Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-84505

nodejs:22 modular package has inappropriate scriptlet

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • None
    • CentOS Stream 9
    • nodejs-22-module
    • None
    • Low
    • 1
    • rhel-pt-ruby-nodejs
    • ssg_platform_tools
    • 1
    • No
    • CentOS Stream, Red Hat Enterprise Linux
    • PT PRNDL 2025 S04
    • None
    • None
    • Unspecified Release Note Type - Unknown
    • All
    • None

      What were you trying to do that didn't work?

      Conduct any yum/dnf transaction involving the nodejs package from the nodejs:22 module. The scriptlet for the package will silently move /usr/lib/node_modules to /usr/lib/node_modules.rpmmoved.

      What is the impact of this issue to you?

      On upgrades any files under the expected path, including files owned by other packages or placed there as part of system configuration outside of yum/dnf purview, are moved with no notice. This results in sudden and unexpected breakage during regular upgrade operations. Additionally, even when only the nodejs package file contents are present in the specified directory path it will be moved on EVERY dnf/yum transaction involving this package which will result in an additional ~15MB of disk space being consumed on each operation.

      Please provide the package NVR for which the bug is seen:

       

      As far as I can tell it is present in every version of the nodejs package present in the nodejs:22 module. I was able to reproduce this behavior most recently in a freshly installed virtual machine with

      nodejs-22.13.1-1.module_el9+1194+c2cea2d5.aarch64

      How reproducible is this bug?:

       

      It is 100% reproducible with no setup

      Steps to reproduce

      1. sudo yum module install nodejs:22/common
      2. sudo yum reinstall nodejs
      3. observe that /usr/lib/node_modules has been moved to /usr/lib/node_modules.rpmmoved and a new /usr/lib/modules has been created with the package contents
      4. sudo yum reinstall nodejs
      5. observe that /usr/lib/node_modules has been moved to /usr/lib/node_modules.rpmmoved.1 and a new /usr/lib/modules has been created with the package contents

      Expected results

      Package should be installed, upgraded or reinstalled in the same manner as any other nodejs package available for this distro. Files not owned by the package under the specified path will remain in place and not be renamed, moved or deleted

      Actual results

      See above reproduction steps

      Cause

      The cause is a pretrans scriptlet in the package which has a behavior that is copied from a later fedora version in which the locations of version node_modules has been changed and the "main" version's node_modules_?? directory is symlinked to /usr/lib/node_modules

      $ rpm -q --scripts nodejs
pretrans scriptlet (using <lua>):
path = "/usr/lib/node_modules"
st = posix.stat(path)
if st and st.type == "directory" then
  status = os.rename(path, path .. ".rpmmoved")
  if not status then
    suffix = 0
    while not status do
      suffix = suffix + 1
      status = os.rename(path .. ".rpmmoved", path .. ".rpmmoved." .. suffix)
    end
    os.rename(path, path .. ".rpmmoved")
  end
end

       

              aradchen Andrei Radchenko
              craigslistsystems System Administrator (Inactive)
              nodejs-maint nodejs-maint
              rhel-nodejs-qe bot rhel-nodejs-qe bot
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: