search

angular / angular-cli

CLI tool for Angular
https://cli.angular.io
MIT License
26.73k stars 11.98k forks source link

Unable to copy assets: EPERM: operation not permitted, copyfile #21198

Closed danielflippance closed 3 years ago

danielflippance commented 3 years ago

Bug Report

Affected Package

The issue is happens when running a build: ng build

Is this a regression?

The Angular build worked before we updated our OS packages.

Description

We are running Jenkins on Docker to build an Angular 12 project. The Angular build was working until we updated the OS packages on the host machine during regular maintenance. After doing that we receive this error in the build:


✖ Copying of assets failed.
Unable to copy assets: EPERM: operation not permitted, copyfile '/var/jenkins_home/workspace/MY-Web-App/src/assets/building.svg' -> '/var/jenkins_home/workspace/MY-Web-App/dist/my-web-app/assets/building.svg'

We are using docker-compose seccomp to allow copyfile and we are running the Angular build as root to rule out permissions:


  jenkins:
    build: ./jenkins
    image: my-ci-jenkins
    hostname: ...
    user: root
    volumes:
      - jenkinshomevolume:/var/jenkins_home
    security_opt:
      - seccomp:./jenkins/seccomp.json
      ...

seccomp.json:


{
    "defaultAction": "SCMP_ACT_ERRNO",
    "syscalls": [
    ...
        {
            "name": "copyfile",
            "action": "SCMP_ACT_ALLOW",
            "args": null
        },
    ...
    ]
}

These are the packages that were updated on the Ubuntu host:


