diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 09:00:48 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 09:00:48 +0000 |
commit | 851b6a097165af4d51c0db01b5e05256e5006896 (patch) | |
tree | 5f7c388ec894a7806c49a99f3bdb605d0b299a7c /test/integration/test-apt-update-stale | |
parent | Initial commit. (diff) | |
download | apt-upstream.tar.xz apt-upstream.zip |
Adding upstream version 2.6.1.upstream/2.6.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'test/integration/test-apt-update-stale')
-rwxr-xr-x | test/integration/test-apt-update-stale | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/test/integration/test-apt-update-stale b/test/integration/test-apt-update-stale new file mode 100755 index 0000000..a863458 --- /dev/null +++ b/test/integration/test-apt-update-stale @@ -0,0 +1,44 @@ +#!/bin/sh +# +# Ensure that a MITM can not stale the Packages/Sources without +# raising a error message. Note that the Release file is protected +# via the "Valid-Until" header +# +set -e + +TESTDIR="$(readlink -f "$(dirname "$0")")" +. "$TESTDIR/framework" + +setupenvironment +configarchitecture "i386" + +insertpackage 'unstable' 'foo' 'i386' '1.0' + +setupaptarchive --no-update +changetowebserver + +echo "Acquire::Languages \"none\";" > rootdir/etc/apt/apt.conf.d/00nolanguages +testsuccess aptget update -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::http=1 +listcurrentlistsdirectory > lists.before + +# insert new version +mkdir aptarchive/dists/unstable/main/binary-i386/saved +cp -p aptarchive/dists/unstable/main/binary-i386/Packages* \ + aptarchive/dists/unstable/main/binary-i386/saved +insertpackage 'unstable' 'foo' 'i386' '2.0' +touch -d '+1 hour' aptarchive/dists/unstable/main/binary-i386/Packages +compressfile aptarchive/dists/unstable/main/binary-i386/Packages +# ensure that we do not get a I-M-S hit for the Release file + +generatereleasefiles '+1hour' +signreleasefiles + +# but now only deliver the previous Packages file instead of the new one +# (simulating a stale attack) +cp -p aptarchive/dists/unstable/main/binary-i386/saved/Packages* \ + aptarchive/dists/unstable/main/binary-i386/ + +# ensure this raises an error +testfailure aptget update -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::http=1 +testsuccess grep 'File has unexpected size' rootdir/tmp/testfailure.output +testfileequal lists.before "$(listcurrentlistsdirectory)" |