fix: handle root-owned Claude binaries on Linux#28
Closed
othavioquiliao wants to merge 4 commits into
Closed
Conversation
O binary-finder não resolvia shell wrappers Unix (ex: /usr/bin/claude com `exec /opt/claude-code/bin/claude`). Adiciona resolveShellWrapper() para parsear `exec` em scripts com shebang, e /opt/claude-code/bin/claude como fallback para instalações via pacote do sistema.
…o patch Três correções para instalações via pacote do sistema (ex: omarchy): 1. Preflight detecta falta de write permission no diretório do binário e re-executa via sudo automaticamente antes do TUI iniciar. 2. patchBinary() verifica write permission com erro claro (safety net). 3. confirm_patch handler no apply TUI agora captura erros em vez de congelar silenciosamente. 4. isClaudeRunning() usa pgrep -x (match exato) em vez de -f para eliminar falsos positivos.
sudo sanitiza o ambiente, fazendo homedir() retornar /root e bun não ser encontrado em ~/.bun/bin/. Preserva HOME com --preserve-env=HOME e adiciona fallback no findBunBinary() usando SUDO_USER para localizar bun no home do usuário original.
othavioquiliao
changed the title
…ção sudo Extrai lógica duplicada de sudo re-exec para helper compartilhado, troca execSync com template literal por execFileSync com array de args (elimina shell injection), e propaga bunPath no PreflightResult para evitar chamada redundante a findBunBinary().
Owner
|
Haven't fully reviewed but thank you for pr @othavioquiliao can you look into windows CI test failing we prob need to flag this so sudo stuff is only on Linux or Mac |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Context
If you install Claude Code as a system package (like on Arch with omarchy),
/usr/bin/claudeis actually a tiny shell wrapper that doesexec /opt/claude-code/bin/claude. The binary finder didn't know how to follow that, so it'd see a 77-byte file and bail.On top of that, the real binary is root-owned, so patching needs sudo. And when you re-run with sudo, the environment gets wiped — bun disappears from PATH (mine is managed by mise, but same thing happens with asdf, volta, etc.), and
$HOMEpoints to/rootso none of the config files are found.What this does
Shell wrappers: Added
resolveShellWrapper()that reads the script, finds theexectarget, and follows it to the actual binary. Also added/opt/claude-code/bin/claudeto the candidate list.Sudo re-exec: If the binary dir isn't writable, we now re-run under sudo automatically (early, before the TUI starts — otherwise it freezes). The trick is resolving bun, the claude binary, and HOME before escalating, while PATH is still intact, then passing them through as env vars with
execFileSync('sudo', ['env', ...]). No shell interpolation, no injection issues.The sudo escalation logic lives in its own helper (
src/patcher/sudo.ts) instead of being copy-pasted between commands.Why not just
sudo --preserve-env=PATH? Tried that first, butsecure_pathin sudoers silently overrides it on most distros. Resolving to absolute paths before sudo and forwarding them is more reliable.Testing
resolveShellWrapper, all 210 passing/opt/claude-code/bin/claude+ bun via mise