Skip to content

Fix tarballs missing the tar end-of-archive marker (ERR_PNPM_TARBALL_EXTRACT)#51

Merged
fengmk2 merged 1 commit into
mainfrom
fix/tarball-missing-eof-marker
Jul 1, 2026
Merged

Fix tarballs missing the tar end-of-archive marker (ERR_PNPM_TARBALL_EXTRACT)#51
fengmk2 merged 1 commit into
mainfrom
fix/tarball-missing-eof-marker

Conversation

@fengmk2

@fengmk2 fengmk2 commented Jul 1, 2026

Copy link
Copy Markdown
Member

Problem

vp installs of some preview builds fail in pnpm:

ERR_PNPM_TARBALL_EXTRACT  Failed to add tarball from
".../tarballs/@voidzero-dev/vite-plus-core/0.0.0-commit.14f13284....tgz" to store:
Invalid checksum for TAR header at offset 5038080. Expected 0, got NaN

Root cause

buildPreviewTarball repacks upstream tarballs with nanotar's createTarGzip. nanotar rounds the archive up to a full 10240-byte record and relies on the zero slack to form the mandatory end-of-archive marker (two 512-byte zero blocks). When the packed size is already an exact multiple of 10240, it adds no slack and emits no marker (and only a single block when the size is 512 short of a record).

Lenient readers (BSD/GNU tar, gzip -t) tolerate the omission; pnpm's strict extractor reads a header past EOF and fails with Expected 0, got NaN. @voidzero-dev/vite-plus-core@0.0.0-commit.14f13284 repacks to exactly 5038080 = 492 * 10240 bytes, hitting the boundary.

This is unrelated to #49 (which only touched the download path); reverting it could not have helped.

Fix

Build the raw tar, guarantee the marker (append two zero blocks whenever the last 1024 bytes are not already zero), then gzip. A no-op for normal archives, so every already-correct tarball's bytes and integrity are byte-identical; only boundary cases change. Rebuilt the publish-preview action bundle, which packs via the same buildPreviewTarball.

Test plan

  • Added regression test that sweeps packed sizes across a full 10240-byte record (guaranteeing the boundary case) and asserts a valid end-of-archive marker; it fails on main, passes here.
  • pnpm typecheck, pnpm test (78/78)
  • Verified end-to-end: a marker-less boundary archive built through the fixed code extracts cleanly under strict tar.

Follow-up (post-merge)

The already-corrupted object in R2 for vite-plus-core@0.0.0-commit.14f13284 must be purged/rebuilt so live installs recover; deploying the Worker alone won't rewrite existing bytes.

…EXTRACT)

buildPreviewTarball repacks upstream tarballs with nanotar's createTarGzip.
nanotar rounds the archive up to a full 10240-byte record and relies on the
zero slack to form the mandatory end-of-archive marker (two 512-byte zero
blocks), but emits NO slack when the packed size is already an exact multiple
of 10240 (and only a single block when it is 512 short). Lenient readers
(BSD/GNU tar, gzip -t) tolerate the omission, but pnpm's strict extractor then
reads a header past EOF and fails:

  ERR_PNPM_TARBALL_EXTRACT  Invalid checksum for TAR header at offset N.
  Expected 0, got NaN

This bit @voidzero-dev/vite-plus-core@0.0.0-commit.14f13284, whose repacked
content sums to exactly 5038080 = 492 * 10240 bytes, breaking `vp` installs.

Build the raw tar, guarantee the marker (append two zero blocks whenever the
last 1024 bytes are not already zero), then gzip. It is a no-op for normal
archives, so every already-correct tarball's bytes and integrity are unchanged;
only boundary cases are corrected. Rebuilt the publish-preview action bundle,
which packs via the same buildPreviewTarball.
@fengmk2 fengmk2 merged commit f867796 into main Jul 1, 2026
4 checks passed
@fengmk2 fengmk2 deleted the fix/tarball-missing-eof-marker branch July 1, 2026 17:45
fengmk2 added a commit to voidzero-dev/vite-plus that referenced this pull request Jul 1, 2026
Picks up voidzero-dev/pkg-pr-registry-bridge#51, which fixes preview tarballs
missing the tar end-of-archive marker (ERR_PNPM_TARBALL_EXTRACT: "Invalid
checksum for TAR header") when the packed size is an exact multiple of 10240.

Claude-Session: https://claude.ai/code/session_01DQhS6o1fyQd1yjiee6W8jR
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant