summaryrefslogtreecommitdiffstats
path: root/test/integration/test-ubuntu-bug-346386-apt-get-update-paywall
diff options
context:
space:
mode:
Diffstat (limited to '')
-rwxr-xr-xtest/integration/test-ubuntu-bug-346386-apt-get-update-paywall102
1 files changed, 102 insertions, 0 deletions
diff --git a/test/integration/test-ubuntu-bug-346386-apt-get-update-paywall b/test/integration/test-ubuntu-bug-346386-apt-get-update-paywall
new file mode 100755
index 0000000..5f2109d
--- /dev/null
+++ b/test/integration/test-ubuntu-bug-346386-apt-get-update-paywall
@@ -0,0 +1,102 @@
+#!/bin/sh
+set -e
+
+TESTDIR="$(readlink -f "$(dirname "$0")")"
+. "$TESTDIR/framework"
+
+setupenvironment
+configarchitecture 'native'
+
+insertpackage 'unstable' 'unrelated' 'all' '1.0' 'stable'
+insertsource 'unstable' 'unrelated' 'all' '1.0' 'stable'
+
+echo 'ni ni ni' > aptarchive/knights
+
+setupaptarchive
+changetowebserver -o 'aptwebserver::overwrite::.*InRelease::filename=/knights' -o 'aptwebserver::overwrite::.*::filename=/knights'
+
+msgtest 'Acquire test file from the webserver to check' 'overwrite'
+if downloadfile http://localhost:${APTHTTPPORT}/holygrail ./knights-talking >/dev/null; then
+ msgpass
+else
+ msgfail
+fi
+
+testfileequal knights-talking 'ni ni ni'
+
+ensure_n_canary_strings_in_dir() {
+ local DIR="$1"
+ local CANARY_STRING="$2"
+ local EXPECTED_N="$3"
+
+ msgtest "Testing in $DIR for $EXPECTED_N canary" "$CANARY_STRING"
+ local N=$(grep "$CANARY_STRING" $DIR/* 2>/dev/null |wc -l )
+ test "$N" = "$EXPECTED_N" && msgpass || msgfail "Expected $EXPECTED_N canaries, got $N"
+}
+
+runtests() {
+ LISTS='rootdir/var/lib/apt/lists'
+ rm -rf "$LISTS"
+ testfailure aptget update
+ testsuccess grep "$1" rootdir/tmp/testfailure.output
+
+ ensure_n_canary_strings_in_dir "$LISTS" 'ni ni ni' 0
+ testequal 'auxfiles
+lock
+partial' ls "$LISTS"
+
+ # and again with pre-existing files with "valid data" which should remain
+ for f in Release Release.gpg main_binary-amd64_Packages main_source_Sources; do
+ echo 'peng neee-wom' > "$LISTS/localhost:${APTHTTPPORT}_dists_stable_${f}"
+ chmod 644 "$LISTS/localhost:${APTHTTPPORT}_dists_stable_${f}"
+ done
+
+ testfailure aptget update
+ testsuccess grep "$1" rootdir/tmp/testfailure.output
+
+ ensure_n_canary_strings_in_dir "$LISTS" 'peng neee-wom' 4
+ ensure_n_canary_strings_in_dir "$LISTS" 'ni ni ni' 0
+
+ # and now with a pre-existing InRelease file
+ echo 'peng neee-wom' > "$LISTS/localhost:${APTHTTPPORT}_dists_stable_InRelease"
+ chmod 644 "$LISTS/localhost:${APTHTTPPORT}_dists_stable_InRelease"
+ rm -f "$LISTS/localhost:${APTHTTPPORT}_dists_stable_Release" "$LISTS/localhost:${APTHTTPPORT}_dists_stable_Release.gpg"
+ msgtest 'excpected failure of' 'apt-get update'
+ testfailure aptget update
+ testsuccess grep "$1" rootdir/tmp/testfailure.output
+
+ ensure_n_canary_strings_in_dir "$LISTS" 'peng neee-wom' 3
+ ensure_n_canary_strings_in_dir "$LISTS" 'ni ni ni' 0
+}
+runtests '^E:.*Clearsigned file .*NOSPLIT.*'
+webserverconfig 'aptwebserver::overwrite::.*InRelease::filename' '/404'
+runtests '^E:.*Signed file .*NODATA.*'
+
+webserverconfig 'aptwebserver::overwrite::.*::filename' '/404'
+webserverconfig 'aptwebserver::httpcode::404' '511 Network Authentication Required'
+rm -rf rootdir/var/lib/apt/lists
+testfailureequal "Err:1 http://localhost:${APTHTTPPORT} unstable InRelease
+ 511 Network Authentication Required
+Reading package lists...
+E: Failed to fetch http://localhost:${APTHTTPPORT}/dists/unstable/InRelease 511 Network Authentication Required
+E: The repository 'http://localhost:${APTHTTPPORT} unstable InRelease' is not signed.
+N: Updating from such a repository can't be done securely, and is therefore disabled by default.
+N: See apt-secure(8) manpage for repository creation and user configuration details." aptget update
+
+# on S3 all files get a 403. If we accept unsigned, lets be liberal in non-existence acceptance
+webserverconfig 'aptwebserver::httpcode::404' '403 Forbidden'
+rm -rf rootdir/var/lib/apt/lists
+testfailureequal "Err:1 http://localhost:${APTHTTPPORT} unstable InRelease
+ 403 Forbidden
+Reading package lists...
+E: Failed to fetch http://localhost:${APTHTTPPORT}/dists/unstable/InRelease 403 Forbidden
+E: The repository 'http://localhost:${APTHTTPPORT} unstable InRelease' is not signed.
+N: Updating from such a repository can't be done securely, and is therefore disabled by default.
+N: See apt-secure(8) manpage for repository creation and user configuration details." apt update
+
+sed -i 's#^deb\(-src\)\? #deb\1 [allow-insecure=yes] #' rootdir/etc/apt/sources.list.d/*
+testfailure apt update
+testequal "Ign:1 http://localhost:${APTHTTPPORT} unstable InRelease
+ 403 Forbidden
+Ign:2 http://localhost:${APTHTTPPORT} unstable Release
+ 403 Forbidden" head -n 4 rootdir/tmp/testfailure.output