[PATCH 0/4] gnu: node-lts: Update to 18.12.1.

  • Done
  • quality assurance status badge
Details
8 participants
  • Dr. Arne Babenhauserheide
  • Hilton Chain
  • Jelle Licht
  • Leo Famulari
  • Liliana Marie Prikler
  • Ludovic Courtès
  • Christopher Baines
  • Mekeor Melire
Owner
unassigned
Submitted by
Hilton Chain
Severity
normal
H
H
Hilton Chain wrote on 11 Nov 2022 06:34
(address . guix-patches@gnu.org)
y761qqadpgr.wl-hako@ultrarare.space
Hilton Chain (4):
gnu: libuv-for-node: Update to 1.43.0.
gnu: llhttp-bootstrap: Update to 6.0.10.
gnu: node-lts: Update to 18.12.1.
gnu: libnode: Use node-lts as base.

gnu/local.mk | 1 -
gnu/packages/libevent.scm | 4 +-
gnu/packages/node.scm | 44 +++++---
.../llhttp-bootstrap-CVE-2020-8287.patch | 100 ------------------
4 files changed, 30 insertions(+), 119 deletions(-)
delete mode 100644 gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch


base-commit: 70df5c47a89f4f353a1df94467581a0f0da599a4
--
2.38.1
H
H
Hilton Chain wrote on 11 Nov 2022 06:35
[PATCH 1/4] gnu: libuv-for-node: Update to 1.43.0.
(address . 59188@debbugs.gnu.org)
y76zgcycatu.wl-hako@ultrarare.space
* gnu/packages/libevent.scm (libuv-for-node): Update to 1.43.0.
---
gnu/packages/libevent.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (21 lines)
diff --git a/gnu/packages/libevent.scm b/gnu/packages/libevent.scm
index 176e66cf42..5aff343c06 100644
--- a/gnu/packages/libevent.scm
+++ b/gnu/packages/libevent.scm
@@ -147,14 +147,14 @@ (define-public libuv-for-node
(package
(inherit libuv)
(name "libuv")
- (version "1.42.0")
+ (version "1.43.0")
(source (origin
(method url-fetch)
(uri (string-append "https://dist.libuv.org/dist/v" version
"/libuv-v" version ".tar.gz"))
(sha256
(base32
- "0wpb9pz3r8nksnrf4zbixj2kk9whr7abi45ydrwyv2js2ljrc4j3"))))
+ "194kwq3jfj9s628kzkchdca534rikjw0xiyas0cjbphqmsvjpmwh"))))
(properties '((hidden? . #t)))))

(define-public libuv-julia
--
2.38.1
H
H
Hilton Chain wrote on 11 Nov 2022 06:36
[PATCH 2/4] gnu: llhttp-bootstrap: Update to 6.0.10.
(address . 59188@debbugs.gnu.org)
y76y1sicas3.wl-hako@ultrarare.space
* gnu/packages/node.scm (llhttp-bootstrap): Update to 6.0.10.
* gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch: Remove file.
* gnu/local.mk: Remove it.
---
gnu/local.mk | 1 -
gnu/packages/node.scm | 5 +-
.../llhttp-bootstrap-CVE-2020-8287.patch | 100 ------------------
3 files changed, 2 insertions(+), 104 deletions(-)
delete mode 100644 gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch

Toggle diff (143 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index 27b31ea27f..1c4b9def96 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1480,7 +1480,6 @@ dist_patch_DATA = \
%D%/packages/patches/linuxdcpp-openssl-1.1.patch \
%D%/packages/patches/lirc-localstatedir.patch \
%D%/packages/patches/lirc-reproducible-build.patch \
- %D%/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch \
%D%/packages/patches/llvm-3.5-fix-clang-build-with-gcc5.patch \
%D%/packages/patches/llvm-3.6-fix-build-with-gcc-10.patch \
%D%/packages/patches/llvm-3.x.1-fix-build-with-gcc.patch \
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index 4e9daa522d..0af0158f45 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -666,7 +666,7 @@ (define-public node-llparse-bootstrap
(define-public llhttp-bootstrap
(package
(name "llhttp")
- (version "2.1.4")
+ (version "6.0.10")
(source (origin
(method git-fetch)
(uri (git-reference
@@ -675,8 +675,7 @@ (define-public llhttp-bootstrap
(file-name (git-file-name name version))
(sha256
(base32
- "115mwyds9655p76lhglxg2blc1ksgrix6zhigaxnc2q6syy3pa6x"))
- (patches (search-patches "llhttp-bootstrap-CVE-2020-8287.patch"))
+ "0izwqa77y007xdi0bj3ccw821n19rz89mz4hx4lg99fwkwylr6x8"))
(modules '((guix build utils)))
(snippet
'(begin
diff --git a/gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch b/gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch
deleted file mode 100644
index 215c920e53..0000000000
--- a/gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch
+++ /dev/null
@@ -1,100 +0,0 @@
-This patch comes from upstream. It corresponds to a patch applied to
-the generated C source code for llhttp included in Node.js 14.16.0
-(see commit 641f786bb1a1f6eb1ff8750782ed939780f2b31a). That commit
-fixes CVE-2020-8287. With this patch, the output of our
-llhttp-bootstrap package matches the files included in Node.js 14.16.0
-exactly.
-
-commit e9b36ea64709c35ca66094d5cf3787f444029601
-Author: Fedor Indutny <fedor@indutny.com>
-Date: Sat Oct 10 19:56:01 2020 -0700
-
- http: unset `F_CHUNKED` on new `Transfer-Encoding`
-
- Duplicate `Transfer-Encoding` header should be a treated as a single,
- but with original header values concatenated with a comma separator. In
- the light of this, even if the past `Transfer-Encoding` ended with
- `chunked`, we should be not let the `F_CHUNKED` to leak into the next
- header, because mere presence of another header indicates that `chunked`
- is not the last transfer-encoding token.
-
-diff --git a/src/llhttp/http.ts b/src/llhttp/http.ts
-index f4f1a6e..0a0c365 100644
---- a/src/llhttp/http.ts
-+++ b/src/llhttp/http.ts
-@@ -460,11 +460,19 @@ export class HTTP {
- .match([ ' ', '\t' ], n('header_value_discard_ws'))
- .otherwise(checkContentLengthEmptiness);
-
-+ // Multiple `Transfer-Encoding` headers should be treated as one, but with
-+ // values separate by a comma.
-+ //
-+ // See: https://tools.ietf.org/html/rfc7230#section-3.2.2
-+ const toTransferEncoding = this.unsetFlag(
-+ FLAGS.CHUNKED,
-+ 'header_value_te_chunked');
-+
- n('header_value_start')
- .otherwise(this.load('header_state', {
- [HEADER_STATE.UPGRADE]: this.setFlag(FLAGS.UPGRADE, fallback),
- [HEADER_STATE.TRANSFER_ENCODING]: this.setFlag(
-- FLAGS.TRANSFER_ENCODING, 'header_value_te_chunked'),
-+ FLAGS.TRANSFER_ENCODING, toTransferEncoding),
- [HEADER_STATE.CONTENT_LENGTH]: n('header_value_content_length_once'),
- [HEADER_STATE.CONNECTION]: n('header_value_connection'),
- }, 'header_value'));
-@@ -847,6 +855,11 @@ export class HTTP {
- return span.start(span.end(this.node(next)));
- }
-
-+ private unsetFlag(flag: FLAGS, next: string | Node): Node {
-+ const p = this.llparse;
-+ return p.invoke(p.code.and('flags', ~flag), this.node(next));
-+ }
-+
- private setFlag(flag: FLAGS, next: string | Node): Node {
- const p = this.llparse;
- return p.invoke(p.code.or('flags', flag), this.node(next));
-diff --git a/test/request/transfer-encoding.md b/test/request/transfer-encoding.md
-index a7d1681..b0891d6 100644
---- a/test/request/transfer-encoding.md
-+++ b/test/request/transfer-encoding.md
-@@ -353,6 +353,38 @@ off=106 headers complete method=3 v=1/1 flags=200 content_length=0
- off=106 error code=15 reason="Request has invalid `Transfer-Encoding`"
- ```
-
-+## POST with `chunked` and duplicate transfer-encoding
-+
-+<!-- meta={"type": "request", "noScan": true} -->
-+```http
-+POST /post_identity_body_world?q=search#hey HTTP/1.1
-+Accept: */*
-+Transfer-Encoding: chunked
-+Transfer-Encoding: deflate
-+
-+World
-+```
-+
-+```log
-+off=0 message begin
-+off=5 len=38 span[url]="/post_identity_body_world?q=search#hey"
-+off=44 url complete
-+off=54 len=6 span[header_field]="Accept"
-+off=61 header_field complete
-+off=62 len=3 span[header_value]="*/*"
-+off=67 header_value complete
-+off=67 len=17 span[header_field]="Transfer-Encoding"
-+off=85 header_field complete
-+off=86 len=7 span[header_value]="chunked"
-+off=95 header_value complete
-+off=95 len=17 span[header_field]="Transfer-Encoding"
-+off=113 header_field complete
-+off=114 len=7 span[header_value]="deflate"
-+off=123 header_value complete
-+off=125 headers complete method=3 v=1/1 flags=200 content_length=0
-+off=125 error code=15 reason="Request has invalid `Transfer-Encoding`"
-+```
-+
- ## POST with `chunked` before other transfer-coding (lenient)
-
- TODO(indutny): should we allow it even in lenient mode? (Consider disabling
--
2.38.1
H
H
Hilton Chain wrote on 11 Nov 2022 06:37
[PATCH 3/4] gnu: node-lts: Update to 18.12.1.
(address . 59188@debbugs.gnu.org)
y76wn82car1.wl-hako@ultrarare.space
* gnu/packages/node.scm (node-lts): Update to 18.12.1.
[snippet]: Keep file deps/openssl/nodejs-openssl.cnf.
[arguments]<#:phases>: Adjust problematic tests to delete accordingly.
Patch additional file with hardcoded references to /bin/sh.
[native-inputs,inputs]: Replace openssl-1.1 with openssl.
---
gnu/packages/node.scm | 35 ++++++++++++++++++++++++-----------
1 file changed, 24 insertions(+), 11 deletions(-)

Toggle diff (94 lines)
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index 0af0158f45..cae7d3b0ca 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -735,23 +735,28 @@ (define-public llhttp-bootstrap
(define-public node-lts
(package
(inherit node)
- (version "14.19.3")
+ (version "18.12.1")
(source (origin
(method url-fetch)
(uri (string-append "https://nodejs.org/dist/v" version
- "/node-v" version ".tar.xz"))
+ "/node-v" version ".tar.gz"))
(sha256
(base32
- "15691j5zhiikyamiwwd7f282g6d9acfhq91nrwx54xya38gmpx2w"))
+ "11n1h54wgh61inrlqjp0j4fqcz6kl60a3iip7ya90nqdl3fp90ds"))
(modules '((guix build utils)))
(snippet
`(begin
+ ;; openssl.cnf is required for build.
+ (for-each delete-file-recursively
+ (find-files "deps/openssl"
+ (lambda (file stat)
+ (if (string-contains file "nodejs-openssl.cnf")
+ #f #t))))
;; Remove bundled software, where possible
(for-each delete-file-recursively
'("deps/cares"
"deps/icu-small"
"deps/nghttp2"
- "deps/openssl"
"deps/zlib"))
(substitute* "Makefile"
;; Remove references to bundled software.
@@ -800,23 +805,31 @@ (define-public node-lts
libuv "/lib:"
zlib "/lib"
"'],"))))))
+ (add-after 'patch-hardcoded-program-references
+ 'patch-additional-hardcoded-program-references
+ (lambda* (#:key inputs #:allow-other-keys)
+ (substitute* "test/parallel/test-stdin-from-file-spawn.js"
+ (("'/bin/sh'") (string-append
+ "'" (search-input-file inputs "/bin/sh")
+ "'")))))
(replace 'delete-problematic-tests
(lambda* (#:key inputs #:allow-other-keys)
;; FIXME: These tests fail in the build container, but they don't
;; seem to be indicative of real problems in practice.
(for-each delete-file
- '("test/parallel/test-cluster-master-error.js"
- "test/parallel/test-cluster-master-kill.js"))
+ '("test/parallel/test-cluster-primary-error.js"
+ "test/parallel/test-cluster-primary-kill.js"))
;; These require a DNS resolver.
(for-each delete-file
'("test/parallel/test-dns.js"
- "test/parallel/test-dns-lookupService-promises.js"))
+ "test/parallel/test-dns-lookupService-promises.js"
+ "test/parallel/test-net-socket-connect-without-cb.js"
+ "test/parallel/test-tcp-wrap-listen.js"))
;; These tests require networking.
(for-each delete-file
- '("test/parallel/test-https-agent-unref-socket.js"
- "test/parallel/test-corepack-yarn-install.js"))
+ '("test/parallel/test-https-agent-unref-socket.js"))
;; This test is timing-sensitive, and fails sporadically on
;; slow, busy, or even very fast machines.
@@ -866,7 +879,7 @@ (define-public node-lts
icu4c-71
libuv-for-node
`(,nghttp2 "lib")
- openssl-1.1
+ openssl
zlib
;; Regular build-time dependencies.
perl
@@ -883,7 +896,7 @@ (define-public node-lts
llhttp-bootstrap
brotli
`(,nghttp2 "lib")
- openssl-1.1
+ openssl
python-wrapper ;; for node-gyp (supports python3)
zlib))))
--
2.38.1
H
H
Hilton Chain wrote on 11 Nov 2022 06:37
[PATCH 4/4] gnu: libnode: Use node-lts as base.
(address . 59188@debbugs.gnu.org)
y76v8nmcaq7.wl-hako@ultrarare.space
* gnu/packages/node.scm (libnode): Use node-lts as base.
---
gnu/packages/node.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (19 lines)
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index cae7d3b0ca..0e56d12038 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -901,10 +901,10 @@ (define-public node-lts
zlib))))
(define-public libnode
- (package/inherit node
+ (package/inherit node-lts
(name "libnode")
(arguments
- (substitute-keyword-arguments (package-arguments node)
+ (substitute-keyword-arguments (package-arguments node-lts)
((#:configure-flags flags ''())
`(cons* "--shared" "--without-npm" ,flags))
((#:phases phases '%standard-phases)
--
2.38.1
H
H
Hilton Chain wrote on 11 Nov 2022 07:21
[PATCH v2 0/4] gnu: node-lts: Update to 18.12.1.
(address . guix-patches@gnu.org)
y76sfiqc8pw.wl-hako@ultrarare.space
v1 -> v2: Fix libnode path for r-v8.

Hilton Chain (4):
gnu: libuv-for-node: Update to 1.43.0.
gnu: llhttp-bootstrap: Update to 6.0.10.
gnu: node-lts: Update to 18.12.1.
gnu: libnode: Use node-lts as base.

gnu/local.mk | 1 -
gnu/packages/cran.scm | 2 +-
gnu/packages/libevent.scm | 4 +-
gnu/packages/node.scm | 44 +++++---
.../llhttp-bootstrap-CVE-2020-8287.patch | 100 ------------------
5 files changed, 31 insertions(+), 120 deletions(-)
delete mode 100644 gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch


base-commit: 70df5c47a89f4f353a1df94467581a0f0da599a4
--
2.38.1
H
H
Hilton Chain wrote on 11 Nov 2022 07:22
[PATCH v2 1/4] gnu: libuv-for-node: Update to 1.43.0.
(address . guix-patches@gnu.org)
y76r0yac8nw.wl-hako@ultrarare.space
* gnu/packages/libevent.scm (libuv-for-node): Update to 1.43.0.
---
gnu/packages/libevent.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (23 lines)
diff --git a/gnu/packages/libevent.scm b/gnu/packages/libevent.scm
index 176e66cf42..5aff343c06 100644
--- a/gnu/packages/libevent.scm
+++ b/gnu/packages/libevent.scm
@@ -147,14 +147,14 @@ (define-public libuv-for-node
(package
(inherit libuv)
(name "libuv")
- (version "1.42.0")
+ (version "1.43.0")
(source (origin
(method url-fetch)
(uri (string-append "https://dist.libuv.org/dist/v" version
"/libuv-v" version ".tar.gz"))
(sha256
(base32
- "0wpb9pz3r8nksnrf4zbixj2kk9whr7abi45ydrwyv2js2ljrc4j3"))))
+ "194kwq3jfj9s628kzkchdca534rikjw0xiyas0cjbphqmsvjpmwh"))))
(properties '((hidden? . #t)))))
(define-public libuv-julia
--
2.38.1
H
H
Hilton Chain wrote on 11 Nov 2022 07:22
[PATCH v2 2/4] gnu: llhttp-bootstrap: Update to 6.0.10.
(address . guix-patches@gnu.org)
y76pmduc8n3.wl-hako@ultrarare.space
* gnu/packages/node.scm (llhttp-bootstrap): Update to 6.0.10.
* gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch: Remove file.
* gnu/local.mk: Remove it.
---
gnu/local.mk | 1 -
gnu/packages/node.scm | 5 +-
.../llhttp-bootstrap-CVE-2020-8287.patch | 100 ------------------
3 files changed, 2 insertions(+), 104 deletions(-)
delete mode 100644 gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch

Toggle diff (143 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index 27b31ea27f..1c4b9def96 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1480,7 +1480,6 @@ dist_patch_DATA = \
%D%/packages/patches/linuxdcpp-openssl-1.1.patch \
%D%/packages/patches/lirc-localstatedir.patch \
%D%/packages/patches/lirc-reproducible-build.patch \
- %D%/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch \
%D%/packages/patches/llvm-3.5-fix-clang-build-with-gcc5.patch \
%D%/packages/patches/llvm-3.6-fix-build-with-gcc-10.patch \
%D%/packages/patches/llvm-3.x.1-fix-build-with-gcc.patch \
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index 4e9daa522d..0af0158f45 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -666,7 +666,7 @@ (define-public node-llparse-bootstrap
(define-public llhttp-bootstrap
(package
(name "llhttp")
- (version "2.1.4")
+ (version "6.0.10")
(source (origin
(method git-fetch)
(uri (git-reference
@@ -675,8 +675,7 @@ (define-public llhttp-bootstrap
(file-name (git-file-name name version))
(sha256
(base32
- "115mwyds9655p76lhglxg2blc1ksgrix6zhigaxnc2q6syy3pa6x"))
- (patches (search-patches "llhttp-bootstrap-CVE-2020-8287.patch"))
+ "0izwqa77y007xdi0bj3ccw821n19rz89mz4hx4lg99fwkwylr6x8"))
(modules '((guix build utils)))
(snippet
'(begin
diff --git a/gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch b/gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch
deleted file mode 100644
index 215c920e53..0000000000
--- a/gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch
+++ /dev/null
@@ -1,100 +0,0 @@
-This patch comes from upstream. It corresponds to a patch applied to
-the generated C source code for llhttp included in Node.js 14.16.0
-(see commit 641f786bb1a1f6eb1ff8750782ed939780f2b31a). That commit
-fixes CVE-2020-8287. With this patch, the output of our
-llhttp-bootstrap package matches the files included in Node.js 14.16.0
-exactly.
-
-commit e9b36ea64709c35ca66094d5cf3787f444029601
-Author: Fedor Indutny <fedor@indutny.com>
-Date: Sat Oct 10 19:56:01 2020 -0700
-
- http: unset `F_CHUNKED` on new `Transfer-Encoding`
-
- Duplicate `Transfer-Encoding` header should be a treated as a single,
- but with original header values concatenated with a comma separator. In
- the light of this, even if the past `Transfer-Encoding` ended with
- `chunked`, we should be not let the `F_CHUNKED` to leak into the next
- header, because mere presence of another header indicates that `chunked`
- is not the last transfer-encoding token.
-
-diff --git a/src/llhttp/http.ts b/src/llhttp/http.ts
-index f4f1a6e..0a0c365 100644
---- a/src/llhttp/http.ts
-+++ b/src/llhttp/http.ts
-@@ -460,11 +460,19 @@ export class HTTP {
- .match([ ' ', '\t' ], n('header_value_discard_ws'))
- .otherwise(checkContentLengthEmptiness);
-
-+ // Multiple `Transfer-Encoding` headers should be treated as one, but with
-+ // values separate by a comma.
-+ //
-+ // See: https://tools.ietf.org/html/rfc7230#section-3.2.2
-+ const toTransferEncoding = this.unsetFlag(
-+ FLAGS.CHUNKED,
-+ 'header_value_te_chunked');
-+
- n('header_value_start')
- .otherwise(this.load('header_state', {
- [HEADER_STATE.UPGRADE]: this.setFlag(FLAGS.UPGRADE, fallback),
- [HEADER_STATE.TRANSFER_ENCODING]: this.setFlag(
-- FLAGS.TRANSFER_ENCODING, 'header_value_te_chunked'),
-+ FLAGS.TRANSFER_ENCODING, toTransferEncoding),
- [HEADER_STATE.CONTENT_LENGTH]: n('header_value_content_length_once'),
- [HEADER_STATE.CONNECTION]: n('header_value_connection'),
- }, 'header_value'));
-@@ -847,6 +855,11 @@ export class HTTP {
- return span.start(span.end(this.node(next)));
- }
-
-+ private unsetFlag(flag: FLAGS, next: string | Node): Node {
-+ const p = this.llparse;
-+ return p.invoke(p.code.and('flags', ~flag), this.node(next));
-+ }
-+
- private setFlag(flag: FLAGS, next: string | Node): Node {
- const p = this.llparse;
- return p.invoke(p.code.or('flags', flag), this.node(next));
-diff --git a/test/request/transfer-encoding.md b/test/request/transfer-encoding.md
-index a7d1681..b0891d6 100644
---- a/test/request/transfer-encoding.md
-+++ b/test/request/transfer-encoding.md
-@@ -353,6 +353,38 @@ off=106 headers complete method=3 v=1/1 flags=200 content_length=0
- off=106 error code=15 reason="Request has invalid `Transfer-Encoding`"
- ```
-
-+## POST with `chunked` and duplicate transfer-encoding
-+
-+<!-- meta={"type": "request", "noScan": true} -->
-+```http
-+POST /post_identity_body_world?q=search#hey HTTP/1.1
-+Accept: */*
-+Transfer-Encoding: chunked
-+Transfer-Encoding: deflate
-+
-+World
-+```
-+
-+```log
-+off=0 message begin
-+off=5 len=38 span[url]="/post_identity_body_world?q=search#hey"
-+off=44 url complete
-+off=54 len=6 span[header_field]="Accept"
-+off=61 header_field complete
-+off=62 len=3 span[header_value]="*/*"
-+off=67 header_value complete
-+off=67 len=17 span[header_field]="Transfer-Encoding"
-+off=85 header_field complete
-+off=86 len=7 span[header_value]="chunked"
-+off=95 header_value complete
-+off=95 len=17 span[header_field]="Transfer-Encoding"
-+off=113 header_field complete
-+off=114 len=7 span[header_value]="deflate"
-+off=123 header_value complete
-+off=125 headers complete method=3 v=1/1 flags=200 content_length=0
-+off=125 error code=15 reason="Request has invalid `Transfer-Encoding`"
-+```
-+
- ## POST with `chunked` before other transfer-coding (lenient)
-
- TODO(indutny): should we allow it even in lenient mode? (Consider disabling
--
2.38.1
H
H
Hilton Chain wrote on 11 Nov 2022 07:23
[PATCH v2 3/4] gnu: node-lts: Update to 18.12.1.
(address . guix-patches@gnu.org)
y76o7tec8m8.wl-hako@ultrarare.space
* gnu/packages/node.scm (node-lts): Update to 18.12.1.
[snippet]: Keep file deps/openssl/nodejs-openssl.cnf.
[arguments]<#:phases>: Adjust problematic tests to delete accordingly.
Patch additional file with hardcoded references to /bin/sh.
[native-inputs,inputs]: Replace openssl-1.1 with openssl.
---
gnu/packages/node.scm | 35 ++++++++++++++++++++++++-----------
1 file changed, 24 insertions(+), 11 deletions(-)

Toggle diff (94 lines)
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index 0af0158f45..cae7d3b0ca 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -735,23 +735,28 @@ (define-public llhttp-bootstrap
(define-public node-lts
(package
(inherit node)
- (version "14.19.3")
+ (version "18.12.1")
(source (origin
(method url-fetch)
(uri (string-append "https://nodejs.org/dist/v" version
- "/node-v" version ".tar.xz"))
+ "/node-v" version ".tar.gz"))
(sha256
(base32
- "15691j5zhiikyamiwwd7f282g6d9acfhq91nrwx54xya38gmpx2w"))
+ "11n1h54wgh61inrlqjp0j4fqcz6kl60a3iip7ya90nqdl3fp90ds"))
(modules '((guix build utils)))
(snippet
`(begin
+ ;; openssl.cnf is required for build.
+ (for-each delete-file-recursively
+ (find-files "deps/openssl"
+ (lambda (file stat)
+ (if (string-contains file "nodejs-openssl.cnf")
+ #f #t))))
;; Remove bundled software, where possible
(for-each delete-file-recursively
'("deps/cares"
"deps/icu-small"
"deps/nghttp2"
- "deps/openssl"
"deps/zlib"))
(substitute* "Makefile"
;; Remove references to bundled software.
@@ -800,23 +805,31 @@ (define-public node-lts
libuv "/lib:"
zlib "/lib"
"'],"))))))
+ (add-after 'patch-hardcoded-program-references
+ 'patch-additional-hardcoded-program-references
+ (lambda* (#:key inputs #:allow-other-keys)
+ (substitute* "test/parallel/test-stdin-from-file-spawn.js"
+ (("'/bin/sh'") (string-append
+ "'" (search-input-file inputs "/bin/sh")
+ "'")))))
(replace 'delete-problematic-tests
(lambda* (#:key inputs #:allow-other-keys)
;; FIXME: These tests fail in the build container, but they don't
;; seem to be indicative of real problems in practice.
(for-each delete-file
- '("test/parallel/test-cluster-master-error.js"
- "test/parallel/test-cluster-master-kill.js"))
+ '("test/parallel/test-cluster-primary-error.js"
+ "test/parallel/test-cluster-primary-kill.js"))
;; These require a DNS resolver.
(for-each delete-file
'("test/parallel/test-dns.js"
- "test/parallel/test-dns-lookupService-promises.js"))
+ "test/parallel/test-dns-lookupService-promises.js"
+ "test/parallel/test-net-socket-connect-without-cb.js"
+ "test/parallel/test-tcp-wrap-listen.js"))
;; These tests require networking.
(for-each delete-file
- '("test/parallel/test-https-agent-unref-socket.js"
- "test/parallel/test-corepack-yarn-install.js"))
+ '("test/parallel/test-https-agent-unref-socket.js"))
;; This test is timing-sensitive, and fails sporadically on
;; slow, busy, or even very fast machines.
@@ -866,7 +879,7 @@ (define-public node-lts
icu4c-71
libuv-for-node
`(,nghttp2 "lib")
- openssl-1.1
+ openssl
zlib
;; Regular build-time dependencies.
perl
@@ -883,7 +896,7 @@ (define-public node-lts
llhttp-bootstrap
brotli
`(,nghttp2 "lib")
- openssl-1.1
+ openssl
python-wrapper ;; for node-gyp (supports python3)
zlib))))
--
2.38.1
H
H
Hilton Chain wrote on 11 Nov 2022 07:24
[PATCH v2 4/4] gnu: libnode: Use node-lts as base.
(address . guix-patches@gnu.org)
y76mt8yc8l4.wl-hako@ultrarare.space
* gnu/packages/node.scm (libnode): Use node-lts as base.
* gnu/packages/cran.scm (r-v8)[arguments]<#:phases>: Adjusted accordingly.
---
gnu/packages/cran.scm | 2 +-
gnu/packages/node.scm | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)

Toggle diff (32 lines)
diff --git a/gnu/packages/cran.scm b/gnu/packages/cran.scm
index a1702ae5f6..8f04d9ad6e 100644
--- a/gnu/packages/cran.scm
+++ b/gnu/packages/cran.scm
@@ -902,7 +902,7 @@ (define-public r-v8
(("^PKG_LIBS=.*")
(string-append "PKG_LIBS="
(assoc-ref inputs "libnode")
- "/lib/libnode.so.64\n")))
+ "/lib/libnode.so.108\n")))
(setenv "INCLUDE_DIR"
(string-append
(assoc-ref inputs "libnode")
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index cae7d3b0ca..0e56d12038 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -901,10 +901,10 @@ (define-public node-lts
zlib))))
(define-public libnode
- (package/inherit node
+ (package/inherit node-lts
(name "libnode")
(arguments
- (substitute-keyword-arguments (package-arguments node)
+ (substitute-keyword-arguments (package-arguments node-lts)
((#:configure-flags flags ''())
`(cons* "--shared" "--without-npm" ,flags))
((#:phases phases '%standard-phases)
--
2.38.1
M
M
Mekeor Melire wrote on 17 Nov 2022 00:31
Re: [bug#59188] [PATCH v2 3/4] gnu: node-lts: Update to 18.12.1.
(address . 59188@debbugs.gnu.org)
87zgcq79ml.fsf@posteo.de
2022-11-11 / 14:23 / hako@ultrarare.space:

Toggle quote (6 lines)
> * gnu/packages/node.scm (node-lts): Update to 18.12.1.
> [snippet]: Keep file deps/openssl/nodejs-openssl.cnf.
> [arguments]<#:phases>: Adjust problematic tests to delete accordingly.
> Patch additional file with hardcoded references to /bin/sh.
> [native-inputs,inputs]: Replace openssl-1.1 with openssl.

