From: jlicht@fsfe.org
To: 74187@debbugs.gnu.org
Cc: "Jelle Licht" <jlicht@fsfe.org>,
jlicht@fsfe.org, "Ricardo Wurmus" <rekado@elephly.net>,
"Ludovic Courtès" <ludo@gnu.org>
Subject: [bug#74187] [PATCH v2 24/24] gnu: node: Rename variable node-bootstrap and hide package.
Date: Wed, 4 Dec 2024 08:49:46 +0100 [thread overview]
Message-ID: <f0d9bdc9448624960eda4933969fbbe1695270df.1733298337.git.jlicht@fsfe.org> (raw)
In-Reply-To: <cover.1733298337.git.jlicht@fsfe.org>
From: Jelle Licht <jlicht@fsfe.org>
The formerly known as node package has security issues, so should only be used
to bootstrap more recent and secure versions of node.
* gnu/packages/node.scm (node): Rename to...
(node-bootstrap): ... this, and make it a hidden package.
Change-Id: I536a8f55faa14f8221915467c2981053f4c4d70e
---
gnu/packages/node.scm | 20 ++++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index 13d2575333..16153b20da 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -56,9 +56,12 @@ (define-module (gnu packages node)
#:use-module (gnu packages tls)
#:use-module (gnu packages web)
#:use-module (ice-9 match)
+ #:use-module (srfi srfi-1)
#:use-module (srfi srfi-26))
-(define-public node
+;; This should be the latest version of node that still builds without
+;; depending on llhttp.
+(define-public node-bootstrap
(package
(name "node")
(version "10.24.1")
@@ -338,12 +341,8 @@ (define-public node
(license license:expat)
(properties '((max-silent-time . 7200) ;2h, needed on ARM
(timeout . 21600) ;6h
- (cpe-name . "node.js")))))
-
-;; This should be the latest version of node that still builds without
-;; depending on llhttp.
-(define-public node-bootstrap
- (hidden-package node))
+ (cpe-name . "node.js")
+ (hidden? . #t)))))
;; Duplicate of node-semver
(define-public node-semver-bootstrap
@@ -749,7 +748,7 @@ (define-public llhttp-bootstrap
(define-public node-lts
(package
- (inherit node)
+ (inherit node-bootstrap)
(version "20.18.1")
(source (origin
(method url-fetch)
@@ -780,7 +779,7 @@ (define-public node-lts
(("deps/uv/uv.gyp") "")
(("deps/zlib/zlib.gyp") ""))))))
(arguments
- (substitute-keyword-arguments (package-arguments node)
+ (substitute-keyword-arguments (package-arguments node-bootstrap)
((#:configure-flags configure-flags)
''("--shared-cares"
"--shared-libuv"
@@ -982,7 +981,8 @@ (define-public node-lts
nghttp3
`(,nghttp2 "lib")
openssl
- zlib))))
+ zlib))
+ (properties (alist-delete 'hidden? (package-properties node-bootstrap)))))
(define-public libnode
(package/inherit node-lts
--
2.46.0
next prev parent reply other threads:[~2024-12-04 7:53 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-03 12:01 [bug#74187] [PATCH 00/20] Bumping node to 20.18.0 and beyond jlicht
2024-11-03 12:03 ` [bug#74187] [PATCH 01/20] gnu: node: Replace customized nghttp2-for-node by nghttp2 jlicht
2024-11-03 12:03 ` [bug#74187] [PATCH 02/20] gnu: Remove nghttp2-for-node jlicht
2024-11-03 12:03 ` [bug#74187] [PATCH 03/20] gnu: node-lts: Replace customized c-ares-for-node by c-ares jlicht
2024-11-03 12:03 ` [bug#74187] [PATCH 04/20] gnu: Remove c-ares-for-node jlicht
2024-11-03 12:03 ` [bug#74187] [PATCH 05/20] gnu: Add libuv-for-node-lts jlicht
2024-11-03 12:03 ` [bug#74187] [PATCH 06/20] gnu: llhttp-bootstrap: Update to 8.1.2 jlicht
2024-11-03 12:03 ` [bug#74187] [PATCH 07/20] gnu: node-lts: Update to 20.18.0 [security fixes] jlicht
2024-11-03 12:03 ` [bug#74187] [PATCH 08/20] gnu: r-v8: Fix build with node-lts@20 jlicht
2024-11-03 18:29 ` Ricardo Wurmus
