use _apt:root only for partial directories

Using a different user for calling methods is intended to protect us from methods running amok (via remotely exploited bugs) by limiting what can be done by them. By using root:root for the final directories and just have the files in partial writeable by the methods we enhance this in sofar as a method can't modify already verified data in its parent directory anymore. As a side effect, this also clears most of the problems you could have if the final directories are shared without user-sharing or if these directories disappear as they are now again root owned and only the partial directories contain _apt owned files (usually none if apt isn't running) and the directory itself is autocreated with the right permissions.
author: David Kalnischkies <david@kalnischkies.de> 2014-10-06 14:29:53 +0200
committer: David Kalnischkies <david@kalnischkies.de> 2014-10-07 01:59:49 +0200
commit: 5684f71fa0f6c1b765aa53e22ca3b024c578b9c9 (patch)
tree: 254ce22743ac9c457268bacba6a8e504bd5174cb /test
parent: 04a54261afd1c99686109f102afc83346c01c930 (diff)
3 files changed, 44 insertions, 14 deletions
diff --git a/test/integration/framework b/test/integration/framework
index e83606fae..688a1abf2 100644
--- a/test/integration/framework
+++ b/test/integration/framework
@@ -164,9 +164,10 @@ addtrap() {
 
 setupenvironment() {
 	TMPWORKINGDIRECTORY=$(mktemp -d)
-	TESTDIRECTORY=$(readlink -f $(dirname $0))
+	addtrap "cd /; rm -rf $TMPWORKINGDIRECTORY;"
 	msgninfo "Preparing environment for ${CCMD}$(basename $0)${CINFO} in ${TMPWORKINGDIRECTORY}… "
 
+	TESTDIRECTORY=$(readlink -f $(dirname $0))
         # allow overriding the default BUILDDIR location
 	BUILDDIRECTORY=${APT_INTEGRATION_TESTS_BUILD_DIR:-"${TESTDIRECTORY}/../../build/bin"}
 	LIBRARYPATH=${APT_INTEGRATION_TESTS_LIBRARY_PATH:-"${BUILDDIRECTORY}"}
@@ -177,7 +178,6 @@ setupenvironment() {
 	test -x "${BUILDDIRECTORY}/apt-get" || msgdie "You need to build tree first"
         # -----
 
-	addtrap "cd /; rm -rf $TMPWORKINGDIRECTORY;"
 	cd $TMPWORKINGDIRECTORY
 	mkdir rootdir aptarchive keys
 	cd rootdir
@@ -210,6 +210,7 @@ setupenvironment() {
 		cp "${TESTDIRECTORY}/${SOURCESSFILE}" aptarchive/Sources
 	fi
 	cp $(find $TESTDIRECTORY -name '*.pub' -o -name '*.sec') keys/
+	chmod 644 $(find keys -name '*.pub' -o -name '*.sec')
 	ln -s ${TMPWORKINGDIRECTORY}/keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
 	echo "Dir \"${TMPWORKINGDIRECTORY}/rootdir\";" > aptconfig.conf
 	echo "Dir::state::status \"${TMPWORKINGDIRECTORY}/rootdir/var/lib/dpkg/status\";" >> aptconfig.conf
@@ -837,9 +838,7 @@ setupaptarchive() {
 	fi
 	signreleasefiles
 	if [ "$1" != '--no-update' ]; then
-		msgninfo "\tSync APT's cache with the archive… "
-		aptget update -qq
-		msgdone "info"
+		testsuccess aptget update -o Debug::pkgAcquire::Worker=true -o Debug::Acquire::gpgv=true
 	fi
 }
 
@@ -1175,6 +1174,19 @@ testfailure() {
 	fi
 }
 
+testaccessrights() {
+	msgtest "Test that file $1 has access rights set to" "$2"
+	if [ "$2" = "$(stat --format '%a' "$1")" ]; then
+		msgpass
+	else
+		echo >&2
+		ls -l >&2 "$1"
+		echo -n >&2 "stat(1) reports access rights: "
+		stat --format '%a' "$1"
+		msgfail
+	fi
+}
+
 testwebserverlaststatuscode() {
 	local DOWNLOG='rootdir/tmp/webserverstatus-testfile.log'
 	local STATUS='rootdir/tmp/webserverstatus-statusfile.log'
diff --git a/test/integration/test-apt-get-download b/test/integration/test-apt-get-download
index 58ed44f8f..0514542b3 100755
--- a/test/integration/test-apt-get-download
+++ b/test/integration/test-apt-get-download
@@ -11,8 +11,23 @@ buildsimplenativepackage 'apt' 'all' '1.0' 'stable'
 buildsimplenativepackage 'apt' 'all' '2.0' 'unstable'
 insertinstalledpackage 'vrms' 'all' '1.0'
 
