GNU bug report logs -
#66158
[PATCH] gnu: node-lts: Update to 18.18.0.
Previous Next
Reported by: jlicht <at> fsfe.org
Date: Fri, 22 Sep 2023 18:14:01 UTC
Severity: normal
Tags: patch
Done: Jelle Licht <jlicht <at> fsfe.org>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 66158 in the body.
You can then email your comments to 66158 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#66158; Package
guix-patches.
(Fri, 22 Sep 2023 18:14:01 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
jlicht <at> fsfe.org:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Fri, 22 Sep 2023 18:14:01 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
From: Jelle Licht <jlicht <at> fsfe.org>
* gnu/packages/node.scm (node-lts): Update to 18.18.0.
---
gnu/packages/node.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index d769066dc4..a933a83e98 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -738,14 +738,14 @@ (define-public llhttp-bootstrap
(define-public node-lts
(package
(inherit node)
- (version "18.17.1")
+ (version "18.18.0")
(source (origin
(method url-fetch)
(uri (string-append "https://nodejs.org/dist/v" version
"/node-v" version ".tar.gz"))
(sha256
(base32
- "0dachvhf5jxrb1av8mn2dikbhwklxsgc9y2zg4h50fcwh5d54mqi"))
+ "0z54vhfbb6g8j92z21xh8yg7rb48lqwxjw45g0qnwpxnw1z4spsw"))
(modules '((guix build utils)))
(snippet
'(begin
base-commit: ec130e1a1b7f3b87b1a6e626754f7e7a07f6b717
--
2.41.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#66158; Package
guix-patches.
(Fri, 06 Oct 2023 16:00:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 66158 <at> debbugs.gnu.org (full text, mbox):
jlicht <at> fsfe.org writes:
> From: Jelle Licht <jlicht <at> fsfe.org>
>
> * gnu/packages/node.scm (node-lts): Update to 18.18.0.
> ---
>
> gnu/packages/node.scm | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
> index d769066dc4..a933a83e98 100644
> --- a/gnu/packages/node.scm
> +++ b/gnu/packages/node.scm
> @@ -738,14 +738,14 @@ (define-public llhttp-bootstrap
> (define-public node-lts
> (package
> (inherit node)
> - (version "18.17.1")
> + (version "18.18.0")
> (source (origin
> (method url-fetch)
> (uri (string-append "https://nodejs.org/dist/v" version
> "/node-v" version ".tar.gz"))
> (sha256
> (base32
> - "0dachvhf5jxrb1av8mn2dikbhwklxsgc9y2zg4h50fcwh5d54mqi"))
> + "0z54vhfbb6g8j92z21xh8yg7rb48lqwxjw45g0qnwpxnw1z4spsw"))
> (modules '((guix build utils)))
> (snippet
> '(begin
>
> base-commit: ec130e1a1b7f3b87b1a6e626754f7e7a07f6b717
> --
> 2.41.0
Heads up: this breaks our node-openzwave-shared build, which happens due
to a breaking change in the NPM that is shipped along with node. It will
not work for many local `npm run build' scripts that use node-gyp for
the same reason, so I don't think this should be merged as-is.
I'm keeping an eye on https://github.com/npm/cli/issues/6842 for a
proper fix, but if nobody objects, I'd like to try my hand at a custom
generated wrapper script in `$output/lib/node_modules/npm/bin/node-gyp'
that restores the older behaviour. We can revert this hack once there's
a proper fix in upstream.
Any thoughts?
- Jelle
Information forwarded
to
guix-patches <at> gnu.org:
bug#66158; Package
guix-patches.
(Tue, 24 Oct 2023 15:43:02 GMT)
Full text and
rfc822 format available.
Message #11 received at 66158 <at> debbugs.gnu.org (full text, mbox):
Hi,
Jelle Licht <jlicht <at> fsfe.org> skribis:
> jlicht <at> fsfe.org writes:
>
>> From: Jelle Licht <jlicht <at> fsfe.org>
>>
>> * gnu/packages/node.scm (node-lts): Update to 18.18.0.
