Add a way to disable "auto-sudo" #5878
Replies: 35 comments 6 replies
-
Agreed, I think using I actually thought Bundler would install under $HOME if it cannot write to the GEM_DIR, but seems not. A good alternative for Bundler is to |
Beta Was this translation helpful? Give feedback.
-
IMO installing to $HOME should be the default if the user has no write permissions to the global GEM_DIR. i.e. There is one problem with user install, though: programs provided by the installed gems do not end up in |
Beta Was this translation helpful? Give feedback.
-
I realized that my opinion above is perhaps too strong, and that may be off-topic in the context of the current discussion (providing a way of opting out of "auto sudo"). I think making bundler respect the rubygems --user-install configuration is a good way of doing it. |
Beta Was this translation helpful? Give feedback.
-
I almost exclusively use OS-provided ruby packages, and have definitely had problems with this. I think having Bundler respect @terceiro in PR #2847 we're considering having RubyGems do If that's all implemented and Bundler starts respecting RubyGems being configured to use |
Beta Was this translation helpful? Give feedback.
-
@duckinator I think It also makes sense to me that we start respecting rubygems' In addition to that, I was thinking of whether we should promote |
Beta Was this translation helpful? Give feedback.
-
OS ruby package users don't want to downgrade neither be asked for privileges. They want to install into location which is accessible. Please note that there is for example Fedora Silverblue, where the OS is image based and you essentially cannot write anywhere except your home.
I don't think user should be queried. From OS POV, it just complicates everything. It is more code which might be in way to implement the directory layout we need. And frankly, this probably address just very small part of Ruby users. Complete beginners would be confused anyway, for advanced users, it would be annoying. |
Beta Was this translation helpful? Give feedback.
-
This is exactly what I'm suggesting and what I mean by "dowgrading". Really unfortunate term choice, but I mean, fallback to a folder where the user has write privileges if the default location is not writable.
Ok, this was just me brainstorming, let's forget about that one. |
Beta Was this translation helpful? Give feedback.
-
Personally I much prefer --user-install whenever possible. It makes it easier for me to figure out where downloaded gems end up, on different linux distributions (debian in particular confuses me in this regard, e. g. when /usr/local/ is suddenly used or /var/, whereas the ruby hierarchy is in /usr/; this is why I prefer stuff in the home directory usually, thus --user-install). |
Beta Was this translation helpful? Give feedback.
-
You didn't read the original issue #4027, did you? There's no way to make bundler respect --user-install unless it's with hacks, like: --- a/bundler/lib/bundler/rubygems_integration.rb
+++ b/bundler/lib/bundler/rubygems_integration.rb
@@ -163,6 +163,8 @@ def sources
end
def gem_dir
+ user_install = Gem.configuration[:gem]&.split(' ')&.include?('--user-install')
+ return Gem.user_dir if user_install
Gem.dir
end This is only for It would be much better to have a global configuration for this, but at what point are you going to load it, and what is it going to override? I have tried all these approaches. There's no straightforward solution except what I proposed in pull #4028: an environment variable GEM_USER_INSTALL that turns on the desired behavior. It was closed with no discussion due to tone policing. Has anyone actually tried to write a patch? |
Beta Was this translation helpful? Give feedback.
-
It sounds to me like the solution is to have a single setting which can be overridden by Does this sound right, @voxik @terceiro @deivid-rodriguez? |
Beta Was this translation helpful? Give feedback.
-
This general issue is quite old, considering I found rubygems/bundler#3006, which I found after discovering that bundler has been doing things on my system with sudo without asking. 😠 |
Beta Was this translation helpful? Give feedback.
-
@kenyon yeah, this is an old problem, and definitely needs to be fixed. @voxic @terceiro @deivid-rodriguez when y'all get a chance, could you provide input on my suggested approach? 🙂 |
Beta Was this translation helpful? Give feedback.
-
@duckinator the problem would also occur with the default sudo configuration where the timeout is five minutes, if you happened to use sudo in the same session within the last five minutes. The command Compare:
|
Beta Was this translation helpful? Give feedback.
-
@duckinator one can already override the default installation directory in |
Beta Was this translation helpful? Give feedback.
-
I'm yet another victim of this bug. I ran "bundler install" using a regular account, expecting that it will install missing dependencies to a local folder or will fail to install into a system folder. Instead, Please do not do it by default! |
Beta Was this translation helpful? Give feedback.
-
I don't see how it would depend on OS unless you use macOS like a Windows where you download software from random untrusted locations and install it manually to whatever location. |
Beta Was this translation helpful? Give feedback.
-
@indirect I feel like I might be missing some context — can you elaborate on why macOS is a special case, here? Wouldn't installing it in a user-writable location work the same as it does for anyone on Linux or *BSD? |
Beta Was this translation helpful? Give feedback.
-
@duckinator sorry, I lost track and should have included that context! macOS includes a ruby install with it. Gems for that ruby have historically been installed to a special location (iirc /System/Library/Frameworks/Ruby or something like that) with binstubs in (iirc) /usr/bin. Many end users need a tool that happens to be written in ruby, but they are not ruby users or developers themselves. A good example of this is CocoaPods, for Apple developers who don’t want to know anything about ruby, just use the pod command from the gem. Or metsploit, a tool for security research that doesn’t require any ruby coding knowledge. It has not historically been feasible to expect non-ruby developers to understand how to use a ruby version manager to install a ruby to install a gem they need. As a result, many of those types of projects actively support running on the “system” ruby, which needs sudo to install gems. If Bundler doesn’t sudo, it causes an error and many support tickets. IIRC even if users run The options I can think of are:
|
Beta Was this translation helpful? Give feedback.
