Skip to content
This repository has been archived by the owner on Dec 2, 2020. It is now read-only.

Use sudo for installation of problematic casks (e.g. pkg) #22

Closed
johndbritton opened this issue Sep 17, 2014 · 37 comments
Closed

Use sudo for installation of problematic casks (e.g. pkg) #22

johndbritton opened this issue Sep 17, 2014 · 37 comments
Labels

Comments

@johndbritton
Copy link

When I try and install virtualbox using the brewcask provider the install fails. It seems to be failing due to a permissions error. Since virtualbox is a pkg a sudo and password entry is required. The run fails because there's no opportunity to collect the password.

Error: Execution of 'brew cask install virtualbox --appdir=/Applications' returned 1: ==> Downloading http://download.virtualbox.org/virtualbox/4.3.16/VirtualBox-4.3.16-95972-OSX.dmg
Already downloaded: /Library/Caches/Homebrew/virtualbox-4.3.16-95972.dmg
==> Running installer for virtualbox; your password may be necessary.
==> Package installers may write to any location; options such as --appdir are ignored.
Error: Command failed to execute!

==> Failed command:
["/usr/bin/sudo", "-E", "--", "/usr/sbin/installer", "-pkg", "#<Pathname:/opt/homebrew-cask/Caskroom/virtualbox/4.3.16-95972/VirtualBox.pkg>", "-target", "/"]

==> Output of failed command:
sudo: no tty present and no askpass program specified


==> Exit status of failed command:
#<Process::Status: pid 19736 exit 1>
==> sudo: no tty present and no askpass program specified
Error: /Stage[main]/People::Johndbritton::Packages/Package[virtualbox]/ensure: change from absent to present failed: Execution of 'brew cask install virtualbox --appdir=/Applications' returned 1: ==> Downloading http://download.virtualbox.org/virtualbox/4.3.16/VirtualBox-4.3.16-95972-OSX.dmg
Already downloaded: /Library/Caches/Homebrew/virtualbox-4.3.16-95972.dmg
==> Running installer for virtualbox; your password may be necessary.
==> Package installers may write to any location; options such as --appdir are ignored.
Error: Command failed to execute!

==> Failed command:
["/usr/bin/sudo", "-E", "--", "/usr/sbin/installer", "-pkg", "#<Pathname:/opt/homebrew-cask/Caskroom/virtualbox/4.3.16-95972/VirtualBox.pkg>", "-target", "/"]

==> Output of failed command:
sudo: no tty present and no askpass program specified


==> Exit status of failed command:
#<Process::Status: pid 19736 exit 1>
==> sudo: no tty present and no askpass program specified
@johndbritton
Copy link
Author

@phinze I'd be happy to take a stab at fixing this, any ideas for what needs to be done?

@rmchale
Copy link

rmchale commented Oct 23, 2014

Any update on this? I also have this problem.

@lethjakman
Copy link

I've been looking into this issue as well...looks like it's being caused because you can't pass a password to sudo. Perhaps using visudo instead would be a better alternative, or maybe skipping sudo altogether as I don't believe that this solution is using sudo. However, I can't figure out what would be causing the sudo in here. Any help would be appreciated. Thanks!

@ChristinWhite
Copy link

I've been searching through the issues on several different forks and there are a number of people running into this issue; it all seems to happen with any package that requires a sudo (VirtualBox, SublimeText, Xtrafinder) and I've yet to see anyone post any kind of solution so far.

@lethjakman
Copy link

I don't think this should have to require sudo, is there a way we can test the install without it? Or is that something that's happening in the Cask?

@lethjakman
Copy link

Through some experimentation I do believe that it's the sudo that is messing things up. Virtualbox does not need sudo to install through cask, however sublime-text does (because it's trying to symlink into /usr/local/bin). So I think if there's a way to dodge that sudo we can get most of these working.

@johndbritton
Copy link
Author

I'm pretty sure Boxen has a way to run as a privileged user, so rather than invoking sudo directly maybe it's possible to invoke the command while running as root via some puppet parameter.

cc/ @dgoodlad Any ideas / suggestions?

@dgoodlad
Copy link

Puppet's execute method takes a hash of options, one of which is :uid. We could set that to 0 for special casks when necessary.

See https://github.com/phinze/puppet-brewcask/blob/master/lib/puppet/provider/package/brewcask.rb#L87 and https://github.com/puppetlabs/puppet/blob/master/lib/puppet/util/execution.rb#L143

In fact, we could probably modify https://github.com/phinze/puppet-brewcask/blob/master/lib/puppet/provider/package/brewcask.rb#L82-L84 to handle special cases...

@bbck
Copy link

bbck commented Dec 24, 2014

Just tried switching over my personal manifests to installing from homebrew-cask with the latest puppet-boxen release and I'm hitting this issue on a few of my apps.

@radeksimko
Copy link
Contributor

I'd rather see a change being made in brewcask itself, so puppet knows when it's really necessary to use sudo/different uid.

It can be even detected right now by puppet, but the solution would probably waste some time & resources trying first installing the cask with standard uid and then installing the cask again with sudo:
https://github.com/jenkinsci/rpmsign-plugin/blob/master/src/main/java/jenkins/plugins/rpmsign/RpmSignPlugin.java#L143-159

@petems I'd rather not install all casks with sudo, it would be like killing a bee with a hammer.

@phinze
Copy link
Contributor

phinze commented Jan 11, 2015

I'd rather see a change being made in brewcask itself, so puppet knows when it's really necessary to use sudo/different uid.

This is a good idea!

If we added these details to the output of brew cask info - then the provider could check first and know when to sudo. Does that sound right?

@radeksimko
Copy link
Contributor

@phinze Opened issue: Homebrew/homebrew-cask#8817

@radeksimko radeksimko changed the title Can't install virtualbox cask using this provider Use sudo for installation of problematic casks (e.g. pkg) Jan 13, 2015
@ghost
Copy link

ghost commented Jun 9, 2015

no problem with brewcask/virtualbox

This issue can be closed

@dominics
Copy link

dominics commented Aug 6, 2015

@julienlavergne Do you mean you're not having this problem any more? Can you elaborate on how it was fixed? (Is the Virtualbox installer itself no longer requiring sudo?)

Or was this issue closed by @johndbritton just while we wait for upstream to merge Homebrew/homebrew-cask#8817 or similar?

If someone could point me to the fix, it'd be much appreciated.

@goofansu
Copy link

goofansu commented Aug 9, 2015

Is this bug solved? I installed following apps that required sudo all failed:

asepsis
grownotify
ksdiff
squirrel
qlimagesize
typinator

@dominics
Copy link

One thing worth mentioning is that even once we know which casks require sudo to be installed, we probably shouldn't just execute the cask command as uid 0 (as suggested above). Better to do the command as usual (running as the default_user), and clear away the timeout so that it works properly. That's because it's a bad assumption that sudo brew cask install blah will do the same thing as sudo -v && brew cask install blah (where sudo -v bumps the timestamp).

One hacky way to bump a user's sudo timestamp is just to touch the directory in /var/db/sudo (there seems to be no user-space way of telling sudo to create/bump a timestamp for another user as root, without requiring their password).

My current workaround looks something like:

def run(*cmds)
  begin
    brew_cmd = ['brew', 'cask'] + cmds
    execute brew_cmd, command_opts
  rescue Puppet::ExecutionFailure => e
    raise e unless e.message =~ /sudo: no tty present and no askpass program specified/

    warning <<-EOT.gsub(/\s+/, ' ').strip
      Initial execution of `#{brew_cmd.join(' ')}` failed because it requires sudo, and there's no TTY to accept a
      password. We are about to reattempt execution, after bumping the sudo timestamp for that user.
    EOT

    timestamp = "/var/db/sudo/#{default_user}"

    Dir.mkdir(timestamp, 0700) unless File.directory?(timestamp)
    FileUtils.touch(timestamp)

    execute brew_cmd, command_opts
  end
end

@johndbritton
Copy link
Author

I closed the issue in response to #22 (comment), I haven't tried this again since I filed the issue.

