From c06102498277e009fc7f8b68e187db104cb1f26f Mon Sep 17 00:00:00 2001
From: Leonid Pliushch <leonid.pliushch@gmail.com>
Date: Wed, 3 Feb 2021 22:19:43 +0200
Subject: [PATCH] apt: update patches

***

This commit contains further changes to user agent string in addition
to introduced in fd66e2fe2920cdcf39006643c1341ae27f3029d9.

Now it will send installation prefix obtained by /proc/self/exe. It
should resist patching `apt` with sed or in other way. Reminding that
installation prefix provided in user agent http header is intended for
distinguishing Termux from derivatives.

Here are sample lines from my mirror logs showing usage of Termux repo
by third-party projects:
```
162.158.103.43 - - [21/Jan/2021:09:46:43 +0200] "GET /dists/stable/Release HTTP/1.1" 304 0 "-" "Termux-PKG/1.0 mirror-checker (termux-tools 0.104) Termux (pl.sviete.dom; install-prefix:/data/data/pl.sviete.dom/files/usr)"
162.158.210.8 - - [20/Jan/2021:06:24:54 +0200] "GET /dists/stable/InRelease HTTP/1.1" 404 146 "-" "Debian APT-HTTP/1.3 (2.1.15) Termux (vn.vhn.vsc; install-prefix:/data/data/vn.vhn.vsc/files/usr)"
162.158.210.142 - - [20/Jan/2021:06:24:54 +0200] "GET /dists/stable/Release.gpg HTTP/1.1" 304 0 "-" "Debian APT-HTTP/1.3 (2.1.15) Termux (vn.vhn.vsc; install-prefix:/data/data/vn.vhn.vsc/files/usr)"
```

***

CloudFlare firewall for termux.org and termux-mirror.ml hosts would be
adjusted to block all requests which do not have install-prefix set or
if the latter doesn't match one of the Termux.
---
 packages/apt/0003-no-srv-records.patch | 41 ++++++++++-----------
 packages/apt/0012-termux-id.patch      | 49 ++++++++++++++++++++++----
 2 files changed, 63 insertions(+), 27 deletions(-)

diff --git a/packages/apt/0003-no-srv-records.patch b/packages/apt/0003-no-srv-records.patch
index 5935aee2f..97a61be36 100644
--- a/packages/apt/0003-no-srv-records.patch
+++ b/packages/apt/0003-no-srv-records.patch
@@ -1,6 +1,6 @@
-diff -uNr apt-2.1.11/apt-pkg/contrib/srvrec.cc apt-2.1.11.mod/apt-pkg/contrib/srvrec.cc
---- apt-2.1.11/apt-pkg/contrib/srvrec.cc	2020-10-21 12:53:18.000000000 +0300
-+++ apt-2.1.11.mod/apt-pkg/contrib/srvrec.cc	2020-11-05 16:37:46.301044740 +0200
+diff -uNr apt-2.1.18/apt-pkg/contrib/srvrec.cc apt-2.1.18.mod/apt-pkg/contrib/srvrec.cc
+--- apt-2.1.18/apt-pkg/contrib/srvrec.cc	2021-01-13 18:37:30.000000000 +0200
++++ apt-2.1.18.mod/apt-pkg/contrib/srvrec.cc	2021-02-03 21:38:17.382553856 +0200
 @@ -6,6 +6,7 @@
  
     ##################################################################### */
@@ -14,9 +14,9 @@ diff -uNr apt-2.1.11/apt-pkg/contrib/srvrec.cc apt-2.1.11.mod/apt-pkg/contrib/sr
     return selected;
  }
 +#endif
-diff -uNr apt-2.1.11/apt-pkg/contrib/srvrec.h apt-2.1.11.mod/apt-pkg/contrib/srvrec.h
---- apt-2.1.11/apt-pkg/contrib/srvrec.h	2020-10-21 12:53:18.000000000 +0300
-+++ apt-2.1.11.mod/apt-pkg/contrib/srvrec.h	2020-11-05 16:37:46.301044740 +0200
+diff -uNr apt-2.1.18/apt-pkg/contrib/srvrec.h apt-2.1.18.mod/apt-pkg/contrib/srvrec.h
+--- apt-2.1.18/apt-pkg/contrib/srvrec.h	2021-01-13 18:37:30.000000000 +0200
++++ apt-2.1.18.mod/apt-pkg/contrib/srvrec.h	2021-02-03 21:38:17.386553898 +0200
 @@ -8,6 +8,7 @@
  									/*}}}*/
  #ifndef SRVREC_H
@@ -30,9 +30,9 @@ diff -uNr apt-2.1.11/apt-pkg/contrib/srvrec.h apt-2.1.11.mod/apt-pkg/contrib/srv
  
