Skip to content
This repository has been archived by the owner on Jul 3, 2019. It is now read-only.

pacote should pass on opts.uid/opts.gid when invoking cacache.put #174

Open
godmar opened this issue May 26, 2019 · 0 comments
Open

pacote should pass on opts.uid/opts.gid when invoking cacache.put #174

godmar opened this issue May 26, 2019 · 0 comments

Comments

@godmar
Copy link

godmar commented May 26, 2019
edited
Loading

One of my pet peeves with npm for as far as I remember has been that when following the provided installation instructions for Linux systems (specifically installing the NodeSource provided packages in /usr) you invariably end up with a corrupted npm cache as soon as you follow the instructions to update npm that are printed as part of its update check. In fact, anytime you run npm with sudo npm install -g ... your cache is toast, meaning that it contains files owned by root.root that make it impossible to use npm in the intended way by the user who issued the npm install -g command.

I did some sleuthing and added a couple of debugging statements and my impression is that npm doesn't intend to behave that way. It appears that there is logic in place to ensure that files written while running under sudo are chown'd back to the user who invoked the sudo command as recognized by $SUDO_UID.

However, the call to cacache.put here ignores any opts.uid and opts.gid passed to it, resulting in cacache not fixing up the owner for any directories it creates. After applying the following patch:

--- /tmp/finalize-manifest.js	2019-05-26 18:47:04.093580989 +0000
+++ /usr/lib/node_modules/npm/node_modules/pacote/lib/finalize-manifest.js	2019-05-26 18:56:53.466398787 +0000
@@ -57,6 +57,8 @@
         } else {
           return cacache.put(
             opts.cache, cacheKey, '.', {
+              uid: opts.uid,
+              gid: opts.gid,
               metadata: {
                 id: manifest._id,
                 manifest,

the issue disappears, more specifically, there are no more root.root owned files in ${HOME}/.npm/_cacache after running sudo npm install -g. (Caveat: only tested with sudo npm install -g create-react-app; no claims that this fixes all known issues related to sudo and npm.)

This is with npm:

{ npm: '6.9.0',
  ares: '1.15.0',
  brotli: '1.0.7',
  cldr: '34.0',
  http_parser: '2.8.0',
  icu: '63.1',
  llhttp: '1.1.1',
  modules: '67',
  napi: '4',
  nghttp2: '1.37.0',
  node: '11.15.0',
  openssl: '1.1.1b',
  tz: '2018e',
  unicode: '11.0',
  uv: '1.27.0',
  v8: '7.0.276.38-node.19',
  zlib: '1.2.11' }

on node 11.15.0. My apologies if this is already addressed.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@godmar