[Apt-listbugs-commits] [apt-listbugs] 01/04: read hook info through a fd (Closes: #671728)

Francesco Poli frx-guest at alioth.debian.org
Fri Aug 30 17:41:55 UTC 2013


This is an automated email from the git hooks/post-receive script.

frx-guest pushed a commit to branch master
in repository apt-listbugs.

commit 9afccf95262a7d8a8ddc0a42e4f74e5b625999cb
Author: Francesco Poli (wintermute) <invernomuto at paranoici.org>
Date:   Mon Aug 26 22:28:31 2013 +0200

    read hook info through a fd (Closes: #671728)
    
    Package actions (Pre-Install-Pkgs hook information, provided by apt or
    other compatible package manager) is now read from a file descriptor
    (specified in the APT_HOOK_INFO_FD environment variable).
    This way, apt-listbugs no longer needs to explicitly re-open /dev/tty
    and works properly inside su -c "command": this is a better fix for
    bug #662983.
---
 10apt-listbugs            |    1 +
 apt-listbugs              |   32 ++++++++++++++++++++++++++++----
 debian/README.Debian      |   35 ++---------------------------------
 debian/changelog          |    4 ++++
 debian/control            |    3 ++-
 debian/copyright          |    1 +
 lib/apt-listbugs/logic.rb |   33 ++++++---------------------------
 7 files changed, 44 insertions(+), 65 deletions(-)

diff --git a/10apt-listbugs b/10apt-listbugs
index c4ac26b..1652874 100644
--- a/10apt-listbugs
+++ b/10apt-listbugs
@@ -3,4 +3,5 @@
 DPkg::Pre-Install-Pkgs {"/usr/sbin/apt-listbugs apt";};
 DPkg::Tools::Options::/usr/sbin/apt-listbugs "";
 DPkg::Tools::Options::/usr/sbin/apt-listbugs::Version "2";
+DPkg::Tools::Options::/usr/sbin/apt-listbugs::InfoFD "20";
 // AptListbugs::IgnoreRegexp "FTBFS";
diff --git a/apt-listbugs b/apt-listbugs
index 251b5dd..2f234b9 100755
--- a/apt-listbugs
+++ b/apt-listbugs
@@ -7,6 +7,7 @@
 # Copyright (C) 2008-2013  Francesco Poli <invernomuto at paranoici.org>
 # Copyright (C) 2009       Ryan Niebur <ryan at debian.org>
 # Copyright (C) 2012       Justin B Rye <jbr at edlug.org.uk>
+# Copyright (C) 2013       Google Inc
 #
 #  This program is free software; you can redistribute it and/or modify
 #  it under the terms of the GNU General Public License as published by
@@ -119,7 +120,7 @@ apt-listbugs [-h] [-v] [-s <severities>] [-T <tags>] [-S <states>] [-B <bug#>] [
 * -q, --quiet
 
   Don't display progress bar. This option is assumed if stdout is not a
-  terminal or if /dev/tty cannot be opened.
+  terminal.
 
 * -C <apt.conf>, --aptconf <apt.conf>
 
@@ -132,7 +133,7 @@ apt-listbugs [-h] [-v] [-s <severities>] [-T <tags>] [-S <states>] [-B <bug#>] [
 * -n, --force-no
 
   Assumes that you select no for all questions.  This option is
-  assumed if stdout is not a terminal or if /dev/tty cannot be opened.
+  assumed if stdout is not a terminal.
 
 * -d, --debug
 
@@ -143,7 +144,8 @@ apt-listbugs [-h] [-v] [-s <severities>] [-T <tags>] [-S <states>] [-B <bug#>] [
 
 : apt
 
-  Reads package actions from standard input (typically provided by apt
+  Reads package actions from a file descriptor specified in the
+  APT_HOOK_INFO_FD environment variable (typically provided by apt
   or other compatible package manager; Pre-Install-Pkgs hook info
   protocol version 2 is expected - see apt.conf(5) for more details).
 
@@ -171,6 +173,11 @@ apt-listbugs [-h] [-v] [-s <severities>] [-T <tags>] [-S <states>] [-B <bug#>] [
   If http_proxy is set, the value is used for HTTP Proxy, unless
   proxy settings are found in APT configuration (see below).
 
