search

DeterminateSystems / nix-installer

Install Nix and flakes with the fast and reliable Determinate Nix Installer, with over 2 million installs.
GNU Lesser General Public License v2.1
2.01k stars 52 forks source link

zsh compinit: insecure directories and files #709

Open matshch opened 10 months ago

matshch commented 10 months ago

During installation on macOS zsh shows the next warning:

...
 INFO Step: Remove directory `/nix/temp-install-dir`
zsh compinit: insecure directories and files, run compaudit for list.
Ignore insecure directories and files and continue [y] or abort compinit [n]?

This requires user input to finish installation. It looks like in my case it is caused by interaction of Homebrew's completions setup and nix-installer's self-test.

I have the next code in my ~/.zshrc (inspired by Homebrew's documentation):

if type brew &>/dev/null
then
  FPATH="$(brew --prefix)/share/zsh/site-functions:${FPATH}"
fi

autoload -Uz compinit
compinit

Then, nix-installer runs the next command with zsh from the root user, probably with my $HOME: https://github.com/DeterminateSystems/nix-installer/blob/dda36c4a22dc7a2985c345587edbc308a84131ed/src/self_test.rs#L110

In this setup, zsh running as root reads my ~/.zshrc, adds to $FPATH directory owned by my user and complains on it during compinit.

I can replicate the same warning message by running sudo -s, but sudo -sH works normally.

Hoverbear commented 10 months ago

Thanks for the report! This does seem like it might be a bug.