cdist/version.py needs rw permissions #262

New Issue

ungleich-gitea · 2021-11-20T15:22:48Z

ungleich-gitea commented

2021-11-20 15:22:48 +00:00

Created by: tositrino

cdist/version.py needs rw permissions

to update the version build-helper writes into cdist/version.py .

this fails if one calls cdist from a system wide cdist installation as arbitrary user without having write permission on cdist/version.py.

to prevent this one can do

chmod rgo+rw cdist/version.py (just don't)
adjust group settings or setup some fancy acls for the "allowed users"
force all users to install cdist themselves
patch build-helper so it won't fail when writing fails (see below)

IMHO an application should never have to write to its own installation
path after installation, it should always use places or mechanism offered
by the OS.

So my proposed fix would be the patch below and the advice to run

sudo cdist --version

after each installation or cdist version change to have the correct version reported.

ths

--- proposed patch

diff --git a/bin/build-helper b/bin/build-helper
index 34c9bc3..54940ab 100755
--- a/bin/build-helper
+++ b/bin/build-helper
@@ -184,7 +184,7 @@ eof
     ;;
 
     version)
-        echo "VERSION = \"$(git describe)\"" > cdist/version.py
+        [ -w cdist/version.py ] && echo "VERSION = \"$(git describe)\"" > cdist/version.py
     ;;
 
     *)

*Created by: tositrino* # cdist/version.py needs rw permissions to update the version build-helper writes into <code>cdist/version.py</code> . this fails if one calls cdist from a system wide cdist installation as arbitrary user without having write permission on cdist/version.py. to prevent this one can do - chmod rgo+rw cdist/version.py (<b>just don't</b>) - adjust group settings or setup some fancy acls for the "allowed users" - force all users to install cdist themselves - patch build-helper so it won't fail when writing fails (see below) IMHO an application should never have to write to its own installation path <b>after</b> installation, it should always use places or mechanism offered by the OS. So my proposed fix would be the patch below and the advice to run <pre>sudo cdist --version </pre> after each installation or cdist version change to have the correct version reported. ths --- proposed patch <pre> diff --git a/bin/build-helper b/bin/build-helper index 34c9bc3..54940ab 100755 --- a/bin/build-helper +++ b/bin/build-helper @@ -184,7 +184,7 @@ eof ;; version) - echo "VERSION = \"$(git describe)\"" > cdist/version.py + [ -w cdist/version.py ] && echo "VERSION = \"$(git describe)\"" > cdist/version.py ;; *) </pre>

ungleich-gitea closed this issue

2021-11-20 15:22:49 +00:00

ungleich-gitea commented

2021-11-20 15:50:44 +00:00

Created by: telmich

I may have misunderstood you: Are you running a multi user installation from a checkout? If so, this is definitely not intented :-)

If multiple people want to run cdist from a checkout, they should probably clone it themselves.
If multiple people want to run cdist otherwise, the sysadmin shall install cdist using pip (all Linux) or aur (archlinux).

Hope this clarifies the wohlstandsproblem!

Cheers,

Nico

*Created by: telmich* I may have misunderstood you: Are you running a multi user installation from a checkout? If so, this is definitely not intented :-) If multiple people want to run cdist from a checkout, they should probably clone it themselves. If multiple people want to run cdist otherwise, the sysadmin shall install cdist using pip (all Linux) or aur (archlinux). Hope this clarifies the wohlstandsproblem! Cheers, Nico

ungleich-gitea commented

2021-11-20 15:50:45 +00:00

Created by: tositrino

Moin Nico,

yeah i know, i could do 'pip install' or maybe use the checkout and then put
scripts/cdist into my path but to cite 'bin/cdist' :

Wrapper for real script to allow execution from checkout

dir=${0%/*}

this tells me i should be able to call bin/cdist from a checkout via bin/cdist and then
i don't expect to get an error from a simple "cdist --version".

But yeah, this could be considered as a "wohlstandsproblem" but easy to fix as long
as its only the version.py.

background: i am using cdist checkouts via environment modules that are only loaded for a
single cdist run.

cheers,
thorsten

On 13/08/30 12:35 , Nico Schottelius wrote:

Hey!

version.by should not be changed nor should build-helper be involved /after/ cdist has been installed system wide.

How did you install cdist? pip install cdist should not have brought bin/cdist to your path, but scripts/cdist and a pre-built
version.py (see Makefile, release: target).

Cheers,

Nico

—
Reply to this email directly or view it on GitHub https://github.com/telmich/cdist/issues/194#issuecomment-23553140.

*Created by: tositrino* Moin Nico, yeah i know, i could do 'pip install' or maybe use the checkout and then put scripts/cdist into my path but to cite 'bin/cdist' : > > # Wrapper for real script to allow execution from checkout > > dir=${0%/*} this tells me i should be able to call bin/cdist from a checkout via bin/cdist and then i don't expect to get an error from a simple "cdist --version". But yeah, this could be considered as a "wohlstandsproblem" but easy to fix as long as its only the version.py. background: i am using cdist checkouts via environment modules that are only loaded for a single cdist run. cheers, thorsten On 13/08/30 12:35 , Nico Schottelius wrote: > Hey! > > version.by should not be changed nor should build-helper be involved /after/ cdist has been installed system wide. > > How did you install cdist? pip install cdist should not have brought bin/cdist to your path, but scripts/cdist and a pre-built > version.py (see Makefile, release: target). > > Cheers, > > Nico > > — > Reply to this email directly or view it on GitHub https://github.com/telmich/cdist/issues/194#issuecomment-23553140.

ungleich-gitea commented

2021-11-20 15:50:46 +00:00

Created by: telmich

Hey!

version.by should not be changed nor should build-helper be involved after cdist has been installed system wide.

How did you install cdist? pip install cdist should not have brought bin/cdist to your path, but scripts/cdist and a pre-built version.py (see Makefile, release: target).

Cheers,

Nico

*Created by: telmich* Hey! version.by should not be changed nor should build-helper be involved _after_ cdist has been installed system wide. How did you install cdist? pip install cdist should not have brought bin/cdist to your path, but scripts/cdist and a pre-built version.py (see Makefile, release: target). Cheers, Nico

Sign in to join this conversation.