Add a support library that provides one function that can be used
to run a "scriplet" of commands through sudo and that helps invoking
sudo in the slightly awkward way that is required to ensure it doesn't
block the call (if shell was allowed as tested in the prerequisite)
and it doesn't run the command through a different shell than the one
we intended.
Add additional negative tests as suggested by Junio and that use a
new workspace that is owned by root.
Note that the specific test that documents that after the previous
changes, it is no longer possible for root (if obtained through sudo)
to NOT add an exception or need a "workaround" to be able to run git
commands in a repository owned by thyself, is marked as a regression
and is expected to be fixed with a future change, which hasn't been
provided yet and that is not part of this series.
Helped-by: Junio C Hamano <gitster@xxxxxxxxx>
Helped-by: Phillip Wood <phillip.wood123@xxxxxxxxx>
Signed-off-by: Carlo Marcelo Arenas Belón <carenas@xxxxxxxxx>
---
t/lib-sudo.sh | 12 +++++++
t/t0034-root-safe-directory.sh | 58 ++++++++++++++++++++++++++++++++++
2 files changed, 70 insertions(+)
create mode 100644 t/lib-sudo.sh
diff --git a/t/lib-sudo.sh b/t/lib-sudo.sh
new file mode 100644
index 0000000000..d8a88fb9db
--- /dev/null
+++ b/t/lib-sudo.sh
@@ -0,0 +1,12 @@
+# Helpers for running git commands under sudo.
+
+# Runs a scriplet passed through stdin under sudo.
+run_with_sudo () {
+ local ret
+ local RUN="$TEST_DIRECTORY/$$.sh"
+ write_script "$RUN" "$TEST_SHELL_PATH"
+ sudo "$TEST_SHELL_PATH" -c "\"$RUN\""
+ ret=$?
+ rm -f "$RUN"
+ return $ret
+}
diff --git a/t/t0034-root-safe-directory.sh b/t/t0034-root-safe-directory.sh
index ecd9dca6b3..5bc416ab81 100755
--- a/t/t0034-root-safe-directory.sh
+++ b/t/t0034-root-safe-directory.sh
@@ -3,6 +3,7 @@
test_description='verify safe.directory checks while running as root'
. ./test-lib.sh
+. "$TEST_DIRECTORY"/lib-sudo.sh
if [ "$GIT_TEST_ALLOW_SUDO" != "YES" ]
then
@@ -10,6 +11,12 @@ then
test_done
fi
+if ! test_have_prereq NOT_ROOT
+then
+ skip_all="These tests do not support running as root"
+ test_done
+fi
+
test_lazy_prereq SUDO '
sudo -n id -u >u &&
id -u root >r &&
@@ -19,6 +26,12 @@ test_lazy_prereq SUDO '
test_cmp u r
'
+if ! test_have_prereq SUDO
+then
+ skip_all="Your sudo/system configuration is either too strict or unsupported"
+ test_done
+fi
+
test_expect_success SUDO 'setup' '
sudo rm -rf root &&
mkdir -p root/r &&
@@ -37,6 +50,51 @@ test_expect_success SUDO 'sudo git status as original owner' '
)
'
+test_expect_success SUDO 'setup root owned repository' '
+ sudo mkdir -p root/p &&
+ sudo git init root/p
+'
+
+test_expect_success 'cannot access if owned by root' '
+ (
+ cd root/p &&
+ test_must_fail git status
+ )
+'
+
+test_expect_failure SUDO 'can access with sudo if root' '
+ (
+ cd root/p &&
+ sudo git status
+ )
+'
+
+test_expect_success SUDO 'can access with sudo using a workaround' '
+ # run sudo twice; would fail is root is not in the sudoers
+ (
+ cd root/p &&
+ sudo sudo git status
+ ) &&
+ # provide explicit GIT_DIR
+ (
+ cd root/p &&
+ run_with_sudo <<-END
+ GIT_DIR=.git &&
+ GIT_WORK_TREE=. &&
+ export GIT_DIR GIT_WORK_TREE &&
+ git status
+ END
+ ) &&
+ # discard SUDO_UID
+ (
+ cd root/p &&
+ run_with_sudo <<-END
+ unset SUDO_UID &&
+ git status
+ END
+ )
+'
+
# this MUST be always the last test
test_expect_success SUDO 'cleanup' '
sudo rm -rf root
--
2.36.1.371.g0fb0ef0c8d
