disallow to create tree in case of unsafe run

src/ahriman/application/lock.py

@@ -21,7 +21,6 @@ from __future__ import annotations
 
 import argparse
 import logging
-import os
 
 from pathlib import Path
 from types import TracebackType
@@ -29,8 +28,9 @@ from typing import Literal, Optional, Type
 
 from ahriman import version
 from ahriman.core.configuration import Configuration
-from ahriman.core.exceptions import DuplicateRun, UnsafeRun
+from ahriman.core.exceptions import DuplicateRun
 from ahriman.core.status.client import Client
+from ahriman.core.util import check_user
 from ahriman.models.build_status import BuildStatusEnum
 
 
@@ -105,10 +105,7 @@ class Lock:
         """
         if self.unsafe:
             return
-        current_uid = os.getuid()
-        root_uid = self.root.stat().st_uid
-        if current_uid != root_uid:
-            raise UnsafeRun(current_uid, root_uid)
+        check_user(self.root)
 
     def clear(self) -> None:
         """

src/ahriman/core/repository/properties.py

@@ -22,8 +22,10 @@ import logging
 from ahriman.core.alpm.pacman import Pacman
 from ahriman.core.alpm.repo import Repo
 from ahriman.core.configuration import Configuration
+from ahriman.core.exceptions import UnsafeRun
 from ahriman.core.sign.gpg import GPG
 from ahriman.core.status.client import Client
+from ahriman.core.util import check_user
 from ahriman.models.repository_paths import RepositoryPaths
 
 
@@ -58,7 +60,11 @@ class Properties:
         self.name = configuration.get("repository", "name")
 
         self.paths = RepositoryPaths(configuration.getpath("repository", "root"), architecture)
-        self.paths.tree_create()
+        try:
+            check_user(self.paths.root)
+            self.paths.tree_create()
+        except UnsafeRun:
+            self.logger.exception("root owner differs from the current user, skipping tree creation")
 
         self.ignore_list = configuration.getlist("build", "ignore_packages", fallback=[])
         self.pacman = Pacman(configuration)

src/ahriman/core/util.py

@@ -18,6 +18,7 @@
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 #
 import datetime
+import os
 import subprocess
 import requests
 
@@ -25,7 +26,7 @@ from logging import Logger
 from pathlib import Path
 from typing import Generator, Optional, Union
 
-from ahriman.core.exceptions import InvalidOption
+from ahriman.core.exceptions import InvalidOption, UnsafeRun
 
 
 def check_output(*args: str, exception: Optional[Exception], cwd: Optional[Path] = None,
@@ -54,6 +55,19 @@ def check_output(*args: str, exception: Optional[Exception], cwd: Optional[Path]
         raise exception or e
 
 
+def check_user(root: Path) -> None:
+    """
+    check if current user is the owner of the root
+    :param root: root directory (i.e. ahriman home)
+    """
+    if not root.exists():
+        return  # no directory found, skip check
+    current_uid = os.getuid()
+    root_uid = root.stat().st_uid
+    if current_uid != root_uid:
+        raise UnsafeRun(current_uid, root_uid)
+
+
 def exception_response_text(exception: requests.exceptions.HTTPError) -> str:
     """
     safe response exception text generation