Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

composer: reorder options on command-line: put --working-dir= first #5204

Open
1 task done
drzraf opened this issue Sep 1, 2022 · 3 comments
Open
1 task done

composer: reorder options on command-line: put --working-dir= first #5204

drzraf opened this issue Sep 1, 2022 · 3 comments
Labels
feature This issue/PR relates to a feature request language module module packaging plugins plugin (any type) waiting_on_contributor Needs help. Feel free to engage to get things unblocked

Comments

@drzraf
Copy link
Contributor

drzraf commented Sep 1, 2022
edited
Loading

Summary

This module generates suitable command lines relying on the composer binary.

Typical command-lines look like /usr/bin/php /usr/bin/composer <FOO> --no-ansi --no-interaction --working-dir <BAR> <BAZ>

Where

  • FOO is the command
  • BAR is the working_dir
  • BAZ are the additional arguments

Considerations

  1. From a syntax PoV, --working-dir is a global option, supported by all composer commands and as such can (and should) be issued at the beginning of the command-line, before the composer command itself, eg composer --working-dir=... install/require/help ...

  2. On top of that, in some scenarios, putting --working-dir first is actually beneficial:

  • The --working-directory is a sensitive option, it allows to execute arbitrary PHP-code in that directory. The command itself, not so much
  • When it comes to either security or audit log, --working-directory= is the option one would either grep, analyze or restrict
  • In the case of sudoers (but could be for ssh authorized commands, selinux, apparmor, firejail LSM or similar), having the sensitive/variable component at the beginning makes more sense and make things more easy, eg %operator IT = (foo:bar) NOPASSWD /usr/bin/composer --working-dir=restricted *
  • composer only considers the first occurrence of this option (no possible override)

#3787 is related since it fall into above mentioned case n°1 and fixing both issues with the same modification is possible.

Issue Type

Feature Idea

Component Name

composer

Additional Information

This would be the command line generated by the module
/usr/bin/php /usr/bin/composer --working-dir <BAR> <FOO> --no-ansi --no-interaction <BAZ>

Code of Conduct

  • I agree to follow the Ansible Code of Conduct
@ansibullbot
Copy link
Collaborator

Files identified in the description:

If these files are incorrect, please update the component name section of the description or use the !component bot command.

click here for bot help

@ansibullbot
Copy link
Collaborator

cc @dmtrs
click here for bot help

@ansibullbot ansibullbot added feature This issue/PR relates to a feature request language module module packaging plugins plugin (any type) labels Sep 1, 2022
@ansibullbot
Copy link
Collaborator

Files identified in the description:

If these files are incorrect, please update the component name section of the description or use the !component bot command.

click here for bot help

@felixfontein felixfontein mentioned this issue Jan 25, 2023
Closed
1 task
@felixfontein felixfontein added the waiting_on_contributor Needs help. Feel free to engage to get things unblocked label Jan 25, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature This issue/PR relates to a feature request language module module packaging plugins plugin (any type) waiting_on_contributor Needs help. Feel free to engage to get things unblocked
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@drzraf @felixfontein @ansibullbot