-
@indirect if this is in fact needed for macOS' system Ruby to behave properly, I'm wondering if a multi-stage approach implementing everything you said might make sense?:
What're your thoughts, @indirect @deivid-rodriguez? |
Beta Was this translation helpful? Give feedback.
-
That seems ideal to me 👍🏻 |
Beta Was this translation helpful? Give feedback.
-
Automatically using sudo as part of installing local dependencies when attempting to compile an arbitrary cloned git repository is such an utterly horrendous idea. Why om earth is this not reverted yet when it is clear that this bad practice is causing problems for many users and clearly is not what they want? If Apple has a broken ruby system that it is not possible to work with, then the solution is if OS.mac? and is_using_system_ruby_binary
puts "Apple has a broken system ruby installation that it is not possible to work with."
puts "To use bundle you need to install ruby using homebrew."
puts "(If you really want to attempt to use the system ruby anyway,"
puts "you can set the environmental variable FIX_SYMPTOM_BY_INSTALLING_WITH_SUDO"
puts "to 1 and re-run this command.)"
exit(1)
end Even ignoring the terrible security aspects of running sudo behind the user's back, there is also the principle that you should never surprise your users. Please watch the excellent talk How to Design a Good API and Why it Matters by Joshua Blosh where he points out
And just because the context he is talking about is programming language APIs, that does not mean "Ah, but bundle is a command line program, so in that case it is acceptable to surprise users". It is not. |
Beta Was this translation helpful? Give feedback.
-
@hlovdal thank you for the gentle nudge here. This issue is, frankly, intimidating and seems to get put off for a lot because of that. I agree this functionality should be removed, and multiple other maintainers have also explicitly voiced support for this change earlier in this very issue. You don't need to convince us it's a problem — it's just been hard to make the change happen, for various reasons. For some context: the auto-sudo functionality predates most, if not all, of the current development team. It's not "reverting" a minor change, it's removing a piece of functionality that's existed for at least 12 years and only become more entrenched over time. If you're curious about what the current plan is, please see these two comments earlier in this issue: #4031 (comment) and #4031 (comment). A lot of the work has already been figured out in bits and pieces but never pulled together and properly resolved. I'm going to spend today trying to get everything to the point that it just needs another maintainer to review and merge a few PRs. I'll post an update here later tonight with my progress. |
Beta Was this translation helpful? Give feedback.
-
Hi, sorry, I forgot to post the update here like I said. I did start work over on #5327 since it seems to be the first step of this process. Will attempt to wrap it up next week. |
Beta Was this translation helpful? Give feedback.
-
Some unexpected things came up on my end the last few weeks, but I'm finally digging back into this again! I started by rebasing #5327 off master, and am now trying to figure out why some tests can't find the |
Beta Was this translation helpful? Give feedback.
-
As mentioned in #5327, I'm having trouble making progress on that PR because there's CI problems I can't reproduce locally. |
Beta Was this translation helpful? Give feedback.
-
When I issued So because I expected the
As a many years Python developer and a newbie to Ruby, I managed to figure that one after as little as 18 hours |
Beta Was this translation helpful? Give feedback.
-
I opened #5682 for discussing how to specifically handle having Bundler respect |
Beta Was this translation helpful? Give feedback.
-
Sorry for the lack of communication — here's a quick update. This is still something we're planning to resolve. I took charge of having bundler support It seems like the legal/housing issues are resolving, and the health issues are at least improving. This is the current plan (based off #4031 (comment) and #4031 (comment)):
|
Beta Was this translation helpful? Give feedback.
-
I think we're really delaying too much the removal of this feature. There's pretty much a consensus that it should be removed because it's harmful, so I went ahead and did that at #5888. I think we can delay releasing it to New Years release and tag it as "breaking", just in case someone actually likes this feature, but I wouldn't delay anymore removing the code from our master branch. Of course, we can move forward other improvements like #5327 in parallel. |
Beta Was this translation helpful? Give feedback.
-
The "auto-sudo" functionality was removed by #5888, in September 2022. |
Beta Was this translation helpful? Give feedback.
-
Describe the problem as clearly as you can
Currently bundler detects if it's lacking write permissions on the default
GEM_HOME
and automatically "upgrades privileges" if needed.It turns out the main users running into these issues (OS ruby package users) don't actually want this behaviour. Instead, they usually prefer "downgrading" to a folder with less permissions than upgrading the running user's privileges.
Also, although this shouldn't influence what we do here and it should just be fixed, there's quite a few issues with the current "auto-sudo" implementation, as can be seen by searching existing issues.
So, we should consider providing some enhancements to this. Some ideas:
--user-install
from the bundler side if configured.Note that rubygems currently does not try to "upgrade to sudo" and provides a way out by configuring
gem: --user-install
in your~/.gemrc
file. Also, note that we're considering making this behaviour the default if the default folder is not writable in #2847.I'm particularly interested in @voxik, @terceiro, and @duckinator opionions.
Beta Was this translation helpful? Give feedback.
All reactions