From 45f1fd73d0b62ce6422365a935abc317718ea142 Mon Sep 17 00:00:00 2001 From: Varun Varma Date: Thu, 14 May 2026 17:20:28 +0200 Subject: Warn if auth.conf is unreadable (LP: #2150631) LP: #2150631 is a bug where trying to access an authentication-locked repo without root sends a 401 error, which is misleading since the authentication information could be in auth.conf.d, but just inaccessible without root. This adds a warning in that scenario, as well as an integration test. --- ...t-ubuntu-bug-2150631-authconf-unreadable-source | 37 ++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100755 test/integration/test-ubuntu-bug-2150631-authconf-unreadable-source (limited to 'test') diff --git a/test/integration/test-ubuntu-bug-2150631-authconf-unreadable-source b/test/integration/test-ubuntu-bug-2150631-authconf-unreadable-source new file mode 100755 index 000000000..0a22e8f83 --- /dev/null +++ b/test/integration/test-ubuntu-bug-2150631-authconf-unreadable-source @@ -0,0 +1,37 @@ +#!/bin/sh +set -e + +TESTDIR="$(readlink -f "$(dirname "$0")")" +. "$TESTDIR/framework" + +setupenvironment +configarchitecture "amd64" + +if [ "$(id -u)" = '0' ]; then + msgskip "Tests for unreadable auth.conf files do not work as root" + exit 0 +fi + +buildsimplenativepackage "foo" "all" "1" +setupaptarchive --no-update + +changetohttpswebserver --authorization="$(printf '%s' 'star@irc:hunter2' | base64 )" +rewritesourceslist "https://localhost:${APTHTTPSPORT}/" + +AUTHCONF="${TMPWORKINGDIRECTORY}/rootdir/etc/apt/auth.conf.d/private.conf" +mkdir -p "$(dirname "$AUTHCONF")" +printf '%s\n' \ + "machine https://localhost" \ + "login star@irc" \ + "password hunter2" > "$AUTHCONF" +chmod 600 "$AUTHCONF" + +testsuccess aptget update + +chmod 000 "$AUTHCONF" +testfailure aptget source -d foo + +OUTPUT="${TMPWORKINGDIRECTORY}/rootdir/tmp/testfailure.output" +testsuccess grep -F "Authentication credentials may be configured in ${AUTHCONF}" "$OUTPUT" +testsuccess grep -F "not readable by the current user. Try running this command as root." "$OUTPUT" +testsuccess grep -E "401[[:space:]]+Unauthorized" "$OUTPUT" -- cgit v1.2.3-70-g09d2