Merge pull request #5611 from chrisd8088/disable-ci-win-path-check
t/t-path.sh: avoid flaky test setup failure on Windows due to new Go path security checks
This commit is contained in:
commit
b405a97c82
29
t/t-path.sh
29
t/t-path.sh
@ -52,8 +52,35 @@ begin_test "does not look in current directory for git with credential helper"
|
||||
# below when we are populating LFS objects into a clone of this repo
|
||||
# (which contains the malicious Git), so for now we remove the malicious
|
||||
# Git as soon as possible.
|
||||
#
|
||||
# As of Go 1.19 we also need to specify the GODEBUG environment variable
|
||||
# with a value of "execerrdot=0" in order to avoid occasional failures
|
||||
# our "git add" command below. These failures occur due to a specific
|
||||
# set of conditions. First, if the last-modified time of the .git/index
|
||||
# file is within a second of that of z.dat, the "git add" command will
|
||||
# refresh the Git index (assuming Git was compiled with USE_NSEC=0, as
|
||||
# appears to be the case for Git for Windows), and Git LFS will be invoked
|
||||
# to "clean" the z.dat file again.
|
||||
#
|
||||
# If that occurs, then when Git LFS runs it looks for Git, and until we
|
||||
# revise Git LFS to rely on Go's os/exec package to not execute programs
|
||||
# found in the current working directory (as described in
|
||||
# https://go.dev/blog/path-security), the os/exec package will detect our
|
||||
# malicious Git program in the current working directory and report an
|
||||
# error. This occurs when Git LFS first initializes a new exec.Cmd
|
||||
# structure, even though Git LFS would then locate the true Git executable
|
||||
# from our custom PATH and reset the Path member of the Cmd structure
|
||||
# before trying to execute the program.
|
||||
#
|
||||
# Since we explicitly test Git LFS's avoidance of programs in the current
|
||||
# working directory using the "git-lfs pull" command further below, here
|
||||
# we just want "git add" to succeed, and so for the time being we disable
|
||||
# Go's new security checks for this command only. We will revisit this
|
||||
# when we address the larger issue of re-adopting Go's own logic for
|
||||
# locating executable programs.
|
||||
cp "$BINPATH/lfstest-badpathcheck$X" "git$X"
|
||||
PATH="$BINPATH:$GITPATH:$SHELLPATH" "$GITPATH/git$X" add "git$X"
|
||||
GODEBUG=execerrdot=0 \
|
||||
PATH="$BINPATH:$GITPATH:$SHELLPATH" "$GITPATH/git$X" add "git$X"
|
||||
rm "git$X"
|
||||
|
||||
git commit -m "Add files"
|
||||
|
Loading…
Reference in New Issue
Block a user