From 3038f2fd5b1d7dd886ee72798241d8943690f508 Mon Sep 17 00:00:00 2001 From: isaacs Date: Wed, 14 Aug 2019 16:03:10 -0700 Subject: [PATCH] gentle-fs@2.2.1 Prevent root-owned files in user-owned locations, and vice versa. --- lib/config.js | 2 +- lib/config/core.js | 2 +- lib/config/set-user.js | 2 +- lib/install.js | 2 +- lib/install/action/extract.js | 2 +- lib/install/action/finalize.js | 2 +- lib/install/action/move.js | 2 +- lib/install/action/remove.js | 2 +- lib/search/all-package-metadata.js | 2 +- lib/utils/cache-file.js | 1 + lib/utils/correct-mkdir.js | 1 + node_modules/gentle-fs/CHANGELOG.md | 35 +++++++++++++++++++++++++++++ node_modules/gentle-fs/index.js | 4 +++- node_modules/gentle-fs/lib/chown.js | 24 ++++++++++++++++++++ node_modules/gentle-fs/lib/link.js | 30 ++++++++++++++++--------- node_modules/gentle-fs/lib/mkdir.js | 22 ++++++++++++++++++ node_modules/gentle-fs/package.json | 32 +++++++++++++------------- package-lock.json | 8 ++++--- package.json | 2 +- 19 files changed, 136 insertions(+), 41 deletions(-) create mode 100644 node_modules/gentle-fs/lib/chown.js create mode 100644 node_modules/gentle-fs/lib/mkdir.js diff --git a/lib/config.js b/lib/config.js index 0d4161d3b53e8..5f9819879be23 100644 --- a/lib/config.js +++ b/lib/config.js @@ -11,7 +11,7 @@ var ini = require('ini') var editor = require('editor') var os = require('os') var path = require('path') -var mkdirp = require('mkdirp') +var mkdirp = require('gentle-fs').mkdir var umask = require('./utils/umask') var usage = require('./utils/usage') var output = require('./utils/output') diff --git a/lib/config/core.js b/lib/config/core.js index 36605555ff77a..18658842175f0 100644 --- a/lib/config/core.js +++ b/lib/config/core.js @@ -8,7 +8,7 @@ var path = require('path') var nopt = require('nopt') var ini = require('ini') var Umask = configDefs.Umask -var mkdirp = require('mkdirp') +var mkdirp = require('gentle-fs').mkdir var umask = require('../utils/umask') var isWindows = require('../utils/is-windows.js') diff --git a/lib/config/set-user.js b/lib/config/set-user.js index 14cc21d2ebd99..570a1f54e2757 100644 --- a/lib/config/set-user.js +++ b/lib/config/set-user.js @@ -3,7 +3,7 @@ module.exports = setUser var assert = require('assert') var path = require('path') var fs = require('fs') -var mkdirp = require('mkdirp') +var mkdirp = require('gentle-fs').mkdir function setUser (cb) { var defaultConf = this.root diff --git a/lib/install.js b/lib/install.js index d2f705e1d1abd..8cc6d16bdd169 100644 --- a/lib/install.js +++ b/lib/install.js @@ -104,7 +104,7 @@ var readPackageJson = require('read-package-json') var chain = require('slide').chain var asyncMap = require('slide').asyncMap var archy = require('archy') -var mkdirp = require('mkdirp') +var mkdirp = require('gentle-fs').mkdir var rimraf = require('rimraf') var iferr = require('iferr') var validate = require('aproba') diff --git a/lib/install/action/extract.js b/lib/install/action/extract.js index 32a4f4e004ad7..585580edd29b7 100644 --- a/lib/install/action/extract.js +++ b/lib/install/action/extract.js @@ -5,7 +5,7 @@ const BB = require('bluebird') const figgyPudding = require('figgy-pudding') const stat = BB.promisify(require('graceful-fs').stat) const gentlyRm = BB.promisify(require('../../utils/gently-rm.js')) -const mkdirp = BB.promisify(require('mkdirp')) +const mkdirp = BB.promisify(require('gentle-fs').mkdir) const moduleName = require('../../utils/module-name.js') const moduleStagingPath = require('../module-staging-path.js') const move = require('../../utils/move.js') diff --git a/lib/install/action/finalize.js