blob: ee8bc69264c9f3a7447151f58764bf64728fa2c5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
|
#!/bin/sh
#
# test that apt-get update is transactional
#
set -e
avoid_ims_hit() {
touch -d '+1hour' aptarchive/dists/unstable/main/binary-i386/Packages*
touch -d '+1hour' aptarchive/dists/unstable/main/source/Sources*
touch -d '+1hour' aptarchive/dists/unstable/*Release*
touch -d '-1hour' rootdir/var/lib/apt/lists/*
}
create_fresh_archive()
{
rm -rf aptarchive/*
rm -f rootdir/var/lib/apt/lists/_* rootdir/var/lib/apt/lists/partial/*
insertpackage 'unstable' 'old' 'all' '1.0'
setupaptarchive
}
add_new_package() {
insertpackage "unstable" "new" "all" "1.0"
insertsource "unstable" "new" "all" "1.0"
setupaptarchive --no-update
avoid_ims_hit
}
break_repository_sources_index() {
printf "xxx" > $APTARCHIVE/dists/unstable/main/source/Sources
gzip -c $APTARCHIVE/dists/unstable/main/source/Sources > \
$APTARCHIVE/dists/unstable/main/source/Sources.gz
avoid_ims_hit
}
test_inrelease_to_new_inrelease() {
msgmsg "Test InRelease to new InRelease works fine"
create_fresh_archive
testequal "old/unstable 1.0 all" apt list -q
add_new_package
testsuccess aptget update -o Debug::Acquire::Transaction=1
testequal "new/unstable 1.0 all
old/unstable 1.0 all" apt list -q
}
test_inrelease_to_broken_hash_reverts_all() {
msgmsg "Test InRelease to broken InRelease reverts everything"
create_fresh_archive
add_new_package
# break the Sources file
break_repository_sources_index
# test the error condition
testequal "W: Failed to fetch file:${APTARCHIVE}/dists/unstable/main/source/Sources Hash Sum mismatch
E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq
# ensure that the Packages file is also rolled back
testequal "E: Unable to locate package new" aptget install new -s -qq
}
test_inreleae_to_valid_release() {
msgmsg "Test InRelease to valid Release"
create_fresh_archive
add_new_package
# switch to a unsinged repo now
rm $APTARCHIVE/dists/unstable/InRelease
rm $APTARCHIVE/dists/unstable/Release.gpg
avoid_ims_hit
# update fails
testequal "E: The repository 'file: unstable Release.gpg' is no longer signed." aptget update -qq
# test that we can install the new packages but do no longer have a sig
testsuccess aptget install old -s
testfailure aptget install new -s
testsuccess ls $ROOTDIR/var/lib/apt/lists/*_InRelease
testfailure ls $ROOTDIR/var/lib/apt/lists/*_Release
}
test_inreleae_to_release_reverts_all() {
msgmsg "Test InRelease to broken Release reverts everything"
create_fresh_archive
# switch to a unsinged repo now
add_new_package
rm $APTARCHIVE/dists/unstable/InRelease
rm $APTARCHIVE/dists/unstable/Release.gpg
# break it
break_repository_sources_index
# ensure error
testequal "E: The repository 'file: unstable Release.gpg' is no longer signed." aptget update -qq # -o Debug::acquire::transaction=1
# ensure that the Packages file is also rolled back
testsuccess aptget install old -s
testfailure aptget install new -s
testsuccess ls $ROOTDIR/var/lib/apt/lists/*_InRelease
testfailure ls $ROOTDIR/var/lib/apt/lists/*_Release
}
test_unauthenticated_to_invalid_inrelease() {
msgmsg "Test UnAuthenticated to invalid InRelease reverts everything"
create_fresh_archive
rm -rf rootdir/var/lib/apt/lists/*
rm $APTARCHIVE/dists/unstable/InRelease
rm $APTARCHIVE/dists/unstable/Release.gpg
avoid_ims_hit
testsuccess aptget update -qq --allow-insecure-repositories
testequal "WARNING: The following packages cannot be authenticated!
old
E: There are problems and -y was used without --force-yes" aptget install -qq -y old
# go to authenticated but not correct
add_new_package
break_repository_sources_index
testequal "W: Failed to fetch file:$APTARCHIVE/dists/unstable/main/source/Sources Hash Sum mismatch
E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq
testfailure ls rootdir/var/lib/apt/lists/*_InRelease
testequal "WARNING: The following packages cannot be authenticated!
old
E: There are problems and -y was used without --force-yes" aptget install -qq -y old
}
test_inrelease_to_unauth_inrelease() {
msgmsg "Test InRelease to InRelease without sig"
create_fresh_archive
signreleasefiles 'Marvin Paranoid'
avoid_ims_hit
testequal "W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: file: unstable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E8525D47528144E2
W: Failed to fetch file:$APTARCHIVE/dists/unstable/InRelease
W: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq
testsuccess ls rootdir/var/lib/apt/lists/*_InRelease
}
test_inrelease_to_broken_gzip() {
msgmsg "Test InRelease to broken gzip"
create_fresh_archive
# append junk at the end of the gzip, this
echo "lala" >> $APTARCHIVE/dists/unstable/main/source/Sources.gz
# remove uncompressed file, otherwise apt will just fallback fetching
# that
rm $APTARCHIVE/dists/unstable/main/source/Sources
avoid_ims_hit
testfailure aptget update
}
TESTDIR=$(readlink -f $(dirname $0))
. $TESTDIR/framework
setupenvironment
configarchitecture "i386"
# setup the archive and ensure we have a single package that installs fine
setupaptarchive
APTARCHIVE=$(readlink -f ./aptarchive)
ROOTDIR=${TMPWORKINGDIRECTORY}/rootdir
APTARCHIVE_LISTS="$(echo $APTARCHIVE | tr "/" "_" )"
# test the following cases:
# - InRelease -> broken InRelease revert to previous state
# - empty lists dir and broken remote leaves nothing on the system
# - InRelease -> hashsum mismatch for one file reverts all files to previous state
# - Release/Release.gpg -> hashsum mismatch
# - InRelease -> Release with hashsum mismatch revert entire state and kills Release
# - Release -> InRelease with broken Sig/Hash removes InRelease
# going from Release/Release.gpg -> InRelease and vice versa
# - unauthenticated -> invalid InRelease
# stuff to do:
# - ims-hit
# - gzip-index tests
test_inrelease_to_new_inrelease
test_inrelease_to_broken_hash_reverts_all
test_inreleae_to_valid_release
test_inreleae_to_release_reverts_all
test_unauthenticated_to_invalid_inrelease
test_inrelease_to_unauth_inrelease
test_inrelease_to_broken_gzip
|