vbrand1984 commented 2 weeks ago

Describe the bug

The scriptTempDir variable in the chezmoi config file seems to have no effect, and even if it is specified, chezmoi nevertheless tries to copy scripts in the /tmp directory and run them from there. This is an issue when /tmp is mounted with the noexec option, and despite the solution is described in chezmoi docs, it seems to not work.

Although adding following lines in ~/.config/chezmoi/chezmoi.toml does the thing and everything is working as intended afterwards, i.e. scripts are copied into the specified directory and executed flawlessly:

[scriptEnv]
    TMPDIR = "/run/user/1000"

To reproduce

Mount /tmp with the noexec option:

sudo mount -o remount,noexec /tmp

And then run chezmoi while having any of the modify_ or run_ scripts in the source tree:

chezmoi diff --verbose

The output:

chezmoi: .config/openbox/rc.xml: fork/exec /tmp/2252122799.rc.xml: permission denied

Although the scriptTempDir variable is set:

$ chezmoi data | grep scriptTempDir
      "scriptTempDir": "/run/user/1000",

Expected behavior

chezmoi should copy the scripts in the directory specified in the scriptTempDir configuration variable, as it is described in the docs.

Output of `chezmoi doctor`

```console $ chezmoi doctor RESULT CHECK MESSAGE ok version v2.50.0, commit 3ad974381fe57aedbcffef4371aa80970a989aaf, built at 2024-07-02T21:16:33Z, built by goreleaser ok latest-version v2.50.0 ok os-arch linux/amd64 (Devuan GNU/Linux 5 (daedalus)) ok uname Linux saturn 6.1.0-22-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.94-1 (2024-06-21) x86_64 GNU/Linux ok go-version go1.22.5 (gc) ok executable /usr/bin/chezmoi ok upgrade-method sudo-upgrade-package ok config-file ~/.config/chezmoi/chezmoi.toml, last modified 2024-07-03T14:17:21+03:00 ok source-dir ~/.Dots/chezmoi is a git working tree (clean) ok suspicious-entries no suspicious entries ok working-tree ~/.Dots/chezmoi is a git working tree (clean) ok dest-dir ~ is a directory ok umask 022 ok cd-command found /bin/bash ok cd-args /bin/bash info diff-command not set ok edit-command found /usr/bin/vim ok edit-args /usr/bin/vim ok git-command found /usr/bin/git, version 2.39.2 ok merge-command found /usr/bin/vimdiff ok shell-command found /bin/bash ok shell-args /bin/bash ok age-command found /usr/bin/age, version 1.1.1 ok gpg-command found /usr/bin/gpg, version 2.2.40 info pinentry-command not set info 1password-command op not found in $PATH info bitwarden-command bw not found in $PATH info bitwarden-secrets-command bws not found in $PATH info dashlane-command dcli not found in $PATH info doppler-command doppler not found in $PATH info gopass-command gopass not found in $PATH info keepassxc-command keepassxc-cli not found in $PATH info keepassxc-db not set info keeper-command keeper not found in $PATH info lastpass-command lpass not found in $PATH info pass-command pass not found in $PATH info passhole-command ph not found in $PATH info rbw-command rbw not found in $PATH info vault-command vault not found in $PATH info vlt-command vlt not found in $PATH info secret-command not set ```

twpayne commented 1 week ago

I tried to reproduce this but was unsuccessful. In my test chezmoi executes scripts correctly from scriptTempDir. See #3858.

chezmoi: .config/openbox/rc.xml: fork/exec /tmp/2252122799.rc.xml: permission denied

rc.xml is a strange name for a script. Do you really have a file in your source directory called dot_config/openbox/run_rc.xml? Are you sure chezmoi is the problem here?

vbrand1984 commented 1 week ago

rc.xml is a strange name for a script. Do you really have a file in your source directory called dot_config/openbox/run_rc.xml?

Yes, it is this modify_ script for Openbox configuration. It removes the <keyboard> tag from the file and replaces it with the <xi:include> tag. But it works just fine by itself. The issue affects also run_ scripts from the .chezmoiscripts directory, it's just that modify_ script appears to be the first one in the chain.

I have four systems on my desktop PC: Gentoo, Void Linux, Debian 12 and Devuan 5. I can reproduce the issue with my configuration (the dots, .chezmoi.toml.tmpl) on all of them. The configuration is a little bit messy as of now, but it works fine in all my systems (and on my laptop with Debian 12), unless the TMPDIR variable declaration in the [scriptEnv] section is deleted/commented. In that case, the aforementioned "permission denied" error emerges. And this is despite the scriptTempDir variable is specified in that same .chezmoi.toml.tmpl file. Deleting it causes no effect, it seems that only the TMPDIR environment variable is what matters in my config.

On all my systems, I mount /tmp via /etc/fstab as following:

tmpfs /tmp tmpfs noatime,nosuid,nodev,noexec,mode=1777,size=8G 0 0

Anyways, thank you for your effort and time investment!

EDIT: Here is the output of chezmoi doctor in my other systems:

chezmoi doctor in Gentoo

