Home Explore Help
Sign In
NitoTV
/
apt
Watch 2
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

create non-existent files in edit-sources with 644 instead of 640

If the sources file we want to edit doesn't exist yet GetLock will
create it with 640, which for a generic lockfile might be okay, but as
this is a sources file more relaxed permissions are in order – and
actually required as it wont be readable for unprivileged users causing
warnings/errors in apt calls.

Reported-By: J. Theede (musca) on IRC
David Kalnischkies 7 years ago
parent
503c7d5941
commit
01047752b3
2 changed files with 54 additions and 1 deletions
Split View Show Diff Stats
  1. 15 1
      apt-private/private-sources.cc
  2. 39 0
      test/integration/test-apt-edit-sources

+ 15 - 1
apt-private/private-sources.cc
View File 

@@ -13,6 +13,8 @@
 
 #include <apt-private/private-sources.h>
 
 #include <apt-private/private-utils.h>
 
 
+#include <sys/types.h>
 
+#include <sys/stat.h>
 
 #include <stddef.h>
 
 #include <unistd.h>
 
 #include <iostream>
 
@@ -46,6 +48,12 @@ bool EditSources(CommandLine &CmdL)
 
    HashString before;
 
    if (FileExists(sourceslist))
 
        before.FromFile(sourceslist);
 
+   else
 
+   {
 
+      FileFd filefd;
 
+      if (filefd.Open(sourceslist, FileFd::Create | FileFd::WriteOnly, FileFd::None, 0644) == false)
 
+	 return false;
 
+   }
 
 
    ScopedGetLock lock(sourceslist);
 
    if (lock.fd < 0)
 
@@ -56,7 +64,13 @@ bool EditSources(CommandLine &CmdL)
 
    do {
 
       if (EditFileInSensibleEditor(sourceslist) == false)
 
 	 return false;
 
-      if (FileExists(sourceslist) && !before.VerifyFile(sourceslist))
 
+      if (before.empty())
 
+      {
 
+	 struct stat St;
 
+	 if (stat(sourceslist.c_str(), &St) == 0 && St.st_size == 0)
 
+	       RemoveFile("edit-sources", sourceslist);
 
+      }
 
+      else if (FileExists(sourceslist) && !before.VerifyFile(sourceslist))
 
       {
 
 	 file_changed = true;
 
 	 pkgCacheFile::RemoveCaches();

+ 39 - 0
test/integration/test-apt-edit-sources
View File 

@@ -0,0 +1,39 @@
 
+#!/bin/sh
 
+set -e
 
+
 
+TESTDIR="$(readlink -f "$(dirname "$0")")"
 
+. "$TESTDIR/framework"
 
+
 
+setupenvironment
 
+configarchitecture 'native'
 
+
 
+echo 'Dir::Bin::Editor "cat";' > rootdir/etc/apt/apt.conf.d/editor.conf
 
+
 
+echo 'deb http://example.org/debian stable rocks' > rootdir/etc/apt/sources.list.d/rocks.list
 
+testsuccessequal "$(cat rootdir/etc/apt/sources.list.d/rocks.list)" apt edit-sources rocks.list
 
+
 
+cat >editor.sh <<EOF
 
+#!/bin/sh
 
+umask 077
 
+touch "\$@"
 
+EOF
 
+chmod +x ./editor.sh
 
+echo 'Dir::Bin::Editor "./editor.sh";' > rootdir/etc/apt/apt.conf.d/editor.conf
 
+testsuccess apt edit-sources blub.list
 
+testfailure test -e 'rootdir/etc/apt/sources.list.d/blub.list'
 
+
 
+cat >editor.sh <<EOF
 
+#!/bin/sh
 
+umask 077
 
+echo '#comment' > "\$1"
 
+EOF
 
+testsuccess apt edit-sources blub.list
 
+testfilestats 'rootdir/etc/apt/sources.list.d/blub.list' '%U:%G:%a' '=' "${TEST_DEFAULT_USER}:${TEST_DEFAULT_GROUP}:644"
 
+
 
+echo 'Dir::Bin::Editor "cat";' > rootdir/etc/apt/apt.conf.d/editor.conf
 
+echo 'blub' > rootdir/etc/apt/sources.list.d/blub.list
 
+testfailure apt edit-sources blub.list --assume-no
 
+
 
+echo 'deb http://example.org/debian stable rocks' > rootdir/etc/apt/sources.list.d/blub.list
 
+touch -m -d 'now + 1 hour' rootdir/etc/apt/sources.list.d/blub.list
 
+testwarning apt edit-sources blub.list --assume-no