drop privileges in copy:// method as we do for file://

Continueing on the track of dropping privileges in all methods, lets drop it in copy, too, as the reasoning for it is very similar to file and the interaction between the too quiet interesting as copy kinda surfed as a fallback for file not being able to read the file. Both now show a better error message as well as it was previously claiming to have a hashsum mismatch, given that it couldn't read the file. Git-Dch: Ignore
author: David Kalnischkies <david@kalnischkies.de> 2015-11-04 13:19:14 +0100
committer: David Kalnischkies <david@kalnischkies.de> 2015-11-05 12:21:33 +0100
commit: 30c8107e9c56d7d78dcf9136f94aeed9d631dfb3 (patch)
tree: c8d9a601ab50de8d8cd059c2f84e94fedf4f8213
parent: 23d35ec15a849ee755f51a99939b0131e8faefa5 (diff)
8 files changed, 114 insertions, 86 deletions
diff --git a/apt-private/private-download.cc b/apt-private/private-download.cc
index dcb604f2a..40312d0c8 100644
--- a/apt-private/private-download.cc
+++ b/apt-private/private-download.cc
@@ -27,6 +27,7 @@
 #include <fcntl.h>
 #include <sys/vfs.h>
 #include <sys/statvfs.h>
+#include <sys/stat.h>
 #include <errno.h>
 
 #include <apti18n.h>
@@ -224,6 +225,7 @@ bool DoDownload(CommandLine &CmdL)
 	 std::ifstream src((*I)->DestFile.c_str(), std::ios::binary);
 	 std::ofstream dst(filename.c_str(), std::ios::binary);
 	 dst << src.rdbuf();
+	 chmod(filename.c_str(), 0644);
       }
    }
    return Failed == false;
diff --git a/methods/aptmethod.h b/methods/aptmethod.h
new file mode 100644
index 000000000..61d7b78f1
--- /dev/null
+++ b/methods/aptmethod.h
@@ -0,0 +1,37 @@
+#ifndef APT_APTMETHOD_H
+#define APT_APTMETHOD_H
+
+#include <apt-pkg/acquire-method.h>
+
+#include <string>
+
+class aptMethod : public pkgAcqMethod
+{
+   char const * const Binary;
+   public:
+   virtual bool Configuration(std::string Message) APT_OVERRIDE;
+
+   bool CalculateHashes(FetchItem const * const Itm, FetchResult &Res) const;
+
+   aptMethod(char const * const Binary, char const * const Ver, unsigned long const Flags) : pkgAcqMethod(Ver, Flags), Binary(Binary) {};
+};
+bool aptMethod::Configuration(std::string Message)
+{
+   if (pkgAcqMethod::Configuration(Message) == false)
+      return false;
+
+   DropPrivsOrDie();
+
+   return true;
+}
+bool aptMethod::CalculateHashes(FetchItem const * const Itm, FetchResult &Res) const
+{
+   Hashes Hash(Itm->ExpectedHashes);
+   FileFd Fd;
+   if (Fd.Open(Res.Filename, FileFd::ReadOnly) == false || Hash.AddFD(Fd) == false)
+      return false;
+   Res.TakeHashes(Hash);
+   return true;
+}
+
+#endif
diff --git a/methods/copy.cc b/methods/copy.cc
index 373ad3604..e515b2def 100644
--- a/methods/copy.cc
+++ b/methods/copy.cc
@@ -17,6 +17,7 @@
 #include <apt-pkg/error.h>
 #include <apt-pkg/hashes.h>
 #include <apt-pkg/configuration.h>
+#include "aptmethod.h"
 
 #include <string>
 #include <sys/stat.h>
@@ -25,23 +26,14 @@
 #include <apti18n.h>
 									/*}}}*/
 
-class CopyMethod : public pkgAcqMethod
+class CopyMethod : public aptMethod
 {
    virtual bool Fetch(FetchItem *Itm) APT_OVERRIDE;
-   void CalculateHashes(FetchItem const * const Itm, FetchResult &Res);
-   
+
    public:
-   
-   CopyMethod() : pkgAcqMethod("1.0",SingleInstance | SendConfig) {};
-};
 