b/lib/install/action/finalize.js index e46f1b9d83396..1e53c189d210e 100644 --- a/lib/install/action/finalize.js +++ b/lib/install/action/finalize.js @@ -3,7 +3,7 @@ const path = require('path') const fs = require('graceful-fs') const Bluebird = require('bluebird') const rimraf = Bluebird.promisify(require('rimraf')) -const mkdirp = Bluebird.promisify(require('mkdirp')) +const mkdirp = Bluebird.promisify(require('gentle-fs').mkdir) const lstat = Bluebird.promisify(fs.lstat) const readdir = Bluebird.promisify(fs.readdir) const symlink = Bluebird.promisify(fs.symlink) diff --git a/lib/install/action/move.js b/lib/install/action/move.js index 00d58a1592317..8a956f59d6d90 100644 --- a/lib/install/action/move.js +++ b/lib/install/action/move.js @@ -4,7 +4,7 @@ var path = require('path') var chain = require('slide').chain var iferr = require('iferr') var rimraf = require('rimraf') -var mkdirp = require('mkdirp') +var mkdirp = require('gentle-fs').mkdir var rmStuff = require('../../unbuild.js').rmStuff var lifecycle = require('../../utils/lifecycle.js') var move = require('../../utils/move.js') diff --git a/lib/install/action/remove.js b/lib/install/action/remove.js index a852d10c5fd84..f7182d596bed0 100644 --- a/lib/install/action/remove.js +++ b/lib/install/action/remove.js @@ -3,7 +3,7 @@ var path = require('path') var fs = require('graceful-fs') var rimraf = require('rimraf') var asyncMap = require('slide').asyncMap -var mkdirp = require('mkdirp') +var mkdirp = require('gentle-fs').mkdir var npm = require('../../npm.js') var andIgnoreErrors = require('../and-ignore-errors.js') var move = require('../../utils/move.js') diff --git a/lib/search/all-package-metadata.js b/lib/search/all-package-metadata.js index a006dadaddf3b..388b4f61f0496 100644 --- a/lib/search/all-package-metadata.js +++ b/lib/search/all-package-metadata.js @@ -9,7 +9,7 @@ const figgyPudding = require('figgy-pudding') const fs = require('graceful-fs') const JSONStream = require('JSONStream') const log = require('npmlog') -const mkdir = BB.promisify(require('mkdirp')) +const mkdir = BB.promisify(require('gentle-fs').mkdir) const ms = require('mississippi') const npmFetch = require('libnpm/fetch') const path = require('path') diff --git a/lib/utils/cache-file.js b/lib/utils/cache-file.js index 77df7d4e09361..7b3136b2e2db9 100644 --- a/lib/utils/cache-file.js +++ b/lib/utils/cache-file.js @@ -1,3 +1,4 @@ +// XXX use infer-owner or gentle-fs.mkdir here const npm = require('../npm.js') const path = require('path') const chownr = require('chownr') diff --git a/lib/utils/correct-mkdir.js b/lib/utils/correct-mkdir.js index 2558de66f5b6f..57368e946e37f 100644 --- a/lib/utils/correct-mkdir.js +++ b/lib/utils/correct-mkdir.js @@ -1,3 +1,4 @@ +// XXX this can probably be replaced with gentle-fs.mkdir everywhere it's used const chownr = require('chownr') const inflight = require('inflight') const log = require('npmlog') diff --git a/node_modules/gentle-fs/CHANGELOG.md b/node_modules/gentle-fs/CHANGELOG.md index e9bb23d98b891..38fc91cba587d 100644 --- a/node_modules/gentle-fs/CHANGELOG.md +++ b/node_modules/gentle-fs/CHANGELOG.md @@ -2,6 +2,41 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. + +## [2.2.1](https://github.com/npm/gentle-fs/compare/v2.2.0...v2.2.1) (2019-08-15) + + +### Bug Fixes + +* **link:** properly detect that we should chown the link ([1c69beb](https://github.com/npm/gentle-fs/commit/1c69beb)) + + + + +# [2.2.0](https://github.com/npm/gentle-fs/compare/v2.1.0...v2.2.0) (2019-08-14) + + +### Bug Fixes + +* don't chown if we didn't make any dirs ([c4df8a8](https://github.com/npm/gentle-fs/commit/c4df8a8)) + + +### Features + +* export mkdir method ([4891c09](https://github.com/npm/gentle-fs/commit/4891c09)) + + + + +# [2.1.0](https://github.com/npm/gentle-fs/compare/v2.0.1...v2.1.0) (2019-08-14) + + +### Features + +* infer ownership of created dirs and links ([0dd2879](https://github.com/npm/gentle-fs/commit/0dd2879)) + + + ## [2.0.1](https://github.com/npm/gentle-fs/compare/v2.0.0...v2.0.1) (2017-11-28) diff --git a/node_modules/gentle-fs/index.js b/node_modules/gentle-fs/index.js index 2828fdb2bd318..9807ed9d8580b 100644 --- a/node_modules/gentle-fs/index.js +++ b/node_modules/gentle-fs/index.js @@ -2,9 +2,11 @@ const rm = require('./lib/rm.js') const link = require('./lib/link.js') +const mkdir = require('./lib/mkdir.js') exports = module.exports = { rm: rm, link: link.link, - linkIfExists: link.linkIfExists + linkIfExists: link.linkIfExists, + mkdir: mkdir } diff --git a/node_modules/gentle-fs/lib/chown.js b/node_modules/gentle-fs/lib/chown.js new file mode 100644 index 0000000000000..5921e56345769 --- /dev/null +++ b/node_modules/gentle-fs/lib/chown.js @@ -0,0 +1,24 @@ +'use strict' + +// A module for chowning things we just created, to preserve +// ownership of new links and directories. + +const chownr = require('chownr') + +const selfOwner = { + uid: process.getuid && process.getuid(), + gid: process.getgid && process.getgid() +} + +module.exports = (path, uid, gid, cb) => { + if (selfOwner.uid !== 0 || + uid === undefined || gid === undefined || + (selfOwner.uid === uid && selfOwner.gid === gid)) { + // don't need to, or can't chown anyway, so just leave it. + // this also handles platforms where process.getuid is undefined + return cb() + } + chownr(path, uid, gid, cb) +} + +module.exports.selfOwner = selfOwner diff --git a/node_modules/gentle-fs/lib/link.js b/node_modules/gentle-fs/lib/link.js index 246d801479a11..4623e7e82cf88 100644 --- a/node_modules/gentle-fs/lib/link.js +++ b/node_modules/gentle-fs/lib/link.js @@ -3,8 +3,10 @@ const path = require('path') const fs = require('graceful-fs') const chain = require('slide').chain -const mkdir = require('mkdirp') +const mkdir = require('./mkdir.js') const rm = require('./rm.js') +const inferOwner = require('infer-owner') +const chown = require('./chown.js') exports = module.exports = { link: link, @@ -53,14 +55,20 @@ function link (from, to, opts, cb) { var relativeTarget = path.relative(opts.base, absTarget) var target = opts.absolute ? absTarget : relativeTarget - chain( - [ - [ensureFromIsNotSource, absTarget, to], - [fs, 'stat', absTarget], - [rm, to, opts], - [mkdir, path.dirname(to)], - [fs, 'symlink', target, to, 'junction'] - ], - cb - ) + const tasks = [ + [ensureFromIsNotSource, absTarget, to], + [fs, 'stat', absTarget], + [rm, to, opts], + [mkdir, path.dirname(to)], + [fs, 'symlink', target, to, 'junction'] + ] + + if (chown.selfOwner.uid !== 0) { + chain(tasks, cb) + } else { + inferOwner(to).then(owner => { + tasks.push([chown, to, owner.uid, owner.gid]) + chain(tasks, cb) + }) + } } diff --git a/node_modules/gentle-fs/lib/mkdir.js b/node_modules/gentle-fs/lib/mkdir.js new file mode 100644 index 0000000000000..5b419959716bd --- /dev/null +++ b/node_modules/gentle-fs/lib/mkdir.js @@ -0,0 +1,22 @@ +'use strict' + +const mkdirp = require('mkdirp') +const inferOwner = require('infer-owner') +const chown = require('./chown.js') + +module.exports = (path, cb) => { + // don't bother chowning if we can't anyway + if (process.platform === 'win32' || chown.selfOwner.uid !