2024-11-03 12:03 ` [bug#74187] [PATCH 09/20] gnu: cwltool: Use node-lts instead of node jlicht
2024-11-03 12:03 ` [bug#74187] [PATCH 10/20] gnu: python-cwl-utils: " jlicht
2024-11-03 12:03 ` [bug#74187] [PATCH 11/20] gnu: ocaml-ezjsonm: " jlicht
2024-11-03 12:03 ` [bug#74187] [PATCH 12/20] gnu: js-of-ocaml: " jlicht
2024-11-03 12:04 ` [bug#74187] [PATCH 13/20] gnu: fmp: " jlicht
2024-11-03 12:04 ` [bug#74187] [PATCH 14/20] gnu: python-cloudscraper: " jlicht
2024-11-03 12:04 ` [bug#74187] [PATCH 15/20] gnu: qtwebengine-5: " jlicht
2024-11-03 12:04 ` [bug#74187] [PATCH 16/20] gnu: ruby-autoprefixer-rails: " jlicht
2024-11-03 12:04 ` [bug#74187] [PATCH 17/20] gnu: ruby-execjs: " jlicht
2024-11-03 12:04 ` [bug#74187] [PATCH 18/20] gnu: vlang: " jlicht
2024-11-03 12:04 ` [bug#74187] [PATCH 19/20] gnu: esbuild-node: " jlicht
2024-11-03 12:04 ` [bug#74187] [PATCH 20/20] gnu: node: Rename variable node-bootstrap and hide package jlicht
2024-11-18 10:12 ` [bug#74187] [PATCH 00/20] Bumping node to 20.18.0 and beyond Ludovic Courtès
2024-12-04 7:49 ` [bug#74187] [PATCH v2 00/24] " jlicht
2024-12-04 7:49 ` [bug#74187] [PATCH v2 01/24] gnu: node: Replace customized nghttp2-for-node by nghttp2 jlicht
2024-12-04 7:49 ` [bug#74187] [PATCH v2 02/24] gnu: Remove nghttp2-for-node jlicht
2024-12-04 7:49 ` [bug#74187] [PATCH v2 03/24] gnu: node-lts: Replace customized c-ares-for-node by c-ares jlicht
2024-12-04 7:49 ` [bug#74187] [PATCH v2 04/24] gnu: Remove c-ares-for-node jlicht
2024-12-04 7:49 ` [bug#74187] [PATCH v2 05/24] gnu: Add libuv-for-node-lts jlicht
2024-12-04 7:49 ` [bug#74187] [PATCH v2 06/24] gnu: llhttp-bootstrap: Update to 8.1.2 jlicht
2024-12-04 7:49 ` [bug#74187] [PATCH v2 07/24] gnu: node-lts: Update to 20.18.1 [security fixes] jlicht
2024-12-04 7:49 ` [bug#74187] [PATCH v2 08/24] gnu: node-uglify-js: Update to 3.19.3 jlicht
2024-12-04 7:49 ` [bug#74187] [PATCH v2 09/24] gnu: node-acorn: Update to 8.7.1 jlicht
2024-12-04 7:49 ` [bug#74187] [PATCH v2 10/24] gnu: node-nan: Update to 2.22.0 jlicht
2024-12-04 7:49 ` [bug#74187] [PATCH v2 11/24] gnu: node-addon-api: Update to 8.3.0 jlicht
2024-12-04 7:49 ` [bug#74187] [PATCH v2 12/24] gnu: r-v8: Fix build with node-lts@20 jlicht
2024-12-04 7:49 ` [bug#74187] [PATCH v2 13/24] gnu: cwltool: Use node-lts instead of node jlicht
2024-12-04 7:49 ` [bug#74187] [PATCH v2 14/24] gnu: python-cwl-utils: " jlicht
2024-12-04 7:49 ` [bug#74187] [PATCH v2 15/24] gnu: ocaml-ezjsonm: " jlicht
2024-12-04 7:49 ` [bug#74187] [PATCH v2 16/24] gnu: js-of-ocaml: " jlicht
2024-12-04 7:49 ` [bug#74187] [PATCH v2 17/24] gnu: fmp: " jlicht
2024-12-04 7:49 ` [bug#74187] [PATCH v2 18/24] gnu: python-cloudscraper: " jlicht
2024-12-04 7:49 ` [bug#74187] [PATCH v2 19/24] gnu: qtwebengine-5: " jlicht
2024-12-04 7:49 ` [bug#74187] [PATCH v2 20/24] gnu: ruby-autoprefixer-rails: " jlicht
2024-12-04 7:49 ` [bug#74187] [PATCH v2 21/24] gnu: ruby-execjs: " jlicht
2024-12-04 7:49 ` [bug#74187] [PATCH v2 22/24] gnu: vlang: " jlicht
2024-12-04 7:49 ` [bug#74187] [PATCH v2 23/24] gnu: esbuild-node: " jlicht
2024-12-04 7:49 ` jlicht [this message]
2024-12-12 11:17 ` [bug#74187] [PATCH v2 00/24] Bumping node to 20.18.0 and beyond Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f0d9bdc9448624960eda4933969fbbe1695270df.1733298337.git.jlicht@fsfe.org \
--to=jlicht@fsfe.org \
--cc=74187@debbugs.gnu.org \
--cc=ludo@gnu.org \
--cc=rekado@elephly.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).