with the simplest other hashes greatly complicate attacks on them as you suddenly need a same-size hash collision, which is usually a lot harder to achieve.
| * tests: support 'installed' release in insertpackageDavid Kalnischkies2014-10-236-45/+39
| | | | | | | | | | | | | | | | | | | | It is sometimes handy to have an installed package also in the archive, but this was until now harder than it should as you had to duplicate the lines, which is especially dangerous while writing the tests as it easily happens that these two lines divert and so the same-but-different version detection kicks in. Git-Dch: Ignore
| * switch tests to Translation-en usageDavid Kalnischkies2014-10-231-4/+10
| | | | | | | | | | | | | | | | We can use either and some tests exercise this, but the default should be what we want to use and that is a split out long description file which is properly mentioned in the Release file. Git-Dch: Ignore
| * add test for Basic Authentication schemeDavid Kalnischkies2014-10-235-16/+219
| | | | | | | | Git-Dch: Ignore
| * chown finished partial files earlierDavid Kalnischkies2014-10-2313-68/+104
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | partial files are chowned by the Item baseclass to let the methods work with them. Now, this baseclass is also responsible for chowning the files back to root instead of having various deeper levels do this. The consequence is that all overloaded Failed() methods now call the Item::Failed base as their first step. The same is done for Done(). The effect is that even in partial files usually don't belong to _apt anymore, helping sneakernets and reducing possibilities of a bad method modifying files not belonging to them. The change is supported by the framework not only supporting being run as root, but with proper permission management, too, so that privilege dropping can be tested with them.
* | test/integration/test-bug-624218-Translation-file-handling: clarify when ↵Michael Vogt2014-11-051-1/+2
| | | | | | | | Translation-* is guessed
* | Only support Translation-* that are listed in the {In,}Release fileMichael Vogt2014-10-292-19/+2
|/ | | | | | | | Handle Translation-* files exactly like Packages files (with the expection that it is ok if a download of them fails). Remove all "guessing" on apts side. This will elimimnate a bunch of errors releated to captive portals and similar. Its also more correct and removes another potential attack vector.
* test if TMPDIR is accessible before usingDavid Kalnischkies2014-10-203-2/+14
| | | | | | | | | | Private temporary directories as created by e.g. libpam-tmpdir are nice, but they are also very effective in preventing our priviledge dropping to work as TMPDIR will be set to a directory only root has access to, so working with it as _apt will fail. We circumvent this by extending our check for a usable TMPDIR setting by checking access rights. Closes: 765951
* testcases: do not allow warnings in testsuccessDavid Kalnischkies2014-10-2012-28/+60
| | | | | | | | | | Adds a new testwarning which tests for zero exit and the presents of a warning in the output, failing if either is not the case or if an error is found, too. This allows us to change testsuccess to accept only totally successful executions (= without warnings) which should help finding regressions. Git-Dch: Ignore
* check for failure message in testsuccess/failureDavid Kalnischkies2014-10-208-91/+65
| | | | | | | | These functions check the exit code of the command, but for apt commands we can go further and require an error message for non-zero exits and none for zero exits. Git-Dch: Ignore
* check lists/ content in tests doing rollbackDavid Kalnischkies2014-10-209-53/+75
| | | | Git-Dch: Ignore
* autorun permission tests for all apt-get update callsDavid Kalnischkies2014-10-204-16/+41
| | | | | | | | Adds some infrastructure to run tests automatically for certain commands. The first command being 'apt-get update' (and 'apt update') which check for correct permission and owner of the files in lists/. Git-Dch: Ignore
* aborted reverify restores file owner and permissionDavid Kalnischkies2014-10-202-30/+89
| | | | | | | | | | If we get an IMS hit for an InRelease file we use the file we already have and pass it into reverification, but this changes the permissions and on abort of the transaction they weren't switched back. This is now done, additionally, every file in partial which hasn't failed gets permission and owner changed for root access as well, as it is very well possible that the next invocation will (re)use these files.
* reenable support for -s (and co) in apt-get sourceDavid Kalnischkies2014-10-201-0/+4
| | | | | | | | The conversion to accept only relevant options for commands has forgotten another one, so adding it again even through the usecase might very well be equally good served by --print-uris. Closes: 742578
* ignore Acquire::GzipIndexes for cdrom sourcesDavid Kalnischkies2014-10-151-10/+25
| | | | | | We do not support compressed indexes for cdrom sources as we rewrite some of them, so supporting it correctly could be hard. What we do instead in the meantime is probably disabling it for cdrom sources.
* Merge branch 'debian/sid' into debian/experimentalDavid Kalnischkies2014-10-151-6/+43
|\ | | | | | | | | | | | | | | The acquire code changed completely, so this is more an import of the testcase and a new fix than the merge of an existent fix. Conflicts: apt-pkg/acquire-item.cc
| * don't cleanup cdrom files in apt-get updateDavid Kalnischkies2014-10-151-6/+43
| | | | | | | | | | | | | | | | | | | | Regression from merging 801745284905e7962aa77a9f37a6b4e7fcdc19d0 and b0f4b486e6850c5f98520ccf19da71d0ed748ae4. While fine by itself, merged the part fixing the filename is skipped if a cdrom source is encountered, so that our list-cleanup removes what seems to be orphaned files. Closes: 765458
* | testcases runable as rootDavid Kalnischkies2014-10-157-18/+61
| | | | | | | | | | | | | | Running the testcases is usually not a good idea, but it can be handy to check if the privilege dropping works. Git-Dch: Ignore
* | Add new configallowinsecurerepositories to the test frameworkMichael Vogt2014-10-142-0/+11
| | | | | | | | | | | | | | Add a new configallowinsecurerepositories that controls the value of Acquire::AllowInsecureRepositories for the tests. Set it to "false" for most of the testsuite and only enable it where its really needed. We want to switch the default for this post-jessie.
* | Merge branch 'debian/sid' into debian/experimentalMichael Vogt2014-10-142-52/+63
|\|
| * implement the updated build profile specjosch2014-10-062-52/+63
| |
* | do not load filesize in pkgAcqIndexTrans explicitlyDavid Kalnischkies2014-10-132-4/+5
| | | | | | | | | | | | | | | | The constructor is calling the baseclass pkgAcqIndex which does this already – and also does it correctly for compressed files which would overwise lead to the size of uncompressed files to be expected. Git-Dch: Ignore
* | fix compile and tests errorDavid Kalnischkies2014-10-136-8/+33
| | | | | | | | | | | | I am pretty sure I did that before committing broken stuff… Git-Dch: Ignore
* | trusted=yes sources are secure, we just don't know whyDavid Kalnischkies2014-10-132-3/+174
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Do not require a special flag to be present to update trusted=yes sources as this flag in the sources.list is obviously special enough. Note that this is just disabling the error message, the user will still be warned about all the (possible) failures the repository generated, it is just triggering the acceptance of the warnings on a source-by-source level. Similarily, the trusted=no flag doesn't require the user to pass additional flags to update, if the repository looks fine in the view of apt it will update just fine. The unauthenticated warnings will "just" be presented then the data is used. In case you wonder: Both was the behavior in previous versions, too.
* | Merge remote-tracking branch 'donkult/feature/acq-trans' into ↵Michael Vogt2014-10-082-9/+20
|\ \ | | | | | | | | | feature/expected-size
| * | fix http-pipeline-messup testcaseDavid Kalnischkies2014-10-081-8/+12
| | | | | | | | | | | | | | | | | | | | | The test generates failures if the created deb files have the same size, so we try a little harder to avoid having the same size for them. Git-Dch: Ignore
| * | do not show IP in output of testcasesDavid Kalnischkies2014-10-071-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | On travis-ci connect.cc detects a rotation, triggering it store the IP which is later appended to the error message, which is all nice and great if we deal with a real server, but in the testcases it just triggers failures as strings do not match. Git-Dch: Ignore
| * | don't show ErrorText for Ign by defaultDavid Kalnischkies2014-10-071-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | Some distributions (or repositories) do not have as much "Ign-discipline" as I would like to, so that could be pretty distracting for our users if enabled by default. It is handy for testcases though. Git-Dch: Ignore
* | | Send "Fail-Reason: MaximumSizeExceeded" from the methodMichael Vogt2014-10-071-1/+4
| | | | | | | | | | | | | | | Communicate the fail reason from the methods to the parent and Rename() failed files.
