horok/apt
1
0
Fork 0
Code Activity
apt/test/integration/test-signed-by-option
Daniel Baumann 6810ba718b
Adding upstream version 3.0.2. 
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
2025-06-20 21:10:43 +02:00

122 lines
4.9 KiB
Bash
Executable file
Raw Permalink Blame History

#!/bin/sh
set -e
TESTDIR="$(readlink -f "$(dirname "$0")")"
. "$TESTDIR/framework"
setupenvironment
configarchitecture 'amd64'
export TMPDIR="${TMPWORKINGDIRECTORY}/tmp"
mkdir "${TMPDIR}"
msgtest 'Check that a repository with' 'signed-by and two components works'
echo 'deb [signed-by=CDE5618B8805FD6E202CE9C2D73C39E56580B386] https://people.debian.org/~jak/debian/ stable main contrib # Äffchen' > rootdir/etc/apt/sources.list
testsuccess --nomsg aptcache policy
msgtest 'Check that a repository with' 'two fingerprints work'
echo 'deb [signed-by=CDE5618B8805FD6E202CE9C2D73C39E56580B386,AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] https://people.debian.org/~jak/debian/ stable main contrib # Äffchen' > rootdir/etc/apt/sources.list
testsuccess --nomsg aptcache policy
msgtest 'Check that a repository with' 'exact fingerprint works'
echo 'deb [signed-by=CDE5618B8805FD6E202CE9C2D73C39E56580B386!] https://people.debian.org/~jak/debian/ stable main contrib # Äffchen' > rootdir/etc/apt/sources.list
testsuccess --nomsg aptcache policy
msgtest 'Check that a repository with' 'whitespaced fingerprints work'
echo 'deb [signed-by=CDE5618B8805FD6E202CE9C2D73C39E56580B386!,,,,AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] https://people.debian.org/~jak/debian/ stable main contrib # Äffchen' > rootdir/etc/apt/sources.list
cat > rootdir/etc/apt/sources.list.d/people.sources <<EOF
Types: deb
URIs: mirror+file:/var/lib/apt/mirror.lst
Suites: stable testing
Components: main contrib
Architectures: amd64 i386
Signed-By: CDE5618B8805FD6E202CE9C2D73C39E56580B386! AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
, , BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
EOF
testsuccess --nomsg aptcache policy
buildsimplenativepackage "coolstuff" "all" "1.0" "stable"
setupaptarchive --no-update
rm -f rootdir/etc/apt/sources.list.d/* rootdir/etc/apt/sources.list
rm -f rootdir/etc/apt/trusted.gpg.d/* rootdir/etc/apt/trusted.gpg
GPGKEYBLOCK='-----BEGIN PGP PUBLIC KEY BLOCK-----
.
mQENBExsGNYBCADNVx+TQ6h1tEyUP11f7ihfta3ZePkW1rIdkdHgA3Fw/TeLnTEq
mWuhMw2pL4zy1vQhU8efNrRaNUrUS7kV3LIdSjd5K4Aizqtsdy/gLKFoTcO8LFIm
KAXPg5hZBZ1B1HWvw7Npe4nkIj0Ar+bUyMfyCBUeqoaNeIy31a4IiNo8LdD73DOh
4APKcp+pXh2s2DOmWOnTI8Z+WZ9W2ZurtdZl8g04hszGatwVKrNc6p5wK0wAvJ+X
M0HaIVt/+90GVLCMb/Gjf66At73BS19BdRDPi54PPK5N+Q9HZAYq0zPPNySB3l4A
vGjZtCqljkSqiaL1C0ZKf8c5ey/FoAviyS7TABEBAAG0M0pvZSBTaXhwYWNrIChB
UFQgVGVzdGNhc2VzIER1bW15KSA8am9lQGV4YW1wbGUub3JnPokBNwQTAQoAIQIb
AwIeAQIXgAUCV7L5PQULCQgHAwUVCgkICwUWAgMBAAAKCRBakNFB26yNri5RB/sF
xRzAFAwwp6TQNeZk3L2zsHD2ZPKaoWzi1l+nD4grfP1enuAnwcLR3HG4zouN3nCg
M0PgZEUo2yOAnKK4D5XWkcZjhcoCj133bTW807e+aM6d08ns+piIGJ8VdUVYlNZ2
Tnr8eunkUQVkWQGjtHicIJFtjbokIKXzlJtVSklF/kDQ+v93kyj1SNM7Tm57Q01i
ZtB2jCXNYvqdlHaZw1oXdVd1R6u0+SSb4wtjHuTeYG76JaCnWKBnvexWhIEN1MxK
xNHhRHzEPTYZ4PCCyaRX4YRAwsEMFsscsghpQgqRDhGSWq+jUVI+Aay7FTnd+1UA
1snsGpB0o9qxx8JpGMXI
=c/k4
-----END PGP PUBLIC KEY BLOCK-----'
cat > rootdir/etc/apt/sources.list.d/deb822.sources << EOF
Types: deb
URIs: file://$PWD/aptarchive
Suites: stable
Components: main
xSigned-By:
$GPGKEYBLOCK
EOF
testfailure apt update -o Debug::Acquire::gpgv=1
testsuccess grep -E "(NO_PUBKEY 5A90D141DBAC8DAE|no keyring is specified)" rootdir/tmp/testfailure.output
sed -i s/^xSigned-By/Signed-By/ rootdir/etc/apt/sources.list.d/deb822.sources
testsuccess apt update -o Debug::Acquire::gpgv=1
testsuccessequal "$(echo "$GPGKEYBLOCK" | sed 's/^ \+/ /')\n$(echo "$GPGKEYBLOCK" | sed 's/^ \+/ /')" aptget indextargets --format '$(SIGNED_BY)'
# make sure we did not leave leftover files (LP: #1995247)
testsuccessequal "" ls "${TMPDIR}"
rm -f rootdir/etc/apt/sources.list.d/*
msgtest 'Check that a repository with' 'only the fisrt entry has no Signed-By value works'
cat > rootdir/etc/apt/sources.list.d/example.sources << EOF
Types: deb
URIs: http://example.org/
Suites: suite
Components: component
Types: deb
URIs: http://example.org/
Suites: suite
Components: component2
Signed-By: 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE
EOF
testsuccess --nomsg aptcache policy
msgtest 'Check that a repository with' 'only the second entry has no Signed-By value works'
cat > rootdir/etc/apt/sources.list.d/example.sources << EOF
Types: deb
URIs: http://example.org/
Suites: suite
Components: component
Signed-By: 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE
Types: deb
URIs: http://example.org/
Suites: suite
Components: component2
EOF
testsuccess --nomsg aptcache policy
cat > rootdir/etc/apt/sources.list.d/example.sources << EOF
Types: deb
URIs: http://example.org/
Suites: suite
Components: component
Signed-By: 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE
Types: deb
URIs: http://example.org/
Suites: suite
Components: component2
Signed-By: DE66AECA9151AFA1877EC31DE8525D47528144E2
EOF
testfailuremsg 'E: Conflicting values set for option Signed-By regarding source http://example.org/ suite: 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE != DE66AECA9151AFA1877EC31DE8525D47528144E2
E: The list of sources could not be read.' aptget update --print-uris
View git blame Copy permalink