fix(install): detect busybox tar so zstd tarballs are not mis-extracted

[JamBalaya56562]

Problem

On Alpine 3.22, curl https://mise.run | sh fails to install with:

tar: invalid tar magic

Reported in #10074.

Root cause

The install script (packaging/standalone/install.envsubst) decides whether to download the .tar.zst or .tar.gz build via tar_supports_zstd(), which checks the tar version:

elif tar --version | grep -q ''1\.\(3[1-9]\|[4-9][0-9]\)''; then
  true

Alpine''s busybox tar reports version 1.37.0, which matches this GNU-tar >= 1.31 regex. So the script concludes busybox tar can transparently decompress zstd, downloads the .tar.zst tarball, and then runs plain tar -xf on it — but busybox tar cannot decompress zstd, hence invalid tar magic.

Fix

Detect busybox before the GNU version check and treat it as not supporting zstd:

elif tar --version 2>&1 | grep -qi ''busybox''; then
  false

With that, tar_supports_zstd() returns false on busybox, so:

• the default path downloads the .tar.gz build, which busybox extracts fine; and
• if .tar.zst is forced (e.g. MISE_INSTALL_EXT=tar.zst), extraction falls back to the existing zstd-pipe path zstd -d -c "$cache_file" | tar -xf - (the script already requires the zstd binary), which feeds busybox a plain tar on stdin.

GNU tar and bsdtar never print busybox in --version, so no other platform is affected. 2>&1 + -i make the check robust to busybox printing its BusyBox v1.37.0 banner on stderr / with mixed case.

Testing

• shellcheck packaging/standalone/install.envsubst ✅ (this is what scripts/test-standalone.sh runs against the rendered script)

Addresses #10074

🤖 Generated with Claude Code

Summary by CodeRabbit

• Bug Fixes
  • Improved installation reliability on systems with limited tar implementations by using fallback decompression methods.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 5528cccf-7583-43a5-9c69-4edd38dbc909

📥 Commits

Reviewing files that changed from the base of the PR and between 28c095d and 736e0ee.

📒 Files selected for processing (1)

• packaging/standalone/install.envsubst

---

📝 Walkthrough

Walkthrough

This PR adds BusyBox tar detection to the installer script. When BusyBox tar is detected via version output inspection, tar_supports_zstd returns false, preventing incompatible direct zstd extraction and triggering fallback decompression logic.

Changes

BusyBox tar compatibility

Layer / File(s)	Summary
BusyBox tar detection in tar_supports_zstd packaging/standalone/install.envsubst	Added version check that detects BusyBox tar by inspecting tar --version output. When BusyBox is found, the function returns false to force fallback to zstd decompression pipeline or .tar.gz download instead of direct extraction.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰 A bunny hops through tar archives so fine,
But BusyBox stumbles on zstd's design,
Now detection runs true with a version-check call,
Fallback decompression handles them all! 📦

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly and accurately describes the main change: detecting BusyBox tar to prevent mis-extraction of zstd tarballs, which is the core fix in this changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[greptile-apps]

Greptile Summary

Fixes a false-positive in tar_supports_zstd() where BusyBox tar's version string (BusyBox v1.37.0) was matching the GNU tar >= 1.31 regex, causing the install script to download a .tar.zst archive that BusyBox cannot decompress natively.

• Inserts an elif tar --version 2>&1 | grep -qi 'busybox'; then false branch before the GNU version check; the 2>&1 redirect handles BusyBox printing its banner to stderr, and -i handles any capitalisation variation.
• The placement is correct: BusyBox never prints bsdtar so the preceding check is unaffected, and the busybox branch short-circuits before the version-number regex that was previously matching 1.37.0.
• When busybox is detected, the existing fallback paths (.tar.gz download by default, or the zstd -d -c … | tar -xf - pipe for forced .tar.zst) handle extraction without any new code.

Confidence Score: 5/5

The change is a single, targeted insertion with no side effects on non-busybox platforms — safe to merge.

The new elif branch is narrowly scoped: grep -qi 'busybox' will never match GNU tar or bsdtar output, so existing paths are untouched. The 2>&1 redirect and case-insensitive flag address the documented edge case precisely. The script's set -eu has no adverse effect here because the command appears as an elif condition. No new dependencies are introduced.

No files require special attention.

Important Files Changed

Filename	Overview
packaging/standalone/install.envsubst	Adds a busybox tar detection branch in tar_supports_zstd() before the GNU version check, correctly returning false so zstd tarballs are not directly fed to busybox tar

_{Reviews (1): Last reviewed commit: "fix(install): detect busybox tar so zstd..." | Re-trigger Greptile}