Error 25 bei Adapterupdates nach Node.JS 16.15.1 Update

Thomas Braun

@soldierofoc

Ich würde (aber ich bin da vielleicht ein wenig voreingenommen...) die Anleitung aus meiner Signatur empfehlen.

Aber wichtigste 'lesson-learned' ist eh: Finger weg von Elzershark-Anleitungen!
Da steht durchweg Murks drin.

Soldierofoc

Vielen Dank für eure Unterstützung/Hilfe!
Werde nächstes mal dann etwas vorsichtiger vorgehen, wobei mir immer noch unklar ist, woher die unsaubere (im falschen Pfad) Node-Installation her kam...

Thomas Braun

@soldierofoc sagte in Error 25 bei Adapterupdates nach Node.JS 16.15.1 Update:

woher die unsaubere (im falschen Pfad) Node-Installation her kam...

Das wüsste ich auch mal gerne...

taba_luga

@thomas-braun ich habe die gleichen Probleme zur Zeit mit drei Adapter, die mit Error 25 bei dem Update fehlschlagen.

1. Info Adapter
2. Telegram Adapter
3. Web-Server

Ich habe gestern mein System auf Debian11 Bullseye, Nodejs 16 und NPM 8 angehoben:

xx@iobroker-prod:~$ which nodejs && nodejs -v && which node && node -v && which npm && npm -v && apt policy nodejs 
/usr/bin/nodejs
v16.15.1
/usr/bin/node
v16.15.1
/usr/bin/npm
8.11.0
nodejs:
  Installiert:           16.15.1-deb-1nodesource1
  Installationskandidat: 16.15.1-deb-1nodesource1
  Versionstabelle:
 *** 16.15.1-deb-1nodesource1 100
        100 /var/lib/dpkg/status
     14.19.3-deb-1nodesource1 500
        500 https://deb.nodesource.com/node_14.x bullseye/main amd64 Packages
     12.22.5~dfsg-2~11u1 500
        500 http://ftp.de.debian.org/debian bullseye/main amd64 Packages
        500 http://security.debian.org/debian-security bullseye-security/main amd64 Packages

Ich habe den Verlauf hier nach bestem Wissen und Gewissen verfolgt, komme aber nicht weiter. Wenn ich den Info Adapter update mit

iobroker upgrade info --debug

dann bekomme ich folgendes:

This upgrade of "info" will introduce the following changes:
==========================================================================
-> 1.9.19:
Fix audio, USB, bluetooth and printer view
==========================================================================

Would you like to upgrade info from @1.9.18 to @1.9.19 now? [(y)es, (n)o]: y
Update info from @1.9.18 to @1.9.19
NPM version: 8.11.0
Installing iobroker.info@1.9.19... (System call)
npm ERR! code ENOTEMPTY
npm ERR! syscall rename
npm ERR! path /opt/iobroker/node_modules/abab
npm ERR! dest /opt/iobroker/node_modules/.abab-bvmibCm3
npm ERR! errno -39
npm ERR! ENOTEMPTY: directory not empty, rename '/opt/iobroker/node_modules/abab' -> '/opt/iobroker/node_modules/.abab-bvmibCm3'

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/iobroker/.npm/_logs/2022-06-24T08_42_05_829Z-debug-0.log
host.iobroker-prod Cannot install iobroker.info@1.9.19: 217

Debug Telegram Update

xx@iobroker-prod:~$ iobroker upgrade telegram --debug

This upgrade of "telegram" will introduce the following changes:
==========================================================================
-> 1.12.6:
Fix crash cases reported by Sentry

-> 1.12.5:
Fix crash cases reported by Sentry

-> 1.12.4:
Fix crash cases reported by Sentry

-> 1.12.3:
Make sure also not set states can be queried - will return "State not set" in this case!
==========================================================================

Would you like to upgrade telegram from @1.12.2 to @1.12.6 now? [(y)es, (n)o]: y
Update telegram from @1.12.2 to @1.12.6
NPM version: 8.11.0
Installing iobroker.telegram@1.12.6... (System call)
npm ERR! code ENOTEMPTY
npm ERR! syscall rename
npm ERR! path /opt/iobroker/node_modules/abab
npm ERR! dest /opt/iobroker/node_modules/.abab-bvmibCm3
npm ERR! errno -39
npm ERR! ENOTEMPTY: directory not empty, rename '/opt/iobroker/node_modules/abab' -> '/opt/iobroker/node_modules/.abab-bvmibCm3'