@cmckni3
Copy link

cmckni3 commented Aug 19, 2015

I am having this issue when installing virtualbox

@ghost
Copy link

ghost commented Aug 19, 2015

maybe open a new terminal and try this script:

while true; do sudo ls -l; sleep 2; done;

with enter password one time

-- 
Julien Lavergne
Sent with Airmail

On August 19, 2015 at 5:39:11 PM, Chris McKnight (notifications@github.com) wrote:

I am having this issue when installing virtualbox


Reply to this email directly or view it on GitHub.

@cmckni3
Copy link

cmckni3 commented Aug 20, 2015

@julienlavergne That worked. Thanks! That's something I have seen people do in their dotfiles to be able to get around the sudo timeout.

It really seems like a hack though.

@ghost
Copy link

ghost commented Aug 20, 2015

Yeah it’s a hack but another solution doesn’t seem to be known.

-- 
Julien Lavergne
+33670273883
http://julienlavergne.com
Sent with Airmail

On August 20, 2015 at 7:58:00 AM, Chris McKnight (notifications@github.com) wrote:

@julienlavergne That's something I have seen people do in their dotfiles to be able to get around the sudo timeout.

It really seems like a hack though.


Reply to this email directly or view it on GitHub.

@dominics
Copy link

@johndbritton Can you please reopen this issue in that case? @julienlavergne was mistaken in saying "no problem with brewcask/virtualbox", nothing has been done to fix this, and the issue remains.

"open a new terminal and try this script"? As a workaround for a puppet module, that's pretty unacceptable. "another solution doesn’t seem to be known" is just wrong.

@radeksimko radeksimko reopened this Aug 21, 2015
@ghost
Copy link

ghost commented Aug 21, 2015

Why my opinion is mistaken ?

-- 
Julien Lavergne
+33670273883
http://julienlavergne.com
Sent with Airmail

On August 21, 2015 at 7:58:09 AM, Radek Simko (notifications@github.com) wrote:

Reopened #22.


Reply to this email directly or view it on GitHub.

@radeksimko
Copy link
Contributor

To clarify the situation - I'm still not sure if it's worth keeping open or close... but brewcask is moving towards a state where there will be no symlinks, it will behave much more like standard drag & drop installations.

See Homebrew/homebrew-cask#13201 for details & reasons.

Currently only pkg and a few other bundle types require su perms. When the changes described in the linked issue get implemented, then suddenly de facto all apps will require su perms, therefore this boxen module will need to run all brew cask commands under su permissions, which will be the definitive solution to all these issues.

I'm not sure if there's any nice way of solving this problem at this moment. I'm not convinced that using sudo for installing apps into ~/Applications and generally for things that do not require sudo is a solution.

@ghost
Copy link

ghost commented Aug 21, 2015

No pb with last VirtualBox installation if VirtualBox is correctly closed.

-- 
Julien Lavergne
+33670273883
http://julienlavergne.com
Sent with Airmail

On August 21, 2015 at 12:18:27 PM, Radek Simko (notifications@github.com) wrote:

To clarify the situation - I'm still not sure if it's worth keeping open or close... but brewcask is moving towards a state where there will be no symlinks, it will behave much more like standard drag & drop installations.

See Homebrew/homebrew-cask#13201 for details & reasons.

Currently only pkg and a few other bundle types require su perms. When the changes described in the linked issue get implemented, then suddenly de facto all apps will require su perms, therefore this boxen module will need to run all brew cask commands under su permissions, which will be the definitive solution to all these issues.

I'm not sure if there's any nice way of solving this problem at this moment. I'm not convinced that using sudo for installing apps into ~/Applications and generally for things that do not require sudo is a solution.


Reply to this email directly or view it on GitHub.

@sebroeder
Copy link

then suddenly de facto all apps will require su perms, therefore this boxen module will need to run all brew cask commands under su permissions, which will be the definitive solution to all these issues

@radeksimko As long as the user who runs boxen is an admin user, no sudo is required to copy applications into /Applications (non-MAS third party apps are usually installed with owner myadminuser and group admin). So the change in homebrew-cask’s default behaviour should not require sudo more often than the old one, or did I miss something?

@ghost
Copy link

ghost commented Aug 21, 2015

All users are not admin by default

Envoyé de mon iPhone

Le 21 août 2015 à 13:30, Sebastian Röder notifications@github.com a écrit :

then suddenly de facto all apps will require su perms, therefore this boxen module will need to run all brew cask commands under su permissions, which will be the definitive solution to all these issues

As long as the user who runs boxen is an admin user, no sudo is required to copy applications into /Applications (non-MAS third party apps are usually installed with owner myadminuser and group admin). So the change in homebrew-cask’s default behaviour should not require sudo more often than the old one, or did I miss something?


