This repository has been archived by the owner on Dec 12, 2022. It is now read-only.
mirrored from https://salsa.debian.org/apt-team/apt.git
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
keep Release.gpg on untrusted to trusted IMS-Hit
A user relying on the deprecated behaviour of apt-get to accept a source with an unknown pubkey to install a package containing the key expects that the following 'apt-get update' causes the source to be considered as trusted, but in case the source hadn't changed in the meantime this wasn't happening: The source kept being untrusted until the Release file was changed. This only effects sources not using InRelease and only apt-get, the apt binary downright refuses this course of actions, but it is a common way of adding external sources. Closes: 838779 (cherry picked from commit 84eec20) LP: #1657440 (cherry picked from commit 5605c98)
- Loading branch information
1 parent
9bacab3
commit 2a6d2e9
Showing
2 changed files
with
55 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
46 changes: 46 additions & 0 deletions
46
test/integration/test-bug-838779-untrusted-to-trusted-Release-hit
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
#!/bin/sh | ||
set -e | ||
|
||
TESTDIR="$(readlink -f "$(dirname "$0")")" | ||
. "$TESTDIR/framework" | ||
setupenvironment | ||
configarchitecture 'amd64' | ||
|
||
buildsimplenativepackage 'foo' 'all' '1' 'stable' | ||
|
||
export APT_DONT_SIGN='' | ||
setupaptarchive --no-update | ||
|
||
changetowebserver | ||
|
||
testsuccess aptget update | ||
testdpkgnotinstalled 'foo' | ||
testsuccess apt install foo -y | ||
testdpkginstalled 'foo' | ||
testsuccess apt purge foo -y | ||
testdpkgnotinstalled 'foo' | ||
|
||
msgmsg 'Untrusted to trusted hit' 'InRelease' | ||
rm -rf rootdir/var/lib/apt/lists rootdir/var/cache/apt/archives | ||
mv rootdir/etc/apt/trusted.gpg.d rootdir/etc/apt/trusted.gpg.d-bak | ||
testwarning aptget update | ||
testfailure apt install foo -y | ||
testdpkgnotinstalled 'foo' | ||
mv rootdir/etc/apt/trusted.gpg.d-bak rootdir/etc/apt/trusted.gpg.d | ||
testsuccess aptget update | ||
testsuccess apt install foo -y | ||
testdpkginstalled 'foo' | ||
testsuccess apt purge foo -y | ||
testdpkgnotinstalled 'foo' | ||
|
||
msgmsg 'Untrusted to trusted hit' 'Release.gpg' | ||
find aptarchive -name 'InRelease' -delete | ||
rm -rf rootdir/var/lib/apt/lists rootdir/var/cache/apt/archives | ||
mv rootdir/etc/apt/trusted.gpg.d rootdir/etc/apt/trusted.gpg.d-bak | ||
testwarning aptget update | ||
testfailure apt install foo -y | ||
testdpkgnotinstalled 'foo' | ||
mv rootdir/etc/apt/trusted.gpg.d-bak rootdir/etc/apt/trusted.gpg.d | ||
testsuccess aptget update | ||
testsuccess apt install foo -y | ||
testdpkginstalled 'foo' |