]> git.saurik.com Git - apt.git/blobdiff - apt-pkg/acquire-item.cc
aborted reverify restores file owner and permission
[apt.git] / apt-pkg / acquire-item.cc
index f630129b9fc379ecf2af5cc1111ba3f28ce3a175..9a6e0af013a62b9b5313960242ae8e4bbab7e9d0 100644 (file)
@@ -65,7 +65,7 @@ static void printHashSumComparision(std::string const &URI, HashStringList const
       std::cerr <<  "\t- " << hs->toStr() << std::endl;
 }
                                                                        /*}}}*/
-static void ChangeOwnerAndPermissionOfFile(char const * const requester, char const * const file, char const * const user, char const * const group, mode_t const mode)
+static void ChangeOwnerAndPermissionOfFile(char const * const requester, char const * const file, char const * const user, char const * const group, mode_t const mode) /*{{{*/
 {
    // ensure the file is owned by root and has good permissions
    struct passwd const * const pw = getpwnam(user);
@@ -78,16 +78,46 @@ static void ChangeOwnerAndPermissionOfFile(char const * const requester, char co
    if (chmod(file, mode) != 0)
       _error->WarningE(requester, "chmod 0%o of file %s failed", mode, file);
 }
-static std::string GetPartialFileName(std::string const &file)
+                                                                       /*}}}*/
+static std::string GetPartialFileName(std::string const &file)         /*{{{*/
 {
    std::string DestFile = _config->FindDir("Dir::State::lists") + "partial/";
    DestFile += file;
    return DestFile;
 }
-static std::string GetPartialFileNameFromURI(std::string const &uri)
+                                                                       /*}}}*/
+static std::string GetPartialFileNameFromURI(std::string const &uri)   /*{{{*/
 {
    return GetPartialFileName(URItoFileName(uri));
 }
+                                                                       /*}}}*/
+static std::string GetCompressedFileName(std::string const &URI, std::string const &Name, std::string const &Ext) /*{{{*/
+{
+   if (Ext.empty() || Ext == "uncompressed")
+      return Name;
+
+   // do not reverify cdrom sources as apt-cdrom may rewrite the Packages
+   // file when its doing the indexcopy
+   if (URI.substr(0,6) == "cdrom:")
+      return Name;
+
+   // adjust DestFile if its compressed on disk
+   if (_config->FindB("Acquire::GzipIndexes",false) == true)
+      return Name + '.' + Ext;
+   return Name;
+}
+                                                                       /*}}}*/
+static bool AllowInsecureRepositories(indexRecords const * const MetaIndexParser, pkgAcqMetaBase * const TransactionManager, pkgAcquire::Item * const I) /*{{{*/
+{
+   if(MetaIndexParser->IsAlwaysTrusted() || _config->FindB("Acquire::AllowInsecureRepositories") == true)
+      return true;
+
+   _error->Error(_("Use --allow-insecure-repositories to force the update"));
+   TransactionManager->AbortTransaction();
+   I->Status = pkgAcquire::Item::StatError;
+   return false;
+}
+                                                                       /*}}}*/
 
 
 // Acquire::Item::Item - Constructor                                   /*{{{*/
@@ -211,18 +241,22 @@ bool pkgAcquire::Item::Rename(string From,string To)
    return true;
 }
                                                                        /*}}}*/
-
-void pkgAcquire::Item::QueueURI(ItemDesc &Item)
+void pkgAcquire::Item::QueueURI(ItemDesc &Item)                                /*{{{*/
 {
    if (RealFileExists(DestFile))
-      ChangeOwnerAndPermissionOfFile("GetPartialFileName", DestFile.c_str(), "_apt", "root", 0600);
+   {
+      std::string SandboxUser = _config->Find("APT::Sandbox::User");
+      ChangeOwnerAndPermissionOfFile("Item::QueueURI", DestFile.c_str(),
+                                     SandboxUser.c_str(), "root", 0600);
+   }
    Owner->Enqueue(Item);
 }
-void pkgAcquire::Item::Dequeue()
+                                                                       /*}}}*/
+void pkgAcquire::Item::Dequeue()                                       /*{{{*/
 {
    Owner->Dequeue(this);
 }
-
+                                                                       /*}}}*/
 bool pkgAcquire::Item::RenameOnError(pkgAcquire::Item::RenameOnErrorState const error)/*{{{*/
 {
    if(FileExists(DestFile))
@@ -1068,10 +1102,9 @@ void pkgAcqIndexMergeDiffs::Done(string Message,unsigned long long Size,HashStri
       for (std::vector<pkgAcqIndexMergeDiffs *>::const_iterator I = allPatches->begin();
            I != allPatches->end(); ++I)
       {
-            std::string const PartialFile = GetPartialFileNameFromURI(RealURI);
-           std::string patch = PartialFile + ".ed." + (*I)->patch.file + ".gz";
-            std::cerr << patch << std::endl;
-           unlink(patch.c_str());
+        std::string const PartialFile = GetPartialFileNameFromURI(RealURI);
+        std::string patch = PartialFile + ".ed." + (*I)->patch.file + ".gz";
+        unlink(patch.c_str());
       }
 
