void-packages/srcpkgs/bfs/patches/0001-tests-Drop-capabilitie...

91 lines
2.5 KiB
Diff
Raw Normal View History

2021-03-13 17:39:19 +01:00
From f2e6186ed0ce9b68362ad25d897f1e3c697728ec Mon Sep 17 00:00:00 2001
From: Tavian Barnes <tavianator@tavianator.com>
Date: Sun, 21 Mar 2021 13:18:43 -0400
Subject: [PATCH] tests: Drop capabilities when run as root on Linux
bfs's tests rely on file permissions being enforced, which leads them to
work incorrectly when run as root. This is probably the most common
packaging issue for bfs, most recently seen with Void Linux's update to
bfs 2.2.
Make it easier on packagers by using capsh, if it's available, to drop
the DAC privileges for the tests.
Link: https://github.com/void-linux/void-packages/pull/29437#issuecomment-798670288
Link: https://salsa.debian.org/lamby/pkg-bfs/-/commit/b173efb35da126adb39b0984219d6a2fd9ff428f
---
tests.sh | 35 +++++++++++++++++++++++++++++------
1 file changed, 29 insertions(+), 6 deletions(-)
diff --git tests.sh tests.sh
index b039eea..0bdd1d4 100755
--- tests.sh
+++ tests.sh
@@ -34,10 +34,25 @@ if [ -t 1 ]; then
RST="$(printf '\033[0m')"
fi
-if [ "$EUID" -eq 0 ]; then
+if command -v capsh &>/dev/null; then
+ if capsh --has-p=CAP_DAC_OVERRIDE &>/dev/null || capsh --has-p=CAP_DAC_READ_SEARCH &>/dev/null; then
+ cat >&2 <<EOF
+${YLW}warning:${RST} Running as ${BLD}$(id -un)${RST} is not recommended. Dropping ${BLD}CAP_DAC_OVERRIDE${RST} and
+${BLD}CAP_DAC_READ_SEARCH${RST}.
+
+EOF
+
+ exec capsh --drop=CAP_DAC_OVERRIDE,CAP_DAC_READ_SEARCH -- "$0" "$@"
+ fi
+elif [ "$EUID" -eq 0 ]; then
+ UNLESS=
+ if [ "$(uname)" = "Linux" ]; then
+ UNLESS=" unless ${GRN}capsh${RST} is installed"
+ fi
+
cat >&2 <<EOF
${RED}error:${RST} These tests expect filesystem permissions to be enforced, and therefore
-will not work when run as ${BLD}$(id -un)${RST}.
+will not work when run as ${BLD}$(id -un)${RST}${UNLESS}.
EOF
exit 1
fi
@@ -1209,11 +1224,15 @@ function test_gid() {
}
function test_gid_plus() {
- bfs_diff basic -gid +0
+ if [ "$(id -g)" -ne 0 ]; then
+ bfs_diff basic -gid +0
+ fi
}
function test_gid_plus_plus() {
- bfs_diff basic -gid +0
+ if [ "$(id -g)" -ne 0 ]; then
+ bfs_diff basic -gid ++0
+ fi
}
function test_gid_minus() {
@@ -1229,11 +1248,15 @@ function test_uid() {
}
function test_uid_plus() {
- bfs_diff basic -uid +0
+ if [ "$(id -u)" -ne 0 ]; then
+ bfs_diff basic -uid +0
+ fi
}
function test_uid_plus_plus() {
- bfs_diff basic -uid ++0
+ if [ "$(id -u)" -ne 0 ]; then
+ bfs_diff basic -uid ++0
+ fi
}
function test_uid_minus() {
--
2.31.0