Files

154 lines
4.5 KiB
Bash
Raw Permalink Normal View History

2014-10-23 10:42:18 +02:00
#!/bin/sh
set -e
2015-12-15 17:20:26 +01:00
TESTDIR="$(readlink -f "$(dirname "$0")")"
. "$TESTDIR/framework"
2014-10-23 10:42:18 +02:00
setupenvironment
configarchitecture 'i386'
insertpackage 'unstable' 'foo' 'all' '1'
setupaptarchive --no-update
changetohttpswebserver --authorization="$(printf '%s' 'star@irc:hunter2' | base64 )"
2014-10-23 10:42:18 +02:00
echo 'See, when YOU type hunter2, it shows to us as *******' > aptarchive/bash
2017-07-07 16:24:21 +02:00
echo 'Debug::Acquire::netrc "true";' > rootdir/etc/apt/apt.conf.d/netrcdebug.conf
2014-10-23 10:42:18 +02:00
testauthfailure() {
testfailure apthelper download-file "${1}/bash" ./downloaded/bash
# crappy test, but http and https output are wastely different…
testsuccess grep 401 rootdir/tmp/testfailure.output
testfailure test -s ./downloaded/bash
2014-10-23 10:42:18 +02:00
}
testauthsuccess() {
testsuccess apthelper download-file "${1}/bash" ./downloaded/bash
testfileequal ./downloaded/bash "$(cat aptarchive/bash)"
testfilestats ./downloaded/bash '%U:%G:%a' '=' "${TEST_DEFAULT_USER}:${TEST_DEFAULT_GROUP}:644"
2014-10-23 10:42:18 +02:00
rm -f ./downloaded/bash
# lets see if got/retains acceptable permissions
if [ -n "$AUTHCONF" ]; then
if [ "$(id -u)" = '0' ]; then
testfilestats "$AUTHCONF" '%U:%G:%a' '=' "_apt:$(id -gn):600"
2014-10-23 10:42:18 +02:00
else
testfilestats "$AUTHCONF" '%U:%G:%a' '=' "${TEST_DEFAULT_USER}:${TEST_DEFAULT_GROUP}:600"
2014-10-23 10:42:18 +02:00
fi
fi
rm -rf rootdir/var/lib/apt/lists
if expr index "$1" '@' >/dev/null; then
testsuccesswithnotice aptget update
else
testsuccess aptget update
fi
2015-03-10 00:59:44 +01:00
testsuccessequal 'Reading package lists...
2014-10-23 10:42:18 +02:00
Building dependency tree...
The following NEW packages will be installed:
foo
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Inst foo (1 unstable [all])
Conf foo (1 unstable [all])' aptget install foo -s
}
authfile() {
local AUTHCONF="${2:-rootdir/etc/apt/auth.conf}"
mkdir -p "$(dirname "$AUTHCONF")"
2014-10-23 10:42:18 +02:00
rm -f "$AUTHCONF"
printf '%s' "$1" > "$AUTHCONF"
chmod 600 "$AUTHCONF"
}
runtest() {
# unauthorized fails
authfile ''
testauthfailure "$1"
protocol="${1%%://*}"
2014-10-23 10:42:18 +02:00
# good auth
authfile "machine ${protocol}://localhost
login star@irc
password hunter2"
2014-10-23 10:42:18 +02:00
testauthsuccess "$1"
# bad auth
authfile "machine ${protocol}://localhost
2014-10-23 10:42:18 +02:00
login anonymous
password hunter2"
2014-10-23 10:42:18 +02:00
testauthfailure "$1"
# 2 stanzas: unmatching + good auth
authfile "machine ${protocol}://debian.org
2014-10-23 10:42:18 +02:00
login debian
password jessie
machine ${protocol}://localhost
login star@irc
password hunter2"
2014-10-23 10:42:18 +02:00
testauthsuccess "$1"
# no protocol specifier
authfile "machine localhost
login star@irc
password hunter2"
if [ "$protocol" = "https" ]; then
testauthsuccess "$1"
else
testfailure apthelper download-file "${1}/bash" ./downloaded/bash
testsuccessequal "W: ${1}/bash: ${TMPWORKINGDIRECTORY}/rootdir/etc/apt/auth.conf: Credentials for localhost match, but the protocol is not encrypted. Annotate with http:// to use." grep "Credentials.*match" rootdir/tmp/testfailure.output
testauthfailure "$1"
fi
# wrong protocol specifier
if [ "$protocol" = "https" ]; then
authfile "machine http://localhost
login star@irc
password hunter2"
else
authfile "machine https://localhost
login star@irc
password hunter2"
fi
testauthfailure "$1"
# delete file, make sure it fails; add auth.conf.d snippet, works again.
rm rootdir/etc/apt/auth.conf
testauthfailure "$1"
authfile "machine ${protocol}://localhost
login star@irc
password hunter2" rootdir/etc/apt/auth.conf.d/myauth.conf
testauthsuccess "$1"
rm rootdir/etc/apt/auth.conf.d/myauth.conf
2014-10-23 10:42:18 +02:00
}
msgmsg 'server basic auth'
rewritesourceslist "http://localhost:${APTHTTPPORT}"
runtest "http://localhost:${APTHTTPPORT}"
rewritesourceslist "http://star%40irc:hunter2@localhost:${APTHTTPPORT}"
authfile ''
testauthsuccess "http://star%40irc:hunter2@localhost:${APTHTTPPORT}"
rewritesourceslist "https://localhost:${APTHTTPSPORT}"
runtest "https://localhost:${APTHTTPSPORT}"
rewritesourceslist "http://localhost:${APTHTTPPORT}"
2014-10-23 10:42:18 +02:00
msgmsg 'proxy to server basic auth'
webserverconfig 'aptwebserver::request::absolute' 'uri'
2017-07-07 21:59:01 +02:00
# using ip instead of localhost avoids picking up the auth for the repo
# for the proxy as well as we serve them both over the same server…
export http_proxy="http://127.0.0.1:${APTHTTPPORT}"
runtest "http://localhost:${APTHTTPPORT}"
2014-10-23 10:42:18 +02:00
unset http_proxy
msgmsg 'proxy basic auth to server basic auth'
webserverconfig 'aptwebserver::proxy-authorization' "$(printf 'moon:deer2' | base64)"
export http_proxy="http://moon:deer2@localhost:${APTHTTPPORT}"
runtest "http://localhost:${APTHTTPPORT}"
2014-10-23 10:42:18 +02:00
msgmsg 'proxy basic auth to server'
authfile ''
webserverconfig 'aptwebserver::authorization' ''
testauthsuccess "http://localhost:${APTHTTPPORT}"