test-apt-key-net-update 2.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596
  1. #!/bin/sh
  2. set -e
  3. TESTDIR=$(readlink -f $(dirname $0))
  4. . $TESTDIR/framework
  5. setupenvironment
  6. configarchitecture "i386"
  7. # mock
  8. requires_root() {
  9. return 0
  10. }
  11. # extract net_update() and import it
  12. func=$( sed -n -e '/^add_keys_with_verify_against_master_keyring/,/^}/p' ${BUILDDIRECTORY}/apt-key )
  13. eval "$func"
  14. mkdir -p ./etc/apt
  15. TRUSTEDFILE=./etc/apt/trusted.gpg
  16. mkdir -p ./var/lib/apt/keyrings
  17. TMP_KEYRING=./var/lib/apt/keyrings/maybe-import-keyring.gpg
  18. GPG_CMD="gpg --ignore-time-conflict --no-options --no-default-keyring"
  19. GPG="$GPG_CMD --keyring $TRUSTEDFILE"
  20. MASTER_KEYRING=/usr/share/keyrings/ubuntu-master-keyring.gpg
  21. msgtest "add_keys_with_verify_against_master_keyring"
  22. if [ ! -e $MASTER_KEYRING ]; then
  23. echo -n "No $MASTER_KEYRING found"
  24. msgskip
  25. exit 0
  26. fi
  27. # test bad keyring and ensure its not added (LP: #857472)
  28. ADD_KEYRING=./keys/exploid-keyring-with-dupe-keys.pub
  29. if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then
  30. msgfail
  31. else
  32. msgpass
  33. fi
  34. # ensure the keyring is still empty
  35. gpg_out=$($GPG --list-keys)
  36. msgtest "Test if keyring is empty"
  37. if [ -n "" ]; then
  38. msgfail
  39. else
  40. msgpass
  41. fi
  42. # test another possible attack vector using subkeys (LP: #1013128)
  43. msgtest "add_keys_with_verify_against_master_keyring with subkey attack"
  44. ADD_KEYRING=./keys/exploid-keyring-with-dupe-subkeys.pub
  45. if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then
  46. msgfail
  47. else
  48. msgpass
  49. fi
  50. # ensure the keyring is still empty
  51. gpg_out=$($GPG --list-keys)
  52. msgtest "Test if keyring is empty"
  53. if [ -n "" ]; then
  54. msgfail
  55. else
  56. msgpass
  57. fi
  58. # test good keyring and ensure we get no errors
  59. ADD_KEYRING=/usr/share/keyrings/ubuntu-archive-keyring.gpg
  60. if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then
  61. msgpass
  62. else
  63. msgfail
  64. fi
  65. testequal './etc/apt/trusted.gpg
  66. ---------------------
  67. pub 1024D/437D05B5 2004-09-12
  68. uid Ubuntu Archive Automatic Signing Key <ftpmaster@ubuntu.com>
  69. sub 2048g/79164387 2004-09-12
  70. pub 1024D/FBB75451 2004-12-30
  71. uid Ubuntu CD Image Automatic Signing Key <cdimage@ubuntu.com>
  72. pub 4096R/C0B21F32 2012-05-11
  73. uid Ubuntu Archive Automatic Signing Key (2012) <ftpmaster@ubuntu.com>
  74. pub 4096R/EFE21092 2012-05-11
  75. uid Ubuntu CD Image Automatic Signing Key (2012) <cdimage@ubuntu.com>
  76. ' $GPG --list-keys