Просмотр исходного кода

tests: allow to disable generation of InRelease/Release.gpg file

If the test just signs release files to throw away one of them to test
the other, we can just as well save the time and not create it.

Git-Dch: Ignore
David Kalnischkies лет назад: 10
Родитель
Сommit
761a5ad2ec

+ 14 - 4
test/integration/framework

@@ -1134,11 +1134,21 @@ signreleasefiles() {
 	fi
 	local GPG="aptkey --quiet --keyring ${KEY}.pub --secret-keyring ${KEY}.sec --readonly adv --batch --yes --digest-algo ${APT_TESTS_DIGEST_ALGO:-SHA512}"
 	for RELEASE in $(find "${REPODIR}/" -name Release); do
-		testsuccess $GPG "$@" $SIGUSERS --armor --detach-sign --sign --output "${RELEASE}.gpg" "${RELEASE}"
-		local INRELEASE="$(echo "${RELEASE}" | sed 's#/Release$#/InRelease#')"
-		testsuccess $GPG "$@" $SIGUSERS --clearsign --output "$INRELEASE" "$RELEASE"
 		# we might have set a specific date for the Release file, so copy it
-		touch -d "$(stat --format "%y" ${RELEASE})" "${RELEASE}.gpg" "${INRELEASE}"
+		local DATE="$(stat --format "%y" "${RELEASE}")"
+		if [ "$APT_DONT_SIGN" = 'Release.gpg' ]; then
+			rm -f "${RELEASE}.gpg"
+		else
+			testsuccess $GPG "$@" $SIGUSERS --armor --detach-sign --sign --output "${RELEASE}.gpg" "${RELEASE}"
+			touch -d "$DATE" "${RELEASE}.gpg"
+		fi
+		local INRELEASE="${RELEASE%/*}/InRelease"
+		if [ "$APT_DONT_SIGN" = 'InRelease' ]; then
+			rm -f "$INRELEASE"
+		else
+			testsuccess $GPG "$@" $SIGUSERS --clearsign --output "$INRELEASE" "$RELEASE"
+			touch -d "$DATE" "${INRELEASE}"
+		fi
 	done
 	if [ -f "$SECEXPIREBAK" ] && [ -f "$PUBEXPIREBAK" ]; then
 		mv -f "$SECEXPIREBAK" "${REXKEY}.sec"

+ 3 - 5
test/integration/test-apt-update-nofallback

@@ -9,8 +9,7 @@ set -e
 simulate_mitm_and_inject_evil_package()
 {
     redatereleasefiles '+1 hour'
-    rm -f "$APTARCHIVE/dists/unstable/InRelease"
-    rm -f "$APTARCHIVE/dists/unstable/Release.gpg"
+    rm -f "$APTARCHIVE/dists/unstable/InRelease" "$APTARCHIVE/dists/unstable/Release.gpg"
     inject_evil_package
 }
 
@@ -126,11 +125,10 @@ test_cve_2012_0214()
     listcurrentlistsdirectory > lists.before
 
     # do what CVE-2012-0214 did
-    rm "$APTARCHIVE/dists/unstable/InRelease"
-    rm "$APTARCHIVE/dists/unstable/Release.gpg"
+    rm "$APTARCHIVE/dists/unstable/InRelease" "$APTARCHIVE/dists/unstable/Release.gpg"
     inject_evil_package
     # build valid Release file
-    aptftparchive -qq release ./aptarchive > aptarchive/dists/unstable/Release 
+    aptftparchive -qq release ./aptarchive > aptarchive/dists/unstable/Release
 
     assert_update_is_refused_and_last_good_state_used
     testfileequal lists.before "$(listcurrentlistsdirectory)"

+ 0 - 2
test/integration/test-hashsum-verification

@@ -44,7 +44,6 @@ SHA256:
  xb306e66e5e6a7169c8d281a888539d1fdca9cecc99ae605717df579d5b9c166              527 Packages.lzma
  x9585d0e66b74c9385727fbea11fea9ab33c716b18a32f3036f037a2b9b57120              572 Packages.xz
 EOF
-        cp aptarchive/Release aptarchive/InRelease
 }
 
 # fake our downloadable file
@@ -56,7 +55,6 @@ runtest() {
 	prepare "${PKGFILE}"
 	rm -rf rootdir/var/lib/apt/lists
 	signreleasefiles 'Joe Sixpack'
-	find aptarchive/ -name "$DELETEFILE" -delete
 