  #endif
 +#endif
-diff -uNr apt-2.1.11/cmdline/apt-helper.cc apt-2.1.11.mod/cmdline/apt-helper.cc
---- apt-2.1.11/cmdline/apt-helper.cc	2020-10-21 12:53:18.000000000 +0300
-+++ apt-2.1.11.mod/cmdline/apt-helper.cc	2020-11-05 16:37:46.301044740 +0200
+diff -uNr apt-2.1.18/cmdline/apt-helper.cc apt-2.1.18.mod/cmdline/apt-helper.cc
+--- apt-2.1.18/cmdline/apt-helper.cc	2021-01-13 18:37:30.000000000 +0200
++++ apt-2.1.18.mod/cmdline/apt-helper.cc	2021-02-03 21:38:17.386553898 +0200
 @@ -106,6 +106,7 @@
  
     return true;
@@ -49,7 +49,7 @@ diff -uNr apt-2.1.11/cmdline/apt-helper.cc apt-2.1.11.mod/cmdline/apt-helper.cc
  static const APT::Configuration::Compressor *FindCompressor(std::vector<APT::Configuration::Compressor> const &compressors, std::string const &name) /*{{{*/
  {
     APT::Configuration::Compressor const * compressor = NULL;
-@@ -303,7 +305,9 @@
+@@ -311,7 +313,9 @@
  {
     return {
         {"download-file", &DoDownloadFile, _("download the given uri to the target-path")},
@@ -59,9 +59,9 @@ diff -uNr apt-2.1.11/cmdline/apt-helper.cc apt-2.1.11.mod/cmdline/apt-helper.cc
         {"cat-file", &DoCatFile, _("concatenate files, with automatic decompression")},
         {"auto-detect-proxy", &DoAutoDetectProxy, _("detect proxy using apt.conf")},
         {"wait-online", &DoWaitOnline, _("wait for system to be online")},
-diff -uNr apt-2.1.11/methods/connect.cc apt-2.1.11.mod/methods/connect.cc
---- apt-2.1.11/methods/connect.cc	2020-10-21 12:53:18.000000000 +0300
-+++ apt-2.1.11.mod/methods/connect.cc	2020-11-05 16:42:47.459060807 +0200
+diff -uNr apt-2.1.18/methods/connect.cc apt-2.1.18.mod/methods/connect.cc
+--- apt-2.1.18/methods/connect.cc	2021-01-13 18:37:30.000000000 +0200
++++ apt-2.1.18.mod/methods/connect.cc	2021-02-03 21:41:48.220687372 +0200
 @@ -49,7 +49,9 @@
  static struct addrinfo *LastHostAddr = 0;
  static struct addrinfo *LastUsed = 0;
@@ -72,17 +72,18 @@ diff -uNr apt-2.1.11/methods/connect.cc apt-2.1.11.mod/methods/connect.cc
  
  // Set of IP/hostnames that we timed out before or couldn't resolve
  static std::set<std::string> bad_addr;
-@@ -486,6 +488,9 @@
-    if (ConnectionAllowed(Service, Host) == false)
-       return ResultState::FATAL_ERROR;
+@@ -486,6 +488,10 @@
+    // Used by getaddrinfo(); prefer port if given, else fallback to service
+    std::string ServiceNameOrPort = Port != 0 ? std::to_string(Port) : Service;
  
-+size_t stackSize = 0;
++   size_t stackSize = 0;
 +
 +#ifndef __ANDROID__
-    if(LastHost != Host || LastPort != Port)
++
+    if(LastHost != Host || LastService != ServiceNameOrPort)
     {
        SrvRecords.clear();
-@@ -503,7 +508,6 @@
+@@ -503,7 +509,6 @@
        }
     }
  