Thank you for this submission.

As I said in the other thread, I'd suggest to decline the 53414 (which
updates node to version 16.x) in favor of this patch-series (which
updates to 18.x). That is because it'll save us work since there'll only
be a single package-breaking upgrade (instead of two).

For this submission to be merged, I'd guess we should:

1. Check if we want to adapt some patches from Debian, listed here:
E.g. the "dfsg/privacy_breach.patch" looks good.

2. Make sure that packages, which depend on node, still build (and run)
fine. I'm not sure how to do this. Do we need a branch for this?


Kindly,
Mekeor


Toggle quote (94 lines)
> --- gnu/packages/node.scm | 35 ++++++++++++++++++++++++----------- 1
> file changed, 24 insertions(+), 11 deletions(-)
>
> diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
> index 0af0158f45..cae7d3b0ca 100644
> --- a/gnu/packages/node.scm
> +++ b/gnu/packages/node.scm
> @@ -735,23 +735,28 @@ (define-public llhttp-bootstrap
> (define-public node-lts
> (package
> (inherit node)
> - (version "14.19.3")
> + (version "18.12.1")
> (source (origin
> (method url-fetch)
> (uri (string-append "https://nodejs.org/dist/v" version
> - "/node-v" version ".tar.xz"))
> + "/node-v" version ".tar.gz"))
> (sha256
> (base32
> - "15691j5zhiikyamiwwd7f282g6d9acfhq91nrwx54xya38gmpx2w"))
> + "11n1h54wgh61inrlqjp0j4fqcz6kl60a3iip7ya90nqdl3fp90ds"))
> (modules '((guix build utils)))
> (snippet
> `(begin
> + ;; openssl.cnf is required for build.
> + (for-each delete-file-recursively
> + (find-files "deps/openssl"
> + (lambda (file stat)
> + (if (string-contains file "nodejs-openssl.cnf")
> + #f #t))))
> ;; Remove bundled software, where possible
> (for-each delete-file-recursively
> '("deps/cares"
> "deps/icu-small"
> "deps/nghttp2"
> - "deps/openssl"
> "deps/zlib"))
> (substitute* "Makefile"
> ;; Remove references to bundled software.
> @@ -800,23 +805,31 @@ (define-public node-lts
> libuv "/lib:"
> zlib "/lib"
> "'],"))))))
> + (add-after 'patch-hardcoded-program-references
> + 'patch-additional-hardcoded-program-references
> + (lambda* (#:key inputs #:allow-other-keys)
> + (substitute* "test/parallel/test-stdin-from-file-spawn.js"
> + (("'/bin/sh'") (string-append
> + "'" (search-input-file inputs "/bin/sh")
> + "'")))))
> (replace 'delete-problematic-tests
> (lambda* (#:key inputs #:allow-other-keys)
> ;; FIXME: These tests fail in the build container, but they don't
> ;; seem to be indicative of real problems in practice.
> (for-each delete-file
> - '("test/parallel/test-cluster-master-error.js"
> - "test/parallel/test-cluster-master-kill.js"))
> + '("test/parallel/test-cluster-primary-error.js"
> + "test/parallel/test-cluster-primary-kill.js"))
>
> ;; These require a DNS resolver.
> (for-each delete-file
> '("test/parallel/test-dns.js"
> - "test/parallel/test-dns-lookupService-promises.js"))
> + "test/parallel/test-dns-lookupService-promises.js"
> + "test/parallel/test-net-socket-connect-without-cb.js"
> + "test/parallel/test-tcp-wrap-listen.js"))
>
> ;; These tests require networking.
> (for-each delete-file
> - '("test/parallel/test-https-agent-unref-socket.js"
> - "test/parallel/test-corepack-yarn-install.js"))
> + '("test/parallel/test-https-agent-unref-socket.js"))
>
> ;; This test is timing-sensitive, and fails sporadically on
> ;; slow, busy, or even very fast machines.
> @@ -866,7 +879,7 @@ (define-public node-lts
> icu4c-71
> libuv-for-node
> `(,nghttp2 "lib")
> - openssl-1.1
> + openssl
> zlib
> ;; Regular build-time dependencies.
> perl
> @@ -883,7 +896,7 @@ (define-public node-lts
> llhttp-bootstrap
> brotli
> `(,nghttp2 "lib")
> - openssl-1.1
> + openssl
> python-wrapper ;; for node-gyp (supports python3)
> zlib))))
L
L
Ludovic Courtès wrote on 18 Nov 2022 15:12
Re: bug#59188: [PATCH 0/4] gnu: node-lts: Update to 18.12.1.
(name . Mekeor Melire)(address . mekeor@posteo.de)
87bkp4bbd1.fsf_-_@gnu.org
Hi,

Mekeor Melire <mekeor@posteo.de> skribis:

Toggle quote (5 lines)
> As I said in the other thread, I'd suggest to decline the 53414 (which
> updates node to version 16.x) in favor of this patch-series (which
> updates to 18.x). That is because it'll save us work since there'll only
> be a single package-breaking upgrade (instead of two).

Sounds good to me.

Toggle quote (6 lines)
> For this submission to be merged, I'd guess we should:
>
> 1. Check if we want to adapt some patches from Debian, listed here:
> https://sources.debian.org/patches/nodejs/18.12.1+dfsg-2/
> E.g. the "dfsg/privacy_breach.patch" looks good.

Yes, but that can be done separately I guess.

Toggle quote (3 lines)
> 2. Make sure that packages, which depend on node, still build (and run)
> fine. I'm not sure how to do this. Do we need a branch for this?

It depends. Hilton, were you able to build everything returned by
‘guix refresh -l node’, except perhaps ungoogled-chromium?

For some reason https://qa.guix.gnu.org/issue/59188 didn’t pick it
up. Anything we should do to address that, Chris?

Otherwise we can indeed create a branch and tell ci.guix to build it,
for instance.

Thanks,
Ludo’.
H
H
Hilton Chain wrote on 19 Nov 2022 06:17
(name . Ludovic Courtès)(address . ludo@gnu.org)
y76y1s7o740.wl-hako@ultrarare.space
node-acorn fails in check phase.
#+RESULTS:
: starting phase `check'
: npm ERR! Missing script: "test"
: npm ERR!
: npm ERR! To see a list of scripts, run:
: npm ERR! npm run
:
: npm ERR! A complete log of this run can be found in:
: npm ERR! /tmp/guix-build-node-acorn-8.4.1.drv-0/source/npm-home-0/.npm/_logs/2022-11-19T04_28_57_471Z-debug-0.log
: error: in phase 'check': uncaught exception:
: %exception #<&invoke-error program: "/gnu/store/l32l0i53ik9ja3fircdd89bgq6b1v6y5-node-18.12.1/bin/npm" arguments: ("test") exit-status: 1 term-signal: #f stop-signal: #f>
: phase `check' failed after 0.2 seconds
: command "/gnu/store/l32l0i53ik9ja3fircdd89bgq6b1v6y5-node-18.12.1/bin/npm" "test" failed with status 1

Then node-uglify-js
#+RESULTS:
: starting phase `configure'
: npm ERR! code 254
: npm ERR! path /gnu/store/969597ncg311d3kd8vbhdlniwqg4mr2k-node-acorn-8.4.1/lib/node_modules/acorn
: npm ERR! command failed
: npm ERR! command sh -c -- cd ..; npm run build:main && npm run build:bin
: npm ERR! npm ERR! code ENOENT
: npm ERR! npm ERR! syscall open
: npm ERR! npm ERR! path /gnu/store/969597ncg311d3kd8vbhdlniwqg4mr2k-node-acorn-8.4.1/lib/package.json
: npm ERR! npm ERR! errno -2
: npm ERR! npm ERR! enoent ENOENT: no such file or directory, open '/gnu/store/969597ncg311d3kd8vbhdlniwqg4mr2k-node-acorn-8.4.1/lib/package.json'
: npm ERR! npm ERR! enoent This is related to npm not being able to find a file.
: npm ERR! npm ERR! enoent
: npm ERR!
: npm ERR! npm ERR! A complete log of this run can be found in:
: npm ERR! npm ERR! /tmp/guix-build-node-uglify-js-3.13.9.drv-0/npm-home-0/.npm/_logs/2022-11-19T04_54_25_643Z-debug-0.log
:
: npm ERR! A complete log of this run can be found in:
: npm ERR! /tmp/guix-build-node-uglify-js-3.13.9.drv-0/npm-home-0/.npm/_logs/2022-11-19T04_54_25_343Z-debug-0.log
: error: in phase 'configure': uncaught exception:
: %exception #<&invoke-error program: "/gnu/store/l32l0i53ik9ja3fircdd89bgq6b1v6y5-node-18.12.1/bin/npm" arguments: ("--offline" "--ignore-scripts" "install") exit-status: 254 term-signal: #f stop-signal: #f>
: phase `configure' failed after 0.6 seconds
: command "/gnu/store/l32l0i53ik9ja3fircdd89bgq6b1v6y5-node-18.12.1/bin/npm" "--offline" "--ignore-scripts" "install" failed with status 254

One test failed after deleting node-uglify-js's configure phase.
#+RESULTS:
: 1 test(s) failed!
:
: test/reduce.js
: 1) Should reduce test case which differs only in Error.message
: AssertionError [ERR_ASSERTION]: Expected values to be strictly equal:
: + actual - expected
:
: + `try{null[function(){}]}catch(e){console.log(e)}\n// output: TypeError: Cannot read properties of null (reading 'function(){}')\n// \n// minify: TypeError: Cannot read properties of null (reading 'function() {}')\n// \n// options: {\n// "compress": false,\n// "mangle": false,\n// "output": {\n// "beautify": true\n// }\n// }`
: - `try{null[function(){}]}catch(e){console.log(e)}\n// output: TypeError: Cannot read property 'function(){}' of null\n// \n// minify: TypeError: Cannot read property 'function() {}' of null\n// \n// options: {\n// "compress": false,\n// "mangle": false,\n// "output": {\n// "beautify": true\n// }\n// }`
: at Function.<anonymous> (/tmp/guix-build-node-uglify-js-3.13.9.drv-0/source/test/mocha/reduce.js:285:16)
: at run (/tmp/guix-build-node-uglify-js-3.13.9.drv-0/source/test/mocha.js:79:18)
: at process.processTicksAndRejections (node:internal/process/task_queues:77:11)
: error: in phase 'check': uncaught exception:
: %exception #<&invoke-error program: "/gnu/store/l32l0i53ik9ja3fircdd89bgq6b1v6y5-node-18.12.1/bin/npm" arguments: ("test") exit-status: 1 term-signal: #f stop-signal: #f>
: phase `check' failed after 264.2 seconds
: command "/gnu/store/l32l0i53ik9ja3fircdd89bgq6b1v6y5-node-18.12.1/bin/npm" "test" failed with status 1

Then node-string-decoder fails to install, I have no idea how to continue...
#+RESULTS:
: starting phase `install'
: npm info using npm@8.19.2
: npm info using node@v18.12.1
: npm timing npm:load:whichnode Completed in 0ms
: npm timing config:load:defaults Completed in 1ms
: npm timing config:load:file:/gnu/store/l32l0i53ik9ja3fircdd89bgq6b1v6y5-node-18.12.1/lib/node_modules/npm/npmrc Completed in 2ms
: npm timing config:load:builtin Completed in 3ms
: npm WARN config production Use `--omit=dev` instead.
: npm timing config:load:cli Completed in 1ms
: npm timing config:load:env Completed in 1ms
: npm timing config:load:project Completed in 0ms
: npm timing config:load:file:/tmp/guix-build-node-string-decoder-1.3.0.drv-0/npm-home-0/.npmrc Completed in 0ms
: npm timing config:load:user Completed in 0ms
: npm timing config:load:file:/gnu/store/ansccgk9y8vzd5rwsx4iz7j2n0gp8ig8-node-string-decoder-1.3.0/etc/npmrc Completed in 2ms
: npm timing config:load:global Completed in 2ms
: npm timing config:load:validate Completed in 0ms
: npm timing config:load:credentials Completed in 1ms
: npm timing config:load:setEnvs Completed in 0ms
: npm timing config:load Completed in 9ms
: npm timing npm:load:configload Completed in 9ms
: npm timing npm:load:mkdirpcache Completed in 1ms
: npm timing npm:load:mkdirplogs Completed in 1ms
: npm timing npm:load:setTitle Completed in 0ms
: npm timing config:load:flatten Completed in 1ms
: npm timing npm:load:display Completed in 4ms
: npm timing npm:load:logFile Completed in 3ms
: npm timing npm:load:timers Completed in 0ms
: npm timing npm:load:configScope Completed in 0ms
: npm timing npm:load Completed in 19ms
: npm timing arborist:ctor Completed in 0ms
: npm timing idealTree:init Completed in 4ms
: npm timing idealTree:userRequests Completed in 30ms
: npm timing idealTree:#root Completed in 16ms
: npm timing idealTree:node_modules/string_decoder Completed in 3ms
: npm timing idealTree:node_modules/string_decoder/node_modules/safe-buffer Completed in 0ms
: npm timing idealTree:buildDeps Completed in 20ms
: npm timing idealTree:fixDepFlags Completed in 0ms
: npm timing idealTree Completed in 56ms
: npm timing reify:loadTrees Completed in 57ms
: npm timing reify:diffTrees Completed in 1ms
: npm timing reify:retireShallow Completed in 1ms
: npm timing reify:createSparse Completed in 0ms
: npm timing reify:trashOmits Completed in 0ms
: npm timing reify:loadBundles Completed in 0ms
: npm timing reify:audit Completed in 0ms
: npm timing reifyNode:node_modules/string_decoder/node_modules/safe-buffer Completed in 5ms
: npm timing reifyNode:node_modules/string_decoder Completed in 12ms
: npm timing reify:unpack Completed in 13ms
: npm timing reify:unretire Completed in 0ms
: npm timing build:queue Completed in 1ms
: npm timing build:deps Completed in 1ms
: npm timing build:queue Completed in 1ms
: npm timing build:links Completed in 1ms
: npm timing build Completed in 2ms
: npm timing reify:build Completed in 2ms
: npm timing reify:trash Completed in 0ms
: npm timing command:install Completed in 83ms
: npm ERR! Cannot set properties of null (setting 'dev')
: npm timing npm Completed in 163ms
:
: npm ERR! A complete log of this run can be found in:
: npm ERR! /tmp/guix-build-node-string-decoder-1.3.0.drv-0/npm-home-0/.npm/_logs/2022-11-19T05_09_44_366Z-debug-0.log
: error: in phase 'install': uncaught exception:
: %exception #<&invoke-error program: "/gnu/store/l32l0i53ik9ja3fircdd89bgq6b1v6y5-node-18.12.1/bin/npm" arguments: ("--prefix" "/gnu/store/ansccgk9y8vzd5rwsx4iz7j2n0gp8ig8-node-string-decoder-1.3.0" "--global" "--offline" "--loglevel" "info" "--production" "install" "../package.tgz") exit-status: 1 term-signal: #f stop-signal: #f>
: phase `install' failed after 0.4 seconds
: command "/gnu/store/l32l0i53ik9ja3fircdd89bgq6b1v6y5-node-18.12.1/bin/npm" "--prefix" "/gnu/store/ansccgk9y8vzd5rwsx4iz7j2n0gp8ig8-node-string-decoder-1.3.0" "--global" "--offline" "--loglevel" "info" "--production" "install" "../package.tgz" failed with status 1
C
C
Christopher Baines wrote on 20 Nov 2022 10:40
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 59188@debbugs.gnu.org)
87bkp2x8ns.fsf@cbaines.net
Ludovic Courtès <ludo@gnu.org> writes:

Toggle quote (6 lines)
> It depends. Hilton, were you able to build everything returned by
> ‘guix refresh -l node’, except perhaps ungoogled-chromium?
>
> For some reason <https://qa.guix.gnu.org/issue/59188> didn’t pick it
> up. Anything we should do to address that, Chris?

For some reason, the branch existed, but the patchwork checks
didn't. I've got some ideas on how to avoid that being a possibility in
the future.

Thanks,

Chris
-----BEGIN PGP SIGNATURE-----

iQKlBAEBCgCPFiEEPonu50WOcg2XVOCyXiijOwuE9XcFAmN59udfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF
ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcRHG1haWxAY2Jh
aW5lcy5uZXQACgkQXiijOwuE9XcLjQ//StlAfSFi10Mf9HglK7fEHSKC1W28TsTX
euRr/VjRfQkYzogjQOriMy9TrRh6JR0hEOaSblZmYAsrZ6foH+S8aSLcHCTh7Ar8
+EaAgw5RoUyvFUt3eQ8eLyCiFnvkAsdaDDKDw0pfNPp933+Lq+d3hUVZQQHEUVSv
7Z+XnlS0RgOzqVmDoyV/bwrOQjo2hdtUuqus+UgpUU0e6h/ATPRJ3Bxjd2efuJaY
10lCXZywTNUBL7ZMhYr2MKFReSC8vW5QibY/heIJGj/jN+44IiUVTys8SwZP+6f3
o74KP7kP2SyQ5xkf5ReMK+3VAPWAvhMBoK4wVsn43oeCLzl6584kvcPxUE3oc15g
BRwBM9oll1QiBFtAEVNcEludlIT0PJ8KZtVv7mGLpG4Nqvz4GT2E0fNv9Wi6Pai2
mvbspIen3OLoNSF18GSEVjbrZLdpiSy3y2OnJBW3dlUSTdY2UrvivzYmwYQB7tj+
Z73R1rY5+K/UZJnLBJSYVTt4iVljy7nQxgEKyYPR+n9kFaYWTHjRAuuL0B171jP9
FkwdahhYyEZIcKOaans4zdTCkn77W+B/zXs+52ZIxVny0SQDqWdXS8VMFpvDDQnR
acgkTCEd4IiV+NBUuhovgT+8oEGRUKR9xeqXEfQxhWOPjBphbeuW60eu33OFj+ZQ
K4YMgD8yVtU=
=UqCa
-----END PGP SIGNATURE-----

J
J
Jelle Licht wrote on 5 Jan 2023 14:10
(name . Hilton Chain)(address . hako@ultrarare.space)
87bknd2kkq.fsf_-_@fsfe.org
Hello Hilton, other folks,

Hilton Chain <hako@ultrarare.space> writes:

Toggle quote (9 lines)
> node-acorn fails in check phase.
> #+RESULTS:
> : starting phase `check'
> : npm ERR! Missing script: "test"
> : npm ERR!
> : npm ERR! To see a list of scripts, run:
> : npm ERR! npm run
> <snip>

This is due to a change in how npm treats the 'test' command; before,
having no "scripts.test" entry in package.json lead to a placeholder of
"echo 'Error: no test specified'" (with a status code of 0).

More recently, npm was changed to make `npm test' like any other `npm
run XYZ' command. This means that all of the packages that fail like
this due to upgrading node/npm should be get a `#:tests? #f'.

Toggle quote (9 lines)
> Then node-uglify-js
> #+RESULTS:
> : starting phase `configure'
> : npm ERR! code 254
> : npm ERR! path /gnu/store/969597ncg311d3kd8vbhdlniwqg4mr2k-node-acorn-8.4.1/lib/node_modules/acorn
> : npm ERR! command failed
> : npm ERR! command sh -c -- cd ..; npm run build:main && npm run build:bin
> <snip>

This is due to the fact that the `prepare' scripts is being run for our
installed node-acorn. Apparently, the fact that it previously did not
happen was a bug that was fixed somewhere between node 14 and 18 [1][2].

I do not know what the best approach is here. Consider patching the
"scripts.prepare" entry in node-acorn, and if we find we need to do this
often, we can introduce a convenience function similar to
`delete-dependencies' to streamline this.

Toggle quote (80 lines)
> One test failed after deleting node-uglify-js's configure phase.
> #+RESULTS:
> : 1 test(s) failed!
> :
> : test/reduce.js
> : 1) Should reduce test case which differs only in Error.message
> : AssertionError [ERR_ASSERTION]: Expected values to be strictly equal:
> : + actual - expected
> :
> : + `try{null[function(){}]}catch(e){console.log(e)}\n// output: TypeError: Cannot read properties of null (reading 'function(){}')\n// \n// minify: TypeError: Cannot read properties of null (reading 'function() {}')\n// \n// options: {\n// "compress": false,\n// "mangle": false,\n// "output": {\n// "beautify": true\n// }\n// }`
> : - `try{null[function(){}]}catch(e){console.log(e)}\n// output: TypeError: Cannot read property 'function(){}' of null\n// \n// minify: TypeError: Cannot read property 'function() {}' of null\n// \n// options: {\n// "compress": false,\n// "mangle": false,\n// "output": {\n// "beautify": true\n// }\n// }`
> : at Function.<anonymous> (/tmp/guix-build-node-uglify-js-3.13.9.drv-0/source/test/mocha/reduce.js:285:16)
> : at run (/tmp/guix-build-node-uglify-js-3.13.9.drv-0/source/test/mocha.js:79:18)
> : at process.processTicksAndRejections (node:internal/process/task_queues:77:11)
> : error: in phase 'check': uncaught exception:
> : %exception #<&invoke-error program: "/gnu/store/l32l0i53ik9ja3fircdd89bgq6b1v6y5-node-18.12.1/bin/npm" arguments: ("test") exit-status: 1 term-signal: #f stop-signal: #f>
> : phase `check' failed after 264.2 seconds
> : command "/gnu/store/l32l0i53ik9ja3fircdd89bgq6b1v6y5-node-18.12.1/bin/npm" "test" failed with status 1
>
> Then node-string-decoder fails to install, I have no idea how to continue...
> #+RESULTS:
> : starting phase `install'
> : npm info using npm@8.19.2
> : npm info using node@v18.12.1
> : npm timing npm:load:whichnode Completed in 0ms
> : npm timing config:load:defaults Completed in 1ms
> : npm timing config:load:file:/gnu/store/l32l0i53ik9ja3fircdd89bgq6b1v6y5-node-18.12.1/lib/node_modules/npm/npmrc Completed in 2ms
> : npm timing config:load:builtin Completed in 3ms
> : npm WARN config production Use `--omit=dev` instead.
> : npm timing config:load:cli Completed in 1ms
> : npm timing config:load:env Completed in 1ms
> : npm timing config:load:project Completed in 0ms
> : npm timing config:load:file:/tmp/guix-build-node-string-decoder-1.3.0.drv-0/npm-home-0/.npmrc Completed in 0ms
> : npm timing config:load:user Completed in 0ms
> : npm timing config:load:file:/gnu/store/ansccgk9y8vzd5rwsx4iz7j2n0gp8ig8-node-string-decoder-1.3.0/etc/npmrc Completed in 2ms
> : npm timing config:load:global Completed in 2ms
> : npm timing config:load:validate Completed in 0ms
> : npm timing config:load:credentials Completed in 1ms
> : npm timing config:load:setEnvs Completed in 0ms
> : npm timing config:load Completed in 9ms
> : npm timing npm:load:configload Completed in 9ms
> : npm timing npm:load:mkdirpcache Completed in 1ms
> : npm timing npm:load:mkdirplogs Completed in 1ms
> : npm timing npm:load:setTitle Completed in 0ms
> : npm timing config:load:flatten Completed in 1ms
> : npm timing npm:load:display Completed in 4ms
> : npm timing npm:load:logFile Completed in 3ms
> : npm timing npm:load:timers Completed in 0ms
> : npm timing npm:load:configScope Completed in 0ms
> : npm timing npm:load Completed in 19ms
> : npm timing arborist:ctor Completed in 0ms
> : npm timing idealTree:init Completed in 4ms
> : npm timing idealTree:userRequests Completed in 30ms
> : npm timing idealTree:#root Completed in 16ms
> : npm timing idealTree:node_modules/string_decoder Completed in 3ms
> : npm timing idealTree:node_modules/string_decoder/node_modules/safe-buffer Completed in 0ms
> : npm timing idealTree:buildDeps Completed in 20ms
> : npm timing idealTree:fixDepFlags Completed in 0ms
> : npm timing idealTree Completed in 56ms
> : npm timing reify:loadTrees Completed in 57ms
> : npm timing reify:diffTrees Completed in 1ms
> : npm timing reify:retireShallow Completed in 1ms
> : npm timing reify:createSparse Completed in 0ms
> : npm timing reify:trashOmits Completed in 0ms
> : npm timing reify:loadBundles Completed in 0ms
> : npm timing reify:audit Completed in 0ms
> : npm timing reifyNode:node_modules/string_decoder/node_modules/safe-buffer Completed in 5ms
> : npm timing reifyNode:node_modules/string_decoder Completed in 12ms
> : npm timing reify:unpack Completed in 13ms
> : npm timing reify:unretire Completed in 0ms
> : npm timing build:queue Completed in 1ms
> : npm timing build:deps Completed in 1ms
> : npm timing build:queue Completed in 1ms
> : npm timing build:links Completed in 1ms
> : npm timing build Completed in 2ms
> : npm timing reify:build Completed in 2ms
> : npm timing reify:trash Completed in 0ms
> : npm timing command:install Completed in 83ms
> : npm ERR! Cannot set properties of null (setting 'dev')

This is due to either a newly introducded bug, or perhaps more likely,
an unfortunate sequence of interactions in arborist. I've done some
bisecting, and got things to work with a hack.

Relevants parts of arborist were rewritten in version 6, whereas we are
stuck with 5.4.XYZ, making a proper backport highly unlikely.

Toggle snippet (10 lines)
+ ;; TODO: Work around issue in that is fixed in arborist@6.0.0/npm@9.0.0/node@19+
+ (add-after 'patch-hardcoded-program-references
+ 'patch-broken-arborist
+ (lambda* (#:key inputs #:allow-other-keys)
+ (substitute* "deps/npm/node_modules/@npmcli/arborist/lib/calc-dep-flags.js"
+ (("if \\(node\\.isLink\\)")
+ "if (node.isLink && node.target)"))))


In addition it some of the packages in node-xyz.scm that involve
replacing the 'configure phase are also failing. For some reason, this
updated version of npm seems to want to have access to either some
cached metadata or the actual npm packages for each of the specified
devDependencies[3]. This can be worked around by introducing a
'patch-dependencies phase for impacted packages, and patching out all
devDependencies. AFAICS this applies for (at least) these packages:

- node-buffer-crc32
- node-crx3
- node-minimist
- node-pbf
- node-protocol-buffers-schema
- node-protobuf-schema
- node-ieee754
- node-yazl

HTH

You have my gratitude for working on this Hilton!
- Jelle




[3]: My guess: npm wants to be able to construct a 'proper'
package-lock.json, for which it needs some metadata from the npm
registry. I've already checked if adding '--no-package-lock' fixes the
issue, but while it indeed ensures no package-lock.json is generated, it
sadly doesn't address the issue. IWBN if there were some magical
invocation(s) for npm that allow these packages to actually be packaged
by distributions...
D
D
Dr. Arne Babenhauserheide wrote on 6 Feb 2023 14:37
node-lts 18: progress?
(address . 59188@debbugs.gnu.org)
87cz6mdide.fsf@web.de
Hi,

Did you make progress with this patch?

Is there a way I can help you?

Best wishes,
Arne
--
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de
-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEE801qEjXQSQPNItXAE++NRSQDw+sFAmPhAr4QHGFybmVfYmFi
QHdlYi5kZQAKCRAT741FJAPD62nXEACOKHESQ9WmdwDG/rbDDbZkz97nFVnEIj+3
K3URfwYUA+NZokxrkilLvmy9OjFs7x2R72G8ncYJpbP5o/nLLS0eI6tijFaTH0vH
EasXGJRaWFzpZsmLSDHPstrQweQG7qWe06pnDXv4wBY0AigYL3zMuQxcaTHuK0/a
FBFDXueju8hakaIkpknbFy/8buq1ON2rr4l8QsvHc4WITWAKaxlG1c97ZKWaFram
5Z6JNSuTsyttFxspTJJZAt5hvf9QpaVJiIJJL6wtonZjmw44XURFUM4ATSqDmXfm
I7/cSEFlxgEUBsDBuvYmbCPdqTIjR3k3GVpnjjqP6n34tVXgcF6AGRkYdBPJv/z6
fw/gzWb1n6JMFdOW2+vFex1qJz1l7ET2aajSsZ8+r5uEHr3/4Yc8V8bwh+9igh7V
TXpFLEcJpqCvR9wAoI6/dj0p8onUnRX5nFMHKJrY1HTIkIrjgsdsuGypZe+gSW6l
BHHC0G+13ymuUVuF03kpfjGCnTJ5PwBQvALtNDYslaLRY4YFfrU2y1oXKA8jiKc8
yLb2+XCL5ezUMEKxlqAPu3rtbTRoVdfBd4kpNfGlnqwTJEQRuO1v8au7i73O5rMj
QkZGo3Zrr3RJVgkEnU/UdWu4f+yt6Hx3ToqftzaAsiqORuJnGBIikKpfs6tI6itr
bWD6z7DjS4jEBAEBCAAuFiEE3Si95tmHXKvOSosd3M8NswvBBUgFAmPhAr4QHGFy
bmVfYmFiQHdlYi5kZQAKCRDczw2zC8EFSGBEA/wNy4PQ/isb/LEZDFT6OQB0+Loa
A/e/1xp3OpYGv94cqwIZ/0UBMUPAkwduPKAUTCaOWRzAoxaiLNenRWNz1JfRXrLE
MR62PQ0MeWvC1idP85aK+r+4q2cbPB/xP8SRWCiO5y7+GV8h5+WhqIDILppQgQnM
/qSkLkImhp2qJ8QguQ==
=FUaW
-----END PGP SIGNATURE-----

J
J
jlicht wrote on 8 Feb 2023 22:05
[PATCH v3 00/16] Updating node-lts to 18.X
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
cover.1675889756.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

Folks,

This should at least build for x86_64, and I'm sending in a 'new' patch series
in the hopes of QA picking things up this time.

