summaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
authorDavid Kalnischkies <david@kalnischkies.de>2015-11-18 19:31:40 +0100
committerDavid Kalnischkies <david@kalnischkies.de>2015-11-19 16:46:29 +0100
commit514a25cbcd2babb2a9c4485fc7b9a4256b7f6ff3 (patch)
treed0e2e2a3d5697e958cd120d87e1cd04219df946a /test
parent671a55ba455dcf4e5ce6d86b202761666f54d5c6 (diff)
downloadapt-514a25cbcd2babb2a9c4485fc7b9a4256b7f6ff3.tar.gz
do not use _apt for file/copy sources if it isn't world-accessible
In 0940230d we started dropping privileges for file (and a bit later for copy, too) with the intend of uniforming this for all methods. The commit message says that the source will likely fail based on the compressors already – and there isn't much secret in the repository content. After all, after apt has run the update everyone can access the content via apt anyway… There are sources through which worked before which are mostly single-deb (and those with the uncompressed files available). The first one being especially surprising for users maybe, so instead of failing, we make it so that apt detects that it can't access a source as _apt and if so doesn't drop (for all sources!) privileges – but we limit this to file/copy, so the uncompress which might be needed will still fail – but that failed before this regression. We display a notice about this, mostly so that if it still fails (e.g. compressed) the user has some idea what is wrong. Closes: 805069
Diffstat (limited to 'test')
-rwxr-xr-xtest/integration/test-apt-get-download10
-rwxr-xr-xtest/integration/test-apt-get-install-deb11
-rwxr-xr-xtest/integration/test-apt-update-file17
-rw-r--r--test/libapt/configuration_test.cc6
4 files changed, 35 insertions, 9 deletions
diff --git a/test/integration/test-apt-get-download b/test/integration/test-apt-get-download
index 5c42c7e3c..3ad3b395d 100755
--- a/test/integration/test-apt-get-download
+++ b/test/integration/test-apt-get-download
@@ -30,14 +30,8 @@ find aptarchive/dists -name '*Release*' -type f | while read file; do
testaccessrights "$file" '640'
done
if [ "$(id -u)" = '0' ]; then
- # permission errors an everything
- testfailure aptget update
-
- find aptarchive/dists -name '*Packages*' -type f | while read file; do
- chmod 777 "$file"
- done
- # permission errors on Release
- testwarning aptget update
+ # Release file can't be accessed by _apt
+ testsuccesswithnotice aptget update -q=0
fi
#everything (too) permissive
diff --git a/test/integration/test-apt-get-install-deb b/test/integration/test-apt-get-install-deb
index c41713a92..3f1aee5a0 100755
--- a/test/integration/test-apt-get-install-deb
+++ b/test/integration/test-apt-get-install-deb
@@ -103,3 +103,14 @@ createpkg 'trailing-newline' '' '
testsuccess aptget install ./incoming/pkg-as-it-should-be_0_all.deb
testsuccess aptget install ./incoming/pkg-leading-newline_0_all.deb
testsuccess aptget install ./incoming/pkg-trailing-newline_0_all.deb
+
+# see if permission dropping is checked before usage
+if [ "$(id -u)" = '0' ]; then
+ apt clean
+ chmod 711 ./incoming
+ testsuccess aptget install -y --allow-downgrades ./incoming/pkg-as-it-should-be_0_all.deb -q=0
+ chmod 710 ./incoming
+ testsuccesswithnotice aptget install -y --allow-downgrades ./incoming/pkg-as-it-should-be_0_all.deb -q=0
+ chmod 700 ./incoming
+ testsuccesswithnotice aptget install -y --allow-downgrades ./incoming/pkg-as-it-should-be_0_all.deb -q=0
+fi
diff --git a/test/integration/test-apt-update-file b/test/integration/test-apt-update-file
index 04e26a8f4..78a8ca405 100755
--- a/test/integration/test-apt-update-file
+++ b/test/integration/test-apt-update-file
@@ -14,6 +14,7 @@ configcompression 'bz2' 'gz'
confighashes 'SHA512'
insertpackage 'unstable' 'foo' 'all' '1'
+insertpackage 'unstable' 'bar' 'amd64' '1'
insertsource 'unstable' 'foo' 'all' '1'
setupaptarchive --no-update
@@ -21,8 +22,22 @@ setupaptarchive --no-update
# ensure the archive is not writable
addtrap 'prefix' 'chmod 755 aptarchive/dists/unstable/main/binary-all;'
if [ "$(id -u)" = '0' ]; then
- chmod 550 aptarchive/dists/unstable/main/binary-all
+ # too deep to notice it, but it also unlikely that files in the same repo have different permissions
+ chmod 500 aptarchive/dists/unstable/main/binary-all
testfailure aptget update
+ rm -rf rootdir/var/lib/apt/lists
+ chmod 755 aptarchive/dists/unstable/main/binary-all
+ testsuccess aptget update
+ rm -rf rootdir/var/lib/apt/lists
+ chmod 511 aptarchive/dists/
+ testsuccess aptget update
+ rm -rf rootdir/var/lib/apt/lists
+ chmod 510 aptarchive/dists/
+ testsuccesswithnotice aptget update -q=0
+ rm -rf rootdir/var/lib/apt/lists
+ chmod 500 aptarchive/dists/
+ testsuccesswithnotice aptget update -q=0
+ exit
fi
chmod 555 aptarchive/dists/unstable/main/binary-all
testsuccess aptget update
diff --git a/test/libapt/configuration_test.cc b/test/libapt/configuration_test.cc
index 6300b5256..9fb580a01 100644
--- a/test/libapt/configuration_test.cc
+++ b/test/libapt/configuration_test.cc
@@ -148,6 +148,7 @@ TEST(ConfigurationTest,Merge)
{
Configuration Cnf;
Cnf.Set("Binary::apt::option::foo", "bar");
+ Cnf.Set("Binary::apt::option::empty", "");
Cnf.Set("option::foo", "foo");
Cnf.MoveSubTree("Binary::apt", "Binary::apt2");
@@ -156,8 +157,13 @@ TEST(ConfigurationTest,Merge)
EXPECT_EQ("foo", Cnf.Find("option::foo"));
EXPECT_EQ("bar", Cnf.Find("Binary::apt2::option::foo"));
+ EXPECT_FALSE(Cnf.Exists("option::empty"));
+ EXPECT_TRUE(Cnf.Exists("Binary::apt2::option::empty"));
+ Cnf.Set("option::empty", "not");
+
Cnf.MoveSubTree("Binary::apt2", NULL);
EXPECT_FALSE(Cnf.Exists("Binary::apt2::option"));
EXPECT_TRUE(Cnf.Exists("option"));
EXPECT_EQ("bar", Cnf.Find("option::foo"));
+ EXPECT_EQ("", Cnf.Find("option::empty"));
}