From 1924b1e513b0619c177565d17475ea3747983f4f Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Tue, 21 Oct 2014 11:19:45 -0400 Subject: Ensure /etc/apt/auth.conf has _apt:root owner Ensure in SetupAPTPartialDirectory() that the /etc/apt/auth.conf file can be read by the priv sep apt methods. --- apt-pkg/acquire.cc | 12 ++++++++++-- debian/apt.postinst | 5 ----- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/apt-pkg/acquire.cc b/apt-pkg/acquire.cc index 1aa709381..033fa9bd3 100644 --- a/apt-pkg/acquire.cc +++ b/apt-pkg/acquire.cc @@ -86,8 +86,16 @@ static bool SetupAPTPartialDirectory(std::string const &grand, std::string const std::string SandboxUser = _config->Find("APT::Sandbox::User"); struct passwd *pw = getpwnam(SandboxUser.c_str()); struct group *gr = getgrnam("root"); - if (pw != NULL && gr != NULL && chown(partial.c_str(), pw->pw_uid, gr->gr_gid) != 0) - _error->WarningE("SetupAPTPartialDirectory", "chown to %s:root of directory %s failed", SandboxUser.c_str(), partial.c_str()); + if (pw != NULL && gr != NULL) + { + // chown the partial dir + if(chown(partial.c_str(), pw->pw_uid, gr->gr_gid) != 0) + _error->WarningE("SetupAPTPartialDirectory", "chown to %s:root of directory %s failed", SandboxUser.c_str(), partial.c_str()); + // chown the auth.conf file + std::string AuthConf = _config->FindFile("Dir::Etc::netrc"); + if(chown(AuthConf.c_str(), pw->pw_uid, gr->gr_gid) != 0) + _error->WarningE("SetupAPTPartialDirectory", "chown to %s:root of file %s failed", SandboxUser.c_str(), AuthConf.c_str()); + } } if (chmod(partial.c_str(), 0700) != 0) _error->WarningE("SetupAPTPartialDirectory", "chmod 0700 of directory %s failed", partial.c_str()); diff --git a/debian/apt.postinst b/debian/apt.postinst index bcc18b4e5..b0a5da7d8 100755 --- a/debian/apt.postinst +++ b/debian/apt.postinst @@ -43,11 +43,6 @@ case "$1" in adduser --force-badname --system -home /var/empty \ --no-create-home --quiet _apt || true - # ensure the passwords can still be read by the methods - if [ -e /etc/apt/auth.conf ]; then - chown _apt:root /etc/apt/auth.conf - fi - # deal with upgrades from experimental if dpkg --compare-versions "$2" 'eq' '1.1~exp3'; then # libapt will setup partial/ at runtime -- cgit v1.2.3