blob: 8da4ec35b352f3c883c38c92b75bf8a17db0f864 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
|
#!/bin/sh
#
# Ensure that we do not modify file:/// uris (regression test for
# CVE-2014-0487
#
set -e
TESTDIR="$(readlink -f "$(dirname "$0")")"
. "$TESTDIR/framework"
setupenvironment
configarchitecture "amd64"
configcompression 'bz2' 'gz'
confighashes 'SHA512'
insertpackage 'unstable' 'foo' 'all' '1'
insertpackage 'unstable' 'bar' 'amd64' '1'
insertsource 'unstable' 'foo' 'all' '1'
setupaptarchive --no-update
logcurrentarchivedirectory
# ensure the archive is not writable
addtrap 'prefix' 'chmod 755 aptarchive/dists/unstable/main/binary-all;'
if [ "$(id -u)" = '0' ]; then
# too deep to notice it, but it also unlikely that files in the same repo have different permissions
chmod 500 aptarchive/dists/unstable/main/binary-all
testfailure aptget update
rm -rf rootdir/var/lib/apt/lists
chmod 755 aptarchive/dists/unstable/main/binary-all
testsuccess aptget update
rm -rf rootdir/var/lib/apt/lists
chmod 511 aptarchive/dists/
testsuccess aptget update
rm -rf rootdir/var/lib/apt/lists
chmod 510 aptarchive/dists/
testsuccesswithnotice aptget update
rm -rf rootdir/var/lib/apt/lists
chmod 500 aptarchive/dists/
testsuccesswithnotice aptget update
chmod 755 aptarchive/dists/
else
testsuccess aptget update
fi
mv rootdir/var/lib/apt/lists/_* rootdir/var/lib/apt/lists/partial
chmod 555 aptarchive/dists/unstable/main/binary-all
testsuccess aptget update -o Debug::pkgAcquire::Worker=1
cp -a rootdir/tmp/testsuccess.output rootdir/tmp/update.output
testsuccess grep '%0aAlt-Filename:%20' rootdir/tmp/update.output
# the release files aren't an IMS-hit, but the indexes are
redatereleasefiles '+1 hour'
# we don't download the index if it isn't updated
testsuccess aptget update -o Debug::pkgAcquire::Auth=1
# file:/ isn't shown in the log, so see if it was downloaded anyhow
cp -a rootdir/tmp/testsuccess.output rootdir/tmp/update.output
canary="SHA512:$(bzcat aptarchive/dists/unstable/main/binary-all/Packages.bz2 | sha512sum |cut -f1 -d' ')"
testfailure grep -- "$canary" rootdir/tmp/update.output
testfoo() {
# foo is still available
testsuccess aptget install -s foo
testsuccess aptcache showsrc foo
testsuccess aptget source foo --print-uris
}
testfoo
# the release file is new again, the index still isn't, but it is somehow gone now from disk
redatereleasefiles '+2 hour'
find rootdir/var/lib/apt/lists -name '*_Packages*' -delete
testsuccess aptget update -o Debug::pkgAcquire::Auth=1
# file:/ isn't shown in the log, so see if it was downloaded anyhow
cp -a rootdir/tmp/testsuccess.output rootdir/tmp/update.output
canary="SHA512:$(bzcat aptarchive/dists/unstable/main/binary-all/Packages.bz2 | sha512sum |cut -f1 -d' ')"
testsuccess grep -- "$canary" rootdir/tmp/update.output
testfoo
|
