Merge pull request #6863 from robbyrussell/fix-compfix-loading

compfix: better error message and loading of completions

lib/compfix.zsh

@@ -2,10 +2,6 @@
 # insecure ownership or permissions) by:
 #
 # * Human-readably notifying the user of these insecurities.
-# * Moving away all existing completion caches to a temporary directory. Since
-#   any of these caches may have been generated from insecure directories, they
-#   are all suspect now. Failing to do so typically causes subsequent compinit()
-#   calls to fail with "command not found: compdef" errors. (That's bad.)
 function handle_completion_insecurities() {
   # List of the absolute paths of all unique insecure directories, split on
   # newline from compaudit()'s output resembling:
@@ -22,39 +18,27 @@ function handle_completion_insecurities() {
   insecure_dirs=( ${(f@):-"$(compaudit 2>/dev/null)"} )
 
   # If no such directories exist, get us out of here.
-  if (( ! ${#insecure_dirs} )); then
+  (( ! ${#insecure_dirs} )) && return
-      print "[oh-my-zsh] No insecure completion-dependent directories detected."
-      return
-  fi
 
   # List ownership and permissions of all insecure directories.
   print "[oh-my-zsh] Insecure completion-dependent directories detected:"
   ls -ld "${(@)insecure_dirs}"
-  print "[oh-my-zsh] For safety, completions will be disabled until you manually fix all"
-  print "[oh-my-zsh] insecure directory permissions and ownership and restart oh-my-zsh."
-  print "[oh-my-zsh] See the above list for directories with group or other writability.\n"
 
-  # Locally enable the "NULL_GLOB" option, thus removing unmatched filename
+  cat <<EOD
-  # globs from argument lists *AND* printing no warning when doing so. Failing
-  # to do so prints an unreadable warning if no completion caches exist below.
-  setopt local_options null_glob
 
-  # List of the absolute paths of all unique existing completion caches.
+[oh-my-zsh] For safety, we will not load completions from these directories until
-  local -aU zcompdump_files
+[oh-my-zsh] you fix their permissions and ownership and restart zsh.
-  zcompdump_files=( "${ZSH_COMPDUMP}"(.) "${ZDOTDIR:-${HOME}}"/.zcompdump* )
+[oh-my-zsh] See the above list for directories with group or other writability.
 
-  # Move such caches to a temporary directory.
+[oh-my-zsh] To fix your permissions you can do so by disabling
-  if (( ${#zcompdump_files} )); then
+[oh-my-zsh] the write permission of "group" and "others" and making sure that the
-    # Absolute path of the directory to which such files will be moved.
+[oh-my-zsh] owner of these directories is either root or your current user.
-    local ZSH_ZCOMPDUMP_BAD_DIR="${ZSH_CACHE_DIR}/zcompdump-bad"
+[oh-my-zsh] The following command may help:
+[oh-my-zsh]     compaudit | xargs chmod g-w,o-w
 
-    # List such files first.
+[oh-my-zsh] If the above didn't help or you want to skip the verification of
-    print "[oh-my-zsh] Insecure completion caches also detected:"
+[oh-my-zsh] insecure directories you can set the variable ZSH_DISABLE_COMPFIX to
-    ls -l "${(@)zcompdump_files}"
+[oh-my-zsh] "true" before oh-my-zsh is sourced in your zshrc file.
 
-    # For safety, move rather than permanently remove such files.
+EOD
-    print "[oh-my-zsh] Moving to \"${ZSH_ZCOMPDUMP_BAD_DIR}/\"...\n"
-    mkdir -p "${ZSH_ZCOMPDUMP_BAD_DIR}"
-    mv "${(@)zcompdump_files}" "${ZSH_ZCOMPDUMP_BAD_DIR}/"
-  fi
 }

oh-my-zsh.sh

@@ -63,15 +63,14 @@ if [ -z "$ZSH_COMPDUMP" ]; then
 fi
 
 if [[ $ZSH_DISABLE_COMPFIX != true ]]; then
-  # If completion insecurities exist, warn the user without enabling completions.
+  # If completion insecurities exist, warn the user
   if ! compaudit &>/dev/null; then
-    # This function resides in the "lib/compfix.zsh" script sourced above.
     handle_completion_insecurities
-  # Else, enable and cache completions to the desired file.
-  else
-    compinit -d "${ZSH_COMPDUMP}"
   fi
+  # Load only from secure directories
+  compinit -i -d "${ZSH_COMPDUMP}"
 else
+  # If the user wants it, load from all found directories
   compinit -u -d "${ZSH_COMPDUMP}"
 fi