Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUG] Installing some packages in rootless containers causes TAR_ENTRY_ERROR since v9 #5998

Open
2 tasks done
vchernin opened this issue Dec 26, 2022 · 4 comments
Open
2 tasks done
Assignees
Labels
Bug thing that needs fixing Priority 2 secondary priority issue Release 9.x work is associated with a specific npm 9 release

Comments

@vchernin
Copy link

vchernin commented Dec 26, 2022

Is there an existing issue for this?

  • I have searched the existing issues

This issue exists in the latest npm version

  • I am using the latest npm

Current Behavior

The installation of some packages in either podman or docker rootless containers results in:

npm WARN tar TAR_ENTRY_ERROR EINVAL: invalid argument, fchown

In either podman or docker there is no warning when in rootful containers.

Note as far as I can tell with this warning npm has no behaviour changes, everything still seems to work, but I have no real assurances of this being an ignorable warning.

Expected Behavior

No extra warnings when installing packages with rootless containers.

Steps To Reproduce

docker run -it --rm --entrypoint sh docker.io/node:19.3.0-alpine -c \
'mkdir project && cd project && npm install -g [email protected] && npm install [email protected]'

This is only reproducible if you have a functional rootless container setup (default with podman, needs special installation with docker, see below documentation). Also this probably won't reproduce if you've added your user to the docker group (as your user can now create rootful containers).

The bug can be reproduced by swapping docker with podman.

To show the bug not occuring try prepend sudo to run a rootful container.

The first bad tag is 9.0.0-pre.6, and the same behaviour is seen in 9.2.0. This is likely a regression of the recent changes for npm/rfcs#546, which seems intended at least in part to help fix issues in docker.

Curiously if installing e.g. @babel/[email protected] instead of [email protected] this bug doesn't occur, so the package contents affect this somehow.

This doesn't occur when installing packages in a non-container setup like by installing node through nvm on ubuntu.

Some documentation about rootless containers:
https://docs.docker.com/engine/security/rootless/
https://github.com/containers/podman/blob/main/rootless.md

Environment

  • npm: 9.2.0
  • Node.js: 19.3.0
  • OS Name: Docker/Podman
  • npm config:
; node bin location = /usr/local/bin/node
; node version = v19.3.0
; npm local prefix = /project
; npm version = 9.2.0
; cwd = /project
; HOME = /root
; Run `npm config ls -l` to show all defaults.
@vchernin vchernin added Bug thing that needs fixing Needs Triage needs review for next steps Release 9.x work is associated with a specific npm 9 release labels Dec 26, 2022
@RobStaveley
Copy link

RobStaveley commented Jan 23, 2023

I reproduce this with userns-remap. I have userns-remap set up for myusername (i.e. $USER) in /etc/docker/daemon.json:

{
  "userns-remap": "myusername"
}

I have /etc/subuid and /etc/subgid both with:

myusername:1000:1
myusername:100000:65536

My UID and GID is 1000.

@nlf
Copy link
Contributor

nlf commented Feb 16, 2023

npm/pacote#261 should close this. the change in that pull request skips the fchown related code in tar

@nlf nlf added Priority 2 secondary priority issue and removed Needs Triage needs review for next steps labels Feb 16, 2023
@nlf nlf self-assigned this Feb 16, 2023
@rbalet
Copy link

rbalet commented Mar 16, 2023

@nlf Any news on that issue ? your linked issue didn't fix the problem for me.

Environment
npm: 9.6.2
Node.js: 18.15.0

@carlosrodfern
Copy link

The fix has not been back-ported to 9: npm/pacote@8f4e39c
It is only in v15.x
Is this just a warning message without actual consequences in the build?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Bug thing that needs fixing Priority 2 secondary priority issue Release 9.x work is associated with a specific npm 9 release
Projects
None yet
Development

No branches or pull requests

5 participants