Carlo Marcelo Arenas Belón <carenas@xxxxxxxxx> writes: > Add a support library that provides one function that can be used > to run a "scriplet" of commands through sudo and that helps invoking > sudo in the slightly awkward way that is required to ensure it doesn't > block the call (if shell was allowed as tested in the prerequisite) > and it doesn't run the command through a different shell than the one > we intended. > > Add additional negative tests as suggested by Junio and that use a > new workspace that is owned by root. > > Document a regression that was introduced by previous commits where > root won't be able anymore to access directories they own unless > SUDO_UID is removed from their environment. > > The tests document additional ways that this new restriction could > be worked around and the documentation explains why it might be instead > considered a feature, but a "fix" is planned for a future change. > > Helped-by: Junio C Hamano <gitster@xxxxxxxxx> > Helped-by: Phillip Wood <phillip.wood123@xxxxxxxxx> > Signed-off-by: Carlo Marcelo Arenas Belón <carenas@xxxxxxxxx> > Signed-off-by: Junio C Hamano <gitster@xxxxxxxxx> > --- > t/lib-sudo.sh | 15 ++++++++ > t/t0034-root-safe-directory.sh | 62 ++++++++++++++++++++++++++++++++++ > 2 files changed, 77 insertions(+) > create mode 100644 t/lib-sudo.sh Heh. I am a bit surprised that double sudo would become a separate prerequisite, instead of a new part of SUDO prerequisite. After all we expect from SUDO prerequisite quite a lot (e.g. most sane installatios facing end-users will futz with $PATH, but we require not to do so to satisfy the SUDO prereq) and it is already very narrowly targetted to a throw-away CI environment whose sudo basically lets us do anything. But that is not a serious enough "thing" to trigger a reroll. This step looks good to me (others I'll comment later). Thanks.
