[PATCH] t5564: use a short path for the SOCKS proxy socket

[PATCH] t5564: use a short path for the SOCKS proxy socket

[Johannes Schindelin via GitGitGadget]

From: Johannes Schindelin <johannes.schindelin@gmx.de>

The SOCKS proxy test introduced in 0ca365c2ed4 (http: do not ignore
proxy path, 2024-08-02) creates a Unix domain socket in
`$TRASH_DIRECTORY`. When the trash directory path is long (e.g.
when running from a deeply nested worktree), the socket path can
exceed the 108-character limit for `struct sockaddr_un.sun_path` on
Linux, causing the test to fail with "Path length ... is longer
than maximum supported length (108)".

Move the socket to `$TMPDIR` (defaulting to `/tmp`) where the path
is short, following the same approach used in t7528 for the SSH
agent socket in b7fb2194b96 (t7528: work around ETOOMANY in OpenSSH
10.1 and newer, 2025-10-23).

Assisted-by: Claude Opus 4.6
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
---
    t5564: use a short path for the SOCKS proxy socket
    
    When trying to run the entire test suite in a slightly deeper path than
    usual, I was surprised to see that this test failed due to our old
    friend, the 108 character limit of Unix sockets.

Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-2100%2Fdscho%2Favoid-too-long-unix-socket-path-in-socks-proxy-test-v1
Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-2100/dscho/avoid-too-long-unix-socket-path-in-socks-proxy-test-v1
Pull-Request: https://github.com/gitgitgadget/git/pull/2100

 t/t5564-http-proxy.sh | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/t/t5564-http-proxy.sh b/t/t5564-http-proxy.sh
index 3bcbdef409..cb7ede4ca4 100755
--- a/t/t5564-http-proxy.sh
+++ b/t/t5564-http-proxy.sh
@@ -50,14 +50,19 @@ start_socks() {
 
 # The %30 tests that the correct amount of percent-encoding is applied to the
 # proxy string passed to curl.
+# Use a short path for the socket to avoid exceeding the 108-character
+# Unix domain socket limit when the trash directory path is long.
+SOCKS_SOCK="${TMPDIR:-/tmp}/git-test-socks-%30.sock"
+
 test_lazy_prereq SOCKS_PROXY '
 	test_have_prereq PERL &&
-	start_socks "$TRASH_DIRECTORY/%30.sock"
+	start_socks "$SOCKS_SOCK"
 '
 
 test_atexit '
 	test ! -e "$TRASH_DIRECTORY/socks.pid" ||
 	kill "$(cat "$TRASH_DIRECTORY/socks.pid")"
+	rm -f "$SOCKS_SOCK"
 '
 
 # The below tests morally ought to be gated on a prerequisite that Git is
@@ -70,7 +75,8 @@ old_libcurl_error() {
 
 test_expect_success SOCKS_PROXY 'clone via Unix socket' '
 	test_when_finished "rm -rf clone" &&
-	test_config_global http.proxy "socks4://localhost$PWD/%2530.sock" && {
+	socks_proxy_url="socks4://localhost$(echo "$SOCKS_SOCK" | sed "s/%/%25/g")" &&
+	test_config_global http.proxy "$socks_proxy_url" && {
 		{
 			GIT_TRACE_CURL=$PWD/trace \
 			GIT_TRACE_CURL_COMPONENTS=socks \

base-commit: 94f057755b7941b321fd11fec1b2e3ca5313a4e0
-- 
gitgitgadget

Re: [PATCH] t5564: use a short path for the SOCKS proxy socket

[Jeff King]

On Mon, Apr 27, 2026 at 02:21:09PM +0000, Johannes Schindelin via GitGitGadget wrote:

> The SOCKS proxy test introduced in 0ca365c2ed4 (http: do not ignore
> proxy path, 2024-08-02) creates a Unix domain socket in
> `$TRASH_DIRECTORY`. When the trash directory path is long (e.g.
> when running from a deeply nested worktree), the socket path can
> exceed the 108-character limit for `struct sockaddr_un.sun_path` on
> Linux, causing the test to fail with "Path length ... is longer
> than maximum supported length (108)".

OK. We try to work around this with a chdir in our own socket code, but
I guess we're not using it here:

  1. The socket is created by our socks4-proxy.pl script, which just
     feeds it to perl's IO::Socket::UNIX. And it looks like it
     recognizes the long path and complains. We could fix that, but...

  2. The reading side is implemented by libcurl, not by us. And it seems
     to similarly detect and complain. We _could_ work around that with
     a chdir, but it would be quite nasty, as we'd have to do it before
     every curl call. So that's probably off the table.