```console $ chezmoi doctor RESULT CHECK MESSAGE warning version v2.49.0, built at 2024-06-22T00:34:46Z warning latest-version v2.50.0 ok os-arch linux/amd64 (Gentoo) ok uname Linux saturn 6.6.30-gentoo #1 SMP Sat Jun 15 22:02:57 MSK 2024 x86_64 AMD Ryzen 7 PRO 3700 8-Core Processor AuthenticAMD GNU/Linux ok go-version go1.22.4 (gc) ok executable /usr/bin/chezmoi ok upgrade-method upgrade-package ok config-file ~/.config/chezmoi/chezmoi.toml, last modified 2024-07-07T01:12:02+03:00 ok source-dir ~/.Dots/chezmoi is a git working tree (clean) ok suspicious-entries no suspicious entries ok working-tree ~/.Dots/chezmoi is a git working tree (clean) ok dest-dir ~ is a directory ok umask 022 ok cd-command found /bin/bash ok cd-args /bin/bash info diff-command not set ok edit-command found /usr/bin/vim ok edit-args /usr/bin/vim ok git-command found /usr/bin/git, version 2.44.2 ok merge-command found /usr/bin/vimdiff ok shell-command found /bin/bash ok shell-args /bin/bash ok age-command found /usr/bin/age, version 1.1.1 ok gpg-command found /usr/bin/gpg, version 2.4.5 info pinentry-command not set info 1password-command op not found in $PATH info bitwarden-command bw not found in $PATH info bitwarden-secrets-command bws not found in $PATH info dashlane-command dcli not found in $PATH info doppler-command doppler not found in $PATH info gopass-command gopass not found in $PATH info keepassxc-command keepassxc-cli not found in $PATH info keepassxc-db not set info keeper-command keeper not found in $PATH info lastpass-command lpass not found in $PATH info pass-command pass not found in $PATH info passhole-command ph not found in $PATH info rbw-command rbw not found in $PATH info vault-command vault not found in $PATH info vlt-command vlt not found in $PATH info secret-command not set ```

chezmoi doctor in Void Linux

```console $ chezmoi doctor RESULT CHECK MESSAGE ok version v2.50.0, commit v2.50.0, built at 2024-07-05, built by xbps ok latest-version v2.50.0 ok os-arch linux/amd64 (Void) ok uname Linux saturn 6.6.35_1 #1 SMP PREEMPT_DYNAMIC Sat Jun 22 12:41:23 UTC 2024 x86_64 GNU/Linux ok go-version go1.22.3 (gc) ok executable /usr/bin/chezmoi ok config-file ~/.config/chezmoi/chezmoi.toml, last modified 2024-07-06T21:07:56+03:00 ok source-dir ~/.Dots/chezmoi is a git working tree (clean) ok suspicious-entries no suspicious entries ok working-tree ~/.Dots/chezmoi is a git working tree (clean) ok dest-dir ~ is a directory ok umask 022 ok cd-command found /bin/bash ok cd-args /bin/bash info diff-command not set ok edit-command found /usr/bin/vim ok edit-args /usr/bin/vim ok git-command found /usr/bin/git, version 2.45.2 ok merge-command found /usr/bin/vimdiff ok shell-command found /bin/bash ok shell-args /bin/bash ok age-command found /usr/bin/age, version 1.2.0 ok gpg-command found /usr/bin/gpg, version 2.4.5 info pinentry-command not set info 1password-command op not found in $PATH info bitwarden-command bw not found in $PATH info bitwarden-secrets-command bws not found in $PATH info dashlane-command dcli not found in $PATH info doppler-command doppler not found in $PATH info gopass-command gopass not found in $PATH info keepassxc-command keepassxc-cli not found in $PATH info keepassxc-db not set info keeper-command keeper not found in $PATH info lastpass-command lpass not found in $PATH info pass-command pass not found in $PATH info passhole-command ph not found in $PATH info rbw-command rbw not found in $PATH info vault-command vault not found in $PATH info vlt-command vlt not found in $PATH info secret-command not set ```

chezmoi doctor in Debian 12

