r-v8 doesn't build since node 10.22 update

  • Done
  • quality assurance status badge
Details
2 participants
  • Mark H Weaver
  • Pierre Langlois
Owner
unassigned
Submitted by
Pierre Langlois
Severity
normal
P
P
Pierre Langlois wrote on 5 Sep 2020 19:44
(name . Bug guix)(address . bug-guix@gnu.org)
87sgbwi0dn.fsf@gmx.com
Hello Guix!

I'm afraid I broke r-v8 and a few of its dependants by updating node,
sorry about that!

AFAIK, the new node uses a function from nghttp2 1.41 that's not present
in 1.40, `nghttp2_option_set_max_settings'. However, since curl depends
on nghttp2 we've grafted 1.40 -> 1.41 to avoid a full rebuild.

Looking at r-v8's log [0], it complains that the symbol is missing,
indicating it's trying to link with the old version 1.40. I /believe/
it's inherited it through r-curl.

I'm not sure how to fix this, I'm happy to revert the node update if
needed, let me know! Then we'd have to wait for the next core-updates
cycle so that we no longer graft nghttp2.

Unless somebody has a better idea?

Thanks,
Pierre

-----BEGIN PGP SIGNATURE-----

iQFMBAEBCAA2FiEEctU9gYy29KFyWDdMqPyeRH9PfVQFAl9TzpQYHHBpZXJyZS5s
YW5nbG9pc0BnbXguY29tAAoJEKj8nkR/T31UoMoH/0O73yNVa6sHJDHeSqHOky/I
HOVY75XJTcKOj1zBTtGC67TpM+El+AR56c781VQyR/g923qM0fgi7OfVQeec4xX+
yqyviDg8zcYj9hI1hys2tc9eMcJNA1GlxYcipzGhxFn1mXlJrJAVSO0sEBNw3bPr
ofMHGBOvLu8ykFqQlcfGi0ssluhn6fZMylvF3JFFfsJCnR1p5jL0MqUp0ZRfSJOT
g8bbggBhuWFfvJXhEU8guuEBHuPFgx72/I0hD1IyEe0T+qgrGbuH0arqTyNuni6h
fRnBxPQonA8A+xljLWox0G02JjsTktRdIaTG9mAn9JX4UNiqf4b3qFvqbK9y0po=
=GLpB
-----END PGP SIGNATURE-----

M
M
Mark H Weaver wrote on 5 Sep 2020 20:35
87tuwcqdek.fsf@netris.org
Hi Pierre,

I'm quoting your message out of order to ease my reply.

Pierre Langlois <pierre.langlois@gmx.com> writes:

Toggle quote (2 lines)
> I'm afraid I broke r-v8 and a few of its dependants by updating node,
> sorry about that!
[...]
Toggle quote (4 lines)
> I'm not sure how to fix this, I'm happy to revert the node update if
> needed, let me know! Then we'd have to wait for the next core-updates
> cycle so that we no longer graft nghttp2.

We will actually need node-10.22 (or at least 10.21) in 'master' in just
over 2 weeks, when we'll be compelled to update IceCat to version 78.
On Sept 22, Mozilla is scheduled to release a new batch of security
fixes in 78.3, and there will be no corresponding 68.x release.

(In fact, I had an *identical* commit on my private branch to update
'node' to 10.22, to allow testing IceCat 78 WIP.)

However, if needed, I suppose it might be sufficient for my purposes to
leave 'node' at 10.19.0, and to bind a separate 'node-10.22' variable to
the new version.

Toggle quote (8 lines)
> AFAIK, the new node uses a function from nghttp2 1.41 that's not
> present in 1.40, `nghttp2_option_set_max_settings'. However, since curl
> depends on nghttp2 we've grafted 1.40 -> 1.41 to avoid a full rebuild.
>
> Looking at r-v8's log [0], it complains that the symbol is missing,
> indicating it's trying to link with the old version 1.40. I /believe/
> it's inherited it through r-curl.

If grafting is working as it should, then nghttp2-1.40 should never be
linked at runtime. However, it is certainly the case that most things
(except node-10.22) are *built* against nghttp2-1.40, where the
aforementioned symbol is missing.

One possible solution might be to update the replacement (graft) for
_curl_ so that it's *built* against nghttp2-1.41. Something like this
(untested):

Toggle snippet (16 lines)
diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
index 55b7e4393b..bfcb52b678 100644
--- a/gnu/packages/curl.scm
+++ b/gnu/packages/curl.scm
@@ -183,6 +183,9 @@ tunneling, and so on.")
(sha256
(base32
"0wlppmx9iry8slh4pqcxj7lwc6fqwnlhh9ri2pcym2rx76a8gwfd"))))
+ (inputs
+ `(("nghttp2" ,nghttp2-1.41 "lib")
+ ,@(alist-delete "nghttp2" (package-inputs curl))))
(arguments
(substitute-keyword-arguments (package-arguments curl)
((#:phases phases)

Would you like to try this and see if it solves the problem?

