`scriptTempDir` configuration variable is ignored for `modify_` scripts
vbrand1984 opened this issue · 5 comments
Describe the bug
The scriptTempDir variable in the chezmoi config file seems to have no effect, and even if it is specified, chezmoi nevertheless tries to copy scripts in the /tmp directory and run them from there. This is an issue when /tmp is mounted with the noexec option, and despite the solution is described in chezmoi docs, it seems to not work.
Although adding following lines in ~/.config/chezmoi/chezmoi.toml does the thing and everything is working as intended afterwards, i.e. scripts are copied into the specified directory and executed flawlessly:
[scriptEnv]
TMPDIR = "/run/user/1000"
To reproduce
Mount /tmp with the noexec option:
sudo mount -o remount,noexec /tmpAnd then run chezmoi while having any of the modify_ or run_ scripts in the source tree:
chezmoi diff --verboseThe output:
chezmoi: .config/openbox/rc.xml: fork/exec /tmp/2252122799.rc.xml: permission denied
Although the scriptTempDir variable is set:
$ chezmoi data | grep scriptTempDir
"scriptTempDir": "/run/user/1000",Expected behavior
chezmoi should copy the scripts in the directory specified in the scriptTempDir configuration variable, as it is described in the docs.
Output of chezmoi doctor
$ chezmoi doctor
RESULT CHECK MESSAGE
ok version v2.50.0, commit 3ad974381fe57aedbcffef4371aa80970a989aaf, built at 2024-07-02T21:16:33Z, built by goreleaser
ok latest-version v2.50.0
ok os-arch linux/amd64 (Devuan GNU/Linux 5 (daedalus))
ok uname Linux saturn 6.1.0-22-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.94-1 (2024-06-21) x86_64 GNU/Linux
ok go-version go1.22.5 (gc)
ok executable /usr/bin/chezmoi
ok upgrade-method sudo-upgrade-package
ok config-file ~/.config/chezmoi/chezmoi.toml, last modified 2024-07-03T14:17:21+03:00
ok source-dir ~/.Dots/chezmoi is a git working tree (clean)
ok suspicious-entries no suspicious entries
ok working-tree ~/.Dots/chezmoi is a git working tree (clean)
ok dest-dir ~ is a directory
ok umask 022
ok cd-command found /bin/bash
ok cd-args /bin/bash
info diff-command not set
ok edit-command found /usr/bin/vim
ok edit-args /usr/bin/vim
ok git-command found /usr/bin/git, version 2.39.2
ok merge-command found /usr/bin/vimdiff
ok shell-command found /bin/bash
ok shell-args /bin/bash
ok age-command found /usr/bin/age, version 1.1.1
ok gpg-command found /usr/bin/gpg, version 2.2.40
info pinentry-command not set
info 1password-command op not found in $PATH
info bitwarden-command bw not found in $PATH
info bitwarden-secrets-command bws not found in $PATH
info dashlane-command dcli not found in $PATH
info doppler-command doppler not found in $PATH
info gopass-command gopass not found in $PATH
info keepassxc-command keepassxc-cli not found in $PATH
info keepassxc-db not set
info keeper-command keeper not found in $PATH
info lastpass-command lpass not found in $PATH
info pass-command pass not found in $PATH
info passhole-command ph not found in $PATH
info rbw-command rbw not found in $PATH
info vault-command vault not found in $PATH
info vlt-command vlt not found in $PATH
info secret-command not setI tried to reproduce this but was unsuccessful. In my test chezmoi executes scripts correctly from scriptTempDir. See #3858.
chezmoi: .config/openbox/rc.xml: fork/exec /tmp/2252122799.rc.xml: permission denied
rc.xml is a strange name for a script. Do you really have a file in your source directory called dot_config/openbox/run_rc.xml? Are you sure chezmoi is the problem here?
rc.xml is a strange name for a script. Do you really have a file in your source directory called dot_config/openbox/run_rc.xml?
