For custom ebuilds, I need to run `npm` commands. However, this step fails with a sandbox access violation: * ACCESS DENIED: mkdir: /etc/npm This comes from the custom patch "nodejs-10.3.0-global-npm-config.patch", where NPM is modified to always create /etc/npm. That folder is actually created by the ebuild ("dodir /etc/npm"); it shouldn't be required to try to create it each time "npm" runs. I'm attaching a proposed alternate patch, which should fix the issue. Reproducible: Always Steps to Reproduce: (As root) 1. rmdir /etc/npm 2. npm help 3. ls -d /etc/npm Actual Results: The "/etc/npm" folder has been recreated Expected Results: The "/etc/npm" doesn't exist
Created attachment 760857 [details, diff] Updated gentoo-specific NPM global config patch Alternate version of the Gentoo-specific NPM global config patch: don't try to create /etc/npm, which has already been created by the ebuild. This allows ebuilds to call NPM without triggering an access violation.
(In reply to Raphaël Barrois from comment #0) > For custom ebuilds, I need to run `npm` commands. > However, this step fails with a sandbox access violation: > * ACCESS DENIED: mkdir: /etc/npm > > This comes from the custom patch "nodejs-10.3.0-global-npm-config.patch", > where NPM is modified to always create /etc/npm. Here's the patch: --- a/deps/npm/node_modules/@npmcli/config/lib/index.js +++ b/deps/npm/node_modules/@npmcli/config/lib/index.js @@ -275,8 +275,9 @@ // default the globalconfig file to that location, instead of the default // global prefix. It's weird that `npm get globalconfig --prefix=/foo` // returns `/foo/etc/npmrc`, but better to not change it at this point. + // gentoo deviates wrt global config; store in /etc/npm settableGetter(data, 'globalconfig', () => - resolve(this[_get]('prefix'), 'etc/npmrc')) + resolve('/etc', 'npmrc')) } loadHome () { That's not /etc/npm, but /etc/npmrc? > That folder is actually created by the ebuild ("dodir /etc/npm"); it > shouldn't be required to try to create it each time "npm" runs. > > I'm attaching a proposed alternate patch, which should fix the issue. > > Reproducible: Always > > Steps to Reproduce: > (As root) > 1. rmdir /etc/npm > 2. npm help > 3. ls -d /etc/npm > Actual Results: > The "/etc/npm" folder has been recreated > > Expected Results: > The "/etc/npm" doesn't exist I'm not sure how nodejs is the problem here. Your ebuilds seem to be calling mkdir on /etc/npm.
(In reply to John Helmert III from comment #2) > (In reply to Raphaël Barrois from comment #0) > > For custom ebuilds, I need to run `npm` commands. > > However, this step fails with a sandbox access violation: > > * ACCESS DENIED: mkdir: /etc/npm > > > > This comes from the custom patch "nodejs-10.3.0-global-npm-config.patch", > > where NPM is modified to always create /etc/npm. > > Here's the patch: > > --- a/deps/npm/node_modules/@npmcli/config/lib/index.js > +++ b/deps/npm/node_modules/@npmcli/config/lib/index.js > @@ -275,8 +275,9 @@ > // default the globalconfig file to that location, instead of the > default > // global prefix. It's weird that `npm get globalconfig --prefix=/foo` > // returns `/foo/etc/npmrc`, but better to not change it at this point. > + // gentoo deviates wrt global config; store in /etc/npm > settableGetter(data, 'globalconfig', () => > - resolve(this[_get]('prefix'), 'etc/npmrc')) > + resolve('/etc', 'npmrc')) > } > > loadHome () { > > That's not /etc/npm, but /etc/npmrc? > > > That folder is actually created by the ebuild ("dodir /etc/npm"); it > > shouldn't be required to try to create it each time "npm" runs. > > > > I'm attaching a proposed alternate patch, which should fix the issue. > > > > Reproducible: Always > > > > Steps to Reproduce: > > (As root) > > 1. rmdir /etc/npm > > 2. npm help > > 3. ls -d /etc/npm > > Actual Results: > > The "/etc/npm" folder has been recreated > > > > Expected Results: > > The "/etc/npm" doesn't exist > > I'm not sure how nodejs is the problem here. Your ebuilds seem to be calling > mkdir on /etc/npm. You're looking at the patch for nodejs>=15.2.0, used in nodejs-16.x ebuilds — all are masked. The current patch has: + // gentoo deviates wrt global config; store in /etc/npm + var globalconfig = path.resolve('/etc', 'npm') + mkdirp(globalconfig, function () { + defaults.globalconfig = path.resolve(globalconfig, 'npmrc') + defaults.globalignorefile = path.resolve(globalconfig, 'npmignore') + }) Note the "mkdirp(globalconfig, ...)"