Installing Cask on macOS changes ~/.gitconfig ownership to root

[mjcheetham]

The git-credential-manager-core Cask requires installation as root because root is required to install the internal .pkg file.
GCM Core has a postinstall action that calls the configure command, that internally calls git config --global ... ... which, being run as root, will change the ownership of the ~/.gitconfig file.

We need a way to have these post install actions not run as root OR change the Cask to run configure --system which will update the git config --system config file (/etc/gitconfig) instead.

The latter suggested change of course will make GCM Core a machine-level installation, and not per user. Perhaps this is the 'correct' design however.

Also see microsoft/scalar#443.

[dscho]

You can work around the discrepancy by using $SUDO_UID or $SUDO_USER. Something like this should do the trick:

if test -z "$SUDO_USER"
then
    git config --global ...
elif test 0 != "$(id -u)"
then
    echo "Uh oh! SUDO_USER is set, but not running as root?" >&2
    exit 1
else
    su -c "git config --global ..." "$SUDO_USER"
fi

[dscho]

You might also use id -u -r -n instead of $SUDO_USER if the postinstall action is called via anything else than sudo. GNU's version of id offers the long options --real and --name, but according to https://ss64.com/osx/id.html, macOS' version of the id utility does not.

[derrickstolee]

I'm pinging this issue because microsoft/scalar#443 was marked as stale. I'm closing that one.

[vtbassmatt]

@mjcheetham we should discuss more. brew really doesn't like being run as root/sudo, so it's doubtful we'll find the tools we need from them to do anything satisfactory.

[mjcheetham]

Because we're opting to use Casks rather than Formulae we must run as sudo. Casks install via pkg files. The Mac pkg file installer needs sudo (unless you do some terrible things that are pretty much unsupported these days).

I originally added microsoft-git as a formula but we took this out and replaced it with a Cask because we didn't want consumers to have to sit and wait for a build of Git to happen (and GCM Core).

In the upstream Homebrew core tap, there is considerable infrastructure and automation that creates Bottles that are pre-built binaries, for each OS version supported. This avoids the compile from source, but on our custom tap we don't have that infra.

Not to mention the fact that GCM Core requires the .NET SDK and that isn't available in Homebrew.
Oh and there are issues with binaries needing to be signed too (which obviously cannot happen without even more custom infrastructure in the bottling process).

[vtbassmatt]

I see. Ugh, a mess.

internally calls git config --global ... ... which, being run as root, will change the ownership of the ~/.gitconfig file

Is that intentional on Git's part? I realize that this isn't exactly the same thing, but merely sudo echoing doesn't seem to change ownership of a file on my Mac.

mattc % echo foo > test.txt
mattc % ls -l                    
total 8
-rw-r--r--  1 mattc  staff  4 Mar  8 10:24 test.txt
mattc % sudo echo bar >> test.txt
mattc % ls -l
total 8
-rw-r--r--  1 mattc  staff  8 Mar  8 10:24 test.txt
mattc % 

[mjcheetham]

Is that intentional on Git's part? I realize that this isn't exactly the same thing, but merely sudo echoing doesn't seem to change ownership of a file on my Mac.

I think it might have to do with the way Git handles files. Doesn't Git do the "write & rename" to avoid an interrupted write?
There is a new file being created, hence it's being created as root owned.

[mjcheetham]

I have a PR up that should aim to "de-elevate(?)" from root to the real user identity when calling configure or unconfigure.
#308