```console $ chezmoi doctor RESULT CHECK MESSAGE ok version v2.50.0, commit 3ad974381fe57aedbcffef4371aa80970a989aaf, built at 2024-07-02T21:16:33Z, built by goreleaser ok latest-version v2.50.0 ok os-arch linux/amd64 (Debian GNU/Linux 12 (bookworm)) ok uname Linux saturn 6.1.0-22-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.94-1 (2024-06-21) x86_64 GNU/Linux ok go-version go1.22.5 (gc) ok executable /usr/bin/chezmoi ok upgrade-method sudo-upgrade-package ok config-file ~/.config/chezmoi/chezmoi.toml, last modified 2024-07-07T01:45:36+03:00 ok source-dir ~/.Dots/chezmoi is a git working tree (clean) ok suspicious-entries no suspicious entries ok working-tree ~/.Dots/chezmoi is a git working tree (clean) ok dest-dir ~ is a directory ok umask 022 ok cd-command found /bin/bash ok cd-args /bin/bash info diff-command not set ok edit-command found /usr/bin/vim ok edit-args /usr/bin/vim ok git-command found /usr/bin/git, version 2.39.2 ok merge-command found /usr/bin/vimdiff ok shell-command found /bin/bash ok shell-args /bin/bash ok age-command found /usr/bin/age, version 1.1.1 ok gpg-command found /usr/bin/gpg, version 2.2.40 info pinentry-command not set info 1password-command op not found in $PATH info bitwarden-command bw not found in $PATH info bitwarden-secrets-command bws not found in $PATH info dashlane-command dcli not found in $PATH info doppler-command doppler not found in $PATH info gopass-command gopass not found in $PATH info keepassxc-command keepassxc-cli not found in $PATH info keepassxc-db not set info keeper-command keeper not found in $PATH info lastpass-command lpass not found in $PATH info pass-command pass not found in $PATH info passhole-command ph not found in $PATH info rbw-command rbw not found in $PATH info vault-command vault not found in $PATH info vlt-command vlt not found in $PATH info secret-command not set ```

EDIT2: In Gentoo, chezmoi's version lags behind because I install it via an ebuild from the guru overlay, and it is somewhat slow with upgrades.

vbrand1984 commented 1 week ago

UPDATE. I've performed some more tests and it seems that I was kinda wrong regarding the circumstances needed to reproduce this issue. The scriptTempDir variable actually works well with the run_before_ and run_after_ scripts from the .chezmoiscripts directory. But it isn't applied when the modify_ script is run.

twpayne commented 1 week ago

Thanks for the investigation. This is definitely a bug.

twpayne commented 1 week ago

twpayne / chezmoi

`scriptTempDir` configuration variable is ignored for `modify_` scripts #3851

Describe the bug

To reproduce

Expected behavior

Output of `chezmoi doctor`

3858 fixes this.

twpayne / chezmoi

`scriptTempDir` configuration variable is ignored for `modify_` scripts #3851

Describe the bug

To reproduce

Expected behavior

Output of chezmoi doctor

3858 fixes this.

Output of `chezmoi doctor`