#!/bin/sh
set -e

TESTDIR="$(readlink -f "$(dirname "$0")")"
. "$TESTDIR/framework"

setupenvironment
configarchitecture 'amd64'
setupaptarchive --no-update

rm rootdir/etc/apt/apt.conf.d/signed-by
testsuccess apt update
testsuccess apt update --no-download

cat > rootdir/var/lib/apt/lists/example.org_debian_dists_bookworm_Release <<EOF
Origin: Debian
Label: Debian
Suite: unreleased
Codename: bookworm
Date: Sun, 29 Jan 2023 20:14:10 +0000
Architectures: amd64
Components: main contrib non-free non-free-firmware
Description: Debian x.y Bookworm - Not Released
EOF
touch rootdir/var/lib/apt/lists/example.org_debian_dists_bookworm_main_binary-amd64_Packages
touch rootdir/var/lib/apt/lists/example.org_debian_dists_bookworm_contrib_binary-amd64_Packages
touch rootdir/var/lib/apt/lists/example.org_debian_dists_bookworm_non-free_binary-amd64_Packages
touch rootdir/var/lib/apt/lists/example.org_debian_dists_bookworm_non-free-firmware_binary-amd64_Packages
find rootdir/var/lib/apt/lists/ -type f -exec chmod 644 {} \;

BOILERPLATE='Reading package lists...
Building dependency tree...
All packages are up to date.'

msgmsg 'Suggest Signed-By for deb822 sources.list(5) entries'
echo 'Types: deb
URIs: http://example.org/debian
Suites: bookworm
Components: main
' > rootdir/etc/apt/sources.list.d/example.sources
testsuccessequal "$BOILERPLATE
N: Missing Signed-By in the sources.list(5) entry for 'http://example.org/debian'" apt update --no-download
rm rootdir/etc/apt/sources.list.d/example.sources

msgmsg 'Detect login info embedded in sources.list'
echo 'deb http://apt:debian@example.org/debian bookworm main' > rootdir/etc/apt/sources.list.d/example.list
testsuccessequal "$BOILERPLATE
N: Usage of apt_auth.conf(5) should be preferred over embedding login information directly in the sources.list(5) entry for 'http://example.org/debian'
A: The sources.list(5) entry for 'http://example.org/debian' should be upgraded to deb822 .sources
A: Missing Signed-By in the sources.list(5) entry for 'http://example.org/debian'
A: Consider migrating all sources.list(5) entries to the deb822 .sources format
A: The deb822 .sources format supports both embedded as well as external OpenPGP keys
A: See apt-secure(8) for best practices in configuring repository signing.
A: Some sources can be modernized. Run 'apt modernize-sources' to do so." apt update --no-download --audit
echo 'deb tor+https://apt:debian@example.org/debian bookworm main' > rootdir/etc/apt/sources.list.d/example.list
testsuccessequal "$BOILERPLATE
N: Usage of apt_auth.conf(5) should be preferred over embedding login information directly in the sources.list(5) entry for 'tor+https://example.org/debian'
A: The sources.list(5) entry for 'tor+https://example.org/debian' should be upgraded to deb822 .sources
A: Missing Signed-By in the sources.list(5) entry for 'tor+https://example.org/debian'
A: Consider migrating all sources.list(5) entries to the deb822 .sources format
A: The deb822 .sources format supports both embedded as well as external OpenPGP keys
A: See apt-secure(8) for best practices in configuring repository signing.
A: Some sources can be modernized. Run 'apt modernize-sources' to do so." apt update --no-download --audit