-void CopyMethod::CalculateHashes(FetchItem const * const Itm, FetchResult &Res)
-{
-   Hashes Hash(Itm->ExpectedHashes);
-   FileFd Fd(Res.Filename, FileFd::ReadOnly);
-   Hash.AddFD(Fd);
-   Res.TakeHashes(Hash);
-}
+   CopyMethod() : aptMethod("copy", "1.0",SingleInstance | SendConfig) {};
+};
 
 // CopyMethod::Fetch - Fetch a file					/*{{{*/
 // ---------------------------------------------------------------------
@@ -76,12 +68,7 @@ bool CopyMethod::Fetch(FetchItem *Itm)
    FileFd From(File,FileFd::ReadOnly);
    FileFd To(Itm->DestFile,FileFd::WriteAtomic);
    To.EraseOnFailure();
-   if (_error->PendingError() == true)
-   {
-      To.OpFail();
-      return false;
-   }
-   
+
    // Copy the file
    if (CopyFile(From,To) == false)
    {
@@ -101,7 +88,6 @@ bool CopyMethod::Fetch(FetchItem *Itm)
       return _error->Errno("utimes",_("Failed to set modification time"));
 
    CalculateHashes(Itm, Res);
-
    URIDone(Res);
    return true;
 }
diff --git a/methods/file.cc b/methods/file.cc
index 8a087c36d..4e3410078 100644
--- a/methods/file.cc
+++ b/methods/file.cc
@@ -21,6 +21,7 @@
 #include <apt-pkg/hashes.h>
 #include <apt-pkg/fileutl.h>
 #include <apt-pkg/strutl.h>
+#include "aptmethod.h"
 
 #include <string>
 #include <sys/stat.h>
@@ -28,24 +29,13 @@
 #include <apti18n.h>
 									/*}}}*/
 
-class FileMethod : public pkgAcqMethod
+class FileMethod : public aptMethod
 {
    virtual bool Fetch(FetchItem *Itm) APT_OVERRIDE;
-   virtual bool Configuration(std::string Message) APT_OVERRIDE;
 
    public:
-
-   FileMethod() : pkgAcqMethod("1.0",SingleInstance | SendConfig | LocalOnly) {};
+   FileMethod() : aptMethod("file", "1.0", SingleInstance | SendConfig | LocalOnly) {};
 };
-bool FileMethod::Configuration(std::string Message)
-{
-   if (pkgAcqMethod::Configuration(Message) == false)
-      return false;
-
-   DropPrivsOrDie();
-
-   return true;
-}
 
 // FileMethod::Fetch - Fetch a file					/*{{{*/
 // ---------------------------------------------------------------------
@@ -78,6 +68,7 @@ bool FileMethod::Fetch(FetchItem *Itm)
    if (Res.IMSHit != true)
       RemoveFile("file", Itm->DestFile);
 
+   int olderrno = 0;
    // See if the file exists
    if (stat(File.c_str(),&Buf) == 0)
    {
@@ -92,11 +83,10 @@ bool FileMethod::Fetch(FetchItem *Itm)
 	    Res.IMSHit = true;
       }
 
-      Hashes Hash(Itm->ExpectedHashes);
-      FileFd Fd(File, FileFd::ReadOnly);
-      Hash.AddFD(Fd);
-      Res.TakeHashes(Hash);
+      CalculateHashes(Itm, Res);
    }
+   else
+      olderrno = errno;
    if (Res.IMSHit == false)
       URIStart(Res);
 
@@ -128,7 +118,10 @@ bool FileMethod::Fetch(FetchItem *Itm)
    else if (Res.Filename.empty() == false)
       URIDone(Res);
    else
-      return _error->Error(_("File not found"));
+   {
+      errno = olderrno;
+      return _error->Errno(File.c_str(), _("File not found"));
+   }
 
    return true;
 }
diff --git a/test/integration/test-apt-get-download b/test/integration/test-apt-get-download
index 25c8b7761..5c42c7e3c 100755
--- a/test/integration/test-apt-get-download
+++ b/test/integration/test-apt-get-download
@@ -12,10 +12,9 @@ buildsimplenativepackage 'apt' 'all' '1.0' 'stable'
 buildsimplenativepackage 'apt' 'all' '2.0' 'unstable'
 insertinstalledpackage 'vrms' 'all' '1.0'
 
-OLD_UMASK="$(umask)"
+addtrap 'prefix' "umask $(umask);"
 umask 0027
 setupaptarchive --no-update
-umask "$OLD_UMASK"
 
 # directories should be readable by everyone
 find aptarchive/dists -type d | while read dir; do
@@ -30,18 +29,34 @@ done
 find aptarchive/dists -name '*Release*' -type f | while read file; do
 	testaccessrights "$file" '640'
 done
-
+if [ "$(id -u)" = '0' ]; then
+	# permission errors an everything
+	testfailure aptget update
+
+	find aptarchive/dists -name '*Packages*' -type f | while read file; do
+		chmod 777 "$file"
+	done
+	# permission errors on Release
+	testwarning aptget update
+fi
+
+#everything (too) permissive
+find aptarchive/ -type f | while read file; do
+	chmod 777 "$file"
+done
+find incoming/ -type f | while read file; do
+	chmod 777 "$file"
+done
 testsuccess aptget update
 
 testdownload() {
-	local APT="$2"
-	if [ -n "$3" ]; then
-		APT="${APT}/${3}"
-	fi
-	msgtest "Test download of package file $1 with" "$APT"
-	testsuccess --nomsg aptget download ${APT} -o Debug::pkgAcquire::Worker=1 -o Debug::pkgAcquire::Auth=1
-	testsuccess test -f "$1"
-	rm -f "$1"
+	local DEB="$1"
+	shift
+	msgtest "Test download of package file $DEB with" "$@"
+	testsuccess --nomsg aptget download "$@" -o Debug::pkgAcquire::Worker=1 -o Debug::pkgAcquire::Auth=1
+	testsuccess test -f "$DEB"
+	testaccessrights "$DEB" '644'
+	rm -f "$DEB"
 }
 
 # normal case as "root"
@@ -60,7 +75,7 @@ OLDPWD="$(pwd)"
 cd downloaded
 
 # normal case(es)
-testdownload apt_1.0_all.deb apt stable
+testdownload apt_1.0_all.deb apt/stable
 testdownload apt_2.0_all.deb apt
 
 DEBFILE="$(readlink -f ../aptarchive)/pool/apt_2.0_all.deb"
@@ -72,30 +87,33 @@ testequal "E: Can't find a source to download version '1.0' of 'vrms:i386'" aptg
 
 # deb:736962
 testsuccess aptget download apt
+testsuccess test -s apt_2.0_all.deb
+testaccessrights 'apt_2.0_all.deb' '644'
 testsuccess aptget download apt
 testsuccess test -s apt_2.0_all.deb
+testaccessrights 'apt_2.0_all.deb' '644'
 
 rm -f apt_1.0_all.deb apt_2.0_all.deb
 
 # deb:738103
-testsuccess aptget download apt apt apt/unstable apt=2.0
-testsuccess test -s apt_2.0_all.deb
+testdownload apt_2.0_all.deb apt apt apt/unstable apt=2.0
 
+# FIXME: pick up already downloaded deb files for real
 # restore "root" rights
-cd "$OLDPWD"
-chmod -f -R +w "$PWD/rootdir/var/cache/apt/archives"
-rm -rf rootdir/var/cache/apt/archives/
+#cd "$OLDPWD"
+#chmod -f -R +w "$PWD/rootdir/var/cache/apt/archives"
+#rm -rf rootdir/var/cache/apt/archives/
 
