test-apt-update-rollback 6.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196
  1. #!/bin/sh
  2. #
  3. # test that apt-get update is transactional
  4. #
  5. set -e
  6. avoid_ims_hit() {
  7. touch -d '+1hour' aptarchive/dists/unstable/main/binary-i386/Packages*
  8. touch -d '+1hour' aptarchive/dists/unstable/main/source/Sources*
  9. touch -d '+1hour' aptarchive/dists/unstable/*Release*
  10. touch -d '-1hour' rootdir/var/lib/apt/lists/*
  11. }
  12. create_fresh_archive()
  13. {
  14. rm -rf aptarchive/*
  15. rm -f rootdir/var/lib/apt/lists/_* rootdir/var/lib/apt/lists/partial/*
  16. insertpackage 'unstable' 'old' 'all' '1.0'
  17. setupaptarchive --no-update
  18. }
  19. add_new_package() {
  20. insertpackage "unstable" "new" "all" "1.0"
  21. insertsource "unstable" "new" "all" "1.0"
  22. setupaptarchive --no-update "$@"
  23. }
  24. break_repository_sources_index() {
  25. printf 'xxx' > $APTARCHIVE/dists/unstable/main/source/Sources
  26. compressfile "$APTARCHIVE/dists/unstable/main/source/Sources" "$@"
  27. }
  28. start_with_good_inrelease() {
  29. create_fresh_archive
  30. testsuccess aptget update
  31. testequal "old/unstable 1.0 all" apt list -q
  32. }
  33. test_inrelease_to_new_inrelease() {
  34. msgmsg 'Test InRelease to new InRelease works fine'
  35. start_with_good_inrelease
  36. add_new_package '+1hour'
  37. testsuccess aptget update -o Debug::Acquire::Transaction=1
  38. testequal "new/unstable 1.0 all
  39. old/unstable 1.0 all" apt list -q
  40. }
  41. test_inrelease_to_broken_hash_reverts_all() {
  42. msgmsg 'Test InRelease to broken InRelease reverts everything'
  43. start_with_good_inrelease
  44. add_new_package '+1hour'
  45. # break the Sources file
  46. break_repository_sources_index '+1hour'
  47. # test the error condition
  48. testequal "W: Failed to fetch file:${APTARCHIVE}/dists/unstable/main/source/Sources Hash Sum mismatch
  49. E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq
  50. # ensure that the Packages file is also rolled back
  51. testequal "E: Unable to locate package new" aptget install new -s -qq
  52. }
  53. test_inrelease_to_valid_release() {
  54. msgmsg 'Test InRelease to valid Release'
  55. start_with_good_inrelease
  56. add_new_package '+1hour'
  57. # switch to a unsigned repo now
  58. rm $APTARCHIVE/dists/unstable/InRelease
  59. rm $APTARCHIVE/dists/unstable/Release.gpg
  60. # update fails
  61. testequal "E: The repository 'file: unstable Release.gpg' is no longer signed." aptget update -qq
  62. # test that we can install the new packages but do no longer have a sig
  63. testsuccess aptget install old -s
  64. testfailure aptget install new -s
  65. testsuccess ls $ROOTDIR/var/lib/apt/lists/*_InRelease
  66. testfailure ls $ROOTDIR/var/lib/apt/lists/*_Release
  67. }
  68. test_inrelease_to_release_reverts_all() {
  69. msgmsg 'Test InRelease to broken Release reverts everything'
  70. start_with_good_inrelease
  71. # switch to a unsigned repo now
  72. add_new_package '+1hour'
  73. rm $APTARCHIVE/dists/unstable/InRelease
  74. rm $APTARCHIVE/dists/unstable/Release.gpg
  75. # break it
  76. break_repository_sources_index '+1hour'
  77. # ensure error
  78. testequal "E: The repository 'file: unstable Release.gpg' is no longer signed." aptget update -qq # -o Debug::acquire::transaction=1
  79. # ensure that the Packages file is also rolled back
  80. testsuccess aptget install old -s
  81. testfailure aptget install new -s
  82. testsuccess ls $ROOTDIR/var/lib/apt/lists/*_InRelease
  83. testfailure ls $ROOTDIR/var/lib/apt/lists/*_Release
  84. }
  85. test_unauthenticated_to_invalid_inrelease() {
  86. msgmsg 'Test UnAuthenticated to invalid InRelease reverts everything'
  87. create_fresh_archive
  88. rm $APTARCHIVE/dists/unstable/InRelease
  89. rm $APTARCHIVE/dists/unstable/Release.gpg
  90. testsuccess aptget update --allow-insecure-repositories
  91. testequal "WARNING: The following packages cannot be authenticated!
