security-checker
security-checker copied to clipboard
enlightn
Unzip problems with v1.8.0+
Hi,
This change has broken this tool for me.
I am using the php:7.1-fpm-alpine Docker image and trying to run the security-checker fails with the following error:
v1.7.0 works fine:
I presume the problem is that the version of unzip within BusyBox cannot handle the zip file:
Because it works fine on the unzip command in my host OS (Ubuntu 20.04
Cheers!
Dan
@danherd, based on the error screenshot, wonder if the real error is:
unzip: can't change directory to '/tmp/php_security_advisories': No such file or directory
Can you try using the --temp-dir option and check if it works?
Hi,
That didn't work.
The error from unzip is because it can't extract the zip file to the named directory. It is not a permission issue - it is simply that the version of unzip on this Docker image cannot handle the zip file:
Whereas on my Ubuntu 20.04 machine:
Here it is on the Docker machine using the same folder:
Cheers,
Dan
Ahh, ok. I imagine an unzip -q works? I'll send a PR to that effect if you can confirm. Thanks!
Unfortunately not! I think this version of busybox unzip has some sort of bug with the '-d' flag. It doesn't work, no matter what I pass (unless I pass '.', then it extracts the contents of the zip into the current folder)
OK, I've managed to fix it my side by just installing the unzip package as part of the Docker image build. Behold:
Maybe you can add a check to see if the unzip binary is at a minimum version before trying to use it?
Thanks for your help and also thank you for continuing this useful package!
@danherd, thanks for all the information.
I think we can add an option such as --use-ext to force using the php zip extension. I'd accept a PR to do this if someone has the time. I'll leave this open so that folks willing to contribute can :)
This is not a problem with the package, the zip lib does not create the directory and this was fixed in the latest version, if you update your zip lib you will see this fixed.
But if the --use-ext is still useful i can try implement this feature
I am running into this same issue with the php:7.4-cli-alpine3.12 base image. It uses
$ php -v
PHP 7.4.14 (cli) (built: Jan 7 2021 17:42:00) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
with Xdebug v3.0.1, Copyright (c) 2002-2020, by Derick Rethans
and
$ unzip
BusyBox v1.31.1 () multi-call binary.
Usage: unzip [-lnojpq] FILE[.zip] [FILE]... [-x FILE...] [-d DIR]
Extract FILEs from ZIP archive
-l List contents (with -q for short form)
-n Never overwrite files (default: ask)
-o Overwrite
-j Do not restore paths
-p Print to stdout
-q Quiet
-x FILE Exclude FILEs
-d DIR Extract into DIR
and
$ composer -v
______
/ ____/___ ____ ___ ____ ____ ________ _____
/ / / __ \/ __ `__ \/ __ \/ __ \/ ___/ _ \/ ___/
/ /___/ /_/ / / / / / / /_/ / /_/ (__ ) __/ /
\____/\____/_/ /_/ /_/ .___/\____/____/\___/_/
/_/
Composer version 2.0.12 2021-04-01 10:14:59
Hi @toaomatis
Just add this to an appropriate place in your Dockerfile:
RUN apk update && apk add unzip
That should fix it until the --use-ext feature is available.
Hi @toaomatis
Just add this to an appropriate place in your Dockerfile:
RUN apk update && apk add unzipThat should fix it until the
--use-extfeature is available.
Thanks, this solved the problem (for now). Was not aware there was an additional / external unzip package for Alpine as well. Always used the build-in / BusyBox one.
I just did a PR adding the --use-ext option @paras-malhotra I dont know if it is OK fell free to change everything hahaha