 # file: debs aren't copied to archives, so change to http which obviously are
-changetowebserver
-testsuccess aptget update
+#changetowebserver
+#testsuccess aptget update
 
 # test with already stored deb
-testsuccess aptget install -d apt
-testsuccess test -s rootdir/var/cache/apt/archives/apt_2.0_all.deb
-testaccessrights 'aptarchive/pool/apt_2.0_all.deb' '644'
-mv aptarchive/pool/apt_2.0_all.deb aptarchive/pool/apt_2.0_all.deb.gone
-cd downloaded
-testdownload apt_2.0_all.deb apt
-cd "$OLDPWD"
-mv aptarchive/pool/apt_2.0_all.deb.gone aptarchive/pool/apt_2.0_all.deb
+#testsuccess aptget install -d apt
+#testsuccess test -s rootdir/var/cache/apt/archives/apt_2.0_all.deb
+#testaccessrights 'rootdir/var/cache/apt/archives/apt_2.0_all.deb' '644'
+#mv aptarchive/pool/apt_2.0_all.deb aptarchive/pool/apt_2.0_all.deb.gone
+#cd downloaded
+#testdownload apt_2.0_all.deb apt
+#cd "$OLDPWD"
+#mv aptarchive/pool/apt_2.0_all.deb.gone aptarchive/pool/apt_2.0_all.deb
diff --git a/test/integration/test-apt-get-update-unauth-warning b/test/integration/test-apt-get-update-unauth-warning
index 435828292..b247c1ba9 100755
--- a/test/integration/test-apt-get-update-unauth-warning
+++ b/test/integration/test-apt-get-update-unauth-warning
@@ -19,13 +19,14 @@ setupaptarchive --no-update
 APTARCHIVE="$(readlink -f ./aptarchive)"
 find "$APTARCHIVE/dists/unstable" -name '*Release*' -delete
 
