From 1924b1e513b0619c177565d17475ea3747983f4f Mon Sep 17 00:00:00 2001
From: Michael Vogt <mvo@debian.org>
Date: Tue, 21 Oct 2014 11:19:45 -0400
Subject: Ensure /etc/apt/auth.conf has _apt:root owner

Ensure in SetupAPTPartialDirectory() that the /etc/apt/auth.conf file
can be read by the priv sep apt methods.
---
 apt-pkg/acquire.cc  | 12 ++++++++++--
 debian/apt.postinst |  5 -----
 2 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/apt-pkg/acquire.cc b/apt-pkg/acquire.cc
index 1aa709381..033fa9bd3 100644
--- a/apt-pkg/acquire.cc
+++ b/apt-pkg/acquire.cc
@@ -86,8 +86,16 @@ static bool SetupAPTPartialDirectory(std::string const &grand, std::string const
       std::string SandboxUser = _config->Find("APT::Sandbox::User");
       struct passwd *pw = getpwnam(SandboxUser.c_str());
       struct group *gr = getgrnam("root");
-      if (pw != NULL && gr != NULL && chown(partial.c_str(), pw->pw_uid, gr->gr_gid) != 0)
-	 _error->WarningE("SetupAPTPartialDirectory", "chown to %s:root of directory %s failed", SandboxUser.c_str(), partial.c_str());
+      if (pw != NULL && gr != NULL)
+      {
+         // chown the partial dir
+         if(chown(partial.c_str(), pw->pw_uid, gr->gr_gid) != 0)
+            _error->WarningE("SetupAPTPartialDirectory", "chown to %s:root of directory %s failed", SandboxUser.c_str(), partial.c_str());
+         // chown the auth.conf file
+         std::string AuthConf = _config->FindFile("Dir::Etc::netrc");
+         if(chown(AuthConf.c_str(), pw->pw_uid, gr->gr_gid) != 0)
+            _error->WarningE("SetupAPTPartialDirectory", "chown to %s:root of file %s failed", SandboxUser.c_str(), AuthConf.c_str());
+      }
    }
    if (chmod(partial.c_str(), 0700) != 0)
       _error->WarningE("SetupAPTPartialDirectory", "chmod 0700 of directory %s failed", partial.c_str());
diff --git a/debian/apt.postinst b/debian/apt.postinst
index bcc18b4e5..b0a5da7d8 100755
--- a/debian/apt.postinst
+++ b/debian/apt.postinst
@@ -43,11 +43,6 @@ case "$1" in
 	adduser --force-badname --system -home /var/empty \
 	    --no-create-home --quiet _apt || true
 
-        # ensure the passwords can still be read by the methods
-        if [ -e /etc/apt/auth.conf ]; then
-            chown _apt:root /etc/apt/auth.conf
-        fi
-
 	# deal with upgrades from experimental
 	if dpkg --compare-versions "$2" 'eq' '1.1~exp3'; then
 	    # libapt will setup partial/ at runtime
-- 
cgit v1.2.3