Skip to content

Set environment variables needed for bash, zsh completion in opam env #6812

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
WardBrian wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Set environment variables needed for bash, zsh completion in opam env #6812

WardBrian wants to merge 3 commits into from

Conversation

@WardBrian
Copy link

@WardBrian WardBrian commented Nov 24, 2025
edited
Loading

Would close #6427

This updates opam env to set XDG_DATA_DIRS (from the XDG base directory specification) to include the current switch's share root, and FPATH to include %{share}%/zsh/site-functions when the shell is zsh

The former works with bash-completion, which looks in the XDG_DATA_DIRS entries for bash-completion/completions sub-directories, while the later sets up zsh's built-in completion mechanisms to look in this location.

Questions for reviewers --

  1. I currently only modify FPATH on zsh, but I think it would be safe to do it generically (the only other shell that seems to assign meaning to the FPATH variable is ksh, which opam doesn't support)
  2. Assuming we want to keep FPATH zsh-specific, is it worth threading through a shell variable all the way from the CLI to where we compute these updates, or is it fine to keep the guess_shell_compat call?

@WardBrian WardBrian changed the title Feat/6427 completion environment variables Set environment variables needed for bash, zsh completion in opam env Nov 24, 2025
@WardBrian WardBrian force-pushed the feat/6427-completion-environment-variables branch from da44a84 to 4773962 Compare November 24, 2025 17:56
@kit-ty-kate kit-ty-kate added this to the 2.6.0~alpha1 milestone Nov 24, 2025
@WardBrian WardBrian force-pushed the feat/6427-completion-environment-variables branch from 4773962 to 18a99a3 Compare November 24, 2025 18:22
@WardBrian WardBrian force-pushed the feat/6427-completion-environment-variables branch from 18a99a3 to 95d0887 Compare November 24, 2025 22:27
@WardBrian WardBrian marked this pull request as ready for review November 30, 2025 21:02
@kit-ty-kate
Copy link
Member

kit-ty-kate commented Dec 1, 2025

cc @hannesm @reynir do you have any thoughts about the security considerations of this feature by any chance?

@hannesm
Copy link
Member

hannesm commented Dec 2, 2025

@kit-ty-kate thanks for asking, no I don't have an idea about this environment variable (and whether to prepend or append to it).

@reynir
Copy link
Contributor

reynir commented Dec 4, 2025

I don't know much about it. For bash-completion I suspect it could add completion scripts from installed opam packages, and I think those can run arbitrary commands. Then again I guess packages can already install arbitrary binaries shadowing common binaries such as ls. I'm not sure what the security model is or how that fits into that.

@WardBrian
Copy link
Author

WardBrian commented Dec 4, 2025

Even if you're sandboxing the build commands (so you can't be pwned by arbitrary badness hidden behind a make command), I still think it is currently the case that you can't install an opam package unless you trust it. It doesn't even have to shadow something like ls; presumably you're going to run the code from the package eventually, or else you wouldn't be installing it.

@dbuenzli
Copy link
Contributor

dbuenzli commented Dec 4, 2025

Then again I guess packages can already install arbitrary binaries shadowing common binaries such as ls

Not to mention that arbitrary ocaml packages can actually set or extend theses variables themselves…

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

AREA: ENV

Projects

None yet

Milestone

2.6.0~alpha1

Development

Successfully merging this pull request may close these issues.

Should $(opam env) or .opam/opam-init/* setup paths for shell completion scripts ?

5 participants

@WardBrian @kit-ty-kate @hannesm @reynir @dbuenzli