diff options
| author | David Kalnischkies <david@kalnischkies.de> | 2015-11-18 19:31:40 +0100 |
|---|---|---|
| committer | David Kalnischkies <david@kalnischkies.de> | 2015-11-19 16:46:29 +0100 |
| commit | 514a25cbcd2babb2a9c4485fc7b9a4256b7f6ff3 (patch) | |
| tree | d0e2e2a3d5697e958cd120d87e1cd04219df946a /test/integration/test-apt-update-file | |
| parent | 671a55ba455dcf4e5ce6d86b202761666f54d5c6 (diff) | |
do not use _apt for file/copy sources if it isn't world-accessible
In 0940230d we started dropping privileges for file (and a bit later for
copy, too) with the intend of uniforming this for all methods. The
commit message says that the source will likely fail based on the
compressors already – and there isn't much secret in the repository
content. After all, after apt has run the update everyone can access the
content via apt anyway…
There are sources through which worked before which are mostly
single-deb (and those with the uncompressed files available).
The first one being especially surprising for users maybe, so instead of
failing, we make it so that apt detects that it can't access a source as
_apt and if so doesn't drop (for all sources!) privileges – but we limit
this to file/copy, so the uncompress which might be needed will still
fail – but that failed before this regression.
We display a notice about this, mostly so that if it still fails (e.g.
compressed) the user has some idea what is wrong.
Closes: 805069
Diffstat (limited to 'test/integration/test-apt-update-file')
| -rwxr-xr-x | test/integration/test-apt-update-file | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/test/integration/test-apt-update-file b/test/integration/test-apt-update-file index 04e26a8f4..78a8ca405 100755 --- a/test/integration/test-apt-update-file +++ b/test/integration/test-apt-update-file @@ -14,6 +14,7 @@ configcompression 'bz2' 'gz' confighashes 'SHA512' insertpackage 'unstable' 'foo' 'all' '1' +insertpackage 'unstable' 'bar' 'amd64' '1' insertsource 'unstable' 'foo' 'all' '1' setupaptarchive --no-update @@ -21,8 +22,22 @@ setupaptarchive --no-update # ensure the archive is not writable addtrap 'prefix' 'chmod 755 aptarchive/dists/unstable/main/binary-all;' if [ "$(id -u)" = '0' ]; then - chmod 550 aptarchive/dists/unstable/main/binary-all + # too deep to notice it, but it also unlikely that files in the same repo have different permissions + chmod 500 aptarchive/dists/unstable/main/binary-all testfailure aptget update + rm -rf rootdir/var/lib/apt/lists + chmod 755 aptarchive/dists/unstable/main/binary-all + testsuccess aptget update + rm -rf rootdir/var/lib/apt/lists + chmod 511 aptarchive/dists/ + testsuccess aptget update + rm -rf rootdir/var/lib/apt/lists + chmod 510 aptarchive/dists/ + testsuccesswithnotice aptget update -q=0 + rm -rf rootdir/var/lib/apt/lists + chmod 500 aptarchive/dists/ + testsuccesswithnotice aptget update -q=0 + exit fi chmod 555 aptarchive/dists/unstable/main/binary-all testsuccess aptget update |