From 77361331ae3864c6ea880e715c5864d59336f275 Mon Sep 17 00:00:00 2001
From: Allan McRae <allan@archlinux.org>
Date: Thu, 5 Sep 2024 17:29:40 +1000
Subject: [PATCH] libalpm: only chown downloaded files when running as root

Some libaplm utilities sync databases as a non-root user for use in
actvities other than system updates.  The ability to download as a
non-root user was broken as part of the download sandboxing.

Applying a minimial fix by preventing the chown of the downloaded file
if the user is non-root.  A larger change increasing the robustness
and error checking of this path is warranted in the future.

Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit 7bc5d55b56f41518e0a53eed13d4c523aea848e5)
---
 lib/libalpm/dload.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/libalpm/dload.c b/lib/libalpm/dload.c
index 77c4cea9..9c0ef941 100644
--- a/lib/libalpm/dload.c
+++ b/lib/libalpm/dload.c
@@ -76,13 +76,16 @@ static mode_t _getumask(void)
 static int finalize_download_file(const char *filename)
 {
 	struct stat st;
+	uid_t myuid = getuid();
 	ASSERT(filename != NULL, return -1);
 	ASSERT(stat(filename, &st) == 0, return -1);
 	if(st.st_size == 0) {
 		unlink(filename);
                 return 1;
 	}
-	ASSERT(chown(filename, 0, 0) != -1, return -1);
+	if(myuid == 0) {
+		ASSERT(chown(filename, 0, 0) != -1, return -1);
+	}
 	ASSERT(chmod(filename, ~(_getumask()) & 0666) != -1, return -1);
 	return 0;
 }