Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

api: don't download files as root when Homebrew's not owned by root. #14782

Merged
merged 2 commits into from Feb 23, 2023
Merged

api: don't download files as root when Homebrew's not owned by root. #14782

merged 2 commits into from Feb 23, 2023

Conversation

MikeMcQuaid
Copy link
Member

This was mentioned in a random comment. While we're here, make some helper functions to query this a bit more nicely elsewhere when we do it.

@MikeMcQuaid
api: don't download files as root when Homebrew's not owned by root.
2884b16 
This was mentioned in a random comment. While we're here, make some
helper functions to query this a bit more nicely elsewhere when we do
it.
@MikeMcQuaid MikeMcQuaid added the critical Critical change which should be shipped as soon as possible. label Feb 23, 2023
@BrewTestBot
Copy link
Member

Review period skipped due to critical label.

@MikeMcQuaid MikeMcQuaid changed the title aapi: don't download files as root when Homebrew's not owned by root. api: don't download files as root when Homebrew's not owned by root. Feb 23, 2023
Bo98
Bo98 approved these changes Feb 23, 2023
View reviewed changes
Library/Homebrew/api.rb Outdated Show resolved Hide resolved
@MikeMcQuaid @Bo98
api: improve root messaging.
57ef4af 
Co-authored-by: Bo Anderson <mail@boanderson.me>
@MikeMcQuaid MikeMcQuaid merged commit 68859ae into Homebrew:master Feb 23, 2023
@MikeMcQuaid MikeMcQuaid deleted the running_as_root_but_not_owned_by_root branch February 23, 2023 13:34
@gromgit gromgit mentioned this pull request Feb 25, 2023
Closed
@laggardkernel
Copy link

This fix may break the use of sudo brew servcies. Are you decided to drop sudo brew completely? I just wanna start a services using a privileged port, port 53.

❯ sudo brew services restart adguardhome
Password:
Error: Need to download https://formulae.brew.sh/api/formula.jws.json but cannot as root! Run `brew update` without `sudo` first then try again.

@Bo98
Copy link
Member

Bo98 commented Feb 25, 2023
edited

No, this message only appears if the file doesn't exist in the cache (or is empty). The cache never expires.

You can't use sudo for the first time the file is created as it will prevent it being updated when you later don't use sudo. But after the first run the file should stay around permanently.

@laggardkernel
Copy link

I just find out the cause. HOMEBREW_CACHE is not respected when using sudo. After I made a copy of formula.jws.json to the default location ~/Library/Caches/Homebrew/api/, the error above disappeared.

@carlocab
Copy link
Member

sudo will clear most environment variables when running. You'll need to adjust your sudo invocation or configuration if you need HOMEBREW_CACHE to be preserved when running sudo.

@michael1900
Copy link

I just find out the cause. HOMEBREW_CACHE is not respected when using sudo. After I made a copy of formula.jws.json to the default location ~/Library/Caches/Homebrew/api/, the error above disappeared.

How to make this copy? Please help me to fix this, i need it to restart dnscrypt.

@laggardkernel
Copy link

@michael1900 I don't think we encountered the same problem. The current implementation is to download the services api related jws using brew update without sudo. sudo brew services depends on this very jws file.

In my case, I set HOMEBREW_CACHE to a custom location ~/.cache/homebrew. Since HOMEBREW_CACHE environment variable is not inherited bysudo, it fails to find this jws file.

@github-actions github-actions bot added the outdated PR was locked due to age label Apr 7, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Apr 7, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@Bo98 Bo98 Bo98 approved these changes

@BrewTestBot BrewTestBot BrewTestBot approved these changes

Assignees
No one assigned
Labels
critical Critical change which should be shipped as soon as possible. outdated PR was locked due to age
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@MikeMcQuaid @BrewTestBot @laggardkernel @Bo98 @carlocab @michael1900