Issue with nodejs plugin when using base keyword

NickZ · April 25, 2019, 10:30pm

I am having issues with running snapcraft with the nodejs plugin with the base keyword. When running in a VM, npm seems to have permissions issues when running node-gyp and other shell commands. I’ve tested out these commands in the VM shell by running --debug, and they work fine for me, so I am not sure why this isn’t working. Does anyone have any advice here?

> websocket@1.0.28 install /root/parts/projs-node/build/node_modules/websocket
> (node-gyp rebuild 2> builderror.log) || (exit 0)

sh: 1: cannot create builderror.log: Permission denied
sh: 1: node-gyp: Permission denied

> nodegit@0.23.1 install /root/parts/projs-node/build/node_modules/nodegit
> node lifecycleScripts/preinstall && node lifecycleScripts/install

sh: 1: node: Permission denied
npm WARN nodemon-webpack-plugin@3.0.2 requires a peer of webpack@^2 || ^3 but none is installed. You must install peer dependencies yourself.
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@1.2.8 (node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.8: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})

npm ERR! file sh
npm ERR! code ELIFECYCLE
npm ERR! errno ENOENT
npm ERR! syscall spawn
npm ERR! nodegit@0.23.1 install: `node lifecycleScripts/preinstall && node lifecycleScripts/install`
npm ERR! spawn ENOENT
npm ERR! 
npm ERR! Failed at the nodegit@0.23.1 install script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.

npm ERR! A complete log of this run can be found in:
npm ERR!     /root/.npm/_logs/2019-04-25T04_47_03_084Z-debug.log
Failed to run '/root/parts/projs-node/npm/bin/npm install --prod' for 'projs-node': Exited with code 1.
Verify that the part is using the correct parameters and try again.
Run the same command again with --debug to shell into the environment if you wish to introspect this failure.
An error occurred when trying to execute 'sudo -i env SNAPCRAFT_HAS_TTY=True snapcraft snap' with 'multipass': returned exit code 2.

sergiusens · April 26, 2019, 2:27am

Can we see more output please?

NickZ · April 29, 2019, 8:34pm

Snapcraft log: https://pastebin.com/3RjtGXa0
npm log: https://pastebin.com/gnpzFYa7

NickZ · May 2, 2019, 1:21am

@sergiusens do you have any idea what’s going on here?

lucyllewy · May 2, 2019, 8:10am

Your issue lies with nodegit:

> node lifecycleScripts/preinstall && node lifecycleScripts/install
 
sh: 1: node: Permission denied

and:

16981 verbose lifecycle nodegit@0.23.1~install: CWD: /root/parts/roshubd/build/node_modules/nodegit
16982 silly lifecycle nodegit@0.23.1~install: Args: [ '-c',
16982 silly lifecycle   'node lifecycleScripts/preinstall && node lifecycleScripts/install' ]
16983 info lifecycle nodegit@0.23.1~install: Failed to exec install script

Specifically it is trying to execute node which is failing with a permission denied error.

ppd · September 17, 2019, 9:58am

It needs npm config set unsafe-perm true in override-pull(probably).
See https://geedew.com/What-does-unsafe-perm-in-npm-actually-do/

mkg20001 · September 17, 2019, 2:03pm

It might also be because node is a wrapper script and has the wrong permissions set?

ppd · September 17, 2019, 2:10pm

It is mainly because npm drops the root uid/gid for the scripts to prevent them from messing up your system. That makes sense in general, just not in a multipass container where the whole build etc. is run as root.

mkg20001 · September 17, 2019, 2:12pm

Adding this to override-pull does not work, since npm isn’t available at that point yet
Adding export npm_config_unsafe_perm=true did not help either

ppd · September 17, 2019, 2:18pm

I’d say try adding it to .npmrc. See https://docs.npmjs.com/misc/config
I haven’t successfully used the nodejs plugin so far, but I can confirm that unsafe-perm works in practice (https://github.com/ppd1990/gopass-ui-snap/blob/master/snap/snapcraft.yaml).

ppd · September 17, 2019, 2:25pm

Ah. If I remember correctly, the default package manager is yarn. So maybe the config is to be set differently there.

mkg20001 · September 17, 2019, 2:26pm

That is true, but the docs say npm afaik. Could that be updated as well?

ppd · September 17, 2019, 2:51pm

https://snapcraft.io/docs/nodejs-plugin says npm. https://github.com/snapcore/snapcraft/blob/master/snapcraft/plugins/nodejs.py says yarn. So yes, that is misleading.

Edit: Fixed doc

NickZ · September 20, 2019, 12:42am

Hey, it just so happened I was doing something else with nodejs snapcraft just now and I was having the same issue, and this fixed it. Thanks!

om26er · February 14, 2021, 2:08pm

Bump, this issue still exists. I am working around this by not using npm plugin and manually shipping node in my snap somehow.

James-Carroll · February 14, 2021, 2:33pm

Try:

build-environment:
  npm_config_unsafe_perm: true
  SUDO_UID: 0
  SUDO_GID: 0
  SUDO_USER: root

The topic above alread touches on npm_config_unsafe_perm, which is entirely necessarily, but there’s is a similar problem with node where build scripts call out to external binaries such as git, they fork a new process and attempt to drop permissions to a lower priviledged user causing errors. The SUDO_ variables work around this issue.

om26er · November 17, 2021, 7:53pm

So this needs a real fix somehow. ping to the maintainers

om26er · January 19, 2022, 7:16pm

I have a fix for this issue and have proposed PRs. One has landed https://github.com/snapcore/snapcraft/pull/3624 and the other is waiting for review https://github.com/snapcore/snapcraft/pull/3625

lonroth · March 20, 2022, 10:05am

This still bites me I think and so far the SUDO_* etc. isn’t working either.