* [bug#66158] [PATCH] gnu: node-lts: Update to 18.18.0.
@ 2023-09-22 18:13 jlicht
2023-10-06 15:59 ` Jelle Licht
2023-10-27 16:02 ` [bug#66158] [PATCH v2] gnu: node-lts: Update to 18.18.2 jlicht
0 siblings, 2 replies; 6+ messages in thread
From: jlicht @ 2023-09-22 18:13 UTC (permalink / raw)
To: 66158; +Cc: Jelle Licht
From: Jelle Licht <jlicht@fsfe.org>
* gnu/packages/node.scm (node-lts): Update to 18.18.0.
---
gnu/packages/node.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index d769066dc4..a933a83e98 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -738,14 +738,14 @@ (define-public llhttp-bootstrap
(define-public node-lts
(package
(inherit node)
- (version "18.17.1")
+ (version "18.18.0")
(source (origin
(method url-fetch)
(uri (string-append "https://nodejs.org/dist/v" version
"/node-v" version ".tar.gz"))
(sha256
(base32
- "0dachvhf5jxrb1av8mn2dikbhwklxsgc9y2zg4h50fcwh5d54mqi"))
+ "0z54vhfbb6g8j92z21xh8yg7rb48lqwxjw45g0qnwpxnw1z4spsw"))
(modules '((guix build utils)))
(snippet
'(begin
base-commit: ec130e1a1b7f3b87b1a6e626754f7e7a07f6b717
--
2.41.0
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [bug#66158] [PATCH] gnu: node-lts: Update to 18.18.0.
2023-09-22 18:13 [bug#66158] [PATCH] gnu: node-lts: Update to 18.18.0 jlicht
@ 2023-10-06 15:59 ` Jelle Licht
2023-10-24 15:41 ` Ludovic Courtès
2023-10-27 16:02 ` [bug#66158] [PATCH v2] gnu: node-lts: Update to 18.18.2 jlicht
1 sibling, 1 reply; 6+ messages in thread
From: Jelle Licht @ 2023-10-06 15:59 UTC (permalink / raw)
To: 66158
jlicht@fsfe.org writes:
> From: Jelle Licht <jlicht@fsfe.org>
>
> * gnu/packages/node.scm (node-lts): Update to 18.18.0.
> ---
>
> gnu/packages/node.scm | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
> index d769066dc4..a933a83e98 100644
> --- a/gnu/packages/node.scm
> +++ b/gnu/packages/node.scm
> @@ -738,14 +738,14 @@ (define-public llhttp-bootstrap
> (define-public node-lts
> (package
> (inherit node)
> - (version "18.17.1")
> + (version "18.18.0")
> (source (origin
> (method url-fetch)
> (uri (string-append "https://nodejs.org/dist/v" version
> "/node-v" version ".tar.gz"))
> (sha256
> (base32
> - "0dachvhf5jxrb1av8mn2dikbhwklxsgc9y2zg4h50fcwh5d54mqi"))
> + "0z54vhfbb6g8j92z21xh8yg7rb48lqwxjw45g0qnwpxnw1z4spsw"))
> (modules '((guix build utils)))
> (snippet
> '(begin
>
> base-commit: ec130e1a1b7f3b87b1a6e626754f7e7a07f6b717
> --
> 2.41.0
Heads up: this breaks our node-openzwave-shared build, which happens due
to a breaking change in the NPM that is shipped along with node. It will
not work for many local `npm run build' scripts that use node-gyp for
the same reason, so I don't think this should be merged as-is.
I'm keeping an eye on https://github.com/npm/cli/issues/6842 for a
proper fix, but if nobody objects, I'd like to try my hand at a custom
generated wrapper script in `$output/lib/node_modules/npm/bin/node-gyp'
that restores the older behaviour. We can revert this hack once there's
a proper fix in upstream.
Any thoughts?
- Jelle
^ permalink raw reply [flat|nested] 6+ messages in thread
* [bug#66158] [PATCH] gnu: node-lts: Update to 18.18.0.
2023-10-06 15:59 ` Jelle Licht
@ 2023-10-24 15:41 ` Ludovic Courtès
0 siblings, 0 replies; 6+ messages in thread
From: Ludovic Courtès @ 2023-10-24 15:41 UTC (permalink / raw)
To: Jelle Licht; +Cc: 66158
Hi,
Jelle Licht <jlicht@fsfe.org> skribis:
> jlicht@fsfe.org writes:
>
>> From: Jelle Licht <jlicht@fsfe.org>
>>
>> * gnu/packages/node.scm (node-lts): Update to 18.18.0.
