#!/bin/sh
set -e

TESTDIR="$(readlink -f "$(dirname "$0")")"
. "$TESTDIR/framework"

setupenvironment
configarchitecture "amd64"

insertpackage 'testing' 'foo' 'all' '1'
insertpackage 'unstable' 'foo' 'all' '1'

buildaptarchive
setupaptarchive --no-update
changetowebserver

alias inrelease_size="stat -c %s aptarchive/dists/testing/InRelease"
alias uinrelease_size="stat -c %s aptarchive/dists/unstable/InRelease"

testsuccessequal "Get:1 http://localhost:${APTHTTPPORT} testing InRelease [$(inrelease_size) B]
Get:2 http://localhost:${APTHTTPPORT} unstable InRelease [$(uinrelease_size) B]
Get:3 http://localhost:${APTHTTPPORT} testing/main all Packages [248 B]
Get:4 http://localhost:${APTHTTPPORT} testing/main Translation-en [225 B]
Get:5 http://localhost:${APTHTTPPORT} unstable/main all Packages [246 B]
Get:6 http://localhost:${APTHTTPPORT} unstable/main Translation-en [224 B]
Reading package lists..." aptget update -q

mv rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg rootdir/etc/apt/trusted.gpg

testwarningequal "Hit:1 http://localhost:${APTHTTPPORT} testing InRelease
Hit:2 http://localhost:${APTHTTPPORT} unstable InRelease
Reading package lists...
W: http://localhost:${APTHTTPPORT}/dists/testing/InRelease: Key is stored in legacy trusted.gpg keyring (${TMPWORKINGDIRECTORY}/rootdir/etc/apt/trusted.gpg). Use Signed-By instead. See the USER CONFIGURATION section in apt-secure(8) for details.
W: http://localhost:${APTHTTPPORT}/dists/unstable/InRelease: Key is stored in legacy trusted.gpg keyring (${TMPWORKINGDIRECTORY}/rootdir/etc/apt/trusted.gpg). Use Signed-By instead. See the USER CONFIGURATION section in apt-secure(8) for details." aptget update -q

# 2.4.0 regression: If the InRelease file was signed with two keys, fallback to trusted.gpg did not
# work: It ran the fallback, but then ignored the result, as keys were still missing.
original_inrelease_size=$(inrelease_size)
cp -a aptarchive/dists/unstable/InRelease aptarchive/dists/unstable/InRelease.bak
redatereleasefiles '+1 hour' 'Joe Sixpack,Marvin Paranoid'
cp -a aptarchive/dists/unstable/InRelease.bak aptarchive/dists/unstable/InRelease
testwarningequal "Get:1 http://localhost:${APTHTTPPORT} testing InRelease [$(inrelease_size) B]
Hit:2 http://localhost:${APTHTTPPORT} unstable InRelease
Reading package lists...
W: http://localhost:${APTHTTPPORT}/dists/testing/InRelease: Key is stored in legacy trusted.gpg keyring (${TMPWORKINGDIRECTORY}/rootdir/etc/apt/trusted.gpg). Use Signed-By instead. See the USER CONFIGURATION section in apt-secure(8) for details.
W: http://localhost:${APTHTTPPORT}/dists/unstable/InRelease: Key is stored in legacy trusted.gpg keyring (${TMPWORKINGDIRECTORY}/rootdir/etc/apt/trusted.gpg). Use Signed-By instead. See the USER CONFIGURATION section in apt-secure(8) for details." aptget update -q -omsg=with-two-signatures

# Now the first one is good, hooray
cp keys/marvinparanoid.pub rootdir/etc/apt/trusted.gpg.d/marvinparanoid.gpg
testwarningequal "Hit:1 http://localhost:${APTHTTPPORT} testing InRelease
Hit:2 http://localhost:${APTHTTPPORT} unstable InRelease
Reading package lists...
W: http://localhost:${APTHTTPPORT}/dists/unstable/InRelease: Key is stored in legacy trusted.gpg keyring (${TMPWORKINGDIRECTORY}/rootdir/etc/apt/trusted.gpg). Use Signed-By instead. See the USER CONFIGURATION section in apt-secure(8) for details." aptget update -q -omsg=with-two-signatures

# Now the 2nd one is good
cp keys/marvinparanoid.pub rootdir/etc/apt/trusted.gpg.d/marvinparanoid.gpg
redatereleasefiles '+2 hour' 'Joe Sixpack'
cp -a aptarchive/dists/testing/InRelease aptarchive/dists/testing/InRelease.bak
redatereleasefiles '+2 hour' 'Joe Sixpack,Marvin Paranoid'
cp -a aptarchive/dists/testing/InRelease.bak aptarchive/dists/testing/InRelease
testwarningequal "Get:1 http://localhost:${APTHTTPPORT} testing InRelease [$(inrelease_size) B]
Get:2 http://localhost:${APTHTTPPORT} unstable InRelease [$(uinrelease_size) B]
Reading package lists...
W: http://localhost:${APTHTTPPORT}/dists/testing/InRelease: Key is stored in legacy trusted.gpg keyring (${TMPWORKINGDIRECTORY}/rootdir/etc/apt/trusted.gpg). Use Signed-By instead. See the USER CONFIGURATION section in apt-secure(8) for details." aptget update -q -omsg=with-two-signatures

