Browse Source

create non-existent files in edit-sources with 644 instead of 640

If the sources file we want to edit doesn't exist yet GetLock will
create it with 640, which for a generic lockfile might be okay, but as
this is a sources file more relaxed permissions are in order – and
actually required as it wont be readable for unprivileged users causing
warnings/errors in apt calls.

Reported-By: J. Theede (musca) on IRC
tags/debian/1.3_pre3
David Kalnischkies 4 years ago
parent
commit
01047752b3
2 changed files with 54 additions and 1 deletions
  1. +15
    -1
      apt-private/private-sources.cc
  2. +39
    -0
      test/integration/test-apt-edit-sources

+ 15
- 1
apt-private/private-sources.cc View File

@@ -13,6 +13,8 @@
#include <apt-private/private-sources.h>
#include <apt-private/private-utils.h>

#include <sys/types.h>
#include <sys/stat.h>
#include <stddef.h>
#include <unistd.h>
#include <iostream>
@@ -46,6 +48,12 @@ bool EditSources(CommandLine &CmdL)
HashString before;
if (FileExists(sourceslist))
before.FromFile(sourceslist);
else
{
FileFd filefd;
if (filefd.Open(sourceslist, FileFd::Create | FileFd::WriteOnly, FileFd::None, 0644) == false)
return false;
}

ScopedGetLock lock(sourceslist);
if (lock.fd < 0)
@@ -56,7 +64,13 @@ bool EditSources(CommandLine &CmdL)
do {
if (EditFileInSensibleEditor(sourceslist) == false)
return false;
if (FileExists(sourceslist) && !before.VerifyFile(sourceslist))
if (before.empty())
{
struct stat St;
if (stat(sourceslist.c_str(), &St) == 0 && St.st_size == 0)
RemoveFile("edit-sources", sourceslist);
}
else if (FileExists(sourceslist) && !before.VerifyFile(sourceslist))
{
file_changed = true;
pkgCacheFile::RemoveCaches();


+ 39
- 0
test/integration/test-apt-edit-sources View File

@@ -0,0 +1,39 @@
#!/bin/sh
set -e

TESTDIR="$(readlink -f "$(dirname "$0")")"
. "$TESTDIR/framework"

setupenvironment
configarchitecture 'native'

echo 'Dir::Bin::Editor "cat";' > rootdir/etc/apt/apt.conf.d/editor.conf

echo 'deb http://example.org/debian stable rocks' > rootdir/etc/apt/sources.list.d/rocks.list
testsuccessequal "$(cat rootdir/etc/apt/sources.list.d/rocks.list)" apt edit-sources rocks.list

cat >editor.sh <<EOF
#!/bin/sh
umask 077
touch "\$@"
EOF
chmod +x ./editor.sh
echo 'Dir::Bin::Editor "./editor.sh";' > rootdir/etc/apt/apt.conf.d/editor.conf
testsuccess apt edit-sources blub.list
testfailure test -e 'rootdir/etc/apt/sources.list.d/blub.list'

cat >editor.sh <<EOF
#!/bin/sh
umask 077
echo '#comment' > "\$1"
EOF
testsuccess apt edit-sources blub.list
testfilestats 'rootdir/etc/apt/sources.list.d/blub.list' '%U:%G:%a' '=' "${TEST_DEFAULT_USER}:${TEST_DEFAULT_GROUP}:644"

echo 'Dir::Bin::Editor "cat";' > rootdir/etc/apt/apt.conf.d/editor.conf
echo 'blub' > rootdir/etc/apt/sources.list.d/blub.list
testfailure apt edit-sources blub.list --assume-no

echo 'deb http://example.org/debian stable rocks' > rootdir/etc/apt/sources.list.d/blub.list
touch -m -d 'now + 1 hour' rootdir/etc/apt/sources.list.d/blub.list
testwarning apt edit-sources blub.list --assume-no

Loading…
Cancel
Save