poudriere: "Permission denied" in the extract phase?

Marcin Cieslak saper at saper.info
Tue Feb 27 00:41:11 UTC 2018 

On Sun, 25 Feb 2018, Yuri wrote:

> On 02/25/18 05:37, Marcin Cieslak wrote:
> > Yes, this is my private port that I am using to produce FreeBSD binaries
> > for node-sass. Getting binary npm modules into our ports tree is another
> > conversation.
> > 
> > The problem here is that a whole thing worked for me before for months
> > so I am aware of all those limitations for particular build phases
> > (it took me long to figure out that).
> 
> 
> npm is an extremely volatile technology. Some package might work now, and then
> break in a week due to a dependency package update.
> 
> It continuously automatically updates files that are downloaded as
> dependencies.
> 
> NodeJS is largely incompatible with the FreeBSD ports system because of this
> volatility.
> 
> NodeJS is also a very insecure technology. It brings files directly from
> github without any vetting. So if somebody will update some github package
> with malware, it is extremely likely that next day this malware will end up on
> your production servers. There is nobody in between, you have to always trust
> hundreds of parties.

I think I have some idea how we can tame this somewhat without allowing for
a wild fetch.

It seems that I need to learn more about the code that checks the completness
of the distfiles, since "make checksum" insists on redoing things all again:

# rm -rf distinfo 
# make makesum
# cat distinfo
TIMESTAMP = 1519691985
SHA256 (sass-node-sass-v4.7.2_GH0.tar.gz) = 21cdea5c6bf73825eaec06e78a0bcc54ed75c0953e05c72fe4b4316d756b9e35
SIZE (sass-node-sass-v4.7.2_GH0.tar.gz) = 398635
# env TERM=dumb make checksum
===>  License MIT accepted by the user
===>   node-sass-4.7.2 depends on file: /usr/local/sbin/pkg - found
===>   node-sass-4.7.2 depends on package: npm>=0 - found
===> Fetching all distfiles required by node-sass-4.7.2 for building
/bin/mkdir -p /usr/ports/distfiles/node-sass
/bin/mkdir -p /usr/ports/distfiles/npm
cp -f /home/saper/sw/FreeBSD/ports/textproc/node-sass/files/package-lock.json /usr/ports/distfiles/node-sass
cp -f /home/saper/sw/FreeBSD/ports/textproc/node-sass/files/package.json /usr/ports/distfiles/node-sass
(cd /usr/ports/distfiles/node-sass && /usr/bin/env NPM_CONFIG_CACHE=/usr/ports/distfiles/npm npm install --ignore-scripts)
npm WARN lifecycle node-sass at 4.7.2~install: cannot run in wd %s %s (wd=%s) node-sass at 4.7.2 node scripts/install.js /usr/ports/distfiles/node-sass
npm WARN lifecycle node-sass at 4.7.2~postinstall: cannot run in wd %s %s (wd=%s) node-sass at 4.7.2 node scripts/build.js /usr/ports/distfiles/node-sass
npm WARN prepublish-on-install As of npm at 5, `prepublish` scripts are deprecated.
npm WARN prepublish-on-install Use `prepare` for build steps and `prepublishOnly` for upload-only.
npm WARN prepublish-on-install See the deprecation note in `npm help scripts` for more information.
npm WARN lifecycle node-sass at 4.7.2~prepublish: cannot run in wd %s %s (wd=%s) node-sass at 4.7.2 not-in-install && node scripts/prepublish.js || in-install /usr/ports/distfiles/node-sass
up to date in 1.952s
=> SHA256 Checksum OK for sass-node-sass-v4.7.2_GH0.tar.gz.
# env TERM=dumb make checksum
===>  License MIT accepted by the user
===>   node-sass-4.7.2 depends on file: /usr/local/sbin/pkg - found
===>   node-sass-4.7.2 depends on package: npm>=0 - found
===> Fetching all distfiles required by node-sass-4.7.2 for building
/bin/mkdir -p /usr/ports/distfiles/node-sass
/bin/mkdir -p /usr/ports/distfiles/npm
cp -f /home/saper/sw/FreeBSD/ports/textproc/node-sass/files/package-lock.json /usr/ports/distfiles/node-sass
cp -f /home/saper/sw/FreeBSD/ports/textproc/node-sass/files/package.json /usr/ports/distfiles/node-sass
(cd /usr/ports/distfiles/node-sass && /usr/bin/env NPM_CONFIG_CACHE=/usr/ports/distfiles/npm npm install --ignore-scripts)
npm WARN lifecycle node-sass at 4.7.2~install: cannot run in wd %s %s (wd=%s) node-sass at 4.7.2 node scripts/install.js /usr/ports/distfiles/node-sass
npm WARN lifecycle node-sass at 4.7.2~postinstall: cannot run in wd %s %s (wd=%s) node-sass at 4.7.2 node scripts/build.js /usr/ports/distfiles/node-sass
npm WARN prepublish-on-install As of npm at 5, `prepublish` scripts are deprecated.
npm WARN prepublish-on-install Use `prepare` for build steps and `prepublishOnly` for upload-only.
npm WARN prepublish-on-install See the deprecation note in `npm help scripts` for more information.
npm WARN lifecycle node-sass at 4.7.2~prepublish: cannot run in wd %s %s (wd=%s) node-sass at 4.7.2 not-in-install && node scripts/prepublish.js || in-install /usr/ports/distfiles/node-sass
up to date in 1.921s
=> SHA256 Checksum OK for sass-node-sass-v4.7.2_GH0.tar.gz.

So this is not poudriere's fault.

Marcin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3663 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20180227/6e5cbfcf/attachment.bin>

More information about the freebsd-ports mailing list