summaryrefslogtreecommitdiff
path: root/apt-pkg/contrib/fileutl.cc
AgeCommit message (Collapse)Author
2014-10-07Ignore EINVAL from prctl(PR_SET_NO_NEW_PRIVS)Michael Vogt
Ignore a EINVAL error here as it means that the kernel is too old to understand this option. We should not fail hard in this case but just ignore the error. closes: 764066
2014-10-07Rename DropPrivs() to DropPrivileges()Michael Vogt
Git-Dch: ignore
2014-09-27fix: Consecutive return, break, continue, goto or throw statements are ↵David Kalnischkies
unnecessary. Git-Dch: Ignore Reported-By: cppcheck
2014-09-27fix: Member variable 'X' is not initialized in the constructor.David Kalnischkies
Reported-By: cppcheck Git-Dch: Ignore
2014-09-24DropPrivs: Use APT::Sandbox::User instead of Apt::User::NobodyJulian Andres Klode
Git-Dch: ignore
2014-09-24DropPrivs: Hard-fail if the user does not existJulian Andres Klode
Git-Dch: ignore
2014-09-24DropPrivs: Add some comments for the more obscure setuid/setgid functionsJulian Andres Klode
Git-Dch: ignore
2014-09-24DropPrivs: Move the re-set uid/gid thing to the end of the functionJulian Andres Klode
Git-Dch: ignore
2014-09-24DropPrivs: Improve commentsJulian Andres Klode
Git-Dch: ignore
2014-09-24DropPrivs: Also check for saved set-user-ID and set-group-IDJulian Andres Klode
2014-09-24DropPrivs: Do not use an invalid return check for setgroups()Julian Andres Klode
setgroups() returns 0 on success Git-Dch: ignore
2014-09-24Use _apt as our unprivileged user nameJulian Andres Klode
Some people want to standardize on it, and BSDs do it too, so let's do the same. Reported-by: Paul Wise <pabs@debian.org>
2014-09-24DropPriv: Really call seteuid and not setuid, and add more checksJulian Andres Klode
The only thing we are missing is non-portable saved ids support.
2014-09-24Drop Privileges to "Debian-apt" in most acquire methodsMichael Vogt
Add a new "Debian-apt" user that owns the /var/lib/apt/lists and /var/cache/apt/archive directories. The methods http, https, ftp, gpgv, gzip switch to this user when they start. Thanks to Julian and "ioerror" and tors "switch_id()" code.
2014-06-18Merge remote-tracking branch 'mvo/feature/drop-rights' into debian/experimentalMichael Vogt
Conflicts: apt-pkg/contrib/fileutl.cc apt-pkg/contrib/fileutl.h
2014-06-18Merge branch 'debian/sid' into debian/experimentalMichael Vogt
Conflicts: debian/changelog
2014-06-11DropPrivs in the solvers (just to be on the safe side)Michael Vogt
2014-05-30without a filename we can't stat pipesDavid Kalnischkies
EDSP code uses pipes opened via an FD as sources and later for those files modification times and filesize are read - but never really used again. The result we get from FileFd is probably wrong, but as we don't use it anyway, we just don't fallback if we have nothing to fallback to Git-Dch: Ignore
2014-05-27use free() instead of delete() when realloc is usedMichael Vogt
ContentsExtract::~ContentsExtract() needs to use free() because Data got allocated via realloc() Reported-By: clang -fsanitize=address -fno-omit-frame-pointer
2014-05-07Merge remote-tracking branch 'mvo/feature/apt-install-deb' into ↵Michael Vogt
debian/experimental
2014-05-07Merge branch 'debian/sid' into debian/experimentalMichael Vogt
Conflicts: apt-pkg/cachefilter.h apt-pkg/contrib/fileutl.cc apt-pkg/contrib/netrc.h apt-pkg/deb/debsrcrecords.cc apt-pkg/init.h apt-pkg/pkgcache.cc debian/apt.install.in debian/changelog
2014-04-28Merge branch 'feature/abspath' into feature/apt-install-debMichael Vogt
Conflicts: test/libapt/fileutl_test.cc
2014-04-28add flAbsPath() as a wrapper to realpath()Michael Vogt
2014-04-28Merge branch 'feature/popen' into feature/apt-install-debMichael Vogt
2014-04-28Implement Popen() execv helper to avoid popen()Michael Vogt
2014-04-28WIP local deb installMichael Vogt
2014-04-26fix FileFd::Size bitswap on big-endian architecturesAdam Conrad
gzip only gives us 32bit of size, storing it in a 64bit container and doing a 32bit flip on it has therefore unintended results. So we just go with a exact size container and let the flipping be handled by eglibc provided le32toh removing our #ifdef machinery. Closes: 745866
2014-04-16clear HitEof flag in FileFd::SeekDavid Kalnischkies
fseek and co do this to their eof-flags and it is more logic this way as we will usually seek away from the end (e.g. to re-read the file). The commit also improves the testcase further and adds a test for the binary compressor codepath (as gz, bzip2 and xz are handled by libraries) via the use of 'rev' as a 'compressor'.