Hilton, I've taken the liberty of adding in a copyright line for your node-lts
update: I've also tweaked some versions so there would be less manual patching
and backports to do, namely:
* libuv-for-node to 1.44.2
* node-lts to 18.14.0

I needed to tweak some of our existing packages so they actually explicitly
state which dependencies they do not care about; with the npm bundled with
node < 16, things "Just Worked", but since then npm has become a bit stricter.

After applying my patches they should build with either node@14 (current
packaged version) or node@18 (Hilton's version).

Hilton Chain (4):
gnu: libuv-for-node: Update to 1.44.2.
gnu: llhttp-bootstrap: Update to 6.0.10.
gnu: node-lts: Update to 18.14.0.
gnu: libnode: Use node-lts as base.

Jelle Licht (12):
gnu: node-acorn: Disable tests.
gnu: node-acorn: Remove lifecycle script.
gnu: node-acorn: Fix broken transpilation.
gnu: node-buffer-crc32: Ignore development dependencies.
gnu: node-crx3: Ignore development dependencies.
gnu: node-minimist: Ignore development dependencies.
gnu: node-pbf: Ignore development dependencies.
gnu: node-protocol-buffers-schema: Ignore development dependencies.
gnu: node-resolve-protobuf-schema: Ignore development dependencies.
gnu: node-ieee754: Ignore development dependencies.
gnu: node-yazl: Ignore development dependencies.
gnu: node-uglify-js: Update to 3.14.2.

gnu/local.mk | 1 -
gnu/packages/cran.scm | 2 +-
gnu/packages/libevent.scm | 4 +-
gnu/packages/node-xyz.scm | 110 +++++++++++++-----
gnu/packages/node.scm | 49 +++++---
.../llhttp-bootstrap-CVE-2020-8287.patch | 100 ----------------
gnu/packages/uglifyjs.scm | 4 +-
7 files changed, 121 insertions(+), 149 deletions(-)
delete mode 100644 gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch


base-commit: 07e74b63d4969de0b51c48edb586f0d7d8c08db7
--
2.39.1
J
J
jlicht wrote on 8 Feb 2023 22:05
[PATCH v3 02/16] gnu: node-acorn: Remove lifecycle script.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
3b7434500d34c7401fbfbc5221f83dadf53f8406.1675889756.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-acorn)[arguments]<modules>: New argument.
<phases>: Patch out unused 'prepare' script that breaks dependents.
---
gnu/packages/node-xyz.scm | 26 +++++++++++++++++++++++++-
1 file changed, 25 insertions(+), 1 deletion(-)

Toggle diff (43 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index 51ea110e8c..5e7e6ae4d9 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -47,11 +47,35 @@ (define-public node-acorn
(build-system node-build-system)
(arguments
'(#:tests? #f
+ #:modules
+ ((guix build node-build-system)
+ (srfi srfi-1)
+ (ice-9 match)
+ (guix build utils))
#:phases
(modify-phases %standard-phases
(add-after 'unpack 'change-directory
(lambda _
- (chdir "acorn"))))))
+ (chdir "acorn")))
+ (add-before 'configure 'avoid-prepare-scripts
+ (lambda _
+ ;; We need to remove the prepare script from "package.json", as
+ ;; it would try to use the build environment and would block the
+ ;; automatic building by other packages making use of node-acorn.
+ ;; TODO: Add utility function
+ (with-atomic-json-file-replacement "package.json"
+ (match-lambda
+ (('@ . pkg-meta-alist)
+ (cons '@ (map (match-lambda
+ (("scripts" @ . scripts-alist)
+ `("scripts" @ ,@(filter (match-lambda
+ (("prepare" . _)
+ #f)
+ (_
+ #t))
+ scripts-alist)))
+ (other other))
+ pkg-meta-alist))))))))))
(home-page "https://github.com/acornjs/acorn/tree/master/acorn")
(synopsis "Javascript-based Javascript parser")
(description "Acornjs is a Javascript parser with many options and an
--
2.39.1
J
J
jlicht wrote on 8 Feb 2023 22:05
[PATCH v3 01/16] gnu: node-acorn: Disable tests.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
8d6103e0d1eb4332a97deaa276fc019066625594.1675889756.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-acorn): Explicitly disable tests.
---
gnu/packages/node-xyz.scm | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

Toggle diff (16 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index a1e89f1759..51ea110e8c 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -46,7 +46,8 @@ (define-public node-acorn
(base32 "068h5gysz8bbslq31dva8f223rdf8l7w6nxcxjnv4zdprwkzkhaa"))))
(build-system node-build-system)
(arguments
- '(#:phases
+ '(#:tests? #f
+ #:phases
(modify-phases %standard-phases
(add-after 'unpack 'change-directory
(lambda _
--
2.39.1
J
J
jlicht wrote on 8 Feb 2023 22:05
[PATCH v3 03/16] gnu: node-acorn: Fix broken transpilation.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
f5916682ff6c2cb5fce0c55926a297788f04068b.1675889756.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-acorn)[native-inputs]: Add `esbuild'.
[arguments]<phases>: Replace build phase by custom `esbuild' invocations.
---
gnu/packages/node-xyz.scm | 26 +++++++++++++++++++++++++-
1 file changed, 25 insertions(+), 1 deletion(-)

Toggle diff (46 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index 5e7e6ae4d9..c9a853616e 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -5,6 +5,7 @@
;;; Copyright © 2021 Charles <charles.b.jackson@protonmail.com>
;;; Copyright © 2021 Philip McGrath <philip@philipmcgrath.com>
;;; Copyright © 2022 Nicolas Graves <ngraves@ngraves.fr>
+;;; Copyright © 2023 Jelle Licht <jlicht@fsfe.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -75,7 +76,30 @@ (define-public node-acorn
#t))
scripts-alist)))
(other other))
- pkg-meta-alist))))))))))
+ pkg-meta-alist)))))))
+ (replace 'build
+ (lambda* (#:key inputs native-inputs #:allow-other-keys)
+ (let ((esbuild (search-input-file (or native-inputs inputs)
+ "/bin/esbuild")))
+ (invoke esbuild
+ "src/index.js"
+ "--outfile=dist/acorn.js"
+ "--format=cjs"
+ "--bundle"
+ "--platform=node")
+ (invoke esbuild
+ "src/index.js"
+ "--outfile=dist/acorn.mjs"
+ "--format=esm"
+ "--bundle"
+ "--platform=node")
+ (invoke esbuild
+ "src/bin/acorn.js"
+ "--outfile=dist/bin.js"
+ "--format=cjs"
+ "--platform=node")))))))
+ (native-inputs
+ (list esbuild))
(home-page "https://github.com/acornjs/acorn/tree/master/acorn")
(synopsis "Javascript-based Javascript parser")
(description "Acornjs is a Javascript parser with many options and an
--
2.39.1
J
J
jlicht wrote on 8 Feb 2023 22:05
[PATCH v3 04/16] gnu: node-buffer-crc32: Ignore development dependencies.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
c67b5023d6e0eb0480e31d09e1f7e8081f368fc4.1675889756.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-acorn)[arguments]<phases>: Explicitly patch
out development dependencies. Re-enable configure phase.
---
gnu/packages/node-xyz.scm | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)

Toggle diff (19 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index c9a853616e..d527e3240a 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -123,10 +123,9 @@ (define-public node-buffer-crc32
(arguments
'(#:tests? #f
#:phases (modify-phases %standard-phases
- (replace 'configure
+ (add-after 'patch-dependencies 'delete-dependencies
(lambda _
- (invoke "npm" "--offline" "--ignore-scripts" "install"
- "--production"))))))
+ (delete-dependencies '("tap")))))))
(home-page "https://github.com/brianloveswords/buffer-crc32")
(synopsis "CRC32 implementation in Javascript")
(description
--
2.39.1
J
J
jlicht wrote on 8 Feb 2023 22:05
[PATCH v3 05/16] gnu: node-crx3: Ignore development dependencies.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
335da332bd9956c2cd2212a433616882965fd779.1675889756.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-crx3)[arguments]<phases>: Explicitly patch
out development dependencies. Re-enable configure phase.
---
gnu/packages/node-xyz.scm | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)

Toggle diff (26 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index d527e3240a..325dca84ce 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -179,10 +179,16 @@ (define-public node-crx3
(substitute* "lib/configuration.js"
(("mri")
"minimist"))))
- (replace 'configure
+ (add-after 'patch-dependencies 'delete-dependencies
(lambda _
- (invoke "npm" "--offline" "--ignore-scripts" "install"
- "--production"))))))
+ (delete-dependencies '("c8"
+ "docdash"
+ "eslint"
+ "eslint-plugin-jsdoc"
+ "jsdoc"
+ "tap-diff"
+ "tape"
+ "tape-catch")))))))
(inputs (list node-minimist node-pbf node-yazl))
(home-page "https://github.com/ahwayakchih/crx3")
(synopsis "Create CRXv3 browser extensions with Javascript")
--
2.39.1
J
J
jlicht wrote on 8 Feb 2023 22:05
[PATCH v3 06/16] gnu: node-minimist: Ignore development dependencies.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
23d89363a1d6eca76a0cad4d63223ad6b89c653f.1675889756.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-minimist)[arguments]<phases>: Explicitly
patch out development dependencies. Re-enable configure phase.
---
gnu/packages/node-xyz.scm | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)

Toggle diff (19 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index 325dca84ce..a03b9b4f1c 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -313,10 +313,9 @@ (define-public node-minimist
(arguments
'(#:tests? #f
#:phases (modify-phases %standard-phases
- (replace 'configure
+ (add-after 'patch-dependencies 'delete-dependencies
(lambda _
- (invoke "npm" "--offline" "--ignore-scripts" "install"
- "--production"))))))
+ (delete-dependencies '("covert" "tap" "tape")))))))
(home-page "https://github.com/substack/minimist")
(synopsis "Parse CLI arguments in Javascript")
(description "This package can scan for CLI flags and arguments in
--
2.39.1
J
J
jlicht wrote on 8 Feb 2023 22:05
[PATCH v3 07/16] gnu: node-pbf: Ignore development dependencies.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
c81e16ce3aed4bf71c3a0731bcbc37b3f78657ff.1675889756.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-pbf)[arguments]<phases>: Explicitly patch
out development dependencies. Re-enable configure phase.
---
gnu/packages/node-xyz.scm | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)

Toggle diff (29 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index a03b9b4f1c..07c5982996 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -364,10 +364,19 @@ (define-public node-pbf
(arguments
'(#:tests? #f
#:phases (modify-phases %standard-phases
- (replace 'configure
+ (add-after 'patch-dependencies 'delete-dependencies
(lambda _
- (invoke "npm" "--offline" "--ignore-scripts" "install"
- "--production"))))))
+ (delete-dependencies
+ '("benchmark"
+ "browserify"
+ "eslint"
+ "eslint-config-mourner"
+ "mkdirp"
+ "protobufjs"
+ "protocol-buffers"
+ "tap"
+ "tile-stats-runner"
+ "uglify-js")))))))
(inputs (list node-ieee754 node-resolve-protobuf-schema))
(home-page "https://github.com/mapbox/pbf")
(synopsis "Decode and encode protocol buffers in Javascript")
--
2.39.1
J
J
jlicht wrote on 8 Feb 2023 22:05
[PATCH v3 08/16] gnu: node-protocol-buffers-schema: Ignore development dependencies.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
99052ac6f8db018ba30fc3f8d5e5de99a497e68d.1675889756.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-protocol-buffers-schema)[arguments]<phases>:
Explicitly patch out development dependencies. Re-enable configure phase.
---
gnu/packages/node-xyz.scm | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)

Toggle diff (19 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index 07c5982996..e406b55b56 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -405,10 +405,9 @@ (define-public node-protocol-buffers-schema
(arguments
'(#:tests? #f
#:phases (modify-phases %standard-phases
- (replace 'configure
+ (add-after 'patch-dependencies 'delete-dependencies
(lambda _
- (invoke "npm" "--offline" "--ignore-scripts" "install"
- "--production"))))))
+ (delete-dependencies '("standard" "tape")))))))
(home-page "https://github.com/mafintosh/protocol-buffers-schema")
(synopsis "Protocol buffers schema parser written in Javascript")
(description "This package provides a protocol buffers schema parser
--
2.39.1
J
J
jlicht wrote on 8 Feb 2023 22:05
[PATCH v3 09/16] gnu: node-resolve-protobuf-schema: Ignore development dependencies.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
51ea54909f1d87c041aa463de133fc3c9ff91b65.1675889756.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-resolve-protobuf-schema)[arguments]<phases>:
Explicitly patch out development dependencies. Re-enable configure phase.
---
gnu/packages/node-xyz.scm | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)

Toggle diff (19 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index e406b55b56..21b5390833 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -431,10 +431,9 @@ (define-public node-resolve-protobuf-schema
(arguments
'(#:tests? #f
#:phases (modify-phases %standard-phases
- (replace 'configure
+ (add-after 'patch-dependencies 'delete-dependencies
(lambda _
- (invoke "npm" "--offline" "--ignore-scripts" "install"
- "--production"))))))
+ (delete-dependencies '("standard" "tape")))))))
(inputs (list node-protocol-buffers-schema))
(home-page "https://github.com/mafintosh/resolve-protobuf-schema")
(synopsis "Resolve protobuf imports")
--
2.39.1
J
J
jlicht wrote on 8 Feb 2023 22:05
[PATCH v3 10/16] gnu: node-ieee754: Ignore development dependencies.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
887d7ae22c3e3630685c732b78fa07eda63b6516.1675889756.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-ieee754)[arguments]<phases>: Explicitly
patch out development dependencies. Re-enable configure phase.
---
gnu/packages/node-xyz.scm | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)

Toggle diff (19 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index 21b5390833..d8939d1469 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -623,10 +623,9 @@ (define-public node-ieee754
(arguments
'(#:tests? #f
#:phases (modify-phases %standard-phases
- (replace 'configure
+ (add-after 'patch-dependencies 'delete-dependencies
(lambda _
- (invoke "npm" "--offline" "--ignore-scripts" "install"
- "--production"))))))
+ (delete-dependencies '("airtap" "standard" "tape")))))))
(home-page "https://github.com/feross/ieee754")
(synopsis "Read/write IEEE754 floating point numbers in Javascript")
(description "This package can read and write IEEE754 floating point
--
2.39.1
J
J
jlicht wrote on 8 Feb 2023 22:05
[PATCH v3 11/16] gnu: node-yazl: Ignore development dependencies.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
77007f8d7ddce77a1d8352e04d15d18b90f25b00.1675889756.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-yazl)[arguments]<phases>: Explicitly patch
out development dependencies. Re-enable configure phase.
---
gnu/packages/node-xyz.scm | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)

Toggle diff (19 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index d8939d1469..8740796a8c 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -1588,10 +1588,9 @@ (define-public node-yazl
(arguments
'(#:tests? #f
#:phases (modify-phases %standard-phases
- (replace 'configure
+ (add-after 'patch-dependencies 'delete-dependencies
(lambda _
- (invoke "npm" "--offline" "--ignore-scripts" "install"
- "--production"))))))
+ (delete-dependencies '("airtap" "bl" "istanbul" "yauzl")))))))
(inputs (list node-buffer-crc32))
(home-page "https://github.com/thejoshwolfe/yazl")
(synopsis "Yet another zip library for node")
--
2.39.1
J
J
jlicht wrote on 8 Feb 2023 22:05
[PATCH v3 12/16] gnu: node-uglify-js: Update to 3.14.2.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
6c0fc9a0ba5523ed73fa9d2fdf7a92b536951dac.1675889756.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/uglifyjs.scm (node-uglify-js): Update to 3.14.2.
---
gnu/packages/uglifyjs.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (24 lines)
diff --git a/gnu/packages/uglifyjs.scm b/gnu/packages/uglifyjs.scm
index b65d52b8df..1bd8bb6326 100644
--- a/gnu/packages/uglifyjs.scm
+++ b/gnu/packages/uglifyjs.scm
@@ -25,7 +25,7 @@ (define-module (gnu packages uglifyjs)
(define-public node-uglify-js
(package
(name "node-uglify-js")
- (version "3.13.9")
+ (version "3.14.2")
(source
(origin
(method git-fetch)
@@ -34,7 +34,7 @@ (define-public node-uglify-js
(commit (string-append "v" version))))
(file-name (git-file-name name version))
(sha256
- (base32 "0q1f91xwwm829cl5v727d4qkxy4yh7wri3pgl89f0m3a4y1n7hi4"))))
+ (base32 "1jraqpwzga4vbgq3xcn08jcfc87pm6nik7vpxvxa4rfjvz70a6k7"))))
(build-system node-build-system)
(native-inputs
(list node-acorn node-semver))
--
2.39.1
J
J
jlicht wrote on 8 Feb 2023 22:05
[PATCH v3 13/16] gnu: libuv-for-node: Update to 1.44.2.
(address . 59188@debbugs.gnu.org)
100d5686d61fe64636c46c124ddc90c53f3e5a58.1675889756.git.jlicht@fsfe.org
From: Hilton Chain <hako@ultrarare.space>

* gnu/packages/libevent.scm (libuv-for-node): Update to 1.44.2.
---
gnu/packages/libevent.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (23 lines)
diff --git a/gnu/packages/libevent.scm b/gnu/packages/libevent.scm
index f9722e4469..fa1e76b347 100644
--- a/gnu/packages/libevent.scm
+++ b/gnu/packages/libevent.scm
@@ -147,14 +147,14 @@ (define-public libuv-for-node
(package
(inherit libuv)
(name "libuv")
- (version "1.42.0")
+ (version "1.44.2")
(source (origin
(method url-fetch)
(uri (string-append "https://dist.libuv.org/dist/v" version
"/libuv-v" version ".tar.gz"))
(sha256
(base32
- "0wpb9pz3r8nksnrf4zbixj2kk9whr7abi45ydrwyv2js2ljrc4j3"))))
+ "1d1wy1061cf2mfygr2j6jbm0da2mhsf0l9yq4rjkqrsmijbdrz6c"))))
(properties '((hidden? . #t)))))
(define-public libuv-julia
--
2.39.1
J
J
jlicht wrote on 8 Feb 2023 22:05
[PATCH v3 14/16] gnu: llhttp-bootstrap: Update to 6.0.10.
(address . 59188@debbugs.gnu.org)
5074a5007a93e1e730f75f9a3ccdc3f4ae41d580.1675889756.git.jlicht@fsfe.org
From: Hilton Chain <hako@ultrarare.space>

* gnu/packages/node.scm (llhttp-bootstrap): Update to 6.0.10.
* gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch: Remove file.
* gnu/local.mk: Remove it.
---
gnu/local.mk | 1 -
gnu/packages/node.scm | 5 +-
.../llhttp-bootstrap-CVE-2020-8287.patch | 100 ------------------
3 files changed, 2 insertions(+), 104 deletions(-)
delete mode 100644 gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch

Toggle diff (143 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index a5f4b83961..60219dc756 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1482,7 +1482,6 @@ dist_patch_DATA = \
%D%/packages/patches/linuxdcpp-openssl-1.1.patch \
%D%/packages/patches/lirc-localstatedir.patch \
%D%/packages/patches/lirc-reproducible-build.patch \
- %D%/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch \
%D%/packages/patches/llvm-3.5-fix-clang-build-with-gcc5.patch \
%D%/packages/patches/llvm-3.6-fix-build-with-gcc-10.patch \
%D%/packages/patches/llvm-3.x.1-fix-build-with-gcc.patch \
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index be39f3b25a..de847490a3 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -668,7 +668,7 @@ (define-public node-llparse-bootstrap
(define-public llhttp-bootstrap
(package
(name "llhttp")
- (version "2.1.4")
+ (version "6.0.10")
(source (origin
(method git-fetch)
(uri (git-reference
@@ -677,8 +677,7 @@ (define-public llhttp-bootstrap
(file-name (git-file-name name version))
(sha256
(base32
- "115mwyds9655p76lhglxg2blc1ksgrix6zhigaxnc2q6syy3pa6x"))
- (patches (search-patches "llhttp-bootstrap-CVE-2020-8287.patch"))
+ "0izwqa77y007xdi0bj3ccw821n19rz89mz4hx4lg99fwkwylr6x8"))
(modules '((guix build utils)))
(snippet
'(begin
diff --git a/gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch b/gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch
deleted file mode 100644
index 215c920e53..0000000000
--- a/gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch
+++ /dev/null
@@ -1,100 +0,0 @@
-This patch comes from upstream. It corresponds to a patch applied to
-the generated C source code for llhttp included in Node.js 14.16.0
-(see commit 641f786bb1a1f6eb1ff8750782ed939780f2b31a). That commit
-fixes CVE-2020-8287. With this patch, the output of our
-llhttp-bootstrap package matches the files included in Node.js 14.16.0
-exactly.
-
-commit e9b36ea64709c35ca66094d5cf3787f444029601
-Author: Fedor Indutny <fedor@indutny.com>
-Date: Sat Oct 10 19:56:01 2020 -0700
-
- http: unset `F_CHUNKED` on new `Transfer-Encoding`
-
- Duplicate `Transfer-Encoding` header should be a treated as a single,
- but with original header values concatenated with a comma separator. In
- the light of this, even if the past `Transfer-Encoding` ended with
- `chunked`, we should be not let the `F_CHUNKED` to leak into the next
- header, because mere presence of another header indicates that `chunked`
- is not the last transfer-encoding token.
-
-diff --git a/src/llhttp/http.ts b/src/llhttp/http.ts
-index f4f1a6e..0a0c365 100644
---- a/src/llhttp/http.ts
-+++ b/src/llhttp/http.ts
-@@ -460,11 +460,19 @@ export class HTTP {
- .match([ ' ', '\t' ], n('header_value_discard_ws'))
- .otherwise(checkContentLengthEmptiness);
-
-+ // Multiple `Transfer-Encoding` headers should be treated as one, but with
-+ // values separate by a comma.
-+ //
-+ // See: https://tools.ietf.org/html/rfc7230#section-3.2.2
-+ const toTransferEncoding = this.unsetFlag(
-+ FLAGS.CHUNKED,
-+ 'header_value_te_chunked');
-+
- n('header_value_start')
- .otherwise(this.load('header_state', {
- [HEADER_STATE.UPGRADE]: this.setFlag(FLAGS.UPGRADE, fallback),
- [HEADER_STATE.TRANSFER_ENCODING]: this.setFlag(
-- FLAGS.TRANSFER_ENCODING, 'header_value_te_chunked'),
-+ FLAGS.TRANSFER_ENCODING, toTransferEncoding),
- [HEADER_STATE.CONTENT_LENGTH]: n('header_value_content_length_once'),
- [HEADER_STATE.CONNECTION]: n('header_value_connection'),
- }, 'header_value'));
-@@ -847,6 +855,11 @@ export class HTTP {
- return span.start(span.end(this.node(next)));
- }
-
-+ private unsetFlag(flag: FLAGS, next: string | Node): Node {
-+ const p = this.llparse;
-+ return p.invoke(p.code.and('flags', ~flag), this.node(next));
-+ }
-+
- private setFlag(flag: FLAGS, next: string | Node): Node {
- const p = this.llparse;
- return p.invoke(p.code.or('flags', flag), this.node(next));
-diff --git a/test/request/transfer-encoding.md b/test/request/transfer-encoding.md
-index a7d1681..b0891d6 100644
---- a/test/request/transfer-encoding.md
-+++ b/test/request/transfer-encoding.md
-@@ -353,6 +353,38 @@ off=106 headers complete method=3 v=1/1 flags=200 content_length=0
- off=106 error code=15 reason="Request has invalid `Transfer-Encoding`"
- ```
-
-+## POST with `chunked` and duplicate transfer-encoding
-+
-+<!-- meta={"type": "request", "noScan": true} -->
-+```http
-+POST /post_identity_body_world?q=search#hey HTTP/1.1
-+Accept: */*
-+Transfer-Encoding: chunked
-+Transfer-Encoding: deflate
-+
-+World
-+```
-+
-+```log
-+off=0 message begin
-+off=5 len=38 span[url]="/post_identity_body_world?q=search#hey"
-+off=44 url complete
-+off=54 len=6 span[header_field]="Accept"
-+off=61 header_field complete
-+off=62 len=3 span[header_value]="*/*"
-+off=67 header_value complete
-+off=67 len=17 span[header_field]="Transfer-Encoding"
-+off=85 header_field complete
-+off=86 len=7 span[header_value]="chunked"
-+off=95 header_value complete
-+off=95 len=17 span[header_field]="Transfer-Encoding"
-+off=113 header_field complete
-+off=114 len=7 span[header_value]="deflate"
-+off=123 header_value complete
-+off=125 headers complete method=3 v=1/1 flags=200 content_length=0
-+off=125 error code=15 reason="Request has invalid `Transfer-Encoding`"
-+```
-+
- ## POST with `chunked` before other transfer-coding (lenient)
-
- TODO(indutny): should we allow it even in lenient mode? (Consider disabling
--
2.39.1
J
J
jlicht wrote on 8 Feb 2023 22:05
[PATCH v3 15/16] gnu: node-lts: Update to 18.14.0.
(address . 59188@debbugs.gnu.org)
d673ac3abaf0b09e5e317b463fed6a81962be2a0.1675889756.git.jlicht@fsfe.org
From: Hilton Chain <hako@ultrarare.space>

* gnu/packages/node.scm (node-lts): Update to 18.14.0.
[snippet]: Keep file deps/openssl/nodejs-openssl.cnf.
[arguments]<#:configure-flags>: Enable v8 snapshot compression.
<#:phases>: Adjust problematic tests to delete accordingly.
Patch additional file with hardcoded references to /bin/sh.
[native-inputs,inputs]: Replace openssl-1.1 with openssl.
---
gnu/packages/node.scm | 40 ++++++++++++++++++++++++++++------------
1 file changed, 28 insertions(+), 12 deletions(-)

Toggle diff (113 lines)
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index de847490a3..03dfa8875f 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -11,6 +11,7 @@
;;; Copyright © 2021 Simon Tournier <zimon.toutoune@gmail.com>
;;; Copyright © 2021 Guillaume Le Vaillant <glv@posteo.net>
;;; Copyright © 2021, 2022 Philip McGrath <philip@philipmcgrath.com>
+;;; Copyright © 2022 Hilton Chain <hako@ultrarare.space>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -737,23 +738,28 @@ (define-public llhttp-bootstrap
(define-public node-lts
(package
(inherit node)
- (version "14.19.3")
+ (version "18.14.0")
(source (origin
(method url-fetch)
(uri (string-append "https://nodejs.org/dist/v" version
- "/node-v" version ".tar.xz"))
+ "/node-v" version ".tar.gz"))
(sha256
(base32
- "15691j5zhiikyamiwwd7f282g6d9acfhq91nrwx54xya38gmpx2w"))
+ "0sscc084lbh1008zzmibaxbl7y4n6cbsnlprisckr3fc3rbdj4sa"))
(modules '((guix build utils)))
(snippet
`(begin
+ ;; openssl.cnf is required for build.
+ (for-each delete-file-recursively
+ (find-files "deps/openssl"
+ (lambda (file stat)
+ (if (string-contains file "nodejs-openssl.cnf")
+ #f #t))))
;; Remove bundled software, where possible
(for-each delete-file-recursively
'("deps/cares"
"deps/icu-small"
"deps/nghttp2"
- "deps/openssl"
"deps/zlib"))
(substitute* "Makefile"
;; Remove references to bundled software.
@@ -769,7 +775,9 @@ (define-public node-lts
"--shared-openssl"
"--shared-zlib"
"--shared-brotli"
- "--with-intl=system-icu"))
+ "--with-intl=system-icu"
+ ;;Needed for correct snapshot checksums
+ "--v8-enable-snapshot-compression"))
((#:phases phases)
`(modify-phases ,phases
(replace 'set-bootstrap-host-rpath
@@ -802,23 +810,31 @@ (define-public node-lts
libuv "/lib:"
zlib "/lib"
"'],"))))))
+ (add-after 'patch-hardcoded-program-references
+ 'patch-additional-hardcoded-program-references
+ (lambda* (#:key inputs #:allow-other-keys)
+ (substitute* "test/parallel/test-stdin-from-file-spawn.js"
+ (("'/bin/sh'") (string-append
+ "'" (search-input-file inputs "/bin/sh")
+ "'")))))
(replace 'delete-problematic-tests
(lambda* (#:key inputs #:allow-other-keys)
;; FIXME: These tests fail in the build container, but they don't
;; seem to be indicative of real problems in practice.
(for-each delete-file
- '("test/parallel/test-cluster-master-error.js"
- "test/parallel/test-cluster-master-kill.js"))
+ '("test/parallel/test-cluster-primary-error.js"
+ "test/parallel/test-cluster-primary-kill.js"))
;; These require a DNS resolver.
(for-each delete-file
'("test/parallel/test-dns.js"
- "test/parallel/test-dns-lookupService-promises.js"))
+ "test/parallel/test-dns-lookupService-promises.js"
+ "test/parallel/test-net-socket-connect-without-cb.js"
+ "test/parallel/test-tcp-wrap-listen.js"))
;; These tests require networking.
(for-each delete-file
- '("test/parallel/test-https-agent-unref-socket.js"
- "test/parallel/test-corepack-yarn-install.js"))
+ '("test/parallel/test-https-agent-unref-socket.js"))
;; This test is timing-sensitive, and fails sporadically on
;; slow, busy, or even very fast machines.
@@ -868,7 +884,7 @@ (define-public node-lts
icu4c-71
libuv-for-node
`(,nghttp2 "lib")
- openssl-1.1
+ openssl
zlib
;; Regular build-time dependencies.
perl
@@ -885,7 +901,7 @@ (define-public node-lts
llhttp-bootstrap
brotli
`(,nghttp2 "lib")
- openssl-1.1
+ openssl
python-wrapper ;; for node-gyp (supports python3)
zlib))))
--
2.39.1
J
J
jlicht wrote on 8 Feb 2023 22:05
[PATCH v3 16/16] gnu: libnode: Use node-lts as base.
(address . 59188@debbugs.gnu.org)
fb44d1d8d39632b63c0f73e85270c030087bb172.1675889756.git.jlicht@fsfe.org
From: Hilton Chain <hako@ultrarare.space>

* gnu/packages/node.scm (libnode): Use node-lts as base.
* gnu/packages/cran.scm (r-v8)[arguments]<#:phases>: Adjusted accordingly.
---
gnu/packages/cran.scm | 2 +-
gnu/packages/node.scm | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)

Toggle diff (32 lines)
diff --git a/gnu/packages/cran.scm b/gnu/packages/cran.scm
index 7ca7ab0f9a..3cbfe0c8b1 100644
--- a/gnu/packages/cran.scm
+++ b/gnu/packages/cran.scm
@@ -1097,7 +1097,7 @@ (define-public r-v8
(("^PKG_LIBS=.*")
(string-append "PKG_LIBS="
(assoc-ref inputs "libnode")
- "/lib/libnode.so.64\n")))
+ "/lib/libnode.so.108\n")))
(setenv "INCLUDE_DIR"
(string-append
(assoc-ref inputs "libnode")
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index 03dfa8875f..070a5b070b 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -906,10 +906,10 @@ (define-public node-lts
zlib))))
(define-public libnode
- (package/inherit node
+ (package/inherit node-lts
(name "libnode")
(arguments
- (substitute-keyword-arguments (package-arguments node)
+ (substitute-keyword-arguments (package-arguments node-lts)
((#:configure-flags flags ''())
`(cons* "--shared" "--without-npm" ,flags))
((#:phases phases '%standard-phases)
--
2.39.1
J
J
jlicht wrote on 2 Mar 2023 23:53
[PATCH v4 01/16] gnu: node-acorn: Disable tests.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
9d5b77504ca1eab3f11a8edb34df78c669ab8dd8.1677797608.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-acorn): Explicitly disable tests.
---

(no changes since v1)

gnu/packages/node-xyz.scm | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

Toggle diff (16 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index 991113c05b..e89117beca 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -46,7 +46,8 @@ (define-public node-acorn
(base32 "068h5gysz8bbslq31dva8f223rdf8l7w6nxcxjnv4zdprwkzkhaa"))))
(build-system node-build-system)
(arguments
- '(#:phases
+ '(#:tests? #f
+ #:phases
(modify-phases %standard-phases
(add-after 'unpack 'change-directory
(lambda _
--
2.39.1
J
J
jlicht wrote on 2 Mar 2023 23:53
[PATCH v4 00/16] Updating node-lts to 18.X
(address . 59188@debbugs.gnu.org)
cover.1677797608.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

To prevent bitrot, I rebased and built it all locally.

Changes in v4:
- node-lts to 18.14.2

Hilton Chain (4):
gnu: libuv-for-node: Update to 1.44.2.
gnu: llhttp-bootstrap: Update to 6.0.10.
gnu: node-lts: Update to 18.14.2.
gnu: libnode: Use node-lts as base.

Jelle Licht (12):
gnu: node-acorn: Disable tests.
gnu: node-acorn: Remove lifecycle script.
gnu: node-acorn: Fix broken transpilation.
gnu: node-buffer-crc32: Ignore development dependencies.
gnu: node-crx3: Ignore development dependencies.
gnu: node-minimist: Ignore development dependencies.
gnu: node-pbf: Ignore development dependencies.
gnu: node-protocol-buffers-schema: Ignore development dependencies.
gnu: node-resolve-protobuf-schema: Ignore development dependencies.
gnu: node-ieee754: Ignore development dependencies.
gnu: node-yazl: Ignore development dependencies.
gnu: node-uglify-js: Update to 3.14.2.

gnu/local.mk | 1 -
gnu/packages/cran.scm | 2 +-
gnu/packages/libevent.scm | 4 +-
gnu/packages/node-xyz.scm | 110 +++++++++++++-----
gnu/packages/node.scm | 49 +++++---
.../llhttp-bootstrap-CVE-2020-8287.patch | 100 ----------------
gnu/packages/uglifyjs.scm | 4 +-
7 files changed, 121 insertions(+), 149 deletions(-)
delete mode 100644 gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch

--
2.39.1
J
J
jlicht wrote on 2 Mar 2023 23:53
[PATCH v4 02/16] gnu: node-acorn: Remove lifecycle script.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
9e295957dc0905d874c75609d88104f6cc7e2189.1677797608.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-acorn)[arguments]<modules>: New argument.
<phases>: Patch out unused 'prepare' script that breaks dependents.
---

(no changes since v1)

gnu/packages/node-xyz.scm | 26 +++++++++++++++++++++++++-
1 file changed, 25 insertions(+), 1 deletion(-)

Toggle diff (43 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index e89117beca..e3d8c7ca19 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -47,11 +47,35 @@ (define-public node-acorn
(build-system node-build-system)
(arguments
'(#:tests? #f
+ #:modules
+ ((guix build node-build-system)
+ (srfi srfi-1)
+ (ice-9 match)
+ (guix build utils))
#:phases
(modify-phases %standard-phases
(add-after 'unpack 'change-directory
(lambda _
- (chdir "acorn"))))))
+ (chdir "acorn")))
+ (add-before 'configure 'avoid-prepare-scripts
+ (lambda _
+ ;; We need to remove the prepare script from "package.json", as
+ ;; it would try to use the build environment and would block the
+ ;; automatic building by other packages making use of node-acorn.
+ ;; TODO: Add utility function
+ (with-atomic-json-file-replacement "package.json"
+ (match-lambda
+ (('@ . pkg-meta-alist)
+ (cons '@ (map (match-lambda
+ (("scripts" @ . scripts-alist)
+ `("scripts" @ ,@(filter (match-lambda
+ (("prepare" . _)
+ #f)
+ (_
+ #t))
+ scripts-alist)))
+ (other other))
+ pkg-meta-alist))))))))))
(home-page "https://github.com/acornjs/acorn/tree/master/acorn")
(synopsis "Javascript-based Javascript parser")
(description "Acornjs is a Javascript parser with many options and an
--
2.39.1
J
J
jlicht wrote on 2 Mar 2023 23:53
[PATCH v4 03/16] gnu: node-acorn: Fix broken transpilation.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
56d43fa5f6bb62d2d41303acd70650b64324723d.1677797608.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-acorn)[native-inputs]: Add `esbuild'.
[arguments]<phases>: Replace build phase by custom `esbuild' invocations.
---

(no changes since v1)

gnu/packages/node-xyz.scm | 26 +++++++++++++++++++++++++-
1 file changed, 25 insertions(+), 1 deletion(-)

Toggle diff (46 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index e3d8c7ca19..d75ccc199a 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -5,6 +5,7 @@
;;; Copyright © 2021 Charles <charles.b.jackson@protonmail.com>
;;; Copyright © 2021 Philip McGrath <philip@philipmcgrath.com>
;;; Copyright © 2022 Nicolas Graves <ngraves@ngraves.fr>
+;;; Copyright © 2023 Jelle Licht <jlicht@fsfe.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -75,7 +76,30 @@ (define-public node-acorn
#t))
scripts-alist)))
(other other))
- pkg-meta-alist))))))))))
+ pkg-meta-alist)))))))
+ (replace 'build
+ (lambda* (#:key inputs native-inputs #:allow-other-keys)
+ (let ((esbuild (search-input-file (or native-inputs inputs)
+ "/bin/esbuild")))
+ (invoke esbuild
+ "src/index.js"
+ "--outfile=dist/acorn.js"
+ "--format=cjs"
+ "--bundle"
+ "--platform=node")
+ (invoke esbuild
+ "src/index.js"
+ "--outfile=dist/acorn.mjs"
+ "--format=esm"
+ "--bundle"
+ "--platform=node")
+ (invoke esbuild
+ "src/bin/acorn.js"
+ "--outfile=dist/bin.js"
+ "--format=cjs"
+ "--platform=node")))))))
+ (native-inputs
+ (list esbuild))
(home-page "https://github.com/acornjs/acorn/tree/master/acorn")
(synopsis "Javascript-based Javascript parser")
(description "Acornjs is a Javascript parser with many options and an
--
2.39.1
J
J
jlicht wrote on 2 Mar 2023 23:53
[PATCH v4 04/16] gnu: node-buffer-crc32: Ignore development dependencies.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
e155b30e4e110af1ff02b8a59cbf4767a5e946d1.1677797608.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-acorn)[arguments]<phases>: Explicitly patch
out development dependencies. Re-enable configure phase.
---

(no changes since v1)

gnu/packages/node-xyz.scm | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)

Toggle diff (19 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index d75ccc199a..96901e7bf8 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -123,10 +123,9 @@ (define-public node-buffer-crc32
(arguments
'(#:tests? #f
#:phases (modify-phases %standard-phases
- (replace 'configure
+ (add-after 'patch-dependencies 'delete-dependencies
(lambda _
- (invoke "npm" "--offline" "--ignore-scripts" "install"
- "--production"))))))
+ (delete-dependencies '("tap")))))))
(home-page "https://github.com/brianloveswords/buffer-crc32")
(synopsis "CRC32 implementation in Javascript")
(description
--
2.39.1
J
J
jlicht wrote on 2 Mar 2023 23:53
[PATCH v4 05/16] gnu: node-crx3: Ignore development dependencies.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
531831ef068842818e34c4873116973e8954b33a.1677797608.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-crx3)[arguments]<phases>: Explicitly patch
out development dependencies. Re-enable configure phase.
---

(no changes since v1)

gnu/packages/node-xyz.scm | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)

Toggle diff (26 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index 96901e7bf8..00d93d3185 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -179,10 +179,16 @@ (define-public node-crx3
(substitute* "lib/configuration.js"
(("mri")
"minimist"))))
- (replace 'configure
+ (add-after 'patch-dependencies 'delete-dependencies
(lambda _
- (invoke "npm" "--offline" "--ignore-scripts" "install"
- "--production"))))))
+ (delete-dependencies '("c8"
+ "docdash"
+ "eslint"
+ "eslint-plugin-jsdoc"
+ "jsdoc"
+ "tap-diff"
+ "tape"
+ "tape-catch")))))))
(inputs (list node-minimist node-pbf node-yazl))
(home-page "https://github.com/ahwayakchih/crx3")
(synopsis "Create CRXv3 browser extensions with Javascript")
--
2.39.1
J
J
jlicht wrote on 2 Mar 2023 23:53
[PATCH v4 06/16] gnu: node-minimist: Ignore development dependencies.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
92926051ffcc8e9c0ab766de6a9ffe6f66b1342e.1677797608.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-minimist)[arguments]<phases>: Explicitly
patch out development dependencies. Re-enable configure phase.
---

(no changes since v1)

gnu/packages/node-xyz.scm | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)

Toggle diff (19 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index 00d93d3185..847004501a 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -313,10 +313,9 @@ (define-public node-minimist
(arguments
'(#:tests? #f
#:phases (modify-phases %standard-phases
- (replace 'configure
+ (add-after 'patch-dependencies 'delete-dependencies
(lambda _
- (invoke "npm" "--offline" "--ignore-scripts" "install"
- "--production"))))))
+ (delete-dependencies '("covert" "tap" "tape")))))))
(home-page "https://github.com/substack/minimist")
(synopsis "Parse CLI arguments in Javascript")
(description "This package can scan for CLI flags and arguments in
--
2.39.1
J
J
jlicht wrote on 2 Mar 2023 23:53
[PATCH v4 07/16] gnu: node-pbf: Ignore development dependencies.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
28bca9c7ddadb4fb1917b40cd27a46bded7dc48c.1677797608.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-pbf)[arguments]<phases>: Explicitly patch
out development dependencies. Re-enable configure phase.
---

(no changes since v1)

gnu/packages/node-xyz.scm | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)

Toggle diff (29 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index 847004501a..680be0ad3f 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -364,10 +364,19 @@ (define-public node-pbf
(arguments
'(#:tests? #f
#:phases (modify-phases %standard-phases
- (replace 'configure
+ (add-after 'patch-dependencies 'delete-dependencies
(lambda _
- (invoke "npm" "--offline" "--ignore-scripts" "install"
- "--production"))))))
+ (delete-dependencies
+ '("benchmark"
+ "browserify"
+ "eslint"
+ "eslint-config-mourner"
+ "mkdirp"
+ "protobufjs"
+ "protocol-buffers"
+ "tap"
+ "tile-stats-runner"
+ "uglify-js")))))))
(inputs (list node-ieee754 node-resolve-protobuf-schema))
(home-page "https://github.com/mapbox/pbf")
(synopsis "Decode and encode protocol buffers in Javascript")
--
2.39.1
J
J
jlicht wrote on 2 Mar 2023 23:53
[PATCH v4 08/16] gnu: node-protocol-buffers-schema: Ignore development dependencies.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
1913a78fdb5001b7cca8451c6fa208da68476c32.1677797608.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-protocol-buffers-schema)[arguments]<phases>:
Explicitly patch out development dependencies. Re-enable configure phase.
---

(no changes since v1)

gnu/packages/node-xyz.scm | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)

Toggle diff (19 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index 680be0ad3f..1b581cf3a7 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -405,10 +405,9 @@ (define-public node-protocol-buffers-schema
(arguments
'(#:tests? #f
#:phases (modify-phases %standard-phases
- (replace 'configure
+ (add-after 'patch-dependencies 'delete-dependencies
(lambda _
- (invoke "npm" "--offline" "--ignore-scripts" "install"
- "--production"))))))
+ (delete-dependencies '("standard" "tape")))))))
(home-page "https://github.com/mafintosh/protocol-buffers-schema")
(synopsis "Protocol buffers schema parser written in Javascript")
(description "This package provides a protocol buffers schema parser
--
2.39.1
J
J
jlicht wrote on 2 Mar 2023 23:53
[PATCH v4 09/16] gnu: node-resolve-protobuf-schema: Ignore development dependencies.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
c7721ea6f32894e0b41c4b0044f4f78481571bc2.1677797608.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-resolve-protobuf-schema)[arguments]<phases>:
Explicitly patch out development dependencies. Re-enable configure phase.
---

(no changes since v1)

gnu/packages/node-xyz.scm | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)

Toggle diff (19 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index 1b581cf3a7..cbf2665940 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -431,10 +431,9 @@ (define-public node-resolve-protobuf-schema
(arguments
'(#:tests? #f
#:phases (modify-phases %standard-phases
- (replace 'configure
+ (add-after 'patch-dependencies 'delete-dependencies
(lambda _
- (invoke "npm" "--offline" "--ignore-scripts" "install"
- "--production"))))))
+ (delete-dependencies '("standard" "tape")))))))
(inputs (list node-protocol-buffers-schema))
(home-page "https://github.com/mafintosh/resolve-protobuf-schema")
(synopsis "Resolve protobuf imports")
--
2.39.1
J
J
jlicht wrote on 2 Mar 2023 23:53
[PATCH v4 10/16] gnu: node-ieee754: Ignore development dependencies.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
a49298e2f71c2128d01edce45982b61ba5644fbd.1677797608.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-ieee754)[arguments]<phases>: Explicitly
patch out development dependencies. Re-enable configure phase.
---

(no changes since v1)

gnu/packages/node-xyz.scm | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)

Toggle diff (19 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index cbf2665940..628fe41d28 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -623,10 +623,9 @@ (define-public node-ieee754
(arguments
'(#:tests? #f
#:phases (modify-phases %standard-phases
- (replace 'configure
+ (add-after 'patch-dependencies 'delete-dependencies
(lambda _
- (invoke "npm" "--offline" "--ignore-scripts" "install"
- "--production"))))))
+ (delete-dependencies '("airtap" "standard" "tape")))))))
(home-page "https://github.com/feross/ieee754")
(synopsis "Read/write IEEE754 floating point numbers in Javascript")
(description "This package can read and write IEEE754 floating point
--
2.39.1
J
J
jlicht wrote on 2 Mar 2023 23:53
[PATCH v4 11/16] gnu: node-yazl: Ignore development dependencies.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
a9d2a1449f92ad06c6de205ef059f7ecec3bf2ec.1677797608.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-yazl)[arguments]<phases>: Explicitly patch
out development dependencies. Re-enable configure phase.
---

(no changes since v1)

gnu/packages/node-xyz.scm | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)

Toggle diff (19 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index 628fe41d28..b85507f52f 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -1588,10 +1588,9 @@ (define-public node-yazl
(arguments
'(#:tests? #f
#:phases (modify-phases %standard-phases
- (replace 'configure
+ (add-after 'patch-dependencies 'delete-dependencies
(lambda _
- (invoke "npm" "--offline" "--ignore-scripts" "install"
- "--production"))))))
+ (delete-dependencies '("airtap" "bl" "istanbul" "yauzl")))))))
(inputs (list node-buffer-crc32))
(home-page "https://github.com/thejoshwolfe/yazl")
(synopsis "Yet another zip library for node")
--
2.39.1
J
J
jlicht wrote on 2 Mar 2023 23:53
[PATCH v4 12/16] gnu: node-uglify-js: Update to 3.14.2.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
bd72a4432a553986bd3b95ee1df721d76bfc4e56.1677797608.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/uglifyjs.scm (node-uglify-js): Update to 3.14.2.
---

(no changes since v1)

gnu/packages/uglifyjs.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (24 lines)
diff --git a/gnu/packages/uglifyjs.scm b/gnu/packages/uglifyjs.scm
index b65d52b8df..1bd8bb6326 100644
--- a/gnu/packages/uglifyjs.scm
+++ b/gnu/packages/uglifyjs.scm
@@ -25,7 +25,7 @@ (define-module (gnu packages uglifyjs)
(define-public node-uglify-js
(package
(name "node-uglify-js")
- (version "3.13.9")
+ (version "3.14.2")
(source
(origin
(method git-fetch)
@@ -34,7 +34,7 @@ (define-public node-uglify-js
(commit (string-append "v" version))))
(file-name (git-file-name name version))
(sha256
- (base32 "0q1f91xwwm829cl5v727d4qkxy4yh7wri3pgl89f0m3a4y1n7hi4"))))
+ (base32 "1jraqpwzga4vbgq3xcn08jcfc87pm6nik7vpxvxa4rfjvz70a6k7"))))
(build-system node-build-system)
(native-inputs
(list node-acorn node-semver))
--
2.39.1
J
J
jlicht wrote on 2 Mar 2023 23:53
[PATCH v4 13/16] gnu: libuv-for-node: Update to 1.44.2.
(address . 59188@debbugs.gnu.org)(name . Hilton Chain)(address . hako@ultrarare.space)
3e4353c6b808ea254d7b95f1de8b52f9f66a536d.1677797608.git.jlicht@fsfe.org
From: Hilton Chain <hako@ultrarare.space>

* gnu/packages/libevent.scm (libuv-for-node): Update to 1.44.2.
---

(no changes since v1)

gnu/packages/libevent.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (23 lines)
diff --git a/gnu/packages/libevent.scm b/gnu/packages/libevent.scm
index f9722e4469..fa1e76b347 100644
--- a/gnu/packages/libevent.scm
+++ b/gnu/packages/libevent.scm
@@ -147,14 +147,14 @@ (define-public libuv-for-node
(package
(inherit libuv)
(name "libuv")
- (version "1.42.0")
+ (version "1.44.2")
(source (origin
(method url-fetch)
(uri (string-append "https://dist.libuv.org/dist/v" version
"/libuv-v" version ".tar.gz"))
(sha256
(base32
- "0wpb9pz3r8nksnrf4zbixj2kk9whr7abi45ydrwyv2js2ljrc4j3"))))
+ "1d1wy1061cf2mfygr2j6jbm0da2mhsf0l9yq4rjkqrsmijbdrz6c"))))
(properties '((hidden? . #t)))))
(define-public libuv-julia
--
2.39.1
J
J
jlicht wrote on 2 Mar 2023 23:53
[PATCH v4 14/16] gnu: llhttp-bootstrap: Update to 6.0.10.
(address . 59188@debbugs.gnu.org)(name . Hilton Chain)(address . hako@ultrarare.space)
65e9b51985703470a4742e4bc4bf56bca0c200c2.1677797608.git.jlicht@fsfe.org
From: Hilton Chain <hako@ultrarare.space>

* gnu/packages/node.scm (llhttp-bootstrap): Update to 6.0.10.
* gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch: Remove file.
* gnu/local.mk: Remove it.
---

(no changes since v1)

gnu/local.mk | 1 -
gnu/packages/node.scm | 5 +-
.../llhttp-bootstrap-CVE-2020-8287.patch | 100 ------------------
3 files changed, 2 insertions(+), 104 deletions(-)
delete mode 100644 gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch

Toggle diff (143 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index 69781a0b8b..aab630a216 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1489,7 +1489,6 @@ dist_patch_DATA = \
%D%/packages/patches/linuxdcpp-openssl-1.1.patch \
%D%/packages/patches/lirc-localstatedir.patch \
%D%/packages/patches/lirc-reproducible-build.patch \
- %D%/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch \
%D%/packages/patches/llvm-3.5-fix-clang-build-with-gcc5.patch \
%D%/packages/patches/llvm-3.6-fix-build-with-gcc-10.patch \
%D%/packages/patches/llvm-3.x.1-fix-build-with-gcc.patch \
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index be39f3b25a..de847490a3 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -668,7 +668,7 @@ (define-public node-llparse-bootstrap
(define-public llhttp-bootstrap
(package
(name "llhttp")
- (version "2.1.4")
+ (version "6.0.10")
(source (origin
(method git-fetch)
(uri (git-reference
@@ -677,8 +677,7 @@ (define-public llhttp-bootstrap
(file-name (git-file-name name version))
(sha256
(base32
- "115mwyds9655p76lhglxg2blc1ksgrix6zhigaxnc2q6syy3pa6x"))
- (patches (search-patches "llhttp-bootstrap-CVE-2020-8287.patch"))
+ "0izwqa77y007xdi0bj3ccw821n19rz89mz4hx4lg99fwkwylr6x8"))
(modules '((guix build utils)))
(snippet
'(begin
diff --git a/gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch b/gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch
deleted file mode 100644
index 215c920e53..0000000000
--- a/gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch
+++ /dev/null
@@ -1,100 +0,0 @@
-This patch comes from upstream. It corresponds to a patch applied to
-the generated C source code for llhttp included in Node.js 14.16.0
-(see commit 641f786bb1a1f6eb1ff8750782ed939780f2b31a). That commit
-fixes CVE-2020-8287. With this patch, the output of our
-llhttp-bootstrap package matches the files included in Node.js 14.16.0
-exactly.
-
-commit e9b36ea64709c35ca66094d5cf3787f444029601
-Author: Fedor Indutny <fedor@indutny.com>
-Date: Sat Oct 10 19:56:01 2020 -0700
-
- http: unset `F_CHUNKED` on new `Transfer-Encoding`
-
- Duplicate `Transfer-Encoding` header should be a treated as a single,
- but with original header values concatenated with a comma separator. In
- the light of this, even if the past `Transfer-Encoding` ended with
- `chunked`, we should be not let the `F_CHUNKED` to leak into the next
- header, because mere presence of another header indicates that `chunked`
- is not the last transfer-encoding token.
-
-diff --git a/src/llhttp/http.ts b/src/llhttp/http.ts
-index f4f1a6e..0a0c365 100644
---- a/src/llhttp/http.ts
-+++ b/src/llhttp/http.ts
-@@ -460,11 +460,19 @@ export class HTTP {
- .match([ ' ', '\t' ], n('header_value_discard_ws'))
- .otherwise(checkContentLengthEmptiness);
-
-+ // Multiple `Transfer-Encoding` headers should be treated as one, but with
-+ // values separate by a comma.
-+ //
-+ // See: https://tools.ietf.org/html/rfc7230#section-3.2.2
-+ const toTransferEncoding = this.unsetFlag(
-+ FLAGS.CHUNKED,
-+ 'header_value_te_chunked');
-+
- n('header_value_start')
- .otherwise(this.load('header_state', {
- [HEADER_STATE.UPGRADE]: this.setFlag(FLAGS.UPGRADE, fallback),
- [HEADER_STATE.TRANSFER_ENCODING]: this.setFlag(
-- FLAGS.TRANSFER_ENCODING, 'header_value_te_chunked'),
-+ FLAGS.TRANSFER_ENCODING, toTransferEncoding),
- [HEADER_STATE.CONTENT_LENGTH]: n('header_value_content_length_once'),
- [HEADER_STATE.CONNECTION]: n('header_value_connection'),
- }, 'header_value'));
-@@ -847,6 +855,11 @@ export class HTTP {
- return span.start(span.end(this.node(next)));
- }
-
-+ private unsetFlag(flag: FLAGS, next: string | Node): Node {
-+ const p = this.llparse;
-+ return p.invoke(p.code.and('flags', ~flag), this.node(next));
-+ }
-+
- private setFlag(flag: FLAGS, next: string | Node): Node {
- const p = this.llparse;
- return p.invoke(p.code.or('flags', flag), this.node(next));
-diff --git a/test/request/transfer-encoding.md b/test/request/transfer-encoding.md
-index a7d1681..b0891d6 100644
---- a/test/request/transfer-encoding.md
-+++ b/test/request/transfer-encoding.md
-@@ -353,6 +353,38 @@ off=106 headers complete method=3 v=1/1 flags=200 content_length=0
- off=106 error code=15 reason="Request has invalid `Transfer-Encoding`"
- ```
-
-+## POST with `chunked` and duplicate transfer-encoding
-+
-+<!-- meta={"type": "request", "noScan": true} -->
-+```http
-+POST /post_identity_body_world?q=search#hey HTTP/1.1
-+Accept: */*
-+Transfer-Encoding: chunked
-+Transfer-Encoding: deflate
-+
-+World
-+```
-+
-+```log
-+off=0 message begin
-+off=5 len=38 span[url]="/post_identity_body_world?q=search#hey"
-+off=44 url complete
-+off=54 len=6 span[header_field]="Accept"
-+off=61 header_field complete
-+off=62 len=3 span[header_value]="*/*"
-+off=67 header_value complete
-+off=67 len=17 span[header_field]="Transfer-Encoding"
-+off=85 header_field complete
-+off=86 len=7 span[header_value]="chunked"
-+off=95 header_value complete
-+off=95 len=17 span[header_field]="Transfer-Encoding"
-+off=113 header_field complete
-+off=114 len=7 span[header_value]="deflate"
-+off=123 header_value complete
-+off=125 headers complete method=3 v=1/1 flags=200 content_length=0
-+off=125 error code=15 reason="Request has invalid `Transfer-Encoding`"
-+```
-+
- ## POST with `chunked` before other transfer-coding (lenient)
-
- TODO(indutny): should we allow it even in lenient mode? (Consider disabling
--
2.39.1
J
J
jlicht wrote on 2 Mar 2023 23:53
[PATCH v4 15/16] gnu: node-lts: Update to 18.14.2.
(address . 59188@debbugs.gnu.org)(name . Hilton Chain)(address . hako@ultrarare.space)
b159f581f8130bbcd0768114b484b9a696a9f82e.1677797608.git.jlicht@fsfe.org
From: Hilton Chain <hako@ultrarare.space>

* gnu/packages/node.scm (node-lts): Update to 18.14.2.
[snippet]: Keep file deps/openssl/nodejs-openssl.cnf.
[arguments]<#:configure-flags>: Enable v8 snapshot compression.
<#:phases>: Adjust problematic tests to delete accordingly.
Patch additional file with hardcoded references to /bin/sh.
[native-inputs,inputs]: Replace openssl-1.1 with openssl.
---

(no changes since v1)

gnu/packages/node.scm | 40 ++++++++++++++++++++++++++++------------
1 file changed, 28 insertions(+), 12 deletions(-)

