deps/npm/lib/utils/tar.js
// commands for packing and unpacking tarballs
// this file is used by lib/cache.js
var npm = require("../npm.js")
, fs = require("graceful-fs")
, writeFileAtomic = require("write-file-atomic")
, writeStreamAtomic = require("fs-write-stream-atomic")
, path = require("path")
, log = require("npmlog")
, uidNumber = require("uid-number")
, rm = require("./gently-rm.js")
, readJson = require("read-package-json")
, myUid = process.getuid && process.getuid()
, myGid = process.getgid && process.getgid()
, tar = require("tar")
, zlib = require("zlib")
, fstream = require("fstream")
, Packer = require("fstream-npm")
, lifecycle = require("./lifecycle.js")
if (process.env.SUDO_UID && myUid === 0) {
if (!isNaN(process.env.SUDO_UID)) myUid = +process.env.SUDO_UID
if (!isNaN(process.env.SUDO_GID)) myGid = +process.env.SUDO_GID
}
exports.pack = pack
exports.unpack = unpack
function pack (tarball, folder, pkg, dfc, cb) {
log.verbose("tar pack", [tarball, folder])
if (typeof cb !== "function") cb = dfc, dfc = false
log.verbose("tarball", tarball)
log.verbose("folder", folder)
if (dfc) {
// do fancy crap
return lifecycle(pkg, "prepublish", folder, function (er) {
if (er) return cb(er)
pack_(tarball, folder, pkg, cb)
})
} else {
pack_(tarball, folder, pkg, cb)
}
}
function pack_ (tarball, folder, pkg, cb) {
new Packer({ path: folder, type: "Directory", isDirectory: true })
.on("error", function (er) {
if (er) log.error("tar pack", "Error reading " + folder)
return cb(er)
})
// By default, npm includes some proprietary attributes in the
// package tarball. This is sane, and allowed by the spec.
// However, npm *itself* excludes these from its own package,
// so that it can be more easily bootstrapped using old and
// non-compliant tar implementations.
.pipe(tar.Pack({ noProprietary: !npm.config.get("proprietary-attribs") }))
.on("error", function (er) {
if (er) log.error("tar.pack", "tar creation error", tarball)
cb(er)
})
.pipe(zlib.Gzip())
.on("error", function (er) {
if (er) log.error("tar.pack", "gzip error "+tarball)
cb(er)
})
.pipe(writeStreamAtomic(tarball))
.on("error", function (er) {
if (er) log.error("tar.pack", "Could not write "+tarball)
cb(er)
})
.on("close", cb)
}
function unpack (tarball, unpackTarget, dMode, fMode, uid, gid, cb) {
log.verbose("tar", "unpack", tarball)
log.verbose("tar", "unpacking to", unpackTarget)
if (typeof cb !== "function") cb = gid, gid = null
if (typeof cb !== "function") cb = uid, uid = null
if (typeof cb !== "function") cb = fMode, fMode = npm.modes.file
if (typeof cb !== "function") cb = dMode, dMode = npm.modes.exec
uidNumber(uid, gid, function (er, uid, gid) {
if (er) return cb(er)
unpack_(tarball, unpackTarget, dMode, fMode, uid, gid, cb)
})
}
function unpack_ ( tarball, unpackTarget, dMode, fMode, uid, gid, cb ) {
rm(unpackTarget, function (er) {
if (er) return cb(er)
// gzip {tarball} --decompress --stdout \
// | tar -mvxpf - --strip-components=1 -C {unpackTarget}
gunzTarPerm( tarball, unpackTarget
, dMode, fMode
, uid, gid
, function (er, folder) {
if (er) return cb(er)
readJson(path.resolve(folder, "package.json"), cb)
})
})
}
function gunzTarPerm (tarball, target, dMode, fMode, uid, gid, cb_) {
if (!dMode) dMode = npm.modes.exec
if (!fMode) fMode = npm.modes.file
log.silly("gunzTarPerm", "modes", [dMode.toString(8), fMode.toString(8)])
var cbCalled = false
function cb (er) {
if (cbCalled) return
cbCalled = true
cb_(er, target)
}
var fst = fs.createReadStream(tarball)
fst.on("open", function (fd) {
fs.fstat(fd, function (er, st) {
if (er) return fst.emit("error", er)
if (st.size === 0) {
er = new Error("0-byte tarball\n" +
"Please run `npm cache clean`")
fst.emit("error", er)
}
})
})
// figure out who we're supposed to be, if we're not pretending
// to be a specific user.
