-
56eb8728
by Remi Gacogne at 2024-04-01T20:52:55+00:00
Add DownloadUser configuration option
The DownloadUser option will be used to drop privledges to the
specified user when downloading files.
The intention is for this to be extended in the future to a more
general sandbox configuration to cover operating on package and
database files prior to verification.
Add this option to pacman configuration and the various accessors into
the libalpm backend.
Signed-off-by: Allan McRae <allan@archlinux.org>
-
ce83cf63
by Remi Gacogne at 2024-04-01T20:52:55+00:00
Provide function for switching user in child processes
Add alpm_sandbox_child() function that will be used for switching to a
less priviledged user to run child processes.
Signed-off-by: Allan McRae <allan@archlinux.org>
-
62c68746
by Remi Gacogne at 2024-04-01T20:52:55+00:00
Add callbacks for sandboxed operations
Add log and download callbacks to use within a sandbox. These are
designed to be passed from the sandbox to the parent through a file
descriptor and then processed into alpm callbacks to be passed to the
frontend.
Note, only callbacks used in libalpm are added. Other callbacks should
be set to NULL in the child process.
-
9667bc6b
by Allan McRae at 2024-04-01T20:52:55+00:00
Expose _alpm_reset_signals() to library
Signed-off-by: Allan McRae <allan@archlinux.org>
-
93a796aa
by Remi Gacogne at 2024-04-01T20:52:55+00:00
Add sandboxed download for the internal downloader
If the SandboxUser configure option is set, the internal downloader
will fork of a child process and drop to the specified user to download
the files.
Signed-off-by: Remi Gacogne <rgacogne@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
-
cf359b0d
by Remi Gacogne at 2024-04-01T20:52:55+00:00
Add support for DownloadUser with XferCommand
Signed-off-by: Allan McRae <allan@archlinux.org>
-
49d51226
by Remi Gacogne at 2024-04-01T20:52:55+00:00
Document DownloadUser
Signed-off-by: Allan McRae <allan@archlinux.org>
-
04d04381
by Allan McRae at 2024-04-01T20:52:55+00:00
libalpm: fill in more payload information before passing to downloader
Filling in more of the payload fields before passing to the downloader ensures
that the these fields do not get lost during sandboxed operations.
It also fixes the use of -U with XferCommand, but testsuite still fails due to
"404" page being downloaded for the signature. Given we can not identify this
as being a non-signature download with the XferCommand, we can just turn off
signature checking in this test.
Signed-off-by: Allan McRae <allan@archlinux.org>
-
26b7b353
by Allan McRae at 2024-04-01T20:52:55+00:00
Remove random_partfile from payload struct
It is not used any more due to filling the payload structure earlier.
Signed-off-by: Allan McRae <allan@archlinux.org>
-
5e9bff62
by Remi Gacogne at 2024-04-01T20:52:55+00:00
Stop trusting the Content-Disposition HTTP header
-
0b6df551
by Andrew Gregory at 2024-04-01T20:52:55+00:00
pactest: Add basic sandboxed download tests
Signed-off-by: Allan McRae <allan@archlinux.org>
-
11c8eca9
by Andrew Gregory at 2024-04-01T20:52:55+00:00
pactest: test database downloads with optional signatures
Signed-off-by: Allan McRae <allan@archlinux.org>
-
e1a7b83e
by Remi Gacogne at 2024-04-01T20:52:55+00:00
Download to a temporary directory owned by the Download user
Signed-off-by: Remi Gacogne <rgacogne@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
-
cfa68f7b
by Remi Gacogne at 2024-04-01T20:52:55+00:00
Restore partially downloaded files to the temporary directory
This allows downloads to be continued.
Signed-off-by: Allan McRae <allan@archlinux.org>