Aptdaemon

Merge lp:~mvo/aptdaemon/admin-group-fix into lp:aptdaemon

  1. admin-group-fix
  2. Merge into main
Proposed by Michael Vogt
Status: Rejected
Rejected by: Michael Vogt
Proposed branch: lp:~mvo/aptdaemon/admin-group-fix
Merge into: lp:aptdaemon
Diff against target: 97 lines (+49/-6)
2 files modified
aptdaemon/worker.py (+23/-6)
tests/test_worker.py (+26/-0)
To merge this branch: bzr merge lp:~mvo/aptdaemon/admin-group-fix
Reviewer Review Type Date Requested Status
Aptdaemon Developers Pending
Review via email: mp+95039@code.launchpad.net

Description of the change

Please consider the following patch to support both the "admin" and the "sudo" group.
In ubuntu 12.04 the new group is "sudo" but on old installs the "admin" group is still in use
and users are not transitioned over. So aptdaemon needs to support both.

To post a comment you must log in.
lp:~mvo/aptdaemon/admin-group-fix updated
777. By Michael Vogt

ensure mode is 0640 for protected source files

778. By Michael Vogt

skip the test is the user is not in the right group

Revision history for this message
Michael Vogt (mvo) wrote :

I udpated the test a bit to ensure that it will not fail when run as a non-{sudo,admin} group user now. How does it look ?

Revision history for this message
Michael Vogt (mvo) wrote :

As discussed on irc the better solution is probably to use the /etc/apt/auth.conf file for the username/passwords.

The file has the form:

machine private-ppa.launchpad.net/path
login username
password token

Alternatively it can be tab seperated, its using strtok_r(.."\n\t"..)

Unmerged revisions

778. By Michael Vogt

skip the test is the user is not in the right group

777. By Michael Vogt

ensure mode is 0640 for protected source files

776. By Michael Vogt

user the transaction uid to figure out what group to use and add a test

775. By Michael Vogt

aptdaemon/worker.py: support both admin (if available) and sudo group

774. By Michael Vogt

aptdaemon/worker.py: use root.sudo instead of root.admin as the former is no longer used in ubuntu/debian

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'aptdaemon/worker.py'
2--- aptdaemon/worker.py 2012-01-27 18:09:17 +0000
3+++ aptdaemon/worker.py 2012-03-02 09:15:24 +0000
4@@ -457,16 +457,33 @@
5 raise
6 else:
7 sources.save()
8- # set to sourcesfile root.admin only if there is a password
9+ # set to sourcesfile root.{admin,sudo} or root.sudo only if there
10+ # is a password
11 if password_in_uri and sourcesfile:
12- import grp
13- try:
14- os.chown(sourcesfile, 0, grp.getgrnam("admin")[2])
15- except Exception as e:
16- logging.warn("os.chmod() failed '%s'" % e)
17+ self._protect_sources_list(trans.uid, sourcesfile)
18 finally:
19 os.umask(old_umask)
20
21+ def _protect_sources_list(self, user_uid, sourcesfile, owner_uid=0):
22+ """ this will chown the sourcesfile with either
23+ root.admin or root.sudo permissions
24+ """
25+ import grp,pwd
26+ # ubuntu may either have admin or sudo as the group, figure out
27+ # there which one to use
28+ gid = None
29+ user = pwd.getpwuid(user_uid).pw_name
30+ for group in grp.getgrall():
31+ if (group.gr_name in ["admin", "sudo"] and
32+ user in group.gr_mem):
33+ gid = group.gr_gid
34+ break
35+ try:
36+ os.chmod(sourcesfile, 0640)
37+ os.chown(sourcesfile, owner_uid, gid)
38+ except Exception as e:
39+ logging.warn("os.chmod() failed '%s'" % e)
40+
41 def add_vendor_key_from_keyserver(self, trans, keyid, keyserver):
42 """Add the signing key from the given (keyid, keyserver) to the
43 trusted vendors.
44
45=== modified file 'tests/test_worker.py'
46--- tests/test_worker.py 2012-01-23 10:32:24 +0000
47+++ tests/test_worker.py 2012-03-02 09:15:24 +0000
48@@ -25,9 +25,12 @@
49 import glob
50 import os
51 import shutil
52+import stat
53 import sys
54+import tempfile
55 import unittest
56
57+
58 import apt_pkg
59 from gi.repository import GObject
60 import dbus
61@@ -362,6 +365,7 @@
62 self.worker._cache.open()
63 self.assertEqual(self.worker._cache.broken_count, 0)
64
65+
66 def test_add_license_key_unsecure(self):
67 """Test if we refuse to install license key files to an unsecure
68 location or binaries."""
69@@ -380,6 +384,28 @@
70 self.assertRaises(errors.TransactionFailed,
71 self.worker._add_license_key_to_system,
72 pkg_name, license_key, license_key_path)
73+
74+ def in_sudo_or_admin_group():
75+ import getpass, grp
76+ user = getpass.getuser()
77+ for groupname in ["sudo", "admin"]:
78+ try:
79+ if user in grp.getgrnam(groupname).gr_mem:
80+ return True
81+ except KeyError:
82+ continue
83+ return False
84+ @unittest.skipUnless(in_sudo_or_admin_group(),
85+ "skipped as the user is not in the admin group")
86+ def test_protect_sources_list(self):
87+ uid = os.getuid()
88+ f = tempfile.NamedTemporaryFile()
89+ os.chown(f.name, uid, uid)
90+ self.assertEqual(os.stat(f.name).st_gid, uid)
91+ self.worker._protect_sources_list(uid, f.name, uid)
92+ buf = os.stat(f.name)
93+ self.assertNotEqual(buf.st_gid, uid)
94+ self.assertEqual(stat.S_IMODE(buf.st_mode), 0640)
95
96 def test_add_license_key(self):
97 """Test the installation of license key files."""

Subscribers

People subscribed via source and target branches

to status/vote changes: