HCoop / ntk / apt.git / blame
| Commit | Line | Data |
|---|---|---|
| daff4aa3 MV |
1 | #!/bin/sh |
| 2 | # | |
| 3 | # Ensure that we do not modify file:/// uris (regression test for | |
| 4 | # CVE-2014-0487 | |
| 5 | # | |
| 6 | set -e | |
| 7 | ||
| 8 | TESTDIR=$(readlink -f $(dirname $0)) | |
| 9 | . $TESTDIR/framework | |
| 10 | ||
| 11 | setupenvironment | |
| 12 | configarchitecture "amd64" | |
| 13 | configcompression 'bz2' 'gz' | |
| 14 | ||
| 15 | insertpackage 'unstable' 'foo' 'all' '1.0' | |
| 16 | ||
| 17 | umask 022 | |
| 18 | setupaptarchive --no-update | |
| 19 | ||
| 20 | # ensure the archive is not writable | |
| 21 | chmod 550 aptarchive/dists/unstable/main/binary-amd64 | |
| 22 | ||
| 23 | testsuccess aptget update -qq | |
| 24 | testsuccess aptget update -qq | |
| 23d0a6fb MV |
25 | aptget update -qq -o Debug::pkgAcquire::Auth=1 2> output.log |
| 26 | ||
| 27 | # ensure that the hash of the uncompressed file was verified even on a local | |
| 28 | # ims hit | |
| 29 | canary="SHA512:$(bzcat aptarchive/dists/unstable/main/binary-amd64/Packages.bz2 | sha512sum |cut -f1 -d' ')" | |
| 30 | grep -q "RecivedHash: $canary" output.log | |
| 31 | ||
| 8b451962 MV |
32 | # foo is still available |
| 33 | testsuccess aptget install -s foo | |
| daff4aa3 MV |
34 | |
| 35 | # the cleanup should still work | |
| 36 | chmod 750 aptarchive/dists/unstable/main/binary-amd64 |