 	# test signed release file
 	msgtest 'apt-get update gets the expected hashsum mismatch'

+ 8 - 5
test/integration/test-releasefile-date-older

@@ -26,40 +26,43 @@ testsuccess aptget update
 testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
 
 msgmsg 'Release.gpg file is silently rejected if' 'new Date is before old Date'
+export APT_DONT_SIGN='InRelease'
 rm -rf rootdir/var/lib/apt/lists
 generatereleasefiles 'now' 'now + 7 days'
 signreleasefiles
-find aptarchive -name 'InRelease' -delete
 testsuccess aptget update
 listcurrentlistsdirectory > listsdir.lst
 redatereleasefiles 'now - 2 days'
-find aptarchive -name 'InRelease' -delete
 testsuccess aptget update
 testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
+unset APT_DONT_SIGN
 
 msgmsg 'Crisscross InRelease/Release.gpg file is silently rejected if' 'new Date is before old Date'
+export APT_DONT_SIGN='Release.gpg'
 rm -rf rootdir/var/lib/apt/lists
 generatereleasefiles 'now' 'now + 7 days'
 signreleasefiles
-find aptarchive -name 'Release.gpg' -delete
 testsuccess aptget update
+export APT_DONT_SIGN='InRelease'
 listcurrentlistsdirectory > listsdir.lst
 redatereleasefiles 'now - 2 days'
-find aptarchive -name 'InRelease' -delete
 testsuccess aptget update
 testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
+unset APT_DONT_SIGN
 
 msgmsg 'Crisscross Release.gpg/InRelease file is silently rejected if' 'new Date is before old Date'
+export APT_DONT_SIGN='InRelease'
 rm -rf rootdir/var/lib/apt/lists
 generatereleasefiles 'now' 'now + 7 days'
 signreleasefiles
 find aptarchive -name 'InRelease' -delete
 testsuccess aptget update
+export APT_DONT_SIGN='Release.gpg'
 listcurrentlistsdirectory > listsdir.lst
 redatereleasefiles 'now - 2 days'
-find aptarchive -name 'Release.gpg' -delete
 testsuccess aptget update
 testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)"
+unset APT_DONT_SIGN
 
 msgmsg 'Release file has' 'no Date and no Valid-Until field'
 rm -rf rootdir/var/lib/apt/lists