+: APT_HOOK_INFO_FD
+
+  File descriptor from which package actions will be read (apt or other
+  compatible package managers will write information to this file descriptor).
+
 == CONFIGURATION FILE
 
 apt-listbugs understands APT configuration file (see apt.conf). The
@@ -299,7 +306,23 @@ when "apt"
   puts if $DEBUG
   puts "Pre-Install-Pkgs hook info:" if $DEBUG
   state=1
-  STDIN.each { |pkg|
+  apt_hook_fd = ENV["APT_HOOK_INFO_FD"]
+  if apt_hook_fd.nil?
+    $stderr.print _("E: APT_HOOK_INFO_FD is undefined.\n")
+    exit 1
+  end
+  apt_hook_fd = apt_hook_fd.to_i
+  if apt_hook_fd == 0
+    $stderr.print _("E: APT_HOOK_INFO_FD is not correctly defined.\n")
+    exit 1
+  end
+  begin
+    apt_hook_stream = IO.open(apt_hook_fd, 'r')
+  rescue Errno::ENOENT
+    $stderr.puts sprintf(_("E: Cannot read from file descriptor %d"), apt_hook_fd)
+    exit 1
+  end
+  apt_hook_stream.each { |pkg|
     pkg=pkg.rstrip
     case state
     when 1
@@ -363,6 +386,7 @@ when "apt"
       end
     end
   }
+  apt_hook_stream.close
   puts if $DEBUG
 when "list", "rss"
   ARGV.each { |pkg|
diff --git a/debian/README.Debian b/debian/README.Debian
index 1680496..0da5ceb 100644
--- a/debian/README.Debian
+++ b/debian/README.Debian
@@ -53,44 +53,13 @@ If you install www-browser, you can view bug lists in HTML.
 sensible-browser from the sensible-utils package is also available.
 
 
-Need for a controlling terminal (/dev/tty)
-==========================================
+Need for a controlling terminal
+===============================
 
 apt-listbugs requires a controlling terminal for user interaction.
 It will default to non-interactive failure mode if its standard output
 is not a tty.
 
-apt-listbugs will also default to non-interactive failure mode if it
-cannot open /dev/tty when running under an apt session.
-This may happen when apt-listbugs is (directly or indirectly) invoked
-inside su -c "command"; commands invoked this way will have no
-controlling terminal, because of a security fix applied to the package
-login from version 1:4.1.5-1 on (see bug #628843). Hence, if you want
-to use apt-listbugs interactively, please do *not* invoke it (or the
-package manager that will invoke it) through the su -c "command"
-mechanism.
-
-Also, please note that some package managers (such as aptitude, wajig,
-and possibly others), when run as a regular user, tend to gain root
-privileges through the su -c "command" mechanism, for the actions that
-need these privileges.
-Hence, if you want to use apt-listbugs interactively, please become root
-*before* invoking the package manager, as in:
-
-    $ su -
-    Password:
-    # aptitude
-
-or
-
-    $ sudo aptitude
-
-rather than:
-
-    $ aptitude
-
-See bug #662983 for more details on this issue.
-
 
 Current Design Limitation
 =========================
diff --git a/debian/changelog b/debian/changelog
index 5881d2e..246d97f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -18,6 +18,10 @@ apt-listbugs (0.1.10) UNRELEASED; urgency=low
     dropping the ad-hoc HtmlTempfile
   * improved 10apt-listbugs configuration file (enhanced English in a comment,
     dropped redundant exit 10)
+  * fixed "should be able to read hook information through a named pipe"
+    (thanks to Serafeim Zanikolas for the initial patch!) and made
+    apt-listbugs no longer need to explicitly open /dev/tty, this being
+    a better fix for #662983 (Closes: #671728)
 
  -- Francesco Poli (wintermute) <invernomuto at paranoici.org>  Sat, 29 Jun 2013 17:18:26 +0200
 
diff --git a/debian/control b/debian/control
index 48bab5c..bdaffbf 100644
--- a/debian/control
+++ b/debian/control
@@ -11,8 +11,9 @@ Homepage: http://alioth.debian.org/projects/apt-listbugs/
 
