Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Fix UID handling with cask installer script: #17782

Merged
merged 2 commits into from
Jul 17, 2024
Merged

Fix UID handling with cask installer script: #17782

merged 2 commits into from
Jul 17, 2024

Conversation

Bo98
Copy link
Member

@Bo98 Bo98 commented Jul 17, 2024
edited
Loading

Broadly speaking, Homebrew respects EUID and writes all files using that EUID.

When using installer script: this contract may not necessarily be true for third-party scripts, leading to permission issues under setups where EUID != UID. For example, bash scripts by default will respect UID instead unless you use Bash protected mode (bash -p).

In formulae, we already handle this here:

brew/Library/Homebrew/utils/fork.rb

Line 48 in 2cdc092

Process::UID.change_privilege(Process.euid) if Process.euid != Process.uid

This PR adds the same to casks via a reset_uid system_command option. Unfortunately Open3 isn't flexible enough to handle this so we need to replace it with our own implementation.

@Bo98 Bo98 requested a review from carlocab July 17, 2024 04:31
@Bo98 Bo98 force-pushed the system_command-uid branch 3 times, most recently from e0278f3 to f9726db Compare July 17, 2024 05:24
@Bo98 Bo98 force-pushed the system_command-uid branch from f9726db to ec41f66 Compare July 17, 2024 05:33
carlocab
carlocab approved these changes Jul 17, 2024
View reviewed changes
@Bo98 Bo98 merged commit f84b8eb into master Jul 17, 2024
24 checks passed
@Bo98 Bo98 deleted the system_command-uid branch July 17, 2024 15:07
carlocab added a commit that referenced this pull request Jul 17, 2024
@carlocab
download_strategy: fix UID handling for Git submodules
49b2776 
Source builds that use Git checkouts with submodules can choke when the
process UID does not match its EUID.

We can fix this by using the `reset_uid` option added in #17782.
@carlocab carlocab mentioned this pull request Jul 17, 2024
Merged
7 tasks
@MikeMcQuaid
Copy link
Member

Great work here, thanks @Bo98!

ctaintor pushed a commit to ctaintor/brew that referenced this pull request Sep 4, 2024
@carlocab @ctaintor
download_strategy: fix UID handling for Git submodules
408acc1 
Source builds that use Git checkouts with submodules can choke when the
process UID does not match its EUID.

We can fix this by using the `reset_uid` option added in Homebrew#17782.
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@carlocab carlocab carlocab approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Bo98 @MikeMcQuaid @carlocab