diff options
| author | David Kalnischkies <david@kalnischkies.de> | 2014-10-06 14:29:53 +0200 |
|---|---|---|
| committer | David Kalnischkies <david@kalnischkies.de> | 2014-10-07 01:59:49 +0200 |
| commit | 5684f71fa0f6c1b765aa53e22ca3b024c578b9c9 (patch) | |
| tree | 254ce22743ac9c457268bacba6a8e504bd5174cb /test/integration/test-apt-get-download | |
| parent | 04a54261afd1c99686109f102afc83346c01c930 (diff) | |
use _apt:root only for partial directories
Using a different user for calling methods is intended to protect us
from methods running amok (via remotely exploited bugs) by limiting what
can be done by them. By using root:root for the final directories and
just have the files in partial writeable by the methods we enhance this
in sofar as a method can't modify already verified data in its parent
directory anymore.
As a side effect, this also clears most of the problems you could have
if the final directories are shared without user-sharing or if these
directories disappear as they are now again root owned and only the
partial directories contain _apt owned files (usually none if apt isn't
running) and the directory itself is autocreated with the right
permissions.
Diffstat (limited to 'test/integration/test-apt-get-download')
| -rwxr-xr-x | test/integration/test-apt-get-download | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/test/integration/test-apt-get-download b/test/integration/test-apt-get-download index 58ed44f8f..0514542b3 100755 --- a/test/integration/test-apt-get-download +++ b/test/integration/test-apt-get-download @@ -11,8 +11,23 @@ buildsimplenativepackage 'apt' 'all' '1.0' 'stable' buildsimplenativepackage 'apt' 'all' '2.0' 'unstable' insertinstalledpackage 'vrms' 'all' '1.0' +umask 0027 + setupaptarchive +# apt-ftparchive knows how to chmod files +find aptarchive/dists -name '*Packages*' -type f | while read file; do + testaccessrights "$file" '644' +done +# created by the framework without special care +find aptarchive/dists -name '*Release*' -type f | while read file; do + testaccessrights "$file" '640' +done +# all copied files are properly chmodded +find rootdir/var/lib/apt/lists -type f | while read file; do + testaccessrights "$file" '644' +done + testdownload() { local APT="$2" if [ -n "$3" ]; then @@ -65,6 +80,7 @@ testsuccess aptget update # test with already stored deb testsuccess aptget install -d apt testsuccess test -s rootdir/var/cache/apt/archives/apt_2.0_all.deb +testaccessrights 'aptarchive/pool/apt_2.0_all.deb' '644' mv aptarchive/pool/apt_2.0_all.deb aptarchive/pool/apt_2.0_all.deb.gone testdownload apt_2.0_all.deb apt mv aptarchive/pool/apt_2.0_all.deb.gone aptarchive/pool/apt_2.0_all.deb |