if (npm.config.get("unsafe-perm") && process.platform !== "win32") {
uid = myUid
gid = myGid
}
function extractEntry (entry) {
log.silly("gunzTarPerm", "extractEntry", entry.path)
// never create things that are user-unreadable,
// or dirs that are user-un-listable. Only leads to headaches.
var originalMode = entry.mode = entry.mode || entry.props.mode
entry.mode = entry.mode | (entry.type === "Directory" ? dMode : fMode)
entry.mode = entry.mode & (~npm.modes.umask)
entry.props.mode = entry.mode
if (originalMode !== entry.mode) {
log.silly( "gunzTarPerm", "modified mode"
, [entry.path, originalMode, entry.mode])
}
// if there's a specific owner uid/gid that we want, then set that
if (process.platform !== "win32" &&
typeof uid === "number" &&
typeof gid === "number") {
entry.props.uid = entry.uid = uid
entry.props.gid = entry.gid = gid
}
}
var extractOpts = { type: "Directory", path: target, strip: 1 }
if (process.platform !== "win32" &&
typeof uid === "number" &&
typeof gid === "number") {
extractOpts.uid = uid
extractOpts.gid = gid
}
var sawIgnores = {}
extractOpts.filter = function () {
// symbolic links are not allowed in packages.
if (this.type.match(/^.*Link$/)) {
log.warn( "excluding symbolic link"
, this.path.substr(target.length + 1)
+ " -> " + this.linkpath )
return false
}
// Note: This mirrors logic in the fs read operations that are
// employed during tarball creation, in the fstream-npm module.
// It is duplicated here to handle tarballs that are created
// using other means, such as system tar or git archive.
if (this.type === "File") {
var base = path.basename(this.path)
if (base === ".npmignore") {
sawIgnores[ this.path ] = true
} else if (base === ".gitignore") {
var npmignore = this.path.replace(/\.gitignore$/, ".npmignore")
if (sawIgnores[npmignore]) {
// Skip this one, already seen.
return false
} else {
// Rename, may be clobbered later.
this.path = npmignore
this._path = npmignore
}
}
}
return true
}
fst
.on("error", function (er) {
if (er) log.error("tar.unpack", "error reading "+tarball)
cb(er)
})
.on("data", function OD (c) {
// detect what it is.
// Then, depending on that, we'll figure out whether it's
// a single-file module, gzipped tarball, or naked tarball.
// gzipped files all start with 1f8b08
if (c[0] === 0x1F &&
c[1] === 0x8B &&
c[2] === 0x08) {
fst
.pipe(zlib.Unzip())
.on("error", function (er) {
if (er) log.error("tar.unpack", "unzip error "+tarball)
cb(er)
})
.pipe(tar.Extract(extractOpts))
.on("entry", extractEntry)
.on("error", function (er) {
if (er) log.error("tar.unpack", "untar error "+tarball)
cb(er)
})
.on("close", cb)
} else if (hasTarHeader(c)) {
// naked tar
fst
.pipe(tar.Extract(extractOpts))
.on("entry", extractEntry)
.on("error", function (er) {
if (er) log.error("tar.unpack", "untar error "+tarball)
cb(er)
})
.on("close", cb)
} else {
// naked js file
var jsOpts = { path: path.resolve(target, "index.js") }
if (process.platform !== "win32" &&
typeof uid === "number" &&
typeof gid === "number") {
jsOpts.uid = uid
jsOpts.gid = gid
}
fst
.pipe(fstream.Writer(jsOpts))
.on("error", function (er) {
if (er) log.error("tar.unpack", "copy error "+tarball)
cb(er)
})
.on("close", function () {
var j = path.resolve(target, "package.json")
readJson(j, function (er, d) {
if (er) {
log.error("not a package", tarball)
return cb(er)
}
writeFileAtomic(j, JSON.stringify(d) + "\n", cb)
})
})
}
// now un-hook, and re-emit the chunk
fst.removeListener("data", OD)
fst.emit("data", c)
})
}
function hasTarHeader (c) {
return c[257] === 0x75 && // tar archives have 7573746172 at position
c[258] === 0x73 && // 257 and 003030 or 202000 at position 262
c[259] === 0x74 &&
c[260] === 0x61 &&
c[261] === 0x72 &&
((c[262] === 0x00 &&
c[263] === 0x30 &&
c[264] === 0x30) ||
(c[262] === 0x20 &&
c[263] === 0x20 &&
c[264] === 0x00))
}