This repository has been archived by the owner on Apr 14, 2021. It is now read-only.
Fallback to a temp dir when the home directory is not usable #4951
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
segiddins
force-pushed
the
seg-no-writable-home
branch
from
b5bbad4
to
8246923
Compare
| elsif !File.writable?(home) | ||
| warning += "\n * `#{home}` is not writable" | ||
| else | ||
| return Pathname.new(home) |
There was a problem hiding this comment.
This will interrupt begin block, return Pathname.new(home) and will leave @user_home.nil?
There was a problem hiding this comment.
In other words, in case of happy path @user_home will remain nil and lines 149..159 will be executed every-time on #user_home call.
| def user_bundle_path | ||
| Pathname.new(Bundler.rubygems.user_home).join(".bundle") | ||
| Pathname.new(user_home).join(".bundle") |
There was a problem hiding this comment.
user_name is Pathname already. So it should be safe to leave user_home.join(".bundle")
|
@segiddins ping |
|
I took a day off of working, I'll answer tomorrow |
| @@ -13,6 +17,7 @@ def confirm(message, newline = nil) | |||
| end | |||
|
|
|||
| def warn(message, newline = nil) | |||
| @warnings |= [message] | |||
There was a problem hiding this comment.
Sorry, I accidentally removed @indirect's comment. Original comment was saying that (recovering from memories):
Seems like this means message will never be garbage collected.
There was a problem hiding this comment.
until the Silent instance is deallocated, yes
There was a problem hiding this comment.
How do you feel about making this a Set instead of using the (esoteric and relatively confusing) |= operator?
There was a problem hiding this comment.
How do you feel about using a Set instead of the (esoteric and relatively confusing) |= operator?
There was a problem hiding this comment.
That's fine, I think I was just copying what the Shell class did
|
This is my preferred implementation of a fix for #4778, once the comments are addressed. Thanks! 👍 |
|
Looks good. I didn't realize that |
|
📌 Commit 2ac0c51 has been approved by |
homu
added a commit
that referenced
this pull request
Sep 30, 2016
Fallback to a temp dir when the home directory is not usable Closes #4778 This is an alternative to #4886 \c @allenzhao @indirect
|
☀️ Test successful - status |
This was referenced Jan 26, 2017
robdimarco
pushed a commit
to robdimarco/pdfkit
that referenced
this pull request
Feb 3, 2017
In Bundler 1.14, there was a [merged pull request](rubygems/bundler#4951) that introduced new functionality. When running `bundle` if the location specified in `Bundler.rubygems.user_home` has a problem (e.g. does not exist, is not writable, is not a directory), it prints out a warning message to STDOUT. You can see an example by running in bash: ``` gem install bundler --version 1.14.3 echo "source 'https://rubygems.org';\ngem 'wkhtmltopdf-binary-edge'" > Gemfile bundle install --path vendor/bundle HOME=/no/directory/found bundle exec which wkhtmltopdf ``` When run, you can see the output looks something like: ``` Your home directory is not set properly: * `/no/directory/found` is not a directory Bundler will use `/var/folders/wj/q7cqmwds75z3ndcdxrmpd9gh0000gn/T/bundler/home/rdimarco` as your home directory temporarily ``` The problem is that the [output from `bundle exec which wkhtmltopdf`] (https://github.com/pdfkit/pdfkit/blob/master/lib/pdfkit/configuration.rb#L26) is used to determine the path to the default `wkhtmltopdf` executable. So since there is the warning included in the output, the executable path contains the warning messages and is not valid. This commit will look at the lines returned by the `witch` statement and will return the first file path that it finds, ignoring the warning messages.
h-lame
added a commit
to alphagov/govuk-puppet
that referenced
this pull request
Mar 7, 2017
In bundler 1.14.0 a feature was added to fallback to a /tmp dir if the user's home dir is not writable (see: rubygems/bundler#4951). As part of this feature bundler outputs a warning that it is doing this. When our check_uricorn_workers script is run by the nagios user it runs a ruby script via bundler using an empty environment which means it has no $HOME env var set. This triggers the warning, which unfortunately goes to stdout and interferes with our script which expects the output to be a number and treats anything else as an error state. If we specify a HOME var when running the ruby script we avoid the problem. We follow the example for setting GOVUK_APP_LOGROOT to /tmp and do the same as this will be globally writable, and hopefully we don't actually have to write anything to run the short ruby script.
brodock
added a commit
to brodock/bundler
that referenced
this pull request
May 23, 2018
When home directory is not writable, but the required .gem and .bundle are, we should use then instead of falling back to use tempdirs. This creates a workaround for more restrictive setups using Omnibus Docker or any hardened setup, to overcome the annoyances introduced by rubygems#4951.
brodock
added a commit
to brodock/bundler
that referenced
this pull request
May 23, 2018
When home directory is not writable, but the required .gem and .bundle are, we should use them instead of falling back to use tempdirs. This creates a workaround for more restrictive setups using Omnibus Docker or any hardened setup, to overcome the annoyances introduced by rubygems#4951.
