fix(core): replace binjumper with cmd script without prompt

[merceyz]

What's the problem this PR addresses?

Some users are running in protected systems where running unknown binaries is not allowed.

Fixes #1938

How did you fix it?

Revert #1808 and use cmd again but with a workaround to get rid of the Terminate batch job prompt as described in microsoft/terminal#217 (comment) by @rivy

Checklist

• I have read the Contributing Guide.
• I have set the packages that need to be released for my changes to be effective.
• I will check that all automated PR checks pass before the PR gets reviewed.

[merceyz]

@markerikson Could you check if this works for you? It includes the changes from #1934

yarn set version from sources --branch 1939

[arcanis]

That will work from scripts, but not if it calls a JS script that calls spawn itself, right? Since it won't get called by powershell.

[merceyz]

Correct, it only gets rid of the prompt when the bin is spawned by us. Going to add a config to enable the native bins instead of using powershell if @markerikson confirms this works.

[arcanis]

Correct, it only gets rid of the prompt when the bin is spawned by us

I'd tend to prefer the setting to fallback on the classic legacy behavior (cmd scripts), not on powershell. If one magic isn't enough, I'm reticent about including a second one (ie locating the powershell binary etc) that has its own drawbacks.

[markerikson]

I can confirm that this attempts to execute things via Powershell. Unfortunately, the Bit9 security software still flags this as a "suspicious pattern".

It's likely this will work fine for everyone else, and I can try to report this to our internal IT center to see if they can tweak the settings to allow it, but unfortunately it doesn't work for me personally atm.

[merceyz]

That's what I was afraid of, I've reverted the powershell change and disabled the native binjumper so it should be as it was before now. Mind trying again?

[markerikson]

Hey, that actually looks like it worked!

Haven't run any of the app yet, but:

➤ YN0000: ┌ Link step
➤ YN0062: │ fsevents@patch:fsevents@npm%3A2.1.2#builtin<compat/fsevents>::version=2.1.2&hash=127e8e The platform win32 is incompatible with this module, building skipped.
➤ YN0062: │ fsevents@patch:fsevents@npm%3A1.2.12#builtin<compat/fsevents>::version=1.2.12&hash=127e8e The platform win32 is incompatible with this module, building skipped.
➤ YN0007: │ nodemailer@npm:6.4.6 must be built because it never did before or the last one failed
➤ YN0007: │ core-js@npm:2.6.11 must be built because it never did before or the last one failed
➤ YN0007: │ core-js-pure@npm:3.6.4 must be built because it never did before or the last one failed
➤ YN0007: │ core-js@npm:3.6.4 must be built because it never did before or the last one failed
➤ YN0000: └ Completed in 14s 498ms
➤ YN0000: Done with warnings in 17s 673ms

and no security software popup warnings this time.

[merceyz]

Perfect, if you need any help with anything feel free to pop by on discord - https://discord.gg/yarnpkg

[merceyz]

Hey @markerikson 👋
I'm curious if it was just the node.exe file that got blocked because it was unsigned, so I've made yarn use a hardlink for it and the "normal" flow for everything else, could you try this PR again please?

[markerikson]

Hey. I've had to set aside playing around with Yarn v2 for the moment. It's still something I want to get back to, but there's other priorities right now.

[merceyz]

Totally understandable :)