Skip to content

[build-tools] - Fix tar extraction permission errors by not preserving archive file modes#3663

Closed
AbbanMustafa wants to merge 1 commit intomainfrom
mus/tar-strip-comp
Closed

[build-tools] - Fix tar extraction permission errors by not preserving archive file modes#3663
AbbanMustafa wants to merge 1 commit intomainfrom
mus/tar-strip-comp

Conversation

@AbbanMustafa
Copy link
Copy Markdown
Contributor

@AbbanMustafa AbbanMustafa commented Apr 30, 2026
edited
Loading

Why

We observe a trend of multiple builds failing during the PREPARE_PROJECT phase with errors like

  tar: app/(tabs): Cannot mkdir: Permission denied
  tar: src/screens/LoginScreen.js: Cannot open: No such file or directory

These failures are intermittent, the same app succeeds on retry with a different worker. The root cause is that some user project archives contain files with restrictive permissions, and tar preserves those modes on extraction. When a directory is extracted with read-only permissions, tar can't write files into it during the same extraction pass.

How

  • Add --no-same-permissions flag to tar extraction to apply the umask instead of preserving archive permission bits https://man7.org/linux/man-pages/man1/tar.1.html during PREPARE_PROJECT phase
  • Fixes intermittent build failures where tar fails with "Permission denied" when extracting project archives that contain files/directories with restrictive permission bits

Test Plan

  • Recreate this failure on a staging worker, and deploy this fix

@AbbanMustafa AbbanMustafa changed the title [build-tools] - Fix tar extraction permission errors by not preservin… [build-tools] - Fix tar extraction permission errors by not preserving archive file modes Apr 30, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 30, 2026

Subscribed to pull request

File Patterns Mentions
**/* @douglowder

Generated by CodeMention

@codecov
Copy link
Copy Markdown

codecov Bot commented Apr 30, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 55.87%. Comparing base (3d691d6) to head (8408413).
⚠️ Report is 9 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #3663   +/-   ##
=======================================
  Coverage   55.87%   55.87%           
=======================================
  Files         868      868           
  Lines       37545    37545           
  Branches     7835     7835           
=======================================
  Hits        20973    20973           
  Misses      16474    16474           
  Partials       98       98

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@AbbanMustafa AbbanMustafa added the no changelog PR that doesn't require a changelog entry label May 1, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 1, 2026

⏩ The changelog entry check has been skipped since the "no changelog" label is present.

sjchmiela
sjchmiela requested changes May 4, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@sjchmiela sjchmiela left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Image Image

isn't this the default?

@sjchmiela sjchmiela mentioned this pull request May 4, 2026
Merged
@sjchmiela
Copy link
Copy Markdown
Contributor

sjchmiela commented May 4, 2026

Closing as superseded by #3234. That PR has been updated to fix this at project archive creation time with cross-platform portable: true, so we do not need to change worker extraction flags here. CI is passing on #3234.

@sjchmiela sjchmiela closed this May 4, 2026
sjchmiela added a commit that referenced this pull request May 4, 2026
@sjchmiela
[eas-cli] Create portable project archives (#3234)
bc213a5 
<!-- If this PR requires a changelog entry, add it by commenting the PR with the command `/changelog-entry [breaking-change|new-feature|bug-fix|chore] [message]`. -->
<!-- You can skip the changelog check by labeling the PR with "no changelog". -->

# Why

Project archives created on one platform can be extracted on another platform with incompatible metadata or mode bits. In particular, Windows read-only directories can be represented as read-only POSIX directories in the tarball, which can make worker extraction fail when child files need to be created.

Using `portable: true` consistently also strips owner/group metadata and avoids making Windows a special case.

Supersedes the approach in #3489 and avoids changing worker extraction as proposed in #3663.

# How

Create project tarballs with `portable: true` on all platforms.

# Test Plan

- `yarn workspace eas-cli test src/build/utils/__tests__/repository.test.ts`
- `yarn workspace eas-cli typecheck`
- `yarn run -T oxfmt CHANGELOG.md packages/eas-cli/src/build/utils/repository.ts packages/eas-cli/src/build/utils/__tests__/repository.test.ts`
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sjchmiela sjchmiela sjchmiela requested changes

Assignees

No one assigned

Labels

no changelog PR that doesn't require a changelog entry

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@AbbanMustafa @sjchmiela