@@ -90,7 +91,7 @@ diff -uNr apt-2.1.11/methods/connect.cc apt-2.1.11.mod/methods/connect.cc
     // try to connect in the priority order of the srv records
     std::string initialHost{std::move(Host)};
     auto const initialPort = Port;
-@@ -525,6 +529,7 @@
+@@ -525,6 +530,7 @@
     }
     Host = std::move(initialHost);
     Port = initialPort;
diff --git a/packages/apt/0012-termux-id.patch b/packages/apt/0012-termux-id.patch
index f9718de01..cd69d2cf3 100644
--- a/packages/apt/0012-termux-id.patch
+++ b/packages/apt/0012-termux-id.patch
@@ -1,22 +1,57 @@
-diff -uNr apt-2.1.14/methods/http.cc apt-2.1.14.mod/methods/http.cc
---- apt-2.1.14/methods/http.cc	2020-12-15 15:07:36.000000000 +0200
-+++ apt-2.1.14.mod/methods/http.cc	2020-12-24 16:23:15.722168489 +0200
-@@ -341,7 +341,7 @@
+diff -uNr apt-2.1.18/methods/http.cc apt-2.1.18.mod/methods/http.cc
+--- apt-2.1.18/methods/http.cc	2021-01-13 18:37:30.000000000 +0200
++++ apt-2.1.18.mod/methods/http.cc	2021-02-03 22:06:04.242782879 +0200
+@@ -341,7 +341,26 @@
        Req << "Proxy-Authorization: Basic "
  	  << Base64Encode(Proxy.User + ":" + Proxy.Password) << "\r\n";
  
 -   Req << "User-Agent: " << Owner->ConfigFind("User-Agent", "Debian APT-HTTP/1.3 (" PACKAGE_VERSION ")") << "\r\n";
-+   Req << "User-Agent: Debian APT-HTTP/1.3 (" PACKAGE_VERSION ") Termux (@TERMUX_APP_PACKAGE@; install-prefix:@TERMUX_PREFIX@)" << "\r\n";
++   // Determine the actual installation prefix to send as part of user-agent string.
++   // Mirrors can use this information to distinguish legit Termux installations from
++   // third parties using Termux repositories.
++   char binPath[PATH_MAX] = {0};
++   ssize_t binPathLen = readlink("/proc/self/exe", binPath, sizeof(binPath)-1);
++   if (binPathLen != -1) {
++      binPath[binPathLen] = '\0';
++
++      char *aptMethodsSub = strstr(binPath, "/lib/apt/methods");
++      if (aptMethodsSub) {
++         // Cut /lib/apt/methods.. from prefix, if possible.
++         aptMethodsSub[0] = '\0';
++      }
++   } else {
++      // Use hardcoded as fallback.
++      // Mostly useless as will help to detect only binary-patched apt.
++      strncpy(binPath, "@TERMUX_PREFIX@", PATH_MAX - 1);
++   }
++
++   Req << "User-Agent: Debian APT-HTTP/1.3 (" PACKAGE_VERSION ") Termux (@TERMUX_APP_PACKAGE@; install-prefix:" << binPath <<")" << "\r\n";
  
     Req << "\r\n";
  
-@@ -955,8 +955,7 @@
+@@ -954,8 +973,23 @@
        Req << "Authorization: Basic "
  	 << Base64Encode(Uri.User + ":" + Uri.Password) << "\r\n";
  
 -   Req << "User-Agent: " << ConfigFind("User-Agent",
 -		"Debian APT-HTTP/1.3 (" PACKAGE_VERSION ")");
-+   Req << "User-Agent: Debian APT-HTTP/1.3 (" PACKAGE_VERSION ") Termux (@TERMUX_APP_PACKAGE@; install-prefix:@TERMUX_PREFIX@)";
++   char binPath[PATH_MAX] = {0};
++   ssize_t binPathLen = readlink("/proc/self/exe", binPath, sizeof(binPath)-1);
++   if (binPathLen != -1) {
++      binPath[binPathLen] = '\0';
++
++      char *aptMethodsSub = strstr(binPath, "/lib/apt/methods");
++      if (aptMethodsSub) {
++         // Cut /lib/apt/methods.. from prefix, if possible.
++         aptMethodsSub[0] = '\0';
++      }
++   } else {
++      // Use hardcoded as fallback.
++      // Mostly useless as will help to detect only binary-patched apt.
++      strncpy(binPath, "@TERMUX_PREFIX@", PATH_MAX - 1);
++   }
++
++   Req << "User-Agent: Debian APT-HTTP/1.3 (" PACKAGE_VERSION ") Termux (@TERMUX_APP_PACKAGE@; install-prefix:" << binPath << ")";
  
  #ifdef HAVE_SYSTEMD
     if (ConfigFindB("User-Agent-Non-Interactive", false))