Re: Is it possible to build node package as single executable binary?

Hi,

On 2023/06/25 6:42, Miroslav Lachman wrote:
> Hello.
> I built it in poudriere, installed on target server but it failed to run:
> 
> # bw -h
> pkg/prelude/bootstrap.js:1876
>        throw error;
>        ^
> 
> Error: 
> /tmp/pkg/3f7546d249992c0f148a46a96767b364fe2616ab97eacd2ea346785f0bee0134/argon2/lib/binding/napi-v3/argon2.node: mmap of data failed: Permission denied
>      at process.dlopen (pkg/prelude/bootstrap.js:2255:28)
>      at Object.Module._extensions..node 
> (node:internal/modules/cjs/loader:1189:18)
>      at Module.load (node:internal/modules/cjs/loader:981:32)
>      at Function.Module._load (node:internal/modules/cjs/loader:822:12)
>      at Module.require (node:internal/modules/cjs/loader:1005:19)
>      at Module.require (pkg/prelude/bootstrap.js:1855:31)
>      at require (node:internal/modules/cjs/helpers:102:18)
>      at Object.<anonymous> 
> (/snapshot/wrkdirs/overlays/mfh_overlay/security/bitwarden-cli/work/clients-cli-v2023.4.0/node_modules/argon2/argon2.js:9:25)
>      at Module._compile (pkg/prelude/bootstrap.js:1930:22)
>      at Object.Module._extensions..js 
> (node:internal/modules/cjs/loader:1159:10) {
>    code: 'ERR_DLOPEN_FAILED'
> }
> 
> 
> Then I found it is because we have /tmp mounted with nosuid, noexec set 
> for security reason.
> When I remounted /tmp with exec, the bw from package runs without error.
> 
> Do you know why this packaged "bw" needs /tmp to be executable while 
> "bw" installed by "npm install" works with noexec set on /tmp?

It appears native node modules have to be written on the disk before 
being executed. There is an explanatory comment at the following URL:
https://github.com/vercel/pkg/blob/main/prelude/bootstrap.js#L2208

> Is there a way to fix it? I really would like to keep /tmp noexec.

The path the native module written to seems TMPDIR-aware. So one 
workaround would be setting TMPDIR somewhere other than "/tmp".

Cheers,
Hiroki