+echo 'Acquire::Progress::Ignore::ShowErrorText "false";' > rootdir/etc/apt/apt.conf.d/99show-no-ignore-errors.conf
+
 # update without authenticated files leads to warning
 testfailureequal "Get:1 file:$APTARCHIVE unstable InRelease
 Ign:1 file:$APTARCHIVE unstable InRelease
-  File not found
 Get:2 file:$APTARCHIVE unstable Release
 Err:2 file:$APTARCHIVE unstable Release
-  File not found
+  File not found - ${APTARCHIVE}/dists/unstable/Release (2: No such file or directory)
 Reading package lists...
 E: The repository 'file:$APTARCHIVE unstable Release' does not have a Release file.
 N: Updating such a repository securily is impossible and therefore disabled by default.
@@ -46,46 +47,32 @@ filesize() {
 #exit
 testwarningequal "Get:1 file:$APTARCHIVE unstable InRelease
 Ign:1 file:$APTARCHIVE unstable InRelease
-  File not found
 Get:2 file:$APTARCHIVE unstable Release
 Ign:2 file:$APTARCHIVE unstable Release
-  File not found
 Get:3 file:$APTARCHIVE unstable/main Sources
 Ign:3 file:$APTARCHIVE unstable/main Sources
-  File not found
 Get:4 file:$APTARCHIVE unstable/main i386 Packages
 Ign:4 file:$APTARCHIVE unstable/main i386 Packages
-  File not found
 Get:5 file:$APTARCHIVE unstable/main all Packages
 Ign:5 file:$APTARCHIVE unstable/main all Packages
-  File not found
 Get:6 file:$APTARCHIVE unstable/main Translation-en
 Ign:6 file:$APTARCHIVE unstable/main Translation-en
-  File not found
 Get:3 file:$APTARCHIVE unstable/main Sources
 Ign:3 file:$APTARCHIVE unstable/main Sources
-  File not found
 Get:4 file:$APTARCHIVE unstable/main i386 Packages
 Ign:4 file:$APTARCHIVE unstable/main i386 Packages
-  File not found
 Get:5 file:$APTARCHIVE unstable/main all Packages
 Ign:5 file:$APTARCHIVE unstable/main all Packages
-  File not found
 Get:6 file:$APTARCHIVE unstable/main Translation-en
 Ign:6 file:$APTARCHIVE unstable/main Translation-en
-  File not found
 Get:3 file:$APTARCHIVE unstable/main Sources
 Ign:3 file:$APTARCHIVE unstable/main Sources
-  File not found
 Get:4 file:$APTARCHIVE unstable/main i386 Packages
 Ign:4 file:$APTARCHIVE unstable/main i386 Packages
-  File not found
 Get:5 file:$APTARCHIVE unstable/main all Packages
 Ign:5 file:$APTARCHIVE unstable/main all Packages
-  File not found
 Get:6 file:$APTARCHIVE unstable/main Translation-en
 Ign:6 file:$APTARCHIVE unstable/main Translation-en
-  File not found
 Get:3 file:$APTARCHIVE unstable/main Sources [$(filesize 'Sources') B]
 Get:4 file:$APTARCHIVE unstable/main i386 Packages [$(filesize 'Packages' 'Architecture: i386') B]
 Get:5 file:$APTARCHIVE unstable/main all Packages [$(filesize 'Packages' 'Architecture: all') B]
diff --git a/test/integration/test-apt-update-failure-propagation b/test/integration/test-apt-update-failure-propagation
index eda9cff99..f144e9968 100755
--- a/test/integration/test-apt-update-failure-propagation
+++ b/test/integration/test-apt-update-failure-propagation
@@ -87,6 +87,8 @@ for FILE in rootdir/etc/apt/sources.list.d/*-stable-* ; do
 	# lets see how many testservers run also Doom
 	sed -i -e "s#:${APTHTTPSPORT}/#:666/#" "$FILE"
 done
-testwarningmsg "W: Failed to fetch https://localhost:666/dists/stable/InRelease  Failed to connect to localhost port 666: Connection refused
-W: Some index files failed to download. They have been ignored, or old ones used instead." aptget update
+testwarning aptget update
+testequalor2 "W: Failed to fetch https://localhost:666/dists/stable/InRelease  Failed to connect to localhost port 666: Connection refused
+W: Some index files failed to download. They have been ignored, or old ones used instead." "W: Failed to fetch https://localhost:666/dists/stable/InRelease  couldn't connect to host
+W: Some index files failed to download. They have been ignored, or old ones used instead." tail -n 2 rootdir/tmp/testwarning.output
 posttest
diff --git a/test/integration/test-apt-update-file b/test/integration/test-apt-update-file
index c6e07f8b6..04e26a8f4 100755
--- a/test/integration/test-apt-update-file
+++ b/test/integration/test-apt-update-file
@@ -19,9 +19,12 @@ insertsource 'unstable' 'foo' 'all' '1'
 setupaptarchive --no-update
 
 # ensure the archive is not writable
-addtrap 'prefix' 'chmod 750 aptarchive/dists/unstable/main/binary-all;'
-chmod 550 aptarchive/dists/unstable/main/binary-all
-
+addtrap 'prefix' 'chmod 755 aptarchive/dists/unstable/main/binary-all;'
+if [ "$(id -u)" = '0' ]; then
+	chmod 550 aptarchive/dists/unstable/main/binary-all
+	testfailure aptget update
+fi
+chmod 555 aptarchive/dists/unstable/main/binary-all
 testsuccess aptget update
 
 # the release files aren't an IMS-hit, but the indexes are
author	David Kalnischkies <david@kalnischkies.de>	2015-11-04 13:19:14 +0100
committer	David Kalnischkies <david@kalnischkies.de>	2015-11-05 12:21:33 +0100
commit	30c8107e9c56d7d78dcf9136f94aeed9d631dfb3 (patch)
tree	c8d9a601ab50de8d8cd059c2f84e94fedf4f8213
parent	23d35ec15a849ee755f51a99939b0131e8faefa5 (diff)