>> ---
>>
>> gnu/packages/node.scm | 4 ++--
>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
>> index d769066dc4..a933a83e98 100644
>> --- a/gnu/packages/node.scm
>> +++ b/gnu/packages/node.scm
>> @@ -738,14 +738,14 @@ (define-public llhttp-bootstrap
>> (define-public node-lts
>> (package
>> (inherit node)
>> - (version "18.17.1")
>> + (version "18.18.0")
>> (source (origin
>> (method url-fetch)
>> (uri (string-append "https://nodejs.org/dist/v" version
>> "/node-v" version ".tar.gz"))
>> (sha256
>> (base32
>> - "0dachvhf5jxrb1av8mn2dikbhwklxsgc9y2zg4h50fcwh5d54mqi"))
>> + "0z54vhfbb6g8j92z21xh8yg7rb48lqwxjw45g0qnwpxnw1z4spsw"))
>> (modules '((guix build utils)))
>> (snippet
>> '(begin
>>
>> base-commit: ec130e1a1b7f3b87b1a6e626754f7e7a07f6b717
>> --
>> 2.41.0
>
> Heads up: this breaks our node-openzwave-shared build, which happens due
> to a breaking change in the NPM that is shipped along with node. It will
> not work for many local `npm run build' scripts that use node-gyp for
> the same reason, so I don't think this should be merged as-is.
>
> I'm keeping an eye on https://github.com/npm/cli/issues/6842 for a
> proper fix, but if nobody objects, I'd like to try my hand at a custom
> generated wrapper script in `$output/lib/node_modules/npm/bin/node-gyp'
> that restores the older behaviour. We can revert this hack once there's
> a proper fix in upstream.
>
> Any thoughts?
None, but please do whatever you think is appropriate so we can push
this upgrade forward!
Thanks,
Ludo’.
Information forwarded
to
guix-patches <at> gnu.org:
bug#66158; Package
guix-patches.
(Fri, 27 Oct 2023 16:04:01 GMT)
Full text and
rfc822 format available.
Message #14 received at 66158 <at> debbugs.gnu.org (full text, mbox):
From: Jelle Licht <jlicht <at> fsfe.org>
* gnu/packages/node.scm (node-lts): Update to 18.18.2.
[arguments]<phases>: Add 'install-node-gyp-wrapper phase.
Change-Id: I6b17de33313505558a8fa9560126adef486fd0e3
---
I tried my hand at introducing a small wrapper script that works around the
node-gyp regression introduced in the version of npm bundled with node 18.18.2.
It's not quite clear yet whether upstream considers this a regression that
will still be fixed or just behaviour that be kept as-is going forward.
This patch series also leaves Node vulnerable to a recently reported CVE in
many HTTP2 server implementations, such as nghttp2, but I believe this can be
addressed by https://issues.guix.gnu.org/issue/66658
Changes in v2:
- Re-bump from 18.18.0 to 18.18.2
- Fix 'node-gyp' regression.
gnu/packages/node.scm | 25 ++++++++++++++++++++++---
1 file changed, 22 insertions(+), 3 deletions(-)
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index d769066dc4..6e30ad486a 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -738,14 +738,14 @@ (define-public llhttp-bootstrap
(define-public node-lts
(package
(inherit node)
- (version "18.17.1")
+ (version "18.18.2")
(source (origin
(method url-fetch)
(uri (string-append "https://nodejs.org/dist/v" version
"/node-v" version ".tar.gz"))
(sha256
(base32
- "0dachvhf5jxrb1av8mn2dikbhwklxsgc9y2zg4h50fcwh5d54mqi"))
+ "0ci1faxjsbp0lv05kskh5anfljn6zawqcf7dawiby5d5qg7x572h"))
(modules '((guix build utils)))
(snippet
'(begin
@@ -903,7 +903,26 @@ (define-public node-lts
"/lib/node_modules/npm/node_modules"
"/tar/lib/write-entry.js")))
(substitute* file
- (("this.stat.nlink > 1") "false")))))))))
+ (("this.stat.nlink > 1") "false")))))
+ (add-after 'install 'install-node-gyp-wrapper
+ (lambda* (#:key inputs outputs #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out"))
+ (dir (string-append out "/lib/node_modules/npm/bin/node-gyp-bin"))
+ (file (string-append dir "/node-gyp")))
+ (mkdir-p dir)
+ ;; See https://github.com/npm/cli/issues/6842
+ (call-with-output-file file
+ (lambda (port)
+ (format port "#!~a/bin/sh
+if [ \"x$npm_config_node_gyp\" = \"x\" ]; then
+ ~a/bin/node \"~a/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js\" \"$@\"
+else
+ \"$npm_config_node_gyp\" \"$@\"
+fi"
+ (assoc-ref inputs "bash")
+ out
+ out)))
+ (chmod file #o555))))))))
(native-inputs
(list ;; Runtime dependencies for binaries used as a bootstrap.
c-ares-for-node
base-commit: 2ff8de3657a5c9d0abf67bb4705251b23d97702e
--
2.41.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#66158; Package
guix-patches.
