[PATCH 00/20] Bumping node to 20.18.0 and beyond

  • Done
  • quality assurance status badge
Details
4 participants
  • jlicht
  • Liliana Marie Prikler
  • Ludovic Courtès
  • Ricardo Wurmus
Owner
unassigned
Submitted by
jlicht
Severity
normal
J
J
jlicht wrote on 3 Nov 13:01 +0100
(address . guix-patches@gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
cover.1730634823.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

Hey folks,

As our current node-lts package has quite some security issues, here a bump to a recent release of something that is maintained. After this has been merged, a version bump to the Active LTS version of node (22) is in the works as well.

I also opted to finally move everything and everyone away from the (very insecure) node@10/node-bootstrap package in this series. In case it makes sense to add a deprecated package alias for the now-removed `node` variable, please let me know; I sincerely hope nobody was still using node@10 anywhere.

guix refresh tells me the following:
Building the following 126 packages would ensure 223 dependent packages are rebuilt.
I'd appreciate a reminder as to whether this means this can go straight to master, or rather should be relegated to a specialised branch for the merge train(s).


Jelle Licht (20):
gnu: node: Replace customized nghttp2-for-node by nghttp2.
gnu: Remove nghttp2-for-node.
gnu: node-lts: Replace customized c-ares-for-node by c-ares.
gnu: Remove c-ares-for-node.
gnu: Add libuv-for-node-lts.
gnu: llhttp-bootstrap: Update to 8.1.2.
gnu: node-lts: Update to 20.18.0 [security fixes].
gnu: r-v8: Fix build with node-lts@20.
gnu: cwltool: Use node-lts instead of node.
gnu: python-cwl-utils: Use node-lts instead of node.
gnu: ocaml-ezjsonm: Use node-lts instead of node.
gnu: js-of-ocaml: Use node-lts instead of node.
gnu: fmp: Use node-lts instead of node.
gnu: python-cloudscraper: Use node-lts instead of node.
gnu: qtwebengine-5: Use node-lts instead of node.
gnu: ruby-autoprefixer-rails: Use node-lts instead of node.
gnu: ruby-execjs: Use node-lts instead of node.
gnu: vlang: Use node-lts instead of node.
gnu: esbuild-node: Use node-lts instead of node.
gnu: node: Rename variable node-bootstrap and hide package.

gnu/packages/adns.scm | 22 ----------
gnu/packages/bioinformatics.scm | 4 +-
gnu/packages/cran.scm | 2 +-
gnu/packages/libevent.scm | 24 +++++++++++
gnu/packages/node.scm | 67 +++++++++++++++++++----------
gnu/packages/ocaml.scm | 4 +-
gnu/packages/package-management.scm | 2 +-
gnu/packages/python-web.scm | 2 +-
gnu/packages/qt.scm | 2 +-
gnu/packages/rails.scm | 2 +-
gnu/packages/ruby.scm | 2 +-
gnu/packages/vlang.scm | 2 +-
gnu/packages/web.scm | 39 +----------------
13 files changed, 82 insertions(+), 92 deletions(-)


base-commit: a26ba23cdd476cb5eb8378c4785ccf1bc4145f17
--
2.46.0
J
J
jlicht wrote on 3 Nov 13:03 +0100
[PATCH 03/20] gnu: node-lts: Replace customized c-ares-for-node by c-ares.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
62a226af0b6b89b90cf0e933cbcfa520a552c7e8.1730634823.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node.scm (node-lts) [native-inputs]: Replace c-ares-for-node by
c-ares.
[inputs]: Ditto.

Change-Id: Ibef027d55c14e302d406d6478fed474f67c0d508
---
gnu/packages/node.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (24 lines)
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index 6414b94278..3997042e76 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -936,7 +936,7 @@ (define-public node-lts
(chmod file #o555))))))))
(native-inputs
(list ;; Runtime dependencies for binaries used as a bootstrap.
- c-ares-for-node
+ c-ares
brotli
icu4c
libuv
@@ -952,7 +952,7 @@ (define-public node-lts
(inputs
(list bash-minimal
coreutils
- c-ares-for-node
+ c-ares
icu4c
libuv
llhttp-bootstrap
--
2.46.0
J
J
jlicht wrote on 3 Nov 13:03 +0100
[PATCH 04/20] gnu: Remove c-ares-for-node.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
5242649cd0c3562658c80ef854523722e4560492.1730634823.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

The node-lts package can now be built using the standard c-ares package.

* gnu/packages/adns.scm (c-ares-for-node): Delete variable.

Change-Id: I9e613f2d4aeacb6079d69f5bef22d11eb8dc6b18
---
gnu/packages/adns.scm | 22 ----------------------
1 file changed, 22 deletions(-)

Toggle diff (32 lines)
diff --git a/gnu/packages/adns.scm b/gnu/packages/adns.scm
index bf07219d17..1097b84062 100644
--- a/gnu/packages/adns.scm
+++ b/gnu/packages/adns.scm
@@ -161,25 +161,3 @@ (define-public c-ares/cmake
(arguments
`(;; XXX: Tests require name resolution (the normal variant runs no tests).
#:tests? #f)))))
-
-(define-public c-ares-for-node
- (hidden-package
- (package
- (inherit c-ares)
- (name "c-ares")
- (version "1.18.1")
- (source (origin
- (method url-fetch)
- (uri (string-append
- "https://c-ares.haxx.se/download/" name "-" version
- ".tar.gz"))
- (sha256
- (base32
- "1kxviskwsaa7dcgscvssxa8ps88pdq7kq4z93gxvz7sam2l54z8s"))))
- (arguments
- '(#:phases
- (modify-phases %standard-phases
- (add-before 'check 'filter-live-tests
- (lambda _
- ;; Filter tests that require internet access.
- (setenv "GTEST_FILTER" "-*.Live*:*.FamilyV4*")))))))))
--
2.46.0
J
J
jlicht wrote on 3 Nov 13:03 +0100
[PATCH 05/20] gnu: Add libuv-for-node-lts.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
b6195f2afc485643ac6d95e0e614b8359938564c.1730634823.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

Specific versions of Node depend on specific versions of libuv.

* gnu/packages/libevent.scm (libuv-for-node-lts): New package.

Change-Id: I97f6b96002dde37a0cec56dbfd7ff8722982ff89
---
gnu/packages/libevent.scm | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)

Toggle diff (37 lines)
diff --git a/gnu/packages/libevent.scm b/gnu/packages/libevent.scm
index 20f967757d..202deaea47 100644
--- a/gnu/packages/libevent.scm
+++ b/gnu/packages/libevent.scm
@@ -158,6 +158,30 @@ (define-public libuv-for-node
"0wpb9pz3r8nksnrf4zbixj2kk9whr7abi45ydrwyv2js2ljrc4j3"))))
(properties '((hidden? . #t)))))
+(define-public libuv-for-node-lts
+ ;; When upgrading Node, also upgrade this. Get the version from
+ ;; https://github.com/nodejs/node/blob/main/deps/uv/include/uv/version.h
+ (package
+ (inherit libuv)
+ (name "libuv")
+ (version "1.46.0")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "https://dist.libuv.org/dist/v" version
+ "/libuv-v" version ".tar.gz"))
+ (sha256
+ (base32
+ "1knxvp6bl3y0c87cch1id0z7m7rb6igx55ci93qnbp4zifaq67qi"))
+ (modules '((guix build utils)))
+ (snippet
+ '(begin
+ ;; Disable io_uring by default due to CVE-2024-22017. Can be removed once
+ ;; https://github.com/libuv/libuv/issues/4468 is released and compatible
+ ;; with Node.js
+ (substitute* "src/unix/linux.c"
+ (("val == NULL \\|\\|") "val != NULL &&"))))))
+ (properties '((hidden? . #t)))))
+
(define-public libuv-for-r-httpuv
;; When upgrading r-httpuv, also upgrade this.
(package
--
2.46.0
J
J
jlicht wrote on 3 Nov 13:03 +0100
[PATCH 06/20] gnu: llhttp-bootstrap: Update to 8.1.2.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
0d423ff42382ca1cf2478a10a34d7fed12a43fa1.1730634823.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node.scm (llhttp-bootstrap): Update to 8.1.2.

Change-Id: I4eff26889b2645c031fc9ea896657468d5752953
---
gnu/packages/node.scm | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)

Toggle diff (32 lines)
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index 3997042e76..36ed22e052 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -680,7 +680,7 @@ (define-public node-llparse-bootstrap
(define-public llhttp-bootstrap
(package
(name "llhttp")
- (version "6.0.11")
+ (version "8.1.2")
(source (origin
(method git-fetch)
(uri (git-reference
@@ -689,7 +689,7 @@ (define-public llhttp-bootstrap
(file-name (git-file-name name version))
(sha256
(base32
- "16gaylka6nx9bsff9xga3s8xihxm3k7svrb88lr4dj2s4pzlfga9"))
+ "1808y8mpdcmsi8rxndilngg4nn2fbqfgb29f47kk9mmdpqg5s17r"))
(modules '((guix build utils)))
(snippet
'(begin
@@ -715,6 +715,7 @@ (define-public llhttp-bootstrap
"/bin/esbuild")))
(invoke esbuild
"--platform=node"
+ "--target=node10"
"--outfile=bin/generate.js"
"--bundle" "bin/generate.ts"))))
(add-before 'install 'create-install-directories
--
2.46.0
J
J
jlicht wrote on 3 Nov 13:03 +0100
[PATCH 07/20] gnu: node-lts: Update to 20.18.0 [security fixes].
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
30e6dd2b0115cc792626f77a5bcf4827af5ae92f.1730634823.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node.scm (node-lts): Update to 20.18.0.
[origin]: Delete bundled brotli, ngtcp2 and uv.
[:configure-flags]: Add shared-nghtcp2 flag. Add shared-nghttp3 flag.
[#:phases]<delete-problematic-tests>: Remove tests that fail due to linking to
unbundled libuv.
[native-inputs]: Replace libuv by libuv-for-node-lts.
[inputs]: Replace libuv by libuv-for-node-lts. Add ngtpc2, nghttp3.

Change-Id: I932e64f212283b34f0affad65c3d9f92fdea3d79
---
gnu/packages/node.scm | 28 ++++++++++++++++++++++------
1 file changed, 22 insertions(+), 6 deletions(-)

Toggle diff (89 lines)
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index 36ed22e052..f046f1bad5 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -750,14 +750,14 @@ (define-public llhttp-bootstrap
(define-public node-lts
(package
(inherit node)
- (version "18.19.0")
+ (version "20.18.0")
(source (origin
(method url-fetch)
(uri (string-append "https://nodejs.org/dist/v" version
"/node-v" version ".tar.gz"))
(sha256
(base32
- "05qc1dgmrms73073n4l36jrcxf6ygqj959d3cngy5qclrg0isk6x"))
+ "033jb6kf9jq2qlq7ncvbznkd9wi3zppjl0129k989183qn7rz0f0"))
(modules '((guix build utils)))
(snippet
'(begin
@@ -768,9 +768,12 @@ (define-public node-lts
(not (string-contains file "nodejs-openssl.cnf")))))
;; Remove bundled software, where possible
(for-each delete-file-recursively
- '("deps/cares"
+ '("deps/brotli"
+ "deps/cares"
"deps/icu-small"
"deps/nghttp2"
+ "deps/ngtcp2"
+ "deps/uv"
"deps/zlib"))
(substitute* "Makefile"
;; Remove references to bundled software.
@@ -786,6 +789,8 @@ (define-public node-lts
"--shared-zlib"
"--shared-brotli"
"--with-intl=system-icu"
+ "--shared-ngtcp2"
+ "--shared-nghttp3"
;;Needed for correct snapshot checksums
"--v8-enable-snapshot-compression"))
((#:phases phases)
@@ -874,7 +879,15 @@ (define-public node-lts
;; TODO: Regenerate certs instead.
(for-each delete-file
'("test/parallel/test-tls-passphrase.js"
- "test/parallel/test-tls-server-verify.js"))))
+ "test/parallel/test-tls-server-verify.js"))
+
+ ;; These tests fail when linking to upstream libuv.
+ ;; https://github.com/nodejs/node/commit/3f6addd590
+ (for-each delete-file
+ '("test/parallel/test-process-euid-egid.js"
+ "test/parallel/test-process-initgroups.js"
+ "test/parallel/test-process-setgroups.js"
+ "test/parallel/test-process-uid-gid.js"))))
(add-after 'delete-problematic-tests 'replace-llhttp-sources
(lambda* (#:key inputs #:allow-other-keys)
;; Replace pre-generated llhttp sources
@@ -940,10 +953,11 @@ (define-public node-lts
c-ares
brotli
icu4c
- libuv
+ libuv-for-node-lts
`(,nghttp2 "lib")
openssl
zlib
+ ; ngtcp2? nghttp3?
;; Regular build-time dependencies.
perl
pkg-config
@@ -955,9 +969,11 @@ (define-public node-lts
coreutils
c-ares
icu4c
- libuv
+ libuv-for-node-lts
llhttp-bootstrap
brotli
+ ngtcp2
+ nghttp3
`(,nghttp2 "lib")
openssl
zlib))))
--
2.46.0
J
J
jlicht wrote on 3 Nov 13:03 +0100
[PATCH 08/20] gnu: r-v8: Fix build with node-lts@20.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
255433f5638f1cbea664c583d3453910856cdb56.1730634823.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

The version bump of node-lts from 18 to 20 also bumped the version in the so-file.

* gnu/packages/cran.scm (r-v8)[#:phases]<find-v8>: Look for libnode-so.115 as
provided by node-lts.

Change-Id: Ib5c0d865aea36c7d881efddf4877cbab4b7dd932
---
gnu/packages/cran.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Toggle diff (15 lines)
diff --git a/gnu/packages/cran.scm b/gnu/packages/cran.scm
index dc2a77593a..f69281c177 100644
--- a/gnu/packages/cran.scm
+++ b/gnu/packages/cran.scm
@@ -2454,7 +2454,7 @@ (define-public r-v8
(("^PKG_LIBS=.*")
(string-append "PKG_LIBS="
(assoc-ref inputs "libnode")
- "/lib/libnode.so.108\n")))
+ "/lib/libnode.so.115\n")))
(setenv "INCLUDE_DIR"
(string-append
(assoc-ref inputs "libnode")
--
2.46.0
J
J
jlicht wrote on 3 Nov 13:03 +0100
[PATCH 09/20] gnu: cwltool: Use node-lts instead of node.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
4a40b83d2409c0ebab04b2c42eb7386d6b8df726.1730634823.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/bioinformatics.scm (cwltool)[inputs]: Replace node by node-lts.

Change-Id: Idea8c5cb456080fccd8fff6c6b2c674764ae7bce
---
gnu/packages/bioinformatics.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Toggle diff (15 lines)
diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm
index 3c1c180b7c..3430d3072b 100644
--- a/gnu/packages/bioinformatics.scm
+++ b/gnu/packages/bioinformatics.scm
@@ -5865,7 +5865,7 @@ (define-public cwltool
python-spython
python-typing-extensions
;; Not listed as needed but still necessary:
- node))
+ node-lts))
(native-inputs
(list python-arcp
python-humanfriendly
--
2.46.0
J
J
jlicht wrote on 3 Nov 13:03 +0100
[PATCH 10/20] gnu: python-cwl-utils: Use node-lts instead of node.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
b3a5a1eddebcd64874550962b3f39be7c0e7e726.1730634823.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/bioinformatics.scm (python-cwl-utils)[inputs]: Replace node by
node-lts.

Change-Id: Ia98601db0a9233a96263051e1520a848dbc40a9c
---
gnu/packages/bioinformatics.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Toggle diff (15 lines)
diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm
index 3430d3072b..7d7c5b871a 100644
--- a/gnu/packages/bioinformatics.scm
+++ b/gnu/packages/bioinformatics.scm
@@ -5775,7 +5775,7 @@ (define-public python-cwl-utils
" and not test_remote_packing_github_soft_links"
" and not test_value_from_two_concatenated_expressions"))))
(inputs
- (list node))
+ (list node-lts))
(native-inputs
(list python-mypy-extensions
python-pytest
--
2.46.0
J
J
jlicht wrote on 3 Nov 13:03 +0100
[PATCH 11/20] gnu: ocaml-ezjsonm: Use node-lts instead of node.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
e91fe6ad3af0f3cf18473258f1d91dbef12f7a07.1730634823.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/ocaml.scm (ocaml-ezjsonm)[native-inputs]: Replace node by
node-lts.

Change-Id: Icb79d2ac8cfa424a55e9b5985b8f4dacae7a9f37
---
gnu/packages/ocaml.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Toggle diff (15 lines)
diff --git a/gnu/packages/ocaml.scm b/gnu/packages/ocaml.scm
index 9d29105cdb..dc35bd4d97 100644
--- a/gnu/packages/ocaml.scm
+++ b/gnu/packages/ocaml.scm
@@ -5061,7 +5061,7 @@ (define-public ocaml-ezjsonm
(build-system dune-build-system)
(arguments
`(#:package "ezjsonm"))
- (native-inputs (list ocaml-alcotest js-of-ocaml node))
+ (native-inputs (list ocaml-alcotest js-of-ocaml node-lts))
(propagated-inputs (list ocaml-jsonm ocaml-uutf ocaml-sexplib0 ocaml-hex))
(home-page "https://github.com/mirage/ezjsonm/")
(synopsis "Read and write JSON data")
--
2.46.0
J
J
jlicht wrote on 3 Nov 13:03 +0100
[PATCH 12/20] gnu: js-of-ocaml: Use node-lts instead of node.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
aecb6f1459cdc204a85845fb6d8f71daa0841078.1730634823.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/ocaml.scm (js-of-ocaml)[native-inputs]: Replace node by
node-lts.