brodock
added a commit
to brodock/bundler
that referenced
this pull request
May 23, 2018
When home directory is not writable, but the required .gem and .bundle are, we should use them instead of falling back to use tempdirs. This creates a workaround for more restrictive setups using Omnibus Docker or any hardened setup, to overcome the annoyances introduced by rubygems#4951.
brodock
added a commit
to brodock/bundler
that referenced
this pull request
May 23, 2018
When home directory is not writable, but the required .gem and .bundle are, we should use them instead of falling back to use tempdirs. This creates a workaround for more restrictive setups using Omnibus Docker or any hardened setup, to overcome the annoyances introduced by rubygems#4951.
brodock
added a commit
to brodock/bundler
that referenced
this pull request
May 23, 2018
When home directory is not writable, but the required .gem and .bundle are, we should use them instead of falling back to use tempdirs. This creates a workaround for more restrictive setups using Omnibus Docker or any hardened setup, to overcome the annoyances introduced by rubygems#4951.
|
I would love to have an initial review here #6550 It implements a workaround for more hardened installations like omnibus bundled software, where home might not be owned or writable by the user, but would still have required |
brodock
added a commit
to brodock/bundler
that referenced
this pull request
May 23, 2018
When home directory is not writable, but the required .gem and .bundle are, we should use them instead of falling back to use tempdirs. This creates a workaround for more restrictive setups using Omnibus Docker or any hardened setup, to overcome the annoyances introduced by rubygems#4951.
brodock
added a commit
to brodock/bundler
that referenced
this pull request
May 23, 2018
When home directory is not writable, but the required .gem and .bundle are, we should use them instead of falling back to use tempdirs. This creates a workaround for more restrictive setups using Omnibus Docker or any hardened setup, to overcome the annoyances introduced by rubygems#4951.
brodock
added a commit
to brodock/bundler
that referenced
this pull request
May 25, 2018
When home directory is not writable, but the required .bundle is, we should use it instead of falling back to use tempdirs. This creates a workaround for more restrictive setups using Omnibus Docker or any hardened setup, to overcome the annoyances introduced by rubygems#4951.
brodock
added a commit
to brodock/bundler
that referenced
this pull request
May 25, 2018
When home directory is not writable, but the required .bundle is, we should use it instead of falling back to use tempdirs. This creates a workaround for more restrictive setups using Omnibus Docker or any hardened setup, to overcome the annoyances introduced by rubygems#4951.
brodock
added a commit
to brodock/bundler
that referenced
this pull request
Jun 12, 2018
When home directory is not writable, but the required .bundle is, we should use it instead of falling back to use tempdirs. This creates a workaround for more restrictive setups using Omnibus Docker or any hardened setup, to overcome the annoyances introduced by rubygems#4951.
bundlerbot
added a commit
that referenced
this pull request
Jun 12, 2018
…dale Don't fallback to tempdir when required directories exist. ### What was the end-user problem that led to this PR? When running Omnibus packaged software with updated bundler, a warning is displayed because the home folder is not owned by the user: ``` `/var/opt/gitlab` is not writable. Bundler will use `/tmp/bundler/home/root' as your home directory temporarily. ``` There are valid reasons why this is desired, and I don't have control over it. What I can do is create the required folders used by bundler and provide them with the right permissions. See #6546 ### What was your diagnosis of the problem? In practice instead of asking for permission on a higher level, if required folders are present and they have the right permissions, we shouldn't fallback to warning + temp directory, we should just use what is provided. ### What is your fix for the problem, implemented in this PR? When home directory is not writable, but the required .gem and .bundle are, we should use them instead of falling back to use tempdirs. This creates a workaround for more restrictive setups using Omnibus Docker or any hardened setup, to overcome the annoyances introduced by #4951. ### Why did you choose this fix out of the possible options? This allows for distributions, package maintainers, etc to provide an alternative while keeping their hardenings requirements. When provided the required folders with the required ownership/permission, we should not bother by not having any write permissions on the `$HOME` directory.
colby-swandale
pushed a commit
that referenced
this pull request
Jul 10, 2018
…dale Don't fallback to tempdir when required directories exist. ### What was the end-user problem that led to this PR? When running Omnibus packaged software with updated bundler, a warning is displayed because the home folder is not owned by the user: ``` `/var/opt/gitlab` is not writable. Bundler will use `/tmp/bundler/home/root' as your home directory temporarily. ``` There are valid reasons why this is desired, and I don't have control over it. What I can do is create the required folders used by bundler and provide them with the right permissions. See #6546 ### What was your diagnosis of the problem? In practice instead of asking for permission on a higher level, if required folders are present and they have the right permissions, we shouldn't fallback to warning + temp directory, we should just use what is provided. ### What is your fix for the problem, implemented in this PR? When home directory is not writable, but the required .gem and .bundle are, we should use them instead of falling back to use tempdirs. This creates a workaround for more restrictive setups using Omnibus Docker or any hardened setup, to overcome the annoyances introduced by #4951. ### Why did you choose this fix out of the possible options? This allows for distributions, package maintainers, etc to provide an alternative while keeping their hardenings requirements. When provided the required folders with the required ownership/permission, we should not bother by not having any write permissions on the `$HOME` directory. (cherry picked from commit 31b53cf)
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #4778
This is an alternative to #4886
\c @allenzhao @indirect