Skip to content
This repository has been archived by the owner on Apr 14, 2021. It is now read-only.

Fallback to a temp dir when the home directory is not usable #4951

Merged
merged 5 commits into from
Sep 30, 2016

Conversation

segiddins
Copy link
Member

Closes #4778
This is an alternative to #4886
\c @allenzhao @indirect

@segiddins segiddins force-pushed the seg-no-writable-home branch from b5bbad4 to 8246923 Compare September 7, 2016 12:22
elsif !File.writable?(home)
warning += "\n * `#{home}` is not writable"
else
return Pathname.new(home)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will interrupt begin block, return Pathname.new(home) and will leave @user_home.nil?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In other words, in case of happy path @user_home will remain nil and lines 149..159 will be executed every-time on #user_home call.

def user_bundle_path
Pathname.new(Bundler.rubygems.user_home).join(".bundle")
Pathname.new(user_home).join(".bundle")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

user_name is Pathname already. So it should be safe to leave user_home.join(".bundle")

@indirect
Copy link
Member

@segiddins ping

@segiddins
Copy link
Member Author

I took a day off of working, I'll answer tomorrow

@@ -13,6 +17,7 @@ def confirm(message, newline = nil)
end

def warn(message, newline = nil)
@warnings |= [message]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, I accidentally removed @indirect's comment. Original comment was saying that (recovering from memories):

Seems like this means message will never be garbage collected.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

until the Silent instance is deallocated, yes

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How do you feel about making this a Set instead of using the (esoteric and relatively confusing) |= operator?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How do you feel about using a Set instead of the (esoteric and relatively confusing) |= operator?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's fine, I think I was just copying what the Shell class did

@indirect
Copy link
Member

This is my preferred implementation of a fix for #4778, once the comments are addressed. Thanks! 👍

@indirect
Copy link
Member

Looks good. I didn't realize that Dir.tmpdir returned the same directory across processes! 👍
@homu r+

@homu
Copy link
Contributor

homu commented Sep 30, 2016

📌 Commit 2ac0c51 has been approved by indirect

@homu
Copy link
Contributor

homu commented Sep 30, 2016

⌛ Testing commit 2ac0c51 with merge c899153...

homu added a commit that referenced this pull request Sep 30, 2016
Fallback to a temp dir when the home directory is not usable

Closes #4778
This is an alternative to #4886
\c @allenzhao @indirect
@homu
Copy link
Contributor

homu commented Sep 30, 2016

☀️ Test successful - status

@homu homu merged commit 2ac0c51 into master Sep 30, 2016
@coilysiren coilysiren modified the milestone: 1.13 - Release 1.13.2 Sep 30, 2016
@segiddins segiddins deleted the seg-no-writable-home branch December 27, 2016 05:28
robdimarco pushed a commit to robdimarco/pdfkit that referenced this pull request Feb 3, 2017
In Bundler 1.14, there was a [merged pull request](rubygems/bundler#4951) that introduced new functionality. When running `bundle` if the location specified in `Bundler.rubygems.user_home` has a problem (e.g. does not exist, is not writable, is not a directory), it prints out a warning message to STDOUT.

You can see an example by running in bash:

```
gem install bundler --version 1.14.3
echo "source 'https://rubygems.org';\ngem 'wkhtmltopdf-binary-edge'" > Gemfile
bundle install --path vendor/bundle

HOME=/no/directory/found bundle exec which wkhtmltopdf
```

When run, you can see the output looks something like:

```
Your home directory is not set properly:
 * `/no/directory/found` is not a directory

Bundler will use `/var/folders/wj/q7cqmwds75z3ndcdxrmpd9gh0000gn/T/bundler/home/rdimarco` as your home directory temporarily
```

The problem is that the [output from `bundle exec which wkhtmltopdf`] (https://github.com/pdfkit/pdfkit/blob/master/lib/pdfkit/configuration.rb#L26) is used to determine the path to the default `wkhtmltopdf` executable.

So since there is the warning included in the output, the executable path contains the warning messages and is not valid.

This commit will look at the lines returned by the `witch` statement and will return the first file path that it finds, ignoring the warning messages.
h-lame added a commit to alphagov/govuk-puppet that referenced this pull request Mar 7, 2017
In bundler 1.14.0 a feature was added to fallback to a /tmp dir if the user's
home dir is not writable (see: rubygems/bundler#4951).
As part of this feature bundler outputs a warning that it is doing this.  When
our check_uricorn_workers script is run by the nagios user it runs a ruby script
via bundler using an empty environment which means it has no $HOME env var set.
This triggers the warning, which unfortunately goes to stdout and interferes
with our script which expects the output to be a number and treats anything else
as an error state.

If we specify a HOME var when running the ruby script we avoid the problem.  We
follow the example for setting GOVUK_APP_LOGROOT to /tmp and do the same as this
will be globally writable, and hopefully we don't actually have to write
anything to run the short ruby script.
brodock added a commit to brodock/bundler that referenced this pull request May 23, 2018
When home directory is not writable, but the required .gem and .bundle
are, we should use then instead of falling back to use tempdirs.

This creates a workaround for more restrictive setups using Omnibus
Docker or any hardened setup, to overcome the annoyances introduced by rubygems#4951.
brodock added a commit to brodock/bundler that referenced this pull request May 23, 2018
When home directory is not writable, but the required .gem and .bundle
are, we should use them instead of falling back to use tempdirs.

