Issue 478 tests in busybox (#523)

* use busybox by not installing coreutils on alpine
* changes for busybox version of ps and stat
* add function to check if exe is from busybox
* update changelog
* cleanup comments, code, and commented out code
* improve comment in alpine Dockerfile
* include platform-specific funcs so we can test perms

.Dockerfiles/alpine/latest/Dockerfile

@@ -1,9 +1,9 @@
 FROM alpine:latest
 
+# don't install coreutils on Alpine, so we get busybox versions of ps, stat, and ls. See #475 
 RUN apk add --no-cache --update \
 	bash \
 	build-base \
-	coreutils \
 	curl \
 	findutils \
 	gcc \

.travis.yml

@@ -9,7 +9,7 @@ matrix:
     #  language: sh
     - os: osx
       name: osx-with-debug-output
-      env: GITSECRET_DIST="brew" SECRETS_TEST_VERBOSE=1
+      env: GITSECRET_DIST="brew"; SECRETS_TEST_VERBOSE=1
       sudo: required
       language: shell
       #language: ruby
@@ -21,7 +21,7 @@ matrix:
       #language: ruby
       #rvm: 2.6
     - os: linux
-      env: KITCHEN_REGEXP="gnupg1-alpine-latest"
+      env: KITCHEN_REGEXP="gnupg1-alpine-latest"; SECRETS_TEST_VERBOSE=1
       services: docker
       sudo: required
       language: ruby

CHANGELOG.md

@@ -5,14 +5,15 @@
 ### Features
 
 - Support SECRETS_PINENTRY env var for gnupg --pinentry-mode parameter (#221)
-- If 'hide' fails, show output from gnupg (#516)
+- Show output from gnupg if 'hide' fails (#516)
+- Add support for Busybox (#478)
 
 ### Bugfixes
 
 - Use OSX's mktemp on OSX, even if there's another version in PATH. (#485)
 - Make rsync a build requirement on debian (#500)
-- When tests specify gnupg1, use gnupg1, not gnupg2 (#241)
-- Add dependencies gawk, bash, and coreutils to linux packages (#493)
+- Use gnupg1, not gnupg2, when tests specify gnupg1 (#241) 
+- Note dependencies gawk, bash, and coreutils in linux packages (#493)
 
 ## Misc
 

src/_utils/_git_secret_tools.sh

@@ -527,6 +527,21 @@ function _secrets_dir_is_not_ignored {
 }
 
 
+function _exe_is_busybox {
+  local exe
+  exe=$1
+
+  # we assume stat is from busybox if it's a symlink
+  local is_busybox=0
+  local stat_path
+  stat_path=$(command -v "$exe")
+  if [ -L "$stat_path" ]; then
+    is_busybox=1
+  fi
+  echo "$is_busybox"
+}
+
+
 function _user_required {
   # This function does a bunch of validations:
   # 1. It calls `_secrets_dir_exists` to verify that "$_SECRETS_DIR" exists.

src/_utils/_git_secret_tools_linux.sh

@@ -34,9 +34,16 @@ function __sha256_linux {
 function __get_octal_perms_linux {
   local filename
   filename=$1
-  local perms
-  perms=$(stat --format '%a' "$filename")
-  # a string like '0644'
+
+  local stat_is_busybox
+  stat_is_busybox=_exe_is_busybox "stat"
+  local perms   # a string like '644'
+  if [ "$stat_is_busybox" -eq 1 ]; then
+    # special case for busybox, which doesn't understand --format
+    perms=$(stat -c '%a' "$filename")
+  else
+    perms=$(stat --format '%a' "$filename")
+  fi
   echo "$perms"
 }
 

tests/_test_base.bash

@@ -7,6 +7,9 @@
 source "$SECRET_PROJECT_ROOT/src/version.sh"
 # shellcheck disable=SC1090
 source "$SECRET_PROJECT_ROOT/src/_utils/_git_secret_tools.sh"
+source "$SECRET_PROJECT_ROOT/src/_utils/_git_secret_tools_freebsd.sh"
+source "$SECRET_PROJECT_ROOT/src/_utils/_git_secret_tools_linux.sh"
+source "$SECRET_PROJECT_ROOT/src/_utils/_git_secret_tools_osx.sh"
 
