disinto

disinto-admin/disinto

Fork 0

History

Claude f214080280 All checks were successful ci/woodpecker/push/ci Pipeline was successful Details ci/woodpecker/push/nomad-validate Pipeline was successful Details ci/woodpecker/pr/ci Pipeline was successful Details ci/woodpecker/pr/nomad-validate Pipeline was successful Details ci/woodpecker/pr/smoke-init Pipeline was successful Details fix: [review-r1] seed loop sudo invocation bypasses sudoers env_reset (#929 ) `sudo -n "VAULT_ADDR=$vault_addr" -- "$seed_script"` passed VAULT_ADDR as a sudoers env-assignment argument. With the default `env_reset=on` policy (almost all distros), sudo silently discards env assignments unless the variable is in `env_keep` — and VAULT_ADDR is not. The seeder then hit its own precondition check at vault-seed-forgejo.sh:109 and died with "VAULT_ADDR unset", breaking the fresh-LXC non-root acceptance path the PR was written to close. Fix: run `env` as the command under sudo — `sudo -n -- env "VAULT_ADDR=$vault_addr" "$seed_script"` — so VAULT_ADDR is set in the child process directly, unaffected by sudoers env handling. The root (non-sudo) branch already used shell-level env assignment and was correct. Adds a grep-level regression guard that pins the `env VAR=val` invocation and negative-asserts the unsafe bare-argument form. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-16 22:14:05 +00:00
..
disinto	fix: [review-r1] seed loop sudo invocation bypasses sudoers env_reset (#929 )	2026-04-16 22:14:05 +00:00

Claude f214080280

ci/woodpecker/push/ci Pipeline was successful

Details

ci/woodpecker/push/nomad-validate Pipeline was successful

Details

ci/woodpecker/pr/ci Pipeline was successful

Details

ci/woodpecker/pr/nomad-validate Pipeline was successful

Details

ci/woodpecker/pr/smoke-init Pipeline was successful

Details

fix: [review-r1] seed loop sudo invocation bypasses sudoers env_reset (#929 )

`sudo -n "VAULT_ADDR=$vault_addr" -- "$seed_script"` passed
VAULT_ADDR as a sudoers env-assignment argument. With the default
`env_reset=on` policy (almost all distros), sudo silently discards
env assignments unless the variable is in `env_keep` — and
VAULT_ADDR is not. The seeder then hit its own precondition check
at vault-seed-forgejo.sh:109 and died with "VAULT_ADDR unset",
breaking the fresh-LXC non-root acceptance path the PR was written
to close.

Fix: run `env` as the command under sudo — `sudo -n -- env
"VAULT_ADDR=$vault_addr" "$seed_script"` — so VAULT_ADDR is set in
the child process directly, unaffected by sudoers env handling.
The root (non-sudo) branch already used shell-level env assignment
and was correct.

Adds a grep-level regression guard that pins the `env VAR=val`
invocation and negative-asserts the unsafe bare-argument form.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-16 22:14:05 +00:00

disinto

fix: [review-r1] seed loop sudo invocation bypasses sudoers env_reset (#929 )

2026-04-16 22:14:05 +00:00