Merge pull request #14782 from MikeMcQuaid/running_as_root_but_not_owned_by_root

api: don't download files as root when Homebrew's not owned by root.
2023-02-23 13:34:15 +00:00 · 2023-02-23 13:34:15 +00:00 · 68859ae256
commit 68859ae256
parent d1cba00ee3 57ef4afe57
3 changed files with 24 additions and 5 deletions
--- a/Library/Homebrew/api.rb
+++ b/Library/Homebrew/api.rb
@ -41,6 +41,11 @@ module Homebrew
      url = "#{Homebrew::EnvConfig.api_domain}/#{endpoint}"
      default_url = "#{HOMEBREW_API_DEFAULT_DOMAIN}/#{endpoint}"
      if Homebrew.running_as_root_but_not_owned_by_root? &&
         (!target.exist? || target.empty?)
        odie "Need to download #{url} but cannot as root! Run `brew update` without `sudo` first then try again."
      end
      # TODO: consider using more of Utils::Curl
      curl_args = %W[
        --compressed
@ -55,6 +60,7 @@ module Homebrew
                      !target.empty? &&
                      (Homebrew::EnvConfig.no_auto_update? ||
                      ((Time.now - Homebrew::EnvConfig.api_auto_update_secs.to_i) < target.mtime))
      skip_download ||= Homebrew.running_as_root_but_not_owned_by_root?
      json_data = begin
        begin
--- a/Library/Homebrew/brew.rb
+++ b/Library/Homebrew/brew.rb
@ -120,12 +120,12 @@ begin
    # Unset HOMEBREW_HELP to avoid confusing the tap
    with_env HOMEBREW_HELP: nil do
      tap_commands = []
-      if File.exist?("/.dockerenv") ||
+      if (File.exist?("/.dockerenv") ||
-         Process.uid.zero? ||
+         Homebrew.running_as_root? ||
         ((cgroup = Utils.popen_read("cat", "/proc/1/cgroup").presence) &&
-          %w[azpl_job actions_job docker garden kubepods].none? { |type| cgroup.include?(type) })
+          %w[azpl_job actions_job docker garden kubepods].none? { |type| cgroup.include?(type) })) &&
-        brew_uid = HOMEBREW_BREW_FILE.stat.uid
+         Homebrew.running_as_root_but_not_owned_by_root?
-        tap_commands += %W[/usr/bin/sudo -u ##{brew_uid}] if Process.uid.zero? && !brew_uid.zero?
+        tap_commands += %W[/usr/bin/sudo -u ##{Homebrew.owner_uid}]
      end
      quiet_arg = args.quiet? ? "--quiet" : nil
      tap_commands += [HOMEBREW_BREW_FILE, "tap", *quiet_arg, possible_tap.name]
--- a/Library/Homebrew/global.rb
+++ b/Library/Homebrew/global.rb
@ -111,6 +111,19 @@ module Homebrew
    def auditing?
      @auditing == true
    end
    def running_as_root?
      @process_uid ||= Process.uid
      @process_uid.zero?
    end
    def owner_uid
      @owner_uid ||= HOMEBREW_BREW_FILE.stat.uid
    end
    def running_as_root_but_not_owned_by_root?
      running_as_root? && !owner_uid.zero?
    end
  end
 end