From b3e7a16265e7c6c3b6892b9ec8a787d692ced6e6 Mon Sep 17 00:00:00 2001
From: David Kalnischkies <david@kalnischkies.de>
Date: Fri, 2 Feb 2018 19:14:09 +0100
Subject: ensure correct file permissions for auxfiles
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The interesting takeaway here is perhaps that 'chmod +w' is effected by
the umask – obvious in hindsight of course. The usual setup helps with
hiding that applying that recursively on all directories (and files)
isn't correct. Ensuring files will not be stored with the wrong
permissions even if in strange umask contexts is trivial in comparison.

Fixing the test also highlighted that it wasn't bulletproof as apt will
automatically fix the permissions of the directories it works with, so
for this test we actually need to introduce a shortcut in the code.

Reported-By: Ubuntu autopkgtest CI
---
 apt-pkg/acquire-item.cc | 4 +++-
 apt-pkg/acquire.cc      | 2 ++
 2 files changed, 5 insertions(+), 1 deletion(-)

(limited to 'apt-pkg')

diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc
index 792465b90..86ffe9e49 100644
--- a/apt-pkg/acquire-item.cc
+++ b/apt-pkg/acquire-item.cc
@@ -3622,7 +3622,7 @@ void pkgAcqChangelog::Init(std::string const &DestDir, std::string const &DestFi
    }
    TemporaryDirectory = tmpname;
 
-   ChangeOwnerAndPermissionOfFile("Item::QueueURI", TemporaryDirectory.c_str(),
+   ChangeOwnerAndPermissionOfFile("pkgAcqChangelog::Init", TemporaryDirectory.c_str(),
 	 SandboxUser.c_str(), ROOT_GROUP, 0700);
 
    DestFile = flCombine(TemporaryDirectory, DestFileName);
@@ -3635,6 +3635,7 @@ void pkgAcqChangelog::Init(std::string const &DestDir, std::string const &DestFi
 	 if (file1.Open(DestFile, FileFd::WriteOnly | FileFd::Create | FileFd::Exclusive) &&
 	       file2.Open(d->FinalFile, FileFd::ReadOnly) && CopyFile(file2, file1))
 	 {
+	    ChangeOwnerAndPermissionOfFile("pkgAcqChangelog::Init", DestFile.c_str(), "root", ROOT_GROUP, 0644);
 	    struct timeval times[2];
 	    times[0].tv_sec = times[1].tv_sec = file2.ModificationTime();
 	    times[0].tv_usec = times[1].tv_usec = 0;
@@ -4007,6 +4008,7 @@ static std::string GetAuxFileNameFromURI(std::string const &uri)
    {
       FileFd out(filename, FileFd::WriteOnly | FileFd::Create | FileFd::Exclusive);
       CopyFile(in, out);
+      ChangeOwnerAndPermissionOfFile("GetAuxFileNameFromURI", filename.c_str(), "root", ROOT_GROUP, 0644);
    }
    _error->RevertToStack();
    return filename;
diff --git a/apt-pkg/acquire.cc b/apt-pkg/acquire.cc
index ba895ed44..983a0fb41 100644
--- a/apt-pkg/acquire.cc
+++ b/apt-pkg/acquire.cc
@@ -80,6 +80,8 @@ void pkgAcquire::Initialize()
 // Acquire::GetLock - lock directory and prepare for action		/*{{{*/
 static bool SetupAPTPartialDirectory(std::string const &grand, std::string const &parent, std::string const &postfix, mode_t const mode)
 {
+   if (_config->FindB("Debug::SetupAPTPartialDirectory::AssumeGood", false))
+      return true;
    std::string const partial = parent + postfix;
    bool const partialExists = DirectoryExists(partial);
    if (partialExists == false)
-- 
cgit v1.2.3