And so we are stuck with either using a relative path, or a known-small
one.

> Move the socket to `$TMPDIR` (defaulting to `/tmp`) where the path
> is short, following the same approach used in t7528 for the SSH
> agent socket in b7fb2194b96 (t7528: work around ETOOMANY in OpenSSH
> 10.1 and newer, 2025-10-23).

OK, there we went with the known-small solution, since openssh made it
easy to do so. I think that is OK here, but...

>  # The %30 tests that the correct amount of percent-encoding is applied to the
>  # proxy string passed to curl.
> +# Use a short path for the socket to avoid exceeding the 108-character
> +# Unix domain socket limit when the trash directory path is long.
> +SOCKS_SOCK="${TMPDIR:-/tmp}/git-test-socks-%30.sock"

This is a static path in /tmp, so:

  1. Multiple instances of the test suite will stomp on each other
     (e.g., a --stress run).

  2. It creates a tmpdir-race vulnerability if an attacker links that
     path to something precious writeable by the user running the tests.

I think it would be sufficient to use mktemp to get a unique name. We
don't want a file, of course, so we perhaps need "mktemp -d" to get a
temp directory, and then we can use whatever short name we like inside
it.

>  test_lazy_prereq SOCKS_PROXY '
>  	test_have_prereq PERL &&
> -	start_socks "$TRASH_DIRECTORY/%30.sock"
> +	start_socks "$SOCKS_SOCK"
>  '
>  
>  test_atexit '
>  	test ! -e "$TRASH_DIRECTORY/socks.pid" ||
>  	kill "$(cat "$TRASH_DIRECTORY/socks.pid")"
> +	rm -f "$SOCKS_SOCK"
>  '

And the rest of your path can remain as-is, since SOCKS_SOCK will have
the unique name in it.

-Peff

[PATCH v2] t5564: use a short path for the SOCKS proxy socket

[Johannes Schindelin via GitGitGadget]

From: Johannes Schindelin <johannes.schindelin@gmx.de>

The SOCKS proxy test introduced in 0ca365c2ed4 (http: do not ignore
proxy path, 2024-08-02) creates a Unix domain socket in
`$TRASH_DIRECTORY`. When the trash directory path is long (e.g.
when running from a deeply nested worktree), the socket path can
exceed the 108-character limit for `struct sockaddr_un.sun_path` on
Linux, causing the test to fail with "Path length ... is longer
than maximum supported length (108)".

We cannot work around this using the chdir trick our own socket code
employs, because both sides of the connection are outside our control:
the socket is created by socks4-proxy.pl via Perl's IO::Socket::UNIX,
and the client side is libcurl.

Use `mktemp -d` to create a unique temporary directory with a short
path, and place the socket inside it. This avoids collisions between
concurrent test runs (e.g. `--stress`) and tmpdir-race vulnerabilities
that a static `/tmp` path would be susceptible to.

Helped-by: Jeff King <peff@peff.net>
Assisted-by: Claude Opus 4.6
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
---
    t5564: use a short path for the SOCKS proxy socket
    
    When trying to run the entire test suite in a slightly deeper path than
    usual, I was surprised to see that this test failed due to our old
    friend, the 108 character limit of Unix sockets.
    
    Changes since v1:
    
     * Uses mktemp -d now, to handle --stress better (thanks, Jeff!)

Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-2100%2Fdscho%2Favoid-too-long-unix-socket-path-in-socks-proxy-test-v2
Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-2100/dscho/avoid-too-long-unix-socket-path-in-socks-proxy-test-v2
Pull-Request: https://github.com/gitgitgadget/git/pull/2100

Range-diff vs v1:

 1:  16826e612c ! 1:  256b76a999 t5564: use a short path for the SOCKS proxy socket
     @@ Commit message
          Linux, causing the test to fail with "Path length ... is longer
          than maximum supported length (108)".
      
     -    Move the socket to `$TMPDIR` (defaulting to `/tmp`) where the path
     -    is short, following the same approach used in t7528 for the SSH
     -    agent socket in b7fb2194b96 (t7528: work around ETOOMANY in OpenSSH
     -    10.1 and newer, 2025-10-23).
     +    We cannot work around this using the chdir trick our own socket code
     +    employs, because both sides of the connection are outside our control:
     +    the socket is created by socks4-proxy.pl via Perl's IO::Socket::UNIX,
     +    and the client side is libcurl.
      