Change-Id: Ie7dd4dc25bac75a41d1510df9ecf6cc2c4a2c5a7
---
gnu/packages/ocaml.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Toggle diff (15 lines)
diff --git a/gnu/packages/ocaml.scm b/gnu/packages/ocaml.scm
index dc35bd4d97..1b7a43ce7e 100644
--- a/gnu/packages/ocaml.scm
+++ b/gnu/packages/ocaml.scm
@@ -9081,7 +9081,7 @@ (define-public js-of-ocaml
ocaml-yojson))
(native-inputs
;; for tests
- (list node ocaml-ppx-expect ocaml-num))
+ (list node-lts ocaml-ppx-expect ocaml-num))
(properties `((upstream-name . "js_of_ocaml")))
(home-page "https://ocsigen.org/js_of_ocaml/")
(synopsis "Compiler from OCaml bytecode to Javascript")
--
2.46.0
J
J
jlicht wrote on 3 Nov 13:04 +0100
[PATCH 14/20] gnu: python-cloudscraper: Use node-lts instead of node.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
f004221af9cb94c8ded4fa36938c4e3fed1c791b.1730634823.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/python-web.scm (python-cloudscraper)[inputs]: Replace node by
node-lts.

Change-Id: Id7a9354c04557d27ec90cfbecd0c8005cf912f1a
---
gnu/packages/python-web.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Toggle diff (15 lines)
diff --git a/gnu/packages/python-web.scm b/gnu/packages/python-web.scm
index d892e03c9d..5d34534e12 100644
--- a/gnu/packages/python-web.scm
+++ b/gnu/packages/python-web.scm
@@ -7615,7 +7615,7 @@ (define-public python-cloudscraper
(invoke "pytest" "-vv"
"-k" "not test_getCookieString_challenge_js_challenge1_16_05_2020")))))))
(inputs
- (list node))
+ (list node-lts))
(propagated-inputs
(list python-js2py
python-polling2
--
2.46.0
J
J
jlicht wrote on 3 Nov 13:04 +0100
[PATCH 15/20] gnu: qtwebengine-5: Use node-lts instead of node.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
68266ca23dae540be3285f15336dad3979698b4d.1730634823.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/qt.scm (qtwebengine-5)[native-inputs]: Replace node by
node-lts.

Change-Id: If05e9dd0ef4a971074828da66742bb9387536e4d
---
gnu/packages/qt.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Toggle diff (15 lines)
diff --git a/gnu/packages/qt.scm b/gnu/packages/qt.scm
index 687c20cd90..62413ce445 100644
--- a/gnu/packages/qt.scm
+++ b/gnu/packages/qt.scm
@@ -3198,7 +3198,7 @@ (define-public qtwebengine-5
flex
gperf
ninja
- node
+ node-lts
perl
pkg-config
python2-six
--
2.46.0
J
J
jlicht wrote on 3 Nov 13:03 +0100
[PATCH 01/20] gnu: node: Replace customized nghttp2-for-node by nghttp2.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
e7f5b78a33194755d3067603ac6a3ec39096461d.1730634823.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node.scm (node) [native-inputs]: Replace nghttp2-for-node by
nghttp2.
[inputs]: Ditto.
[arguments]<#:phases>: Adjust accordingly by skipping failing tests.

Change-Id: Ia3d63ea1c428c1353d6ec6fda394ccb016eb6603
---
gnu/packages/node.scm | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)

Toggle diff (44 lines)
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index 7c320a00d6..6414b94278 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -48,6 +48,7 @@ (define-module (gnu packages node)
#:use-module (gnu packages icu4c)
#:use-module (gnu packages libevent)
#:use-module (gnu packages linux)
+ #:use-module (gnu packages networking)
#:use-module (gnu packages node-xyz)
#:use-module (gnu packages perl)
#:use-module (gnu packages pkg-config)
@@ -155,6 +156,11 @@ (define-public node
;; See also <https://github.com/nodejs/node/issues/25903>.
"test/sequential/test-performance.js"))
+ ;; These tests fail on recent versions of nghttp2
+ (for-each delete-file
+ '("test/parallel/test-http2-methods.js"
+ "test/parallel/test-http2-multiplex.js"))
+
;; This requires a DNS resolver.
(delete-file "test/parallel/test-dns.js")
@@ -297,7 +303,7 @@ (define-public node
http-parser
icu4c
libuv-for-node
- `(,nghttp2-for-node "lib")
+ `(,nghttp2 "lib")
openssl-1.1
zlib
;; Regular build-time dependencies.
@@ -317,7 +323,7 @@ (define-public node
http-parser
icu4c
libuv-for-node
- `(,nghttp2-for-node "lib")
+ `(,nghttp2 "lib")
openssl
python-wrapper ;for node-gyp (supports python3)
zlib))
--
2.46.0
J
J
jlicht wrote on 3 Nov 13:03 +0100
[PATCH 02/20] gnu: Remove nghttp2-for-node.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
e0c4304032b1e8e4f53f10ff38fc79c8fd3aa9c1.1730634823.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

This hidden package is not needed as the ancient version of node we use to
bootstrap llhttp can be built using the standard nghttp2 package.

* gnu/packages/web.scm (assimp-5.0): Delete variable.

Change-Id: Ib077fcc55c9bf7fd3caab69220aa8c86e5c33f8a
---
gnu/packages/web.scm | 29 -----------------------------
1 file changed, 29 deletions(-)

Toggle diff (42 lines)
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 34739bf088..842c25b509 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -8552,35 +8552,6 @@ (define-public nghttp2
@end itemize\n")
(license license:expat)))
-;; Older variant for Node versions < 17 (upstream commit 43291b98edaa682
-;; add support for newer nghttp2, but is difficult to backport).
-(define-public nghttp2-for-node
- (hidden-package
- (package
- (inherit nghttp2)
- (version "1.44.0")
- (source (origin
- (method url-fetch)
- (uri (string-append "https://github.com/nghttp2/nghttp2/"
- "releases/download/v" version "/"
- "nghttp2-" version ".tar.xz"))
- (sha256
- (base32
- "0p9wvva4g8hwj55x19rbyvnq2dbsnf65rphhxnpqs7ll54xlg6an"))))
- (arguments
- (substitute-keyword-arguments (package-arguments nghttp2)
- ((#:phases phases #~%standard-phases)
- #~(modify-phases #$phases
- (add-after 'unpack 'workaround-broken-python-version-check
- (lambda _
- (substitute* "configure"
- ;; The configure script uses a string comparison to
- ;; determine whether the Python interpreter is recent
- ;; enough, which fails when comparing 3.8 to 3.10.
- ;; Convert to tuples for a more reliable check.
- (("print \\(ver >= '3\\.8'\\)")
- "print (tuple(map(int, ver.split('.'))) >= (3,8))")))))))))))
-
(define-public nghttp3
(package
(name "nghttp3")
--
2.46.0
J
J
jlicht wrote on 3 Nov 13:04 +0100
[PATCH 13/20] gnu: fmp: Use node-lts instead of node.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
dbaf63037dae2f91019d322c2d056010441a1376.1730634823.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/package-management.scm (fpm)[native-inputs]: Repalce node by
node-lts.

Change-Id: I5afdb49e18805722b9e69be0cf48c3a29ce49921
---
gnu/packages/package-management.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Toggle diff (15 lines)
diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm
index 1763d2d59f..18a8d1e981 100644
--- a/gnu/packages/package-management.scm
+++ b/gnu/packages/package-management.scm
@@ -2193,7 +2193,7 @@ (define-public fpm
(native-inputs
(list dpkg
libarchive
- node
+ node-lts
perl-app-cpanminus
python
ruby-rspec
--
2.46.0
J
J
jlicht wrote on 3 Nov 13:04 +0100
[PATCH 20/20] gnu: node: Rename variable node-bootstrap and hide package.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
b15cc2785eb223b6848113c62fcf969a1cd4e8a2.1730634823.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

The formerly known as node package has security issues, so should only be used
to bootstrap more recent and secure versions of node.

* gnu/packages/node.scm (node): Rename to...
(node-bootstrap): ... this, and make it a hidden package.

Change-Id: I536a8f55faa14f8221915467c2981053f4c4d70e
---
gnu/packages/node.scm | 20 ++++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)

Toggle diff (63 lines)
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index f046f1bad5..bf7fbebf8f 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -56,9 +56,12 @@ (define-module (gnu packages node)
#:use-module (gnu packages tls)
#:use-module (gnu packages web)
#:use-module (ice-9 match)
+ #:use-module (srfi srfi-1)
#:use-module (srfi srfi-26))
-(define-public node
+;; This should be the latest version of node that still builds without
+;; depending on llhttp.
+(define-public node-bootstrap
(package
(name "node")
(version "10.24.1")
@@ -338,12 +341,8 @@ (define-public node
(license license:expat)
(properties '((max-silent-time . 7200) ;2h, needed on ARM
(timeout . 21600) ;6h
- (cpe-name . "node.js")))))
-
-;; This should be the latest version of node that still builds without
-;; depending on llhttp.
-(define-public node-bootstrap
- (hidden-package node))
+ (cpe-name . "node.js")
+ (hidden? . #t)))))
;; Duplicate of node-semver
(define-public node-semver-bootstrap
@@ -749,7 +748,7 @@ (define-public llhttp-bootstrap
(define-public node-lts
(package
- (inherit node)
+ (inherit node-bootstrap)
(version "20.18.0")
(source (origin
(method url-fetch)
@@ -780,7 +779,7 @@ (define-public node-lts
(("deps/uv/uv.gyp") "")
(("deps/zlib/zlib.gyp") ""))))))
(arguments
- (substitute-keyword-arguments (package-arguments node)
+ (substitute-keyword-arguments (package-arguments node-bootstrap)
((#:configure-flags configure-flags)
''("--shared-cares"
"--shared-libuv"
@@ -976,7 +975,8 @@ (define-public node-lts
nghttp3
`(,nghttp2 "lib")
openssl
- zlib))))
+ zlib))
+ (properties (alist-delete 'hidden? (package-properties node-bootstrap)))))
(define-public libnode
(package/inherit node-lts
--
2.46.0
J
J
jlicht wrote on 3 Nov 13:04 +0100
[PATCH 18/20] gnu: vlang: Use node-lts instead of node.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
710910069bba319bcc0f61c797396a7b995d6c44.1730634823.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/vlang.scm (vlang)[native-inputs]: Replace node by node-lts.

Change-Id: Iaf577f0b9bbd7095392c88c2d2737c0703d3bf96
---
gnu/packages/vlang.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Toggle diff (15 lines)
diff --git a/gnu/packages/vlang.scm b/gnu/packages/vlang.scm
index 4741483f12..db3b6a66aa 100644
--- a/gnu/packages/vlang.scm
+++ b/gnu/packages/vlang.scm
@@ -133,7 +133,7 @@ (define-public vlang
("git" ,git-minimal)
;; For the tests.
("libx11" ,libx11)
- ("node" ,node)
+ ("node" ,node-lts)
("openssl" ,openssl)
("sqlite" ,sqlite)))
(home-page "https://vlang.io/")
--
2.46.0
J
J
jlicht wrote on 3 Nov 13:04 +0100
[PATCH 16/20] gnu: ruby-autoprefixer-rails: Use node-lts instead of node.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
e209aeeb1e4356de5af2f0eaa35dd70404adbcd5.1730634823.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/rails.scm (ruby-autoprefixer-rails)[native-inputs]: Replace
node by node-lts.

Change-Id: Iea7fc9001cb12eecb1257a9a0f83851bd8bc36fd
---
gnu/packages/rails.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Toggle diff (15 lines)
diff --git a/gnu/packages/rails.scm b/gnu/packages/rails.scm
index a28249d9bd..537650cc88 100644
--- a/gnu/packages/rails.scm
+++ b/gnu/packages/rails.scm
@@ -273,7 +273,7 @@ (define-public ruby-autoprefixer-rails
ruby-sprockets
ruby-standard
;; This is used at runtime by ruby-execjs.
- node))
+ node-lts))
(propagated-inputs
(list ruby-execjs))
(synopsis "Parse CSS and add vendor prefixes to CSS rules")
--
2.46.0
J
J
jlicht wrote on 3 Nov 13:04 +0100
[PATCH 19/20] gnu: esbuild-node: Use node-lts instead of node.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
bcb5780bc95bc224ef8e425a93cce0177c1b66dd.1730634823.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/web.scm (esbuild-node)[#:phases]<build-platform>: Remove
workaround needed for building with older versions of Node.
[native-inputs]: Replace node by node-lts.

Change-Id: Iedf30dc1a395e674007c08ce6c0881dbb0f94f0e
---
gnu/packages/web.scm | 10 ++--------
1 file changed, 2 insertions(+), 8 deletions(-)

Toggle diff (37 lines)
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 842c25b509..954da312bd 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -2126,12 +2126,6 @@ (define-public esbuild-node
(add-after 'build 'build-platform
(lambda* (#:key unpack-path #:allow-other-keys)
(with-directory-excursion (string-append "src/" unpack-path)
- ;; We're using Node 10, which doesn't have this method.
- (substitute* "scripts/esbuild.js"
- (("exports.buildNativeLib" m)
- (string-append
- "Object.fromEntries = entries => entries.reduce((result, entry) => (result[entry[0]] = entry[1], result), {});\n"
- m)))
;; Must be writable.
(for-each make-file-writable (find-files "." "."))
(invoke "node" "scripts/esbuild.js"
@@ -2154,7 +2148,7 @@ (define-public esbuild-node
(invoke "make" "test-go"))))))))
(native-inputs
(modify-inputs (package-native-inputs esbuild)
- (append node)))))
+ (append node-lts)))))
(define-public wwwoffle
(package
@@ -9517,7 +9511,7 @@ (define-public archivebox
(build-system python-build-system)
(propagated-inputs
(list curl
- node))
+ node-lts))
(inputs
(list python
youtube-dl
--
2.46.0
J
J
jlicht wrote on 3 Nov 13:04 +0100
[PATCH 17/20] gnu: ruby-execjs: Use node-lts instead of node.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
f1516a04f693f0c91a230320294d38ff528ab077.1730634823.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/ruby.scm (ruby-execjs)[native-inputs]: Replace node by
node-lts.

Change-Id: If7ff42d9865d79c23560fb190db4fdce9ecc621c
---
gnu/packages/ruby.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Toggle diff (15 lines)
diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm
index 5af1bb1cef..c563c100b4 100644
--- a/gnu/packages/ruby.scm
+++ b/gnu/packages/ruby.scm
@@ -3124,7 +3124,7 @@ (define-public ruby-execjs
;; PASSED: test:node
;; SKIPPED: test:duktape, ;; test:javascriptcore, test:jscript,
;; test:miniracer, test:rubyracer, ;; test:rubyrhino, test:v8
- node))
+ node-lts))
(synopsis "Run JavaScript code from Ruby")
(description
"ExecJS lets you run JavaScript code from Ruby. It automatically picks a
--
2.46.0
R
R
Ricardo Wurmus wrote on 3 Nov 19:29 +0100
Re: [bug#74187] [PATCH 08/20] gnu: r-v8: Fix build with node-lts@20.
(address . jlicht@fsfe.org)
87a5egi31j.fsf@elephly.net
jlicht@fsfe.org writes:

Toggle quote (9 lines)
> From: Jelle Licht <jlicht@fsfe.org>
>
> The version bump of node-lts from 18 to 20 also bumped the
> version in the so-file.
>
> * gnu/packages/cran.scm (r-v8)[#:phases]<find-v8>: Look for
> libnode-so.115 as
> provided by node-lts.

This looks okay to me, but I don't see the bump from 18 to 20 on
the master branch, so I'll wait for someone else to apply this
patch when it becomes necessary.

--
Ricardo
L
L
Ludovic Courtès wrote on 18 Nov 11:12 +0100
Re: [bug#74187] [PATCH 00/20] Bumping node to 20.18.0 and beyond
(address . jlicht@fsfe.org)(address . 74187@debbugs.gnu.org)
878qtgg8al.fsf@gnu.org
Hey Jelle,

jlicht@fsfe.org skribis:

Toggle quote (21 lines)
> gnu: node: Replace customized nghttp2-for-node by nghttp2.
> gnu: Remove nghttp2-for-node.
> gnu: node-lts: Replace customized c-ares-for-node by c-ares.
> gnu: Remove c-ares-for-node.
> gnu: Add libuv-for-node-lts.
> gnu: llhttp-bootstrap: Update to 8.1.2.
> gnu: node-lts: Update to 20.18.0 [security fixes].
> gnu: r-v8: Fix build with node-lts@20.
> gnu: cwltool: Use node-lts instead of node.
> gnu: python-cwl-utils: Use node-lts instead of node.
> gnu: ocaml-ezjsonm: Use node-lts instead of node.
> gnu: js-of-ocaml: Use node-lts instead of node.
> gnu: fmp: Use node-lts instead of node.
> gnu: python-cloudscraper: Use node-lts instead of node.
> gnu: qtwebengine-5: Use node-lts instead of node.
> gnu: ruby-autoprefixer-rails: Use node-lts instead of node.
> gnu: ruby-execjs: Use node-lts instead of node.
> gnu: vlang: Use node-lts instead of node.
> gnu: esbuild-node: Use node-lts instead of node.
> gnu: node: Rename variable node-bootstrap and hide package.

Feel empowered to push this if nothing breaks according to your tests.

If you’re not sure and would like to set up a ci.guix jobset, let us
know.

Ludo’.
J
J
jlicht wrote on 4 Dec 08:49 +0100
[PATCH v2 01/24] gnu: node: Replace customized nghttp2-for-node by nghttp2.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
3114fe5d3e5314a0ded1f259a21d1016f4234abc.1733298337.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node.scm (node) [native-inputs]: Replace nghttp2-for-node by
nghttp2.
[inputs]: Ditto.
[arguments]<#:phases>: Adjust accordingly by skipping failing tests.

