From 1767c51787f2a9aaf99716a48e8928618c1c9481 Mon Sep 17 00:00:00 2001 From: Jeff King Date: Fri, 16 Jan 2015 04:16:49 -0500 Subject: t/lib-httpd: switch SANITY check for NOT_ROOT The SANITY prerequisite is really about whether the filesystem will respect the permissions we set, and being root is only one part of that. But the httpd tests really just care about not being root, as they are trying to avoid weirdness in apache (see a1a3011 for details). Let's switch out SANITY for a new NOT_ROOT prerequisite, which will let us tweak SANITY more freely. We implement NOT_ROOT by checking `id -u`, which is in POSIX and seems to be available even on MSYS. Note that we cannot just call this "ROOT" and ask for "!ROOT". The possible outcomes are: 1. we know we are root 2. we know we are not root 3. we could not tell, because `id` was not available We should conservatively treat (3) as "does not have the prerequisite", which means that a naive negation would not work. Helped-by: Kyle J. McKay Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- t/lib-httpd.sh | 2 +- t/test-lib.sh | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) (limited to 't') diff --git a/t/lib-httpd.sh b/t/lib-httpd.sh index fd53b57187..d154d1ed1d 100644 --- a/t/lib-httpd.sh +++ b/t/lib-httpd.sh @@ -37,7 +37,7 @@ then test_done fi -if ! test_have_prereq SANITY; then +if ! test_have_prereq NOT_ROOT; then test_skip_or_die $GIT_TEST_HTTPD \ "Cannot run httpd tests as root" fi diff --git a/t/test-lib.sh b/t/test-lib.sh index a7a4639d7c..b2b2ec7f1c 100644 --- a/t/test-lib.sh +++ b/t/test-lib.sh @@ -992,6 +992,11 @@ test_lazy_prereq USR_BIN_TIME ' test -x /usr/bin/time ' +test_lazy_prereq NOT_ROOT ' + uid=$(id -u) && + test "$uid" != 0 +' + # When the tests are run as root, permission tests will report that # things are writable when they shouldn't be. test -w / || test_set_prereq SANITY -- cgit v1.2.3 From eae69530ae3915d54f660d56cc3f92dd6bed03ae Mon Sep 17 00:00:00 2001 From: Junio C Hamano Date: Fri, 16 Jan 2015 10:32:09 -0800 Subject: tests: correct misuses of POSIXPERM POSIXPERM requires that a later call to stat(2) (hence "ls -l") faithfully reproduces what an earlier chmod(2) did. Some filesystems cannot satisify this. SANITY requires that a file or a directory is indeed accessible (or inaccessible) when its permission bits would say it ought to be accessible (or inaccessible). Running tests as root would lose this prerequisite for obvious reasons. Fix a few tests that misuse POSIXPERM. t0061-run-command.sh has two uses of POSIXPERM. - One checks that an attempt to execute a file that is marked as unexecutable results in a failure with EACCES; I do not think having root-ness or any other capability that busts the filesystem permission mode bits will make you run an unexecutable file, so this should be left as-is. The test does not have anything to do with SANITY. - The other one expects 'git nitfol' runs the alias when an alias.nitfol is defined and a directory on the PATH is marked as unreadable and unsearchable. I _think_ the test tries to reject the alternative expectation that we want to refuse to run the alias because it would break "no alias may mask a command" rule if a file 'git-nitfol' exists in the unreadable directory but we cannot even determine if that is the case. Under !SANITY that busts the permission bits, this test no longer checks that, so it must be protected with SANITY. t1509-root-worktree.sh expects to be run on a / that is writable by the user and sees if Git behaves "sensibly" when /.git is the repository to govern a worktree that is the whole filesystem, and also if Git behaves "sensibly" when / itself is a bare repository with refs, objects, and friends (I find the definition of "behaves sensibly" under these conditions hard to fathom, but it is a different matter). The implementation of the test is very much problematic. - It requires POSIXPERM, but it does not do chmod or checks modes in any way. - It runs "rm /*" and "rm -fr /refs /objects ..." in one of the tests, and also does "cd / && git init --bare". If done on a live system that takes advantages of the "feature" being tested, these obviously will clobber the system. But there is no guard against such a breakage. - It uses "test $UID = 0" to see rootness, which now should be spelled "! test_have_prereq NOT_ROOT" Signed-off-by: Junio C Hamano --- t/t0061-run-command.sh | 2 +- t/t1509-root-worktree.sh | 17 +++++++++++++---- 2 files changed, 14 insertions(+), 5 deletions(-) (limited to 't') diff --git a/t/t0061-run-command.sh b/t/t0061-run-command.sh index 17e969df60..9acf628726 100755 --- a/t/t0061-run-command.sh +++ b/t/t0061-run-command.sh @@ -34,7 +34,7 @@ test_expect_success POSIXPERM 'run_command reports EACCES' ' grep "fatal: cannot exec.*hello.sh" err ' -test_expect_success POSIXPERM 'unreadable directory in PATH' ' +test_expect_success POSIXPERM,SANITY 'unreadable directory in PATH' ' mkdir local-command && test_when_finished "chmod u+rwx local-command && rm -fr local-command" && git config alias.nitfol "!echo frotz" && diff --git a/t/t1509-root-worktree.sh b/t/t1509-root-worktree.sh index 335420fd87..b6977d4b39 100755 --- a/t/t1509-root-worktree.sh +++ b/t/t1509-root-worktree.sh @@ -98,8 +98,16 @@ test_foobar_foobar() { ' } -if ! test_have_prereq POSIXPERM || ! [ -w / ]; then - skip_all="Dangerous test skipped. Read this test if you want to execute it" +if ! test -w / +then + skip_all="Test requiring writable / skipped. Read this test if you want to run it" + test_done +fi + +if test -e /refs || test -e /objects || test -e /info || test -e /hooks || + test -e /.git || test -e /foo || test -e /me +then + skip_all="Skip test that clobbers existing files in /" test_done fi @@ -108,8 +116,9 @@ if [ "$IKNOWWHATIAMDOING" != "YES" ]; then test_done fi -if [ "$UID" = 0 ]; then - skip_all="No you can't run this with root" +if ! test_have_prereq NOT_ROOT +then + skip_all="No you can't run this as root" test_done fi -- cgit v1.2.3 From f400e51c13eb4143e420d41d9b415d4f5ddbdb85 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Torsten=20B=C3=B6gershausen?= Date: Tue, 27 Jan 2015 16:39:01 +0100 Subject: test-lib.sh: set prerequisite SANITY by testing what we really need MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit What we wanted out of the SANITY precondition is that the filesystem behaves sensibly with permission bits settings. - You should not be able to remove a file in a read-only directory, - You should not be able to tell if a file in a directory exists if the directory lacks read or execute permission bits. We used to cheat by approximating that condition with "is the / writable?" test and/or "are we running as root?" test. Neither test is sufficient or appropriate in environments like Cygwin. Signed-off-by: Torsten Bögershausen Signed-off-by: Junio C Hamano --- t/test-lib.sh | 25 ++++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) (limited to 't') diff --git a/t/test-lib.sh b/t/test-lib.sh index b2b2ec7f1c..446d8d5a1d 100644 --- a/t/test-lib.sh +++ b/t/test-lib.sh @@ -997,9 +997,28 @@ test_lazy_prereq NOT_ROOT ' test "$uid" != 0 ' -# When the tests are run as root, permission tests will report that -# things are writable when they shouldn't be. -test -w / || test_set_prereq SANITY +# On a filesystem that lacks SANITY, a file can be deleted even if +# the containing directory doesn't have write permissions, or a file +# can be accessed even if the containing directory doesn't have read +# or execute permissions, causing our tests that validate that Git +# works sensibly in such situations. +test_lazy_prereq SANITY ' + mkdir SANETESTD.1 SANETESTD.2 && + + chmod +w SANETESTD.1 SANETESTD.2 && + >SANETESTD.1/x 2>SANETESTD.2/x && + chmod -w SANETESTD.1 && + chmod -rx SANETESTD.2 || + error "bug in test sript: cannot prepare SANETESTD" + + ! rm SANETESTD.1/x && ! test -f SANETESTD.2/x + status=$? + + chmod +rwx SANETESTD.1 SANETESTD.2 && + rm -rf SANETESTD.1 SANETESTD.2 || + error "bug in test sript: cannot clean SANETESTD" + return $status +' GIT_UNZIP=${GIT_UNZIP:-unzip} test_lazy_prereq UNZIP ' -- cgit v1.2.3