       // all set and done
@@ -1273,9 +1306,7 @@ std::string pkgAcqIndex::GetFinalFilename() const
 {
    std::string FinalFile = _config->FindDir("Dir::State::lists");
    FinalFile += URItoFileName(RealURI);
-   if (_config->FindB("Acquire::GzipIndexes",false) == true)
-      FinalFile += '.' + CurrentCompressionExtension;
-   return FinalFile;
+   return GetCompressedFileName(RealURI, FinalFile, CurrentCompressionExtension);
 }
                                                                        /*}}}*/
 // AcqIndex::ReverifyAfterIMS - Reverify index after an ims-hit                /*{{{*/
@@ -1283,11 +1314,7 @@ void pkgAcqIndex::ReverifyAfterIMS()
 {
    // update destfile to *not* include the compression extension when doing
    // a reverify (as its uncompressed on disk already)
-   DestFile = GetPartialFileNameFromURI(RealURI);
-
-   // adjust DestFile if its compressed on disk
-   if (_config->FindB("Acquire::GzipIndexes",false) == true)
-      DestFile += '.' + CurrentCompressionExtension;
+   DestFile = GetCompressedFileName(RealURI, GetPartialFileNameFromURI(RealURI), CurrentCompressionExtension);
 
    // copy FinalFile into partial/ so that we check the hash again
    string FinalFile = GetFinalFilename();
@@ -1395,11 +1422,6 @@ void pkgAcqIndex::StageDownloadDone(string Message,
    // on if-modfied-since hit to avoid a stale attack against us
    if(StringToBool(LookupTag(Message,"IMS-Hit"),false) == true)
    {
-      // do not reverify cdrom sources as apt-cdrom may rewrite the Packages
-      // file when its doing the indexcopy
-      if (RealURI.substr(0,6) == "cdrom:")
-         return;
-
       // The files timestamp matches, reverify by copy into partial/
       EraseFileName = "";
       ReverifyAfterIMS();
@@ -1483,10 +1505,6 @@ pkgAcqIndexTrans::pkgAcqIndexTrans(pkgAcquire *Owner,
                                    indexRecords *MetaIndexParser)
    : pkgAcqIndex(Owner, TransactionManager, Target, ExpectedHashes, MetaIndexParser)
 {
-   // load the filesize
-   indexRecords::checkSum *Record = MetaIndexParser->Lookup(string(Target->MetaKey));
-   if(Record)
-      FileSize = Record->Size;
 }
                                                                        /*}}}*/
 // AcqIndexTrans::Custom600Headers - Insert custom request headers     /*{{{*/
@@ -1545,11 +1563,19 @@ void pkgAcqMetaBase::AbortTransaction()
       if ((*I)->Status == pkgAcquire::Item::StatIdle)
          (*I)->Status = pkgAcquire::Item::StatDone;
 
-      // kill files in partial
-      std::string const PartialFile = GetPartialFileName(flNotDir((*I)->DestFile));
-      if(FileExists(PartialFile))
-         Rename(PartialFile, PartialFile + ".FAILED");
+      // kill failed files in partial
+      if ((*I)->Status == pkgAcquire::Item::StatError)
+      {
+         std::string const PartialFile = GetPartialFileName(flNotDir((*I)->DestFile));
+         if(FileExists(PartialFile))
+            Rename(PartialFile, PartialFile + ".FAILED");
+      }
+      // fix permissions for existing files which were part of a reverify
+      // like InRelease files or files in partial we might work with next time
+      else if (FileExists((*I)->DestFile))
+        ChangeOwnerAndPermissionOfFile("AbortTransaction", (*I)->DestFile.c_str(), "root", "root", 0644);
    }
+   Transaction.clear();
 }
                                                                        /*}}}*/
 // AcqMetaBase::TransactionHasError - Check for errors in Transaction  /*{{{*/
@@ -1596,6 +1622,7 @@ void pkgAcqMetaBase::CommitTransaction()
       // mark that this transaction is finished
       (*I)->TransactionManager = 0;
    }
+   Transaction.clear();
 }
                                                                        /*}}}*/
 // AcqMetaBase::TransactionStageCopy - Stage a file for copying                /*{{{*/
@@ -1764,6 +1791,10 @@ void pkgAcqMetaSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf)/*{{{*/
          return;
       }
    }
+   else
+      _error->Warning(_("The data from '%s' is not signed. Packages "
+              "from that repository can not be authenticated."),
+           URIDesc.c_str());
 
