apt/test/integration/test-sourceslist-trusted-options

#!/bin/sh
set -e

TESTDIR="$(readlink -f "$(dirname "$0")")"
. "$TESTDIR/framework"

setupenvironment
configarchitecture 'amd64'

buildsimplenativepackage 'foo' 'amd64' '1' 'stable'
buildsimplenativepackage 'foo' 'amd64' '2' 'testing'

setupaptarchive --no-update

APTARCHIVE=$(readlink -f ./aptarchive)

everythingsucceeds() {
	testsuccessequal 'Listing...
foo/testing 2 amd64
foo/stable 1 amd64
' apt list foo -a

	cd downloaded
	rm -f foo_1_amd64.deb foo_2_amd64.deb
	testsuccess aptget download foo "$@"
	testsuccess test -s foo_1_amd64.deb -o -s foo_2_amd64.deb

	rm -f foo_1.dsc foo_2.dsc
	testsuccess aptget source foo --dsc-only -d "$@"
	testsuccess test -s foo_1.dsc -o -s foo_2.dsc
	cd - >/dev/null
}

everythingfails() {
	testsuccessequal 'Listing...
foo/testing 2 amd64
foo/stable 1 amd64
' apt list foo -a

	local WARNING='WARNING: The following packages cannot be authenticated!
  foo
E: Some packages could not be authenticated'

	cd downloaded
	rm -f foo_1_amd64.deb foo_2_amd64.deb
	testfailure aptget download foo "$@"
	testequal "$WARNING" tail -n 3 ../rootdir/tmp/testfailure.output
	testfailure test -s foo_1_amd64.deb -o -s foo_2_amd64.deb

	rm -f foo_1.dsc foo_2.dsc
	testfailure aptget source foo --dsc-only -d "$@"
	testequal "$WARNING" tail -n 3 ../rootdir/tmp/testfailure.output
	testfailure test -s foo_1.dsc -o -s foo_2.dsc
	cd - >/dev/null
}

cp -a rootdir/etc/apt/sources.list.d/ rootdir/etc/apt/sources.list.d.bak/
echo 'Debug::Acquire::Transaction "true";
Debug::pkgAcquire::Worker "true";' > rootdir/etc/apt/apt.conf.d/00debugging

aptgetupdate() {
	rm -rf rootdir/var/lib/apt/lists
	# note that insecure with trusted=yes are allowed
	# as the trusted=yes indicates that security is provided by
	# something above the understanding of apt
	${1:-testsuccess} aptget update --no-allow-insecure-repositories
}

insecureaptgetupdate() {
	rm -rf rootdir/var/lib/apt/lists
	testfailure aptget update --no-allow-insecure-repositories
	rm -rf rootdir/var/lib/apt/lists
	testwarning aptget update --allow-insecure-repositories
}

msgmsg 'Test without trusted option and good sources'
cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
aptgetupdate
everythingsucceeds
everythingsucceeds -t stable
everythingsucceeds -t testing

msgmsg 'Test with trusted=yes option and good sources'
cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
sed -i 's#^deb\(-src\)\? #deb\1 [trusted=yes] #' rootdir/etc/apt/sources.list.d/*
aptgetupdate
everythingsucceeds
everythingsucceeds -t stable
everythingsucceeds -t testing

msgmsg 'Test with trusted=no option and good sources'
cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
sed -i 's#^deb\(-src\)\? #deb\1 [trusted=no] #' rootdir/etc/apt/sources.list.d/*
# we want the warnings on the actions, but for 'update' everything is fine
aptgetupdate
everythingfails
everythingfails -t stable
everythingfails -t testing

find aptarchive/dists/stable \( -name 'InRelease' -o -name 'Release.gpg' \) -delete

msgmsg 'Test without trusted option and good and unsigned sources'
cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
insecureaptgetupdate
everythingsucceeds
everythingfails -t stable
everythingsucceeds -t testing

msgmsg 'Test with trusted=yes option and good and unsigned sources'
cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
sed -i 's#^deb\(-src\)\? #deb\1 [trusted=yes] #' rootdir/etc/apt/sources.list.d/*
aptgetupdate
everythingsucceeds
everythingsucceeds -t stable
everythingsucceeds -t testing