* | | Add new Acquire::MaxReleaseFileSize=10*1000*1000 optionMichael Vogt2014-10-071-3/+10
| | | | | | | | | | | | | | | | | | | | | | | | This option controls the maximum size of Release/Release.gpg/InRelease files. The rational is that we do not know the size of these files in advance and we want to protect against a denial of service attack where someone sends us endless amounts of data until the disk is full (we do know the size all other files (Packages/Sources/debs)).
* | | Merge branch 'feature/acq-trans' into feature/expected-sizeMichael Vogt2014-10-0724-41/+711
|\| |
| * | Merge remote-tracking branch 'upstream/debian/experimental' into ↵Michael Vogt2014-10-074-9/+55
| |\ \ | | | | | | | | | | | | | | | | | | | | | | | | feature/acq-trans Conflicts: apt-pkg/acquire-item.cc
| * | | display errortext for all Err as well as Ign logsDavid Kalnischkies2014-10-076-60/+70
| | | | | | | | | | | | | | | | | | | | | | | | | | | | consistently using Item::Failed in all specializec classes helps setting up some information bits otherwise unset, so some errors had an empty reason as an error. Ign is upgraded to display the error message we ignored to further help in understanding what happens.
| * | | use _apt:root only for partial directoriesDavid Kalnischkies2014-10-073-14/+44
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Using a different user for calling methods is intended to protect us from methods running amok (via remotely exploited bugs) by limiting what can be done by them. By using root:root for the final directories and just have the files in partial writeable by the methods we enhance this in sofar as a method can't modify already verified data in its parent directory anymore. As a side effect, this also clears most of the problems you could have if the final directories are shared without user-sharing or if these directories disappear as they are now again root owned and only the partial directories contain _apt owned files (usually none if apt isn't running) and the directory itself is autocreated with the right permissions.
| * | | ensure partial dirs are 0700 and owned by _apt:rootDavid Kalnischkies2014-10-071-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Reworks the API involved in creating and setting up the fetcher to be a bit more pleasent to look at and work with as e.g. an empty string for no lock isn't very nice. With the lock we can also stop creating all our partial directories "just in case". This way we can also be a bit more aggressive with the partial directory itself as with a lock, we know we will gone need it.
| * | | fix testMichael Vogt2014-10-061-2/+1
| | | |
| * | | cleanup pkgAcq*::Failed()Michael Vogt2014-10-061-1/+1
| | | |
| * | | Rework pkgAcqMeta{Index,Sig,ClearSig}::Done() for readabilityMichael Vogt2014-10-061-4/+22
| | | | | | | | | | | | | | | | | | | | | | | | Move common code out but do not use subclassing for ::Done to make it easier to understand what each class is doing when its done
| * | | update testMichael Vogt2014-10-061-3/+7
| | | |
| * | | cleanup around pkgAcqMetaSig and improved testsMichael Vogt2014-10-021-5/+29
| | | |
| * | | donkults fixesMichael Vogt2014-10-021-1/+1
| | | |
| * | | fix leftover files from Acquire::GzipIndexMichael Vogt2014-10-011-7/+22
| | | |
| * | | hack around test-apt-update-unauth failureMichael Vogt2014-10-011-6/+15
| | | |
| * | | fix test-apt-update-nofallback testMichael Vogt2014-10-011-1/+5
| | | |
| * | | update test/integration/test-releasefile-verificationMichael Vogt2014-10-011-1/+12
| | | |
| * | | Use Acquire::Allow{InsecureRepositories,DowngradeToInsecureRepositories}Michael Vogt2014-10-0111-12/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The configuration key Acquire::AllowInsecureRepositories controls if apt allows loading of unsigned repositories at all. The configuration Acquire::AllowDowngradeToInsecureRepositories controls if a signed repository can ever become unsigned. This should really never be needed but we provide it to avoid having to mess around in /var/lib/apt/lists if there is a use-case for this (which I can't think of right now).