    // this ensures that any file in the lists/ dir is removed by the
    // transaction
@@ -1771,16 +1802,12 @@ void pkgAcqMetaSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf)/*{{{*/
    TransactionManager->TransactionStageRemoval(this, DestFile);
 
    // only allow going further if the users explicitely wants it
-   if(_config->FindB("Acquire::AllowInsecureRepositories") == true)
+   if(AllowInsecureRepositories(MetaIndexParser, TransactionManager, this) == true)
    {
       // we parse the indexes here because at this point the user wanted
       // a repository that may potentially harm him
       MetaIndexParser->Load(MetaIndexFile);
       QueueIndexes(true);
-   } 
-   else 
-   {
-      _error->Warning("Use --allow-insecure-repositories to force the update");
    }
 
    Item::Failed(Message,Cnf);
@@ -2149,7 +2176,7 @@ void pkgAcqMetaIndex::Failed(string Message,
    // No Release file was present so fall
    // back to queueing Packages files without verification
    // only allow going further if the users explicitely wants it
-   if(_config->FindB("Acquire::AllowInsecureRepositories") == true)
+   if(AllowInsecureRepositories(MetaIndexParser, TransactionManager, this) == true)
    {
       // Done, queue for rename on transaction finished
       if (FileExists(DestFile)) 
@@ -2157,12 +2184,6 @@ void pkgAcqMetaIndex::Failed(string Message,
 
       // queue without any kind of hashsum support
       QueueIndexes(false);
-   } else {
-      // warn if the repository is unsinged
-      _error->Warning("Use --allow-insecure-repositories to force the update");
-      TransactionManager->AbortTransaction();
-      Status = StatError;
-      return;
    }
 }
                                                                        /*}}}*/
@@ -2273,7 +2294,7 @@ void pkgAcqMetaClearSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf) /*
       // No Release file was present, or verification failed, so fall
       // back to queueing Packages files without verification
       // only allow going further if the users explicitely wants it
-      if(_config->FindB("Acquire::AllowInsecureRepositories") == true)
+      if(AllowInsecureRepositories(MetaIndexParser, TransactionManager, this) == true)
       {
         Status = StatDone;
 
@@ -2294,11 +2315,6 @@ void pkgAcqMetaClearSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf) /*
             TransactionManager->TransactionStageCopy(this, DestFile, FinalFile);
          }
          QueueIndexes(false);
-      } else {
-         // warn if the repository is unsigned
-         _error->Warning("Use --allow-insecure-repositories to force the update");
-         TransactionManager->AbortTransaction();
-         Status = StatError;
       }
    }
 }
@@ -2480,7 +2496,8 @@ bool pkgAcqArchive::QueueNext()
         else
         {
            PartialSize = Buf.st_size;
-           ChangeOwnerAndPermissionOfFile("pkgAcqArchive::QueueNext", FinalFile.c_str(), "_apt", "root", 0600);
+            std::string SandboxUser = _config->Find("APT::Sandbox::User");
+           ChangeOwnerAndPermissionOfFile("pkgAcqArchive::QueueNext",DestFile.c_str(), SandboxUser.c_str(), "root", 0600);
         }
       }
 
@@ -2648,7 +2665,8 @@ pkgAcqFile::pkgAcqFile(pkgAcquire *Owner,string URI, HashStringList const &Hashe
       else
       {
         PartialSize = Buf.st_size;
-        ChangeOwnerAndPermissionOfFile("pkgAcqFile", DestFile.c_str(), "_apt", "root", 0600);
+         std::string SandboxUser = _config->Find("APT::Sandbox::User");
+        ChangeOwnerAndPermissionOfFile("pkgAcqFile", DestFile.c_str(), SandboxUser.c_str(), "root", 0600);
       }
    }