disinto-admin/disinto
1
0
Fork 0
Code Issues 16 Pull requests Projects Releases Packages Wiki Activity Actions
disinto/tests
History
Claude f214080280
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
Details
ci/woodpecker/push/nomad-validate Pipeline was successful
Details
ci/woodpecker/pr/ci Pipeline was successful
Details
ci/woodpecker/pr/nomad-validate Pipeline was successful
Details
ci/woodpecker/pr/smoke-init Pipeline was successful
Details
fix: [review-r1] seed loop sudo invocation bypasses sudoers env_reset (#929) 
`sudo -n "VAULT_ADDR=$vault_addr" -- "$seed_script"` passed
VAULT_ADDR as a sudoers env-assignment argument. With the default
`env_reset=on` policy (almost all distros), sudo silently discards
env assignments unless the variable is in `env_keep` — and
VAULT_ADDR is not. The seeder then hit its own precondition check
at vault-seed-forgejo.sh:109 and died with "VAULT_ADDR unset",
breaking the fresh-LXC non-root acceptance path the PR was written
to close.

Fix: run `env` as the command under sudo — `sudo -n -- env
"VAULT_ADDR=$vault_addr" "$seed_script"` — so VAULT_ADDR is set in
the child process directly, unaffected by sudoers env handling.
The root (non-sudo) branch already used shell-level env assignment
and was correct.

Adds a grep-level regression guard that pins the `env VAR=val`
invocation and negative-asserts the unsafe bare-argument form.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-16 22:14:05 +00:00
..
fixtures fix: [nomad-step-2] S2.2 — tools/vault-import.sh (import .env + sops into KV) (#880) 2026-04-16 17:22:05 +00:00
disinto-init-nomad.bats fix: [review-r1] seed loop sudo invocation bypasses sudoers env_reset (#929) 2026-04-16 22:14:05 +00:00
lib-generators.bats fix: bug: code fixes to docker/agents/ don't take effect — agent image is never rebuilt (#887) 2026-04-16 16:08:48 +00:00
lib-hvault.bats fix: lib/hvault.sh uses secret/ mount prefix but migration policies use kv/ — agents will get 403 (#890) 2026-04-16 19:32:36 +00:00
lib-issue-claim.bats fix: bug: hire-an-agent does not add the new agent as collaborator on the project repo (#856) 2026-04-16 10:47:53 +00:00
lib-load-project.bats fix: bug: generator emits invalid env var name FORGE_BOT_USER_<service>^^ when service name contains hyphen (#852) 2026-04-16 13:23:18 +00:00
mock-forgejo.py fix: mock-forgejo path parsing bug + non-fatal cron in smoke-init (#586) 2026-04-10 15:08:43 +00:00
smoke-credentials.sh fix: fix: stop baking credentials into git remote URLs — use clean URLs + existing credential helper everywhere (#604) 2026-04-10 17:04:10 +00:00
smoke-init.sh fix: [nomad-prep] P7 — make disinto init idempotent + add --dry-run (#800) 2026-04-15 22:37:22 +00:00
smoke-load-secret.sh fix: reorder test boilerplate to avoid duplicate-detection false positive 2026-04-15 19:18:39 +00:00
vault-import.bats fix: [nomad-step-2] S2-fix-E — vault-import.sh still writes to secret/data/ not kv/data/ (#926) 2026-04-16 21:29:35 +00:00