 # Constants:
 FIXTURES_DIR="$BATS_TEST_DIRNAME/fixtures"
@@ -74,8 +77,14 @@ function stop_gpg_agent {
     ps -l -u "$username" | gawk \
       '/gpg-agent/ { if ( $0 !~ "awk" ) { system("kill "$1) } }' >> "$TEST_GPG_OUTPUT_FILE" 2>&1
   else
-    ps -wx -U "$username" | gawk \
-      '/gpg-agent --homedir/ { if ( $0 !~ "awk" ) { system("kill "$1) } }' >> "$TEST_GPG_OUTPUT_FILE" 2>&1 
+    local ps_is_busybox
+    ps_is_busybox=_exe_is_busybox "ps"
+    if [[ $ps_is_busybox -eq "1" ]]; then
+      echo "# git-secret: tests: not stopping gpg-agent on busybox" >&3
+    else
+      ps -wx -U "$username" | gawk \
+        '/gpg-agent --homedir/ { if ( $0 !~ "awk" ) { system("kill "$1) } }' >> "$TEST_GPG_OUTPUT_FILE" 2>&1
+    fi
   fi
 }
 

tests/test_hide.bats

@@ -58,7 +58,6 @@ function teardown {
 }
 
 @test "run 'hide' with '-P'" {
-
   # attempt to alter permissions on input file
   chmod o-rwx "$FILE_TO_HIDE"
 
@@ -74,15 +73,12 @@ function teardown {
   local encrypted_file=$(_get_encrypted_filename "$FILE_TO_HIDE")
   [ -f "$encrypted_file" ]
 
-  # permissions should match. We don't have access to SECRETS_OCTAL_PERMS_COMMAND here
+  ## permissions should match.  We skip below test for now because ls -l doesn't return permissions on busybox
   local secret_perm
   local file_perm   
-  secret_perm=$(ls -l "$encrypted_file" | cut -d' ' -f1)    
-  file_perm=$(ls -l "$FILE_TO_HIDE" | cut -d' ' -f1)
-
-  # text prefixed with '# ' and sent to file descriptor 3 is 'diagnostic' (debug) output for devs
+  file_perm=$($SECRETS_OCTAL_PERMS_COMMAND "$FILE_TO_HIDE")
+  secret_perm=$($SECRETS_OCTAL_PERMS_COMMAND "$encrypted_file")
   #echo "# '$BATS_TEST_DESCRIPTION': $secret_perm, file_perm: $file_perm" >&3
-
   [ "$secret_perm" = "$file_perm" ]
 
 }

tests/test_reveal.bats

@@ -85,14 +85,12 @@ function teardown {
 
   [ "$status" -eq 0 ]
 
+  ## permissions should match.  We skip below test for now because ls -l doesn't return permissions on busybox
   local secret_perm
   local file_perm
-  secret_perm=$(ls -l "$FILE_TO_HIDE$SECRETS_EXTENSION" | cut -d' ' -f1)
-  file_perm=$(ls -l "$FILE_TO_HIDE" | cut -d' ' -f1)
-
-  # text prefixed with '# ' and sent to file descriptor 3 is 'diagnostic' (debug) output for devs
+  file_perm=$($SECRETS_OCTAL_PERMS_COMMAND "$FILE_TO_HIDE")
+  secret_perm=$($SECRETS_OCTAL_PERMS_COMMAND "$FILE_TO_HIDE$SECRETS_EXTENSION")
   #echo "# secret_perm: $secret_perm, file_perm: $file_perm" >&3    
-
   [ "$secret_perm" = "$file_perm" ]
 
   [ -f "$FILE_TO_HIDE" ]