diff options
Diffstat (limited to '')
-rwxr-xr-x | test/integration/test-ubuntu-bug-346386-apt-get-update-paywall | 102 |
1 files changed, 102 insertions, 0 deletions
diff --git a/test/integration/test-ubuntu-bug-346386-apt-get-update-paywall b/test/integration/test-ubuntu-bug-346386-apt-get-update-paywall new file mode 100755 index 0000000..5f2109d --- /dev/null +++ b/test/integration/test-ubuntu-bug-346386-apt-get-update-paywall @@ -0,0 +1,102 @@ +#!/bin/sh +set -e + +TESTDIR="$(readlink -f "$(dirname "$0")")" +. "$TESTDIR/framework" + +setupenvironment +configarchitecture 'native' + +insertpackage 'unstable' 'unrelated' 'all' '1.0' 'stable' +insertsource 'unstable' 'unrelated' 'all' '1.0' 'stable' + +echo 'ni ni ni' > aptarchive/knights + +setupaptarchive +changetowebserver -o 'aptwebserver::overwrite::.*InRelease::filename=/knights' -o 'aptwebserver::overwrite::.*::filename=/knights' + +msgtest 'Acquire test file from the webserver to check' 'overwrite' +if downloadfile http://localhost:${APTHTTPPORT}/holygrail ./knights-talking >/dev/null; then + msgpass +else + msgfail +fi + +testfileequal knights-talking 'ni ni ni' + +ensure_n_canary_strings_in_dir() { + local DIR="$1" + local CANARY_STRING="$2" + local EXPECTED_N="$3" + + msgtest "Testing in $DIR for $EXPECTED_N canary" "$CANARY_STRING" + local N=$(grep "$CANARY_STRING" $DIR/* 2>/dev/null |wc -l ) + test "$N" = "$EXPECTED_N" && msgpass || msgfail "Expected $EXPECTED_N canaries, got $N" +} + +runtests() { + LISTS='rootdir/var/lib/apt/lists' + rm -rf "$LISTS" + testfailure aptget update + testsuccess grep "$1" rootdir/tmp/testfailure.output + + ensure_n_canary_strings_in_dir "$LISTS" 'ni ni ni' 0 + testequal 'auxfiles +lock +partial' ls "$LISTS" + + # and again with pre-existing files with "valid data" which should remain + for f in Release Release.gpg main_binary-amd64_Packages main_source_Sources; do + echo 'peng neee-wom' > "$LISTS/localhost:${APTHTTPPORT}_dists_stable_${f}" + chmod 644 "$LISTS/localhost:${APTHTTPPORT}_dists_stable_${f}" + done + + testfailure aptget update + testsuccess grep "$1" rootdir/tmp/testfailure.output + + ensure_n_canary_strings_in_dir "$LISTS" 'peng neee-wom' 4 + ensure_n_canary_strings_in_dir "$LISTS" 'ni ni ni' 0 + + # and now with a pre-existing InRelease file + echo 'peng neee-wom' > "$LISTS/localhost:${APTHTTPPORT}_dists_stable_InRelease" + chmod 644 "$LISTS/localhost:${APTHTTPPORT}_dists_stable_InRelease" + rm -f "$LISTS/localhost:${APTHTTPPORT}_dists_stable_Release" "$LISTS/localhost:${APTHTTPPORT}_dists_stable_Release.gpg" + msgtest 'excpected failure of' 'apt-get update' + testfailure aptget update + testsuccess grep "$1" rootdir/tmp/testfailure.output + + ensure_n_canary_strings_in_dir "$LISTS" 'peng neee-wom' 3 + ensure_n_canary_strings_in_dir "$LISTS" 'ni ni ni' 0 +} +runtests '^E:.*Clearsigned file .*NOSPLIT.*' +webserverconfig 'aptwebserver::overwrite::.*InRelease::filename' '/404' +runtests '^E:.*Signed file .*NODATA.*' + +webserverconfig 'aptwebserver::overwrite::.*::filename' '/404' +webserverconfig 'aptwebserver::httpcode::404' '511 Network Authentication Required' +rm -rf rootdir/var/lib/apt/lists +testfailureequal "Err:1 http://localhost:${APTHTTPPORT} unstable InRelease + 511 Network Authentication Required +Reading package lists... +E: Failed to fetch http://localhost:${APTHTTPPORT}/dists/unstable/InRelease 511 Network Authentication Required +E: The repository 'http://localhost:${APTHTTPPORT} unstable InRelease' is not signed. +N: Updating from such a repository can't be done securely, and is therefore disabled by default. +N: See apt-secure(8) manpage for repository creation and user configuration details." aptget update + +# on S3 all files get a 403. If we accept unsigned, lets be liberal in non-existence acceptance +webserverconfig 'aptwebserver::httpcode::404' '403 Forbidden' +rm -rf rootdir/var/lib/apt/lists +testfailureequal "Err:1 http://localhost:${APTHTTPPORT} unstable InRelease + 403 Forbidden +Reading package lists... +E: Failed to fetch http://localhost:${APTHTTPPORT}/dists/unstable/InRelease 403 Forbidden +E: The repository 'http://localhost:${APTHTTPPORT} unstable InRelease' is not signed. +N: Updating from such a repository can't be done securely, and is therefore disabled by default. +N: See apt-secure(8) manpage for repository creation and user configuration details." apt update + +sed -i 's#^deb\(-src\)\? #deb\1 [allow-insecure=yes] #' rootdir/etc/apt/sources.list.d/* +testfailure apt update +testequal "Ign:1 http://localhost:${APTHTTPPORT} unstable InRelease + 403 Forbidden +Ign:2 http://localhost:${APTHTTPPORT} unstable Release + 403 Forbidden" head -n 4 rootdir/tmp/testfailure.output |