Mark
P
P
Pierre Langlois wrote on 5 Sep 2020 21:29
(name . Mark H Weaver)(address . mhw@netris.org)
87blikhvj2.fsf@gmx.com
Hi Mark,

Mark H Weaver writes:

Toggle quote (18 lines)
> Hi Pierre,
>
> I'm quoting your message out of order to ease my reply.
>
> Pierre Langlois <pierre.langlois@gmx.com> writes:
>
>> I'm afraid I broke r-v8 and a few of its dependants by updating node,
>> sorry about that!
> [...]
>> I'm not sure how to fix this, I'm happy to revert the node update if
>> needed, let me know! Then we'd have to wait for the next core-updates
>> cycle so that we no longer graft nghttp2.
>
> We will actually need node-10.22 (or at least 10.21) in 'master' in just
> over 2 weeks, when we'll be compelled to update IceCat to version 78.
> On Sept 22, Mozilla is scheduled to release a new batch of security
> fixes in 78.3, and there will be no corresponding 68.x release.

Oooh cool! Looking forwards to icecat 78!

Toggle quote (43 lines)
> (In fact, I had an *identical* commit on my private branch to update
> 'node' to 10.22, to allow testing IceCat 78 WIP.)
>
> However, if needed, I suppose it might be sufficient for my purposes to
> leave 'node' at 10.19.0, and to bind a separate 'node-10.22' variable to
> the new version.
>
>> AFAIK, the new node uses a function from nghttp2 1.41 that's not
>> present in 1.40, `nghttp2_option_set_max_settings'. However, since curl
>> depends on nghttp2 we've grafted 1.40 -> 1.41 to avoid a full rebuild.
>>
>> Looking at r-v8's log [0], it complains that the symbol is missing,
>> indicating it's trying to link with the old version 1.40. I /believe/
>> it's inherited it through r-curl.
>
> If grafting is working as it should, then nghttp2-1.40 should never be
> linked at runtime. However, it is certainly the case that most things
> (except node-10.22) are *built* against nghttp2-1.40, where the
> aforementioned symbol is missing.
>
> One possible solution might be to update the replacement (graft) for
> _curl_ so that it's *built* against nghttp2-1.41. Something like this
> (untested):
>
> --8<---------------cut here---------------start------------->8---
> diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
> index 55b7e4393b..bfcb52b678 100644
> --- a/gnu/packages/curl.scm
> +++ b/gnu/packages/curl.scm
> @@ -183,6 +183,9 @@ tunneling, and so on.")
> (sha256
> (base32
> "0wlppmx9iry8slh4pqcxj7lwc6fqwnlhh9ri2pcym2rx76a8gwfd"))))
> + (inputs
> + `(("nghttp2" ,nghttp2-1.41 "lib")
> + ,@(alist-delete "nghttp2" (package-inputs curl))))
> (arguments
> (substitute-keyword-arguments (package-arguments curl)
> ((#:phases phases)
> --8<---------------cut here---------------end--------------->8---
>
> Would you like to try this and see if it solves the problem?

I'm afraid this still doesn't solve the problem. AFAIU, grafting the new
curl happens after building r-v8, so at link time it still sees the old
nghttp2 version.

Thinking about this, since the new node essentially uses a new ABI to
link with nghttp2 by requiring a new symbol, this isn't something we can
fix with grafting I believe.

It's possible to make r-curl specifically depend on the new curl like
so:

