test/integration/test-ubuntu-bug-346386-apt-get-update-paywall


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102

#!/bin/sh
set -e

TESTDIR="$(readlink -f "$(dirname "$0")")"
. "$TESTDIR/framework"

setupenvironment
configarchitecture 'native'

insertpackage 'unstable' 'unrelated' 'all' '1.0' 'stable'
insertsource 'unstable' 'unrelated' 'all' '1.0' 'stable'

echo 'ni ni ni' > aptarchive/knights

setupaptarchive
changetowebserver -o 'aptwebserver::overwrite::.*InRelease::filename=/knights' -o 'aptwebserver::overwrite::.*::filename=/knights'

msgtest 'Acquire test file from the webserver to check' 'overwrite'
if downloadfile http://localhost:${APTHTTPPORT}/holygrail ./knights-talking >/dev/null; then
	msgpass
else
	msgfail
fi

testfileequal knights-talking 'ni ni ni'

ensure_n_canary_strings_in_dir() {
	local DIR="$1"
	local CANARY_STRING="$2"
	local EXPECTED_N="$3"

	msgtest "Testing in $DIR for $EXPECTED_N canary" "$CANARY_STRING"
	local N=$(grep "$CANARY_STRING" $DIR/* 2>/dev/null |wc -l )
	test "$N" = "$EXPECTED_N" && msgpass || msgfail "Expected $EXPECTED_N canaries, got $N"
}

runtests() {
	LISTS='rootdir/var/lib/apt/lists'
	rm -rf "$LISTS"
	testfailure aptget update
	testsuccess grep "$1" rootdir/tmp/testfailure.output

	ensure_n_canary_strings_in_dir "$LISTS" 'ni ni ni' 0
	testequal 'auxfiles
lock
partial' ls "$LISTS"

	# and again with pre-existing files with "valid data" which should remain
	for f in Release Release.gpg main_binary-amd64_Packages main_source_Sources; do
		echo 'peng neee-wom' > "$LISTS/localhost:${APTHTTPPORT}_dists_stable_${f}"
		chmod 644 "$LISTS/localhost:${APTHTTPPORT}_dists_stable_${f}"
	done

	testfailure aptget update
	testsuccess grep "$1" rootdir/tmp/testfailure.output

	ensure_n_canary_strings_in_dir "$LISTS" 'peng neee-wom' 4
	ensure_n_canary_strings_in_dir "$LISTS" 'ni ni ni' 0

	# and now with a pre-existing InRelease file
	echo 'peng neee-wom' > "$LISTS/localhost:${APTHTTPPORT}_dists_stable_InRelease"
	chmod 644 "$LISTS/localhost:${APTHTTPPORT}_dists_stable_InRelease"
	rm -f "$LISTS/localhost:${APTHTTPPORT}_dists_stable_Release" "$LISTS/localhost:${APTHTTPPORT}_dists_stable_Release.gpg"
	msgtest 'excpected failure of' 'apt-get update'
	testfailure aptget update
	testsuccess grep "$1" rootdir/tmp/testfailure.output

	ensure_n_canary_strings_in_dir "$LISTS" 'peng neee-wom' 3
	ensure_n_canary_strings_in_dir "$LISTS" 'ni ni ni' 0
}
runtests '^E:.*Clearsigned file .*NOSPLIT.*'
webserverconfig 'aptwebserver::overwrite::.*InRelease::filename' '/404'
runtests '^E:.*Signed file .*NODATA.*'

webserverconfig 'aptwebserver::overwrite::.*::filename' '/404'
webserverconfig 'aptwebserver::httpcode::404' '511 Network Authentication Required'
rm -rf rootdir/var/lib/apt/lists
testfailureequal "Err:1 http://localhost:${APTHTTPPORT} unstable InRelease
  511  Network Authentication Required
Reading package lists...
E: Failed to fetch http://localhost:${APTHTTPPORT}/dists/unstable/InRelease  511  Network Authentication Required
E: The repository 'http://localhost:${APTHTTPPORT} unstable InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details." aptget update

# on S3 all files get a 403. If we accept unsigned, lets be liberal in non-existence acceptance
webserverconfig 'aptwebserver::httpcode::404' '403 Forbidden'
rm -rf rootdir/var/lib/apt/lists
testfailureequal "Err:1 http://localhost:${APTHTTPPORT} unstable InRelease
  403  Forbidden
Reading package lists...
E: Failed to fetch http://localhost:${APTHTTPPORT}/dists/unstable/InRelease  403  Forbidden
E: The repository 'http://localhost:${APTHTTPPORT} unstable InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details." apt update

sed -i 's#^deb\(-src\)\? #deb\1 [allow-insecure=yes] #' rootdir/etc/apt/sources.list.d/*
testfailure apt update
testequal "Ign:1 http://localhost:${APTHTTPPORT} unstable InRelease
  403  Forbidden
Ign:2 http://localhost:${APTHTTPPORT} unstable Release
  403  Forbidden" head -n 4 rootdir/tmp/testfailure.output