Yes, it is this modify_ script for Openbox configuration. It removes the <keyboard> tag from the file and replaces it with the <xi:include> tag. But it works just fine by itself. The issue affects also run_ scripts from the .chezmoiscripts directory, it's just that modify_ script appears to be the first one in the chain.
I have four systems on my desktop PC: Gentoo, Void Linux, Debian 12 and Devuan 5. I can reproduce the issue with my configuration (the dots, .chezmoi.toml.tmpl) on all of them. The configuration is a little bit messy as of now, but it works fine in all my systems (and on my laptop with Debian 12), unless the TMPDIR variable declaration in the [scriptEnv] section is deleted/commented. In that case, the aforementioned "permission denied" error emerges. And this is despite the scriptTempDir variable is specified in that same .chezmoi.toml.tmpl file. Deleting it causes no effect, it seems that only the TMPDIR environment variable is what matters in my config.
On all my systems, I mount /tmp via /etc/fstab as following:
tmpfs /tmp tmpfs noatime,nosuid,nodev,noexec,mode=1777,size=8G 0 0
Anyways, thank you for your effort and time investment!
EDIT: Here is the output of chezmoi doctor in my other systems:
chezmoi doctor in Gentoo
$ chezmoi doctor
RESULT CHECK MESSAGE
warning version v2.49.0, built at 2024-06-22T00:34:46Z
warning latest-version v2.50.0
ok os-arch linux/amd64 (Gentoo)
ok uname Linux saturn 6.6.30-gentoo #1 SMP Sat Jun 15 22:02:57 MSK 2024 x86_64 AMD Ryzen 7 PRO 3700 8-Core Processor AuthenticAMD GNU/Linux
ok go-version go1.22.4 (gc)
ok executable /usr/bin/chezmoi
ok upgrade-method upgrade-package
ok config-file ~/.config/chezmoi/chezmoi.toml, last modified 2024-07-07T01:12:02+03:00
ok source-dir ~/.Dots/chezmoi is a git working tree (clean)
ok suspicious-entries no suspicious entries
ok working-tree ~/.Dots/chezmoi is a git working tree (clean)
ok dest-dir ~ is a directory
ok umask 022
ok cd-command found /bin/bash
ok cd-args /bin/bash
info diff-command not set
ok edit-command found /usr/bin/vim
ok edit-args /usr/bin/vim
ok git-command found /usr/bin/git, version 2.44.2
ok merge-command found /usr/bin/vimdiff
ok shell-command found /bin/bash
ok shell-args /bin/bash
ok age-command found /usr/bin/age, version 1.1.1
ok gpg-command found /usr/bin/gpg, version 2.4.5
info pinentry-command not set
info 1password-command op not found in $PATH
info bitwarden-command bw not found in $PATH
info bitwarden-secrets-command bws not found in $PATH
info dashlane-command dcli not found in $PATH
info doppler-command doppler not found in $PATH
info gopass-command gopass not found in $PATH
info keepassxc-command keepassxc-cli not found in $PATH
info keepassxc-db not set
info keeper-command keeper not found in $PATH
info lastpass-command lpass not found in $PATH
info pass-command pass not found in $PATH
info passhole-command ph not found in $PATH
info rbw-command rbw not found in $PATH
info vault-command vault not found in $PATH
info vlt-command vlt not found in $PATH
info secret-command not setchezmoi doctor in Void Linux
$ chezmoi doctor
RESULT CHECK MESSAGE
ok version v2.50.0, commit v2.50.0, built at 2024-07-05, built by xbps
ok latest-version v2.50.0
ok os-arch linux/amd64 (Void)
ok uname Linux saturn 6.6.35_1 #1 SMP PREEMPT_DYNAMIC Sat Jun 22 12:41:23 UTC 2024 x86_64 GNU/Linux
ok go-version go1.22.3 (gc)
ok executable /usr/bin/chezmoi
ok config-file ~/.config/chezmoi/chezmoi.toml, last modified 2024-07-06T21:07:56+03:00
ok source-dir ~/.Dots/chezmoi is a git working tree (clean)
ok suspicious-entries no suspicious entries
