HCoop / ntk / apt.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9b7c105)
make apt-key net-update actually testable
authorMichael Vogt <mvo@debian.org>
Fri, 13 Dec 2013 13:37:14 +0000 (14:37 +0100)
committerMichael Vogt <mvo@debian.org>
Fri, 13 Dec 2013 13:37:14 +0000 (14:37 +0100)
cmdline/apt-key.in patch | blob | blame | history
test/integration/test-apt-key-net-update patch | blob | blame | history

diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in
index 779872b..c7d3ce8 100644 (file)
--- a/cmdline/apt-key.in
+++ b/cmdline/apt-key.in
@@ -25,6 +25,9 @@ GPG_CMD="$GPG_CMD --no-auto-check-trustdb --trust-model always"
 
 GPG="$GPG_CMD"
 
+APT_DIR="/"
+eval $(apt-config shell APT_DIR Dir)
+
 MASTER_KEYRING='&keyring-master-filename;'
 eval $(apt-config shell MASTER_KEYRING APT::Key::MasterKeyring)
 ARCHIVE_KEYRING='&keyring-filename;'
@@ -33,7 +36,7 @@ REMOVED_KEYS='&keyring-removed-filename;'
 eval $(apt-config shell REMOVED_KEYS APT::Key::RemovedKeys)
 ARCHIVE_KEYRING_URI='&keyring-uri;'
 eval $(apt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI)
-TMP_KEYRING=/var/lib/apt/keyrings/maybe-import-keyring.gpg
+TMP_KEYRING=${APT_DIR}/var/lib/apt/keyrings/maybe-import-keyring.gpg
 
 requires_root() {
        if [ "$(id -u)" -ne 0 ]; then
@@ -107,7 +110,11 @@ add_keys_with_verify_against_master_keyring() {
 # (otherwise it does not make sense from a security POV)
 net_update() {
     # Disabled for now as code is insecure (LP: #1013639 (and 857472, 1013128))
-    exit 1
+    APT_KEY_NET_UPDATE_ENABLED=""
+    eval $(apt-config shell APT_KEY_NET_UPDATE_ENABLED APT::Key::Net-Update-Enabled)
+    if [ -z "$APT_KEY_NET_UPDATE_ENABLED" ]; then
+        exit 1
+    fi
 
     if [ -z "$ARCHIVE_KEYRING_URI" ]; then
        echo >&2 "ERROR: Your distribution is not supported in net-update as no uri for the archive-keyring is set"
@@ -120,15 +127,15 @@ net_update() {
        echo >&2 "ERROR: an installed wget is required for a network-based update"
        exit 1
     fi
-    if [ ! -d /var/lib/apt/keyrings ]; then
-       mkdir -p /var/lib/apt/keyrings
+    if [ ! -d ${APT_DIR}/var/lib/apt/keyrings ]; then
+       mkdir -p ${APT_DIR}/var/lib/apt/keyrings
     fi
-    keyring=/var/lib/apt/keyrings/$(basename $ARCHIVE_KEYRING)
+    keyring=${APT_DIR}/var/lib/apt/keyrings/$(basename $ARCHIVE_KEYRING)
     old_mtime=0
     if [ -e $keyring ]; then
        old_mtime=$(stat -c %Y $keyring)
     fi
-    (cd  /var/lib/apt/keyrings; wget --timeout=90 -q -N $ARCHIVE_KEYRING_URI)
+    (cd  ${APT_DIR}/var/lib/apt/keyrings; wget --timeout=90 -q -N $ARCHIVE_KEYRING_URI)
     if [ ! -e $keyring ]; then
        return
     fi
diff --git a/test/integration/test-apt-key-net-update b/test/integration/test-apt-key-net-update
index 73545af..e086940 100755 (executable)
--- a/test/integration/test-apt-key-net-update
+++ b/test/integration/test-apt-key-net-update
@@ -6,6 +6,20 @@ TESTDIR=$(readlink -f $(dirname $0))
 
 setupenvironment
 configarchitecture "i386"
+changetowebserver
+
+# setup env
+mkdir -p aptarchive/ubuntu/project var/lib/apt/keyrings
+echo 'APT::Key::ArchiveKeyringURI "http://localhost:8080/ubuntu/project/ubuntu-archive-keyring.gpg";' >> ./aptconfig.conf
+echo 'APT::Key::Net-Update-Enabled "1";' >> ./aptconfig.conf
+
+# signed thing
+echo "meep" > aptarchive/ubuntu/project/ubuntu-archive-keyring.gpg
+
+# test against the "real" webserver
+aptkey --fakeroot net-update
+
+exit 1
 
 # mock
 requires_root() {
ntk's bugfix for apt