>> ---
>>
>> gnu/packages/node.scm | 4 ++--
>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
>> index d769066dc4..a933a83e98 100644
>> --- a/gnu/packages/node.scm
>> +++ b/gnu/packages/node.scm
>> @@ -738,14 +738,14 @@ (define-public llhttp-bootstrap
>> (define-public node-lts
>> (package
>> (inherit node)
>> - (version "18.17.1")
>> + (version "18.18.0")
>> (source (origin
>> (method url-fetch)
>> (uri (string-append "https://nodejs.org/dist/v" version
>> "/node-v" version ".tar.gz"))
>> (sha256
>> (base32
>> - "0dachvhf5jxrb1av8mn2dikbhwklxsgc9y2zg4h50fcwh5d54mqi"))
>> + "0z54vhfbb6g8j92z21xh8yg7rb48lqwxjw45g0qnwpxnw1z4spsw"))
>> (modules '((guix build utils)))
>> (snippet
>> '(begin
>>
>> base-commit: ec130e1a1b7f3b87b1a6e626754f7e7a07f6b717
>> --
>> 2.41.0
>
> Heads up: this breaks our node-openzwave-shared build, which happens due
> to a breaking change in the NPM that is shipped along with node. It will
> not work for many local `npm run build' scripts that use node-gyp for
> the same reason, so I don't think this should be merged as-is.
>
> I'm keeping an eye on https://github.com/npm/cli/issues/6842 for a
> proper fix, but if nobody objects, I'd like to try my hand at a custom
> generated wrapper script in `$output/lib/node_modules/npm/bin/node-gyp'
> that restores the older behaviour. We can revert this hack once there's
> a proper fix in upstream.
>
> Any thoughts?
None, but please do whatever you think is appropriate so we can push
this upgrade forward!
Thanks,
Ludo’.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [bug#66158] [PATCH v2] gnu: node-lts: Update to 18.18.2.
2023-09-22 18:13 [bug#66158] [PATCH] gnu: node-lts: Update to 18.18.0 jlicht
2023-10-06 15:59 ` Jelle Licht
@ 2023-10-27 16:02 ` jlicht
2023-11-03 9:53 ` Christopher Baines
1 sibling, 1 reply; 6+ messages in thread
From: jlicht @ 2023-10-27 16:02 UTC (permalink / raw)
To: 66158; +Cc: Jelle Licht
From: Jelle Licht <jlicht@fsfe.org>
* gnu/packages/node.scm (node-lts): Update to 18.18.2.
[arguments]<phases>: Add 'install-node-gyp-wrapper phase.
Change-Id: I6b17de33313505558a8fa9560126adef486fd0e3
---
I tried my hand at introducing a small wrapper script that works around the
node-gyp regression introduced in the version of npm bundled with node 18.18.2.
It's not quite clear yet whether upstream considers this a regression that
will still be fixed or just behaviour that be kept as-is going forward.
This patch series also leaves Node vulnerable to a recently reported CVE in
many HTTP2 server implementations, such as nghttp2, but I believe this can be
addressed by https://issues.guix.gnu.org/issue/66658
Changes in v2:
- Re-bump from 18.18.0 to 18.18.2
- Fix 'node-gyp' regression.
gnu/packages/node.scm | 25 ++++++++++++++++++++++---
1 file changed, 22 insertions(+), 3 deletions(-)
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index d769066dc4..6e30ad486a 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -738,14 +738,14 @@ (define-public llhttp-bootstrap
(define-public node-lts
(package
(inherit node)
- (version "18.17.1")
+ (version "18.18.2")
(source (origin
(method url-fetch)
(uri (string-append "https://nodejs.org/dist/v" version
"/node-v" version ".tar.gz"))
(sha256
(base32
- "0dachvhf5jxrb1av8mn2dikbhwklxsgc9y2zg4h50fcwh5d54mqi"))
+ "0ci1faxjsbp0lv05kskh5anfljn6zawqcf7dawiby5d5qg7x572h"))
(modules '((guix build utils)))
(snippet
'(begin
@@ -903,7 +903,26 @@ (define-public node-lts
"/lib/node_modules/npm/node_modules"
"/tar/lib/write-entry.js")))
(substitute* file
- (("this.stat.nlink > 1") "false")))))))))
+ (("this.stat.nlink > 1") "false")))))
+ (add-after 'install 'install-node-gyp-wrapper
+ (lambda* (#:key inputs outputs #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out"))
+ (dir (string-append out "/lib/node_modules/npm/bin/node-gyp-bin"))
+ (file (string-append dir "/node-gyp")))
+ (mkdir-p dir)
+ ;; See https://github.com/npm/cli/issues/6842
+ (call-with-output-file file
+ (lambda (port)
+ (format port "#!~a/bin/sh
+if [ \"x$npm_config_node_gyp\" = \"x\" ]; then
+ ~a/bin/node \"~a/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js\" \"$@\"
+else
+ \"$npm_config_node_gyp\" \"$@\"
+fi"
+ (assoc-ref inputs "bash")
+ out
+ out)))
+ (chmod file #o555))))))))
(native-inputs
(list ;; Runtime dependencies for binaries used as a bootstrap.
c-ares-for-node
base-commit: 2ff8de3657a5c9d0abf67bb4705251b23d97702e
--
2.41.0
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [bug#66158] [PATCH v2] gnu: node-lts: Update to 18.18.2.
