In a previous commit the functionality for fixing this regression was
implemented, so add the basic infrastructure needed to run sudo and
implement some tests with it.
This new test is meant to be mainly run in CI and therefore assumes
that the system where it runs provides passwordless sudo to root and
doesn't sanitize the path.
All tests should depend on the new SUDO prerequisite which validates
that setup is available but it could also run locally, with the right
configuration and maybe making use of the sudo credential cache by
first invoking sudo, entering your password if needed, and then
invoking the test by doing:
$ IKNOWWHATIAMDOING=YES ./t0034-root-safe-directory.sh
It is slightly awkward as it needs to run its own clean up task at
the end to remove the root owned directories and that the test
framework can't yet manage, can't use the library inside sudo and
it creates its own subtree and repositories while ignoring the one
provided by the framework, but improving that has been punted for now.
Signed-off-by: Carlo Marcelo Arenas Belón <carenas@xxxxxxxxx>
Signed-off-by: Junio C Hamano <gitster@xxxxxxxxx>
---
t/t0034-root-safe-directory.sh | 87 ++++++++++++++++++++++++++++++++++
1 file changed, 87 insertions(+)
create mode 100755 t/t0034-root-safe-directory.sh
diff --git a/t/t0034-root-safe-directory.sh b/t/t0034-root-safe-directory.sh
new file mode 100755
index 00000000000..fb54a2fb851
--- /dev/null
+++ b/t/t0034-root-safe-directory.sh
@@ -0,0 +1,87 @@
+#!/bin/sh
+
+test_description='verify safe.directory checks while running as root'
+
+. ./test-lib.sh
+
+if [ "$IKNOWWHATIAMDOING" != "YES" ]; then
+ skip_all="You must set env var IKNOWWHATIAMDOING=YES in order to run this test"
+ test_done
+fi
+
+is_root() {
+ test -n "$1" && CMD="sudo -n"
+ test $($CMD id -u) = $(id -u root)
+}
+
+test_lazy_prereq SUDO '
+ is_root sudo &&
+ ! sudo grep -E '^[^#].*secure_path' /etc/sudoers
+'
+
+test_lazy_prereq ROOT '
+ is_root
+'
+
+test_expect_success SUDO 'setup' '
+ sudo rm -rf root &&
+ mkdir -p root/r &&
+ sudo chown root root &&
+ (
+ cd root/r &&
+ git init
+ )
+'
+
+test_expect_success SUDO 'sudo git status as original owner' '
+ (
+ cd root/r &&
+ git status &&
+ sudo git status
+ )
+'
+
+test_expect_success SUDO 'setup root owned repository' '
+ sudo mkdir -p root/p &&
+ sudo git init root/p
+'
+
+test_expect_success SUDO,!ROOT 'can access if owned by root' '
+ (
+ cd root/p &&
+ test_must_fail git status
+ )
+'
+
+test_expect_success SUDO,!ROOT 'can access with sudo' '
+ # fail to access using sudo
+ (
+ # TODO: test_must_fail missing functionality
+ cd root/p &&
+ ! sudo git status
+ )
+'
+
+test_expect_success SUDO 'can access with workaround' '
+ # provide explicit GIT_DIR
+ (
+ cd root/p &&
+ sudo sh -c "
+ GIT_DIR=.git GIT_WORK_TREE=. git status
+ "
+ ) &&
+ # discard SUDO_UID
+ (
+ cd root/p &&
+ sudo sh -c "
+ unset SUDO_UID &&
+ git status
+ "
+ )
+'
+
+test_expect_success SUDO 'cleanup' '
+ sudo rm -rf root
+'
+
+test_done
--
2.36.0.352.g0cd7feaf86f
