search

pnpm / pnpm

Fast, disk space efficient package manager
https://pnpm.io
MIT License
29.64k stars 1.01k forks source link

Pnpm install script doesn't install the latest version (8.10.5) #7336

Open KaanSD opened 11 months ago

KaanSD commented 11 months ago

Verify latest release

pnpm version

8.10.5

Reproduction steps

On a system with no pnpm installed, as per instructions on https://pnpm.io/installation, go to the shell and type

curl -fsSL https://get.pnpm.io/install.sh | sh -

or 

wget -qO- https://get.pnpm.io/install.sh | sh -

Describe the Bug

Install script aborts with the error:

pnpm version '8.10.5' could not be found

It installs fine if I specify the previous version:

curl -fsSL https://get.pnpm.io/install.sh | env PNPM_VERSION=8.10.4 sh -

Expected Behavior

pnpm should be installed

Which Node.js version are you using?

18.13.0

Which operating systems have you used?

If your OS is a Linux based, which one it is? (Include the version if relevant)

Debian

0xSileo commented 11 months ago

Got the same issue on Arch : 

curl: (22) The requested URL returned error: 401
pnpm version '8.10.5' could not be found
moander commented 11 months ago

Same here.. corepack enable && corepack prepare --activate and npm i -g pnpm seems to work

KaanSD commented 11 months ago

Yeah, installing pnpm 8.10.4 and then updating to the latest with pnpm add -g pnpm also works; and the github action installs version 8.10.5 without issue. I think the problem is with the install script itself.

KaanSD commented 11 months ago

Tried running the failed command on line 39 of the install script. 

curl --output /dev/null --silent --show-error --location --head --fail "https://github.com/pnpm/pnpm/releases/download/v8.10.5/pnpm-linux-x64"

It returned an error. I also tried the wget version two lines below it and it also failed.

I tried various combinations of platforms and architectures, here are the results:

platform architecture status
linux x64 failure
linux arm failure
linux arm64 success
win x64 failure
win arm failure
win arm64 failure
macos x64 success
macos arm64 success
macos arm failure

I tried downloading linux-x64 through my browser and it works fine. As does wget without spider or curl without --head.

The output of 

curl --show-error --location --head "https://github.com/pnpm/pnpm/releases/download/v8.10.5/pnpm-linux-x64"``

is

HTTP/2 302
server: GitHub.com
date: Tue, 21 Nov 2023 18:29:41 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/50565430/839827ea-454d-440b-b404-7ded2650bda3?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20231121%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20231121T182941Z&X-Amz-Expires=300&X-Amz-Signature=f4f95d1baf4baa3371673045fa028aee9c3f077185f125d509f4fa1364564757&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=50565430&response-content-disposition=attachment%3B%20filename%3Dpnpm-linux-x64&response-content-type=application%2Foctet-stream
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.githubcopilot.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com support.github.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: AFA2:57F4:760E7735:778AA83B:655CF715

HTTP/2 401
x-github-backend: Kubernetes
x-github-request-id: 1D8E:379F:0AC0:1B4C:655CF717
accept-ranges: bytes
date: Tue, 21 Nov 2023 18:29:43 GMT
via: 1.1 varnish
x-served-by: cache-lin2290022-LIN
x-cache: MISS
x-cache-hits: 0
x-timer: S1700591384.694985,VS0,VE107
KaanSD commented 11 months ago

I suppose one way to fix this is to just get rid of validate_url. Seems somewhat redundant to check if the target exists and only then download it. The only thing avoided is the creation of a temp directory. Perhaps the temp directory can be cleaned up on failure instead.

I'd make a PR but I have no idea where the shell script is.

mbtts commented 11 months ago

I'd make a PR but I have no idea where the shell script is.

The script is here (validate_url).

Turbo87 commented 11 months ago

not sure what happened, but apparently this is now also failing for v8.10.4

curl: (22) The requested URL returned error: 401
pnpm version '8.10.4' could not be found
zaibon commented 11 months ago

Isn't the issue coming from GitHub itself more than a problem with the script? It does not make sense that curl is rejected but wget is accepted.

Turbo87 commented 11 months ago

Isn't the issue coming from GitHub itself more than a problem with the script?

yes, looks like it. but since the script is using GitHub as the CDN a workaround might make sense until GitHub fixes the issue (if they actually do so...)

illright commented 11 months ago

A workaround to install pnpm through Corepack on Alpine images that are not node:alpine:

FROM alpine
RUN apk update
RUN apk add --no-cache nodejs npm
RUN npm install -g corepack
RUN corepack enable
# You can now run `pnpm -v`

node:alpine comes with Corepack preinstalled, so all that's needed is RUN corepack enable.

KaanSD commented 11 months ago

Isn't the issue coming from GitHub itself more than a problem with the script? It does not make sense that curl is rejected but wget is accepted.

Wget isn't accepted either if you use the --spider option. I think github is currently not processing HEAD requests correctly. The thing is I don't see much point in making the HEAD request. As far as I can see it isn't done in install.ps1 (the windows version of the script)