Start-Date: 2021-06-15  11:02:05
Commandline: apt upgrade
Requested-By: ... (1001)
Install: python3-pexpect:amd64 (4.2.1-1, automatic),
    distro-info:amd64 (0.18ubuntu0.18.04.1, automatic),
    python3-ptyprocess:amd64 (0.5.2-1, automatic),
    docker-scan-plugin:amd64 (0.8.0~ubuntu-bionic, automatic)
Upgrade: libpam0g:amd64 (1.1.8-3.6ubuntu2.18.04.2, 1.1.8-3.6ubuntu2.18.04.3),
    cryptsetup-bin:amd64 (2:2.0.2-1ubuntu1.1, 2:2.0.2-1ubuntu1.2),
    containerd.io:amd64 (1.3.7-1, 1.4.6-1),
    netplan.io:amd64 (0.99-0ubuntu3~18.04.3, 0.99-0ubuntu3~18.04.4),
    cloud-init:amd64 (20.3-2-g371b392c-0ubuntu1~18.04.1, 21.2-3-g899bfaa9-0ubuntu2~18.04.1),
    ubuntu-keyring:amd64 (2018.09.18.1~18.04.0, 2018.09.18.1~18.04.2),
    libseccomp2:amd64 (2.4.3-1ubuntu3.18.04.3, 2.5.1-1ubuntu1~18.04.1),
    libaudit-common:amd64 (1:2.8.2-1ubuntu1, 1:2.8.2-1ubuntu1.1),
    pollinate:amd64 (4.33-0ubuntu1~18.04.1, 4.33-0ubuntu1~18.04.2),
    gnupg-utils:amd64 (2.2.4-1ubuntu1.3, 2.2.4-1ubuntu1.4),
    friendly-recovery:amd64 (0.2.38ubuntu1.1, 0.2.38ubuntu1.2),
    gnupg-agent:amd64 (2.2.4-1ubuntu1.3, 2.2.4-1ubuntu1.4),
    libapt-inst2.0:amd64 (1.6.12ubuntu0.2, 1.6.13),
    gpg-wks-client:amd64 (2.2.4-1ubuntu1.3, 2.2.4-1ubuntu1.4),
    libpam-modules:amd64 (1.1.8-3.6ubuntu2.18.04.2, 1.1.8-3.6ubuntu2.18.04.3),
    gnupg-l10n:amd64 (2.2.4-1ubuntu1.3, 2.2.4-1ubuntu1.4),
    libc6-dev:amd64 (2.27-3ubuntu1.2, 2.27-3ubuntu1.4),
    update-notifier-common:amd64 (3.192.1.7, 3.192.1.11),
    libsystemd0:amd64 (237-3ubuntu10.42, 237-3ubuntu10.47),
    grub-common:amd64 (2.02-2ubuntu8.18, 2.02-2ubuntu8.23),
    apt:amd64 (1.6.12ubuntu0.2, 1.6.13),
    snapd:amd64 (2.48.3+18.04, 2.49.2+18.04),
    ubuntu-advantage-tools:amd64 (17, 27.0.2~18.04.1),
    squashfs-tools:amd64 (1:4.3-6ubuntu0.18.04.1, 1:4.3-6ubuntu0.18.04.2),
    lshw:amd64 (02.18-0.1ubuntu6.18.04.1, 02.18-0.1ubuntu6.18.04.2),
    libc6:amd64 (2.27-3ubuntu1.2, 2.27-3ubuntu1.4),
    gpg-wks-server:amd64 (2.2.4-1ubuntu1.3, 2.2.4-1ubuntu1.4),
    python-apt-common:amd64 (1.6.5ubuntu0.5, 1.6.5ubuntu0.6),
    gpg:amd64 (2.2.4-1ubuntu1.3, 2.2.4-1ubuntu1.4),
    grub2-common:amd64 (2.02-2ubuntu8.18, 2.02-2ubuntu8.23),
    udev:amd64 (237-3ubuntu10.42, 237-3ubuntu10.47),
    locales:amd64 (2.27-3ubuntu1.2, 2.27-3ubuntu1.4),
    libpam-runtime:amd64 (1.1.8-3.6ubuntu2.18.04.2, 1.1.8-3.6ubuntu2.18.04.3),
    libapt-pkg5.0:amd64 (1.6.12ubuntu0.2, 1.6.13),
    initramfs-tools-bin:amd64 (0.130ubuntu3.11, 0.130ubuntu3.12),
    grub-pc:amd64 (2.02-2ubuntu8.18, 2.02-2ubuntu8.23),
    python3-httplib2:amd64 (0.9.2+dfsg-1ubuntu0.2, 0.9.2+dfsg-1ubuntu0.3),
    libudev1:amd64 (237-3ubuntu10.42, 237-3ubuntu10.47),
    nplan:amd64 (0.99-0ubuntu3~18.04.3, 0.99-0ubuntu3~18.04.4),
    dirmngr:amd64 (2.2.4-1ubuntu1.3, 2.2.4-1ubuntu1.4),
    grub-pc-bin:amd64 (2.02-2ubuntu8.18, 2.02-2ubuntu8.23),
    python3-distupgrade:amd64 (1:18.04.38, 1:18.04.44),
    libc-bin:amd64 (2.27-3ubuntu1.2, 2.27-3ubuntu1.4),
    ubuntu-release-upgrader-core:amd64 (1:18.04.38, 1:18.04.44),
    systemd-sysv:amd64 (237-3ubuntu10.42, 237-3ubuntu10.47),
    gpgv:amd64 (2.2.4-1ubuntu1.3, 2.2.4-1ubuntu1.4),
    libpam-systemd:amd64 (237-3ubuntu10.42, 237-3ubuntu10.47),
    systemd:amd64 (237-3ubuntu10.42, 237-3ubuntu10.47),
    libpam-modules-bin:amd64 (1.1.8-3.6ubuntu2.18.04.2, 1.1.8-3.6ubuntu2.18.04.3),
    apt-utils:amd64 (1.6.12ubuntu0.2, 1.6.13),
    iproute2:amd64 (4.15.0-2ubuntu1.2, 4.15.0-2ubuntu1.3),
    sosreport:amd64 (3.9.1-1ubuntu0.18.04.2, 4.1-1ubuntu0.18.04.2),
    libnss-systemd:amd64 (237-3ubuntu10.42, 237-3ubuntu10.47),
    libnetplan0:amd64 (0.99-0ubuntu3~18.04.3, 0.99-0ubuntu3~18.04.4),
    libc-dev-bin:amd64 (2.27-3ubuntu1.2, 2.27-3ubuntu1.4),
    multiarch-support:amd64 (2.27-3ubuntu1.2, 2.27-3ubuntu1.4),
    libcryptsetup12:amd64 (2:2.0.2-1ubuntu1.1, 2:2.0.2-1ubuntu1.2),
    apt-transport-https:amd64 (1.6.12ubuntu0.2, 1.6.13),
    linux-firmware:amd64 (1.173.19, 1.173.20),
    gnupg:amd64 (2.2.4-1ubuntu1.3, 2.2.4-1ubuntu1.4),
    cryptsetup:amd64 (2:2.0.2-1ubuntu1.1, 2:2.0.2-1ubuntu1.2),
    gpg-agent:amd64 (2.2.4-1ubuntu1.3, 2.2.4-1ubuntu1.4),
    python-pip-whl:amd64 (9.0.1-2.3~ubuntu1.18.04.4, 9.0.1-2.3~ubuntu1.18.04.5),
    libaudit1:amd64 (1:2.8.2-1ubuntu1, 1:2.8.2-1ubuntu1.1),
    initramfs-tools-core:amd64 (0.130ubuntu3.11, 0.130ubuntu3.12),
    gpgconf:amd64 (2.2.4-1ubuntu1.3, 2.2.4-1ubuntu1.4),
    initramfs-tools:amd64 (0.130ubuntu3.11, 0.130ubuntu3.12),
    python3-apt:amd64 (1.6.5ubuntu0.5, 1.6.5ubuntu0.6),
    gpgsm:amd64 (2.2.4-1ubuntu1.3, 2.2.4-1ubuntu1.4),
    docker-ce-cli:amd64 (5:19.03.13~3-0~ubuntu-bionic, 5:20.10.7~3-0~ubuntu-bionic)
End-Date: 2021-06-15  11:05:27

