diff options
author | David Kalnischkies <david@kalnischkies.de> | 2016-07-22 13:04:47 +0200 |
---|---|---|
committer | David Kalnischkies <david@kalnischkies.de> | 2016-07-22 16:05:09 +0200 |
commit | 01047752b34486607665db99afffa595cb2d43ce (patch) | |
tree | 512f73f84fd29a6bfaea7b98b6f591de5836f4a4 | |
parent | 503c7d594125f963b92047ad2d9d0644f39136c7 (diff) | |
download | apt-01047752b34486607665db99afffa595cb2d43ce.tar.gz |
create non-existent files in edit-sources with 644 instead of 640
If the sources file we want to edit doesn't exist yet GetLock will
create it with 640, which for a generic lockfile might be okay, but as
this is a sources file more relaxed permissions are in order – and
actually required as it wont be readable for unprivileged users causing
warnings/errors in apt calls.
Reported-By: J. Theede (musca) on IRC
-rw-r--r-- | apt-private/private-sources.cc | 16 | ||||
-rwxr-xr-x | test/integration/test-apt-edit-sources | 39 |
2 files changed, 54 insertions, 1 deletions
diff --git a/apt-private/private-sources.cc b/apt-private/private-sources.cc index 7e64d5d7f..587571760 100644 --- a/apt-private/private-sources.cc +++ b/apt-private/private-sources.cc @@ -13,6 +13,8 @@ #include <apt-private/private-sources.h> #include <apt-private/private-utils.h> +#include <sys/types.h> +#include <sys/stat.h> #include <stddef.h> #include <unistd.h> #include <iostream> @@ -46,6 +48,12 @@ bool EditSources(CommandLine &CmdL) HashString before; if (FileExists(sourceslist)) before.FromFile(sourceslist); + else + { + FileFd filefd; + if (filefd.Open(sourceslist, FileFd::Create | FileFd::WriteOnly, FileFd::None, 0644) == false) + return false; + } ScopedGetLock lock(sourceslist); if (lock.fd < 0) @@ -56,7 +64,13 @@ bool EditSources(CommandLine &CmdL) do { if (EditFileInSensibleEditor(sourceslist) == false) return false; - if (FileExists(sourceslist) && !before.VerifyFile(sourceslist)) + if (before.empty()) + { + struct stat St; + if (stat(sourceslist.c_str(), &St) == 0 && St.st_size == 0) + RemoveFile("edit-sources", sourceslist); + } + else if (FileExists(sourceslist) && !before.VerifyFile(sourceslist)) { file_changed = true; pkgCacheFile::RemoveCaches(); diff --git a/test/integration/test-apt-edit-sources b/test/integration/test-apt-edit-sources new file mode 100755 index 000000000..58742e94f --- /dev/null +++ b/test/integration/test-apt-edit-sources @@ -0,0 +1,39 @@ +#!/bin/sh +set -e + +TESTDIR="$(readlink -f "$(dirname "$0")")" +. "$TESTDIR/framework" + +setupenvironment +configarchitecture 'native' + +echo 'Dir::Bin::Editor "cat";' > rootdir/etc/apt/apt.conf.d/editor.conf + +echo 'deb http://example.org/debian stable rocks' > rootdir/etc/apt/sources.list.d/rocks.list +testsuccessequal "$(cat rootdir/etc/apt/sources.list.d/rocks.list)" apt edit-sources rocks.list + +cat >editor.sh <<EOF +#!/bin/sh +umask 077 +touch "\$@" +EOF +chmod +x ./editor.sh +echo 'Dir::Bin::Editor "./editor.sh";' > rootdir/etc/apt/apt.conf.d/editor.conf +testsuccess apt edit-sources blub.list +testfailure test -e 'rootdir/etc/apt/sources.list.d/blub.list' + +cat >editor.sh <<EOF +#!/bin/sh +umask 077 +echo '#comment' > "\$1" +EOF +testsuccess apt edit-sources blub.list +testfilestats 'rootdir/etc/apt/sources.list.d/blub.list' '%U:%G:%a' '=' "${TEST_DEFAULT_USER}:${TEST_DEFAULT_GROUP}:644" + +echo 'Dir::Bin::Editor "cat";' > rootdir/etc/apt/apt.conf.d/editor.conf +echo 'blub' > rootdir/etc/apt/sources.list.d/blub.list +testfailure apt edit-sources blub.list --assume-no + +echo 'deb http://example.org/debian stable rocks' > rootdir/etc/apt/sources.list.d/blub.list +touch -m -d 'now + 1 hour' rootdir/etc/apt/sources.list.d/blub.list +testwarning apt edit-sources blub.list --assume-no |