|
|
@@ -1,80 +0,0 @@
|
|
|
-#!/bin/sh
|
|
|
-
|
|
|
-set -e
|
|
|
-
|
|
|
-TESTDIR=$(readlink -f $(dirname $0))
|
|
|
-. $TESTDIR/framework
|
|
|
-
|
|
|
-setupenvironment
|
|
|
-configarchitecture "i386"
|
|
|
-
|
|
|
-buildsimplenativepackage 'good-pkg' 'all' '1.0' 'stable'
|
|
|
-
|
|
|
-setupaptarchive
|
|
|
-
|
|
|
-# now exchange to the Packages file, note that this could be
|
|
|
-# done via MITM too
|
|
|
-cat > aptarchive/dists/stable/main/binary-i386/Packages <<EOF
|
|
|
-Package: bad-mitm
|
|
|
-Installed-Size: 108
|
|
|
-Architecture: all
|
|
|
-Version: 0.5-3
|
|
|
-Filename: pool/bad-mitm.deb
|
|
|
-Size: 14348
|
|
|
-SHA256: e9b9a3859940c5882b35d56c0097667e552d87b662778c2c451fe6db657b0519
|
|
|
-Description: Evil package
|
|
|
-EOF
|
|
|
-for pair in "gzip:gz" "bzip2:bz2" "lzma:lzma" "xz:xz"; do
|
|
|
- compressor=$(echo $pair|cut -f1 -d:)
|
|
|
- extension=$(echo $pair|cut -f2 -d:)
|
|
|
- $compressor -c aptarchive/dists/stable/main/binary-i386/Packages > aptarchive/dists/stable/main/binary-i386/Packages.$extension
|
|
|
-done
|
|
|
-
|
|
|
-# add a space into the BEGIN PGP SIGNATURE PART/END PGP SIGNATURE part
|
|
|
-# to trick apt - this is still legal to gpg(v)
|
|
|
-sed -i '/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ s/^$/ /g' aptarchive/dists/stable/InRelease
|
|
|
-
|
|
|
-# and append our own hashes for the modified Packages files
|
|
|
-cat >> aptarchive/dists/stable/InRelease <<EOF
|
|
|
-Origin: Ansgar
|
|
|
-Codename: evilevil
|
|
|
-Suite: stable
|
|
|
-Date: Sun, 03 Jun 2012 13:26:11 UTC
|
|
|
-Architectures: i386
|
|
|
-Components: main
|
|
|
-SHA512:
|
|
|
-EOF
|
|
|
-for comp in "" ".gz" ".bz2" ".xz" ".lzma"; do
|
|
|
- # Packages
|
|
|
- s="$(sha512sum aptarchive/dists/stable/main/binary-i386/Packages$comp | cut -f1 -d' ') $(stat -c %s aptarchive/dists/stable/main/binary-i386/Packages$comp) main/binary-i386/Packages$comp"
|
|
|
- echo " $s" >> aptarchive/dists/stable/InRelease
|
|
|
- # Sources
|
|
|
- s="$(sha512sum aptarchive/dists/stable/main/source/Sources$comp | cut -f1 -d' ') $(stat -c %s aptarchive/dists/stable/main/source/Sources$comp) main/source/Sources$comp"
|
|
|
- echo " $s" >> aptarchive/dists/stable/InRelease
|
|
|
-done;
|
|
|
-
|
|
|
-# deliver this
|
|
|
-changetowebserver
|
|
|
-
|
|
|
-# ensure the update fails
|
|
|
-# useful for debugging to add "-o Debug::pkgAcquire::auth=true"
|
|
|
-if aptget update -qq; then
|
|
|
- msgfail "apt-get update should NOT work for MITM"
|
|
|
- exit 1
|
|
|
-fi
|
|
|
-
|
|
|
-# ensure there is no package
|
|
|
-testequal 'Reading package lists...
|
|
|
-Building dependency tree...
|
|
|
-E: Unable to locate package bad-mitm' aptget install bad-mitm
|
|
|
-
|
|
|
-# and verify that its not picked up
|
|
|
-#testequal 'N: Unable to locate package bad-mitm' aptcache policy bad-mitm
|
|
|
-
|
|
|
-# and that the right one is used
|
|
|
-#testequal 'good-pkg:
|
|
|
-#+ Installed: (none)
|
|
|
-#+ Candidate: 1.0
|
|
|
-#+ Version table:
|
|
|
-#+ 1.0 0
|
|
|
-#+ 500 http://localhost/ stable/main i386 Packages' aptcache policy good-pkg
|