Toggle diff (113 lines)
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index de847490a3..ce05276180 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -11,6 +11,7 @@
;;; Copyright © 2021 Simon Tournier <zimon.toutoune@gmail.com>
;;; Copyright © 2021 Guillaume Le Vaillant <glv@posteo.net>
;;; Copyright © 2021, 2022 Philip McGrath <philip@philipmcgrath.com>
+;;; Copyright © 2022 Hilton Chain <hako@ultrarare.space>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -737,23 +738,28 @@ (define-public llhttp-bootstrap
(define-public node-lts
(package
(inherit node)
- (version "14.19.3")
+ (version "18.14.2")
(source (origin
(method url-fetch)
(uri (string-append "https://nodejs.org/dist/v" version
- "/node-v" version ".tar.xz"))
+ "/node-v" version ".tar.gz"))
(sha256
(base32
- "15691j5zhiikyamiwwd7f282g6d9acfhq91nrwx54xya38gmpx2w"))
+ "0ll2j4j46ygvs39aykxr7dvi7c4pm9f34rgyxc2dkvz3g6wfn2l5"))
(modules '((guix build utils)))
(snippet
`(begin
+ ;; openssl.cnf is required for build.
+ (for-each delete-file-recursively
+ (find-files "deps/openssl"
+ (lambda (file stat)
+ (if (string-contains file "nodejs-openssl.cnf")
+ #f #t))))
;; Remove bundled software, where possible
(for-each delete-file-recursively
'("deps/cares"
"deps/icu-small"
"deps/nghttp2"
- "deps/openssl"
"deps/zlib"))
(substitute* "Makefile"
;; Remove references to bundled software.
@@ -769,7 +775,9 @@ (define-public node-lts
"--shared-openssl"
"--shared-zlib"
"--shared-brotli"
- "--with-intl=system-icu"))
+ "--with-intl=system-icu"
+ ;;Needed for correct snapshot checksums
+ "--v8-enable-snapshot-compression"))
((#:phases phases)
`(modify-phases ,phases
(replace 'set-bootstrap-host-rpath
@@ -802,23 +810,31 @@ (define-public node-lts
libuv "/lib:"
zlib "/lib"
"'],"))))))
+ (add-after 'patch-hardcoded-program-references
+ 'patch-additional-hardcoded-program-references
+ (lambda* (#:key inputs #:allow-other-keys)
+ (substitute* "test/parallel/test-stdin-from-file-spawn.js"
+ (("'/bin/sh'") (string-append
+ "'" (search-input-file inputs "/bin/sh")
+ "'")))))
(replace 'delete-problematic-tests
(lambda* (#:key inputs #:allow-other-keys)
;; FIXME: These tests fail in the build container, but they don't
;; seem to be indicative of real problems in practice.
(for-each delete-file
- '("test/parallel/test-cluster-master-error.js"
- "test/parallel/test-cluster-master-kill.js"))
+ '("test/parallel/test-cluster-primary-error.js"
+ "test/parallel/test-cluster-primary-kill.js"))
;; These require a DNS resolver.
(for-each delete-file
'("test/parallel/test-dns.js"
- "test/parallel/test-dns-lookupService-promises.js"))
+ "test/parallel/test-dns-lookupService-promises.js"
+ "test/parallel/test-net-socket-connect-without-cb.js"
+ "test/parallel/test-tcp-wrap-listen.js"))
;; These tests require networking.
(for-each delete-file
- '("test/parallel/test-https-agent-unref-socket.js"
- "test/parallel/test-corepack-yarn-install.js"))
+ '("test/parallel/test-https-agent-unref-socket.js"))
;; This test is timing-sensitive, and fails sporadically on
;; slow, busy, or even very fast machines.
@@ -868,7 +884,7 @@ (define-public node-lts
icu4c-71
libuv-for-node
`(,nghttp2 "lib")
- openssl-1.1
+ openssl
zlib
;; Regular build-time dependencies.
perl
@@ -885,7 +901,7 @@ (define-public node-lts
llhttp-bootstrap
brotli
`(,nghttp2 "lib")
- openssl-1.1
+ openssl
python-wrapper ;; for node-gyp (supports python3)
zlib))))
--
2.39.1
J
J
jlicht wrote on 2 Mar 2023 23:53
[PATCH v4 16/16] gnu: libnode: Use node-lts as base.
(address . 59188@debbugs.gnu.org)
103fe522f447d27d977c9574330198901ceed2a0.1677797608.git.jlicht@fsfe.org
From: Hilton Chain <hako@ultrarare.space>

* gnu/packages/node.scm (libnode): Use node-lts as base.
* gnu/packages/cran.scm (r-v8)[arguments]<#:phases>: Adjusted accordingly.

---

(no changes since v1)

gnu/packages/cran.scm | 2 +-
gnu/packages/node.scm | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)

Toggle diff (32 lines)
diff --git a/gnu/packages/cran.scm b/gnu/packages/cran.scm
index 16314b33d7..d21a207f16 100644
--- a/gnu/packages/cran.scm
+++ b/gnu/packages/cran.scm
@@ -1304,7 +1304,7 @@ (define-public r-v8
(("^PKG_LIBS=.*")
(string-append "PKG_LIBS="
(assoc-ref inputs "libnode")
- "/lib/libnode.so.64\n")))
+ "/lib/libnode.so.108\n")))
(setenv "INCLUDE_DIR"
(string-append
(assoc-ref inputs "libnode")
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index ce05276180..7a2eb5f280 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -906,10 +906,10 @@ (define-public node-lts
zlib))))
(define-public libnode
- (package/inherit node
+ (package/inherit node-lts
(name "libnode")
(arguments
- (substitute-keyword-arguments (package-arguments node)
+ (substitute-keyword-arguments (package-arguments node-lts)
((#:configure-flags flags ''())
`(cons* "--shared" "--without-npm" ,flags))
((#:phases phases '%standard-phases)
--
2.39.1
J
J
jlicht wrote on 15 Mar 2023 01:55
[PATCH v5 01/17] build-system: node: Use `--install-links' with `npm install'.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
2dd7a048a9bedcd8f4f7550b7ad07556c3c65b74.1678841648.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

Later versions of npm need to explicitly install a copy of local dependencies,
instead of only a symlink.

* guix/build/node-build-system.scm (configure): Add `--install-links' to npm
install invocation.
(install): Ditto.
---

(no changes since v1)

guix/build/node-build-system.scm | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

Toggle diff (23 lines)
diff --git a/guix/build/node-build-system.scm b/guix/build/node-build-system.scm
index bee3792e93..93f7efbb2b 100644
--- a/guix/build/node-build-system.scm
+++ b/guix/build/node-build-system.scm
@@ -223,7 +223,7 @@ (define* (delete-lockfiles #:key inputs #:allow-other-keys)
(define* (configure #:key outputs inputs #:allow-other-keys)
(let ((npm (string-append (assoc-ref inputs "node") "/bin/npm")))
- (invoke npm "--offline" "--ignore-scripts" "install")
+ (invoke npm "--offline" "--ignore-scripts" "--install-links" "install")
#t))
(define* (build #:key inputs #:allow-other-keys)
@@ -262,6 +262,7 @@ (define* (install #:key outputs inputs #:allow-other-keys)
"--offline"
"--loglevel" "info"
"--production"
+ "--install-links"
"install" "../package.tgz")
#t))
--
2.39.2
J
J
jlicht wrote on 15 Mar 2023 01:55
[PATCH v5 02/17] gnu: node-acorn: Disable tests.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
b88d33cbdafd1a9e01f0dbba3f24f51acafbd180.1678841648.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-acorn): Explicitly disable tests.
---

(no changes since v1)

gnu/packages/node-xyz.scm | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

Toggle diff (16 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index 991113c05b..e89117beca 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -46,7 +46,8 @@ (define-public node-acorn
(base32 "068h5gysz8bbslq31dva8f223rdf8l7w6nxcxjnv4zdprwkzkhaa"))))
(build-system node-build-system)
(arguments
- '(#:phases
+ '(#:tests? #f
+ #:phases
(modify-phases %standard-phases
(add-after 'unpack 'change-directory
(lambda _
--
2.39.2
J
J
jlicht wrote on 15 Mar 2023 01:55
[PATCH v5 00/17] Updating node-lts to 18.X
(address . 59188@debbugs.gnu.org)
cover.1678841648.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>



Changes in v5:
- node build system needs an additional --install-links to work with newer npm.
- node-lts to 18.15.0

Hilton Chain (4):
gnu: libuv-for-node: Update to 1.44.2.
gnu: llhttp-bootstrap: Update to 6.0.10.
gnu: node-lts: Update to 18.15.0.
gnu: libnode: Use node-lts as base.

Jelle Licht (13):
build-system: node: Use `--install-links' with `npm install'.
gnu: node-acorn: Disable tests.
gnu: node-acorn: Remove lifecycle script.
gnu: node-acorn: Fix broken transpilation.
gnu: node-buffer-crc32: Ignore development dependencies.
gnu: node-crx3: Ignore development dependencies.
gnu: node-minimist: Ignore development dependencies.
gnu: node-pbf: Ignore development dependencies.
gnu: node-protocol-buffers-schema: Ignore development dependencies.
gnu: node-resolve-protobuf-schema: Ignore development dependencies.
gnu: node-ieee754: Ignore development dependencies.
gnu: node-yazl: Ignore development dependencies.
gnu: node-uglify-js: Update to 3.14.2.

gnu/local.mk | 1 -
gnu/packages/cran.scm | 2 +-
gnu/packages/libevent.scm | 4 +-
gnu/packages/node-xyz.scm | 110 +++++++++++++-----
gnu/packages/node.scm | 49 +++++---
.../llhttp-bootstrap-CVE-2020-8287.patch | 100 ----------------
gnu/packages/uglifyjs.scm | 4 +-
guix/build/node-build-system.scm | 3 +-
8 files changed, 123 insertions(+), 150 deletions(-)
delete mode 100644 gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch

--
2.39.2
J
J
jlicht wrote on 15 Mar 2023 01:55
[PATCH v5 03/17] gnu: node-acorn: Remove lifecycle script.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
7b787f51f28d3b1d131ed2b21c8a3330f3e1e213.1678841648.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-acorn)[arguments]<modules>: New argument.
<phases>: Patch out unused 'prepare' script that breaks dependents.
---

(no changes since v1)

gnu/packages/node-xyz.scm | 26 +++++++++++++++++++++++++-
1 file changed, 25 insertions(+), 1 deletion(-)

Toggle diff (43 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index e89117beca..e3d8c7ca19 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -47,11 +47,35 @@ (define-public node-acorn
(build-system node-build-system)
(arguments
'(#:tests? #f
+ #:modules
+ ((guix build node-build-system)
+ (srfi srfi-1)
+ (ice-9 match)
+ (guix build utils))
#:phases
(modify-phases %standard-phases
(add-after 'unpack 'change-directory
(lambda _
- (chdir "acorn"))))))
+ (chdir "acorn")))
+ (add-before 'configure 'avoid-prepare-scripts
+ (lambda _
+ ;; We need to remove the prepare script from "package.json", as
+ ;; it would try to use the build environment and would block the
+ ;; automatic building by other packages making use of node-acorn.
+ ;; TODO: Add utility function
+ (with-atomic-json-file-replacement "package.json"
+ (match-lambda
+ (('@ . pkg-meta-alist)
+ (cons '@ (map (match-lambda
+ (("scripts" @ . scripts-alist)
+ `("scripts" @ ,@(filter (match-lambda
+ (("prepare" . _)
+ #f)
+ (_
+ #t))
+ scripts-alist)))
+ (other other))
+ pkg-meta-alist))))))))))
(home-page "https://github.com/acornjs/acorn/tree/master/acorn")
(synopsis "Javascript-based Javascript parser")
(description "Acornjs is a Javascript parser with many options and an
--
2.39.2
J
J
jlicht wrote on 15 Mar 2023 01:55
[PATCH v5 04/17] gnu: node-acorn: Fix broken transpilation.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
ba9b722f0f98a5f24126835cd6f24e5ade75f8c8.1678841648.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-acorn)[native-inputs]: Add `esbuild'.
[arguments]<phases>: Replace build phase by custom `esbuild' invocations.
---

(no changes since v1)

gnu/packages/node-xyz.scm | 26 +++++++++++++++++++++++++-
1 file changed, 25 insertions(+), 1 deletion(-)

Toggle diff (46 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index e3d8c7ca19..d75ccc199a 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -5,6 +5,7 @@
;;; Copyright © 2021 Charles <charles.b.jackson@protonmail.com>
;;; Copyright © 2021 Philip McGrath <philip@philipmcgrath.com>
;;; Copyright © 2022 Nicolas Graves <ngraves@ngraves.fr>
+;;; Copyright © 2023 Jelle Licht <jlicht@fsfe.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -75,7 +76,30 @@ (define-public node-acorn
#t))
scripts-alist)))
(other other))
- pkg-meta-alist))))))))))
+ pkg-meta-alist)))))))
+ (replace 'build
+ (lambda* (#:key inputs native-inputs #:allow-other-keys)
+ (let ((esbuild (search-input-file (or native-inputs inputs)
+ "/bin/esbuild")))
+ (invoke esbuild
+ "src/index.js"
+ "--outfile=dist/acorn.js"
+ "--format=cjs"
+ "--bundle"
+ "--platform=node")
+ (invoke esbuild
+ "src/index.js"
+ "--outfile=dist/acorn.mjs"
+ "--format=esm"
+ "--bundle"
+ "--platform=node")
+ (invoke esbuild
+ "src/bin/acorn.js"
+ "--outfile=dist/bin.js"
+ "--format=cjs"
+ "--platform=node")))))))
+ (native-inputs
+ (list esbuild))
(home-page "https://github.com/acornjs/acorn/tree/master/acorn")
(synopsis "Javascript-based Javascript parser")
(description "Acornjs is a Javascript parser with many options and an
--
2.39.2
J
J
jlicht wrote on 15 Mar 2023 01:55
[PATCH v5 05/17] gnu: node-buffer-crc32: Ignore development dependencies.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
d5989f7193afd18d85804b0c907487024a07c15a.1678841648.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-acorn)[arguments]<phases>: Explicitly patch
out development dependencies. Re-enable configure phase.
---

(no changes since v1)

gnu/packages/node-xyz.scm | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)

Toggle diff (19 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index d75ccc199a..96901e7bf8 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -123,10 +123,9 @@ (define-public node-buffer-crc32
(arguments
'(#:tests? #f
#:phases (modify-phases %standard-phases
- (replace 'configure
+ (add-after 'patch-dependencies 'delete-dependencies
(lambda _
- (invoke "npm" "--offline" "--ignore-scripts" "install"
- "--production"))))))
+ (delete-dependencies '("tap")))))))
(home-page "https://github.com/brianloveswords/buffer-crc32")
(synopsis "CRC32 implementation in Javascript")
(description
--
2.39.2
J
J
jlicht wrote on 15 Mar 2023 01:55
[PATCH v5 06/17] gnu: node-crx3: Ignore development dependencies.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
5d4337fbddb4bed582ea05b7242037dc862b42d7.1678841648.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-crx3)[arguments]<phases>: Explicitly patch
out development dependencies. Re-enable configure phase.
---

(no changes since v1)

gnu/packages/node-xyz.scm | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)

Toggle diff (26 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index 96901e7bf8..00d93d3185 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -179,10 +179,16 @@ (define-public node-crx3
(substitute* "lib/configuration.js"
(("mri")
"minimist"))))
- (replace 'configure
+ (add-after 'patch-dependencies 'delete-dependencies
(lambda _
- (invoke "npm" "--offline" "--ignore-scripts" "install"
- "--production"))))))
+ (delete-dependencies '("c8"
+ "docdash"
+ "eslint"
+ "eslint-plugin-jsdoc"
+ "jsdoc"
+ "tap-diff"
+ "tape"
+ "tape-catch")))))))
(inputs (list node-minimist node-pbf node-yazl))
(home-page "https://github.com/ahwayakchih/crx3")
(synopsis "Create CRXv3 browser extensions with Javascript")
--
2.39.2
J
J
jlicht wrote on 15 Mar 2023 01:55
[PATCH v5 07/17] gnu: node-minimist: Ignore development dependencies.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
7294ba9742e4ab9bb56fdb6e5a76ca608d9f1482.1678841648.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-minimist)[arguments]<phases>: Explicitly
patch out development dependencies. Re-enable configure phase.
---

(no changes since v1)

gnu/packages/node-xyz.scm | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)

Toggle diff (19 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index 00d93d3185..847004501a 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -313,10 +313,9 @@ (define-public node-minimist
(arguments
'(#:tests? #f
#:phases (modify-phases %standard-phases
- (replace 'configure
+ (add-after 'patch-dependencies 'delete-dependencies
(lambda _
- (invoke "npm" "--offline" "--ignore-scripts" "install"
- "--production"))))))
+ (delete-dependencies '("covert" "tap" "tape")))))))
(home-page "https://github.com/substack/minimist")
(synopsis "Parse CLI arguments in Javascript")
(description "This package can scan for CLI flags and arguments in
--
2.39.2
J
J
jlicht wrote on 15 Mar 2023 01:55
[PATCH v5 08/17] gnu: node-pbf: Ignore development dependencies.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
b01839aef6dca2e64934d52749ed59a98ed07519.1678841648.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-pbf)[arguments]<phases>: Explicitly patch
out development dependencies. Re-enable configure phase.
---

(no changes since v1)

gnu/packages/node-xyz.scm | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)

Toggle diff (29 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index 847004501a..680be0ad3f 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -364,10 +364,19 @@ (define-public node-pbf
(arguments
'(#:tests? #f
#:phases (modify-phases %standard-phases
- (replace 'configure
+ (add-after 'patch-dependencies 'delete-dependencies
(lambda _
- (invoke "npm" "--offline" "--ignore-scripts" "install"
- "--production"))))))
+ (delete-dependencies
+ '("benchmark"
+ "browserify"
+ "eslint"
+ "eslint-config-mourner"
+ "mkdirp"
+ "protobufjs"
+ "protocol-buffers"
+ "tap"
+ "tile-stats-runner"
+ "uglify-js")))))))
(inputs (list node-ieee754 node-resolve-protobuf-schema))
(home-page "https://github.com/mapbox/pbf")
(synopsis "Decode and encode protocol buffers in Javascript")
--
2.39.2
J
J
jlicht wrote on 15 Mar 2023 01:55
[PATCH v5 09/17] gnu: node-protocol-buffers-schema: Ignore development dependencies.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
aaa994bda36b1622aef243127cab67fda7a9c82c.1678841648.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-protocol-buffers-schema)[arguments]<phases>:
Explicitly patch out development dependencies. Re-enable configure phase.
---

(no changes since v1)

gnu/packages/node-xyz.scm | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)

Toggle diff (19 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index 680be0ad3f..1b581cf3a7 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -405,10 +405,9 @@ (define-public node-protocol-buffers-schema
(arguments
'(#:tests? #f
#:phases (modify-phases %standard-phases
- (replace 'configure
+ (add-after 'patch-dependencies 'delete-dependencies
(lambda _
- (invoke "npm" "--offline" "--ignore-scripts" "install"
- "--production"))))))
+ (delete-dependencies '("standard" "tape")))))))
(home-page "https://github.com/mafintosh/protocol-buffers-schema")
(synopsis "Protocol buffers schema parser written in Javascript")
(description "This package provides a protocol buffers schema parser
--
2.39.2
J
J
jlicht wrote on 15 Mar 2023 01:55
[PATCH v5 10/17] gnu: node-resolve-protobuf-schema: Ignore development dependencies.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
08d5c6042852749a2493f8a6dd513788f70c87d5.1678841648.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-resolve-protobuf-schema)[arguments]<phases>:
Explicitly patch out development dependencies. Re-enable configure phase.
---

(no changes since v1)

gnu/packages/node-xyz.scm | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)

Toggle diff (19 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index 1b581cf3a7..cbf2665940 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -431,10 +431,9 @@ (define-public node-resolve-protobuf-schema
(arguments
'(#:tests? #f
#:phases (modify-phases %standard-phases
- (replace 'configure
+ (add-after 'patch-dependencies 'delete-dependencies
(lambda _
- (invoke "npm" "--offline" "--ignore-scripts" "install"
- "--production"))))))
+ (delete-dependencies '("standard" "tape")))))))
(inputs (list node-protocol-buffers-schema))
(home-page "https://github.com/mafintosh/resolve-protobuf-schema")
(synopsis "Resolve protobuf imports")
--
2.39.2
J
J
jlicht wrote on 15 Mar 2023 01:55
[PATCH v5 11/17] gnu: node-ieee754: Ignore development dependencies.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
bed045074879516f8f3b349c3d3cbca4774774a2.1678841648.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-ieee754)[arguments]<phases>: Explicitly
patch out development dependencies. Re-enable configure phase.
---

(no changes since v1)

gnu/packages/node-xyz.scm | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)

Toggle diff (19 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index cbf2665940..628fe41d28 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -623,10 +623,9 @@ (define-public node-ieee754
(arguments
'(#:tests? #f
#:phases (modify-phases %standard-phases
- (replace 'configure
+ (add-after 'patch-dependencies 'delete-dependencies
(lambda _
- (invoke "npm" "--offline" "--ignore-scripts" "install"
- "--production"))))))
+ (delete-dependencies '("airtap" "standard" "tape")))))))
(home-page "https://github.com/feross/ieee754")
(synopsis "Read/write IEEE754 floating point numbers in Javascript")
(description "This package can read and write IEEE754 floating point
--
2.39.2
J
J
jlicht wrote on 15 Mar 2023 01:55
[PATCH v5 12/17] gnu: node-yazl: Ignore development dependencies.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
3f28812361e8a0597491ec6a822dde6f92568095.1678841648.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-yazl)[arguments]<phases>: Explicitly patch
out development dependencies. Re-enable configure phase.
---

(no changes since v1)

gnu/packages/node-xyz.scm | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)

Toggle diff (19 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index 628fe41d28..b85507f52f 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -1588,10 +1588,9 @@ (define-public node-yazl
(arguments
'(#:tests? #f
#:phases (modify-phases %standard-phases
- (replace 'configure
+ (add-after 'patch-dependencies 'delete-dependencies
(lambda _
- (invoke "npm" "--offline" "--ignore-scripts" "install"
- "--production"))))))
+ (delete-dependencies '("airtap" "bl" "istanbul" "yauzl")))))))
(inputs (list node-buffer-crc32))
(home-page "https://github.com/thejoshwolfe/yazl")
(synopsis "Yet another zip library for node")
--
2.39.2
J
J
jlicht wrote on 15 Mar 2023 01:55
[PATCH v5 13/17] gnu: node-uglify-js: Update to 3.14.2.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
f39a04b384cff32eec5f9ac4957ef7cc223a2c44.1678841648.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/uglifyjs.scm (node-uglify-js): Update to 3.14.2.
---

(no changes since v1)

gnu/packages/uglifyjs.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (24 lines)
diff --git a/gnu/packages/uglifyjs.scm b/gnu/packages/uglifyjs.scm
index b65d52b8df..1bd8bb6326 100644
--- a/gnu/packages/uglifyjs.scm
+++ b/gnu/packages/uglifyjs.scm
@@ -25,7 +25,7 @@ (define-module (gnu packages uglifyjs)
(define-public node-uglify-js
(package
(name "node-uglify-js")
- (version "3.13.9")
+ (version "3.14.2")
(source
(origin
(method git-fetch)
@@ -34,7 +34,7 @@ (define-public node-uglify-js
(commit (string-append "v" version))))
(file-name (git-file-name name version))
(sha256
- (base32 "0q1f91xwwm829cl5v727d4qkxy4yh7wri3pgl89f0m3a4y1n7hi4"))))
+ (base32 "1jraqpwzga4vbgq3xcn08jcfc87pm6nik7vpxvxa4rfjvz70a6k7"))))
(build-system node-build-system)
(native-inputs
(list node-acorn node-semver))
--
2.39.2
J
J
jlicht wrote on 15 Mar 2023 01:55
[PATCH v5 14/17] gnu: libuv-for-node: Update to 1.44.2.
(address . 59188@debbugs.gnu.org)(name . Hilton Chain)(address . hako@ultrarare.space)
1e12df5385a31b658f770b13ab11441d3255d24b.1678841648.git.jlicht@fsfe.org
From: Hilton Chain <hako@ultrarare.space>

* gnu/packages/libevent.scm (libuv-for-node): Update to 1.44.2.
---

(no changes since v1)

gnu/packages/libevent.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (23 lines)
diff --git a/gnu/packages/libevent.scm b/gnu/packages/libevent.scm
index f9722e4469..fa1e76b347 100644
--- a/gnu/packages/libevent.scm
+++ b/gnu/packages/libevent.scm
@@ -147,14 +147,14 @@ (define-public libuv-for-node
(package
(inherit libuv)
(name "libuv")
- (version "1.42.0")
+ (version "1.44.2")
(source (origin
(method url-fetch)
(uri (string-append "https://dist.libuv.org/dist/v" version
"/libuv-v" version ".tar.gz"))
(sha256
(base32
- "0wpb9pz3r8nksnrf4zbixj2kk9whr7abi45ydrwyv2js2ljrc4j3"))))
+ "1d1wy1061cf2mfygr2j6jbm0da2mhsf0l9yq4rjkqrsmijbdrz6c"))))
(properties '((hidden? . #t)))))
(define-public libuv-julia
--
2.39.2
J
J
jlicht wrote on 15 Mar 2023 01:55
[PATCH v5 15/17] gnu: llhttp-bootstrap: Update to 6.0.10.
(address . 59188@debbugs.gnu.org)(name . Hilton Chain)(address . hako@ultrarare.space)
482953213a4ef8e7ec19d5c9e478ecd9c3dc31a1.1678841648.git.jlicht@fsfe.org
From: Hilton Chain <hako@ultrarare.space>

* gnu/packages/node.scm (llhttp-bootstrap): Update to 6.0.10.
* gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch: Remove file.
* gnu/local.mk: Remove it.
---

(no changes since v1)

gnu/local.mk | 1 -
gnu/packages/node.scm | 5 +-
.../llhttp-bootstrap-CVE-2020-8287.patch | 100 ------------------
3 files changed, 2 insertions(+), 104 deletions(-)
delete mode 100644 gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch

Toggle diff (143 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index 98ac6175ae..ee9949aff0 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1492,7 +1492,6 @@ dist_patch_DATA = \
%D%/packages/patches/linuxdcpp-openssl-1.1.patch \
%D%/packages/patches/lirc-localstatedir.patch \
%D%/packages/patches/lirc-reproducible-build.patch \
- %D%/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch \
%D%/packages/patches/llvm-3.5-fix-clang-build-with-gcc5.patch \
%D%/packages/patches/llvm-3.6-fix-build-with-gcc-10.patch \
%D%/packages/patches/llvm-3.x.1-fix-build-with-gcc.patch \
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index be39f3b25a..de847490a3 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -668,7 +668,7 @@ (define-public node-llparse-bootstrap
(define-public llhttp-bootstrap
(package
(name "llhttp")
- (version "2.1.4")
+ (version "6.0.10")
(source (origin
(method git-fetch)
(uri (git-reference
@@ -677,8 +677,7 @@ (define-public llhttp-bootstrap
(file-name (git-file-name name version))
(sha256
(base32
- "115mwyds9655p76lhglxg2blc1ksgrix6zhigaxnc2q6syy3pa6x"))
- (patches (search-patches "llhttp-bootstrap-CVE-2020-8287.patch"))
+ "0izwqa77y007xdi0bj3ccw821n19rz89mz4hx4lg99fwkwylr6x8"))
(modules '((guix build utils)))
(snippet
'(begin
diff --git a/gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch b/gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch
deleted file mode 100644
index 215c920e53..0000000000
--- a/gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch
+++ /dev/null
@@ -1,100 +0,0 @@
-This patch comes from upstream. It corresponds to a patch applied to
-the generated C source code for llhttp included in Node.js 14.16.0
-(see commit 641f786bb1a1f6eb1ff8750782ed939780f2b31a). That commit
-fixes CVE-2020-8287. With this patch, the output of our
-llhttp-bootstrap package matches the files included in Node.js 14.16.0
-exactly.
-
-commit e9b36ea64709c35ca66094d5cf3787f444029601
-Author: Fedor Indutny <fedor@indutny.com>
-Date: Sat Oct 10 19:56:01 2020 -0700
-
- http: unset `F_CHUNKED` on new `Transfer-Encoding`
-
- Duplicate `Transfer-Encoding` header should be a treated as a single,
- but with original header values concatenated with a comma separator. In
- the light of this, even if the past `Transfer-Encoding` ended with
- `chunked`, we should be not let the `F_CHUNKED` to leak into the next
- header, because mere presence of another header indicates that `chunked`
- is not the last transfer-encoding token.
-
-diff --git a/src/llhttp/http.ts b/src/llhttp/http.ts
-index f4f1a6e..0a0c365 100644
---- a/src/llhttp/http.ts
-+++ b/src/llhttp/http.ts
-@@ -460,11 +460,19 @@ export class HTTP {
- .match([ ' ', '\t' ], n('header_value_discard_ws'))
- .otherwise(checkContentLengthEmptiness);
-
-+ // Multiple `Transfer-Encoding` headers should be treated as one, but with
-+ // values separate by a comma.
-+ //
-+ // See: https://tools.ietf.org/html/rfc7230#section-3.2.2
-+ const toTransferEncoding = this.unsetFlag(
-+ FLAGS.CHUNKED,
-+ 'header_value_te_chunked');
-+
- n('header_value_start')
- .otherwise(this.load('header_state', {
- [HEADER_STATE.UPGRADE]: this.setFlag(FLAGS.UPGRADE, fallback),
- [HEADER_STATE.TRANSFER_ENCODING]: this.setFlag(
-- FLAGS.TRANSFER_ENCODING, 'header_value_te_chunked'),
-+ FLAGS.TRANSFER_ENCODING, toTransferEncoding),
- [HEADER_STATE.CONTENT_LENGTH]: n('header_value_content_length_once'),
- [HEADER_STATE.CONNECTION]: n('header_value_connection'),
- }, 'header_value'));
-@@ -847,6 +855,11 @@ export class HTTP {
- return span.start(span.end(this.node(next)));
- }
-
-+ private unsetFlag(flag: FLAGS, next: string | Node): Node {
-+ const p = this.llparse;
-+ return p.invoke(p.code.and('flags', ~flag), this.node(next));
-+ }
-+
- private setFlag(flag: FLAGS, next: string | Node): Node {
- const p = this.llparse;
- return p.invoke(p.code.or('flags', flag), this.node(next));
-diff --git a/test/request/transfer-encoding.md b/test/request/transfer-encoding.md
-index a7d1681..b0891d6 100644
---- a/test/request/transfer-encoding.md
-+++ b/test/request/transfer-encoding.md
-@@ -353,6 +353,38 @@ off=106 headers complete method=3 v=1/1 flags=200 content_length=0
- off=106 error code=15 reason="Request has invalid `Transfer-Encoding`"
- ```
-
-+## POST with `chunked` and duplicate transfer-encoding
-+
-+<!-- meta={"type": "request", "noScan": true} -->
-+```http
-+POST /post_identity_body_world?q=search#hey HTTP/1.1
-+Accept: */*
-+Transfer-Encoding: chunked
-+Transfer-Encoding: deflate
-+
-+World
-+```
-+
-+```log
-+off=0 message begin
-+off=5 len=38 span[url]="/post_identity_body_world?q=search#hey"
-+off=44 url complete
-+off=54 len=6 span[header_field]="Accept"
-+off=61 header_field complete
-+off=62 len=3 span[header_value]="*/*"
-+off=67 header_value complete
-+off=67 len=17 span[header_field]="Transfer-Encoding"
-+off=85 header_field complete
-+off=86 len=7 span[header_value]="chunked"
-+off=95 header_value complete
-+off=95 len=17 span[header_field]="Transfer-Encoding"
-+off=113 header_field complete
-+off=114 len=7 span[header_value]="deflate"
-+off=123 header_value complete
-+off=125 headers complete method=3 v=1/1 flags=200 content_length=0
-+off=125 error code=15 reason="Request has invalid `Transfer-Encoding`"
-+```
-+
- ## POST with `chunked` before other transfer-coding (lenient)
-
- TODO(indutny): should we allow it even in lenient mode? (Consider disabling
--
2.39.2
J
J
jlicht wrote on 15 Mar 2023 01:55
[PATCH v5 17/17] gnu: libnode: Use node-lts as base.
(address . 59188@debbugs.gnu.org)
36884b1255aa844a6e9ec7dfa8dc35c478c031d3.1678841648.git.jlicht@fsfe.org
From: Hilton Chain <hako@ultrarare.space>

* gnu/packages/node.scm (libnode): Use node-lts as base.
* gnu/packages/cran.scm (r-v8)[arguments]<#:phases>: Adjusted accordingly.

---

Changes in v5:
- node build system needs an additional --install-links to work with newer npm.
- node-lts to 18.15.0

gnu/packages/cran.scm | 2 +-
gnu/packages/node.scm | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)

Toggle diff (32 lines)
diff --git a/gnu/packages/cran.scm b/gnu/packages/cran.scm
index 803c4e0b6e..50c055690f 100644
--- a/gnu/packages/cran.scm
+++ b/gnu/packages/cran.scm
@@ -1304,7 +1304,7 @@ (define-public r-v8
(("^PKG_LIBS=.*")
(string-append "PKG_LIBS="
(assoc-ref inputs "libnode")
- "/lib/libnode.so.64\n")))
+ "/lib/libnode.so.108\n")))
(setenv "INCLUDE_DIR"
(string-append
(assoc-ref inputs "libnode")
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index f9f1c13e99..53eba8460a 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -906,10 +906,10 @@ (define-public node-lts
zlib))))
(define-public libnode
- (package/inherit node
+ (package/inherit node-lts
(name "libnode")
(arguments
- (substitute-keyword-arguments (package-arguments node)
+ (substitute-keyword-arguments (package-arguments node-lts)
((#:configure-flags flags ''())
`(cons* "--shared" "--without-npm" ,flags))
((#:phases phases '%standard-phases)
--
2.39.2
J
J
jlicht wrote on 15 Mar 2023 01:55
[PATCH v5 16/17] gnu: node-lts: Update to 18.15.0.
(address . 59188@debbugs.gnu.org)(name . Hilton Chain)(address . hako@ultrarare.space)
03ba6a80aaf999fc9e0e602ae730be84b390eca8.1678841648.git.jlicht@fsfe.org
From: Hilton Chain <hako@ultrarare.space>

* gnu/packages/node.scm (node-lts): Update to 18.15.0.
[snippet]: Keep file deps/openssl/nodejs-openssl.cnf.
[arguments]<#:configure-flags>: Enable v8 snapshot compression.
<#:phases>: Adjust problematic tests to delete accordingly.
Patch additional file with hardcoded references to /bin/sh.
[native-inputs,inputs]: Replace openssl-1.1 with openssl.
---

(no changes since v1)

gnu/packages/node.scm | 40 ++++++++++++++++++++++++++++------------
1 file changed, 28 insertions(+), 12 deletions(-)

Toggle diff (113 lines)
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index de847490a3..f9f1c13e99 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -11,6 +11,7 @@
;;; Copyright © 2021 Simon Tournier <zimon.toutoune@gmail.com>
;;; Copyright © 2021 Guillaume Le Vaillant <glv@posteo.net>
;;; Copyright © 2021, 2022 Philip McGrath <philip@philipmcgrath.com>
+;;; Copyright © 2022 Hilton Chain <hako@ultrarare.space>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -737,23 +738,28 @@ (define-public llhttp-bootstrap
(define-public node-lts
(package
(inherit node)
- (version "14.19.3")
+ (version "18.15.0")
(source (origin
(method url-fetch)
(uri (string-append "https://nodejs.org/dist/v" version
- "/node-v" version ".tar.xz"))
+ "/node-v" version ".tar.gz"))
(sha256
(base32
- "15691j5zhiikyamiwwd7f282g6d9acfhq91nrwx54xya38gmpx2w"))
+ "0axc4jl71wjjhwzpdc3xg607r32554d0h0lmvb65p0f8ycz4qp6n"))
(modules '((guix build utils)))
(snippet
`(begin
+ ;; openssl.cnf is required for build.
+ (for-each delete-file-recursively
+ (find-files "deps/openssl"
+ (lambda (file stat)
+ (if (string-contains file "nodejs-openssl.cnf")
+ #f #t))))
;; Remove bundled software, where possible
(for-each delete-file-recursively
'("deps/cares"
"deps/icu-small"
"deps/nghttp2"
- "deps/openssl"
"deps/zlib"))
(substitute* "Makefile"
;; Remove references to bundled software.
@@ -769,7 +775,9 @@ (define-public node-lts
"--shared-openssl"
"--shared-zlib"
"--shared-brotli"
- "--with-intl=system-icu"))
+ "--with-intl=system-icu"
+ ;;Needed for correct snapshot checksums
+ "--v8-enable-snapshot-compression"))
((#:phases phases)
`(modify-phases ,phases
(replace 'set-bootstrap-host-rpath
@@ -802,23 +810,31 @@ (define-public node-lts
libuv "/lib:"
zlib "/lib"
"'],"))))))
+ (add-after 'patch-hardcoded-program-references
+ 'patch-additional-hardcoded-program-references
+ (lambda* (#:key inputs #:allow-other-keys)
+ (substitute* "test/parallel/test-stdin-from-file-spawn.js"
+ (("'/bin/sh'") (string-append
+ "'" (search-input-file inputs "/bin/sh")
+ "'")))))
(replace 'delete-problematic-tests
(lambda* (#:key inputs #:allow-other-keys)
;; FIXME: These tests fail in the build container, but they don't
;; seem to be indicative of real problems in practice.
(for-each delete-file
- '("test/parallel/test-cluster-master-error.js"
- "test/parallel/test-cluster-master-kill.js"))
+ '("test/parallel/test-cluster-primary-error.js"
+ "test/parallel/test-cluster-primary-kill.js"))
;; These require a DNS resolver.
(for-each delete-file
'("test/parallel/test-dns.js"
- "test/parallel/test-dns-lookupService-promises.js"))
+ "test/parallel/test-dns-lookupService-promises.js"
+ "test/parallel/test-net-socket-connect-without-cb.js"
+ "test/parallel/test-tcp-wrap-listen.js"))
;; These tests require networking.
(for-each delete-file
- '("test/parallel/test-https-agent-unref-socket.js"
- "test/parallel/test-corepack-yarn-install.js"))
+ '("test/parallel/test-https-agent-unref-socket.js"))
;; This test is timing-sensitive, and fails sporadically on
;; slow, busy, or even very fast machines.
@@ -868,7 +884,7 @@ (define-public node-lts
icu4c-71
libuv-for-node
`(,nghttp2 "lib")
- openssl-1.1
+ openssl
zlib
;; Regular build-time dependencies.
perl
@@ -885,7 +901,7 @@ (define-public node-lts
llhttp-bootstrap
brotli
`(,nghttp2 "lib")
- openssl-1.1
+ openssl
python-wrapper ;; for node-gyp (supports python3)
zlib))))
--
2.39.2
J
J
jlicht wrote on 30 Mar 2023 14:31
[PATCH v6 00/19] Updating node-lts to 18.X
(address . 59188@debbugs.gnu.org)
cover.1680179491.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>



Changes in v6:
- Fix build of node-openzwave-shared
- Fix build of node-serialport
- Rebase on master

Hilton Chain (4):
gnu: libuv-for-node: Update to 1.44.2.
gnu: llhttp-bootstrap: Update to 6.0.10.
gnu: node-lts: Update to 18.15.0.
gnu: libnode: Use node-lts as base.

Jelle Licht (15):
build-system: node: Use `--install-links' with `npm install'.
gnu: node-acorn: Disable tests.
gnu: node-acorn: Remove lifecycle script.
gnu: node-acorn: Fix broken transpilation.
gnu: node-buffer-crc32: Ignore development dependencies.
gnu: node-crx3: Ignore development dependencies.
gnu: node-minimist: Ignore development dependencies.
gnu: node-pbf: Ignore development dependencies.
gnu: node-protocol-buffers-schema: Ignore development dependencies.
gnu: node-resolve-protobuf-schema: Ignore development dependencies.
gnu: node-ieee754: Ignore development dependencies.
gnu: node-yazl: Ignore development dependencies.
gnu: node-uglify-js: Update to 3.14.2.
gnu: node-serialport: Avoid gyp rebuilds.
gnu: node-openzwave-shared: Fix compilation for new versions of node

gnu/local.mk | 1 -
gnu/packages/cran.scm | 2 +-
gnu/packages/libevent.scm | 4 +-
gnu/packages/node-xyz.scm | 112 ++++++++++++++----
gnu/packages/node.scm | 49 +++++---
.../llhttp-bootstrap-CVE-2020-8287.patch | 100 ----------------
gnu/packages/uglifyjs.scm | 4 +-
gnu/packages/zwave.scm | 5 +
guix/build/node-build-system.scm | 3 +-
9 files changed, 130 insertions(+), 150 deletions(-)
delete mode 100644 gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch

--
2.39.2
J
J
jlicht wrote on 30 Mar 2023 14:31
[PATCH v6 01/19] build-system: node: Use `--install-links' with `npm install'.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
f79706bd0c78f8cd42681c88df6e71ef1124e786.1680179491.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

Later versions of npm need to explicitly install a copy of local dependencies,
instead of only a symlink.

* guix/build/node-build-system.scm (configure): Add `--install-links' to npm
install invocation.
(install): Ditto.
---

(no changes since v1)

guix/build/node-build-system.scm | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

Toggle diff (23 lines)
diff --git a/guix/build/node-build-system.scm b/guix/build/node-build-system.scm
index bee3792e93..93f7efbb2b 100644
--- a/guix/build/node-build-system.scm
+++ b/guix/build/node-build-system.scm
@@ -223,7 +223,7 @@ (define* (delete-lockfiles #:key inputs #:allow-other-keys)
(define* (configure #:key outputs inputs #:allow-other-keys)
(let ((npm (string-append (assoc-ref inputs "node") "/bin/npm")))
- (invoke npm "--offline" "--ignore-scripts" "install")
+ (invoke npm "--offline" "--ignore-scripts" "--install-links" "install")
#t))
(define* (build #:key inputs #:allow-other-keys)
@@ -262,6 +262,7 @@ (define* (install #:key outputs inputs #:allow-other-keys)
"--offline"
"--loglevel" "info"
"--production"
+ "--install-links"
"install" "../package.tgz")
#t))
--
2.39.2
J
J
jlicht wrote on 30 Mar 2023 14:31
[PATCH v6 02/19] gnu: node-acorn: Disable tests.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
5bddbd47fb2316635af0c1168ead55c790ee039c.1680179491.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-acorn): Explicitly disable tests.
---

(no changes since v1)

gnu/packages/node-xyz.scm | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

Toggle diff (16 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index 991113c05b..e89117beca 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -46,7 +46,8 @@ (define-public node-acorn
(base32 "068h5gysz8bbslq31dva8f223rdf8l7w6nxcxjnv4zdprwkzkhaa"))))
(build-system node-build-system)
(arguments
- '(#:phases
+ '(#:tests? #f
+ #:phases
(modify-phases %standard-phases
(add-after 'unpack 'change-directory
(lambda _
--
2.39.2
J
J
jlicht wrote on 30 Mar 2023 14:31
[PATCH v6 03/19] gnu: node-acorn: Remove lifecycle script.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
94d6260e7ee309d2075856f0c0340a91a087e58f.1680179491.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-acorn)[arguments]<modules>: New argument.
<phases>: Patch out unused 'prepare' script that breaks dependents.
---

(no changes since v1)

gnu/packages/node-xyz.scm | 26 +++++++++++++++++++++++++-
1 file changed, 25 insertions(+), 1 deletion(-)

Toggle diff (43 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index e89117beca..e3d8c7ca19 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -47,11 +47,35 @@ (define-public node-acorn
(build-system node-build-system)
(arguments
'(#:tests? #f
+ #:modules
+ ((guix build node-build-system)
+ (srfi srfi-1)
+ (ice-9 match)
+ (guix build utils))
#:phases
(modify-phases %standard-phases
(add-after 'unpack 'change-directory
(lambda _
- (chdir "acorn"))))))
+ (chdir "acorn")))
+ (add-before 'configure 'avoid-prepare-scripts
+ (lambda _
+ ;; We need to remove the prepare script from "package.json", as
+ ;; it would try to use the build environment and would block the
+ ;; automatic building by other packages making use of node-acorn.
+ ;; TODO: Add utility function
+ (with-atomic-json-file-replacement "package.json"
+ (match-lambda
+ (('@ . pkg-meta-alist)
+ (cons '@ (map (match-lambda
+ (("scripts" @ . scripts-alist)
+ `("scripts" @ ,@(filter (match-lambda
+ (("prepare" . _)
+ #f)
+ (_
+ #t))
+ scripts-alist)))
+ (other other))
+ pkg-meta-alist))))))))))
(home-page "https://github.com/acornjs/acorn/tree/master/acorn")
(synopsis "Javascript-based Javascript parser")
(description "Acornjs is a Javascript parser with many options and an
--
2.39.2
J
J
jlicht wrote on 30 Mar 2023 14:31
[PATCH v6 04/19] gnu: node-acorn: Fix broken transpilation.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
410d1669bcbdb03ebcf3deea90eb7746abac808a.1680179491.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-acorn)[native-inputs]: Add `esbuild'.
[arguments]<phases>: Replace build phase by custom `esbuild' invocations.
---

(no changes since v1)

gnu/packages/node-xyz.scm | 26 +++++++++++++++++++++++++-
1 file changed, 25 insertions(+), 1 deletion(-)

Toggle diff (46 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index e3d8c7ca19..d75ccc199a 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -5,6 +5,7 @@
;;; Copyright © 2021 Charles <charles.b.jackson@protonmail.com>
;;; Copyright © 2021 Philip McGrath <philip@philipmcgrath.com>
;;; Copyright © 2022 Nicolas Graves <ngraves@ngraves.fr>
+;;; Copyright © 2023 Jelle Licht <jlicht@fsfe.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -75,7 +76,30 @@ (define-public node-acorn
#t))
scripts-alist)))
(other other))
- pkg-meta-alist))))))))))
+ pkg-meta-alist)))))))
+ (replace 'build
+ (lambda* (#:key inputs native-inputs #:allow-other-keys)
+ (let ((esbuild (search-input-file (or native-inputs inputs)
+ "/bin/esbuild")))
+ (invoke esbuild
+ "src/index.js"
+ "--outfile=dist/acorn.js"
+ "--format=cjs"
+ "--bundle"
+ "--platform=node")
+ (invoke esbuild
+ "src/index.js"
+ "--outfile=dist/acorn.mjs"
+ "--format=esm"
+ "--bundle"
+ "--platform=node")
+ (invoke esbuild
+ "src/bin/acorn.js"
+ "--outfile=dist/bin.js"
+ "--format=cjs"
+ "--platform=node")))))))
+ (native-inputs
+ (list esbuild))
(home-page "https://github.com/acornjs/acorn/tree/master/acorn")
(synopsis "Javascript-based Javascript parser")
(description "Acornjs is a Javascript parser with many options and an
--
2.39.2
J
J
jlicht wrote on 30 Mar 2023 14:31
[PATCH v6 05/19] gnu: node-buffer-crc32: Ignore development dependencies.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
10166eb5e91d4fc34d630893b7e027b081f29643.1680179491.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-acorn)[arguments]<phases>: Explicitly patch
out development dependencies. Re-enable configure phase.
---

(no changes since v1)

gnu/packages/node-xyz.scm | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)

Toggle diff (19 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index d75ccc199a..96901e7bf8 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -123,10 +123,9 @@ (define-public node-buffer-crc32
(arguments
'(#:tests? #f
#:phases (modify-phases %standard-phases
- (replace 'configure
+ (add-after 'patch-dependencies 'delete-dependencies
(lambda _
- (invoke "npm" "--offline" "--ignore-scripts" "install"
- "--production"))))))
+ (delete-dependencies '("tap")))))))
(home-page "https://github.com/brianloveswords/buffer-crc32")
(synopsis "CRC32 implementation in Javascript")
(description
--
2.39.2
J
J
jlicht wrote on 30 Mar 2023 14:31
[PATCH v6 06/19] gnu: node-crx3: Ignore development dependencies.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
2a09f2f03f78fac06ff730ad53f5d839c9e25641.1680179491.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-crx3)[arguments]<phases>: Explicitly patch
out development dependencies. Re-enable configure phase.
---

(no changes since v1)

gnu/packages/node-xyz.scm | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)

Toggle diff (26 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index 96901e7bf8..00d93d3185 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -179,10 +179,16 @@ (define-public node-crx3
(substitute* "lib/configuration.js"
(("mri")
"minimist"))))
- (replace 'configure
+ (add-after 'patch-dependencies 'delete-dependencies
(lambda _
- (invoke "npm" "--offline" "--ignore-scripts" "install"
- "--production"))))))
+ (delete-dependencies '("c8"
+ "docdash"
+ "eslint"
+ "eslint-plugin-jsdoc"
+ "jsdoc"
+ "tap-diff"
+ "tape"
+ "tape-catch")))))))
(inputs (list node-minimist node-pbf node-yazl))
(home-page "https://github.com/ahwayakchih/crx3")
(synopsis "Create CRXv3 browser extensions with Javascript")
--
2.39.2
J
J
jlicht wrote on 30 Mar 2023 14:31
[PATCH v6 07/19] gnu: node-minimist: Ignore development dependencies.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
ba99861027d8f7112aac807b3f4bb5efbe3626ac.1680179491.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-minimist)[arguments]<phases>: Explicitly
patch out development dependencies. Re-enable configure phase.
---

(no changes since v1)

gnu/packages/node-xyz.scm | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)

Toggle diff (19 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index 00d93d3185..847004501a 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -313,10 +313,9 @@ (define-public node-minimist
(arguments
'(#:tests? #f
#:phases (modify-phases %standard-phases
- (replace 'configure
+ (add-after 'patch-dependencies 'delete-dependencies
(lambda _
- (invoke "npm" "--offline" "--ignore-scripts" "install"
- "--production"))))))
+ (delete-dependencies '("covert" "tap" "tape")))))))
(home-page "https://github.com/substack/minimist")
(synopsis "Parse CLI arguments in Javascript")
(description "This package can scan for CLI flags and arguments in
--
2.39.2
J
J
jlicht wrote on 30 Mar 2023 14:31
[PATCH v6 08/19] gnu: node-pbf: Ignore development dependencies.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
504f8de18883e3190cab70480958548be30d87cc.1680179491.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-pbf)[arguments]<phases>: Explicitly patch
out development dependencies. Re-enable configure phase.
---

(no changes since v1)

gnu/packages/node-xyz.scm | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)

Toggle diff (29 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index 847004501a..680be0ad3f 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -364,10 +364,19 @@ (define-public node-pbf
(arguments
'(#:tests? #f
#:phases (modify-phases %standard-phases
- (replace 'configure
+ (add-after 'patch-dependencies 'delete-dependencies
(lambda _
- (invoke "npm" "--offline" "--ignore-scripts" "install"
- "--production"))))))
+ (delete-dependencies
+ '("benchmark"
+ "browserify"
+ "eslint"
+ "eslint-config-mourner"
+ "mkdirp"
+ "protobufjs"
+ "protocol-buffers"
+ "tap"
+ "tile-stats-runner"
+ "uglify-js")))))))
(inputs (list node-ieee754 node-resolve-protobuf-schema))
(home-page "https://github.com/mapbox/pbf")
(synopsis "Decode and encode protocol buffers in Javascript")
--
2.39.2
J
J
jlicht wrote on 30 Mar 2023 14:31
[PATCH v6 09/19] gnu: node-protocol-buffers-schema: Ignore development dependencies.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
b459f146e25a15d92e49bd12cb7c67e4e6916ff6.1680179491.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-protocol-buffers-schema)[arguments]<phases>:
Explicitly patch out development dependencies. Re-enable configure phase.
---

(no changes since v1)

gnu/packages/node-xyz.scm | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)

Toggle diff (19 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index 680be0ad3f..1b581cf3a7 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -405,10 +405,9 @@ (define-public node-protocol-buffers-schema
(arguments
'(#:tests? #f
#:phases (modify-phases %standard-phases
- (replace 'configure
+ (add-after 'patch-dependencies 'delete-dependencies
(lambda _
- (invoke "npm" "--offline" "--ignore-scripts" "install"
- "--production"))))))
+ (delete-dependencies '("standard" "tape")))))))
(home-page "https://github.com/mafintosh/protocol-buffers-schema")
(synopsis "Protocol buffers schema parser written in Javascript")
(description "This package provides a protocol buffers schema parser
--
2.39.2
J
J
jlicht wrote on 30 Mar 2023 14:31
[PATCH v6 10/19] gnu: node-resolve-protobuf-schema: Ignore development dependencies.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
f861ad95d8f62fe5a23191e789fa68bf59d37420.1680179491.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-resolve-protobuf-schema)[arguments]<phases>:
Explicitly patch out development dependencies. Re-enable configure phase.
---

(no changes since v1)

gnu/packages/node-xyz.scm | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)

Toggle diff (19 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index 1b581cf3a7..cbf2665940 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -431,10 +431,9 @@ (define-public node-resolve-protobuf-schema
(arguments
'(#:tests? #f
#:phases (modify-phases %standard-phases
- (replace 'configure
+ (add-after 'patch-dependencies 'delete-dependencies
(lambda _
- (invoke "npm" "--offline" "--ignore-scripts" "install"
- "--production"))))))
+ (delete-dependencies '("standard" "tape")))))))
(inputs (list node-protocol-buffers-schema))
(home-page "https://github.com/mafintosh/resolve-protobuf-schema")
(synopsis "Resolve protobuf imports")
--
2.39.2
J
J
jlicht wrote on 30 Mar 2023 14:31
[PATCH v6 11/19] gnu: node-ieee754: Ignore development dependencies.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
11d24051612faa2117d5499d2d31000d286a5240.1680179491.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-ieee754)[arguments]<phases>: Explicitly
patch out development dependencies. Re-enable configure phase.
---

(no changes since v1)

gnu/packages/node-xyz.scm | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)

Toggle diff (19 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index cbf2665940..628fe41d28 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -623,10 +623,9 @@ (define-public node-ieee754
(arguments
'(#:tests? #f
#:phases (modify-phases %standard-phases
- (replace 'configure
+ (add-after 'patch-dependencies 'delete-dependencies
(lambda _
- (invoke "npm" "--offline" "--ignore-scripts" "install"
- "--production"))))))
+ (delete-dependencies '("airtap" "standard" "tape")))))))
(home-page "https://github.com/feross/ieee754")
(synopsis "Read/write IEEE754 floating point numbers in Javascript")
(description "This package can read and write IEEE754 floating point
--
2.39.2
J
J
jlicht wrote on 30 Mar 2023 14:31
[PATCH v6 12/19] gnu: node-yazl: Ignore development dependencies.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
bf22e60550e67c014aa0633526d52fd5631ce42a.1680179491.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-yazl)[arguments]<phases>: Explicitly patch
out development dependencies. Re-enable configure phase.
---

(no changes since v1)

gnu/packages/node-xyz.scm | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)

Toggle diff (19 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index 628fe41d28..b85507f52f 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -1588,10 +1588,9 @@ (define-public node-yazl
(arguments
'(#:tests? #f
#:phases (modify-phases %standard-phases
- (replace 'configure
+ (add-after 'patch-dependencies 'delete-dependencies
(lambda _
- (invoke "npm" "--offline" "--ignore-scripts" "install"
- "--production"))))))
+ (delete-dependencies '("airtap" "bl" "istanbul" "yauzl")))))))
(inputs (list node-buffer-crc32))
(home-page "https://github.com/thejoshwolfe/yazl")
(synopsis "Yet another zip library for node")
--
2.39.2
J
J
jlicht wrote on 30 Mar 2023 14:31
[PATCH v6 13/19] gnu: node-uglify-js: Update to 3.14.2.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
14caddea3c698bc80c6b6988e45178a0e8c4ed48.1680179491.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/uglifyjs.scm (node-uglify-js): Update to 3.14.2.
---

(no changes since v1)

gnu/packages/uglifyjs.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (24 lines)
diff --git a/gnu/packages/uglifyjs.scm b/gnu/packages/uglifyjs.scm
index b65d52b8df..1bd8bb6326 100644
--- a/gnu/packages/uglifyjs.scm
+++ b/gnu/packages/uglifyjs.scm
@@ -25,7 +25,7 @@ (define-module (gnu packages uglifyjs)
(define-public node-uglify-js
(package
(name "node-uglify-js")
- (version "3.13.9")
+ (version "3.14.2")
(source
(origin
(method git-fetch)
@@ -34,7 +34,7 @@ (define-public node-uglify-js
(commit (string-append "v" version))))
(file-name (git-file-name name version))
(sha256
- (base32 "0q1f91xwwm829cl5v727d4qkxy4yh7wri3pgl89f0m3a4y1n7hi4"))))
+ (base32 "1jraqpwzga4vbgq3xcn08jcfc87pm6nik7vpxvxa4rfjvz70a6k7"))))
(build-system node-build-system)
(native-inputs
(list node-acorn node-semver))
--
2.39.2
J
J
jlicht wrote on 30 Mar 2023 14:31
[PATCH v6 14/19] gnu: node-serialport: Avoid gyp rebuilds.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
9ce58937417bd3c79ae6efb776f646c9fee6bfc5.1680179491.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-serialport)[arguments]<phases>: Explicitly
disable gyp recompilation.
---

(no changes since v1)

gnu/packages/node-xyz.scm | 2 ++
1 file changed, 2 insertions(+)

Toggle diff (15 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index b85507f52f..a9784dbf7a 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -1384,6 +1384,8 @@ (define-public node-serialport-bindings
(_
#t))
scripts-alist)))
+ (("gypfile" . _)
+ '("gypfile" . #f))
(other
other))
pkg-meta-alist))))))))
--
2.39.2
J
J
jlicht wrote on 30 Mar 2023 14:31
[PATCH v6 15/19] gnu: node-openzwave-shared: Fix compilation for new versions of node
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
82279693ec0ec7bc5311c82bf85e872919527b4e.1680179491.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/zwave.scm (node-openzwave-shared)[arguments]<#:phases>: Add
patch-compiler phase to allow compilation with node versions 16 and up.
---

(no changes since v1)

gnu/packages/zwave.scm | 5 +++++
1 file changed, 5 insertions(+)

Toggle diff (18 lines)
diff --git a/gnu/packages/zwave.scm b/gnu/packages/zwave.scm
index 3e99bd7687..a30199ec02 100644
--- a/gnu/packages/zwave.scm
+++ b/gnu/packages/zwave.scm
@@ -112,6 +112,11 @@ (define-public node-openzwave-shared
(arguments
`(#:phases
(modify-phases %standard-phases
+ (add-before 'build 'patch-compiler
+ (lambda _
+ (substitute* "binding.gyp"
+ (("std=c\\+\\+11")
+ "std=c++17"))))
(replace 'build
;; For some reason, `npm install` doesn't build
;; the addon automatically, so we do it explicitly here.
--
2.39.2
J
J
jlicht wrote on 30 Mar 2023 14:31
[PATCH v6 16/19] gnu: libuv-for-node: Update to 1.44.2.
(address . 59188@debbugs.gnu.org)(name . Hilton Chain)(address . hako@ultrarare.space)
7b1259164e03677c59763e7694e183821bd449e2.1680179491.git.jlicht@fsfe.org
From: Hilton Chain <hako@ultrarare.space>

* gnu/packages/libevent.scm (libuv-for-node): Update to 1.44.2.
---

(no changes since v1)

gnu/packages/libevent.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (23 lines)
diff --git a/gnu/packages/libevent.scm b/gnu/packages/libevent.scm
index 02b2795194..441c8a401c 100644
--- a/gnu/packages/libevent.scm
+++ b/gnu/packages/libevent.scm
@@ -148,14 +148,14 @@ (define-public libuv-for-node
(package
(inherit libuv)
(name "libuv")
- (version "1.42.0")
+ (version "1.44.2")
(source (origin
(method url-fetch)
(uri (string-append "https://dist.libuv.org/dist/v" version
"/libuv-v" version ".tar.gz"))
(sha256
(base32
- "0wpb9pz3r8nksnrf4zbixj2kk9whr7abi45ydrwyv2js2ljrc4j3"))))
+ "1d1wy1061cf2mfygr2j6jbm0da2mhsf0l9yq4rjkqrsmijbdrz6c"))))
(properties '((hidden? . #t)))))
(define-public libuv-for-r-httpuv
--
2.39.2
J
J
jlicht wrote on 30 Mar 2023 14:31
[PATCH v6 17/19] gnu: llhttp-bootstrap: Update to 6.0.10.
(address . 59188@debbugs.gnu.org)(name . Hilton Chain)(address . hako@ultrarare.space)
b6703dd58ef205b08661b134049fa51e1888e586.1680179491.git.jlicht@fsfe.org
From: Hilton Chain <hako@ultrarare.space>

* gnu/packages/node.scm (llhttp-bootstrap): Update to 6.0.10.
* gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch: Remove file.
* gnu/local.mk: Remove it.
---

(no changes since v1)

gnu/local.mk | 1 -
gnu/packages/node.scm | 5 +-
.../llhttp-bootstrap-CVE-2020-8287.patch | 100 ------------------
3 files changed, 2 insertions(+), 104 deletions(-)
delete mode 100644 gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch

Toggle diff (143 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index aee0b8a645..7deb8d8cd7 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1498,7 +1498,6 @@ dist_patch_DATA = \
%D%/packages/patches/linuxdcpp-openssl-1.1.patch \
%D%/packages/patches/lirc-localstatedir.patch \
%D%/packages/patches/lirc-reproducible-build.patch \
- %D%/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch \
%D%/packages/patches/llvm-3.5-fix-clang-build-with-gcc5.patch \
%D%/packages/patches/llvm-3.6-fix-build-with-gcc-10.patch \
%D%/packages/patches/llvm-3.x.1-fix-build-with-gcc.patch \
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index 6137ed1dd3..f613844a13 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -668,7 +668,7 @@ (define-public node-llparse-bootstrap
(define-public llhttp-bootstrap
(package
(name "llhttp")
- (version "2.1.4")
+ (version "6.0.10")
(source (origin
(method git-fetch)
(uri (git-reference
@@ -677,8 +677,7 @@ (define-public llhttp-bootstrap
(file-name (git-file-name name version))
(sha256
(base32
- "115mwyds9655p76lhglxg2blc1ksgrix6zhigaxnc2q6syy3pa6x"))
- (patches (search-patches "llhttp-bootstrap-CVE-2020-8287.patch"))
+ "0izwqa77y007xdi0bj3ccw821n19rz89mz4hx4lg99fwkwylr6x8"))
(modules '((guix build utils)))
(snippet
'(begin
diff --git a/gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch b/gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch
deleted file mode 100644
index 215c920e53..0000000000
--- a/gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch
+++ /dev/null
@@ -1,100 +0,0 @@
-This patch comes from upstream. It corresponds to a patch applied to
-the generated C source code for llhttp included in Node.js 14.16.0
-(see commit 641f786bb1a1f6eb1ff8750782ed939780f2b31a). That commit
-fixes CVE-2020-8287. With this patch, the output of our
-llhttp-bootstrap package matches the files included in Node.js 14.16.0
-exactly.
-
-commit e9b36ea64709c35ca66094d5cf3787f444029601
-Author: Fedor Indutny <fedor@indutny.com>
-Date: Sat Oct 10 19:56:01 2020 -0700
-
- http: unset `F_CHUNKED` on new `Transfer-Encoding`
-
- Duplicate `Transfer-Encoding` header should be a treated as a single,
- but with original header values concatenated with a comma separator. In
- the light of this, even if the past `Transfer-Encoding` ended with
- `chunked`, we should be not let the `F_CHUNKED` to leak into the next
- header, because mere presence of another header indicates that `chunked`
- is not the last transfer-encoding token.
-
-diff --git a/src/llhttp/http.ts b/src/llhttp/http.ts
-index f4f1a6e..0a0c365 100644
---- a/src/llhttp/http.ts
-+++ b/src/llhttp/http.ts
-@@ -460,11 +460,19 @@ export class HTTP {
- .match([ ' ', '\t' ], n('header_value_discard_ws'))
- .otherwise(checkContentLengthEmptiness);
-
-+ // Multiple `Transfer-Encoding` headers should be treated as one, but with
-+ // values separate by a comma.
-+ //
-+ // See: https://tools.ietf.org/html/rfc7230#section-3.2.2
-+ const toTransferEncoding = this.unsetFlag(
-+ FLAGS.CHUNKED,
-+ 'header_value_te_chunked');
-+
- n('header_value_start')
- .otherwise(this.load('header_state', {
- [HEADER_STATE.UPGRADE]: this.setFlag(FLAGS.UPGRADE, fallback),
- [HEADER_STATE.TRANSFER_ENCODING]: this.setFlag(
-- FLAGS.TRANSFER_ENCODING, 'header_value_te_chunked'),
-+ FLAGS.TRANSFER_ENCODING, toTransferEncoding),
- [HEADER_STATE.CONTENT_LENGTH]: n('header_value_content_length_once'),
- [HEADER_STATE.CONNECTION]: n('header_value_connection'),
- }, 'header_value'));
-@@ -847,6 +855,11 @@ export class HTTP {
- return span.start(span.end(this.node(next)));
- }
-
-+ private unsetFlag(flag: FLAGS, next: string | Node): Node {
-+ const p = this.llparse;
-+ return p.invoke(p.code.and('flags', ~flag), this.node(next));
-+ }
-+
- private setFlag(flag: FLAGS, next: string | Node): Node {
- const p = this.llparse;
- return p.invoke(p.code.or('flags', flag), this.node(next));
-diff --git a/test/request/transfer-encoding.md b/test/request/transfer-encoding.md
-index a7d1681..b0891d6 100644
---- a/test/request/transfer-encoding.md
-+++ b/test/request/transfer-encoding.md
-@@ -353,6 +353,38 @@ off=106 headers complete method=3 v=1/1 flags=200 content_length=0
- off=106 error code=15 reason="Request has invalid `Transfer-Encoding`"
- ```
-
-+## POST with `chunked` and duplicate transfer-encoding
-+
-+<!-- meta={"type": "request", "noScan": true} -->
-+```http
-+POST /post_identity_body_world?q=search#hey HTTP/1.1
-+Accept: */*
-+Transfer-Encoding: chunked
-+Transfer-Encoding: deflate
-+
-+World
-+```
-+
-+```log
-+off=0 message begin
-+off=5 len=38 span[url]="/post_identity_body_world?q=search#hey"
-+off=44 url complete
-+off=54 len=6 span[header_field]="Accept"
-+off=61 header_field complete
-+off=62 len=3 span[header_value]="*/*"
-+off=67 header_value complete
-+off=67 len=17 span[header_field]="Transfer-Encoding"
-+off=85 header_field complete
-+off=86 len=7 span[header_value]="chunked"
-+off=95 header_value complete
-+off=95 len=17 span[header_field]="Transfer-Encoding"
-+off=113 header_field complete
-+off=114 len=7 span[header_value]="deflate"
-+off=123 header_value complete
-+off=125 headers complete method=3 v=1/1 flags=200 content_length=0
-+off=125 error code=15 reason="Request has invalid `Transfer-Encoding`"
-+```
-+
- ## POST with `chunked` before other transfer-coding (lenient)
-
- TODO(indutny): should we allow it even in lenient mode? (Consider disabling
--
2.39.2
J
J
jlicht wrote on 30 Mar 2023 14:31
[PATCH v6 18/19] gnu: node-lts: Update to 18.15.0.
(address . 59188@debbugs.gnu.org)(name . Hilton Chain)(address . hako@ultrarare.space)
5a889a04e8cf03299ee4f43d9cf1718a98e334a5.1680179491.git.jlicht@fsfe.org
From: Hilton Chain <hako@ultrarare.space>

