[BUG] Installing some packages in rootless containers causes TAR_ENTRY_ERROR since v9

[vchernin]

Is there an existing issue for this?

• I have searched the existing issues

This issue exists in the latest npm version

• I am using the latest npm

Current Behavior

The installation of some packages in either podman or docker rootless containers results in:

npm WARN tar TAR_ENTRY_ERROR EINVAL: invalid argument, fchown

In either podman or docker there is no warning when in rootful containers.

Note as far as I can tell with this warning npm has no behaviour changes, everything still seems to work, but I have no real assurances of this being an ignorable warning.

Expected Behavior

No extra warnings when installing packages with rootless containers.

Steps To Reproduce

docker run -it --rm --entrypoint sh docker.io/node:19.3.0-alpine -c \
'mkdir project && cd project && npm install -g npm@9.2.0 && npm install express@4.18.2'

This is only reproducible if you have a functional rootless container setup (default with podman, needs special installation with docker, see below documentation). Also this probably won't reproduce if you've added your user to the docker group (as your user can now create rootful containers).

The bug can be reproduced by swapping docker with podman.

To show the bug not occuring try prepend sudo to run a rootful container.

The first bad tag is 9.0.0-pre.6, and the same behaviour is seen in 9.2.0. This is likely a regression of the recent changes for npm/rfcs#546, which seems intended at least in part to help fix issues in docker.

Curiously if installing e.g. @babel/core@7.20.7 instead of express@4.18.2 this bug doesn't occur, so the package contents affect this somehow.

This doesn't occur when installing packages in a non-container setup like by installing node through nvm on ubuntu.

Some documentation about rootless containers:
https://docs.docker.com/engine/security/rootless/
https://github.com/containers/podman/blob/main/rootless.md

Environment

• npm: 9.2.0
• Node.js: 19.3.0
• OS Name: Docker/Podman
• npm config:

; node bin location = /usr/local/bin/node
; node version = v19.3.0
; npm local prefix = /project
; npm version = 9.2.0
; cwd = /project
; HOME = /root
; Run `npm config ls -l` to show all defaults.

[RobStaveley]

I reproduce this with userns-remap. I have userns-remap set up for myusername (i.e. $USER) in /etc/docker/daemon.json:

{
  "userns-remap": "myusername"
}

I have /etc/subuid and /etc/subgid both with:

myusername:1000:1
myusername:100000:65536

My UID and GID is 1000.

[nlf]

npm/pacote#261 should close this. the change in that pull request skips the fchown related code in tar

[rbalet]

@nlf Any news on that issue ? your linked issue didn't fix the problem for me.

Environment
npm: 9.6.2
Node.js: 18.15.0

[carlosrodfern]

The fix has not been back-ported to 9: npm/pacote@8f4e39c
It is only in v15.x
Is this just a warning message without actual consequences in the build?