diff options
author | David Kalnischkies <david@kalnischkies.de> | 2014-10-18 17:48:55 +0200 |
---|---|---|
committer | David Kalnischkies <david@kalnischkies.de> | 2014-10-20 10:37:46 +0200 |
commit | de81b2e20f80bb5f42034863a9a974c815a45da5 (patch) | |
tree | 4c601ca61dcdd8090adf198fba2191c18d9c87d4 | |
parent | 12796fa241ad6b0e8ccd1025a3723e18324e17b0 (diff) |
aborted reverify restores file owner and permission
If we get an IMS hit for an InRelease file we use the file we already
have and pass it into reverification, but this changes the permissions
and on abort of the transaction they weren't switched back.
This is now done, additionally, every file in partial which hasn't
failed gets permission and owner changed for root access as well, as it
is very well possible that the next invocation will (re)use these files.
-rw-r--r-- | apt-pkg/acquire-item.cc | 6 | ||||
-rw-r--r-- | test/integration/framework | 54 | ||||
-rwxr-xr-x | test/integration/test-apt-update-transactions | 65 |
3 files changed, 94 insertions, 31 deletions
diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index 78402249c..9a6e0af01 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -246,7 +246,7 @@ void pkgAcquire::Item::QueueURI(ItemDesc &Item) /*{{{*/ if (RealFileExists(DestFile)) { std::string SandboxUser = _config->Find("APT::Sandbox::User"); - ChangeOwnerAndPermissionOfFile("GetPartialFileName", DestFile.c_str(), + ChangeOwnerAndPermissionOfFile("Item::QueueURI", DestFile.c_str(), SandboxUser.c_str(), "root", 0600); } Owner->Enqueue(Item); @@ -1570,6 +1570,10 @@ void pkgAcqMetaBase::AbortTransaction() if(FileExists(PartialFile)) Rename(PartialFile, PartialFile + ".FAILED"); } + // fix permissions for existing files which were part of a reverify + // like InRelease files or files in partial we might work with next time + else if (FileExists((*I)->DestFile)) + ChangeOwnerAndPermissionOfFile("AbortTransaction", (*I)->DestFile.c_str(), "root", "root", 0644); } Transaction.clear(); } diff --git a/test/integration/framework b/test/integration/framework index a8d6bf3d0..d692f62a9 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -23,25 +23,32 @@ if [ "$MSGCOLOR" != 'NO' ]; then CCMD="\033[1;35m" # pink fi -msgdie() { printf "${CERROR}E: $1${CNORMAL}\n" >&2; exit 1; } -msgwarn() { printf "${CWARNING}W: $1${CNORMAL}\n" >&2; } -msgmsg() { printf "${CMSG}$1${CNORMAL}\n"; } -msginfo() { printf "${CINFO}I: $1${CNORMAL}\n"; } -msgdebug() { printf "${CDEBUG}D: $1${CNORMAL}\n"; } -msgdone() { printf "${CDONE}DONE${CNORMAL}\n"; } -msgnwarn() { printf "${CWARNING}W: $1${CNORMAL}" >&2; } -msgnmsg() { printf "${CMSG}$1${CNORMAL}"; } -msgninfo() { printf "${CINFO}I: $1${CNORMAL}"; } -msgndebug() { printf "${CDEBUG}D: $1${CNORMAL}"; } -msgtest() { - while [ -n "$1" ]; do - printf "${CINFO}$1${CCMD} " - printf -- "$(echo "$2" | sed -e 's#^apt\([cgfs]\)#apt-\1#')${CINFO} " +msgprintf() { + local START="$1" + local MIDDLE="$2" + local END="$3" + shift 3 + if [ -n "$1" ]; then + printf "$START " "$1" shift - if [ -n "$1" ]; then shift; else break; fi - done - printf "…${CNORMAL} " + while [ -n "$1" ]; do + printf "$MIDDLE " "$(echo "$1" | sed -e 's#^apt\([cgfs]\)#apt-\1#')" + shift + done + fi + printf "${END}" } +msgdie() { msgprintf "${CERROR}E: %s" '%s' "${CNORMAL}\n" "$@" >&2; exit 1; } +msgwarn() { msgprintf "${CWARNING}W: %s" '%s' "${CNORMAL}\n" "$@" >&2; } +msgmsg() { msgprintf "${CMSG}%s" '%s' "${CNORMAL}\n" "$@"; } +msginfo() { msgprintf "${CINFO}I: %s" '%s' "${CNORMAL}\n" "$@"; } +msgdebug() { msgprintf "${CDEBUG}D: %s" '%s' "${CNORMAL}\n" "$@"; } +msgdone() { msgprintf "${CDONE}DONE" '%s' "${CNORMAL}\n" "$@"; } +msgnwarn() { msgprintf "${CWARNING}W: %s" '%s' "${CNORMAL}" "$@" >&2; } +msgnmsg() { msgprintf "${CMSG}%s" '%s' "${CNORMAL}" "$@"; } +msgninfo() { msgprintf "${CINFO}I: %s" '%s' "${CNORMAL}" "$@"; } +msgndebug() { msgprintf "${CDEBUG}D: %s" '%s' "${CNORMAL}" "$@"; } +msgtest() { msgprintf "${CINFO}%s" "${CCMD}%s${CINFO}" "…${CNORMAL} " "$@"; } msgpass() { printf "${CPASS}PASS${CNORMAL}\n"; } msgskip() { if [ $# -gt 0 ]; then printf "${CWARNING}SKIP: $*${CNORMAL}\n" >&2; @@ -1222,18 +1229,21 @@ testfailure() { fi } -testaccessrights() { - msgtest "Test that file $1 has access rights set to" "$2" - if [ "$2" = "$(stat --format '%a' "$1")" ]; then +testfilestats() { + msgtest "Test that file $1 has $2 $3" "$4" + if [ "$4" "$3" "$(stat --format "$2" "$1")" ]; then msgpass else echo >&2 ls -l >&2 "$1" - echo -n >&2 "stat(1) reports access rights: " - stat --format '%a' "$1" + echo -n >&2 "stat(1) reports for $2: " + stat --format "$2" "$1" msgfail fi } +testaccessrights() { + testfilestats "$1" '%a' '=' "$2" +} testwebserverlaststatuscode() { local DOWNLOG='rootdir/tmp/webserverstatus-testfile.log' diff --git a/test/integration/test-apt-update-transactions b/test/integration/test-apt-update-transactions index 247334991..2d5d9e721 100755 --- a/test/integration/test-apt-update-transactions +++ b/test/integration/test-apt-update-transactions @@ -1,24 +1,73 @@ #!/bin/sh set -e +# ensure that an update will only succeed entirely or not at all + TESTDIR=$(readlink -f $(dirname $0)) . $TESTDIR/framework setupenvironment -configarchitecture "i386" +configarchitecture 'i386' insertpackage 'unstable' 'foo' 'all' '1.0' +insertsource 'unstable' 'foo' 'all' '1.0' setupaptarchive --no-update -changetowebserver -# break package file -cat > aptarchive/dists/unstable/main/binary-i386/Packages <<EOF +breakfile() { + mv "$1" "${1}.bak" + cat > "$1" <<EOF Package: bar EOF -compressfile aptarchive/dists/unstable/main/binary-i386/Packages '+1hour' + compressfile "$1" +} +restorefile() { + mv "${1}.bak" "$1" +} + +listscheck() { + testequal "$(cat $1)" ls rootdir/var/lib/apt/lists + # all copied files are properly chmodded + find rootdir/var/lib/apt/lists -maxdepth 1 -type f | while read file; do + testaccessrights "$file" '644' + testfilestats "$file" '%U' '!=' '_apt' + done +} + +testrun() { + # produce an unsigned repository + find aptarchive \( -name 'Release.gpg' -o -name 'InRelease' \) -delete + testfailure aptget update --no-allow-insecure-repositories + listscheck "$1" + + # signed but broken + signreleasefiles -# ensure that a update will only succeed entirely or not at all -testfailure aptget update -testequal "partial" ls rootdir/var/lib/apt/lists + breakfile aptarchive/dists/unstable/main/binary-i386/Packages + testfailure aptget update + listscheck "$1" + restorefile aptarchive/dists/unstable/main/binary-i386/Packages + + breakfile aptarchive/dists/unstable/main/source/Sources + testfailure aptget update + listscheck "$1" + restorefile aptarchive/dists/unstable/main/source/Sources +} + +testsetup() { + msgmsg 'Test with no initial data over' "$1" + rm -rf rootdir/var/lib/apt/lists + mkdir -p rootdir/var/lib/apt/lists/partial + ls rootdir/var/lib/apt/lists > listsdir.lst + testrun 'listsdir.lst' + + msgmsg 'Test with initial data over' "$1" + testsuccess aptget update + ls rootdir/var/lib/apt/lists > listsdir.lst + testrun 'listsdir.lst' +} + +testsetup 'file' +changetowebserver +testsetup 'http' |