* gnu/packages/node.scm (node-lts): Update to 18.15.0.
[snippet]: Keep file deps/openssl/nodejs-openssl.cnf.
[arguments]<#:configure-flags>: Enable v8 snapshot compression.
<#:phases>: Adjust problematic tests to delete accordingly.
Patch additional file with hardcoded references to /bin/sh.
[native-inputs,inputs]: Replace openssl-1.1 with openssl.
---

(no changes since v1)

gnu/packages/node.scm | 40 ++++++++++++++++++++++++++++------------
1 file changed, 28 insertions(+), 12 deletions(-)

Toggle diff (113 lines)
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index f613844a13..a9c4f463c8 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -11,6 +11,7 @@
;;; Copyright © 2021 Simon Tournier <zimon.toutoune@gmail.com>
;;; Copyright © 2021 Guillaume Le Vaillant <glv@posteo.net>
;;; Copyright © 2021, 2022 Philip McGrath <philip@philipmcgrath.com>
+;;; Copyright © 2022 Hilton Chain <hako@ultrarare.space>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -737,23 +738,28 @@ (define-public llhttp-bootstrap
(define-public node-lts
(package
(inherit node)
- (version "14.19.3")
+ (version "18.15.0")
(source (origin
(method url-fetch)
(uri (string-append "https://nodejs.org/dist/v" version
- "/node-v" version ".tar.xz"))
+ "/node-v" version ".tar.gz"))
(sha256
(base32
- "15691j5zhiikyamiwwd7f282g6d9acfhq91nrwx54xya38gmpx2w"))
+ "0axc4jl71wjjhwzpdc3xg607r32554d0h0lmvb65p0f8ycz4qp6n"))
(modules '((guix build utils)))
(snippet
`(begin
+ ;; openssl.cnf is required for build.
+ (for-each delete-file-recursively
+ (find-files "deps/openssl"
+ (lambda (file stat)
+ (if (string-contains file "nodejs-openssl.cnf")
+ #f #t))))
;; Remove bundled software, where possible
(for-each delete-file-recursively
'("deps/cares"
"deps/icu-small"
"deps/nghttp2"
- "deps/openssl"
"deps/zlib"))
(substitute* "Makefile"
;; Remove references to bundled software.
@@ -769,7 +775,9 @@ (define-public node-lts
"--shared-openssl"
"--shared-zlib"
"--shared-brotli"
- "--with-intl=system-icu"))
+ "--with-intl=system-icu"
+ ;;Needed for correct snapshot checksums
+ "--v8-enable-snapshot-compression"))
((#:phases phases)
`(modify-phases ,phases
(replace 'set-bootstrap-host-rpath
@@ -802,23 +810,31 @@ (define-public node-lts
libuv "/lib:"
zlib "/lib"
"'],"))))))
+ (add-after 'patch-hardcoded-program-references
+ 'patch-additional-hardcoded-program-references
+ (lambda* (#:key inputs #:allow-other-keys)
+ (substitute* "test/parallel/test-stdin-from-file-spawn.js"
+ (("'/bin/sh'") (string-append
+ "'" (search-input-file inputs "/bin/sh")
+ "'")))))
(replace 'delete-problematic-tests
(lambda* (#:key inputs #:allow-other-keys)
;; FIXME: These tests fail in the build container, but they don't
;; seem to be indicative of real problems in practice.
(for-each delete-file
- '("test/parallel/test-cluster-master-error.js"
- "test/parallel/test-cluster-master-kill.js"))
+ '("test/parallel/test-cluster-primary-error.js"
+ "test/parallel/test-cluster-primary-kill.js"))
;; These require a DNS resolver.
(for-each delete-file
'("test/parallel/test-dns.js"
- "test/parallel/test-dns-lookupService-promises.js"))
+ "test/parallel/test-dns-lookupService-promises.js"
+ "test/parallel/test-net-socket-connect-without-cb.js"
+ "test/parallel/test-tcp-wrap-listen.js"))
;; These tests require networking.
(for-each delete-file
- '("test/parallel/test-https-agent-unref-socket.js"
- "test/parallel/test-corepack-yarn-install.js"))
+ '("test/parallel/test-https-agent-unref-socket.js"))
;; This test is timing-sensitive, and fails sporadically on
;; slow, busy, or even very fast machines.
@@ -868,7 +884,7 @@ (define-public node-lts
icu4c-71
libuv-for-node
`(,nghttp2 "lib")
- openssl-1.1
+ openssl
zlib
;; Regular build-time dependencies.
perl
@@ -885,7 +901,7 @@ (define-public node-lts
llhttp-bootstrap
brotli
`(,nghttp2 "lib")
- openssl-1.1
+ openssl
zlib))))
(define-public libnode
--
2.39.2
J
J
jlicht wrote on 30 Mar 2023 14:31
[PATCH v6 19/19] gnu: libnode: Use node-lts as base.
(address . 59188@debbugs.gnu.org)
6ebc7c7ef6f1093d0bbeaf7257fc9683be0f9529.1680179491.git.jlicht@fsfe.org
From: Hilton Chain <hako@ultrarare.space>

* gnu/packages/node.scm (libnode): Use node-lts as base.
* gnu/packages/cran.scm (r-v8)[arguments]<#:phases>: Adjusted accordingly.

---

Changes in v6:
- Fix build of node-openzwave-shared
- Fix build of node-serialport
- Rebase on master

gnu/packages/cran.scm | 2 +-
gnu/packages/node.scm | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)

Toggle diff (32 lines)
diff --git a/gnu/packages/cran.scm b/gnu/packages/cran.scm
index c1786b7848..60336a5246 100644
--- a/gnu/packages/cran.scm
+++ b/gnu/packages/cran.scm
@@ -1334,7 +1334,7 @@ (define-public r-v8
(("^PKG_LIBS=.*")
(string-append "PKG_LIBS="
(assoc-ref inputs "libnode")
- "/lib/libnode.so.64\n")))
+ "/lib/libnode.so.108\n")))
(setenv "INCLUDE_DIR"
(string-append
(assoc-ref inputs "libnode")
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index a9c4f463c8..399c5ff794 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -905,10 +905,10 @@ (define-public node-lts
zlib))))
(define-public libnode
- (package/inherit node
+ (package/inherit node-lts
(name "libnode")
(arguments
- (substitute-keyword-arguments (package-arguments node)
+ (substitute-keyword-arguments (package-arguments node-lts)
((#:configure-flags flags ''())
`(cons* "--shared" "--without-npm" ,flags))
((#:phases phases '%standard-phases)
--
2.39.2
L
L
Leo Famulari wrote on 13 Apr 2023 17:55
Re: [bug#59188] [PATCH v6 00/19] Updating node-lts to 18.X
(address . jlicht@fsfe.org)
ZDgl8SR9kt+aAQTQ@jasmine.lan
On Thu, Mar 30, 2023 at 02:31:31PM +0200, jlicht@fsfe.org wrote:
Toggle quote (6 lines)
> From: Jelle Licht <jlicht@fsfe.org>
> Changes in v6:
> - Fix build of node-openzwave-shared
> - Fix build of node-serialport
> - Rebase on master

Thanks! I think that if the patches are working for you and there are no
outstanding problems, you should feel free to push.
J
J
jlicht wrote on 17 Apr 2023 16:51
[PATCH v7 01/20] build-system: node: Use `--install-links' with `npm install'.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
f88120890ab300a10b05be447e04e8cc21173f83.1681742871.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

Later versions of npm need to explicitly install a copy of local dependencies,
instead of only a symlink.

* guix/build/node-build-system.scm (configure): Add `--install-links' to npm
install invocation.
(install): Ditto.
---

(no changes since v1)

guix/build/node-build-system.scm | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

Toggle diff (23 lines)
diff --git a/guix/build/node-build-system.scm b/guix/build/node-build-system.scm
index bee3792e93..93f7efbb2b 100644
--- a/guix/build/node-build-system.scm
+++ b/guix/build/node-build-system.scm
@@ -223,7 +223,7 @@ (define* (delete-lockfiles #:key inputs #:allow-other-keys)
(define* (configure #:key outputs inputs #:allow-other-keys)
(let ((npm (string-append (assoc-ref inputs "node") "/bin/npm")))
- (invoke npm "--offline" "--ignore-scripts" "install")
+ (invoke npm "--offline" "--ignore-scripts" "--install-links" "install")
#t))
(define* (build #:key inputs #:allow-other-keys)
@@ -262,6 +262,7 @@ (define* (install #:key outputs inputs #:allow-other-keys)
"--offline"
"--loglevel" "info"
"--production"
+ "--install-links"
"install" "../package.tgz")
#t))
--
2.39.2
J
J
jlicht wrote on 17 Apr 2023 16:51
[PATCH v7 02/20] gnu: node-acorn: Disable tests.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
6446eca1e6899e3773c64c5ba1e0d9f9e4120c0d.1681742871.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-acorn): Explicitly disable tests.
---

(no changes since v1)

gnu/packages/node-xyz.scm | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

Toggle diff (16 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index 991113c05b..e89117beca 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -46,7 +46,8 @@ (define-public node-acorn
(base32 "068h5gysz8bbslq31dva8f223rdf8l7w6nxcxjnv4zdprwkzkhaa"))))
(build-system node-build-system)
(arguments
- '(#:phases
+ '(#:tests? #f
+ #:phases
(modify-phases %standard-phases
(add-after 'unpack 'change-directory
(lambda _
--
2.39.2
J
J
jlicht wrote on 17 Apr 2023 16:51
[PATCH v7 03/20] gnu: node-acorn: Remove lifecycle script.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
00e6ff270ed168911261ff7718e36d73ee000e6a.1681742871.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-acorn)[arguments]<modules>: New argument.
<phases>: Patch out unused 'prepare' script that breaks dependents.
---

(no changes since v1)

gnu/packages/node-xyz.scm | 26 +++++++++++++++++++++++++-
1 file changed, 25 insertions(+), 1 deletion(-)

Toggle diff (43 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index e89117beca..e3d8c7ca19 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -47,11 +47,35 @@ (define-public node-acorn
(build-system node-build-system)
(arguments
'(#:tests? #f
+ #:modules
+ ((guix build node-build-system)
+ (srfi srfi-1)
+ (ice-9 match)
+ (guix build utils))
#:phases
(modify-phases %standard-phases
(add-after 'unpack 'change-directory
(lambda _
- (chdir "acorn"))))))
+ (chdir "acorn")))
+ (add-before 'configure 'avoid-prepare-scripts
+ (lambda _
+ ;; We need to remove the prepare script from "package.json", as
+ ;; it would try to use the build environment and would block the
+ ;; automatic building by other packages making use of node-acorn.
+ ;; TODO: Add utility function
+ (with-atomic-json-file-replacement "package.json"
+ (match-lambda
+ (('@ . pkg-meta-alist)
+ (cons '@ (map (match-lambda
+ (("scripts" @ . scripts-alist)
+ `("scripts" @ ,@(filter (match-lambda
+ (("prepare" . _)
+ #f)
+ (_
+ #t))
+ scripts-alist)))
+ (other other))
+ pkg-meta-alist))))))))))
(home-page "https://github.com/acornjs/acorn/tree/master/acorn")
(synopsis "Javascript-based Javascript parser")
(description "Acornjs is a Javascript parser with many options and an
--
2.39.2
J
J
jlicht wrote on 17 Apr 2023 16:51
[PATCH v7 00/20] Updating node-lts to 18.X
(address . 59188@debbugs.gnu.org)
cover.1681742871.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

Node-based things are broken on armhf, but that has been the case for a good
while already. If nobody objects, I'm planning to push this to master after a
'green light' (modulo armhf results) from the QA service, somewhere in the
coming days.

Changes in v7:
- Build emacs-nodejs-repl with node-lts
- Rebase on master
- Update node-lts to 18.16.0

Hilton Chain (4):
gnu: libuv-for-node: Update to 1.44.2.
gnu: llhttp-bootstrap: Update to 6.0.10.
gnu: node-lts: Update to 18.16.0.
gnu: libnode: Use node-lts as base.

Jelle Licht (16):
build-system: node: Use `--install-links' with `npm install'.
gnu: node-acorn: Disable tests.
gnu: node-acorn: Remove lifecycle script.
gnu: node-acorn: Fix broken transpilation.
gnu: node-buffer-crc32: Ignore development dependencies.
gnu: node-crx3: Ignore development dependencies.
gnu: node-minimist: Ignore development dependencies.
gnu: node-pbf: Ignore development dependencies.
gnu: node-protocol-buffers-schema: Ignore development dependencies.
gnu: node-resolve-protobuf-schema: Ignore development dependencies.
gnu: node-ieee754: Ignore development dependencies.
gnu: node-yazl: Ignore development dependencies.
gnu: node-uglify-js: Update to 3.14.2.
gnu: node-serialport: Avoid gyp rebuilds.
gnu: node-openzwave-shared: Fix compilation for new versions of node
gnu: emacs-nodejs-repl: Build with node-lts.

gnu/local.mk | 1 -
gnu/packages/cran.scm | 2 +-
gnu/packages/emacs-xyz.scm | 2 +-
gnu/packages/libevent.scm | 4 +-
gnu/packages/node-xyz.scm | 112 ++++++++++++++----
gnu/packages/node.scm | 49 +++++---
.../llhttp-bootstrap-CVE-2020-8287.patch | 100 ----------------
gnu/packages/uglifyjs.scm | 4 +-
gnu/packages/zwave.scm | 5 +
guix/build/node-build-system.scm | 3 +-
10 files changed, 131 insertions(+), 151 deletions(-)
delete mode 100644 gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch

--
2.39.2
J
J
jlicht wrote on 17 Apr 2023 16:51
[PATCH v7 04/20] gnu: node-acorn: Fix broken transpilation.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
2ad99c459741e202b1e7f17e99b6725189b9a0dc.1681742871.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-acorn)[native-inputs]: Add `esbuild'.
[arguments]<phases>: Replace build phase by custom `esbuild' invocations.
---

(no changes since v1)

gnu/packages/node-xyz.scm | 26 +++++++++++++++++++++++++-
1 file changed, 25 insertions(+), 1 deletion(-)

Toggle diff (46 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index e3d8c7ca19..d75ccc199a 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -5,6 +5,7 @@
;;; Copyright © 2021 Charles <charles.b.jackson@protonmail.com>
;;; Copyright © 2021 Philip McGrath <philip@philipmcgrath.com>
;;; Copyright © 2022 Nicolas Graves <ngraves@ngraves.fr>
+;;; Copyright © 2023 Jelle Licht <jlicht@fsfe.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -75,7 +76,30 @@ (define-public node-acorn
#t))
scripts-alist)))
(other other))
- pkg-meta-alist))))))))))
+ pkg-meta-alist)))))))
+ (replace 'build
+ (lambda* (#:key inputs native-inputs #:allow-other-keys)
+ (let ((esbuild (search-input-file (or native-inputs inputs)
+ "/bin/esbuild")))
+ (invoke esbuild
+ "src/index.js"
+ "--outfile=dist/acorn.js"
+ "--format=cjs"
+ "--bundle"
+ "--platform=node")
+ (invoke esbuild
+ "src/index.js"
+ "--outfile=dist/acorn.mjs"
+ "--format=esm"
+ "--bundle"
+ "--platform=node")
+ (invoke esbuild
+ "src/bin/acorn.js"
+ "--outfile=dist/bin.js"
+ "--format=cjs"
+ "--platform=node")))))))
+ (native-inputs
+ (list esbuild))
(home-page "https://github.com/acornjs/acorn/tree/master/acorn")
(synopsis "Javascript-based Javascript parser")
(description "Acornjs is a Javascript parser with many options and an
--
2.39.2
J
J
jlicht wrote on 17 Apr 2023 16:51
[PATCH v7 05/20] gnu: node-buffer-crc32: Ignore development dependencies.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
decaeb90d6c9c4c3646116c3dc1fe8d3ffa325fe.1681742871.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-acorn)[arguments]<phases>: Explicitly patch
out development dependencies. Re-enable configure phase.
---

(no changes since v1)

gnu/packages/node-xyz.scm | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)

Toggle diff (19 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index d75ccc199a..96901e7bf8 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -123,10 +123,9 @@ (define-public node-buffer-crc32
(arguments
'(#:tests? #f
#:phases (modify-phases %standard-phases
- (replace 'configure
+ (add-after 'patch-dependencies 'delete-dependencies
(lambda _
- (invoke "npm" "--offline" "--ignore-scripts" "install"
- "--production"))))))
+ (delete-dependencies '("tap")))))))
(home-page "https://github.com/brianloveswords/buffer-crc32")
(synopsis "CRC32 implementation in Javascript")
(description
--
2.39.2
J
J
jlicht wrote on 17 Apr 2023 16:51
[PATCH v7 06/20] gnu: node-crx3: Ignore development dependencies.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
68f30d135723c8cfa7d400935069b9b39b055bce.1681742871.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-crx3)[arguments]<phases>: Explicitly patch
out development dependencies. Re-enable configure phase.
---

(no changes since v1)

gnu/packages/node-xyz.scm | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)

Toggle diff (26 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index 96901e7bf8..00d93d3185 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -179,10 +179,16 @@ (define-public node-crx3
(substitute* "lib/configuration.js"
(("mri")
"minimist"))))
- (replace 'configure
+ (add-after 'patch-dependencies 'delete-dependencies
(lambda _
- (invoke "npm" "--offline" "--ignore-scripts" "install"
- "--production"))))))
+ (delete-dependencies '("c8"
+ "docdash"
+ "eslint"
+ "eslint-plugin-jsdoc"
+ "jsdoc"
+ "tap-diff"
+ "tape"
+ "tape-catch")))))))
(inputs (list node-minimist node-pbf node-yazl))
(home-page "https://github.com/ahwayakchih/crx3")
(synopsis "Create CRXv3 browser extensions with Javascript")
--
2.39.2
J
J
jlicht wrote on 17 Apr 2023 16:51
[PATCH v7 07/20] gnu: node-minimist: Ignore development dependencies.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
7f76bf7b834feb2cbb4dd8f4b4ab516a2afdcb78.1681742871.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-minimist)[arguments]<phases>: Explicitly
patch out development dependencies. Re-enable configure phase.
---

(no changes since v1)

gnu/packages/node-xyz.scm | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)

Toggle diff (19 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index 00d93d3185..847004501a 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -313,10 +313,9 @@ (define-public node-minimist
(arguments
'(#:tests? #f
#:phases (modify-phases %standard-phases
- (replace 'configure
+ (add-after 'patch-dependencies 'delete-dependencies
(lambda _
- (invoke "npm" "--offline" "--ignore-scripts" "install"
- "--production"))))))
+ (delete-dependencies '("covert" "tap" "tape")))))))
(home-page "https://github.com/substack/minimist")
(synopsis "Parse CLI arguments in Javascript")
(description "This package can scan for CLI flags and arguments in
--
2.39.2
J
J
jlicht wrote on 17 Apr 2023 16:51
[PATCH v7 08/20] gnu: node-pbf: Ignore development dependencies.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
8668c9ff5d3f9d8e2ed946e1d01339d1ef08d1a0.1681742871.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-pbf)[arguments]<phases>: Explicitly patch
out development dependencies. Re-enable configure phase.
---

(no changes since v1)

gnu/packages/node-xyz.scm | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)