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/iobroker/.npm/_logs/2022-06-24T09_17_07_612Z-debug-0.log
host.iobroker-prod Cannot install iobroker.telegram@1.12.6: 217

Debug Web Update

xx@iobroker-prod:~$ iobroker upgrade web --debug

This upgrade of "web" will introduce the following changes:
==========================================================================
-> 4.3.0:
Added support of rest-api
==========================================================================

Would you like to upgrade web from @4.2.3 to @4.3.0 now? [(y)es, (n)o]: y
Update web from @4.2.3 to @4.3.0
host.iobroker-prod Adapter "system.adapter.web.0" is stopped.
NPM version: 8.11.0
Installing iobroker.web@4.3.0... (System call)
npm ERR! code ENOTEMPTY
npm ERR! syscall rename
npm ERR! path /opt/iobroker/node_modules/abbrev
npm ERR! dest /opt/iobroker/node_modules/.abbrev-5eNud0FY
npm ERR! errno -39
npm ERR! ENOTEMPTY: directory not empty, rename '/opt/iobroker/node_modules/abbrev' -> '/opt/iobroker/node_modules/.abbrev-5eNud0FY'

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/iobroker/.npm/_logs/2022-06-24T09_20_20_797Z-debug-0.log
host.iobroker-prod Cannot install iobroker.web@4.3.0: 217

Was kann ich tun, um die Fehler zu beheben?

crunchip

@taba_luga sagte in Error 25 bei Adapterupdates nach Node.JS 16.15.1 Update:

ERR! ENOTEMPTY: directory not empty, rename '/opt/iobroker/node_modules/abbrev' -> '/opt/iobroker/node_modules/.abbrev-5eNud0FY'

Thomas Braun

@taba_luga sagte in Error 25 bei Adapterupdates nach Node.JS 16.15.1 Update:

Was kann ich tun, um die Fehler zu beheben?

Verzeichnisse umbenennen.
Und das node16-Repository nochmal anlegen oder die nodesource.list bearbeiten. Das fehlt bei dir und das node16-Paket hängt gerade in der Luft.

taba_luga

@thomas-braun Danke für die schnelle Info!

Ich habe das Gefühl, dass das eine Endloskette wird.
Sobald ich ein Verzeichnis umbenannt habe, kommt beim erneuten ausführen von

iobroker upgrade info --debug

jedes mal ein neues Verzeichnis, das umbenannt werden möchte. Ist das so richtig? In dem Ordner node_modules
sind ein paar Unterordner vorhanden, falls die jetzt alle umbenannt werden wollen.

Thomas Braun

@taba_luga sagte in Error 25 bei Adapterupdates nach Node.JS 16.15.1 Update:

Ist das so richtig?

Ja.

taba_luga

@thomas-braun
Die Verzeichnisse sind umbenannt. Jetzt lautet die Fehlermeldung:

iobroker upgrade info --debug
Installation broken or unknown objects type: jsonl configured.

Was meinst du genau mit:

Und das node16-Repository nochmal anlegen oder die nodesource.list bearbeiten.

Was muss ich hier genau machen? Entschuldige bitte, ich bin nicht der Linux Profi.

Thomas Braun

@taba_luga

Schau in meiner Signatur, da erkläre ich wie man mit Repos anlegt, insbesondere das nodesource/nodejs-Repository.

In deiner nodesource.list fehlt eine Zeile die sich auf node16 bezieht

Thomas Braun

@taba_luga

iobroker update -i

zeigt?

taba_luga

@thomas-braun

iobroker update -i
Installation broken or unknown objects type: jsonl configured.

Thomas Braun

@taba_luga

Mehr nicht? Bitte besser die kompletten Ein- und Ausgabezeilen zeigen, dann kann man das besser einordnen.

iobroker status
iobroker list instances
iobroker list adapters

taba_luga

@thomas-braun mehr wird nicht in der Console angezeigt:

xx@iobroker-prod:~$ iobroker update -i
Installation broken or unknown objects type: jsonl configured.
xx@iobroker-prod:~$ iobroker list instances
Installation broken or unknown objects type: jsonl configured.
xx@iobroker-prod:~$ iobroker list adapters
Installation broken or unknown objects type: jsonl configured.
xx@iobroker-prod:~$ 

Thomas Braun

@taba_luga

Installier den js-controller nochmal drüber

Homoran

@taba_luga xx ist auch ein einfallsreicher Username

taba_luga

@thomas-braun

xx@iobroker-prod:~$ npm install iobroker.js-controller
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142

added 309 packages, and audited 310 packages in 1m

18 packages are looking for funding
  run `npm fund` for details

4 vulnerabilities (3 moderate, 1 high)

To address all issues, run:
  npm audit fix

Run `npm audit` for details.
xx@iobroker-prod:~$ 

und hier npm audit und npm audit --force

xx@iobroker-prod:~$ npm audit
# npm audit report

node-forge  <=1.2.1
Severity: high
Open Redirect in node-forge - https://github.com/advisories/GHSA-8fr3-hfg3-gpgp
Prototype Pollution in node-forge debug API. - https://github.com/advisories/GHSA-5rrq-pxf6-6jx5
Prototype Pollution in node-forge util.setPath API - https://github.com/advisories/GHSA-wxgw-qj99-44c2
URL parsing in node-forge could lead to undesired behavior. - https://github.com/advisories/GHSA-gf8q-jrpm-jvxq
Prototype Pollution in node-forge - https://github.com/advisories/GHSA-92xj-mqp7-vmcj
Improper Verification of Cryptographic Signature in `node-forge` - https://github.com/advisories/GHSA-2r2c-g63r-vccr
Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-x4jg-mjrx-434g
Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-cfm4-qjh2-4765
fix available via `npm audit fix --force`
Will install iobroker.js-controller@1.5.3, which is a breaking change
node_modules/rsa-compat/node_modules/node-forge
  rsa-compat  <=1.9.4
  Depends on vulnerable versions of node-forge
  node_modules/rsa-compat
    le-acme-core  *
    Depends on vulnerable versions of rsa-compat
    node_modules/le-acme-core
      iobroker.js-controller  >=1.5.4
      Depends on vulnerable versions of le-acme-core
      node_modules/iobroker.js-controller

4 vulnerabilities (3 moderate, 1 high)

To address all issues (including breaking changes), run:
  npm audit fix --force
xx@iobroker-prod:~$ npm audit fix --force
npm WARN using --force Recommended protections disabled.
npm WARN audit Updating iobroker.js-controller to 1.5.3,which is a SemVer major change.
npm WARN deprecated json3@3.3.2: Please use the native JSON object instead of JSON 3
npm WARN deprecated mkdirp@0.5.1: Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.)

added 173 packages, removed 145 packages, changed 48 packages, and audited 334 packages in 51s

13 packages are looking for funding
  run `npm fund` for details

# npm audit report

debug  <2.6.9
Regular Expression Denial of Service in debug - https://github.com/advisories/GHSA-gxpj-cx7g-858c
fix available via `npm audit fix --force`
Will install iobroker.js-controller@4.0.23, which is a breaking change
node_modules/engine.io-client/node_modules/debug
node_modules/engine.io/node_modules/debug
node_modules/socket.io-adapter/node_modules/debug
node_modules/socket.io-client/node_modules/debug
node_modules/socket.io-parser/node_modules/debug
node_modules/socket.io/node_modules/debug
  engine.io  <=4.0.0-alpha.1
  Depends on vulnerable versions of debug
  Depends on vulnerable versions of ws
  node_modules/engine.io
    socket.io  <=2.4.1
    Depends on vulnerable versions of debug
    Depends on vulnerable versions of engine.io
    Depends on vulnerable versions of socket.io-adapter
    Depends on vulnerable versions of socket.io-client
    Depends on vulnerable versions of socket.io-parser
    node_modules/socket.io
      iobroker.js-controller  <=2.1.1
      Depends on vulnerable versions of redis
      Depends on vulnerable versions of socket.io
      Depends on vulnerable versions of socket.io-client
      Depends on vulnerable versions of winston-daily-rotate-file
      Depends on vulnerable versions of yargs
      node_modules/iobroker.js-controller
  engine.io-client  <=3.3.2 || 3.4.0 - 3.5.1 || 4.0.0-alpha.0 - 4.1.3
  Depends on vulnerable versions of debug
  Depends on vulnerable versions of parsejson
  Depends on vulnerable versions of ws
  Depends on vulnerable versions of xmlhttprequest-ssl
  node_modules/engine.io-client
    socket.io-client  1.0.0-pre - 2.1.1 || 2.3.0 - 2.3.1 || 3.0.0-rc1 - 3.0.5
    Depends on vulnerable versions of debug
    Depends on vulnerable versions of engine.io-client
    Depends on vulnerable versions of socket.io-parser
    node_modules/socket.io-client
  socket.io-adapter  <=1.1.0
  Depends on vulnerable versions of debug
  Depends on vulnerable versions of socket.io-parser
  node_modules/socket.io-adapter
  socket.io-parser  <=3.3.1
  Depends on vulnerable versions of debug
  node_modules/socket.io-parser



