Skip to content
This repository has been archived by the owner on Apr 14, 2021. It is now read-only.

ensure $HOME and Dir.tmpdir are writable #5954

Merged

Conversation

ajwann
Copy link
Contributor

@ajwann ajwann commented Aug 19, 2017

Fixes #5518

What was the end-user problem that led to this PR?

A user had issues installing gems due to a permissions issue on the temp dir, because
Bundler was not checking for proper permissions on the temp directory or $HOME.

What was your diagnosis of the problem?

After discussing the issue with @colby-swandale, the solution was to check permissions on $HOME and the tmpdir.

What is your fix for the problem, implemented in this PR?

The creation of the temp dir is now wrapped in the block passed to filesystem_access, so filesystem_access will rescue the Errno::EACCES exception which is thrown if the effective user of the bundler process doesn't have sufficient permissions to create the temp dir.

Why did you choose this fix out of the possible options?

I chose this fix because it's what was discussed in the original issue thread.

@colby-swandale
Copy link
Member

So i have caused some confusion here, i'm really sorry for that 🙇. In regards to checking the permissions of the $HOME directory, Bundler already has a mechanism to deal with that scenario. So we don't need to worry about it.

@ajwann
Copy link
Contributor Author

ajwann commented Aug 20, 2017

No worries, I will remove the validation on $HOME, and just leave the validation on the temp directory.

# Fastly ignores Range when Accept-Encoding: gzip is set
headers["Accept-Encoding"] = "gzip"
end
Bundler::SharedHelpers.filesystem_access(Dir.tmpdir, :write) do
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dir.tmpdir and Dir.mktmpdir are different folders, see:

› irb
irb(main):001:0> require 'tmpdir'
=> true
irb(main):002:0> Dir.tmpdir
=> "/var/folders/8q/r499202j3pvgyhpm1nq8n5fw0000gn/T"
irb(main):003:0> Dir.mktmpdir("bundler-compact-index") { |dir| puts dir }
/var/folders/8q/r499202j3pvgyhpm1nq8n5fw0000gn/T/bundler-compact-index20170820-60920-8s1n97
=> nil

This is important because Bundler typically prints the path to the folder in the error that is given back to the user:

› dbundler install
There was an error while trying to write to `foo`. There was insufficient space remaining on the
device.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In that case I can create the temp dir with Dir.mktmpdir("bundler-compact-index-") before calling filesystem_access, and then pass it to filesystem_access.

Copy link
Contributor Author

@ajwann ajwann Aug 20, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually I don't think that will work. If Dir.mktmpdir fails outside of the filesystem_access block, the exception won't be caught.

I could just rescue the Errno::EACCES exception when it's raised by Dir.mktmpdir, and re-raisse it inside the filesystem_access block.

Update: the above solution seems to be a catch-22. I can't call filesystem_access without a directory, and I can't create that temp directory without calling Dir.mktmpdir. If the bundler process doesn't have permission to create that temp directory, it raises Errno::EACCES. I think the best thing I can do in this case is to not use filesystem_access at all, and just rescue Errno::EACCES.

@ajwann ajwann force-pushed the check-permissions-for-client-index-dir branch 3 times, most recently from 224ce87 to 1813716 Compare August 22, 2017 21:28
@ajwann ajwann force-pushed the check-permissions-for-client-index-dir branch from 1813716 to 008537d Compare August 27, 2017 14:57

response = @fetcher.call(remote_path, headers)
return nil if response.is_a?(Net::HTTPNotModified)
local_temp_dir = create_tmpdir
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

moving away from the block form to this will no longer clean up the tmpdir, can we ensure that we remove the directory if it exists?

Copy link
Contributor Author

@ajwann ajwann Sep 10, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In that case I think it would be best if I still called Dir.mktmpdir with the block, and just rescued Errno::EACCES within the update method if the call to Dir.mktmpdir raises an exception.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sure

@segiddins
Copy link
Member

Awesome!
@bundlerbot r+

@bundlerbot
Copy link
Collaborator

📌 Commit 932ea90 has been approved by segiddins

@bundlerbot
Copy link
Collaborator

⌛ Testing commit 932ea90 with merge 4897ee9...

bundlerbot added a commit that referenced this pull request Sep 10, 2017
…r=segiddins

ensure $HOME and Dir.tmpdir are writable

Fixes #5518

### What was the end-user problem that led to this PR?
A user had issues installing gems due to a permissions issue on the temp dir, because
Bundler was not checking for proper permissions on the temp directory or $HOME.

### What was your diagnosis of the problem?
After discussing the issue with @colby-swandale, the solution was to check permissions on $HOME and the ```tmpdir```.

### What is your fix for the problem, implemented in this PR?
The creation of the [temp dir](https://github.com/bundler/bundler/blob/master/lib/bundler/compact_index_client/updater.rb#L31) is now wrapped in the block passed to ```filesystem_access```, so ```filesystem_access``` will rescue the ```Errno::EACCES``` exception which is thrown if the effective user of the bundler process doesn't have sufficient permissions to create the temp dir.

### Why did you choose this fix out of the possible options?
I chose this fix because it's what was discussed in the original issue thread.
@bundlerbot
Copy link
Collaborator

☀️ Test successful - status-travis
Approved by: segiddins
Pushing 4897ee9 to master...

@bundlerbot bundlerbot merged commit 932ea90 into rubygems:master Sep 10, 2017
@colby-swandale colby-swandale modified the milestone: 1.16.6 Oct 2, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Permission denied issue that was reportedly fixed in previous update still exists
4 participants