+ 6 - 25
test/integration/test-releasefile-verification

@@ -99,12 +99,10 @@ updatewithwarnings() {
 }
 
 runtest() {
-	local DELETEFILE="$1"
 	msgmsg 'Cold archive signed by' 'Joe Sixpack'
 	prepare "${PKGFILE}"
 	rm -rf rootdir/var/lib/apt/lists
 	signreleasefiles 'Joe Sixpack'
-	find aptarchive/ -name "$DELETEFILE" -delete
 	successfulaptgetupdate
 	testsuccessequal "$(cat "${PKGFILE}")
 " aptcache show apt
@@ -113,7 +111,6 @@ runtest() {
 	msgmsg 'Good warm archive signed by' 'Joe Sixpack'
 	prepare "${PKGFILE}-new"
 	signreleasefiles 'Joe Sixpack'
-	find aptarchive/ -name "$DELETEFILE" -delete
 	successfulaptgetupdate
 	testsuccessequal "$(cat "${PKGFILE}-new")
 " aptcache show apt
@@ -124,7 +121,6 @@ runtest() {
 	rm -rf rootdir/var/lib/apt/lists
 	cp keys/rexexpired.pub rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg
 	signreleasefiles 'Rex Expired'
-	find aptarchive/ -name "$DELETEFILE" -delete
 	updatewithwarnings '^W: .* EXPKEYSIG'
 	testsuccessequal "$(cat "${PKGFILE}")
 " aptcache show apt
@@ -144,7 +140,6 @@ runtest() {
 		prepare "${PKGFILE}"
 		rm -rf rootdir/var/lib/apt/lists
 		signreleasefiles 'Joe Sixpack' 'aptarchive' --faked-system-time "20070924T154812" --default-sig-expire 2016-04-01
-		find aptarchive/ -name "$DELETEFILE" -delete
 		updatewithwarnings '^W: .* EXPSIG'
 		testsuccessequal "$(cat "${PKGFILE}")
 " aptcache show apt
@@ -158,7 +153,6 @@ runtest() {
 	prepare "${PKGFILE}"
 	rm -rf rootdir/var/lib/apt/lists
 	signreleasefiles 'Joe Sixpack,Marvin Paranoid'
-	find aptarchive/ -name "$DELETEFILE" -delete
 	successfulaptgetupdate 'NO_PUBKEY'
 	testsuccessequal "$(cat "${PKGFILE}")
 " aptcache show apt
@@ -168,7 +162,6 @@ runtest() {
 	prepare "${PKGFILE}"
 	rm -rf rootdir/var/lib/apt/lists
 	signreleasefiles 'Joe Sixpack,Rex Expired'
-	find aptarchive/ -name "$DELETEFILE" -delete
 	cp keys/rexexpired.pub rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg
 	successfulaptgetupdate 'EXPKEYSIG'
 	rm -f rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg
@@ -180,7 +173,6 @@ runtest() {
 	prepare "${PKGFILE}"
 	rm -rf rootdir/var/lib/apt/lists
 	signreleasefiles 'Marvin Paranoid'
-	find aptarchive/ -name "$DELETEFILE" -delete
 	updatewithwarnings '^W: .* NO_PUBKEY'
 	testsuccessequal "$(cat "${PKGFILE}")
 " aptcache show apt
@@ -189,7 +181,6 @@ runtest() {
 	msgmsg 'Bad warm archive signed by' 'Joe Sixpack'
 	prepare "${PKGFILE}-new"
 	signreleasefiles 'Joe Sixpack'
-	find aptarchive/ -name "$DELETEFILE" -delete
 	successfulaptgetupdate
 	testsuccessequal "$(cat "${PKGFILE}-new")
 " aptcache show apt
@@ -199,7 +190,6 @@ runtest() {
 	prepare "${PKGFILE}"
 	rm -rf rootdir/var/lib/apt/lists
 	signreleasefiles 'Joe Sixpack'
-	find aptarchive/ -name "$DELETEFILE" -delete
 	successfulaptgetupdate
 	testsuccessequal "$(cat "${PKGFILE}")
 " aptcache show apt
@@ -208,7 +198,6 @@ runtest() {
 	msgmsg 'Good warm archive signed by' 'Marvin Paranoid'
 	prepare "${PKGFILE}-new"
 	signreleasefiles 'Marvin Paranoid'
-	find aptarchive/ -name "$DELETEFILE" -delete
 	updatewithwarnings '^W: .* NO_PUBKEY'
 	testsuccessequal "$(cat "${PKGFILE}")
 " aptcache show apt
@@ -218,7 +207,6 @@ runtest() {
 	prepare "${PKGFILE}-new"
 	cp keys/rexexpired.pub rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg
 	signreleasefiles 'Rex Expired'
-	find aptarchive/ -name "$DELETEFILE" -delete
 	updatewithwarnings '^W: .* EXPKEYSIG'
 	testsuccessequal "$(cat "${PKGFILE}")
 " aptcache show apt
@@ -228,7 +216,6 @@ runtest() {
 	msgmsg 'Good warm archive signed by' 'Joe Sixpack'
 	prepare "${PKGFILE}-new"
 	signreleasefiles
-	find aptarchive/ -name "$DELETEFILE" -delete
 	successfulaptgetupdate
 	testsuccessequal "$(cat "${PKGFILE}-new")
 " aptcache show apt
@@ -238,7 +225,6 @@ runtest() {
 	prepare "${PKGFILE}"
 	rm -rf rootdir/var/lib/apt/lists
 	signreleasefiles 'Marvin Paranoid'
-	find aptarchive/ -name "$DELETEFILE" -delete
 	local MARVIN="$(readlink -f keys/marvinparanoid.pub)"
 	sed -i "s#^\(deb\(-src\)\?\) #\1 [signed-by=$MARVIN] #" rootdir/etc/apt/sources.list.d/*
 	successfulaptgetupdate
@@ -249,7 +235,6 @@ runtest() {
 	msgmsg 'Cold archive signed by bad keyring' 'Joe Sixpack'
 	rm -rf rootdir/var/lib/apt/lists
 	signreleasefiles 'Joe Sixpack'
-	find aptarchive/ -name "$DELETEFILE" -delete
 	updatewithwarnings '^W: .* NO_PUBKEY'
 	sed -i "s#^\(deb\(-src\)\?\) \[signed-by=$MARVIN\] #\1 #" rootdir/etc/apt/sources.list.d/*
 
@@ -257,14 +242,12 @@ runtest() {
 	msgmsg 'Cold archive signed by bad keyid' 'Joe Sixpack'
 	rm -rf rootdir/var/lib/apt/lists
 	signreleasefiles 'Joe Sixpack'
-	find aptarchive/ -name "$DELETEFILE" -delete
 	sed -i "s#^\(deb\(-src\)\?\) #\1 [signed-by=$MARVIN] #" rootdir/etc/apt/sources.list.d/*
 	updatewithwarnings '^W: .* be verified because the public key is not available: .*'
 
 	msgmsg 'Cold archive signed by good keyid' 'Marvin Paranoid'
 	rm -rf rootdir/var/lib/apt/lists
 	signreleasefiles 'Marvin Paranoid'
-	find aptarchive/ -name "$DELETEFILE" -delete
 	cp keys/marvinparanoid.pub rootdir/etc/apt/trusted.gpg.d/marvinparanoid.gpg
 	successfulaptgetupdate
 	testsuccessequal "$(cat "${PKGFILE}")
@@ -274,7 +257,6 @@ runtest() {
 	msgmsg 'Cold archive signed by good keyid' 'Marvin Paranoid,Joe Sixpack'
 	rm -rf rootdir/var/lib/apt/lists
 	signreleasefiles 'Marvin Paranoid,Joe Sixpack'
-	find aptarchive/ -name "$DELETEFILE" -delete
 	successfulaptgetupdate 'NoPubKey: GOODSIG'
 	testsuccessequal "$(cat "${PKGFILE}")
 " aptcache show apt
@@ -284,7 +266,6 @@ runtest() {
 	msgmsg 'Cold archive signed by good keyids' 'Joe Sixpack'
 	rm -rf rootdir/var/lib/apt/lists
 	signreleasefiles 'Joe Sixpack'
-	find aptarchive/ -name "$DELETEFILE" -delete
 	sed -i "s#^\(deb\(-src\)\?\) \[signed-by=$MARVIN\] #\1 [signed-by=${SIXPACK},${MARVIN}] #" rootdir/etc/apt/sources.list.d/*
 	successfulaptgetupdate
 	testsuccessequal "$(cat "${PKGFILE}")
@@ -306,7 +287,6 @@ runtest() {
 	cp -a rootdir/var/lib/apt/lists rootdir/var/lib/apt/lists-bak
 	prepare "${PKGFILE}-new"
 	signreleasefiles 'Joe Sixpack'
-	find aptarchive/ -name "$DELETEFILE" -delete
 
 	msgmsg 'Warm archive with signed-by' 'Joe Sixpack'
 	sed -i "/^Valid-Until: / a\
@@ -364,8 +344,7 @@ runtest2() {
 	# package verification.
 	msgmsg 'Warm archive signed by' 'nobody'
 	prepare "${PKGFILE}-new"
-	find aptarchive/ -name InRelease -delete
-	find aptarchive/ -name Release.gpg -delete
+	find aptarchive/ \( -name InRelease -o -name Release.gpg \) -delete
 	updatewithwarnings 'W: .* no longer signed.'
 	testsuccessequal "$(cat "${PKGFILE}-new")
 " aptcache show apt
@@ -386,8 +365,10 @@ runtest3() {
 	runtest2
 
 	for DELETEFILE in 'InRelease' 'Release.gpg'; do
+		export APT_DONT_SIGN="$DELETEFILE"
 		msgmsg "Running test with deletion of $DELETEFILE and $1 digest"
-		runtest "$DELETEFILE"
+		runtest
+		unset APT_DONT_SIGN
 	done
 }
 
@@ -422,11 +403,11 @@ msgmsg "Running test with apt-untrusted digest"
 echo "APT::Hashes::$APT_TESTS_DIGEST_ALGO::Untrusted \"yes\";" > rootdir/etc/apt/apt.conf.d/truststate
 runfailure() {
 	for DELETEFILE in 'InRelease' 'Release.gpg'; do
+		export APT_DONT_SIGN="$DELETEFILE"
 		msgmsg 'Cold archive signed by' 'Joe Sixpack'
 		prepare "${PKGFILE}"
 		rm -rf rootdir/var/lib/apt/lists
 		signreleasefiles 'Joe Sixpack'
-		find aptarchive/ -name "$DELETEFILE" -delete
 		testfailure aptget update --no-allow-insecure-repositories -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1
 		testsuccess grep 'The following signatures were invalid' rootdir/tmp/testfailure.output
 		testnopackage 'apt'
@@ -437,13 +418,13 @@ runfailure() {
 		prepare "${PKGFILE}"
 		rm -rf rootdir/var/lib/apt/lists
 		signreleasefiles 'Marvin Paranoid'
-		find aptarchive/ -name "$DELETEFILE" -delete
 		testfailure aptget update --no-allow-insecure-repositories -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1
 		testnopackage 'apt'
 		updatewithwarnings '^W: .* NO_PUBKEY'
 		testsuccessequal "$(cat "${PKGFILE}")
 " aptcache show apt
 		failaptold
+		unset APT_DONT_SIGN
 	done
 }
 runfailure

+ 2 - 4
test/integration/test-ubuntu-bug-784473-InRelease-one-message-only

@@ -8,11 +8,9 @@ configarchitecture 'i386'
 
 insertpackage 'unstable' 'apt' 'i386' '0.8.11'
 
-setupaptarchive
+export APT_DONT_SIGN='Release.gpg'
+setupaptarchive --no-update
 
-rm -rf rootdir/var/lib/apt/lists
-
-find aptarchive/ -name 'Release.gpg' -delete
 find aptarchive/ -name 'InRelease' -exec cp {} {}.old \;
 
 for RELEASE in $(find aptarchive/ -name 'InRelease'); do