use always priv-dropping for changelog download as root

First of, the temporary directory we download the changelog to needs to
be owned by _apt, but that also means that we don't need to check if we
could/should drop privs as the download happens to a dedicated tempdir
and only after that it is moved to its final location by a privileged user.

diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc
index 26c8354442a99595b1a2fb5e945a8fac13254e37..7dcaa25a48e9d26e86ca71a76a1e2a4812ce96a5 100644 (file)
--- a/apt-pkg/acquire-item.cc
+++ b/apt-pkg/acquire-item.cc
@@ -2935,6 +2935,10 @@ void pkgAcqChangelog::Init(std::string const &DestDir, std::string const &DestFi
         return;
       }
       DestFile = TemporaryDirectory = tmpname;
+
+      std::string SandboxUser = _config->Find("APT::Sandbox::User");
+      ChangeOwnerAndPermissionOfFile("Item::QueueURI", DestFile.c_str(),
+                                     SandboxUser.c_str(), "root", 0700);
    }
    else
       DestFile = DestDir;

diff --git a/cmdline/apt-get.cc b/cmdline/apt-get.cc
index b1260f06a4ebb7c76bed48b3c7ebd85c08b934cc..b6150a4233b7abc4843da2de8955f4b7124377cc 100644 (file)
--- a/cmdline/apt-get.cc
+++ b/cmdline/apt-get.cc
@@ -1403,10 +1403,7 @@ static bool DoChangelog(CommandLine &CmdL)
 
    if (printOnly == false)
    {
-      // Disable drop-privs if "_apt" can not write to the target dir
-      CheckDropPrivsMustBeDisabled(Fetcher);
-      if (_error->PendingError() == true)
-        return false;
+      // Note: CheckDropPrivsMustBeDisabled isn't needed here as the download happens in a dedicated tempdir
 
       bool Failed = false;
       if (AcquireRun(Fetcher, 0, &Failed, NULL) == false || Failed == true)

diff --git a/test/integration/test-apt-get-changelog b/test/integration/test-apt-get-changelog
index 5fa8543b90d262bfb8526082ad8ceaeff7996c1e..6ca05d0fa8ef4cdfcb752032dcbca9b02ebaa6a3 100755 (executable)
--- a/test/integration/test-apt-get-changelog
+++ b/test/integration/test-apt-get-changelog
@@ -60,14 +60,15 @@ testsuccessequal "'http://localhost:8080/main/f/foo/foo_1.0/change.txt' foo.chan
 echo 'Acquire::Changelogs::URI::Label::Testcases "http://localhost:8080/pool/CHANGEPATH/changelog";' > rootdir/etc/apt/apt.conf.d/changelog.conf
 testsuccessequal "'http://localhost:8080/pool/main/f/foo/foo_1.0/changelog' foo.changelog" aptget changelog foo --print-uris
 
-cd downloaded
 
 testsuccess aptget changelog foo -qq
-testfileequal '../rootdir/tmp/testsuccess.output' "$(cat ../aptarchive/pool/main/f/foo/foo_1.0/changelog)"
+testfileequal 'rootdir/tmp/testsuccess.output' "$(cat aptarchive/pool/main/f/foo/foo_1.0/changelog)"
 
 testsuccess aptget changelog foo libbar -qq
-testfileequal '../rootdir/tmp/testsuccess.output' "$(cat ../aptarchive/pool/main/f/foo/foo_1.0/changelog)
-$(cat ../aptarchive/pool/main/libb/libbar/libbar_1.0/changelog)"
+testfileequal 'rootdir/tmp/testsuccess.output' "$(cat aptarchive/pool/main/f/foo/foo_1.0/changelog)
+$(cat aptarchive/pool/main/libb/libbar/libbar_1.0/changelog)"
+
+cd downloaded
 
 testsuccess aptget changelog foo -d
 testfilestats 'foo.changelog' '%U:%G:%a' '=' "${TEST_DEFAULT_USER}:${TEST_DEFAULT_GROUP}:644"