(Fri, 03 Nov 2023 09:55:02 GMT)
Full text and
rfc822 format available.
Message #17 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
jlicht <at> fsfe.org writes:
> From: Jelle Licht <jlicht <at> fsfe.org>
>
> * gnu/packages/node.scm (node-lts): Update to 18.18.2.
> [arguments]<phases>: Add 'install-node-gyp-wrapper phase.
>
> Change-Id: I6b17de33313505558a8fa9560126adef486fd0e3
> ---
> I tried my hand at introducing a small wrapper script that works around the
> node-gyp regression introduced in the version of npm bundled with node 18.18.2.
>
> It's not quite clear yet whether upstream considers this a regression that
> will still be fixed or just behaviour that be kept as-is going forward.
>
> This patch series also leaves Node vulnerable to a recently reported CVE in
> many HTTP2 server implementations, such as nghttp2, but I believe this can be
> addressed by https://issues.guix.gnu.org/issue/66658
>
> Changes in v2:
> - Re-bump from 18.18.0 to 18.18.2
> - Fix 'node-gyp' regression.
>
> gnu/packages/node.scm | 25 ++++++++++++++++++++++---
> 1 file changed, 22 insertions(+), 3 deletions(-)
Looking at QA, there seems to be some issues on aarch64-linux. The build
logs do differ between the failed builds, so I've submitted a few more.
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#66158; Package
guix-patches.
(Fri, 03 Nov 2023 09:55:02 GMT)
Full text and
rfc822 format available.
Reply sent
to
Jelle Licht <jlicht <at> fsfe.org>:
You have taken responsibility.
(Sun, 05 Nov 2023 13:43:01 GMT)
Full text and
rfc822 format available.
Notification sent
to
jlicht <at> fsfe.org:
bug acknowledged by developer.
(Sun, 05 Nov 2023 13:43:02 GMT)
Full text and
rfc822 format available.
Message #25 received at 66158-done <at> debbugs.gnu.org (full text, mbox):
Christopher Baines <mail <at> cbaines.net> writes:
> jlicht <at> fsfe.org writes:
>
>> From: Jelle Licht <jlicht <at> fsfe.org>
>>
>> * gnu/packages/node.scm (node-lts): Update to 18.18.2.
>> [arguments]<phases>: Add 'install-node-gyp-wrapper phase.
>>
>> Change-Id: I6b17de33313505558a8fa9560126adef486fd0e3
>> ---
>> I tried my hand at introducing a small wrapper script that works around the
>> node-gyp regression introduced in the version of npm bundled with node 18.18.2.
>>
>> It's not quite clear yet whether upstream considers this a regression that
>> will still be fixed or just behaviour that be kept as-is going forward.
>>
>> This patch series also leaves Node vulnerable to a recently reported CVE in
>> many HTTP2 server implementations, such as nghttp2, but I believe this can be
>> addressed by https://issues.guix.gnu.org/issue/66658
>>
>> Changes in v2:
>> - Re-bump from 18.18.0 to 18.18.2
>> - Fix 'node-gyp' regression.
>>
>> gnu/packages/node.scm | 25 ++++++++++++++++++++++---
>> 1 file changed, 22 insertions(+), 3 deletions(-)
>
> Looking at QA, there seems to be some issues on aarch64-linux. The build
> logs do differ between the failed builds, so I've submitted a few more.
Pushed to master as ab94e80601a5b23f44e7455b3443457b4a99a1e5.
At least the aarch64-linux build seems to have worked out. I've locally
verified that things build for i686-linux too. Please Cc me if there are
still any issues with it.
- Jelle
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Mon, 04 Dec 2023 12:24:09 GMT)
Full text and
rfc822 format available.
This bug report was last modified 1 year and 157 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.