ok working-tree ~/.Dots/chezmoi is a git working tree (clean)
ok dest-dir ~ is a directory
ok umask 022
ok cd-command found /bin/bash
ok cd-args /bin/bash
info diff-command not set
ok edit-command found /usr/bin/vim
ok edit-args /usr/bin/vim
ok git-command found /usr/bin/git, version 2.45.2
ok merge-command found /usr/bin/vimdiff
ok shell-command found /bin/bash
ok shell-args /bin/bash
ok age-command found /usr/bin/age, version 1.2.0
ok gpg-command found /usr/bin/gpg, version 2.4.5
info pinentry-command not set
info 1password-command op not found in $PATH
info bitwarden-command bw not found in $PATH
info bitwarden-secrets-command bws not found in $PATH
info dashlane-command dcli not found in $PATH
info doppler-command doppler not found in $PATH
info gopass-command gopass not found in $PATH
info keepassxc-command keepassxc-cli not found in $PATH
info keepassxc-db not set
info keeper-command keeper not found in $PATH
info lastpass-command lpass not found in $PATH
info pass-command pass not found in $PATH
info passhole-command ph not found in $PATH
info rbw-command rbw not found in $PATH
info vault-command vault not found in $PATH
info vlt-command vlt not found in $PATH
info secret-command not setchezmoi doctor in Debian 12
$ chezmoi doctor
RESULT CHECK MESSAGE
ok version v2.50.0, commit 3ad974381fe57aedbcffef4371aa80970a989aaf, built at 2024-07-02T21:16:33Z, built by goreleaser
ok latest-version v2.50.0
ok os-arch linux/amd64 (Debian GNU/Linux 12 (bookworm))
ok uname Linux saturn 6.1.0-22-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.94-1 (2024-06-21) x86_64 GNU/Linux
ok go-version go1.22.5 (gc)
ok executable /usr/bin/chezmoi
ok upgrade-method sudo-upgrade-package
ok config-file ~/.config/chezmoi/chezmoi.toml, last modified 2024-07-07T01:45:36+03:00
ok source-dir ~/.Dots/chezmoi is a git working tree (clean)
ok suspicious-entries no suspicious entries
ok working-tree ~/.Dots/chezmoi is a git working tree (clean)
ok dest-dir ~ is a directory
ok umask 022
ok cd-command found /bin/bash
ok cd-args /bin/bash
info diff-command not set
ok edit-command found /usr/bin/vim
ok edit-args /usr/bin/vim
ok git-command found /usr/bin/git, version 2.39.2
ok merge-command found /usr/bin/vimdiff
ok shell-command found /bin/bash
ok shell-args /bin/bash
ok age-command found /usr/bin/age, version 1.1.1
ok gpg-command found /usr/bin/gpg, version 2.2.40
info pinentry-command not set
info 1password-command op not found in $PATH
info bitwarden-command bw not found in $PATH
info bitwarden-secrets-command bws not found in $PATH
info dashlane-command dcli not found in $PATH
info doppler-command doppler not found in $PATH
info gopass-command gopass not found in $PATH
info keepassxc-command keepassxc-cli not found in $PATH
info keepassxc-db not set
info keeper-command keeper not found in $PATH
info lastpass-command lpass not found in $PATH
info pass-command pass not found in $PATH
info passhole-command ph not found in $PATH
info rbw-command rbw not found in $PATH
info vault-command vault not found in $PATH
info vlt-command vlt not found in $PATH
info secret-command not setEDIT2: In Gentoo, chezmoi's version lags behind because I install it via an ebuild from the guru overlay, and it is somewhat slow with upgrades.
UPDATE. I've performed some more tests and it seems that I was kinda wrong regarding the circumstances needed to reproduce this issue. The scriptTempDir variable actually works well with the run_before_ and run_after_ scripts from the .chezmoiscripts directory. But it isn't applied when the modify_ script is run.
Thanks for the investigation. This is definitely a bug.