summaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
authorDavid Kalnischkies <david@kalnischkies.de>2016-03-13 22:44:37 +0100
committerDavid Kalnischkies <david@kalnischkies.de>2016-03-14 11:54:08 +0100
commitd4c45145553781418c25343ac1478f62da645851 (patch)
treede57731f933c6fe05c4fbabf4147399984895a5d /test
parentb7a1076f18022cbeb7baf4d82ab8bae0f725a573 (diff)
downloadapt-d4c45145553781418c25343ac1478f62da645851.tar.gz
enforce verify of filesize in 'apt-get source'
The structure we parse the data into has a dedicated size field, but it tends to be easier to handle it as a (very weak) checksum.
Diffstat (limited to 'test')
-rwxr-xr-xtest/integration/test-ubuntu-bug-1098738-apt-get-source-md5sum46
1 files changed, 39 insertions, 7 deletions
diff --git a/test/integration/test-ubuntu-bug-1098738-apt-get-source-md5sum b/test/integration/test-ubuntu-bug-1098738-apt-get-source-md5sum
index 7ac993d39..b37ca456f 100755
--- a/test/integration/test-ubuntu-bug-1098738-apt-get-source-md5sum
+++ b/test/integration/test-ubuntu-bug-1098738-apt-get-source-md5sum
@@ -41,6 +41,15 @@ Checksums-Sha256:
943d3bf22ac661fb0f59bc4ff68cc12b04ff17a838dfcc2537008eb9c7f3770a 3 pkg-sha256-ok_1.0.dsc
90aebae315675cbf04612de4f7d5874850f48e0b8dd82becbeaa47ca93f5ebfb 3 pkg-sha256-ok_1.0.tar.gz
+Package: pkg-size-bad
+Binary: pkg-size-bad
+Version: 1.0
+Maintainer: Joe Sixpack <joe@example.org>
+Architecture: all
+Checksums-Sha256:
+ 943d3bf22ac661fb0f59bc4ff68cc12b04ff17a838dfcc2537008eb9c7f3770a 2 pkg-size-bad_1.0.dsc
+ 90aebae315675cbf04612de4f7d5874850f48e0b8dd82becbeaa47ca93f5ebfb 4 pkg-size-bad_1.0.tar.gz
+
Package: pkg-sha256-bad
Binary: pkg-sha256-bad
Version: 1.0
@@ -151,7 +160,7 @@ EOF
for x in 'pkg-md5-ok' 'pkg-sha1-ok' 'pkg-sha256-ok' 'pkg-sha256-bad' 'pkg-no-md5' \
'pkg-mixed-ok' 'pkg-mixed-sha1-bad' 'pkg-mixed-sha2-bad' \
'pkg-md5-agree' 'pkg-md5-disagree' 'pkg-sha256-disagree' \
- 'pkg-md5-bad'; do
+ 'pkg-md5-bad' 'pkg-size-bad'; do
echo -n 'dsc' > aptarchive/${x}_1.0.dsc
echo -n 'tar' > aptarchive/${x}_1.0.tar.gz
done
@@ -201,7 +210,23 @@ Download complete and in download only mode" aptget source -d "$@"
testmismatch() {
rm -f ${1}_1.0.dsc ${1}_1.0.tar.gz
- testfailureequal "Reading package lists...
+ local FAILURE
+ if [ "$1" = 'pkg-size-bad' ]; then
+ FAILURE="Reading package lists...
+Need to get 6 B of source archives.
+Get:1 http://localhost:${APTHTTPPORT} $1 1.0 (dsc) [2 B]
+Err:1 http://localhost:${APTHTTPPORT} $1 1.0 (dsc)
+ Writing more data than expected (3 > 2)
+Get:2 http://localhost:${APTHTTPPORT} $1 1.0 (tar) [4 B]
+Err:2 http://localhost:${APTHTTPPORT} $1 1.0 (tar)
+ Hash Sum mismatch
+E: Failed to fetch http://localhost:${APTHTTPPORT}/${1}_1.0.dsc Writing more data than expected (3 > 2)
+
+E: Failed to fetch http://localhost:${APTHTTPPORT}/${1}_1.0.tar.gz Hash Sum mismatch
+
+E: Failed to fetch some archives."
+ else
+ FAILURE="Reading package lists...
Need to get 6 B of source archives.
Get:1 http://localhost:${APTHTTPPORT} $1 1.0 (dsc) [3 B]
Err:1 http://localhost:${APTHTTPPORT} $1 1.0 (dsc)
@@ -213,7 +238,10 @@ E: Failed to fetch http://localhost:${APTHTTPPORT}/${1}_1.0.dsc Hash Sum mismat
E: Failed to fetch http://localhost:${APTHTTPPORT}/${1}_1.0.tar.gz Hash Sum mismatch
-E: Failed to fetch some archives." aptget source -d "$@"
+E: Failed to fetch some archives."
+ fi
+ testfailureequal "$FAILURE" aptget source -d "$@"
+
msgtest 'Files were not download as they have hashsum mismatches for' "$1"
testfailure --nomsg test -e ${1}_1.0.dsc -a -e ${1}_1.0.tar.gz
@@ -228,14 +256,16 @@ Download complete and in download only mode" aptget source -d "$@" -o Acquire::F
testfailure --nomsg test -e ${1}_1.0.dsc -a -e ${1}_1.0.tar.gz
fi
- rm -f ${1}_1.0.dsc ${1}_1.0.tar.gz
- testsuccessequal "Reading package lists...
+ if [ "$1" != 'pkg-size-bad' ]; then
+ rm -f ${1}_1.0.dsc ${1}_1.0.tar.gz
+ testsuccessequal "Reading package lists...
Need to get 6 B of source archives.
Get:1 http://localhost:${APTHTTPPORT} $1 1.0 (dsc) [3 B]
Get:2 http://localhost:${APTHTTPPORT} $1 1.0 (tar) [3 B]
Download complete and in download only mode" aptget source --allow-unauthenticated -d "$@" -o Acquire::ForceHash=ROT26
- msgtest 'Files were downloaded unauthenticated as user allowed it' "$1"
- testsuccess --nomsg test -e ${1}_1.0.dsc -a -e ${1}_1.0.tar.gz
+ msgtest 'Files were downloaded unauthenticated as user allowed it' "$1"
+ testsuccess --nomsg test -e ${1}_1.0.dsc -a -e ${1}_1.0.tar.gz
+ fi
}
testnohash pkg-md5-ok
@@ -252,6 +282,8 @@ testok pkg-sha256-bad -o Acquire::ForceHash=MD5Sum
testnohash pkg-md5-bad
testmismatch pkg-md5-bad --allow-unauthenticated
+testmismatch pkg-size-bad
+
# not having MD5 sum doesn't mean the file doesn't exist at all …
testok pkg-no-md5
testok pkg-no-md5 -o Acquire::ForceHash=SHA256