2023-10-27 16:02 ` [bug#66158] [PATCH v2] gnu: node-lts: Update to 18.18.2 jlicht
@ 2023-11-03 9:53 ` Christopher Baines
2023-11-05 13:42 ` bug#66158: " Jelle Licht
0 siblings, 1 reply; 6+ messages in thread
From: Christopher Baines @ 2023-11-03 9:53 UTC (permalink / raw)
To: jlicht; +Cc: 66158
[-- Attachment #1: Type: text/plain, Size: 1118 bytes --]
jlicht@fsfe.org writes:
> From: Jelle Licht <jlicht@fsfe.org>
>
> * gnu/packages/node.scm (node-lts): Update to 18.18.2.
> [arguments]<phases>: Add 'install-node-gyp-wrapper phase.
>
> Change-Id: I6b17de33313505558a8fa9560126adef486fd0e3
> ---
> I tried my hand at introducing a small wrapper script that works around the
> node-gyp regression introduced in the version of npm bundled with node 18.18.2.
>
> It's not quite clear yet whether upstream considers this a regression that
> will still be fixed or just behaviour that be kept as-is going forward.
>
> This patch series also leaves Node vulnerable to a recently reported CVE in
> many HTTP2 server implementations, such as nghttp2, but I believe this can be
> addressed by https://issues.guix.gnu.org/issue/66658
>
> Changes in v2:
> - Re-bump from 18.18.0 to 18.18.2
> - Fix 'node-gyp' regression.
>
> gnu/packages/node.scm | 25 ++++++++++++++++++++++---
> 1 file changed, 22 insertions(+), 3 deletions(-)
Looking at QA, there seems to be some issues on aarch64-linux. The build
logs do differ between the failed builds, so I've submitted a few more.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 987 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* bug#66158: [PATCH v2] gnu: node-lts: Update to 18.18.2.
2023-11-03 9:53 ` Christopher Baines
@ 2023-11-05 13:42 ` Jelle Licht
0 siblings, 0 replies; 6+ messages in thread
From: Jelle Licht @ 2023-11-05 13:42 UTC (permalink / raw)
To: Christopher Baines; +Cc: 66158-done
Christopher Baines <mail@cbaines.net> writes:
> jlicht@fsfe.org writes:
>
>> From: Jelle Licht <jlicht@fsfe.org>
>>
>> * gnu/packages/node.scm (node-lts): Update to 18.18.2.
>> [arguments]<phases>: Add 'install-node-gyp-wrapper phase.
>>
>> Change-Id: I6b17de33313505558a8fa9560126adef486fd0e3
>> ---
>> I tried my hand at introducing a small wrapper script that works around the
>> node-gyp regression introduced in the version of npm bundled with node 18.18.2.
>>
>> It's not quite clear yet whether upstream considers this a regression that
>> will still be fixed or just behaviour that be kept as-is going forward.
>>
>> This patch series also leaves Node vulnerable to a recently reported CVE in
>> many HTTP2 server implementations, such as nghttp2, but I believe this can be
>> addressed by https://issues.guix.gnu.org/issue/66658
>>
>> Changes in v2:
>> - Re-bump from 18.18.0 to 18.18.2
>> - Fix 'node-gyp' regression.
>>
>> gnu/packages/node.scm | 25 ++++++++++++++++++++++---
>> 1 file changed, 22 insertions(+), 3 deletions(-)
>
> Looking at QA, there seems to be some issues on aarch64-linux. The build
> logs do differ between the failed builds, so I've submitted a few more.
Pushed to master as ab94e80601a5b23f44e7455b3443457b4a99a1e5.
At least the aarch64-linux build seems to have worked out. I've locally
verified that things build for i686-linux too. Please Cc me if there are
still any issues with it.
- Jelle
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2023-11-05 13:42 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-09-22 18:13 [bug#66158] [PATCH] gnu: node-lts: Update to 18.18.0 jlicht
2023-10-06 15:59 ` Jelle Licht
2023-10-24 15:41 ` Ludovic Courtès
2023-10-27 16:02 ` [bug#66158] [PATCH v2] gnu: node-lts: Update to 18.18.2 jlicht
2023-11-03 9:53 ` Christopher Baines
2023-11-05 13:42 ` bug#66158: " Jelle Licht
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.