This creates a workaround for more restrictive setups using Omnibus
Docker or any hardened setup, to overcome the annoyances introduced by rubygems#4951.
brodock added a commit to brodock/bundler that referenced this pull request May 23, 2018
When home directory is not writable, but the required .gem and .bundle
are, we should use them instead of falling back to use tempdirs.

This creates a workaround for more restrictive setups using Omnibus
Docker or any hardened setup, to overcome the annoyances introduced by rubygems#4951.
brodock added a commit to brodock/bundler that referenced this pull request May 23, 2018
When home directory is not writable, but the required .gem and .bundle
are, we should use them instead of falling back to use tempdirs.

This creates a workaround for more restrictive setups using Omnibus
Docker or any hardened setup, to overcome the annoyances introduced by rubygems#4951.
brodock added a commit to brodock/bundler that referenced this pull request May 23, 2018
When home directory is not writable, but the required .gem and .bundle
are, we should use them instead of falling back to use tempdirs.

This creates a workaround for more restrictive setups using Omnibus
Docker or any hardened setup, to overcome the annoyances introduced by rubygems#4951.
@brodock
Copy link
Contributor

brodock commented May 23, 2018

I would love to have an initial review here #6550

It implements a workaround for more hardened installations like omnibus bundled software, where home might not be owned or writable by the user, but would still have required .bundle and .gem folders with correct permission.

brodock added a commit to brodock/bundler that referenced this pull request May 23, 2018
When home directory is not writable, but the required .gem and .bundle
are, we should use them instead of falling back to use tempdirs.

This creates a workaround for more restrictive setups using Omnibus
Docker or any hardened setup, to overcome the annoyances introduced by rubygems#4951.
brodock added a commit to brodock/bundler that referenced this pull request May 23, 2018
When home directory is not writable, but the required .gem and .bundle
are, we should use them instead of falling back to use tempdirs.

This creates a workaround for more restrictive setups using Omnibus
Docker or any hardened setup, to overcome the annoyances introduced by rubygems#4951.
brodock added a commit to brodock/bundler that referenced this pull request May 25, 2018
When home directory is not writable, but the required .bundle is,
we should use it instead of falling back to use tempdirs.

This creates a workaround for more restrictive setups using Omnibus
Docker or any hardened setup, to overcome the annoyances introduced by rubygems#4951.
brodock added a commit to brodock/bundler that referenced this pull request May 25, 2018
When home directory is not writable, but the required .bundle is,
we should use it instead of falling back to use tempdirs.

This creates a workaround for more restrictive setups using Omnibus
Docker or any hardened setup, to overcome the annoyances introduced by rubygems#4951.
brodock added a commit to brodock/bundler that referenced this pull request Jun 12, 2018
When home directory is not writable, but the required .bundle is,
we should use it instead of falling back to use tempdirs.

This creates a workaround for more restrictive setups using Omnibus
Docker or any hardened setup, to overcome the annoyances introduced by rubygems#4951.
bundlerbot added a commit that referenced this pull request Jun 12, 2018
…dale

Don't fallback to tempdir when required directories exist.

### What was the end-user problem that led to this PR?

When running Omnibus packaged software with updated bundler, a warning is displayed because the home folder is not owned by the user:

```
`/var/opt/gitlab` is not writable.
Bundler will use `/tmp/bundler/home/root' as your home directory temporarily.
```

There are valid reasons why this is desired, and I don't have control over it. What I can do is create the required folders used by bundler and provide them with the right permissions.

See #6546

### What was your diagnosis of the problem?

In practice instead of asking for permission on a higher level, if required folders are present and they have the right permissions, we shouldn't fallback to warning + temp directory, we should just use what is provided.

### What is your fix for the problem, implemented in this PR?

When home directory is not writable, but the required .gem and .bundle
are, we should use them instead of falling back to use tempdirs.

This creates a workaround for more restrictive setups using Omnibus
Docker or any hardened setup, to overcome the annoyances introduced by #4951.

### Why did you choose this fix out of the possible options?

This allows for distributions, package maintainers, etc to provide an alternative while keeping their hardenings requirements.

When provided the required folders with the required ownership/permission, we should not bother by not having any write permissions on the `$HOME` directory.
colby-swandale pushed a commit that referenced this pull request Jul 10, 2018
…dale

Don't fallback to tempdir when required directories exist.

### What was the end-user problem that led to this PR?

When running Omnibus packaged software with updated bundler, a warning is displayed because the home folder is not owned by the user:

```
`/var/opt/gitlab` is not writable.
Bundler will use `/tmp/bundler/home/root' as your home directory temporarily.
```

There are valid reasons why this is desired, and I don't have control over it. What I can do is create the required folders used by bundler and provide them with the right permissions.

See #6546

### What was your diagnosis of the problem?

In practice instead of asking for permission on a higher level, if required folders are present and they have the right permissions, we shouldn't fallback to warning + temp directory, we should just use what is provided.

### What is your fix for the problem, implemented in this PR?

When home directory is not writable, but the required .gem and .bundle
are, we should use them instead of falling back to use tempdirs.

This creates a workaround for more restrictive setups using Omnibus
Docker or any hardened setup, to overcome the annoyances introduced by #4951.

### Why did you choose this fix out of the possible options?

This allows for distributions, package maintainers, etc to provide an alternative while keeping their hardenings requirements.

When provided the required folders with the required ownership/permission, we should not bother by not having any write permissions on the `$HOME` directory.

(cherry picked from commit 31b53cf)
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants