fix(npm): install musl binaries on Linux and surface binary crashes#999
Open
bntvllnt wants to merge 1 commit into
Open
fix(npm): install musl binaries on Linux and surface binary crashes#999bntvllnt wants to merge 1 commit into
bntvllnt wants to merge 1 commit into
Conversation
The npm postinstall resolved Linux targets via @napi-rs/triples ordering, which selects the gnu triple. This shipped a binary that can crash (SIGSEGV during the TLS handshake) on some Linux hosts, 404'd on aarch64/arm Linux where only musl assets are published, and diverged from install.sh, which already ships musl to all Linux users to avoid linking issues. The bin wrapper also collapsed every failure into a silent exit 1, discarding both crash signals and the binary's real exit code, which made that crash unreportable (railwayapp#998). - npm-install/postinstall.js: resolve Linux targets through an explicit musl target map matching the published release assets; other platforms keep the existing triples lookup. - bin/railway.js: print an actionable message when the binary is killed by a signal, and propagate the binary's real exit code. Fixes railwayapp#998
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #998.
Problem
When installed via npm on some Linux hosts,
railway login --browserless(and in fact every network command) exits1with no output. The reporter saw a silent failure inside a TTY, which looked like a TTY-detection bug but is actually two stacked defects in the npm distribution channel.Root cause
1. npm ships the
gnubinary on Linux, which can crash.npm-install/postinstall.jsresolves the download target via@napi-rs/triples, whose first Linux entry is the*-unknown-linux-gnutriple. On some Linux hosts that binary hits a general protection fault in vendored crypto during the TLS key exchange, so it dies withSIGSEGVon the first network call:The musl binary built from the same source works on the same host. This is also why
install.shalready prefers musl on Linux:The
gnu-first ordering has two more consequences: npm installs 404 onaarch64andarmLinux, because only musl assets are published for those architectures.2. The bin wrapper hides the crash.
bin/railway.jsran the binary and collapsed any failure intoexit(1), discarding both the crash signal and the binary's real exit code — turning the segfault into a silentexit 1.Changes
npm-install/postinstall.jstripleslookup.bin/railway.js1.Two files, one hunk each. No Rust/binary changes.
Testing
Verified on an affected Linux host by installing this branch as the global package:
…-x86_64-unknown-linux-musl.tar.gz; the resulting binary is static-pie/musl.railway login --browserless(the exact railway login --browserless exits silently in TTY on Linux #998 repro, in a TTY) now prints the device-code sign-in flow and polls, instead of exiting1silently.2(was1); an unauthenticatedwhoamireturns a clean1(wasSIGSEGV/139).0→0, exit2→2,SIGSEGV→ actionable message +1.x64,arm64,ia32,arm);darwin/win32unchanged.Notes
release/patch— the fix reaches users through a version bump on npm.gnuartifact faults (toolchain/CPU baseline), so thegnubuild can either be repaired or dropped from the published matrix. This PR removes user impact by not shipping it to npm Linux users, matchinginstall.sh.