Prevent loss of data on virtualenv-delete -f if the env doesn't exist and the PREFIX envvar is set elsewhere
#518
Conversation
…applications * if set, there is potentially catastrophic loss of data due to the "rm -rf" command being executed on it
SabriRamadanTNG
force-pushed
the
prevent-deletion-of-contents-in-generic-prefix-env-var
branch
from
e900512 to
7a45c55
Compare
There was a problem hiding this comment.
The standard practice in Bash for such cases is to either initialize or unset variables that might've been already set elsewhere, before they are first used.
It won't hurt to change the name to be more descriptive, either. But the PYENV prefix for an internal non-environment variable is redundant.
Sounds reasonable to me, so then I will do a small rewrite with the following:
Feel free to take this over if you prefer, for me fixing this is the priority as in our specific project setup it has caused some real headaches and loss of time due to having to restore (Homebrew) backups. |
You can already use this branch for a quick fix. Before this gets merged, we need to sort out the test failure, and one more thing. By the script logic, E.,g. could you provide the debug trace of its execution (on a test system) as per the issue template that reproduces the problem? |
At the moment, I cannot invest enough time to see this to completion but I should be able to within a day or two. But I do very much need the aforementioned debug trace to identify and fix the root cause. |
|
Thank you for addressing this so quickly. At the moment people on the project are aware of this issue so a couple of days should not make any difference. At the moment here is how I was able to reproduce it:
|
|
Here is the debug trace. Notice how at the end, it says which just means it does not have permissions to delete the homebrew folder itself, but everything inside it is gone. |
|
Tests are passing for me locally, on macOS 26.1 with |
Diagnosed it. It's caused by a race condition in the
It's the fact that the logic doesn't bail out with |
native-api
changed the title
virtualenv-delete -f if the env doesn't exist and the PREFIX envvar is set elsewhere
|
Just wanted to say thank you for reacting so quickly and helping to debug and fix the issue. Highly appreciated. |
SabriRamadanTNG
deleted the
prevent-deletion-of-contents-in-generic-prefix-env-var
branch
2 participants
In
bin/pyenv-virtualenv-deletethere is a code block at the bottom that runsrm -rfon variablePREFIXif the variablePREFIXis set.Now here lays a serious bug: if the script itself did not set this variable beforehand, any other path stored in
PREFIXwill be deleted. I observe this happening when executing with the force-fflag and the provided env doesn't exist. The case where aPREFIXvar is already set seems to specifically happen on macOS in combination with yarn and pyenv-virtualenv both installed via Homebrew. When pyenv-virtualenv is ran via a yarn command, for exampleyarn recreate-setupwithrecreate-setupinvoking pyenv-virtualenv-delete, e.g.there is a
PREFIXenv variable set to/opt/homebrew. I'm not sure which application involved here sets this variable.The result is that it will try to ❗DELETE EVERYTHING ❗in
/opt/homebrewtherefore nuking the entire homebrew setup of the user.This PR provides a first quick workaround by renaming the variable to a very specific one such that it should not come to naming conflicts. Presumably a proper fix of the underlying code flow should be evaluated.