Switching to a more "soft" solution which will be focused on apt only.
Apt will now send an application package name (com.termux) and prefix
(/data/data/com.termux/files/usr) as part of user-agent string. That
will allow to distinguish real Termux users from parties which download
our packages and binary-patching them for the custom prefix.
Note that this will disable user's possibility to set custom User-Agent
for apt.
In issue https://github.com/termux/termux-packages/issues/6160 I have found
that community repo "its-pointless.github.io" specifies us as maintainer
for its packages. This is NOT TRUE and potentially misleads people using
these packages.
Now TERMUX_PKG_MAINTAINER will contain a default value which is neutral
and not specify maintainer. So all packages now have to override it to
the correct value.
[skip ci]
%ci:no-build
Add a small stub which verifies whether /data/data/com.termux/files/usr is readable
into few important packages such like Bash or APT. If this check fails, e.g.
in case if binary was executed in program with different package name (non-Termux),
program will print warning and exit with error status immediately.
This should prevent use of prebuilt packages by third-party applications.
NOTE: for now it uses /data/data/com.termux/files/usr in reversed order to
prevent automatic "blind" patching with sed. Will replace with randomized
XOR-based variant in case if that measure won't be enough.
During repository updates & cleanup there can be a short period of time
when repository metadata is not consistent. There may appear an error
like
E: The repository 'https://termux.org/package stable Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
but it may not be clear for some users what can cause the issue.
This commit improves the situation a bit.
Usage of package manager as root has certain bad effects in Termux such as
messed up SELinux contexts and ownership. Root checks done in 'pkg' wrapper
are not reliable because one can execute 'apt' directly or with third-party
script downloaded from the Internet.
This commit adds user id check and if it found that uid is 0, apt will
refuse to do any work in root session. These checks done in such way so
they cannot be bypassed in any way unless command is executed as non-root
user.
Those who use Termux via ADB root shell should be able to switch to Termux
user id with command 'su' in order to have package manager working.
---
This change also affects the 'termux-info' utility:
* It will no longer use 'apt policy' to detect subscribed repositories. Each
source will be checked by script manually.
* Information will be copied to clipboard only if 'termux-api' is installed.
* Syntax error in timeout command is fixed: 'timeout' doesn't understand the
argument '-t'.
* Minor information entries reordering.