     +    Use `mktemp -d` to create a unique temporary directory with a short
     +    path, and place the socket inside it. This avoids collisions between
     +    concurrent test runs (e.g. `--stress`) and tmpdir-race vulnerabilities
     +    that a static `/tmp` path would be susceptible to.
     +
     +    Helped-by: Jeff King <peff@peff.net>
          Assisted-by: Claude Opus 4.6
          Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
      
     @@ t/t5564-http-proxy.sh: start_socks() {
       # proxy string passed to curl.
      +# Use a short path for the socket to avoid exceeding the 108-character
      +# Unix domain socket limit when the trash directory path is long.
     -+SOCKS_SOCK="${TMPDIR:-/tmp}/git-test-socks-%30.sock"
     ++SOCKS_TMPDIR=$(mktemp -d)
     ++SOCKS_SOCK="$SOCKS_TMPDIR/%30.sock"
      +
       test_lazy_prereq SOCKS_PROXY '
       	test_have_prereq PERL &&
     @@ t/t5564-http-proxy.sh: start_socks() {
       test_atexit '
       	test ! -e "$TRASH_DIRECTORY/socks.pid" ||
       	kill "$(cat "$TRASH_DIRECTORY/socks.pid")"
     -+	rm -f "$SOCKS_SOCK"
     ++	rm -rf "$SOCKS_TMPDIR"
       '
       
       # The below tests morally ought to be gated on a prerequisite that Git is


 t/t5564-http-proxy.sh | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/t/t5564-http-proxy.sh b/t/t5564-http-proxy.sh
index 3bcbdef409..b4d95b12ca 100755
--- a/t/t5564-http-proxy.sh
+++ b/t/t5564-http-proxy.sh
@@ -50,14 +50,20 @@ start_socks() {
 
 # The %30 tests that the correct amount of percent-encoding is applied to the
 # proxy string passed to curl.
+# Use a short path for the socket to avoid exceeding the 108-character
+# Unix domain socket limit when the trash directory path is long.
+SOCKS_TMPDIR=$(mktemp -d)
+SOCKS_SOCK="$SOCKS_TMPDIR/%30.sock"
+
 test_lazy_prereq SOCKS_PROXY '
 	test_have_prereq PERL &&
-	start_socks "$TRASH_DIRECTORY/%30.sock"
+	start_socks "$SOCKS_SOCK"
 '
 
 test_atexit '
 	test ! -e "$TRASH_DIRECTORY/socks.pid" ||
 	kill "$(cat "$TRASH_DIRECTORY/socks.pid")"
+	rm -rf "$SOCKS_TMPDIR"
 '
 
 # The below tests morally ought to be gated on a prerequisite that Git is
@@ -70,7 +76,8 @@ old_libcurl_error() {
 
 test_expect_success SOCKS_PROXY 'clone via Unix socket' '
 	test_when_finished "rm -rf clone" &&
-	test_config_global http.proxy "socks4://localhost$PWD/%2530.sock" && {
+	socks_proxy_url="socks4://localhost$(echo "$SOCKS_SOCK" | sed "s/%/%25/g")" &&
+	test_config_global http.proxy "$socks_proxy_url" && {
 		{
 			GIT_TRACE_CURL=$PWD/trace \
 			GIT_TRACE_CURL_COMPONENTS=socks \

base-commit: 94f057755b7941b321fd11fec1b2e3ca5313a4e0
-- 
gitgitgadget

Re: [PATCH v2] t5564: use a short path for the SOCKS proxy socket

[Jeff King]

On Wed, Apr 29, 2026 at 08:22:54AM +0000, Johannes Schindelin via GitGitGadget wrote:

> From: Johannes Schindelin <johannes.schindelin@gmx.de>
> 
> The SOCKS proxy test introduced in 0ca365c2ed4 (http: do not ignore
> proxy path, 2024-08-02) creates a Unix domain socket in
> `$TRASH_DIRECTORY`. When the trash directory path is long (e.g.
> when running from a deeply nested worktree), the socket path can
> exceed the 108-character limit for `struct sockaddr_un.sun_path` on
> Linux, causing the test to fail with "Path length ... is longer
> than maximum supported length (108)".
> 
> We cannot work around this using the chdir trick our own socket code
> employs, because both sides of the connection are outside our control:
> the socket is created by socks4-proxy.pl via Perl's IO::Socket::UNIX,
> and the client side is libcurl.
> 
> Use `mktemp -d` to create a unique temporary directory with a short
> path, and place the socket inside it. This avoids collisions between
> concurrent test runs (e.g. `--stress`) and tmpdir-race vulnerabilities
> that a static `/tmp` path would be susceptible to.

Thanks, this looks great to me (and thank you for fleshing out the
explanation in the commit message, too).

-Peff