test/integration/test-apt-update-stale

   1 #!/bin/sh
   2 #
   3 # Ensure that a MITM can not stale the Packages/Sources without
   4 # raising a error message. Note that the Release file is protected
   5 # via the "Valid-Until" header
   6 #
   7 set -e
   8
   9 TESTDIR=$(readlink -f $(dirname $0))
  10 . $TESTDIR/framework
  11
  12 setupenvironment
  13 configarchitecture "i386"
  14
  15 insertpackage 'unstable' 'foo' 'all' '1.0'
  16
  17 setupaptarchive
  18 changetowebserver
  19 aptget update -qq
  20
  21 # insert new version
  22 mkdir aptarchive/dists/unstable/main/binary-i386/saved
  23 cp -p aptarchive/dists/unstable/main/binary-i386/Packages* \
  24      aptarchive/dists/unstable/main/binary-i386/saved
  25 insertpackage 'unstable' 'foo' 'all' '2.0'
  26
  27 # not using compressfile for compat with older apt releases
  28 gzip -c aptarchive/dists/unstable/main/binary-i386/Packages > \
  29   aptarchive/dists/unstable/main/binary-i386/Packages.gz
  30 generatereleasefiles
  31 signreleasefiles
  32
  33 # ensure that we do not get a I-M-S hit for the Release file
  34 touch -d "+1hour" aptarchive/dists/unstable/*Release*
  35
  36 # but now only deliver the previous Packages file instead of the new one
  37 # (simulating a stale attack)
  38 cp -p aptarchive/dists/unstable/main/binary-i386/saved/Packages* \
  39      aptarchive/dists/unstable/main/binary-i386/
  40
  41 # ensure this raises a error
  42 testequal "W: Failed to fetch http://localhost:8080/dists/unstable/main/binary-i386/Packages  Hash Sum mismatch
  43
  44 E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq
  45
  46