From 82d0ff1df249cdd6748b95aab73ec4aa19b24cb6 Mon Sep 17 00:00:00 2001 From: Brad Warren Date: Thu, 7 Sep 2017 17:23:57 -0700 Subject: [PATCH] Fix permissions error when upgrading certbot-auto. (#5086) Now we always check if we have root access if --cb-auto-has-root is not given on the command line. This allows certbot-auto to properly acquire root when upgrading from an older version. People upgrading from 0.18.0 to 0.18.1 may check for root access twice, however, if root's user ID is 0, this check is essentially a noop. If root's user ID is not 0, we'll request root access a 2nd time during this upgrade. --- letsencrypt-auto-source/letsencrypt-auto | 16 +++++++++++----- .../letsencrypt-auto.template | 16 +++++++++++----- 2 files changed, 22 insertions(+), 10 deletions(-) diff --git a/letsencrypt-auto-source/letsencrypt-auto b/letsencrypt-auto-source/letsencrypt-auto index d52317738..dd03c14e7 100755 --- a/letsencrypt-auto-source/letsencrypt-auto +++ b/letsencrypt-auto-source/letsencrypt-auto @@ -187,8 +187,7 @@ SetRootAuthMechanism() { if [ "$1" = "--cb-auto-has-root" ]; then shift 1 -elif [ "$1" != "--le-auto-phase2" ]; then - # if $1 is --le-auto-phase2, we've executed this branch before +else SetRootAuthMechanism if [ -n "$SUDO" ]; then echo "Requesting to rerun $0 with root privileges..." @@ -197,6 +196,14 @@ elif [ "$1" != "--le-auto-phase2" ]; then fi fi +# Runs this script again with the given arguments. --cb-auto-has-root is added +# to the command line arguments to ensure we don't try to acquire root a +# second time. After the script is rerun, we exit the current script. +RerunWithArgs() { + "$0" --cb-auto-has-root "$@" + exit 0 +} + BootstrapMessage() { # Arguments: Platform name say "Bootstrapping dependencies for $1... (you can skip this with --no-bootstrap)" @@ -825,8 +832,7 @@ if [ "$1" = "--le-auto-phase2" ]; then # if non-interactive mode or stdin and stdout are connected to a terminal if [ \( "$NONINTERACTIVE" = 1 \) -o \( \( -t 0 \) -a \( -t 1 \) \) ]; then rm -rf "$VENV_PATH" - "$0" "$@" - exit 0 + RerunWithArgs "$@" else error "Skipping upgrade because new OS dependencies may need to be installed." error @@ -1491,5 +1497,5 @@ UNLIKELY_EOF fi # A newer version is available. fi # Self-upgrading is allowed. - "$0" --le-auto-phase2 "$@" + RerunWithArgs --le-auto-phase2 "$@" fi diff --git a/letsencrypt-auto-source/letsencrypt-auto.template b/letsencrypt-auto-source/letsencrypt-auto.template index eb2b82776..4eef10c80 100755 --- a/letsencrypt-auto-source/letsencrypt-auto.template +++ b/letsencrypt-auto-source/letsencrypt-auto.template @@ -187,8 +187,7 @@ SetRootAuthMechanism() { if [ "$1" = "--cb-auto-has-root" ]; then shift 1 -elif [ "$1" != "--le-auto-phase2" ]; then - # if $1 is --le-auto-phase2, we've executed this branch before +else SetRootAuthMechanism if [ -n "$SUDO" ]; then echo "Requesting to rerun $0 with root privileges..." @@ -197,6 +196,14 @@ elif [ "$1" != "--le-auto-phase2" ]; then fi fi +# Runs this script again with the given arguments. --cb-auto-has-root is added +# to the command line arguments to ensure we don't try to acquire root a +# second time. After the script is rerun, we exit the current script. +RerunWithArgs() { + "$0" --cb-auto-has-root "$@" + exit 0 +} + BootstrapMessage() { # Arguments: Platform name say "Bootstrapping dependencies for $1... (you can skip this with --no-bootstrap)" @@ -406,8 +413,7 @@ if [ "$1" = "--le-auto-phase2" ]; then # if non-interactive mode or stdin and stdout are connected to a terminal if [ \( "$NONINTERACTIVE" = 1 \) -o \( \( -t 0 \) -a \( -t 1 \) \) ]; then rm -rf "$VENV_PATH" - "$0" "$@" - exit 0 + RerunWithArgs "$@" else error "Skipping upgrade because new OS dependencies may need to be installed." error @@ -567,5 +573,5 @@ UNLIKELY_EOF fi # A newer version is available. fi # Self-upgrading is allowed. - "$0" --le-auto-phase2 "$@" + RerunWithArgs --le-auto-phase2 "$@" fi