Reply to this email directly or view it on GitHub.

@radeksimko
Copy link
Contributor

@julienlavergne Understood, but better post this to the original thread to caskroom/homebrew-cask.

@dominics
Copy link

@julienlavergne I thought Virtualbox requires root privileges to install vboxnet drivers, among other things. Are you saying sudo -k && brew cask install virtualbox on a non-interactive terminal (no tty) works for you?

@n0ts
Copy link
Contributor

n0ts commented Oct 23, 2015

Below sudo manifest, It's works.

  sudoers { 'installer':
    users    => $::boxen_user,
    hosts    => 'ALL',
    commands => [
      '(ALL) SETENV:NOPASSWD: /usr/sbin/installer',
    ],
    type     => 'user_spec',
  }

  package { 'virtualbox':
       provider => 'brewcask',
       require  => [ Homebrew::Tap['caskroom/cask'], Sudoers['installer'] ],
  }

@rypit
Copy link

rypit commented Dec 7, 2015

@n0ts's suggestion above worked for me

@ghost
Copy link

ghost commented Dec 7, 2015

Which suggestion finally?

From: RJ Pittman notifications@github.com
Reply: boxen/puppet-brewcask reply@reply.github.com
Date: December 7, 2015 at 3:51:35 PM
To: boxen/puppet-brewcask puppet-brewcask@noreply.github.com
CC: Julien Lavergne lavergne.julien@gmail.com
Subject:  Re: [puppet-brewcask] Use sudo for installation of problematic casks (e.g. pkg) (#22)

@n0ts's suggestion above worked for me


Reply to this email directly or view it on GitHub.

@rypit
Copy link

rypit commented Dec 15, 2015

@ghost
Copy link

ghost commented Dec 15, 2015

When will this issue be fixed in puppet-brewcask? Next release?

blamattina added a commit to blamattina/my-boxen that referenced this issue Feb 15, 2016
blamattina added a commit to blamattina/my-boxen that referenced this issue Feb 15, 2016
@ldenman
Copy link

ldenman commented Mar 17, 2016

@n0ts that seems like a good workaround for targeting /usr/bin/installer. Some packages use additional commands like sudo -E /usr/bin/sqlite3 ... (SizeUp) which fails also when no sudo session is in play.

The only work arounds I have found are hacks like:

1.) run "sudo ls" right before running boxen
or for longer running installs
2.) in a new terminal run: " while true; do echo "refreshing sudo"; sudo echo; sleep 30; done; " and then run boxen in another terminal

@julienlavergne Great question. Has anyone made progress on this?

@ghost
Copy link

ghost commented Mar 17, 2016

No improvement about your trick

Le 17 mars 2016 à 22:02, Lake Denman notifications@github.com a écrit :

@n0ts that seems like a good workaround for targeting /usr/bin/installer. Some packages use additional commands like sudo -E /usr/bin/sqlite3 ... (SizeUp) which fails also when no sudo session is in play.

The only work around I have found that works is lousy hacks like:

1.) run "sudo ls" right before running boxen
or for longer running installs
2.) in a new terminal run: " while true; do echo "refreshing sudo"; sudo echo; sleep 30; done; " and then run boxen in another terminal

@julienlavergne Great question. Has anyone made progress on this?


You are receiving this because you were mentioned.
Reply to this email directly or view it on GitHub

jabley added a commit to jabley/our-boxen that referenced this issue Aug 8, 2016
See https://gpgtools.org/ and https://help.github.com/articles/signing-commits-using-gpg/

Also configures `sudo` so that my user account can install anything
using installer without having to prompt.

Running `sudo ls` before running `boxen` did not work. This change
addresses that, but feels a little wrong.

See boxen/puppet-brewcask#22 (comment)
@jacobbednarz
Copy link
Member

Closing due to inactivity. If you have any new information, please raise it in boxen/puppet-homebrew since brewcask + homebrew merged.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Development

No branches or pull requests