We can successfully create and copy files in the Jenkins sh command


[Pipeline] sh
+ touch ./dist/my-web-app/assets/me.txt
[Pipeline] sh
+ cp ./dist/my-web-app/assets/me.txt ./dist/my-web-app/assets/me-copy.txt
[Pipeline] sh
+ ls -al ./dist/my-web-app/assets
total 8
drwxrw-rw- 2 root root 4096 Jun 24 10:40 .
drwxr-xr-x 3 root root 4096 Jun 23 18:43 ..
-rw-r--r-- 1 root root    0 Jun 24 10:40 me-copy.txt
-rw-r--r-- 1 root root    0 Jun 24 10:40 me.txt

Minimal Reproduction

The issue appears to be a combination of multiple OS versions alongside Angular and the latest OS packages listed above.

Exception or Error


+ ng build --configuration=staging
- Generating browser application bundles (phase: setup)...
Compiling @angular/core : es2015 as esm2015
Compiling @angular/animations : es2015 as esm2015
Compiling angular-animations : es2015 as esm2015
Compiling @angular/common : es2015 as esm2015
Compiling @angular/cdk/collections : es2015 as esm2015
Compiling @angular/animations/browser : es2015 as esm2015
Compiling @angular/platform-browser : es2015 as esm2015
Compiling @angular/forms : es2015 as esm2015
Compiling @angular/cdk/platform : es2015 as esm2015
Compiling @angular/cdk/bidi : es2015 as esm2015
Compiling @angular/cdk/scrolling : es2015 as esm2015
Compiling @angular/platform-browser-dynamic : es2015 as esm2015
Compiling @angular/router : es2015 as esm2015
Compiling @angular/common/http : es2015 as esm2015
Compiling @ng-bootstrap/ng-bootstrap : es2015 as esm2015
Compiling @fortawesome/angular-fontawesome : es2015 as esm2015
Compiling ngx-moment : es2015 as esm2015
Compiling ngx-mask : es2015 as esm2015
Compiling @angular/cdk/drag-drop : es2015 as esm2015
Compiling @angular/platform-browser/animations : es2015 as esm2015
✔ Browser application bundle generation complete.
- Generating ES5 bundles for differential loading...
✔ Browser application bundle generation complete.
✔ ES5 bundle generation complete.
- Copying assets...
✖ Copying of assets failed.
Unable to copy assets: EPERM: operation not permitted, copyfile '/var/jenkins_home/workspace/MY-Web-App/src/assets/building.svg' -> '/var/jenkins_home/workspace/MY-Web-App/dist/my-web-app/assets/building.svg'

Your Environment

Angular Version:



     _                      _                 ____ _     ___
    / \   _ __   __ _ _   _| | __ _ _ __     / ___| |   |_ _|
   / △ \ | '_ \ / _` | | | | |/ _` | '__|   | |   | |    | |
  / ___ \| | | | (_| | |_| | | (_| | |      | |___| |___ | |
 /_/   \_\_| |_|\__, |\__,_|_|\__,_|_|       \____|_____|___|
                |___/

Angular CLI: 12.0.5
Node: 14.17.1
Package Manager: npm 6.14.13
OS: linux x64

Angular:
...

Package                      Version
------------------------------------------------------
@angular-devkit/architect    0.1200.5 (cli-only)
@angular-devkit/core         12.0.5 (cli-only)
@angular-devkit/schematics   12.0.5 (cli-only)
@schematics/angular          12.0.5 (cli-only)

OS versions Host OS: Ubuntu 18.04.5 LTS (Bionic Beaver) Linux 4.15.0-126-generic angular/angular#129-Ubuntu SMP Mon Nov 23 18:53:38 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

Jenkins Docker Container OS: Debian GNU/Linux 10 (buster)

Docker Docker version 20.10.7, build f0df350

Anything else relevant? To rule out permissions, we are running as root. We have tried the same build on Angular 9, 10, 11 and 12 with the same results.

alan-agius4 commented 3 years ago

Hello, we reviewed this issue and determined that it doesn't fall into the bug report or feature request category. This issue tracker is not suitable for support requests, please repost your issue on StackOverflow using tag angular-cli.

If you are wondering why we don't resolve support issues via the issue tracker, please check out this explanation.ns

danielflippance commented 3 years ago

Thanks for clarifying. I was also posted on StackOverflow: https://stackoverflow.com/questions/68120537/angular-build-eperm-operation-not-permitted-copyfile

clydin commented 3 years ago

Not sure if this is still an issue but the seccomp configuration is most likely the cause. The set of sys calls used by Node.js for copying files can be found by tracing through the source code here: https://github.com/nodejs/node/blob/v14.17.1/deps/uv/src/unix/fs.c#L1153

angular-automatic-lock-bot[bot] commented 3 years ago

This issue has been automatically locked due to inactivity. Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

This action has been performed automatically by a bot.