mirror of
https://github.com/token2/snapd.git
synced 2026-03-13 11:15:47 -07:00
50 lines
1.6 KiB
YAML
50 lines
1.6 KiB
YAML
summary: verify that snap binaries dir is present in PATH under sudo
|
|
|
|
details: |
|
|
Some distributions set secure_path in /etc/sudoers which resets the PATH
|
|
under sudo to some predefined set of locations. Make sure to account for all
|
|
distros supported by snapd that have sudo set up this way.
|
|
|
|
# ubuntu-14.04: no support for user sessions used by test helpers
|
|
systems: [ -ubuntu-14.04-* ]
|
|
|
|
environment:
|
|
# list of regular expressions that match systems where sudo is set up to use
|
|
# secure_path without snap bindir
|
|
SECURE_PATH_SUDO_NO_SNAP: "centos-.* amazon-linux-2-64 opensuse-.* debian-.*"
|
|
|
|
prepare: |
|
|
tests.session -u test prepare
|
|
|
|
restore: |
|
|
tests.session -u test restore
|
|
|
|
debug: |
|
|
cat sudo.path || true
|
|
cat sudo-login.path || true
|
|
|
|
execute: |
|
|
# run a snap command via sudo
|
|
# shellcheck disable=SC2016
|
|
tests.session -u test exec sudo sh -c 'echo :$PATH:' > sudo.path
|
|
# and again via sudo --login which should load /etc/profile
|
|
# shellcheck disable=SC2016
|
|
tests.session -u test exec sudo --login sh -c 'echo :$PATH:' > sudo-login.path
|
|
|
|
secure_path=no
|
|
for regex in $SECURE_PATH_SUDO_NO_SNAP ; do
|
|
if echo "$SPREAD_SYSTEM" | grep -Eq "$regex" ; then
|
|
secure_path=yes
|
|
break
|
|
fi
|
|
done
|
|
|
|
SNAP_MOUNT_DIR="$(os.paths snap-mount-dir)"
|
|
if [ "$secure_path" = "yes" ] ; then
|
|
NOMATCH ":${SNAP_MOUNT_DIR}/bin:" < sudo.path
|
|
else
|
|
MATCH ":${SNAP_MOUNT_DIR}/bin:" < sudo.path
|
|
fi
|
|
# in either case, the location should be listed in a login shell
|
|
MATCH ":${SNAP_MOUNT_DIR}/bin:" < sudo-login.path
|