You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As the Node.js Language Owner at Heroku, this bug came to my attention when the following issue was filed as developers were trying to take advantage of our recent support for pnpm: heroku/heroku-buildpack-nodejs#1247
After some investigation, what I've noticed is that this bug seems to be triggered by the following conditions:
installing a Node.js module that fetches or configures an architecture-specific binary as part of a postinstall script
the running process is configured with a umask of 0077
Using @sentry/cli, as in the reproduction above, what happens is:
On the first pnpm install,
the store is empty so modules are fetched
the postinstall script for @sentry/cli executes which downloads the architecture-specific binary
the downloaded binary is executable
On a second pnpm install (after the node_modules dir is removed),
the @sentry/cli module is restored from the store
the architecture-specific binary is no longer executable
Expected Behavior
I would expect that if a file is installed with executable permissions as part of a postinstall script, then when it's installed from the pnpm store it should also have executable permissions.
The sideEffects information recorded for the @sentry/cli module from above seems to indicate this as the mode stored has a value of 33216 (octal 100700).
Verify latest release
pnpm version
No response
Which area(s) of pnpm are affected? (leave empty if unsure)
Store
Link to the code that reproduces this issue or a replay of the bug
No response
Reproduction steps
Dockerfile
package.json
docker-entrypoint.sh
docker build -t pnpm-issue -f Dockerfile . docker run --rm -it pnpm-issue
Describe the Bug
As the Node.js Language Owner at Heroku, this bug came to my attention when the following issue was filed as developers were trying to take advantage of our recent support for pnpm:
heroku/heroku-buildpack-nodejs#1247
After some investigation, what I've noticed is that this bug seems to be triggered by the following conditions:
postinstall
script0077
Using
@sentry/cli
, as in the reproduction above, what happens is:pnpm install
,@sentry/cli
executes which downloads the architecture-specific binarypnpm install
(after thenode_modules
dir is removed),@sentry/cli
module is restored from the storeExpected Behavior
I would expect that if a file is installed with executable permissions as part of a
postinstall
script, then when it's installed from the pnpm store it should also have executable permissions.The
sideEffects
information recorded for the@sentry/cli
module from above seems to indicate this as themode
stored has a value of33216
(octal100700
).The current workaround I've been recommending is to disable the side-effects-cache.
Which Node.js version are you using?
20.17.0
Which operating systems have you used?
If your OS is a Linux based, which one it is? (Include the version if relevant)
Ubuntu 20.04, Alpine Linux v3.20
The text was updated successfully, but these errors were encountered: