Bug#986284: update InRelease files in place and changes owner and mode in the process
Package: apt
Version: 2.2.2
Severity: minor
Hi,
when doing apt update, InRelease files seem to be downloaded and
upgraded in place. While this happens, the file's owner/mode changes
from root:root 644 to _apt:root 640 and back after a few seconds.
A simultaneously running aide (https://tracker.debian.org/pkg/aide)
process might pick this up and put it in a report. This has actually
happened (I have a black thumb for software).
While the file is still identical after the download, triggering this
behavior is somewhat unlikely, but I would still prefer if apt
downloaded InRelease files to a temporary file name and then rename the
new file in place iff the new contents differs fromt the old one
(keeping even the inode number the same in the 'did not change' case).
I did a few tests and have only found this behavior for InRelease files.
But of course, I'd love to have this behavior for all flies that apt
downloads and keeps around during its operation.
This is by no means somthing that needs to be fixed before the bullseye
release. Thanks for your consideration!
Greetings
Marc
-- System Information:
Debian Release: bullseye/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.11.10-zgws1 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8), LANGUAGE=en
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages apt depends on:
ii adduser 3.118
ii debian-archive-keyring 2021.1.1
ii gpgv 2.2.27-1
ii libapt-pkg6.0 2.2.2
ii libc6 2.31-10
ii libgcc-s1 10.2.1-6
ii libgnutls30 3.7.1-1
ii libseccomp2 2.5.1-1
ii libstdc++6 10.2.1-6
ii libsystemd0 247.3-3
Versions of packages apt recommends:
ii ca-certificates 20210119
Versions of packages apt suggests:
ii apt-doc 2.2.2
ii aptitude 0.8.13-3
ii dpkg-dev 1.20.7.1
ii gnupg 2.2.27-1
ii gnupg2 2.2.27-1
ii powermgmt-base 1.36
-- no debconf information
Reply to: