From: Brad Fitzpatrick Date: Fri, 22 Feb 2019 20:16:24 +0000 (+0000) Subject: cmd/dist: make GOROOT unwritable on builders X-Git-Tag: go1.13beta1~296 X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=02d24fc2528578065b506f07bc6214adcac3be4b;p=gostls13.git cmd/dist: make GOROOT unwritable on builders Updates #30316 Change-Id: I57e489f6bbe4a3b39c907dabe5ac41fb9939cdb4 Reviewed-on: https://go-review.googlesource.com/c/go/+/163477 Run-TryBot: Brad Fitzpatrick TryBot-Result: Gobot Gobot Reviewed-by: Dmitri Shuralyov --- diff --git a/src/cmd/dist/test.go b/src/cmd/dist/test.go index 9e259f1835..ba8ba4e89e 100644 --- a/src/cmd/dist/test.go +++ b/src/cmd/dist/test.go @@ -190,6 +190,11 @@ func (t *tester) run() { } } + // On a few builders, make GOROOT unwritable to catch tests writing to it. + if strings.HasPrefix(os.Getenv("GO_BUILDER_NAME"), "linux-") { + t.makeGOROOTUnwritable() + } + for _, dt := range t.tests { if !t.shouldRunTest(dt.name) { t.partial = true @@ -1388,6 +1393,36 @@ func (t *tester) packageHasBenchmarks(pkg string) bool { return false } +// makeGOROOTUnwritable makes all $GOROOT files & directories non-writable to +// check that no tests accidentally write to $GOROOT. +func (t *tester) makeGOROOTUnwritable() { + if os.Getenv("GO_BUILDER_NAME") == "" { + panic("not a builder") + } + if os.Getenv("GOROOT") == "" { + panic("GOROOT not set") + } + err := filepath.Walk(os.Getenv("GOROOT"), func(name string, fi os.FileInfo, err error) error { + if err != nil { + return err + } + if !fi.Mode().IsRegular() && !fi.IsDir() { + return nil + } + mode := fi.Mode() + newMode := mode & ^os.FileMode(0222) + if newMode != mode { + if err := os.Chmod(name, newMode); err != nil { + return err + } + } + return nil + }) + if err != nil { + log.Fatalf("making builder's files read-only: %v", err) + } +} + // raceDetectorSupported is a copy of the function // cmd/internal/sys.RaceDetectorSupported, which can't be used here // because cmd/dist has to be buildable by Go 1.4.