Install macOS CLI binary into Cargo bin#3
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: cbe5a07598
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| /bin/mkdir -p "$cargo_bin_dir" | ||
| /usr/bin/install -m 755 "$app_binary" "$destination" | ||
| /usr/sbin/chown "$target_user:$target_group" "$cargo_home_dir" "$cargo_bin_dir" "$destination" |
There was a problem hiding this comment.
In the pkg postinstall context this runs as root, but cargo_home_dir is under the target user's control. If that user has made ~/.cargo a symlink to a protected prefix such as /usr/local before installation, /bin/mkdir -p traverses it, /usr/bin/install copies through it, and this chown can hand ownership of the resulting bin directory or CLI file outside the user's home to that user. Please resolve/lstat the Cargo paths and require real directories under the user's home, or otherwise create/copy without following user-controlled symlinks.
Useful? React with 👍 / 👎.
|
Closing this because we shouldn’t be responsible for coordinating multiple package managers. |
2 participants
~/.cargo/bin/daat-locusfrom the pkg postinstall script instead of placing a wrapper in/usr/local/bin.Verification
cargo fmtcargo test -p xtaskcargo check -p xtaskcargo run -p xtask -- package macos --keep-work-dirsh -n target/aarch64-apple-darwin/release/macos-work/pkg-scripts/postinstallpkgutil --expand target/aarch64-apple-darwin/release/macos/daat-locus-0.2.0-aarch64-apple-darwin.pkg ...