From 851b6a097165af4d51c0db01b5e05256e5006896 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sun, 7 Apr 2024 11:00:48 +0200
Subject: Adding upstream version 2.6.1.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 .../test-ubuntu-bug-346386-apt-get-update-paywall  | 102 +++++++++++++++++++++
 1 file changed, 102 insertions(+)
 create mode 100755 test/integration/test-ubuntu-bug-346386-apt-get-update-paywall

(limited to 'test/integration/test-ubuntu-bug-346386-apt-get-update-paywall')

diff --git a/test/integration/test-ubuntu-bug-346386-apt-get-update-paywall b/test/integration/test-ubuntu-bug-346386-apt-get-update-paywall
new file mode 100755
index 0000000..5f2109d
--- /dev/null
+++ b/test/integration/test-ubuntu-bug-346386-apt-get-update-paywall
@@ -0,0 +1,102 @@
+#!/bin/sh
+set -e
+
+TESTDIR="$(readlink -f "$(dirname "$0")")"
+. "$TESTDIR/framework"
+
+setupenvironment
+configarchitecture 'native'
+
+insertpackage 'unstable' 'unrelated' 'all' '1.0' 'stable'
+insertsource 'unstable' 'unrelated' 'all' '1.0' 'stable'
+
+echo 'ni ni ni' > aptarchive/knights
+
+setupaptarchive
+changetowebserver -o 'aptwebserver::overwrite::.*InRelease::filename=/knights' -o 'aptwebserver::overwrite::.*::filename=/knights'
+
+msgtest 'Acquire test file from the webserver to check' 'overwrite'
+if downloadfile http://localhost:${APTHTTPPORT}/holygrail ./knights-talking >/dev/null; then
+	msgpass
+else
+	msgfail
+fi
+
+testfileequal knights-talking 'ni ni ni'
+
+ensure_n_canary_strings_in_dir() {
+	local DIR="$1"
+	local CANARY_STRING="$2"
+	local EXPECTED_N="$3"
+
+	msgtest "Testing in $DIR for $EXPECTED_N canary" "$CANARY_STRING"
+	local N=$(grep "$CANARY_STRING" $DIR/* 2>/dev/null |wc -l )
+	test "$N" = "$EXPECTED_N" && msgpass || msgfail "Expected $EXPECTED_N canaries, got $N"
+}
+
+runtests() {
+	LISTS='rootdir/var/lib/apt/lists'
+	rm -rf "$LISTS"
+	testfailure aptget update
+	testsuccess grep "$1" rootdir/tmp/testfailure.output
+
+	ensure_n_canary_strings_in_dir "$LISTS" 'ni ni ni' 0
+	testequal 'auxfiles
+lock
+partial' ls "$LISTS"
+
+	# and again with pre-existing files with "valid data" which should remain
+	for f in Release Release.gpg main_binary-amd64_Packages main_source_Sources; do
+		echo 'peng neee-wom' > "$LISTS/localhost:${APTHTTPPORT}_dists_stable_${f}"
+		chmod 644 "$LISTS/localhost:${APTHTTPPORT}_dists_stable_${f}"
+	done
+
+	testfailure aptget update
+	testsuccess grep "$1" rootdir/tmp/testfailure.output
+
+	ensure_n_canary_strings_in_dir "$LISTS" 'peng neee-wom' 4
+	ensure_n_canary_strings_in_dir "$LISTS" 'ni ni ni' 0
+
+	# and now with a pre-existing InRelease file
+	echo 'peng neee-wom' > "$LISTS/localhost:${APTHTTPPORT}_dists_stable_InRelease"
+	chmod 644 "$LISTS/localhost:${APTHTTPPORT}_dists_stable_InRelease"
+	rm -f "$LISTS/localhost:${APTHTTPPORT}_dists_stable_Release" "$LISTS/localhost:${APTHTTPPORT}_dists_stable_Release.gpg"
+	msgtest 'excpected failure of' 'apt-get update'
+	testfailure aptget update
+	testsuccess grep "$1" rootdir/tmp/testfailure.output
+
+	ensure_n_canary_strings_in_dir "$LISTS" 'peng neee-wom' 3
+	ensure_n_canary_strings_in_dir "$LISTS" 'ni ni ni' 0
+}
+runtests '^E:.*Clearsigned file .*NOSPLIT.*'
+webserverconfig 'aptwebserver::overwrite::.*InRelease::filename' '/404'
+runtests '^E:.*Signed file .*NODATA.*'
+
+webserverconfig 'aptwebserver::overwrite::.*::filename' '/404'
+webserverconfig 'aptwebserver::httpcode::404' '511 Network Authentication Required'
+rm -rf rootdir/var/lib/apt/lists
+testfailureequal "Err:1 http://localhost:${APTHTTPPORT} unstable InRelease
+  511  Network Authentication Required
+Reading package lists...
+E: Failed to fetch http://localhost:${APTHTTPPORT}/dists/unstable/InRelease  511  Network Authentication Required
+E: The repository 'http://localhost:${APTHTTPPORT} unstable InRelease' is not signed.
+N: Updating from such a repository can't be done securely, and is therefore disabled by default.
+N: See apt-secure(8) manpage for repository creation and user configuration details." aptget update
+
+# on S3 all files get a 403. If we accept unsigned, lets be liberal in non-existence acceptance
+webserverconfig 'aptwebserver::httpcode::404' '403 Forbidden'
+rm -rf rootdir/var/lib/apt/lists
+testfailureequal "Err:1 http://localhost:${APTHTTPPORT} unstable InRelease
+  403  Forbidden
+Reading package lists...
+E: Failed to fetch http://localhost:${APTHTTPPORT}/dists/unstable/InRelease  403  Forbidden
+E: The repository 'http://localhost:${APTHTTPPORT} unstable InRelease' is not signed.
+N: Updating from such a repository can't be done securely, and is therefore disabled by default.
+N: See apt-secure(8) manpage for repository creation and user configuration details." apt update
+
+sed -i 's#^deb\(-src\)\? #deb\1 [allow-insecure=yes] #' rootdir/etc/apt/sources.list.d/*
+testfailure apt update
+testequal "Ign:1 http://localhost:${APTHTTPPORT} unstable InRelease
+  403  Forbidden
+Ign:2 http://localhost:${APTHTTPPORT} unstable Release
+  403  Forbidden" head -n 4 rootdir/tmp/testfailure.output
-- 
cgit v1.2.3