termux-packages/packages/apt/0012-termux-id.patch
Leonid Pliushch c061024982
apt: update patches
***

This commit contains further changes to user agent string in addition
to introduced in fd66e2fe29.

Now it will send installation prefix obtained by /proc/self/exe. It
should resist patching `apt` with sed or in other way. Reminding that
installation prefix provided in user agent http header is intended for
distinguishing Termux from derivatives.

Here are sample lines from my mirror logs showing usage of Termux repo
by third-party projects:
```
162.158.103.43 - - [21/Jan/2021:09:46:43 +0200] "GET /dists/stable/Release HTTP/1.1" 304 0 "-" "Termux-PKG/1.0 mirror-checker (termux-tools 0.104) Termux (pl.sviete.dom; install-prefix:/data/data/pl.sviete.dom/files/usr)"
162.158.210.8 - - [20/Jan/2021:06:24:54 +0200] "GET /dists/stable/InRelease HTTP/1.1" 404 146 "-" "Debian APT-HTTP/1.3 (2.1.15) Termux (vn.vhn.vsc; install-prefix:/data/data/vn.vhn.vsc/files/usr)"
162.158.210.142 - - [20/Jan/2021:06:24:54 +0200] "GET /dists/stable/Release.gpg HTTP/1.1" 304 0 "-" "Debian APT-HTTP/1.3 (2.1.15) Termux (vn.vhn.vsc; install-prefix:/data/data/vn.vhn.vsc/files/usr)"
```

***

CloudFlare firewall for termux.org and termux-mirror.ml hosts would be
adjusted to block all requests which do not have install-prefix set or
if the latter doesn't match one of the Termux.
2021-02-03 22:33:22 +02:00

58 lines
2.4 KiB
Diff

diff -uNr apt-2.1.18/methods/http.cc apt-2.1.18.mod/methods/http.cc
--- apt-2.1.18/methods/http.cc 2021-01-13 18:37:30.000000000 +0200
+++ apt-2.1.18.mod/methods/http.cc 2021-02-03 22:06:04.242782879 +0200
@@ -341,7 +341,26 @@
Req << "Proxy-Authorization: Basic "
<< Base64Encode(Proxy.User + ":" + Proxy.Password) << "\r\n";
- Req << "User-Agent: " << Owner->ConfigFind("User-Agent", "Debian APT-HTTP/1.3 (" PACKAGE_VERSION ")") << "\r\n";
+ // Determine the actual installation prefix to send as part of user-agent string.
+ // Mirrors can use this information to distinguish legit Termux installations from
+ // third parties using Termux repositories.
+ char binPath[PATH_MAX] = {0};
+ ssize_t binPathLen = readlink("/proc/self/exe", binPath, sizeof(binPath)-1);
+ if (binPathLen != -1) {
+ binPath[binPathLen] = '\0';
+
+ char *aptMethodsSub = strstr(binPath, "/lib/apt/methods");
+ if (aptMethodsSub) {
+ // Cut /lib/apt/methods.. from prefix, if possible.
+ aptMethodsSub[0] = '\0';
+ }
+ } else {
+ // Use hardcoded as fallback.
+ // Mostly useless as will help to detect only binary-patched apt.
+ strncpy(binPath, "@TERMUX_PREFIX@", PATH_MAX - 1);
+ }
+
+ Req << "User-Agent: Debian APT-HTTP/1.3 (" PACKAGE_VERSION ") Termux (@TERMUX_APP_PACKAGE@; install-prefix:" << binPath <<")" << "\r\n";
Req << "\r\n";
@@ -954,8 +973,23 @@
Req << "Authorization: Basic "
<< Base64Encode(Uri.User + ":" + Uri.Password) << "\r\n";
- Req << "User-Agent: " << ConfigFind("User-Agent",
- "Debian APT-HTTP/1.3 (" PACKAGE_VERSION ")");
+ char binPath[PATH_MAX] = {0};
+ ssize_t binPathLen = readlink("/proc/self/exe", binPath, sizeof(binPath)-1);
+ if (binPathLen != -1) {
+ binPath[binPathLen] = '\0';
+
+ char *aptMethodsSub = strstr(binPath, "/lib/apt/methods");
+ if (aptMethodsSub) {
+ // Cut /lib/apt/methods.. from prefix, if possible.
+ aptMethodsSub[0] = '\0';
+ }
+ } else {
+ // Use hardcoded as fallback.
+ // Mostly useless as will help to detect only binary-patched apt.
+ strncpy(binPath, "@TERMUX_PREFIX@", PATH_MAX - 1);
+ }
+
+ Req << "User-Agent: Debian APT-HTTP/1.3 (" PACKAGE_VERSION ") Termux (@TERMUX_APP_PACKAGE@; install-prefix:" << binPath << ")";
#ifdef HAVE_SYSTEMD
if (ConfigFindB("User-Agent-Non-Interactive", false))