Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: Referencing tar directly allows for System32 shadowing on Windows. #1167

Open
timbess opened this issue Jul 19, 2023 · 5 comments
Open

[Bug]: Referencing tar directly allows for System32 shadowing on Windows. #1167

timbess opened this issue Jul 19, 2023 · 5 comments
Labels
bug Something isn't working help wanted Aspect isn't prioritizing this, but the community could windows Specific to Windows

Comments

@timbess
Copy link

timbess commented Jul 19, 2023
edited
Loading

What happened?

When using npm_import it seems that on Windows, if you have a dependency that is a .tar.bz2, it will hang forever trying to extract it.

Basically the main issue is that this is impossible to fix without doing cp $(which tar) . or somehow putting the tar executable in a place where System32 can't shadow it. Locally I edited this line to use rctx.execute([rctx.which("tar"), ...]) and it works. Though I suspect ya'll may want to use some hermetic method of accessing tar instead.

Version

Development (host) and target OS/architectures: Windows 10 and Windows 2022 (Github CI runner)

Output of bazel --version:
bazel 6.2.1

Version of the Aspect rules, or other relevant rules from your
WORKSPACE or MODULE.bazel file:
http_archive(
name = "aspect_rules_js",
sha256 = "71895e99936ab4cdb2c2ed6f076134cf5799c478c33ae3fa934f279b585a9b38",
strip_prefix = "rules_js-1.29.0",
url = "https://github.com/aspect-build/rules_js/releases/download/v1.29.0/rules_js-v1.29.0.tar.gz",
)

Language(s) and/or frameworks involved:
Javascript

How to reproduce

npm_import any .tar.bz2 on Windows.

Any other information?

I suspect these binaries may be dropped in System32 when WSL installed, but I don't know that to be the case for certain.
@timbess timbess added the bug Something isn't working label Jul 19, 2023
@github-actions github-actions bot added the untriaged Requires traige label Jul 19, 2023
@timbess
Copy link
Author

timbess commented Jul 19, 2023
edited
Loading

I initially filed a bug with Bazel directly and they suggested using rctx.extract BTW bazelbuild/bazel#18995

@alexeagle
Copy link
Member

This looks great, want to send a PR for it?

@alexeagle alexeagle added help wanted Aspect isn't prioritizing this, but the community could and removed untriaged Requires traige labels Aug 3, 2023
@alexeagle
Copy link
Member

Note, we are thinking of having a tar toolchain in bazel-lib: bazel-contrib/bazel-lib#470

@timbess
Copy link
Author

timbess commented Aug 3, 2023

I'd be happy to, but my hack seems not as nice as actually having a tar toolchain. For the time being I removed the Js build from our windows artifact, so if ya'll are already making a concerted effort to migrate to a tar toolchain, that seems like a better approach.

@alexeagle
Copy link
Member

Oh well this is in a repository rule context, where toolchains aren't yet resolved. So I don't think the hermetic tar toolchain from bazel-lib will be useful.

alexeagle added a commit that referenced this issue Nov 1, 2023
@alexeagle
Avoid windows system32 path shadowing
f494a25 
According to #1167 wrapping the "tar" with an rctx.which will convert to an absolute path, which won't have this problem.
@alexeagle alexeagle mentioned this issue Nov 1, 2023
Open
@alexeagle alexeagle added the windows Specific to Windows label Nov 1, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working help wanted Aspect isn't prioritizing this, but the community could windows Specific to Windows
Projects
Open Source
Status: No status
Milestone
No milestone
Development

No branches or pull requests
2 participants
@alexeagle @timbess