Toggle snippet (38 lines)
diff --git a/gnu/packages/cran.scm b/gnu/packages/cran.scm
index 2c202e8508..16022c695d 100644
--- a/gnu/packages/cran.scm
+++ b/gnu/packages/cran.scm
@@ -1038,7 +1038,7 @@ if(_ca_bundle != NULL) { curl_easy_setopt(handle, CURLOPT_CAINFO, _ca_bundle); }
" m)))
#t)))))
(inputs
- `(("libcurl" ,curl)
+ `(("libcurl" ,curl-7.71.0)
("zlib" ,zlib)))
(native-inputs
`(("pkg-config" ,pkg-config)))
diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
index 55b7e4393b..aa103306a6 100644
--- a/gnu/packages/curl.scm
+++ b/gnu/packages/curl.scm
@@ -172,7 +172,7 @@ tunneling, and so on.")
(inputs (alist-delete "openldap" (package-inputs curl))))))
;; Replacement package to fix CVE-2020-8169 and CVE-2020-8177.
-(define curl-7.71.0
+(define-public curl-7.71.0
(package
(inherit curl)
(version "7.71.0")
@@ -183,6 +183,9 @@ tunneling, and so on.")
(sha256
(base32
"0wlppmx9iry8slh4pqcxj7lwc6fqwnlhh9ri2pcym2rx76a8gwfd"))))
+ (inputs
+ `(("nghttp2" ,nghttp2-1.41 "lib")
+ ,@(alist-delete "nghttp2" (package-inputs curl))))
(arguments
(substitute-keyword-arguments (package-arguments curl)
((#:phases phases)

But I'm not sure I like this very much, this is getting a bit messy.

Instead, I'm thinking your suggestion of leaving 'node' at 10.19 for now
(or 10.20, I can try that) and then introduce a 'node-10.22' package
that can be used for Icecat is better. I can do that. How does that
sound?

Thanks,
Pierre
-----BEGIN PGP SIGNATURE-----

iQFMBAEBCAA2FiEEctU9gYy29KFyWDdMqPyeRH9PfVQFAl9T5yEYHHBpZXJyZS5s
YW5nbG9pc0BnbXguY29tAAoJEKj8nkR/T31U1FwH+gOHU7kaXjGVnnQmwMkuIHyT
JDM55/wUtEyzVFJjpH8EC8k5KoBn2zKHljQv3Z/329y96wjJ++C/R4dJgCv7Fx2e
v+SOffrBFEB+ANSqHSDAZLAIBoUJl+ewQWWpJMi4aZSiv+gPje15COJD0cUBKnJu
S5uA6rcRTxqPZAGhyTT22WCnzxJ8APyTHw1fDuuA8Tzd5QusKV1vTqAMccepSRoK
VizgxLX0ZYXMqYgzcEVXSKzwqyKcCIO92CEgrgMjpzcYqxCy1P8gQAxPckYCdpI0
3QCmwo2SAO6PGCOa6gmDS5rxAGhtsgrYbJlbMfotb9sbj+2ppnbAcvKUey2cZ18=
=cjHU
-----END PGP SIGNATURE-----

M
M
Mark H Weaver wrote on 6 Sep 2020 01:13
(name . Pierre Langlois)(address . pierre.langlois@gmx.com)(address . 43228@debbugs.gnu.org)
87o8mjrf3u.fsf@netris.org
Hi Pierre,

Pierre Langlois <pierre.langlois@gmx.com> writes:

Toggle quote (10 lines)
> Mark H Weaver writes:
>
>> One possible solution might be to update the replacement (graft) for
>> _curl_ so that it's *built* against nghttp2-1.41. Something like this
>> (untested):
>
> I'm afraid this still doesn't solve the problem. AFAIU, grafting the new
> curl happens after building r-v8, so at link time it still sees the old
> nghttp2 version.

Ah yes, that makes sense.

Toggle quote (4 lines)
> Instead, I'm thinking your suggestion of leaving 'node' at 10.19 for now
> (or 10.20, I can try that) and then introduce a 'node-10.22' package
> that can be used for Icecat is better.

That indeed might be the best approach for now.

Toggle quote (2 lines)
> I can do that. How does that sound?

Sure, sounds good. Thanks!

Mark
P
P
Pierre Langlois wrote on 6 Sep 2020 13:17
(name . Mark H Weaver)(address . mhw@netris.org)
87pn6z5f4j.fsf@gmx.com
Mark H Weaver writes:

Toggle quote (26 lines)
> Hi Pierre,
>
> Pierre Langlois <pierre.langlois@gmx.com> writes:
>
>> Mark H Weaver writes:
>>
>>> One possible solution might be to update the replacement (graft) for
>>> _curl_ so that it's *built* against nghttp2-1.41. Something like this
>>> (untested):
>>
>> I'm afraid this still doesn't solve the problem. AFAIU, grafting the new
>> curl happens after building r-v8, so at link time it still sees the old
>> nghttp2 version.
>
> Ah yes, that makes sense.
>
>> Instead, I'm thinking your suggestion of leaving 'node' at 10.19 for now
>> (or 10.20, I can try that) and then introduce a 'node-10.22' package
>> that can be used for Icecat is better.
>
> That indeed might be the best approach for now.
>
>> I can do that. How does that sound?
>
> Sure, sounds good. Thanks!

