summaryrefslogtreecommitdiffstats
path: root/test/integration/test-apt-update-stale
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 09:00:48 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 09:00:48 +0000
commit851b6a097165af4d51c0db01b5e05256e5006896 (patch)
tree5f7c388ec894a7806c49a99f3bdb605d0b299a7c /test/integration/test-apt-update-stale
parentInitial commit. (diff)
downloadapt-upstream.tar.xz
apt-upstream.zip
Adding upstream version 2.6.1.upstream/2.6.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'test/integration/test-apt-update-stale')
-rwxr-xr-xtest/integration/test-apt-update-stale44
1 files changed, 44 insertions, 0 deletions
diff --git a/test/integration/test-apt-update-stale b/test/integration/test-apt-update-stale
new file mode 100755
index 0000000..a863458
--- /dev/null
+++ b/test/integration/test-apt-update-stale
@@ -0,0 +1,44 @@
+#!/bin/sh
+#
+# Ensure that a MITM can not stale the Packages/Sources without
+# raising a error message. Note that the Release file is protected
+# via the "Valid-Until" header
+#
+set -e
+
+TESTDIR="$(readlink -f "$(dirname "$0")")"
+. "$TESTDIR/framework"
+
+setupenvironment
+configarchitecture "i386"
+
+insertpackage 'unstable' 'foo' 'i386' '1.0'
+
+setupaptarchive --no-update
+changetowebserver
+
+echo "Acquire::Languages \"none\";" > rootdir/etc/apt/apt.conf.d/00nolanguages
+testsuccess aptget update -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::http=1
+listcurrentlistsdirectory > lists.before
+
+# insert new version
+mkdir aptarchive/dists/unstable/main/binary-i386/saved
+cp -p aptarchive/dists/unstable/main/binary-i386/Packages* \
+ aptarchive/dists/unstable/main/binary-i386/saved
+insertpackage 'unstable' 'foo' 'i386' '2.0'
+touch -d '+1 hour' aptarchive/dists/unstable/main/binary-i386/Packages
+compressfile aptarchive/dists/unstable/main/binary-i386/Packages
+# ensure that we do not get a I-M-S hit for the Release file
+
+generatereleasefiles '+1hour'
+signreleasefiles
+
+# but now only deliver the previous Packages file instead of the new one
+# (simulating a stale attack)
+cp -p aptarchive/dists/unstable/main/binary-i386/saved/Packages* \
+ aptarchive/dists/unstable/main/binary-i386/
+
+# ensure this raises an error
+testfailure aptget update -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::http=1
+testsuccess grep 'File has unexpected size' rootdir/tmp/testfailure.output
+testfileequal lists.before "$(listcurrentlistsdirectory)"