63 lines
3.1 KiB
Bash
Executable file
63 lines
3.1 KiB
Bash
Executable file
#!/bin/sh
|
|
set -e
|
|
|
|
TESTDIR="$(readlink -f "$(dirname "$0")")"
|
|
. "$TESTDIR/framework"
|
|
|
|
setupenvironment
|
|
configarchitecture 'amd64'
|
|
setupaptarchive --no-update
|
|
|
|
rm rootdir/etc/apt/apt.conf.d/signed-by
|
|
testsuccess apt update
|
|
testsuccess apt update --no-download
|
|
|
|
cat > rootdir/var/lib/apt/lists/example.org_debian_dists_bookworm_Release <<EOF
|
|
Origin: Debian
|
|
Label: Debian
|
|
Suite: unreleased
|
|
Codename: bookworm
|
|
Date: Sun, 29 Jan 2023 20:14:10 +0000
|
|
Architectures: amd64
|
|
Components: main contrib non-free non-free-firmware
|
|
Description: Debian x.y Bookworm - Not Released
|
|
EOF
|
|
touch rootdir/var/lib/apt/lists/example.org_debian_dists_bookworm_main_binary-amd64_Packages
|
|
touch rootdir/var/lib/apt/lists/example.org_debian_dists_bookworm_contrib_binary-amd64_Packages
|
|
touch rootdir/var/lib/apt/lists/example.org_debian_dists_bookworm_non-free_binary-amd64_Packages
|
|
touch rootdir/var/lib/apt/lists/example.org_debian_dists_bookworm_non-free-firmware_binary-amd64_Packages
|
|
find rootdir/var/lib/apt/lists/ -type f -exec chmod 644 {} \;
|
|
|
|
BOILERPLATE='Reading package lists...
|
|
Building dependency tree...
|
|
All packages are up to date.'
|
|
|
|
msgmsg 'Suggest Signed-By for deb822 sources.list(5) entries'
|
|
echo 'Types: deb
|
|
URIs: http://example.org/debian
|
|
Suites: bookworm
|
|
Components: main
|
|
' > rootdir/etc/apt/sources.list.d/example.sources
|
|
testsuccessequal "$BOILERPLATE
|
|
N: Missing Signed-By in the sources.list(5) entry for 'http://example.org/debian'" apt update --no-download
|
|
rm rootdir/etc/apt/sources.list.d/example.sources
|
|
|
|
msgmsg 'Detect login info embedded in sources.list'
|
|
echo 'deb http://apt:debian@example.org/debian bookworm main' > rootdir/etc/apt/sources.list.d/example.list
|
|
testsuccessequal "$BOILERPLATE
|
|
N: Usage of apt_auth.conf(5) should be preferred over embedding login information directly in the sources.list(5) entry for 'http://example.org/debian'
|
|
A: The sources.list(5) entry for 'http://example.org/debian' should be upgraded to deb822 .sources
|
|
A: Missing Signed-By in the sources.list(5) entry for 'http://example.org/debian'
|
|
A: Consider migrating all sources.list(5) entries to the deb822 .sources format
|
|
A: The deb822 .sources format supports both embedded as well as external OpenPGP keys
|
|
A: See apt-secure(8) for best practices in configuring repository signing.
|
|
A: Some sources can be modernized. Run 'apt modernize-sources' to do so." apt update --no-download --audit
|
|
echo 'deb tor+https://apt:debian@example.org/debian bookworm main' > rootdir/etc/apt/sources.list.d/example.list
|
|
testsuccessequal "$BOILERPLATE
|
|
N: Usage of apt_auth.conf(5) should be preferred over embedding login information directly in the sources.list(5) entry for 'tor+https://example.org/debian'
|
|
A: The sources.list(5) entry for 'tor+https://example.org/debian' should be upgraded to deb822 .sources
|
|
A: Missing Signed-By in the sources.list(5) entry for 'tor+https://example.org/debian'
|
|
A: Consider migrating all sources.list(5) entries to the deb822 .sources format
|
|
A: The deb822 .sources format supports both embedded as well as external OpenPGP keys
|
|
A: See apt-secure(8) for best practices in configuring repository signing.
|
|
A: Some sources can be modernized. Run 'apt modernize-sources' to do so." apt update --no-download --audit
|