Post-installed binary losing executable permissions on reinstall #8546
Description
Verify latest release
- I verified that the issue exists in the latest pnpm release
pnpm version
No response
Which area(s) of pnpm are affected? (leave empty if unsure)
Store
Link to the code that reproduces this issue or a replay of the bug
No response
Reproduction steps
- Create a new folder
- Add the following
Dockerfile
FROM node:20-alpine
RUN apk add --no-cache bash jq \
&& npm install -g pnpm
COPY package.json docker-entrypoint.sh /home/node/app/
RUN chown -R node:node /home/node/app/ \
&& chmod +x /home/node/app/docker-entrypoint.sh
USER node
WORKDIR /home/node/app/
ENTRYPOINT ["/home/node/app/docker-entrypoint.sh"]- Add the following
package.json
{
"name": "eaccess-test",
"private": "true",
"dependencies": {
"@sentry/cli": "1.77.3"
}
}- Add the following
docker-entrypoint.sh
#!/usr/bin/env bash
echo "- Setup"
echo
echo "Setting umask 0077"
umask 0077
echo "Using pnpm $(pnpm --version)"
echo "Configuring store to be $HOME/store"
pnpm config set store-dir "$HOME/store"
echo
echo "- Install from fresh store"
echo
pnpm install
echo
echo "==================================="
echo "Version from executable:"
node_modules/.pnpm/@sentry+cli@1.77.3/node_modules/@sentry/cli/sentry-cli --version
ls -ld node_modules/.pnpm/@sentry+cli@1.77.3/node_modules/@sentry/cli/sentry-cli
echo "(binary has executable permissions)"
echo
echo "- Removing node_modules..."
rm -rf node_modules
echo
echo "- Install from populated store"
echo
pnpm install
echo
echo "============================================="
echo "Version from executable:"
node_modules/.pnpm/@sentry+cli@1.77.3/node_modules/@sentry/cli/sentry-cli --version
ls -ld node_modules/.pnpm/@sentry+cli@1.77.3/node_modules/@sentry/cli/sentry-cli
echo "(binary does not have executable permissions)"
echo
find "$HOME/store" -type f -name "*.json" | while read -r index_file
do
if [[ "$(jq -r '.name' "$index_file")" == "@sentry/cli" ]]; then
echo "@sentry/cli mode field for binary in store: $(jq -r '.sideEffects[]."sentry-cli".mode' "$index_file")"
fi
done
echo
echo "Starting shell"
/bin/bash- Build and run the docker image
docker build -t pnpm-issue -f Dockerfile .
docker run --rm -it pnpm-issueDescribe the Bug
As the Node.js Language Owner at Heroku, this bug came to my attention when the following issue was filed as developers were trying to take advantage of our recent support for pnpm:
heroku/heroku-buildpack-nodejs#1247
After some investigation, what I've noticed is that this bug seems to be triggered by the following conditions:
- installing a Node.js module that fetches or configures an architecture-specific binary as part of a
postinstallscript - the running process is configured with a umask of
0077
Using @sentry/cli, as in the reproduction above, what happens is:
- On the first
pnpm install,- the store is empty so modules are fetched
- the postinstall script for
@sentry/cliexecutes which downloads the architecture-specific binary - the downloaded binary is executable
- On a second
pnpm install(after thenode_modulesdir is removed),- the
@sentry/climodule is restored from the store - the architecture-specific binary is no longer executable
- the
Expected Behavior
I would expect that if a file is installed with executable permissions as part of a postinstall script, then when it's installed from the pnpm store it should also have executable permissions.
The sideEffects information recorded for the @sentry/cli module from above seems to indicate this as the mode stored has a value of 33216 (octal 100700).
The current workaround I've been recommending is to disable the side-effects-cache.
Which Node.js version are you using?
20.17.0
Which operating systems have you used?
- macOS
- Windows
- Linux
If your OS is a Linux based, which one it is? (Include the version if relevant)
Ubuntu 20.04, Alpine Linux v3.20