msgmsg 'Test with trusted=no option and good and unsigned sources'
cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
sed -i 's#^deb\(-src\)\? #deb\1 [trusted=no] #' rootdir/etc/apt/sources.list.d/*
insecureaptgetupdate
everythingfails
everythingfails -t stable
everythingfails -t testing

signreleasefiles 'Marvin Paranoid' 'aptarchive/dists/stable'

msgmsg 'Test without trusted option and good and unknown sources'
cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
insecureaptgetupdate
everythingsucceeds
everythingfails -t stable
everythingsucceeds -t testing

msgmsg 'Test with trusted=yes option and good and unknown sources'
cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
sed -i 's#^deb\(-src\)\? #deb\1 [trusted=yes] #' rootdir/etc/apt/sources.list.d/*
aptgetupdate 'testwarning'
everythingsucceeds
everythingsucceeds -t stable
everythingsucceeds -t testing

msgmsg 'Test with trusted=no option and good and unknown sources'
cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
sed -i 's#^deb\(-src\)\? #deb\1 [trusted=no] #' rootdir/etc/apt/sources.list.d/*
insecureaptgetupdate
everythingfails
everythingfails -t stable
everythingfails -t testing

signreleasefiles 'Rex Expired' 'aptarchive/dists/stable'
cp -a keys/rexexpired.pub rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg

msgmsg 'Test without trusted option and good and expired sources'
cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
insecureaptgetupdate
everythingsucceeds
everythingfails -t stable
everythingsucceeds -t testing

msgmsg 'Test with trusted=yes option and good and expired sources'
cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
sed -i 's#^deb\(-src\)\? #deb\1 [trusted=yes] #' rootdir/etc/apt/sources.list.d/*
aptgetupdate 'testwarning'
everythingsucceeds
everythingsucceeds -t stable
everythingsucceeds -t testing

msgmsg 'Test with trusted=no option and good and expired sources'
cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
sed -i 's#^deb\(-src\)\? #deb\1 [trusted=no] #' rootdir/etc/apt/sources.list.d/*
insecureaptgetupdate
everythingfails
everythingfails -t stable
everythingfails -t testing

# same as the one further above, but this time testing is unsigned
find aptarchive/ \( -name 'InRelease' -o -name 'Release.gpg' \) -delete
signreleasefiles 'Joe Sixpack' 'aptarchive/dists/stable'

msgmsg 'Test without trusted option and unsigned and good sources'
cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
insecureaptgetupdate
everythingfails
everythingsucceeds -t stable
everythingfails -t testing

msgmsg 'Test with trusted=yes option and unsigned and good sources'
cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
sed -i 's#^deb\(-src\)\? #deb\1 [trusted=yes] #' rootdir/etc/apt/sources.list.d/*
aptgetupdate
everythingsucceeds
everythingsucceeds -t stable
everythingsucceeds -t testing

msgmsg 'Test with trusted=no option and unsigned and good sources'
cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
sed -i 's#^deb\(-src\)\? #deb\1 [trusted=no] #' rootdir/etc/apt/sources.list.d/*
insecureaptgetupdate
everythingfails
everythingfails -t stable
everythingfails -t testing

msgmsg 'Test conflicting trusted options are refused'
testsource() {
	echo "$@" > rootdir/etc/apt/sources.list.d/example.list
	testfailuremsg 'E: Conflicting values set for option Trusted regarding source http://example.org/bad/ unstable
E: The list of sources could not be read.' aptget update --print-uris
}
for VAL in 'yes' 'no'; do
	testsource "deb http://example.org/bad unstable main
deb [trusted=${VAL}] http://example.org/bad unstable non-free"
	testsource "deb [trusted=${VAL}] http://example.org/bad unstable main
deb http://example.org/bad unstable non-free"
done
testsource 'deb [trusted=yes] http://example.org/bad unstable main
deb [trusted=no] http://example.org/bad unstable non-free'
testsource 'deb [trusted=no] http://example.org/bad unstable main
deb [trusted=yes] http://example.org/bad unstable non-free'