Cool, here's a patch to do just that :-). I tried to update node to
10.21 but that still required the newer nghttp2 lib, but it worked for
10.20.

Thanks,
Pierre
-----BEGIN PGP SIGNATURE-----

iQFMBAEBCgA2FiEEctU9gYy29KFyWDdMqPyeRH9PfVQFAl9UxSwYHHBpZXJyZS5s
YW5nbG9pc0BnbXguY29tAAoJEKj8nkR/T31UcDwH/A3B1ce50Ask2Z4K5pgaIVOs
CjSoUsnkIO2UM28ZSshjv1tX9bvt8MfAy6B41v82RCnZYlpug30QOMORT6+9eY2o
wYfw/3Ksk5na+N+glP5ME8LuCNVexqP7LZ4vMBbPnR9JtVW/FdmtTM6isltk6AAy
YOkt8wMZW/RKD0Dq4tgGVyoCftjyNpS7FAsvQdy8ZkcKD1bN4OLvOzyDM4ya6IpX
OtH+9t5xUOAv243ggJ5a3n3IegVFJ4Ft8jtuchlvHRaCkl0WK6LDDsJiN3whnJrV
kfCFcQ6odQvEhipVSyf3Jh4YGhEKHwQWlHZ7tkgwbweaSt2gj2/qUjBmBxVhb7A=
=2eIH
-----END PGP SIGNATURE-----

From eb00ab49df23f7319009a9fec7fc2805016e2e25 Mon Sep 17 00:00:00 2001
From: Pierre Langlois <pierre.langlois@gmx.com>
Date: Sat, 5 Sep 2020 21:05:08 +0100
Subject: [PATCH] gnu: node: Downgrade to 10.20.0.

But keep version 10.22.0 around with a new node-10.22 variable.

* gnu/packages/node.scm (node): Downgrade to 10.22.0.
[inputs]: Downgrade nghttp2 to 1.40.
(node-10.22): New variable.
---
gnu/packages/node.scm | 44 ++++++++++++++++++++++++++++++++++++++++---
1 file changed, 41 insertions(+), 3 deletions(-)

Toggle diff (82 lines)
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index ed0b5c4f16..345668fa56 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -25,6 +25,7 @@

(define-module (gnu packages node)
#:use-module ((guix licenses) #:select (expat))
+ #:use-module ((guix build utils) #:select (alist-replace))
#:use-module (guix packages)
#:use-module (guix derivations)
#:use-module (guix download)
@@ -47,14 +48,14 @@
(define-public node
(package
(name "node")
- (version "10.22.0")
+ (version "10.20.0")
(source (origin
(method url-fetch)
(uri (string-append "https://nodejs.org/dist/v" version
"/node-v" version ".tar.xz"))
(sha256
(base32
- "1nz18fa550li10r0kzsm28c2rvvq61nq8bqdygip0rmvbi2paxg0"))
+ "0cvjwnl0wkcsyw3kannbdv01s235wrnp11n2s6swzjx95gpichfi"))
(modules '((guix build utils)))
(snippet
`(begin
@@ -186,7 +187,7 @@
("http-parser" ,http-parser)
("icu4c" ,icu4c)
("libuv" ,libuv)
- ("nghttp2" ,nghttp2-1.41 "lib")
+ ("nghttp2" ,nghttp2 "lib")
("openssl" ,openssl)
("zlib" ,zlib)))
(synopsis "Evented I/O for V8 JavaScript")
@@ -200,6 +201,43 @@ devices.")
(properties '((max-silent-time . 7200) ;2h, needed on ARM
(timeout . 21600))))) ;6h

+;; TODO: Make this the default node on core-updates. This cannot be done on
+;; master since this version of node requires a newer nghttp2 library at link
+;; time.
+(define-public node-10.22
+ (package
+ (inherit node)
+ (version "10.22.0")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "https://nodejs.org/dist/v" version
+ "/node-v" version ".tar.xz"))
+ (sha256
+ (base32
+ "1nz18fa550li10r0kzsm28c2rvvq61nq8bqdygip0rmvbi2paxg0"))
+ (modules '((guix build utils)))
+ (snippet
+ `(begin
+ ;; Remove bundled software.
+ (for-each delete-file-recursively
+ '("deps/cares"
+ "deps/http_parser"
+ "deps/icu-small"
+ "deps/nghttp2"
+ "deps/openssl"
+ "deps/uv"
+ "deps/zlib"))
+ (substitute* "Makefile"
+ ;; Remove references to bundled software.
+ (("deps/http_parser/http_parser.gyp") "")
+ (("deps/uv/include/\\*.h") "")
+ (("deps/uv/uv.gyp") "")
+ (("deps/zlib/zlib.gyp") ""))
+ #t))))
+ (inputs
+ (alist-replace "nghttp2" (list nghttp2-1.41 "lib")
+ (package-inputs node)))))
+
(define-public libnode
(package
(inherit node)
--
2.28.0
M
M
Mark H Weaver wrote on 6 Sep 2020 21:42
(name . Pierre Langlois)(address . pierre.langlois@gmx.com)(address . 43228@debbugs.gnu.org)
878sdmr8sh.fsf@netris.org
Hi Pierre,