== 0) { + return mkdirp(path, cb) + } + + inferOwner(path).then(owner => { + mkdirp(path, (er, made) => { + if (er || !made) { + cb(er, made) + } else { + chown(made || path, owner.uid, owner.gid, cb) + } + }) + }, cb) +} diff --git a/node_modules/gentle-fs/package.json b/node_modules/gentle-fs/package.json index 55bc6bd40eca1..bf4867c08d328 100644 --- a/node_modules/gentle-fs/package.json +++ b/node_modules/gentle-fs/package.json @@ -1,49 +1,49 @@ { - "_args": [ - [ - "gentle-fs@2.0.1", - "/Users/rebecca/code/npm" - ] - ], - "_from": "gentle-fs@2.0.1", - "_id": "gentle-fs@2.0.1", + "_from": "gentle-fs@2.2.1", + "_id": "gentle-fs@2.2.1", "_inBundle": false, - "_integrity": "sha512-cEng5+3fuARewXktTEGbwsktcldA+YsnUEaXZwcK/3pjSE1X9ObnTs+/8rYf8s+RnIcQm2D5x3rwpN7Zom8Bew==", + "_integrity": "sha512-e7dRgUM5fsS+7wm2oggZpgcRx6sEvJHXujPH5RzgQ1ziQY4+HuVBYsnUzJwJ+C7mjOJN27DjiFy1TaL+TNltow==", "_location": "/gentle-fs", "_phantomChildren": {}, "_requested": { "type": "version", "registry": true, - "raw": "gentle-fs@2.0.1", + "raw": "gentle-fs@2.2.1", "name": "gentle-fs", "escapedName": "gentle-fs", - "rawSpec": "2.0.1", + "rawSpec": "2.2.1", "saveSpec": null, - "fetchSpec": "2.0.1" + "fetchSpec": "2.2.1" }, "_requiredBy": [ + "#USER", "/", "/bin-links" ], - "_resolved": "https://registry.npmjs.org/gentle-fs/-/gentle-fs-2.0.1.tgz", - "_spec": "2.0.1", - "_where": "/Users/rebecca/code/npm", + "_resolved": "https://registry.npmjs.org/gentle-fs/-/gentle-fs-2.2.1.tgz", + "_shasum": "1f38df4b4ead685566257201fd526de401ebb215", + "_spec": "gentle-fs@2.2.1", + "_where": "/Users/isaacs/dev/npm/cli", "author": { "name": "Mike Sherov" }, "bugs": { "url": "https://github.com/npm/gentle-fs/issues" }, + "bundleDependencies": false, "dependencies": { "aproba": "^1.1.2", + "chownr": "^1.1.2", "fs-vacuum": "^1.2.10", "graceful-fs": "^4.1.11", "iferr": "^0.1.5", + "infer-owner": "^1.0.4", "mkdirp": "^0.5.1", "path-is-inside": "^1.0.2", "read-cmd-shim": "^1.0.1", "slide": "^1.1.6" }, + "deprecated": false, "description": "Gentle Filesystem operations", "devDependencies": { "dezalgo": "^1.0.3", @@ -81,5 +81,5 @@ "update-coc": "weallbehave -o . && git add CODE_OF_CONDUCT.md && git commit -m 'docs(coc): updated CODE_OF_CONDUCT.md'", "update-contrib": "weallcontribute -o . && git add CONTRIBUTING.md && git commit -m 'docs(contributing): updated CONTRIBUTING.md'" }, - "version": "2.0.1" + "version": "2.2.1" } diff --git a/package-lock.json b/package-lock.json index a71b1709807b6..1ee37b3cd7d02 100644 --- a/package-lock.json +++ b/package-lock.json @@ -2239,14 +2239,16 @@ "integrity": "sha512-KGDOARWVga7+rnB3z9Sd2Letx515owfk0hSxHGuqjANb1M+x2bGZGqHLiozPsYMdM2OubeMni/Hpwmjq6qIUhA==" }, "gentle-fs": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/gentle-fs/-/gentle-fs-2.0.1.tgz", - "integrity": "sha512-cEng5+3fuARewXktTEGbwsktcldA+YsnUEaXZwcK/3pjSE1X9ObnTs+/8rYf8s+RnIcQm2D5x3rwpN7Zom8Bew==", + "version": "2.2.1", + "resolved": "https://registry.npmjs.org/gentle-fs/-/gentle-fs-2.2.1.tgz", + "integrity": "sha512-e7dRgUM5fsS+7wm2oggZpgcRx6sEvJHXujPH5RzgQ1ziQY4+HuVBYsnUzJwJ+C7mjOJN27DjiFy1TaL+TNltow==", "requires": { "aproba": "^1.1.2", + "chownr": "^1.1.2", "fs-vacuum": "^1.2.10", "graceful-fs": "^4.1.11", "iferr": "^0.1.5", + "infer-owner": "^1.0.4", "mkdirp": "^0.5.1", "path-is-inside": "^1.0.2", "read-cmd-shim": "^1.0.1", diff --git a/package.json b/package.json index 252bc684ac7fc..a5f057a11bf97 100644 --- a/package.json +++ b/package.json @@ -59,7 +59,7 @@ "find-npm-prefix": "^1.0.2", "fs-vacuum": "~1.2.10", "fs-write-stream-atomic": "~1.0.10", - "gentle-fs": "^2.0.1", + "gentle-fs": "^2.2.1", "glob": "^7.1.4", "graceful-fs": "^4.2.0", "has-unicode": "~2.0.1",