  92. old
  93. E: There are problems and -y was used without --force-yes" aptget install -qq -y old
  94. # go to authenticated but not correct
  95. add_new_package '+1hour'
  96. break_repository_sources_index '+1hour'
  97. testequal "W: Failed to fetch file:$APTARCHIVE/dists/unstable/main/source/Sources Hash Sum mismatch
  98. E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq
  99. testfailure ls rootdir/var/lib/apt/lists/*_InRelease
  100. testequal "WARNING: The following packages cannot be authenticated!
  101. old
  102. E: There are problems and -y was used without --force-yes" aptget install -qq -y old
  103. }
  104. test_inrelease_to_unauth_inrelease() {
  105. msgmsg 'Test InRelease to InRelease without good sig'
  106. start_with_good_inrelease
  107. signreleasefiles 'Marvin Paranoid' '+1hour'
  108. testequal "W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: file: unstable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E8525D47528144E2
  109. W: Failed to fetch file:$APTARCHIVE/dists/unstable/InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E8525D47528144E2
  110. W: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq
  111. testsuccess ls rootdir/var/lib/apt/lists/*_InRelease
  112. }
  113. test_inrelease_to_broken_gzip() {
  114. msgmsg "Test InRelease to broken gzip"
  115. start_with_good_inrelease
  116. # append junk at the end of the compressed file
  117. echo "lala" >> $APTARCHIVE/dists/unstable/main/source/Sources.gz
  118. touch -d '+2min' $APTARCHIVE/dists/unstable/main/source/Sources.gz
  119. # remove uncompressed file to avoid fallback
  120. rm $APTARCHIVE/dists/unstable/main/source/Sources
  121. testfailure aptget update
  122. }
  123. TESTDIR=$(readlink -f $(dirname $0))
  124. . $TESTDIR/framework
  125. setupenvironment
  126. configarchitecture "i386"
  127. # setup the archive and ensure we have a single package that installs fine
  128. setupaptarchive
  129. APTARCHIVE=$(readlink -f ./aptarchive)
  130. ROOTDIR=${TMPWORKINGDIRECTORY}/rootdir
  131. APTARCHIVE_LISTS="$(echo $APTARCHIVE | tr "/" "_" )"
  132. # test the following cases:
  133. # - InRelease -> broken InRelease revert to previous state
  134. # - empty lists dir and broken remote leaves nothing on the system
  135. # - InRelease -> hashsum mismatch for one file reverts all files to previous state
  136. # - Release/Release.gpg -> hashsum mismatch
  137. # - InRelease -> Release with hashsum mismatch revert entire state and kills Release
  138. # - Release -> InRelease with broken Sig/Hash removes InRelease
  139. # going from Release/Release.gpg -> InRelease and vice versa
  140. # - unauthenticated -> invalid InRelease
  141. # stuff to do:
  142. # - ims-hit
  143. # - gzip-index tests
  144. test_inrelease_to_new_inrelease
  145. test_inrelease_to_broken_hash_reverts_all
  146. test_inrelease_to_valid_release
  147. test_inrelease_to_release_reverts_all
  148. test_unauthenticated_to_invalid_inrelease
  149. test_inrelease_to_unauth_inrelease
  150. test_inrelease_to_broken_gzip