Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 24 Jun 2023 23:42:44 +0200
From:      Miroslav Lachman <000.fbsd@quip.cz>
To:        Hiroki Tagato <tagattie@FreeBSD.org>, FreeBSD Ports <freebsd-ports@freebsd.org>
Subject:   Re: Is it possible to build node package as single executable binary?
Message-ID:  <c252b857-8657-843f-7619-e5ec55b1c9db@quip.cz>
In-Reply-To: <5be6c0d2-5d71-38c9-028a-8ce065102be9@FreeBSD.org>
References:  <c50228d7-63c7-0e5c-7b38-d9e4c5a3e795@quip.cz> <5be6c0d2-5d71-38c9-028a-8ce065102be9@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 23/06/2023 13:11, Hiroki Tagato wrote:
> Hi Miroslav,
> 
> I have a WIP port of Bitwarden CLI in my forked ports repository.
> 
> Take a look at:
> https://github.com/tagattie/freebsd-ports/tree/main/security/bitwarden-cli
> 
> It generates a single binary executable "bw" by packaging the node 
> command and necessary node modules. I have only lightly tested the 
> package on FreeBSD 13/amd64 and it seems working.

Hello.
I built it in poudriere, installed on target server but it failed to run:

# bw -h
pkg/prelude/bootstrap.js:1876
       throw error;
       ^

Error: 
/tmp/pkg/3f7546d249992c0f148a46a96767b364fe2616ab97eacd2ea346785f0bee0134/argon2/lib/binding/napi-v3/argon2.node: 
mmap of data failed: Permission denied
     at process.dlopen (pkg/prelude/bootstrap.js:2255:28)
     at Object.Module._extensions..node 
(node:internal/modules/cjs/loader:1189:18)
     at Module.load (node:internal/modules/cjs/loader:981:32)
     at Function.Module._load (node:internal/modules/cjs/loader:822:12)
     at Module.require (node:internal/modules/cjs/loader:1005:19)
     at Module.require (pkg/prelude/bootstrap.js:1855:31)
     at require (node:internal/modules/cjs/helpers:102:18)
     at Object.<anonymous> 
(/snapshot/wrkdirs/overlays/mfh_overlay/security/bitwarden-cli/work/clients-cli-v2023.4.0/node_modules/argon2/argon2.js:9:25)
     at Module._compile (pkg/prelude/bootstrap.js:1930:22)
     at Object.Module._extensions..js 
(node:internal/modules/cjs/loader:1159:10) {
   code: 'ERR_DLOPEN_FAILED'
}


Then I found it is because we have /tmp mounted with nosuid, noexec set 
for security reason.
When I remounted /tmp with exec, the bw from package runs without error.

Do you know why this packaged "bw" needs /tmp to be executable while 
"bw" installed by "npm install" works with noexec set on /tmp?

Is there a way to fix it? I really would like to keep /tmp noexec.

Kind regards
Miroslav Lachman

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c252b857-8657-843f-7619-e5ec55b1c9db>