blob: 5cdc34fac0630def3ef81f1292a75ae637052e9a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
#!/bin/sh
set -e
TESTDIR=$(readlink -f $(dirname $0))
. $TESTDIR/framework
setupenvironment
configarchitecture 'i386'
insertpackage 'wheezy' 'apt' 'all' '0.8.15'
setupaptarchive --no-update
# we don't complain as the server could have just sent a 'Hit' here and this
# 'downgrade attack' is usually performed by out-of-sync mirrors. Valid-Until
# catches the 'real' downgrade attacks (expect that it finds stale mirrors).
# Scaring users with an error here serves hence no point.
msgmsg 'InRelease file is silently rejected if' 'new Date is before old Date'
rm -rf rootdir/var/lib/apt/lists
generatereleasefiles 'now' 'now + 7 days'
signreleasefiles
testsuccess aptget update
listcurrentlistsdirectory > listsdir.lst
redatereleasefiles 'now - 2 days'
testsuccess aptget update
testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
msgmsg 'Release.gpg file is silently rejected if' 'new Date is before old Date'
rm -rf rootdir/var/lib/apt/lists
generatereleasefiles 'now' 'now + 7 days'
signreleasefiles
find aptarchive -name 'InRelease' -delete
testsuccess aptget update
listcurrentlistsdirectory > listsdir.lst
redatereleasefiles 'now - 2 days'
find aptarchive -name 'InRelease' -delete
testsuccess aptget update
testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
msgmsg 'Crisscross InRelease/Release.gpg file is silently rejected if' 'new Date is before old Date'
rm -rf rootdir/var/lib/apt/lists
generatereleasefiles 'now' 'now + 7 days'
signreleasefiles
find aptarchive -name 'Release.gpg' -delete
testsuccess aptget update
listcurrentlistsdirectory > listsdir.lst
redatereleasefiles 'now - 2 days'
find aptarchive -name 'InRelease' -delete
testsuccess aptget update
testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
msgmsg 'Crisscross Release.gpg/InRelease file is silently rejected if' 'new Date is before old Date'
rm -rf rootdir/var/lib/apt/lists
generatereleasefiles 'now' 'now + 7 days'
signreleasefiles
find aptarchive -name 'InRelease' -delete
testsuccess aptget update
listcurrentlistsdirectory > listsdir.lst
redatereleasefiles 'now - 2 days'
find aptarchive -name 'Release.gpg' -delete
testsuccess aptget update
testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
|