Re: [PATCH v2 01/17] t0001: allow implicit bare repo discovery for aliased-command test

[Junio C Hamano <gitster@pobox.com>]

"Johannes Schindelin via GitGitGadget" <gitgitgadget@gmail.com>
writes:

> From: Johannes Schindelin <johannes.schindelin@gmx.de>
>
> 8d1a7448206e (setup.c: create `safe.bareRepository`, 2022-07-14)
> introduced a setting to restrict implicit bare repository discovery,
> mitigating a social-engineering attack where an embedded bare repo's
> hooks get executed unknowingly. To allow for that default to change at
> some stage in the future, the tests need to be prepared.
>
> This commit adjusts a test accordingly that runs `git aliasedinit`
> from inside a bare repo to verify that aliased commands work there.
> The test is about alias resolution, not bare repo discovery, so add
> `test_config_global safe.bareRepository all` to opt in explicitly.

Yes, I think most of the tests we run things in a bare repository is
not about bare repository discovery but how individual commands
behave in a bare repository, and these commands must be kept working
even after a future version of Git starts to tighten the rules.

> Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
> ---
>  t/t0001-init.sh | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/t/t0001-init.sh b/t/t0001-init.sh
> index e4d32bb4d2..6bd0a15dac 100755
> --- a/t/t0001-init.sh
> +++ b/t/t0001-init.sh
> @@ -77,6 +77,7 @@ test_expect_success 'plain nested through aliased command' '
>  '
>  
>  test_expect_success 'plain nested in bare through aliased command' '
> +	test_config_global safe.bareRepository all &&
>  	(
>  		git init --bare bare-ancestor-aliased.git &&
>  		cd bare-ancestor-aliased.git &&

So I very much recommend the use of "safe.bareRepository all" in
these tests, not in individual test but upfront, just like many
tests freeze use of 'main' as the default initial branch name.

I also have to wonder if this alternative patch shouldn't be a
better starting point?  The idea is that most of the tests that
validates how individual operations work in a bare repository are
*not* interested in the fact that bare repository access will become
opt-in in future version of Git, but they are interested in ensuring
that the commands they are testing will keep working as expected
when accesses to bare repositories are allowed.  So we'll run all
existing tests with this in the global config after we set up $HOME
for testing.  We'll need to write a very few *new* tests to prepare
for the default change, and I expect them to explicitly remove the
setting from the global config, and checks if the default truly
allows or forbids access to a bare repositories.  But I am hoping
that most of the existing tests shouldn't need changes sprinkled all
over.

Thanks.

 t/test-lib.sh | 5 +++++
 1 file changed, 5 insertions(+)

diff --git c/t/test-lib.sh w/t/test-lib.sh
index 70fd3e9baf..fe85a0bf89 100644
--- c/t/test-lib.sh
+++ w/t/test-lib.sh
@@ -1563,6 +1563,11 @@ HOME="$TRASH_DIRECTORY"
 GNUPGHOME="$HOME/gnupg-home-not-used"
 export HOME GNUPGHOME USER_HOME
 
+if test -n "$WITH_BREAKING_CHANGES"
+then
+	git config --global safe.bareRepository all
+fi
+
 # "rm -rf" existing trash directory, even if a previous run left it
 # with bad permissions.
 remove_trash_directory () {