2014-04-11deal with umask only if we really need to for mkstempDavid Kalnischkies
As the comment actually says: open() does the umask dance by itself, so we don't need to do it for it. We have to do it after mkstemp in Atomic though, so move it into the if. Also removes the "micro-optimisation" "FilePermissions == 600" as it doesn't trigger at the moment anyway as 600 != 0600.
2014-04-11don't double-count seeks in FileFd::Skip for bzip/xzDavid Kalnischkies
FileFd::Read already deals with the increase of the skipposition so that we as the caller in FileFd::Skip really shouldn't increase it, too.
2014-04-10improve umask/fchmod code readabilityMichael Vogt
2014-04-10Rename FileFd::Open() Perms to AccessModeMichael Vogt
Bug lp:#1304657 was caused by confusion around the name Perms. The new name AccessMode should make it clear that its not the literal file permissions but instead the AccessMode passed to open() (i.e. the umask needs to be applied)
2014-04-10Fix insecure file permissions when using FileFd with OpenMode::AtomicMichael Vogt
Commit 7335eebea6dd43581d4650a8818b06383ab89901 introduced a bug that caused FileFd to create insecure permissions when FileFd::Atomic is used. This commit fixes the permissions and adds a test. The bug is most likely caused by the confusing "Perm" parameter that is passed to Open() - its not the file permissions but intead the "mode" part of open/creat.
2014-04-01Add new Debug::RunScripts optionMichael Vogt
This debug option will display all scripts that are run by apts RunScripts and RunScriptsWithPkgs helpers.
2014-03-21continue reading in xz even if it outputs nothingDavid Kalnischkies
It can happen that content in our buffer is not enough to produce a meaningful output in which case no output is created by liblzma, but still reports that everything is okay and we should go on. The code assumes it has reached the end through if it encounters a null read, so this commit makes it so that it looks like this read was interrupted just like the lowlevel read() on uncompressed files could. It subsequently fixes the issue with that as well as until now our loop would still break even if we wanted it to continue on. (This bug triggers our usual "Hash sum mismatch" error) Reported-By: Stefan Lippers-Hollmann <s.L-H@gmx.de>
2014-03-15Fix handling of autoclosing for compressed files (Closes: #741685)Julian Andres Klode
AutoClose is both an argument in OpenDescriptor() and an enum. In commit 84baaae93badc2da7c1f4f356456762895cef278 code using the AutoClose parameter was moved to OpenDescriptorInternal(). In that function, AutoClose meant the enum value, so the check was always false.
2014-03-14fix test/integration/test-apt-helperMichael Vogt
2014-03-13refactor FileFd to hide some #ifdefsDavid Kalnischkies
They tend to be ugly to look at, so hide them. Git-Dch: Ignore
2014-03-13use liblzma-dev to provide xz/lzma supportDavid Kalnischkies
We have xz/lzma support for a while, but only via an external binary provided by xz-utils. Now that the Debian archive provides xz by default and dpkg pre-depends on the library provided by liblzma-dev we can switch now to use this library as well to avoid requiring an external binary. For now the binary is in a prio:required package, but this might change in the future. API wise it is quiet similar to bz2 code expect that it doesn't provide file I/O methods, so we piece this together on our own.
2014-03-13refactor setup of file opening via zlib/bz2 libDavid Kalnischkies
Git-Dch: Ignore
2014-03-13move fd duplication closer to the gz/bz2 open callsDavid Kalnischkies
Git-Dch: Ignore
2014-03-13cleanup headers and especially #includes everywhereDavid Kalnischkies
Beside being a bit cleaner it hopefully also resolves oddball problems I have with high levels of parallel jobs. Git-Dch: Ignore Reported-By: iwyu (include-what-you-use)
2014-03-13warning: useless cast to type A [-Wuseless-cast]David Kalnischkies
Git-Dch: Ignore Reported-By: gcc -Wuseless-cast
2014-03-13warning: cast from type A to type B casts away qualifiers [-Wcast-qual]David Kalnischkies
Git-Dch: Ignore Reported-By: gcc -Wcast-qual
2014-03-12add hashsum support in apt-file download and add more testsMichael Vogt
2014-02-27Merge branch 'debian/sid' into debian/experimentalMichael Vogt
Conflicts: apt-private/private-list.cc configure.ac debian/apt.install.in debian/changelog
2014-02-22Fix typos in documentation (codespell)Michael Vogt
2014-02-14simplify code some more to make reddit happyDavid Kalnischkies
Commit 6008b79adf1d7ea5607fab87a355d664c8725026 should have been guarded by "Git-Dch: Ignore", but it wasn't and I only noticed it with the Close message via deity thinking "hehe, I wonder if someone is gonna notice". Looks like someone did: hats off to reddit user itisOmegakai! Good to know that what I do isn't only monitored by goverments. :) As there is another instance of basically the same code we just factor out the code a bit and reuse, so its even cleaner and not only simpler. Reported-By: scan-build
2014-02-10simplify code to make compilers happyDavid Kalnischkies
Does the same as before, but is a bit simpler on the logic for humans as well as compilers. scan-build complained about it at least with: "Result of operation is garbage or undefined" Reported-By: scan-build
2014-01-26Merge remote-tracking branch 'donkult/debian/sid' into debian/sidMichael Vogt
Conflicts: apt-private/private-list.cc doc/po/de.po test/integration/framework