git@vger.kernel.org list mirror (unofficial, one of many)
 help / color / mirror / code / Atom feed
0f79648a2fb6dc3085cc30cecc2a6232b6afbffa blob 1893 bytes (raw)

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
 
#!/bin/sh

test_description='verify safe.directory checks while running as root'

. ./test-lib.sh
. "$TEST_DIRECTORY"/lib-sudo.sh

if [ "$IKNOWWHATIAMDOING" != "YES" ]
then
	skip_all="You must set env var IKNOWWHATIAMDOING=YES in order to run this test"
	test_done
fi

if ! test_have_prereq NOT_ROOT
then
	skip_all="No, you don't; these tests can't run as root"
	test_done
fi

# this prerequisite should be added to all the tests, it not only prevents
# the test from failing but also warms up any authentication cache sudo
# might need to avoid asking for a password
test_lazy_prereq SUDO '
	sudo -n id -u >u &&
	id -u root >r &&
	test_cmp u r &&
	command -v git >u &&
	sudo command -v git >r &&
	test_cmp u r
'

test_expect_success SUDO 'setup' '
	sudo rm -rf root &&
	mkdir -p root/r &&
	export_to_sudo GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME &&
	sudo chown root root &&
	(
		cd root/r &&
		git init
	)
'

test_expect_success SUDO 'sudo git status as original owner' '
	(
		cd root/r &&
		git status &&
		sudo git status
	)
'

test_expect_success SUDO 'setup root owned repository' '
	sudo mkdir -p root/p &&
	run_with_sudo <<-END
		git init root/p
	END
'

test_expect_success SUDO 'cannot access if owned by root' '
	(
		cd root/p &&
		test_must_fail git status
	)
'

test_expect_success SUDO 'cannot access with sudo' '
	(
		# TODO: test_must_fail needs additional functionality
		# 6a67c759489 blocks its use with sudo
		cd root/p &&
		! sudo git status
	)
'

test_expect_success SUDO 'can access using a workaround' '
	# provide explicit GIT_DIR
	(
		cd root/p &&
		run_with_sudo <<-END
			GIT_DIR=.git
			GIT_WORK_TREE=.
			export GIT_DIR GIT_WORK_TREE
			git status
		END
	) &&
	# discard SUDO_UID
	(
		cd root/p &&
		run_with_sudo <<-END
			unset SUDO_UID
			git status
		END
	)
'

# this MUST be always the last test
test_expect_success SUDO 'cleanup' '
	sudo rm -rf root
'

test_done
debug log:

solving 0f79648a2fb ...
found 0f79648a2fb in https://public-inbox.org/git/20220502183920.88982-4-carenas@gmail.com/
found 67dd96b9321 in https://public-inbox.org/git/20220502183920.88982-3-carenas@gmail.com/
found bec73fe3c10 in https://public-inbox.org/git/20220502183920.88982-2-carenas@gmail.com/

applying [1/3] https://public-inbox.org/git/20220502183920.88982-2-carenas@gmail.com/
diff --git a/t/t0034-root-safe-directory.sh b/t/t0034-root-safe-directory.sh
new file mode 100755
index 00000000000..bec73fe3c10


applying [2/3] https://public-inbox.org/git/20220502183920.88982-3-carenas@gmail.com/
diff --git a/t/t0034-root-safe-directory.sh b/t/t0034-root-safe-directory.sh
index bec73fe3c10..67dd96b9321 100755


applying [3/3] https://public-inbox.org/git/20220502183920.88982-4-carenas@gmail.com/
diff --git a/t/t0034-root-safe-directory.sh b/t/t0034-root-safe-directory.sh
index 67dd96b9321..0f79648a2fb 100755

Checking patch t/t0034-root-safe-directory.sh...
Applied patch t/t0034-root-safe-directory.sh cleanly.
Checking patch t/t0034-root-safe-directory.sh...
Applied patch t/t0034-root-safe-directory.sh cleanly.
Checking patch t/t0034-root-safe-directory.sh...
Applied patch t/t0034-root-safe-directory.sh cleanly.

index at:
100755 0f79648a2fb6dc3085cc30cecc2a6232b6afbffa	t/t0034-root-safe-directory.sh

Code repositories for project(s) associated with this inbox:

	https://80x24.org/mirrors/git.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).