fix(root): validate rootful execution with the actual sudo program

Author: balanza

internal/cli/assemble.go

@@ -102,7 +102,7 @@ func assembleAction(ctx context.Context, cmd *cli.Command, cfg *config.Values, d
 	// if at least one item in the manifest requires root, validate sudo before proceeding
 	for _, item := range manifest {
 		if item.Root {
-			if err := rootful.Validate(ctx); err != nil {
+			if err := rootful.Validate(ctx, cmd.String("sudo-command")); err != nil {
 				return fmt.Errorf("cannot run in root mode: %w", err)
 			}
 			break

internal/cli/root.go

@@ -146,7 +146,7 @@ func withRoot(_ *config.Values, cmd *cli.Command) *cli.Command {
 			}
 		}
 		if c.Bool("root") {
-			if err := rootful.Validate(ctx); err != nil {
+			if err := rootful.Validate(ctx, c.String("sudo-command")); err != nil {
 				return nil, fmt.Errorf("cannot run in root mode: %w", err)
 			}
 		}

internal/rootful/rootful.go

@@ -1,5 +1,5 @@
 // Package rootful provides utilities for running operations that require
-// root privileges via sudo.
+// root privileges via a configurable sudo command.
 package rootful
 
 import (
@@ -12,22 +12,28 @@ import (
 
 //nolint:gochecknoglobals // singleton: process-wide memoization is the intent
 var (
-	validateOnce sync.Once
-	errValidate  error
+	validateOnce      sync.Once
+	errValidate       error
+	cachedSudoCommand string
 )
 
-// Validate ensures that sudo is available and the user can elevate.
-// It runs `sudo -v` at most once per process: the first call performs the
-// check and caches the result; subsequent calls return the cached result
-// without re-running the command.
-func Validate(ctx context.Context) error {
+// Validate ensures that sudoCommand is available and the user can elevate.
+// It runs `<sudoCommand> -v` at most once per process: the first call performs
+// the check and caches the result; subsequent calls return the cached result
+// without re-running the command. Passing a different sudoCommand after the
+// first call is a programming error and returns an explicit error.
+func Validate(ctx context.Context, sudoCommand string) error {
+	if cachedSudoCommand != "" && cachedSudoCommand != sudoCommand {
+		return fmt.Errorf("sudoCommand mismatch: already validated with %q, got %q", cachedSudoCommand, sudoCommand)
+	}
 	validateOnce.Do(func() {
-		cmd := exec.CommandContext(ctx, "sudo", "-v")
+		cachedSudoCommand = sudoCommand
+		cmd := exec.CommandContext(ctx, sudoCommand, "-v")
 		cmd.Stdin = os.Stdin
 		cmd.Stdout = os.Stdout
 		cmd.Stderr = os.Stderr
 		if err := cmd.Run(); err != nil {
-			errValidate = fmt.Errorf("failed to validate sudo: %w", err)
+			errValidate = fmt.Errorf("failed to validate %q: %w", sudoCommand, err)
 		}
 	})
 	return errValidate

internal/rootful/rootful_internal_test.go

@@ -0,0 +1,54 @@
+package rootful
+
+import (
+	"context"
+	"sync"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func resetState() {
+	validateOnce = sync.Once{}
+	errValidate = nil
+	cachedSudoCommand = ""
+}
+
+func TestValidate_Success(t *testing.T) {
+	resetState()
+	t.Cleanup(resetState)
+
+	err := Validate(context.Background(), "true")
+	require.NoError(t, err)
+}
+
+func TestValidate_Failure(t *testing.T) {
+	resetState()
+	t.Cleanup(resetState)
+
+	err := Validate(context.Background(), "false")
+	require.Error(t, err)
+	assert.Contains(t, err.Error(), `"false"`)
+}
+
+func TestValidate_CachesResult(t *testing.T) {
+	resetState()
+	t.Cleanup(resetState)
+
+	require.NoError(t, Validate(context.Background(), "true"))
+	require.NoError(t, Validate(context.Background(), "true"))
+}
+
+func TestValidate_MismatchedCommand(t *testing.T) {
+	resetState()
+	t.Cleanup(resetState)
+
+	require.NoError(t, Validate(context.Background(), "true"))
+
+	err := Validate(context.Background(), "false")
+	require.Error(t, err)
+	assert.Contains(t, err.Error(), "mismatch")
+	assert.Contains(t, err.Error(), `"true"`)
+	assert.Contains(t, err.Error(), `"false"`)
+}