don't drop privileges if _apt has not enough rights

Privilege dropping breaks download/source/changelog commands as they
require the _apt user to have write permissions in the current directory,
which is e.g. the case in /tmp, but not in /root, so we disable the
privilege dropping if we deal with such a directory based on idea and
code by Michael Vogt.

The alternative would be to download always to a temp directory and move
it then done, but this breaks partial file support. To resolve this, we
could move to one of our partial/ directories, but this would require a
lock which would block root from using two of these commands in
parallel. As both seems unacceptable we instead let the user choose what
to do: Either a directory is setupped for _apt, downloading as root is
accepted or – which is potentially even better – an unprivileged user is
used for the commands.

1 files changed, 5 insertions, 1 deletions

diff --git a/apt-private/private-download.h b/apt-private/private-download.h
index a90ac7eaa..809650a97 100644
--- a/apt-private/private-download.h
+++ b/apt-private/private-download.h
@@ -3,14 +3,18 @@
 
 #include <apt-pkg/macros.h>
 
+#include <string>
+
 class pkgAcquire;
 
+APT_PUBLIC bool CheckDropPrivsMustBeDisabled(pkgAcquire &Fetcher);
+
 // Check if all files in the fetcher are authenticated
 APT_PUBLIC bool CheckAuth(pkgAcquire& Fetcher, bool const PromptUser);
 
 // show a authentication warning prompt and return true if the system
 // should continue
-APT_PUBLIC bool AuthPrompt(std::string UntrustedList, bool const PromptUser);
+APT_PUBLIC bool AuthPrompt(std::string const &UntrustedList, bool const PromptUser);
 
 APT_PUBLIC bool AcquireRun(pkgAcquire &Fetcher, int const PulseInterval, bool * const Failure, bool * const TransientNetworkFailure);