minimist  <=1.2.5
Severity: critical
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m
fix available via `npm audit fix --force`
Will install iobroker.js-controller@4.0.23, which is a breaking change
node_modules/winston-daily-rotate-file/node_modules/minimist
  mkdirp  0.4.1 - 0.5.1
  Depends on vulnerable versions of minimist
  node_modules/winston-daily-rotate-file/node_modules/mkdirp
    winston-daily-rotate-file  1.7.0 - 1.7.2
    Depends on vulnerable versions of mkdirp
    node_modules/winston-daily-rotate-file

parsejson  *
Severity: high
Regular Expression Denial of Service in parsejson - https://github.com/advisories/GHSA-q75g-2496-mxpp
fix available via `npm audit fix --force`
Will install iobroker.js-controller@4.0.23, which is a breaking change
node_modules/parsejson

redis  2.6.0 - 3.1.0
Severity: high
Potential exponential regex in monitor mode - https://github.com/advisories/GHSA-35q2-47q7-3pc3
fix available via `npm audit fix --force`
Will install iobroker.js-controller@4.0.23, which is a breaking change
node_modules/redis



ws  <=1.1.4
Severity: high
Denial of Service in ws - https://github.com/advisories/GHSA-5v72-xg48-5rpm
fix available via `npm audit fix --force`
Will install iobroker.js-controller@4.0.23, which is a breaking change
node_modules/engine.io-client/node_modules/ws
node_modules/engine.io/node_modules/ws

xmlhttprequest-ssl  <=1.6.1
Severity: critical
Improper Certificate Validation in xmlhttprequest-ssl - https://github.com/advisories/GHSA-72mh-269x-7mh5
Arbitrary Code Injection - https://github.com/advisories/GHSA-h4j5-c7cj-74xg
fix available via `npm audit fix --force`
Will install iobroker.js-controller@4.0.23, which is a breaking change
node_modules/xmlhttprequest-ssl

yargs-parser  6.0.0 - 13.1.1
Severity: moderate
Prototype Pollution in yargs-parser - https://github.com/advisories/GHSA-p9pc-299p-vxgp
fix available via `npm audit fix --force`
Will install iobroker.js-controller@4.0.23, which is a breaking change
node_modules/yargs-parser
  yargs  8.0.0-candidate.0 - 12.0.5
  Depends on vulnerable versions of yargs-parser
  node_modules/yargs

17 vulnerabilities (1 low, 4 moderate, 8 high, 4 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force
xx@iobroker-prod:~$

Das hat leider zu keiner Verbesserung geführt

mikeal created this issue in request/request

open Request’s Past, Present and Future #3142

Homoran

@taba_luga sagte in Error 25 bei Adapterupdates nach Node.JS 16.15.1 Update:

und hier npm audit und npm audit --force

wieso machst du so etwas?

taba_luga

@homoran wie ich oben schon schrieb, ich bin leider kein Linux Profi. Hab ich das etwas getan, was ich nicht hätte machen sollen?

apollon77

@taba_luga hoffe das npm install war im richtigen ordner (/opt/iobroker) und ja audit fix lassen