Your new patch looks good to me, but the node-10.22 source field could
be simplified to avoid repeating the unchanged field (especially the
snippet), by inheriting from (package-source node) like this:

Toggle snippet (9 lines)
(source (origin
(inherit (package-source node))
(uri (string-append "https://nodejs.org/dist/v" version
"/node-v" version ".tar.xz"))
(sha256
(base32
"1nz18fa550li10r0kzsm28c2rvvq61nq8bqdygip0rmvbi2paxg0"))))

Also, it would be great to find a way to fit in the subject line that
10.22 is also being kept as a separate binding, especially since "guix
build node" and most other user commands will still build 10.22. Maybe
something like this:

gnu: node: Downgrade to 10.20.0; add separate 'node-10.22' binding.

What do you think?

Anyway, feel free to push this, preferably after incorporating these
suggestions. If I'm not mistaken, the simplification suggested above
should not change the .drv file, and therefore not entail a rebuild, so
testing it should be very quick.

Thanks!
Mark
P
P
Pierre Langlois wrote on 7 Sep 2020 00:23
(name . Mark H Weaver)(address . mhw@netris.org)
87tuwalf2w.fsf@gmx.com
Hi Mark,

Mark H Weaver writes:

Toggle quote (16 lines)
> Hi Pierre,
>
> Your new patch looks good to me, but the node-10.22 source field could
> be simplified to avoid repeating the unchanged field (especially the
> snippet), by inheriting from (package-source node) like this:
>
> --8<---------------cut here---------------start------------->8---
> (source (origin
> (inherit (package-source node))
> (uri (string-append "https://nodejs.org/dist/v" version
> "/node-v" version ".tar.xz"))
> (sha256
> (base32
> "1nz18fa550li10r0kzsm28c2rvvq61nq8bqdygip0rmvbi2paxg0"))))
> --8<---------------cut here---------------end--------------->8---

Oh yeah, that's much better.

Toggle quote (10 lines)
>
> Also, it would be great to find a way to fit in the subject line that
> 10.22 is also being kept as a separate binding, especially since "guix
> build node" and most other user commands will still build 10.22. Maybe
> something like this:
>
> gnu: node: Downgrade to 10.20.0; add separate 'node-10.22' binding.
>
> What do you think?

Actually, even better, I can split this into two separate commits.

Toggle quote (6 lines)
>
> Anyway, feel free to push this, preferably after incorporating these
> suggestions. If I'm not mistaken, the simplification suggested above
> should not change the .drv file, and therefore not entail a rebuild, so
> testing it should be very quick.

Pushed as 6b7cba0fa897e97b43e76612e3736429426f4d9d and
92db0d39e2aa64be390e86172bd670d98e121c4b, thanks for the review!

Pierre
-----BEGIN PGP SIGNATURE-----

iQFMBAEBCgA2FiEEctU9gYy29KFyWDdMqPyeRH9PfVQFAl9VYWgYHHBpZXJyZS5s
YW5nbG9pc0BnbXguY29tAAoJEKj8nkR/T31UIA0H/RBdW+hGtQOhwS8jipG9nCyV
b8TPnQWapBCq22lYG0PI51VzlflFWgyJznFLpu2aXK4If2H4BSiywYwTjQJanLiB
LAfe2FpvdpqcHgT1Hs/DNPl0gi1zMfEw9Bal1MjULYoVIerUxP0iwCiVr/3wHVgk
nkQ6KgQzLy87FhvROm8j3gc8UYgWblAzMHnesXVz4hMvS0MAQdKcMjad+MC8/6mD
LoAi3O7CPNuYLk1xT/h0M8AuGM/zaCUd8eQ6wOtdtnImzRPNWjPy36Km+okY/19C
hXAyvIgHWcuP2Z2vuGwTjA21C/PtU8UzLxF1ihK3DkEnC0ZXIAHbYyR0DMlQQBU=
=HYSC
-----END PGP SIGNATURE-----

Closed
?