153 lines
4.5 KiB
Bash
Executable file
153 lines
4.5 KiB
Bash
Executable file
#!/bin/sh
|
|
set -e
|
|
|
|
TESTDIR="$(readlink -f "$(dirname "$0")")"
|
|
. "$TESTDIR/framework"
|
|
|
|
setupenvironment
|
|
configarchitecture 'i386'
|
|
|
|
insertpackage 'unstable' 'foo' 'all' '1'
|
|
setupaptarchive --no-update
|
|
|
|
changetohttpswebserver --authorization="$(printf '%s' 'star@irc:hunter2' | base64 )"
|
|
|
|
echo 'See, when YOU type hunter2, it shows to us as *******' > aptarchive/bash
|
|
echo 'Debug::Acquire::netrc "true";' > rootdir/etc/apt/apt.conf.d/netrcdebug.conf
|
|
|
|
testauthfailure() {
|
|
testfailure apthelper download-file "${1}/bash" ./downloaded/bash
|
|
# crappy test, but http and https output are wastely different…
|
|
testsuccess grep 401 rootdir/tmp/testfailure.output
|
|
testfailure test -s ./downloaded/bash
|
|
}
|
|
|
|
testauthsuccess() {
|
|
testsuccess apthelper download-file "${1}/bash" ./downloaded/bash
|
|
testfileequal ./downloaded/bash "$(cat aptarchive/bash)"
|
|
testfilestats ./downloaded/bash '%U:%G:%a' '=' "${TEST_DEFAULT_USER}:${TEST_DEFAULT_GROUP}:644"
|
|
rm -f ./downloaded/bash
|
|
|
|
# lets see if got/retains acceptable permissions
|
|
if [ -n "$AUTHCONF" ]; then
|
|
if [ "$(id -u)" = '0' ]; then
|
|
testfilestats "$AUTHCONF" '%U:%G:%a' '=' "_apt:$(id -gn):600"
|
|
else
|
|
testfilestats "$AUTHCONF" '%U:%G:%a' '=' "${TEST_DEFAULT_USER}:${TEST_DEFAULT_GROUP}:600"
|
|
fi
|
|
fi
|
|
|
|
rm -rf rootdir/var/lib/apt/lists
|
|
if expr index "$1" '@' >/dev/null; then
|
|
testsuccesswithnotice aptget update
|
|
else
|
|
testsuccess aptget update
|
|
fi
|
|
testsuccessequal 'Reading package lists...
|
|
Building dependency tree...
|
|
The following NEW packages will be installed:
|
|
foo
|
|
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
|
|
Inst foo (1 unstable [all])
|
|
Conf foo (1 unstable [all])' aptget install foo -s
|
|
}
|
|
|
|
authfile() {
|
|
local AUTHCONF="${2:-rootdir/etc/apt/auth.conf}"
|
|
mkdir -p "$(dirname "$AUTHCONF")"
|
|
rm -f "$AUTHCONF"
|
|
printf '%s' "$1" > "$AUTHCONF"
|
|
chmod 600 "$AUTHCONF"
|
|
}
|
|
|
|
runtest() {
|
|
# unauthorized fails
|
|
authfile ''
|
|
testauthfailure "$1"
|
|
|
|
protocol="${1%%://*}"
|
|
|
|
# good auth
|
|
authfile "machine ${protocol}://localhost
|
|
login star@irc
|
|
password hunter2"
|
|
testauthsuccess "$1"
|
|
|
|
# bad auth
|
|
authfile "machine ${protocol}://localhost
|
|
login anonymous
|
|
password hunter2"
|
|
testauthfailure "$1"
|
|
|
|
# 2 stanzas: unmatching + good auth
|
|
authfile "machine ${protocol}://debian.org
|
|
login debian
|
|
password jessie
|
|
|
|
machine ${protocol}://localhost
|
|
login star@irc
|
|
password hunter2"
|
|
testauthsuccess "$1"
|
|
|
|
# no protocol specifier
|
|
authfile "machine localhost
|
|
login star@irc
|
|
password hunter2"
|
|
if [ "$protocol" = "https" ]; then
|
|
testauthsuccess "$1"
|
|
else
|
|
testfailure apthelper download-file "${1}/bash" ./downloaded/bash
|
|
testsuccessequal "W: ${1}/bash: ${TMPWORKINGDIRECTORY}/rootdir/etc/apt/auth.conf: Credentials for localhost match, but the protocol is not encrypted. Annotate with http:// to use." grep "Credentials.*match" rootdir/tmp/testfailure.output
|
|
testauthfailure "$1"
|
|
fi
|
|
|
|
# wrong protocol specifier
|
|
if [ "$protocol" = "https" ]; then
|
|
authfile "machine http://localhost
|
|
login star@irc
|
|
password hunter2"
|
|
else
|
|
authfile "machine https://localhost
|
|
login star@irc
|
|
password hunter2"
|
|
fi
|
|
testauthfailure "$1"
|
|
|
|
# delete file, make sure it fails; add auth.conf.d snippet, works again.
|
|
rm rootdir/etc/apt/auth.conf
|
|
testauthfailure "$1"
|
|
|
|
authfile "machine ${protocol}://localhost
|
|
login star@irc
|
|
password hunter2" rootdir/etc/apt/auth.conf.d/myauth.conf
|
|
testauthsuccess "$1"
|
|
rm rootdir/etc/apt/auth.conf.d/myauth.conf
|
|
}
|
|
|
|
msgmsg 'server basic auth'
|
|
rewritesourceslist "http://localhost:${APTHTTPPORT}"
|
|
runtest "http://localhost:${APTHTTPPORT}"
|
|
rewritesourceslist "http://star%40irc:hunter2@localhost:${APTHTTPPORT}"
|
|
authfile ''
|
|
testauthsuccess "http://star%40irc:hunter2@localhost:${APTHTTPPORT}"
|
|
rewritesourceslist "https://localhost:${APTHTTPSPORT}"
|
|
runtest "https://localhost:${APTHTTPSPORT}"
|
|
rewritesourceslist "http://localhost:${APTHTTPPORT}"
|
|
|
|
msgmsg 'proxy to server basic auth'
|
|
webserverconfig 'aptwebserver::request::absolute' 'uri'
|
|
# using ip instead of localhost avoids picking up the auth for the repo
|
|
# for the proxy as well as we serve them both over the same server…
|
|
export http_proxy="http://127.0.0.1:${APTHTTPPORT}"
|
|
runtest "http://localhost:${APTHTTPPORT}"
|
|
unset http_proxy
|
|
|
|
msgmsg 'proxy basic auth to server basic auth'
|
|
webserverconfig 'aptwebserver::proxy-authorization' "$(printf 'moon:deer2' | base64)"
|
|
export http_proxy="http://moon:deer2@localhost:${APTHTTPPORT}"
|
|
runtest "http://localhost:${APTHTTPPORT}"
|
|
|
|
msgmsg 'proxy basic auth to server'
|
|
authfile ''
|
|
webserverconfig 'aptwebserver::authorization' ''
|
|
testauthsuccess "http://localhost:${APTHTTPPORT}"
|