+umask 0027
+
 setupaptarchive
 
+# apt-ftparchive knows how to chmod files
+find aptarchive/dists -name '*Packages*' -type f | while read file; do
+	testaccessrights "$file" '644'
+done
+# created by the framework without special care
+find aptarchive/dists -name '*Release*' -type f | while read file; do
+	testaccessrights "$file" '640'
+done
+# all copied files are properly chmodded
+find rootdir/var/lib/apt/lists -type f | while read file; do
+	testaccessrights "$file" '644'
+done
+
 testdownload() {
 	local APT="$2"
 	if [ -n "$3" ]; then
@@ -65,6 +80,7 @@ testsuccess aptget update
 # test with already stored deb
 testsuccess aptget install -d apt
 testsuccess test -s rootdir/var/cache/apt/archives/apt_2.0_all.deb
+testaccessrights 'aptarchive/pool/apt_2.0_all.deb' '644'
 mv aptarchive/pool/apt_2.0_all.deb aptarchive/pool/apt_2.0_all.deb.gone
 testdownload apt_2.0_all.deb apt
 mv aptarchive/pool/apt_2.0_all.deb.gone aptarchive/pool/apt_2.0_all.deb
diff --git a/test/integration/test-apt-update-unauth b/test/integration/test-apt-update-unauth
index cf5195024..b7ccd6cf3 100755
--- a/test/integration/test-apt-update-unauth
+++ b/test/integration/test-apt-update-unauth
@@ -27,7 +27,7 @@ runtest() {
     find rootdir/var/lib/apt/lists/ -type f | xargs rm -f
     rm -f aptarchive/dists/unstable/*Release*
 
-    aptget update -qq --allow-insecure-repositories
+    testsuccess aptget update -qq --allow-insecure-repositories
 
     # FIXME: this really shouldn't be needed
     rm -f rootdir/var/lib/apt/lists/partial/*
@@ -41,7 +41,6 @@ runtest() {
         aptarchive/dists/unstable/main/binary-i386/Packages.uncompressed
 
     # and ensure we re-check the downloaded data
-    msgtest "Check rollback on going from unauth -> auth"
 
     # change the local packages file
     PKGS=$(ls rootdir/var/lib/apt/lists/*Packages*)
@@ -49,18 +48,22 @@ runtest() {
     ls rootdir/var/lib/apt/lists/ > lists.before
 
     # update and ensure all is reverted on the hashsum failure
-    aptget update -o Debug::Acquire::Transaction=0 -o Debug::pkgAcquire::Auth=1 -o Debug::pkgAcquire::worker=0 -o Debug::acquire::http=0 > output.log 2>&1 || true
+    testfailure aptget update -o Debug::Acquire::Transaction=0 -o Debug::pkgAcquire::Auth=1 -o Debug::pkgAcquire::worker=0 -o Debug::acquire::http=0
 
     # ensure we have before what we have after
+    msgtest 'Check rollback on going from' 'unauth -> auth'
     ls rootdir/var/lib/apt/lists/ > lists.after
-    if diff -u lists.before lists.after; then
+    if cmp lists.before lists.after; then
         msgpass
     else
-        cat output.log
-        msgfail
+	echo >&2 '### Output of previous apt-get update ###'
+	cat >&2 rootdir/tmp/testfailure.output
+	echo >&2 '### Changes in the lists-directory: ###'
+	diff -u >&2 lists.before lists.after
+	msgfail
     fi
 
-    # move uncompressed back for release file 
+    # move uncompressed back for release file
     mv aptarchive/dists/unstable/main/binary-i386/Packages.uncompressed \
         aptarchive/dists/unstable/main/binary-i386/Packages
 }
@@ -72,6 +75,5 @@ for COMPRESSEDINDEXES in 'false' 'true'; do
 	else
 		msgmsg 'Run tests with GzipIndexes disabled'
 	fi
-
-        runtest
+	runtest
 done
author	David Kalnischkies <david@kalnischkies.de>	2014-10-06 14:29:53 +0200
committer	David Kalnischkies <david@kalnischkies.de>	2014-10-07 01:59:49 +0200
commit	5684f71fa0f6c1b765aa53e22ca3b024c578b9c9 (patch)
tree	254ce22743ac9c457268bacba6a8e504bd5174cb /test
parent	04a54261afd1c99686109f102afc83346c01c930 (diff)