Closed glevine closed 8 years ago
If running chef-client in local mode as the current user, I run into the following error.
Yes. This is actually expected, as /opt
is not writable by the normal user. A thing that Homebrew and Homebrew Cask do is shell out with sudo
to create the directories they need.
When running these recipes with Chef, it's possible that sudo
is executed transparently when they're installing, or it might prompt for a password. Either way, while homebrew recommends against doing things with sudo, the fact is you still need to do certain things on your system with elevated privileges. For example, when you install software from a .pkg, and you get prompted for your password by OS X, that's a sudo prompt that it's going to use behind the GUI to perform the installation.
In my case, I already have Homebrew and Cask installed. So when testing a recipe, I wasn't expecting this failure. If I run chef-client in local mode as myself and /opt/homebrew-cask
already exists (and is owned by me), then I would expect everything to run just fine. If that directory didn't already exist in such a state, then I would totally understand the error.
The Cask installer requires sudo
to create its directories, but then it modifies the permissions of everything except /opt
so that sudo
isn't necessary for installations of software. My point about it being counter to Homebrew's recommendations was only that after installation of the tool, sudo
should no longer be necessary.
So I guess the real issue is that the cask
recipe isn't taking into account whether or not those directories already exist and are in the correct state. The default
recipe uses a not_if
(https://github.com/opscode-cookbooks/homebrew/blob/master/recipes/default.rb#L37) to prevent a second attempt at installing Homebrew. It may not be as trivial, but I feel like the the cask
recipe should avoid repeating installation steps, too.
Maybe the root cause is in the way that directory
works and is thus an issue with chef itself? It appears to attempt to make the directory as opposed to testing its state first. Although, that is just speculation on my part.
+1 Same problem here. /opt/homebrew-cask already exists, is already owned by the homebrew user. And yes, it's because the chef directory resource provider checks permissions of the parent directory before it checks whether it even needs to take action.
Is it best to open an issue against chef for the directory resource provider? I just don't know enough about the existing use cases of that resource provider to know if it would open a can of worms.
@jtimberman Do you have an opinion about how best to handle this? Thanks.
I have been having this same problem as well. Do we even need the following code? Doesn't the Cask installer create these directories if they don't exist?
directory '/Library/Caches/Homebrew/Casks' do
owner homebrew_owner
mode 00775
only_if { ::Dir.exist?('/Library/Caches/Homebrew') }
end
directory '/opt/homebrew-cask' do
owner homebrew_owner
mode 00775
recursive true
end
directory '/opt/homebrew-cask/Caskroom' do
owner homebrew_owner
mode 00775
end
Relatedly the default Caskroom
location has moved per chef-cookbooks/homebrew#100 and caskroom/homebrew-cask#21603
We no longer manage this directory in the latest version so I'm going to close this out
When ensuring directories, the cask recipe makes the assumption that chef-client has been run either as root or with elevated privileges. If running chef-client in local mode as the current user, I run into the following error.
The java cookbook includes the
homebrew::cask
recipe in itshomebrew
recipe (https://github.com/agileorbit-cookbooks/java/blob/master/recipes/homebrew.rb). So when installing Java using Homebrew, it seems like it is a requirement to run chef-client as root. This has two smells to me:The java cookbook is just an example, though. This could be true for any dependent cookbook. But it is especially difficult to work around when trying to use community cookbooks.
Maybe this could be passed off as an issue with the java cookbook. But it just feels like cookbooks dependent on the homebrew cookbook are not expecting this cookbook to behave this way -- if being permission agnostic is a goal.