When running under sudo, the environment gets altered in significant
ways, so make sure that PATH is respected by comparing the full path
to git outside and inside sudo and disabling the tests if they don't
match.
Additionally, invent a way to inject environment variables into that
environment and create a helper function to facilitate running more
than one command under sudo, while using those variables.
Add additional negative tests as suggested by Junio and export the
GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME variable that will be used when
running init in one of those.
Note that in order to be able to call `test_must_fail sudo git status`
or an equivalent test_must_fail will need to be enhanced or be able
to run under sudo, so fixing that has been punted, since the only
protection it affords is for `git status` not crashing, and that is
covered already by other tests.
Helped-by: Junio C Hamano <gitster@xxxxxxxxx>
Signed-off-by: Carlo Marcelo Arenas Belón <carenas@xxxxxxxxx>
---
t/lib-sudo.sh | 31 ++++++++++++++++++
t/t0034-root-safe-directory.sh | 58 ++++++++++++++++++++++++++++++++++
2 files changed, 89 insertions(+)
create mode 100644 t/lib-sudo.sh
diff --git a/t/lib-sudo.sh b/t/lib-sudo.sh
new file mode 100644
index 00000000000..60046927f3b
--- /dev/null
+++ b/t/lib-sudo.sh
@@ -0,0 +1,31 @@
+# Helpers for running git commands under sudo.
+
+# Runs a scriplet passed through stdin under sudo.
+run_with_sudo () {
+ local ret
+ local SH=${1-"$TEST_SHELL_PATH"}
+ local RUN="$HOME/$$.sh"
+ {
+ echo "#!$SH"
+ echo "set -e"
+ echo ". \"$HOME/env\""
+ cat
+ } >"$RUN" &&
+ chmod +x "$RUN" &&
+ sudo "$SH" -c "\"$RUN\""
+ ret=$?
+ rm -f "$RUN"
+ return $ret
+}
+
+# Makes all variables passed as parameters available to the scriplet that
+# run under sudo with run_with_sudo
+export_to_sudo () {
+ while test -n "$1"
+ do
+ local v
+ eval v="\$$1"
+ echo "$1=$v" >>"$HOME/env"
+ shift
+ done
+}
diff --git a/t/t0034-root-safe-directory.sh b/t/t0034-root-safe-directory.sh
index 67dd96b9321..0f79648a2fb 100755
--- a/t/t0034-root-safe-directory.sh
+++ b/t/t0034-root-safe-directory.sh
@@ -3,6 +3,19 @@
test_description='verify safe.directory checks while running as root'
. ./test-lib.sh
+. "$TEST_DIRECTORY"/lib-sudo.sh
+
+if [ "$IKNOWWHATIAMDOING" != "YES" ]
+then
+ skip_all="You must set env var IKNOWWHATIAMDOING=YES in order to run this test"
+ test_done
+fi
+
+if ! test_have_prereq NOT_ROOT
+then
+ skip_all="No, you don't; these tests can't run as root"
+ test_done
+fi
# this prerequisite should be added to all the tests, it not only prevents
# the test from failing but also warms up any authentication cache sudo
@@ -19,6 +32,7 @@ test_lazy_prereq SUDO '
test_expect_success SUDO 'setup' '
sudo rm -rf root &&
mkdir -p root/r &&
+ export_to_sudo GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME &&
sudo chown root root &&
(
cd root/r &&
@@ -34,6 +48,50 @@ test_expect_success SUDO 'sudo git status as original owner' '
)
'
+test_expect_success SUDO 'setup root owned repository' '
+ sudo mkdir -p root/p &&
+ run_with_sudo <<-END
+ git init root/p
+ END
+'
+
+test_expect_success SUDO 'cannot access if owned by root' '
+ (
+ cd root/p &&
+ test_must_fail git status
+ )
+'
+
+test_expect_success SUDO 'cannot access with sudo' '
+ (
+ # TODO: test_must_fail needs additional functionality
+ # 6a67c759489 blocks its use with sudo
+ cd root/p &&
+ ! sudo git status
+ )
+'
+
+test_expect_success SUDO 'can access using a workaround' '
+ # provide explicit GIT_DIR
+ (
+ cd root/p &&
+ run_with_sudo <<-END
+ GIT_DIR=.git
+ GIT_WORK_TREE=.
+ export GIT_DIR GIT_WORK_TREE
+ git status
+ END
+ ) &&
+ # discard SUDO_UID
+ (
+ cd root/p &&
+ run_with_sudo <<-END
+ unset SUDO_UID
+ git status
+ END
+ )
+'
+
# this MUST be always the last test
test_expect_success SUDO 'cleanup' '
sudo rm -rf root
--
2.36.0.352.g0cd7feaf86f
