summaryrefslogtreecommitdiffstats
path: root/test/integration/test-signed-by-option
blob: 8e1e9a8c2c033f5e24fac859aa2a1c4757cf19ed (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
#!/bin/sh
set -e

TESTDIR="$(readlink -f "$(dirname "$0")")"
. "$TESTDIR/framework"

setupenvironment
configarchitecture 'amd64'

export TMPDIR="${TMPWORKINGDIRECTORY}/tmp"
mkdir "${TMPDIR}"

msgtest 'Check that a repository with' 'signed-by and two components works'
echo 'deb [signed-by=CDE5618B8805FD6E202CE9C2D73C39E56580B386] https://people.debian.org/~jak/debian/ stable main contrib # Äffchen' > rootdir/etc/apt/sources.list
testsuccess --nomsg aptcache policy

msgtest 'Check that a repository with' 'two fingerprints work'
echo 'deb [signed-by=CDE5618B8805FD6E202CE9C2D73C39E56580B386,AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] https://people.debian.org/~jak/debian/ stable main contrib # Äffchen' > rootdir/etc/apt/sources.list
testsuccess --nomsg aptcache policy

msgtest 'Check that a repository with' 'exact fingerprint works'
echo 'deb [signed-by=CDE5618B8805FD6E202CE9C2D73C39E56580B386!] https://people.debian.org/~jak/debian/ stable main contrib # Äffchen' > rootdir/etc/apt/sources.list
testsuccess --nomsg aptcache policy

msgtest 'Check that a repository with' 'whitespaced fingerprints work'
echo 'deb [signed-by=CDE5618B8805FD6E202CE9C2D73C39E56580B386!,,,,AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] https://people.debian.org/~jak/debian/ stable main contrib # Äffchen' > rootdir/etc/apt/sources.list
cat > rootdir/etc/apt/sources.list.d/people.sources <<EOF
Types: deb
URIs: mirror+file:/var/lib/apt/mirror.lst
Suites: stable testing
Components: main contrib
Architectures: amd64 i386
Signed-By: CDE5618B8805FD6E202CE9C2D73C39E56580B386!       AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    ,  , BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
EOF
testsuccess --nomsg aptcache policy

buildsimplenativepackage "coolstuff" "all" "1.0" "stable"
setupaptarchive --no-update
rm -f rootdir/etc/apt/sources.list.d/* rootdir/etc/apt/sources.list
rm -f rootdir/etc/apt/trusted.gpg.d/* rootdir/etc/apt/trusted.gpg

cat > rootdir/etc/apt/sources.list.d/deb822.sources << EOF
Types: deb
URIs: file://$PWD/aptarchive
Suites: stable
Components: main
xSigned-By:
    -----BEGIN PGP PUBLIC KEY BLOCK-----
    .
    mQENBExsGNYBCADNVx+TQ6h1tEyUP11f7ihfta3ZePkW1rIdkdHgA3Fw/TeLnTEq
    mWuhMw2pL4zy1vQhU8efNrRaNUrUS7kV3LIdSjd5K4Aizqtsdy/gLKFoTcO8LFIm
    KAXPg5hZBZ1B1HWvw7Npe4nkIj0Ar+bUyMfyCBUeqoaNeIy31a4IiNo8LdD73DOh
    4APKcp+pXh2s2DOmWOnTI8Z+WZ9W2ZurtdZl8g04hszGatwVKrNc6p5wK0wAvJ+X
    M0HaIVt/+90GVLCMb/Gjf66At73BS19BdRDPi54PPK5N+Q9HZAYq0zPPNySB3l4A
    vGjZtCqljkSqiaL1C0ZKf8c5ey/FoAviyS7TABEBAAG0M0pvZSBTaXhwYWNrIChB
    UFQgVGVzdGNhc2VzIER1bW15KSA8am9lQGV4YW1wbGUub3JnPokBNwQTAQoAIQIb
    AwIeAQIXgAUCV7L5PQULCQgHAwUVCgkICwUWAgMBAAAKCRBakNFB26yNri5RB/sF
    xRzAFAwwp6TQNeZk3L2zsHD2ZPKaoWzi1l+nD4grfP1enuAnwcLR3HG4zouN3nCg
    M0PgZEUo2yOAnKK4D5XWkcZjhcoCj133bTW807e+aM6d08ns+piIGJ8VdUVYlNZ2
    Tnr8eunkUQVkWQGjtHicIJFtjbokIKXzlJtVSklF/kDQ+v93kyj1SNM7Tm57Q01i
    ZtB2jCXNYvqdlHaZw1oXdVd1R6u0+SSb4wtjHuTeYG76JaCnWKBnvexWhIEN1MxK
    xNHhRHzEPTYZ4PCCyaRX4YRAwsEMFsscsghpQgqRDhGSWq+jUVI+Aay7FTnd+1UA
    1snsGpB0o9qxx8JpGMXI
    =c/k4
    -----END PGP PUBLIC KEY BLOCK-----
EOF
testfailure apt update  -o Debug::Acquire::gpgv=1
testsuccess grep "NO_PUBKEY 5A90D141DBAC8DAE" rootdir/tmp/testfailure.output
sed -i s/^xSigned-By/Signed-By/ rootdir/etc/apt/sources.list.d/deb822.sources
testsuccess apt update  -o Debug::Acquire::gpgv=1
# make sure we did not leave leftover files (LP: #1995247)
testsuccessequal "" ls "${TMPDIR}"

rm -f rootdir/etc/apt/sources.list.d/*

msgtest 'Check that a repository with' 'only the fisrt entry has no Signed-By value works'
cat > rootdir/etc/apt/sources.list.d/example.sources << EOF
Types: deb
URIs: http://example.org/
Suites: suite
Components: component

Types: deb
URIs: http://example.org/
Suites: suite
Components: component2
Signed-By: 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE
EOF
testsuccess --nomsg aptcache policy

msgtest 'Check that a repository with' 'only the second entry has no Signed-By value works'
cat > rootdir/etc/apt/sources.list.d/example.sources << EOF
Types: deb
URIs: http://example.org/
Suites: suite
Components: component
Signed-By: 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE

Types: deb
URIs: http://example.org/
Suites: suite
Components: component2
EOF
testsuccess --nomsg aptcache policy

cat > rootdir/etc/apt/sources.list.d/example.sources << EOF
Types: deb
URIs: http://example.org/
Suites: suite
Components: component
Signed-By: 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE

Types: deb
URIs: http://example.org/
Suites: suite
Components: component2
Signed-By: DE66AECA9151AFA1877EC31DE8525D47528144E2
EOF
testfailuremsg 'E: Conflicting values set for option Signed-By regarding source http://example.org/ suite: 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE != DE66AECA9151AFA1877EC31DE8525D47528144E2
E: The list of sources could not be read.' aptget update --print-uris