Toggle diff (29 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index 847004501a..680be0ad3f 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -364,10 +364,19 @@ (define-public node-pbf
(arguments
'(#:tests? #f
#:phases (modify-phases %standard-phases
- (replace 'configure
+ (add-after 'patch-dependencies 'delete-dependencies
(lambda _
- (invoke "npm" "--offline" "--ignore-scripts" "install"
- "--production"))))))
+ (delete-dependencies
+ '("benchmark"
+ "browserify"
+ "eslint"
+ "eslint-config-mourner"
+ "mkdirp"
+ "protobufjs"
+ "protocol-buffers"
+ "tap"
+ "tile-stats-runner"
+ "uglify-js")))))))
(inputs (list node-ieee754 node-resolve-protobuf-schema))
(home-page "https://github.com/mapbox/pbf")
(synopsis "Decode and encode protocol buffers in Javascript")
--
2.39.2
J
J
jlicht wrote on 17 Apr 2023 16:51
[PATCH v7 09/20] gnu: node-protocol-buffers-schema: Ignore development dependencies.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
2cdf085703e2cc53f73a6167071333bd9dae6805.1681742871.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-protocol-buffers-schema)[arguments]<phases>:
Explicitly patch out development dependencies. Re-enable configure phase.
---

(no changes since v1)

gnu/packages/node-xyz.scm | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)

Toggle diff (19 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index 680be0ad3f..1b581cf3a7 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -405,10 +405,9 @@ (define-public node-protocol-buffers-schema
(arguments
'(#:tests? #f
#:phases (modify-phases %standard-phases
- (replace 'configure
+ (add-after 'patch-dependencies 'delete-dependencies
(lambda _
- (invoke "npm" "--offline" "--ignore-scripts" "install"
- "--production"))))))
+ (delete-dependencies '("standard" "tape")))))))
(home-page "https://github.com/mafintosh/protocol-buffers-schema")
(synopsis "Protocol buffers schema parser written in Javascript")
(description "This package provides a protocol buffers schema parser
--
2.39.2
J
J
jlicht wrote on 17 Apr 2023 16:51
[PATCH v7 10/20] gnu: node-resolve-protobuf-schema: Ignore development dependencies.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
277c0e4790777fcc28607621de32d7ca473dcba7.1681742871.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-resolve-protobuf-schema)[arguments]<phases>:
Explicitly patch out development dependencies. Re-enable configure phase.
---

(no changes since v1)

gnu/packages/node-xyz.scm | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)

Toggle diff (19 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index 1b581cf3a7..cbf2665940 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -431,10 +431,9 @@ (define-public node-resolve-protobuf-schema
(arguments
'(#:tests? #f
#:phases (modify-phases %standard-phases
- (replace 'configure
+ (add-after 'patch-dependencies 'delete-dependencies
(lambda _
- (invoke "npm" "--offline" "--ignore-scripts" "install"
- "--production"))))))
+ (delete-dependencies '("standard" "tape")))))))
(inputs (list node-protocol-buffers-schema))
(home-page "https://github.com/mafintosh/resolve-protobuf-schema")
(synopsis "Resolve protobuf imports")
--
2.39.2
J
J
jlicht wrote on 17 Apr 2023 16:51
[PATCH v7 11/20] gnu: node-ieee754: Ignore development dependencies.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
3669976ff6f1e4a787d57fac254b6bd9fb7aee9a.1681742871.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-ieee754)[arguments]<phases>: Explicitly
patch out development dependencies. Re-enable configure phase.
---

(no changes since v1)

gnu/packages/node-xyz.scm | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)

Toggle diff (19 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index cbf2665940..628fe41d28 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -623,10 +623,9 @@ (define-public node-ieee754
(arguments
'(#:tests? #f
#:phases (modify-phases %standard-phases
- (replace 'configure
+ (add-after 'patch-dependencies 'delete-dependencies
(lambda _
- (invoke "npm" "--offline" "--ignore-scripts" "install"
- "--production"))))))
+ (delete-dependencies '("airtap" "standard" "tape")))))))
(home-page "https://github.com/feross/ieee754")
(synopsis "Read/write IEEE754 floating point numbers in Javascript")
(description "This package can read and write IEEE754 floating point
--
2.39.2
J
J
jlicht wrote on 17 Apr 2023 16:51
[PATCH v7 12/20] gnu: node-yazl: Ignore development dependencies.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
03c9608cd8f8ac3d22660242de6e53517d0a1cbc.1681742871.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-yazl)[arguments]<phases>: Explicitly patch
out development dependencies. Re-enable configure phase.
---

(no changes since v1)

gnu/packages/node-xyz.scm | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)

Toggle diff (19 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index 628fe41d28..b85507f52f 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -1588,10 +1588,9 @@ (define-public node-yazl
(arguments
'(#:tests? #f
#:phases (modify-phases %standard-phases
- (replace 'configure
+ (add-after 'patch-dependencies 'delete-dependencies
(lambda _
- (invoke "npm" "--offline" "--ignore-scripts" "install"
- "--production"))))))
+ (delete-dependencies '("airtap" "bl" "istanbul" "yauzl")))))))
(inputs (list node-buffer-crc32))
(home-page "https://github.com/thejoshwolfe/yazl")
(synopsis "Yet another zip library for node")
--
2.39.2
J
J
jlicht wrote on 17 Apr 2023 16:51
[PATCH v7 13/20] gnu: node-uglify-js: Update to 3.14.2.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
ae81a9c6c5c22213b68458692f909a88fc91537e.1681742871.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/uglifyjs.scm (node-uglify-js): Update to 3.14.2.
---

(no changes since v1)

gnu/packages/uglifyjs.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (24 lines)
diff --git a/gnu/packages/uglifyjs.scm b/gnu/packages/uglifyjs.scm
index b65d52b8df..1bd8bb6326 100644
--- a/gnu/packages/uglifyjs.scm
+++ b/gnu/packages/uglifyjs.scm
@@ -25,7 +25,7 @@ (define-module (gnu packages uglifyjs)
(define-public node-uglify-js
(package
(name "node-uglify-js")
- (version "3.13.9")
+ (version "3.14.2")
(source
(origin
(method git-fetch)
@@ -34,7 +34,7 @@ (define-public node-uglify-js
(commit (string-append "v" version))))
(file-name (git-file-name name version))
(sha256
- (base32 "0q1f91xwwm829cl5v727d4qkxy4yh7wri3pgl89f0m3a4y1n7hi4"))))
+ (base32 "1jraqpwzga4vbgq3xcn08jcfc87pm6nik7vpxvxa4rfjvz70a6k7"))))
(build-system node-build-system)
(native-inputs
(list node-acorn node-semver))
--
2.39.2
J
J
jlicht wrote on 17 Apr 2023 16:51
[PATCH v7 14/20] gnu: node-serialport: Avoid gyp rebuilds.
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
bdfaa1e58f8e7397ee3e4165dc9a901e6b68a7ee.1681742871.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-serialport)[arguments]<phases>: Explicitly
disable gyp recompilation.
---

(no changes since v1)

gnu/packages/node-xyz.scm | 2 ++
1 file changed, 2 insertions(+)

Toggle diff (15 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index b85507f52f..a9784dbf7a 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -1384,6 +1384,8 @@ (define-public node-serialport-bindings
(_
#t))
scripts-alist)))
+ (("gypfile" . _)
+ '("gypfile" . #f))
(other
other))
pkg-meta-alist))))))))
--
2.39.2
J
J
jlicht wrote on 17 Apr 2023 16:51
[PATCH v7 15/20] gnu: node-openzwave-shared: Fix compilation for new versions of node
(address . 59188@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
90996e0ab7b395edc0e223a32a1394ea2d4311f4.1681742871.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/zwave.scm (node-openzwave-shared)[arguments]<#:phases>: Add
patch-compiler phase to allow compilation with node versions 16 and up.
---

(no changes since v1)

gnu/packages/zwave.scm | 5 +++++
1 file changed, 5 insertions(+)

Toggle diff (18 lines)
diff --git a/gnu/packages/zwave.scm b/gnu/packages/zwave.scm
index 3e99bd7687..a30199ec02 100644
--- a/gnu/packages/zwave.scm
+++ b/gnu/packages/zwave.scm
@@ -112,6 +112,11 @@ (define-public node-openzwave-shared
(arguments
`(#:phases
(modify-phases %standard-phases
+ (add-before 'build 'patch-compiler
+ (lambda _
+ (substitute* "binding.gyp"
+ (("std=c\\+\\+11")
+ "std=c++17"))))
(replace 'build
;; For some reason, `npm install` doesn't build
;; the addon automatically, so we do it explicitly here.
--
2.39.2
J
J
jlicht wrote on 17 Apr 2023 16:51
[PATCH v7 16/20] gnu: emacs-nodejs-repl: Build with node-lts.
(address . 59188@debbugs.gnu.org)
4809ad315243309fdef56f2860032e8f2573c6ec.1681742871.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/emacs-xyz.scm (emacs-nodejs-repl)[inputs]: Replace NODE by
NODE-LTS.
---

(no changes since v1)

gnu/packages/emacs-xyz.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Toggle diff (15 lines)
diff --git a/gnu/packages/emacs-xyz.scm b/gnu/packages/emacs-xyz.scm
index c1748e7f36..7282c03dfe 100644
--- a/gnu/packages/emacs-xyz.scm
+++ b/gnu/packages/emacs-xyz.scm
@@ -12803,7 +12803,7 @@ (define-public emacs-nodejs-repl
"0a5mmg3cmdi73giblp07ksl06xzl9nb2m3f96ny4r3rv0ar3v1bx"))))
(build-system emacs-build-system)
(inputs
- (list node))
+ (list node-lts))
(native-inputs
(list emacs-ert-expectations))
(arguments
--
2.39.2
J
J
jlicht wrote on 17 Apr 2023 16:51
[PATCH v7 17/20] gnu: libuv-for-node: Update to 1.44.2.
(address . 59188@debbugs.gnu.org)(name . Hilton Chain)(address . hako@ultrarare.space)
6eef740c67c64831549887756011c868e293b815.1681742871.git.jlicht@fsfe.org
From: Hilton Chain <hako@ultrarare.space>

* gnu/packages/libevent.scm (libuv-for-node): Update to 1.44.2.
---

(no changes since v1)

gnu/packages/libevent.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (23 lines)
diff --git a/gnu/packages/libevent.scm b/gnu/packages/libevent.scm
index 02b2795194..441c8a401c 100644
--- a/gnu/packages/libevent.scm
+++ b/gnu/packages/libevent.scm
@@ -148,14 +148,14 @@ (define-public libuv-for-node
(package
(inherit libuv)
(name "libuv")
- (version "1.42.0")
+ (version "1.44.2")
(source (origin
(method url-fetch)
(uri (string-append "https://dist.libuv.org/dist/v" version
"/libuv-v" version ".tar.gz"))
(sha256
(base32
- "0wpb9pz3r8nksnrf4zbixj2kk9whr7abi45ydrwyv2js2ljrc4j3"))))
+ "1d1wy1061cf2mfygr2j6jbm0da2mhsf0l9yq4rjkqrsmijbdrz6c"))))
(properties '((hidden? . #t)))))
(define-public libuv-for-r-httpuv
--
2.39.2
J
J
jlicht wrote on 17 Apr 2023 16:51
[PATCH v7 18/20] gnu: llhttp-bootstrap: Update to 6.0.10.
(address . 59188@debbugs.gnu.org)(name . Hilton Chain)(address . hako@ultrarare.space)
285ecfa86af35308c8489f6533c4736c0f782c08.1681742871.git.jlicht@fsfe.org
From: Hilton Chain <hako@ultrarare.space>

* gnu/packages/node.scm (llhttp-bootstrap): Update to 6.0.10.
* gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch: Remove file.
* gnu/local.mk: Remove it.
---

(no changes since v1)

gnu/local.mk | 1 -
gnu/packages/node.scm | 5 +-
.../llhttp-bootstrap-CVE-2020-8287.patch | 100 ------------------
3 files changed, 2 insertions(+), 104 deletions(-)
delete mode 100644 gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch

Toggle diff (143 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index 1241ab09c0..0f79acd639 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1501,7 +1501,6 @@ dist_patch_DATA = \
%D%/packages/patches/linuxdcpp-openssl-1.1.patch \
%D%/packages/patches/lirc-localstatedir.patch \
%D%/packages/patches/lirc-reproducible-build.patch \
- %D%/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch \
%D%/packages/patches/llvm-3.5-fix-clang-build-with-gcc5.patch \
%D%/packages/patches/llvm-3.6-fix-build-with-gcc-10.patch \
%D%/packages/patches/llvm-3.x.1-fix-build-with-gcc.patch \
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index 6137ed1dd3..f613844a13 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -668,7 +668,7 @@ (define-public node-llparse-bootstrap
(define-public llhttp-bootstrap
(package
(name "llhttp")
- (version "2.1.4")
+ (version "6.0.10")
(source (origin
(method git-fetch)
(uri (git-reference
@@ -677,8 +677,7 @@ (define-public llhttp-bootstrap
(file-name (git-file-name name version))
(sha256
(base32
- "115mwyds9655p76lhglxg2blc1ksgrix6zhigaxnc2q6syy3pa6x"))
- (patches (search-patches "llhttp-bootstrap-CVE-2020-8287.patch"))
+ "0izwqa77y007xdi0bj3ccw821n19rz89mz4hx4lg99fwkwylr6x8"))
(modules '((guix build utils)))
(snippet
'(begin
diff --git a/gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch b/gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch
deleted file mode 100644
index 215c920e53..0000000000
--- a/gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch
+++ /dev/null
@@ -1,100 +0,0 @@
-This patch comes from upstream. It corresponds to a patch applied to
-the generated C source code for llhttp included in Node.js 14.16.0
-(see commit 641f786bb1a1f6eb1ff8750782ed939780f2b31a). That commit
-fixes CVE-2020-8287. With this patch, the output of our
-llhttp-bootstrap package matches the files included in Node.js 14.16.0
-exactly.
-
-commit e9b36ea64709c35ca66094d5cf3787f444029601
-Author: Fedor Indutny <fedor@indutny.com>
-Date: Sat Oct 10 19:56:01 2020 -0700
-
- http: unset `F_CHUNKED` on new `Transfer-Encoding`
-
- Duplicate `Transfer-Encoding` header should be a treated as a single,
- but with original header values concatenated with a comma separator. In
- the light of this, even if the past `Transfer-Encoding` ended with
- `chunked`, we should be not let the `F_CHUNKED` to leak into the next
- header, because mere presence of another header indicates that `chunked`
- is not the last transfer-encoding token.
-
-diff --git a/src/llhttp/http.ts b/src/llhttp/http.ts
-index f4f1a6e..0a0c365 100644
---- a/src/llhttp/http.ts
-+++ b/src/llhttp/http.ts
-@@ -460,11 +460,19 @@ export class HTTP {
- .match([ ' ', '\t' ], n('header_value_discard_ws'))
- .otherwise(checkContentLengthEmptiness);
-
-+ // Multiple `Transfer-Encoding` headers should be treated as one, but with
-+ // values separate by a comma.
-+ //
-+ // See: https://tools.ietf.org/html/rfc7230#section-3.2.2
-+ const toTransferEncoding = this.unsetFlag(
-+ FLAGS.CHUNKED,
-+ 'header_value_te_chunked');
-+
- n('header_value_start')
- .otherwise(this.load('header_state', {
- [HEADER_STATE.UPGRADE]: this.setFlag(FLAGS.UPGRADE, fallback),
- [HEADER_STATE.TRANSFER_ENCODING]: this.setFlag(
-- FLAGS.TRANSFER_ENCODING, 'header_value_te_chunked'),
-+ FLAGS.TRANSFER_ENCODING, toTransferEncoding),
- [HEADER_STATE.CONTENT_LENGTH]: n('header_value_content_length_once'),
- [HEADER_STATE.CONNECTION]: n('header_value_connection'),
- }, 'header_value'));
-@@ -847,6 +855,11 @@ export class HTTP {
- return span.start(span.end(this.node(next)));
- }
-
-+ private unsetFlag(flag: FLAGS, next: string | Node): Node {
-+ const p = this.llparse;
-+ return p.invoke(p.code.and('flags', ~flag), this.node(next));
-+ }
-+
- private setFlag(flag: FLAGS, next: string | Node): Node {
- const p = this.llparse;
- return p.invoke(p.code.or('flags', flag), this.node(next));
-diff --git a/test/request/transfer-encoding.md b/test/request/transfer-encoding.md
-index a7d1681..b0891d6 100644
---- a/test/request/transfer-encoding.md
-+++ b/test/request/transfer-encoding.md
-@@ -353,6 +353,38 @@ off=106 headers complete method=3 v=1/1 flags=200 content_length=0
- off=106 error code=15 reason="Request has invalid `Transfer-Encoding`"
- ```
-
-+## POST with `chunked` and duplicate transfer-encoding
-+
-+<!-- meta={"type": "request", "noScan": true} -->
-+```http
-+POST /post_identity_body_world?q=search#hey HTTP/1.1
-+Accept: */*
-+Transfer-Encoding: chunked
-+Transfer-Encoding: deflate
-+
-+World
-+```
-+
-+```log
-+off=0 message begin
-+off=5 len=38 span[url]="/post_identity_body_world?q=search#hey"
-+off=44 url complete
-+off=54 len=6 span[header_field]="Accept"
-+off=61 header_field complete
-+off=62 len=3 span[header_value]="*/*"
-+off=67 header_value complete
-+off=67 len=17 span[header_field]="Transfer-Encoding"
-+off=85 header_field complete
-+off=86 len=7 span[header_value]="chunked"
-+off=95 header_value complete
-+off=95 len=17 span[header_field]="Transfer-Encoding"
-+off=113 header_field complete
-+off=114 len=7 span[header_value]="deflate"
-+off=123 header_value complete
-+off=125 headers complete method=3 v=1/1 flags=200 content_length=0
-+off=125 error code=15 reason="Request has invalid `Transfer-Encoding`"
-+```
-+
- ## POST with `chunked` before other transfer-coding (lenient)
-
- TODO(indutny): should we allow it even in lenient mode? (Consider disabling
--
2.39.2
J
J
jlicht wrote on 17 Apr 2023 16:51
[PATCH v7 19/20] gnu: node-lts: Update to 18.16.0.
(address . 59188@debbugs.gnu.org)(name . Hilton Chain)(address . hako@ultrarare.space)
60cf0f103485559c418cf9d96e7cc49265356916.1681742871.git.jlicht@fsfe.org
From: Hilton Chain <hako@ultrarare.space>

* gnu/packages/node.scm (node-lts): Update to 18.16.0.
[snippet]: Keep file deps/openssl/nodejs-openssl.cnf.
[arguments]<#:configure-flags>: Enable v8 snapshot compression.
<#:phases>: Adjust problematic tests to delete accordingly.
Patch additional file with hardcoded references to /bin/sh.
[native-inputs,inputs]: Replace openssl-1.1 with openssl.
---

(no changes since v1)

gnu/packages/node.scm | 40 ++++++++++++++++++++++++++++------------
1 file changed, 28 insertions(+), 12 deletions(-)

Toggle diff (113 lines)
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index f613844a13..35e1386844 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -11,6 +11,7 @@
;;; Copyright © 2021 Simon Tournier <zimon.toutoune@gmail.com>
;;; Copyright © 2021 Guillaume Le Vaillant <glv@posteo.net>
;;; Copyright © 2021, 2022 Philip McGrath <philip@philipmcgrath.com>
+;;; Copyright © 2022 Hilton Chain <hako@ultrarare.space>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -737,23 +738,28 @@ (define-public llhttp-bootstrap
(define-public node-lts
(package
(inherit node)
- (version "14.19.3")
+ (version "18.16.0")
(source (origin
(method url-fetch)
(uri (string-append "https://nodejs.org/dist/v" version
- "/node-v" version ".tar.xz"))
+ "/node-v" version ".tar.gz"))
(sha256
(base32
- "15691j5zhiikyamiwwd7f282g6d9acfhq91nrwx54xya38gmpx2w"))
+ "0vcc132z7lkxnw5clmiz6sp6ccmw35pyb69hczphrig5frfmqkva"))
(modules '((guix build utils)))
(snippet
`(begin
+ ;; openssl.cnf is required for build.
+ (for-each delete-file-recursively
+ (find-files "deps/openssl"
+ (lambda (file stat)
+ (if (string-contains file "nodejs-openssl.cnf")
+ #f #t))))
;; Remove bundled software, where possible
(for-each delete-file-recursively
'("deps/cares"
"deps/icu-small"
"deps/nghttp2"
- "deps/openssl"
"deps/zlib"))
(substitute* "Makefile"
;; Remove references to bundled software.
@@ -769,7 +775,9 @@ (define-public node-lts
"--shared-openssl"
"--shared-zlib"
"--shared-brotli"
- "--with-intl=system-icu"))
+ "--with-intl=system-icu"
+ ;;Needed for correct snapshot checksums
+ "--v8-enable-snapshot-compression"))
((#:phases phases)
`(modify-phases ,phases
(replace 'set-bootstrap-host-rpath
@@ -802,23 +810,31 @@ (define-public node-lts
libuv "/lib:"
zlib "/lib"
"'],"))))))
+ (add-after 'patch-hardcoded-program-references
+ 'patch-additional-hardcoded-program-references
+ (lambda* (#:key inputs #:allow-other-keys)
+ (substitute* "test/parallel/test-stdin-from-file-spawn.js"
+ (("'/bin/sh'") (string-append
+ "'" (search-input-file inputs "/bin/sh")
+ "'")))))
(replace 'delete-problematic-tests
(lambda* (#:key inputs #:allow-other-keys)
;; FIXME: These tests fail in the build container, but they don't
;; seem to be indicative of real problems in practice.
(for-each delete-file
- '("test/parallel/test-cluster-master-error.js"
- "test/parallel/test-cluster-master-kill.js"))
+ '("test/parallel/test-cluster-primary-error.js"
+ "test/parallel/test-cluster-primary-kill.js"))
;; These require a DNS resolver.
(for-each delete-file
'("test/parallel/test-dns.js"
- "test/parallel/test-dns-lookupService-promises.js"))
+ "test/parallel/test-dns-lookupService-promises.js"
+ "test/parallel/test-net-socket-connect-without-cb.js"
+ "test/parallel/test-tcp-wrap-listen.js"))
;; These tests require networking.
(for-each delete-file
- '("test/parallel/test-https-agent-unref-socket.js"
- "test/parallel/test-corepack-yarn-install.js"))
+ '("test/parallel/test-https-agent-unref-socket.js"))
;; This test is timing-sensitive, and fails sporadically on
;; slow, busy, or even very fast machines.
@@ -868,7 +884,7 @@ (define-public node-lts
icu4c-71
libuv-for-node
`(,nghttp2 "lib")
- openssl-1.1
+ openssl
zlib
;; Regular build-time dependencies.
perl
@@ -885,7 +901,7 @@ (define-public node-lts
llhttp-bootstrap
brotli
`(,nghttp2 "lib")
- openssl-1.1
+ openssl
zlib))))
(define-public libnode
--
2.39.2
J
J
jlicht wrote on 17 Apr 2023 16:51
[PATCH v7 20/20] gnu: libnode: Use node-lts as base.
(address . 59188@debbugs.gnu.org)
24ff0c1a9bc614b7d4a9adffcbfbbfc4c34a25d6.1681742871.git.jlicht@fsfe.org
From: Hilton Chain <hako@ultrarare.space>

* gnu/packages/node.scm (libnode): Use node-lts as base.
* gnu/packages/cran.scm (r-v8)[arguments]<#:phases>: Adjusted accordingly.

---

Changes in v7:
- Build emacs-nodejs-repl with node-lts
- Rebase on master
- Update node-lts to 18.16.0
- Still broken on armhf, but has been for years :/

gnu/packages/cran.scm | 2 +-
gnu/packages/node.scm | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)

Toggle diff (32 lines)
diff --git a/gnu/packages/cran.scm b/gnu/packages/cran.scm
index 03c92e7ffd..03e0f36cdf 100644
--- a/gnu/packages/cran.scm
+++ b/gnu/packages/cran.scm
@@ -1428,7 +1428,7 @@ (define-public r-v8
(("^PKG_LIBS=.*")
(string-append "PKG_LIBS="
(assoc-ref inputs "libnode")
- "/lib/libnode.so.64\n")))
+ "/lib/libnode.so.108\n")))
(setenv "INCLUDE_DIR"
(string-append
(assoc-ref inputs "libnode")
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index 35e1386844..37cfec8a6b 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -905,10 +905,10 @@ (define-public node-lts
zlib))))
(define-public libnode
- (package/inherit node
+ (package/inherit node-lts
(name "libnode")
(arguments
- (substitute-keyword-arguments (package-arguments node)
+ (substitute-keyword-arguments (package-arguments node-lts)
((#:configure-flags flags ''())
`(cons* "--shared" "--without-npm" ,flags))
((#:phases phases '%standard-phases)
--
2.39.2
L
L
Liliana Marie Prikler wrote on 17 Apr 2023 17:37
Re: [PATCH v7 16/20] gnu: emacs-nodejs-repl: Build with node-lts.
(name . Andrew Tropin)(address . andrew@trop.in)
9a1f88d3c90e7518a91fe7f76569b43be84bddfc.camel@gmail.com
Am Montag, dem 17.04.2023 um 16:51 +0200 schrieb jlicht@fsfe.org:
Toggle quote (4 lines)
> From: Jelle Licht <jlicht@fsfe.org>
>
> * gnu/packages/emacs-xyz.scm (emacs-nodejs-repl)[inputs]: Replace
> NODE by NODE-LTS.
I think lowercase would be better.

Toggle quote (3 lines)
> ---
>
> (no changes since v1)
Where is v1?

Toggle quote (14 lines)
>  gnu/packages/emacs-xyz.scm | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/gnu/packages/emacs-xyz.scm b/gnu/packages/emacs-xyz.scm
> index c1748e7f36..7282c03dfe 100644
> --- a/gnu/packages/emacs-xyz.scm
> +++ b/gnu/packages/emacs-xyz.scm
> @@ -12803,7 +12803,7 @@ (define-public emacs-nodejs-repl
>                 
> "0a5mmg3cmdi73giblp07ksl06xzl9nb2m3f96ny4r3rv0ar3v1bx"))))
>      (build-system emacs-build-system)
>      (inputs
> -     (list node))
> +     (list node-lts))
LGTM, I guess. Is it expected that node-lts will see fewer rebuilds
than the other node package going forward?

Cheers
J
J
Jelle Licht wrote on 17 Apr 2023 18:03
(name . Andrew Tropin)(address . andrew@trop.in)
87edoiv6lt.fsf@fsfe.org
Liliana Marie Prikler <liliana.prikler@gmail.com> writes:

Toggle quote (7 lines)
> Am Montag, dem 17.04.2023 um 16:51 +0200 schrieb jlicht@fsfe.org:
>> From: Jelle Licht <jlicht@fsfe.org>
>>
>> * gnu/packages/emacs-xyz.scm (emacs-nodejs-repl)[inputs]: Replace
>> NODE by NODE-LTS.
> I think lowercase would be better.

Addressed locally, and will take into account when applying.

Toggle quote (5 lines)
>
>> ---
>>
>> (no changes since v1)
> Where is v1?
There is no v1.

This blurb is generated by patman, I do not know how to disable this.
Tips very much welcome.

Since I started using patman, I've listed changes in each cover letter
instead, as that's much easier to manage.

Toggle quote (17 lines)
>>  gnu/packages/emacs-xyz.scm | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/gnu/packages/emacs-xyz.scm b/gnu/packages/emacs-xyz.scm
>> index c1748e7f36..7282c03dfe 100644
>> --- a/gnu/packages/emacs-xyz.scm
>> +++ b/gnu/packages/emacs-xyz.scm
>> @@ -12803,7 +12803,7 @@ (define-public emacs-nodejs-repl
>>                 
>> "0a5mmg3cmdi73giblp07ksl06xzl9nb2m3f96ny4r3rv0ar3v1bx"))))
>>      (build-system emacs-build-system)
>>      (inputs
>> -     (list node))
>> +     (list node-lts))
> LGTM, I guess. Is it expected that node-lts will see fewer rebuilds
> than the other node package going forward?

No, if anything the hope is that there will be more going on with the
node-lts package :-).

Our current "node" package should not be used, as it's an ancient (and
unsupported) version. Restructuring the node/node-lts/node-bootstrap
triad (and making sure older versions are not exposed to users) will be
my next node-related venture.

Toggle quote (2 lines)
> Cheers

Thanks for the review!
- Jelle
M
M
Mekeor Melire wrote on 18 Apr 2023 00:08
Re: [bug#59188] [PATCH v7 00/20] Updating node-lts to 18.X
(address . jlicht@fsfe.org)(address . 59188@debbugs.gnu.org)
87bkjmnorr.fsf@posteo.de
2023-04-17 16:51 jlicht@fsfe.org:

Toggle quote (7 lines)
> From: Jelle Licht <jlicht@fsfe.org>
>
> Node-based things are broken on armhf, but that has been the
> case for a good while already. If nobody objects, I'm planning
> to push this to master after a 'green light' (modulo armhf
> results) from the QA service, somewhere in the coming days.

Thank you very much for all the hard work! I'm looking forward to
this.

I've been guix-pulling from this branch already for some weeks,
and everything has been working fine for me.
J
J
Jelle Licht wrote on 6 May 2023 14:50
Updating node-lts to 18.X
(address . 59188-done@debbugs.gnu.org)
87wn1l8vzf.fsf@fsfe.org
Pushed to master, with some minor adjustments to make things work after
the core-updates merge. Thanks for the patience and feedback!

- Jelle
Closed
?