 Package: apt-listbugs
 Architecture: all
-Depends: ${misc:Depends}, ruby1.8 (>= 1.8), libruby1.8 (>= 1.8.5), ruby-debian (>= 0.3.3), apt, ruby-gettext (>= 2.1.0), ruby-xmlparser, ruby-httpclient (>= 2.1.5.2-1)
+Depends: ${misc:Depends}, ruby1.8 (>= 1.8), libruby1.8 (>= 1.8.5), ruby-debian (>= 0.3.3), apt (>= 0.9.11), ruby-gettext (>= 2.1.0), ruby-xmlparser, ruby-httpclient (>= 2.1.5.2-1)
 Suggests: reportbug, debianutils (>= 2.0) | www-browser | w3m
+Breaks: libapt-pkg4.12 (<< 0.9.11)
 Description: tool which lists critical bugs before each apt installation
  apt-listbugs is a tool which retrieves bug reports from the Debian Bug
  Tracking System and lists them. Especially, it is intended to be invoked
diff --git a/debian/copyright b/debian/copyright
index 6b0f945..f33f158 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -10,6 +10,7 @@ Copyright (C) 2007       Jean Lepropre <jlepropre at gmail.com>
 Copyright (C) 2008-2013  Francesco Poli <invernomuto at paranoici.org>
 Copyright (C) 2009-2010  Ryan Niebur <ryan at debian.org>
 Copyright (C) 2012       Justin B Rye <jbr at edlug.org.uk>
+Copyright (C) 2013       Google Inc
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
diff --git a/lib/apt-listbugs/logic.rb b/lib/apt-listbugs/logic.rb
index 66dec3c..251a2d6 100644
--- a/lib/apt-listbugs/logic.rb
+++ b/lib/apt-listbugs/logic.rb
@@ -239,19 +239,6 @@ class AppConfig
       exit 1
     end
 
-    if @command == "apt"
-      begin
-        test_tty = File.open("/dev/tty")
-        test_tty.close if test_tty
-      rescue
-        if @yes.nil?
-          $stderr.puts _("W: cannot open /dev/tty - running inside su -c \"command\"? Switching to non-interactive failure mode (see /usr/share/doc/apt-listbugs/README.Debian.gz)")
-          @yes = false
-        end
-        @quiet = true
-      end
-    end
-
     @parser =
       Debian::BTS::Parser::SoapIndex.new(@hostname, @port)
 
@@ -401,7 +388,7 @@ class Viewer
           return false
         when /^#?(\d+)$/
           if @config.querybts != nil
-            system("#{@config.querybts} -u text #{$1} < /dev/tty")
+            system("#{@config.querybts} -u text #{$1}")
           else
             @config.frontend.puts sprintf(_("You must install the reportbug package to be able to do this"))
           end
@@ -665,7 +652,7 @@ class Viewer
       tmp.close
 
       puts "Invoking browser for #{tmp.path}" if $DEBUG
-      browsercommandline = "#{@config.browser} #{tmp.path} < /dev/tty"
+      browsercommandline = "#{@config.browser} #{tmp.path}"
       if system(browsercommandline)
         puts "successfully invoked browser" if $DEBUG
       else
@@ -677,20 +664,19 @@ class Viewer
 
     private
     def clear_stdin(parent = true)
-      fd = @config.frontend.tty
-      flags=fd.fcntl(Fcntl::F_GETFL)
+      flags=$stdin.fcntl(Fcntl::F_GETFL)
       if parent
         while clear_stdin(false)
           nil
         end
       else
         begin
-          fd.read_nonblock(10000000)
+          $stdin.read_nonblock(10000000)
           return true
         rescue Errno::EAGAIN
           return false
         ensure
-          fd.fcntl(Fcntl::F_SETFL, flags)
+          $stdin.fcntl(Fcntl::F_SETFL, flags)
         end
       end
     end
@@ -1073,7 +1059,6 @@ end
 class ConsoleFrontend
 
   def initialize( config )
-    @tty = nil
     @old = ""
     @config = config
   end
@@ -1092,16 +1077,11 @@ class ConsoleFrontend
     $stdout.puts msg
   end
 
-
-  def tty
-    @tty ||= open("/dev/tty")
-  end
-
   def ask(msg)
     $stdout.print "#{msg} "
     $stdout.flush
     line = nil
-    line = self.tty.gets
+    line = $stdin.gets
     if line != nil
       line.chomp!
     end
@@ -1129,7 +1109,6 @@ class ConsoleFrontend
   end
 
   def close
-    @tty.close if @tty
   end
 end
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/apt-listbugs/apt-listbugs.git



More information about the Apt-listbugs-commits mailing list