Change-Id: Ia3d63ea1c428c1353d6ec6fda394ccb016eb6603
---
gnu/packages/node.scm | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)

Toggle diff (44 lines)
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index 7c320a00d6..6414b94278 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -48,6 +48,7 @@ (define-module (gnu packages node)
#:use-module (gnu packages icu4c)
#:use-module (gnu packages libevent)
#:use-module (gnu packages linux)
+ #:use-module (gnu packages networking)
#:use-module (gnu packages node-xyz)
#:use-module (gnu packages perl)
#:use-module (gnu packages pkg-config)
@@ -155,6 +156,11 @@ (define-public node
;; See also <https://github.com/nodejs/node/issues/25903>.
"test/sequential/test-performance.js"))
+ ;; These tests fail on recent versions of nghttp2
+ (for-each delete-file
+ '("test/parallel/test-http2-methods.js"
+ "test/parallel/test-http2-multiplex.js"))
+
;; This requires a DNS resolver.
(delete-file "test/parallel/test-dns.js")
@@ -297,7 +303,7 @@ (define-public node
http-parser
icu4c
libuv-for-node
- `(,nghttp2-for-node "lib")
+ `(,nghttp2 "lib")
openssl-1.1
zlib
;; Regular build-time dependencies.
@@ -317,7 +323,7 @@ (define-public node
http-parser
icu4c
libuv-for-node
- `(,nghttp2-for-node "lib")
+ `(,nghttp2 "lib")
openssl
python-wrapper ;for node-gyp (supports python3)
zlib))
--
2.46.0
J
J
jlicht wrote on 4 Dec 08:49 +0100
[PATCH v2 04/24] gnu: Remove c-ares-for-node.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
78b734c55c78bb06b38494948964ae1f11ecc96d.1733298337.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

The node-lts package can now be built using the standard c-ares package.

* gnu/packages/adns.scm (c-ares-for-node): Delete variable.

Change-Id: I9e613f2d4aeacb6079d69f5bef22d11eb8dc6b18
---
gnu/packages/adns.scm | 22 ----------------------
1 file changed, 22 deletions(-)

Toggle diff (32 lines)
diff --git a/gnu/packages/adns.scm b/gnu/packages/adns.scm
index bf07219d17..1097b84062 100644
--- a/gnu/packages/adns.scm
+++ b/gnu/packages/adns.scm
@@ -161,25 +161,3 @@ (define-public c-ares/cmake
(arguments
`(;; XXX: Tests require name resolution (the normal variant runs no tests).
#:tests? #f)))))
-
-(define-public c-ares-for-node
- (hidden-package
- (package
- (inherit c-ares)
- (name "c-ares")
- (version "1.18.1")
- (source (origin
- (method url-fetch)
- (uri (string-append
- "https://c-ares.haxx.se/download/" name "-" version
- ".tar.gz"))
- (sha256
- (base32
- "1kxviskwsaa7dcgscvssxa8ps88pdq7kq4z93gxvz7sam2l54z8s"))))
- (arguments
- '(#:phases
- (modify-phases %standard-phases
- (add-before 'check 'filter-live-tests
- (lambda _
- ;; Filter tests that require internet access.
- (setenv "GTEST_FILTER" "-*.Live*:*.FamilyV4*")))))))))
--
2.46.0
J
J
jlicht wrote on 4 Dec 08:49 +0100
[PATCH v2 05/24] gnu: Add libuv-for-node-lts.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
08bd1952c0bd722b96dbcd7be2480b4e67ca5d4c.1733298337.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

Specific versions of Node depend on specific versions of libuv.

* gnu/packages/libevent.scm (libuv-for-node-lts): New package.

Change-Id: I97f6b96002dde37a0cec56dbfd7ff8722982ff89
---
gnu/packages/libevent.scm | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)

Toggle diff (37 lines)
diff --git a/gnu/packages/libevent.scm b/gnu/packages/libevent.scm
index 20f967757d..202deaea47 100644
--- a/gnu/packages/libevent.scm
+++ b/gnu/packages/libevent.scm
@@ -158,6 +158,30 @@ (define-public libuv-for-node
"0wpb9pz3r8nksnrf4zbixj2kk9whr7abi45ydrwyv2js2ljrc4j3"))))
(properties '((hidden? . #t)))))
+(define-public libuv-for-node-lts
+ ;; When upgrading Node, also upgrade this. Get the version from
+ ;; https://github.com/nodejs/node/blob/main/deps/uv/include/uv/version.h
+ (package
+ (inherit libuv)
+ (name "libuv")
+ (version "1.46.0")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "https://dist.libuv.org/dist/v" version
+ "/libuv-v" version ".tar.gz"))
+ (sha256
+ (base32
+ "1knxvp6bl3y0c87cch1id0z7m7rb6igx55ci93qnbp4zifaq67qi"))
+ (modules '((guix build utils)))
+ (snippet
+ '(begin
+ ;; Disable io_uring by default due to CVE-2024-22017. Can be removed once
+ ;; https://github.com/libuv/libuv/issues/4468 is released and compatible
+ ;; with Node.js
+ (substitute* "src/unix/linux.c"
+ (("val == NULL \\|\\|") "val != NULL &&"))))))
+ (properties '((hidden? . #t)))))
+
(define-public libuv-for-r-httpuv
;; When upgrading r-httpuv, also upgrade this.
(package
--
2.46.0
J
J
jlicht wrote on 4 Dec 08:49 +0100
[PATCH v2 06/24] gnu: llhttp-bootstrap: Update to 8.1.2.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
35deefbf15452dc382bfe1569c349e3cffa83a1a.1733298337.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node.scm (llhttp-bootstrap): Update to 8.1.2.

Change-Id: I4eff26889b2645c031fc9ea896657468d5752953
---
gnu/packages/node.scm | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)

Toggle diff (32 lines)
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index 3997042e76..36ed22e052 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -680,7 +680,7 @@ (define-public node-llparse-bootstrap
(define-public llhttp-bootstrap
(package
(name "llhttp")
- (version "6.0.11")
+ (version "8.1.2")
(source (origin
(method git-fetch)
(uri (git-reference
@@ -689,7 +689,7 @@ (define-public llhttp-bootstrap
(file-name (git-file-name name version))
(sha256
(base32
- "16gaylka6nx9bsff9xga3s8xihxm3k7svrb88lr4dj2s4pzlfga9"))
+ "1808y8mpdcmsi8rxndilngg4nn2fbqfgb29f47kk9mmdpqg5s17r"))
(modules '((guix build utils)))
(snippet
'(begin
@@ -715,6 +715,7 @@ (define-public llhttp-bootstrap
"/bin/esbuild")))
(invoke esbuild
"--platform=node"
+ "--target=node10"
"--outfile=bin/generate.js"
"--bundle" "bin/generate.ts"))))
(add-before 'install 'create-install-directories
--
2.46.0
J
J
jlicht wrote on 4 Dec 08:49 +0100
[PATCH v2 07/24] gnu: node-lts: Update to 20.18.1 [security fixes].
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
f5b08804b1957c50f1ab2e21d45d84bb170ed74e.1733298337.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node.scm (node-lts): Update to 20.18.1.
[origin]: Delete bundled brotli, ngtcp2 and uv.
[:configure-flags]: Add shared-nghtcp2 flag. Add shared-nghttp3 flag.
[#:phases]<delete-problematic-tests>: Remove tests that fail due to linking to
unbundled libuv. Delete tests that depend on 64-bit time_t for 32-bit builds.
[native-inputs]: Replace libuv by libuv-for-node-lts.
[inputs]: Replace libuv by libuv-for-node-lts. Add ngtpc2, nghttp3.

Change-Id: I932e64f212283b34f0affad65c3d9f92fdea3d79
---
gnu/packages/node.scm | 34 ++++++++++++++++++++++++++++------
1 file changed, 28 insertions(+), 6 deletions(-)

Toggle diff (101 lines)
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index 36ed22e052..13d2575333 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -750,14 +750,14 @@ (define-public llhttp-bootstrap
(define-public node-lts
(package
(inherit node)
- (version "18.19.0")
+ (version "20.18.1")
(source (origin
(method url-fetch)
(uri (string-append "https://nodejs.org/dist/v" version
"/node-v" version ".tar.gz"))
(sha256
(base32
- "05qc1dgmrms73073n4l36jrcxf6ygqj959d3cngy5qclrg0isk6x"))
+ "1f180vgr6lrg4gs48q5c414j5sdwaqqp1vnswwr3pvryhznqrbav"))
(modules '((guix build utils)))
(snippet
'(begin
@@ -768,9 +768,12 @@ (define-public node-lts
(not (string-contains file "nodejs-openssl.cnf")))))
;; Remove bundled software, where possible
(for-each delete-file-recursively
- '("deps/cares"
+ '("deps/brotli"
+ "deps/cares"
"deps/icu-small"
"deps/nghttp2"
+ "deps/ngtcp2"
+ "deps/uv"
"deps/zlib"))
(substitute* "Makefile"
;; Remove references to bundled software.
@@ -786,6 +789,8 @@ (define-public node-lts
"--shared-zlib"
"--shared-brotli"
"--with-intl=system-icu"
+ "--shared-ngtcp2"
+ "--shared-nghttp3"
;;Needed for correct snapshot checksums
"--v8-enable-snapshot-compression"))
((#:phases phases)
@@ -868,13 +873,27 @@ (define-public node-lts
"test/parallel/test-zlib-write-after-flush.js")))
'())
+ ;; https://github.com/nodejs/node/issues/45906
+ ;; This test depends on 64-bit time_t so skipping on 32-bit systems.
+ ,@(if (not (target-64bit?))
+ '((delete-file "test/parallel/test-fs-utimes-y2K38.js"))
+ '())
+
;; These tests have an expiry date: they depend on the validity of
;; TLS certificates that are bundled with the source. We want this
;; package to be reproducible forever, so remove those.
;; TODO: Regenerate certs instead.
(for-each delete-file
'("test/parallel/test-tls-passphrase.js"
- "test/parallel/test-tls-server-verify.js"))))
+ "test/parallel/test-tls-server-verify.js"))
+
+ ;; These tests fail when linking to upstream libuv.
+ ;; https://github.com/nodejs/node/commit/3f6addd590
+ (for-each delete-file
+ '("test/parallel/test-process-euid-egid.js"
+ "test/parallel/test-process-initgroups.js"
+ "test/parallel/test-process-setgroups.js"
+ "test/parallel/test-process-uid-gid.js"))))
(add-after 'delete-problematic-tests 'replace-llhttp-sources
(lambda* (#:key inputs #:allow-other-keys)
;; Replace pre-generated llhttp sources
@@ -940,10 +959,11 @@ (define-public node-lts
c-ares
brotli
icu4c
- libuv
+ libuv-for-node-lts
`(,nghttp2 "lib")
openssl
zlib
+ ; ngtcp2? nghttp3?
;; Regular build-time dependencies.
perl
pkg-config
@@ -955,9 +975,11 @@ (define-public node-lts
coreutils
c-ares
icu4c
- libuv
+ libuv-for-node-lts
llhttp-bootstrap
brotli
+ ngtcp2
+ nghttp3
`(,nghttp2 "lib")
openssl
zlib))))
--
2.46.0
J
J
jlicht wrote on 4 Dec 08:49 +0100
[PATCH v2 08/24] gnu: node-uglify-js: Update to 3.19.3.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
9109470b3f8f84320789f7d2027741296a628822.1733298337.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/uglifyjs.scm (node-uglify-js): Update to 3.19.3.

Change-Id: I3c221442e39fc49484122f377df79896bbb18bd9
---
gnu/packages/uglifyjs.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (24 lines)
diff --git a/gnu/packages/uglifyjs.scm b/gnu/packages/uglifyjs.scm
index 1bd8bb6326..ba742d58c2 100644
--- a/gnu/packages/uglifyjs.scm
+++ b/gnu/packages/uglifyjs.scm
@@ -25,7 +25,7 @@ (define-module (gnu packages uglifyjs)
(define-public node-uglify-js
(package
(name "node-uglify-js")
- (version "3.14.2")
+ (version "3.19.3")
(source
(origin
(method git-fetch)
@@ -34,7 +34,7 @@ (define-public node-uglify-js
(commit (string-append "v" version))))
(file-name (git-file-name name version))
(sha256
- (base32 "1jraqpwzga4vbgq3xcn08jcfc87pm6nik7vpxvxa4rfjvz70a6k7"))))
+ (base32 "0a3pyf6wnix7v0vdjhag3dd32l4fm2hxhxpjdgr1zfvy3m4d1hmh"))))
(build-system node-build-system)
(native-inputs
(list node-acorn node-semver))
--
2.46.0
J
J
jlicht wrote on 4 Dec 08:49 +0100
[PATCH v2 09/24] gnu: node-acorn: Update to 8.7.1.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
c158cd50d1230239bfd17702208ed2cfb5fb0363.1733298337.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-acorn): Update to 8.7.1.

Change-Id: Ie962b9c980f8e14bf0ccce046497bda87108dffc
---
gnu/packages/node-xyz.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (24 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index cf6f50e3ce..0e539db4e5 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -40,7 +40,7 @@ (define-module (gnu packages node-xyz)
(define-public node-acorn
(package
(name "node-acorn")
- (version "8.4.1")
+ (version "8.7.1")
(source
(origin
(method git-fetch)
@@ -49,7 +49,7 @@ (define-public node-acorn
(commit version)))
(file-name (git-file-name name version))
(sha256
- (base32 "068h5gysz8bbslq31dva8f223rdf8l7w6nxcxjnv4zdprwkzkhaa"))))
+ (base32 "10lpqbq4wvndx13mh7yjqgpcp3ac81b9zmrn4qb1qpzgy462fa92"))))
(build-system node-build-system)
(arguments
'(#:tests? #f
--
2.46.0
J
J
jlicht wrote on 4 Dec 08:49 +0100
[PATCH v2 10/24] gnu: node-nan: Update to 2.22.0.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
c0dfa945625fb24dadb8aa78b310aa24104dbdd0.1733298337.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-nan): Update to 2.22.0.

Change-Id: I000014f57db510f2351e2feb57e93b5325ed88a0
---
gnu/packages/node-xyz.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (24 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index 0e539db4e5..a8f6a273fa 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -705,7 +705,7 @@ (define-public node-ms
(define-public node-nan
(package
(name "node-nan")
- (version "2.15.0")
+ (version "2.22.0")
(source
(origin
(method git-fetch)
@@ -714,7 +714,7 @@ (define-public node-nan
(commit (string-append "v" version))))
(file-name (git-file-name name version))
(sha256
- (base32 "18xslh9va5ld872scrp5y4251ax9s3c6qh0lnl1200lpzbsxy7yd"))))
+ (base32 "02gqm23x26glffvyxrnk610hy3hg0kwh2v58dhnb032l0jhjzqvp"))))
(build-system node-build-system)
(arguments
`(#:phases
--
2.46.0
J
J
jlicht wrote on 4 Dec 08:49 +0100
[PATCH v2 11/24] gnu: node-addon-api: Update to 8.3.0.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
9a3c9ce4bbdc06115fa6a53f6c8bb221c32222e3.1733298337.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node-xyz.scm (node-addon-api): Update to 8.3.0.
[arguments]<#:phases>: Delete additional optional dependencies in
'delete-dependencies' phase.

Change-Id: I86c6b026980aea02a20f889bc7f92ea3a304e674
---
gnu/packages/node-xyz.scm | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)

Toggle diff (36 lines)
diff --git a/gnu/packages/node-xyz.scm b/gnu/packages/node-xyz.scm
index a8f6a273fa..e98eda2a01 100644
--- a/gnu/packages/node-xyz.scm
+++ b/gnu/packages/node-xyz.scm
@@ -114,7 +114,7 @@ (define-public node-acorn
(define-public node-addon-api
(package
(name "node-addon-api")
- (version "4.2.0")
+ (version "8.3.0")
(source
(origin
(method git-fetch)
@@ -123,7 +123,7 @@ (define-public node-addon-api
(commit (string-append "v" version))))
(file-name (git-file-name name version))
(sha256
- (base32 "1bhvfi2m9nxfz418s619914vmidcnrzbjv6l9nid476c3zlpazch"))))
+ (base32 "1swvhdss2w636l24bnssnwb1rqh7i6lhpkk4knbrvpspqf80kagc"))))
(inputs
(list python node-safe-buffer))
(build-system node-build-system)
@@ -148,8 +148,10 @@ (define-public node-addon-api
"eslint-plugin-node"
"eslint-plugin-promise"
"fs-extra"
+ "neostandard"
"path"
- "pre-commit"))))
+ "pre-commit"
+ "semver"))))
(add-after 'unpack 'skip-js-tests
;; We can't run the js-based tests,
;; but we can still do the C++ parts
--
2.46.0
J
J
jlicht wrote on 4 Dec 08:49 +0100
[PATCH v2 12/24] gnu: r-v8: Fix build with node-lts@20.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
c8526a8be10a72a5be9e4f3af6cb3e597a77a487.1733298337.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

The version bump of node-lts from 18 to 20 also bumped the version in the so-file.

* gnu/packages/cran.scm (r-v8)[#:phases]<find-v8>: Look for libnode-so.115 as
provided by node-lts.

Change-Id: Ib5c0d865aea36c7d881efddf4877cbab4b7dd932
---
gnu/packages/cran.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Toggle diff (15 lines)
diff --git a/gnu/packages/cran.scm b/gnu/packages/cran.scm
index 298704185c..ab58e790cc 100644
--- a/gnu/packages/cran.scm
+++ b/gnu/packages/cran.scm
@@ -2982,7 +2982,7 @@ (define-public r-v8
(("^PKG_LIBS=.*")
(string-append "PKG_LIBS="
(assoc-ref inputs "libnode")
- "/lib/libnode.so.108\n")))
+ "/lib/libnode.so.115\n")))
(setenv "INCLUDE_DIR"
(string-append
(assoc-ref inputs "libnode")
--
2.46.0
J
J
jlicht wrote on 4 Dec 08:49 +0100
[PATCH v2 13/24] gnu: cwltool: Use node-lts instead of node.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
71a60ce4bdc1f92bd4dc27f6e73bde9b85030d51.1733298337.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/bioinformatics.scm (cwltool)[inputs]: Replace node by node-lts.

Change-Id: Idea8c5cb456080fccd8fff6c6b2c674764ae7bce
---
gnu/packages/bioinformatics.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Toggle diff (15 lines)
diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm
index 437901b3a8..66c5a6d40a 100644
--- a/gnu/packages/bioinformatics.scm
+++ b/gnu/packages/bioinformatics.scm
@@ -6217,7 +6217,7 @@ (define-public cwltool
python-spython
python-typing-extensions
;; Not listed as needed but still necessary:
- node))
+ node-lts))
(native-inputs
(list python-arcp
python-humanfriendly
--
2.46.0
J
J
jlicht wrote on 4 Dec 08:49 +0100
[PATCH v2 14/24] gnu: python-cwl-utils: Use node-lts instead of node.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
b7d6803e15c4c1fc230612072f6892d0d682f2fb.1733298337.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/bioinformatics.scm (python-cwl-utils)[inputs]: Replace node by
node-lts.

Change-Id: Ia98601db0a9233a96263051e1520a848dbc40a9c
---
gnu/packages/bioinformatics.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Toggle diff (15 lines)
diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm
index 66c5a6d40a..a3a369eae7 100644
--- a/gnu/packages/bioinformatics.scm
+++ b/gnu/packages/bioinformatics.scm
@@ -6127,7 +6127,7 @@ (define-public python-cwl-utils
" and not test_remote_packing_github_soft_links"
" and not test_value_from_two_concatenated_expressions"))))
(inputs
- (list node))
+ (list node-lts))
(native-inputs
(list python-mypy-extensions
python-pytest
--
2.46.0
J
J
jlicht wrote on 4 Dec 08:49 +0100
[PATCH v2 15/24] gnu: ocaml-ezjsonm: Use node-lts instead of node.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
298da0f8c0858d2b1b2a09b919661888c342e8f9.1733298337.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/ocaml.scm (ocaml-ezjsonm)[native-inputs]: Replace node by
node-lts.

Change-Id: Icb79d2ac8cfa424a55e9b5985b8f4dacae7a9f37
---
gnu/packages/ocaml.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Toggle diff (15 lines)
diff --git a/gnu/packages/ocaml.scm b/gnu/packages/ocaml.scm
index 948209837d..0335ea2242 100644
--- a/gnu/packages/ocaml.scm
+++ b/gnu/packages/ocaml.scm
@@ -5061,7 +5061,7 @@ (define-public ocaml-ezjsonm
(build-system dune-build-system)
(arguments
`(#:package "ezjsonm"))
- (native-inputs (list ocaml-alcotest js-of-ocaml node))
+ (native-inputs (list ocaml-alcotest js-of-ocaml node-lts))
(propagated-inputs (list ocaml-jsonm ocaml-uutf ocaml-sexplib0 ocaml-hex))
(home-page "https://github.com/mirage/ezjsonm/")
(synopsis "Read and write JSON data")
--
2.46.0
J
J
jlicht wrote on 4 Dec 08:49 +0100
[PATCH v2 00/24] Bumping node to 20.18.0 and beyond
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
cover.1733298337.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

Revised in V2:

- Bumped node to 20.18.1
- Fix and build all dependents /w `guix build --dependents node` [0]
- Fix the i686 build by skipping 64-bit time_t tests in node

[0]: Except for linking ungoogled chromium: I've verified it actually builds, yet the linking step eats all of my RAM and dies locally, which always happens when I try to build chromium.

Jelle Licht (24):
gnu: node: Replace customized nghttp2-for-node by nghttp2.
gnu: Remove nghttp2-for-node.
gnu: node-lts: Replace customized c-ares-for-node by c-ares.
gnu: Remove c-ares-for-node.
gnu: Add libuv-for-node-lts.
gnu: llhttp-bootstrap: Update to 8.1.2.
gnu: node-lts: Update to 20.18.1 [security fixes].
gnu: node-uglify-js: Update to 3.19.3.
gnu: node-acorn: Update to 8.7.1.
gnu: node-nan: Update to 2.22.0.
gnu: node-addon-api: Update to 8.3.0.
gnu: r-v8: Fix build with node-lts@20.
gnu: cwltool: Use node-lts instead of node.
gnu: python-cwl-utils: Use node-lts instead of node.
gnu: ocaml-ezjsonm: Use node-lts instead of node.
gnu: js-of-ocaml: Use node-lts instead of node.
gnu: fmp: Use node-lts instead of node.
gnu: python-cloudscraper: Use node-lts instead of node.
gnu: qtwebengine-5: Use node-lts instead of node.
gnu: ruby-autoprefixer-rails: Use node-lts instead of node.
gnu: ruby-execjs: Use node-lts instead of node.
gnu: vlang: Use node-lts instead of node.
gnu: esbuild-node: Use node-lts instead of node.
gnu: node: Rename variable node-bootstrap and hide package.

gnu/packages/adns.scm | 22 ---------
gnu/packages/bioinformatics.scm | 4 +-
gnu/packages/cran.scm | 2 +-
gnu/packages/libevent.scm | 24 ++++++++++
gnu/packages/node-xyz.scm | 16 ++++---
gnu/packages/node.scm | 73 ++++++++++++++++++++---------
gnu/packages/ocaml.scm | 4 +-
gnu/packages/package-management.scm | 2 +-
gnu/packages/python-web.scm | 2 +-
gnu/packages/qt.scm | 2 +-
gnu/packages/rails.scm | 2 +-
gnu/packages/ruby.scm | 2 +-
gnu/packages/uglifyjs.scm | 4 +-
gnu/packages/vlang.scm | 2 +-
gnu/packages/web.scm | 39 +--------------
15 files changed, 99 insertions(+), 101 deletions(-)


base-commit: 595fb0ade7086aa7ebaf7b9bdd9bb8ec83ecd86f
prerequisite-patch-id: c786a06cb219ebf12546f05af46995498bf6b090
prerequisite-patch-id: aa324bab5473c0f39412666816846762ca048ee7
prerequisite-patch-id: b00a3e81533295bea937d26eab367f11fe130a74
--
2.46.0
J
J
jlicht wrote on 4 Dec 08:49 +0100
[PATCH v2 02/24] gnu: Remove nghttp2-for-node.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
f04cee919c3640ecbd2455e6f092b8eedb532caf.1733298337.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

This hidden package is not needed as the ancient version of node we use to
bootstrap llhttp can be built using the standard nghttp2 package.

* gnu/packages/web.scm (assimp-5.0): Delete variable.

Change-Id: Ib077fcc55c9bf7fd3caab69220aa8c86e5c33f8a
---
gnu/packages/web.scm | 29 -----------------------------
1 file changed, 29 deletions(-)

Toggle diff (42 lines)
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index b10c03a7f4..6960207ea9 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -8592,35 +8592,6 @@ (define-public nghttp2
@end itemize\n")
(license license:expat)))
-;; Older variant for Node versions < 17 (upstream commit 43291b98edaa682
-;; add support for newer nghttp2, but is difficult to backport).
-(define-public nghttp2-for-node
- (hidden-package
- (package
- (inherit nghttp2)
- (version "1.44.0")
- (source (origin
- (method url-fetch)
- (uri (string-append "https://github.com/nghttp2/nghttp2/"
- "releases/download/v" version "/"
- "nghttp2-" version ".tar.xz"))
- (sha256
- (base32
- "0p9wvva4g8hwj55x19rbyvnq2dbsnf65rphhxnpqs7ll54xlg6an"))))
- (arguments
- (substitute-keyword-arguments (package-arguments nghttp2)
- ((#:phases phases #~%standard-phases)
- #~(modify-phases #$phases
- (add-after 'unpack 'workaround-broken-python-version-check
- (lambda _
- (substitute* "configure"
- ;; The configure script uses a string comparison to
- ;; determine whether the Python interpreter is recent
- ;; enough, which fails when comparing 3.8 to 3.10.
- ;; Convert to tuples for a more reliable check.
- (("print \\(ver >= '3\\.8'\\)")
- "print (tuple(map(int, ver.split('.'))) >= (3,8))")))))))))))
-
(define-public nghttp3
(package
(name "nghttp3")
--
2.46.0
J
J
jlicht wrote on 4 Dec 08:49 +0100
[PATCH v2 18/24] gnu: python-cloudscraper: Use node-lts instead of node.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
c6acda1a66914b50e6d36b00d3d81367d2d64efe.1733298337.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/python-web.scm (python-cloudscraper)[inputs]: Replace node by
node-lts.

Change-Id: Id7a9354c04557d27ec90cfbecd0c8005cf912f1a
---
gnu/packages/python-web.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Toggle diff (15 lines)
diff --git a/gnu/packages/python-web.scm b/gnu/packages/python-web.scm
index fb43c9b0a0..691d84b4ea 100644
--- a/gnu/packages/python-web.scm
+++ b/gnu/packages/python-web.scm
@@ -7830,7 +7830,7 @@ (define-public python-cloudscraper
(invoke "pytest" "-vv"
"-k" "not test_getCookieString_challenge_js_challenge1_16_05_2020")))))))
(inputs
- (list node))
+ (list node-lts))
(propagated-inputs
(list python-js2py
python-polling2
--
2.46.0
J
J
jlicht wrote on 4 Dec 08:49 +0100
[PATCH v2 03/24] gnu: node-lts: Replace customized c-ares-for-node by c-ares.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
d8d2d841c0d0ebc2288678f857c15164c2be8b01.1733298337.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node.scm (node-lts) [native-inputs]: Replace c-ares-for-node by
c-ares.
[inputs]: Ditto.

Change-Id: Ibef027d55c14e302d406d6478fed474f67c0d508
---
gnu/packages/node.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (24 lines)
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index 6414b94278..3997042e76 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -936,7 +936,7 @@ (define-public node-lts
(chmod file #o555))))))))
(native-inputs
(list ;; Runtime dependencies for binaries used as a bootstrap.
- c-ares-for-node
+ c-ares
brotli
icu4c
libuv
@@ -952,7 +952,7 @@ (define-public node-lts
(inputs
(list bash-minimal
coreutils
- c-ares-for-node
+ c-ares
icu4c
libuv
llhttp-bootstrap
--
2.46.0
J
J
jlicht wrote on 4 Dec 08:49 +0100
[PATCH v2 20/24] gnu: ruby-autoprefixer-rails: Use node-lts instead of node.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
03a4e4a5b7f9d4b332b3d45fdde35d6a332e2618.1733298337.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/rails.scm (ruby-autoprefixer-rails)[native-inputs]: Replace
node by node-lts.

Change-Id: Iea7fc9001cb12eecb1257a9a0f83851bd8bc36fd
---
gnu/packages/rails.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Toggle diff (15 lines)
diff --git a/gnu/packages/rails.scm b/gnu/packages/rails.scm
index a28249d9bd..537650cc88 100644
--- a/gnu/packages/rails.scm
+++ b/gnu/packages/rails.scm
@@ -273,7 +273,7 @@ (define-public ruby-autoprefixer-rails
ruby-sprockets
ruby-standard
;; This is used at runtime by ruby-execjs.
- node))
+ node-lts))
(propagated-inputs
(list ruby-execjs))
(synopsis "Parse CSS and add vendor prefixes to CSS rules")
--
2.46.0
J
J
jlicht wrote on 4 Dec 08:49 +0100
[PATCH v2 22/24] gnu: vlang: Use node-lts instead of node.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
cd276def41f80fbb8cde3c7164496977842e718e.1733298337.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/vlang.scm (vlang)[native-inputs]: Replace node by node-lts.

Change-Id: Iaf577f0b9bbd7095392c88c2d2737c0703d3bf96
---
gnu/packages/vlang.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Toggle diff (15 lines)
diff --git a/gnu/packages/vlang.scm b/gnu/packages/vlang.scm
index 4741483f12..db3b6a66aa 100644
--- a/gnu/packages/vlang.scm
+++ b/gnu/packages/vlang.scm
@@ -133,7 +133,7 @@ (define-public vlang
("git" ,git-minimal)
;; For the tests.
("libx11" ,libx11)
- ("node" ,node)
+ ("node" ,node-lts)
("openssl" ,openssl)
("sqlite" ,sqlite)))
(home-page "https://vlang.io/")
--
2.46.0
J
J
jlicht wrote on 4 Dec 08:49 +0100
[PATCH v2 21/24] gnu: ruby-execjs: Use node-lts instead of node.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
fa204d5786a3e6dbca7fd5fe8f2ce1364ab4d3f4.1733298337.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/ruby.scm (ruby-execjs)[native-inputs]: Replace node by
node-lts.

Change-Id: If7ff42d9865d79c23560fb190db4fdce9ecc621c
---
gnu/packages/ruby.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Toggle diff (15 lines)
diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm
index f08d52dbc8..8c8e3e1ab4 100644
--- a/gnu/packages/ruby.scm
+++ b/gnu/packages/ruby.scm
@@ -3132,7 +3132,7 @@ (define-public ruby-execjs
;; PASSED: test:node
;; SKIPPED: test:duktape, ;; test:javascriptcore, test:jscript,
;; test:miniracer, test:rubyracer, ;; test:rubyrhino, test:v8
- node))
+ node-lts))
(synopsis "Run JavaScript code from Ruby")
(description
"ExecJS lets you run JavaScript code from Ruby. It automatically picks a
--
2.46.0
J
J
jlicht wrote on 4 Dec 08:49 +0100
[PATCH v2 23/24] gnu: esbuild-node: Use node-lts instead of node.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
c6b8989abd0ae32024185bf8856d199a4a2ed532.1733298337.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/web.scm (esbuild-node)[#:phases]<build-platform>: Remove
workaround needed for building with older versions of Node.
[native-inputs]: Replace node by node-lts.

Change-Id: Iedf30dc1a395e674007c08ce6c0881dbb0f94f0e
---
gnu/packages/web.scm | 10 ++--------
1 file changed, 2 insertions(+), 8 deletions(-)

Toggle diff (37 lines)
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 6960207ea9..b8661814b2 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -2127,12 +2127,6 @@ (define-public esbuild-node
(add-after 'build 'build-platform
(lambda* (#:key unpack-path #:allow-other-keys)
(with-directory-excursion (string-append "src/" unpack-path)
- ;; We're using Node 10, which doesn't have this method.
- (substitute* "scripts/esbuild.js"
- (("exports.buildNativeLib" m)
- (string-append
- "Object.fromEntries = entries => entries.reduce((result, entry) => (result[entry[0]] = entry[1], result), {});\n"
- m)))
;; Must be writable.
(for-each make-file-writable (find-files "." "."))
(invoke "node" "scripts/esbuild.js"
@@ -2155,7 +2149,7 @@ (define-public esbuild-node
(invoke "make" "test-go"))))))))
(native-inputs
(modify-inputs (package-native-inputs esbuild)
- (append node)))))
+ (append node-lts)))))
(define-public wwwoffle
(package
@@ -9557,7 +9551,7 @@ (define-public archivebox
(build-system python-build-system)
(propagated-inputs
(list curl
- node))
+ node-lts))
(inputs
(list python
youtube-dl
--
2.46.0
J
J
jlicht wrote on 4 Dec 08:49 +0100
[PATCH v2 24/24] gnu: node: Rename variable node-bootstrap and hide package.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
f0d9bdc9448624960eda4933969fbbe1695270df.1733298337.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

The formerly known as node package has security issues, so should only be used
to bootstrap more recent and secure versions of node.

* gnu/packages/node.scm (node): Rename to...
(node-bootstrap): ... this, and make it a hidden package.

Change-Id: I536a8f55faa14f8221915467c2981053f4c4d70e
---
gnu/packages/node.scm | 20 ++++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)

Toggle diff (63 lines)
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index 13d2575333..16153b20da 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -56,9 +56,12 @@ (define-module (gnu packages node)
#:use-module (gnu packages tls)
#:use-module (gnu packages web)
#:use-module (ice-9 match)
+ #:use-module (srfi srfi-1)
#:use-module (srfi srfi-26))
-(define-public node
+;; This should be the latest version of node that still builds without
+;; depending on llhttp.
+(define-public node-bootstrap
(package
(name "node")
(version "10.24.1")
@@ -338,12 +341,8 @@ (define-public node
(license license:expat)
(properties '((max-silent-time . 7200) ;2h, needed on ARM
(timeout . 21600) ;6h
- (cpe-name . "node.js")))))
-
-;; This should be the latest version of node that still builds without
-;; depending on llhttp.
-(define-public node-bootstrap
- (hidden-package node))
+ (cpe-name . "node.js")
+ (hidden? . #t)))))
;; Duplicate of node-semver
(define-public node-semver-bootstrap
@@ -749,7 +748,7 @@ (define-public llhttp-bootstrap
(define-public node-lts
(package
- (inherit node)
+ (inherit node-bootstrap)
(version "20.18.1")
(source (origin
(method url-fetch)
@@ -780,7 +779,7 @@ (define-public node-lts
(("deps/uv/uv.gyp") "")
(("deps/zlib/zlib.gyp") ""))))))
(arguments
- (substitute-keyword-arguments (package-arguments node)
+ (substitute-keyword-arguments (package-arguments node-bootstrap)
((#:configure-flags configure-flags)
''("--shared-cares"
"--shared-libuv"
@@ -982,7 +981,8 @@ (define-public node-lts
nghttp3
`(,nghttp2 "lib")
openssl
- zlib))))
+ zlib))
+ (properties (alist-delete 'hidden? (package-properties node-bootstrap)))))
(define-public libnode
(package/inherit node-lts
--
2.46.0
J
J
jlicht wrote on 4 Dec 08:49 +0100
[PATCH v2 17/24] gnu: fmp: Use node-lts instead of node.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
3983a03fd7b3ac35c8677b8a14befced10a6ca04.1733298337.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/package-management.scm (fpm)[native-inputs]: Repalce node by
node-lts.

Change-Id: I5afdb49e18805722b9e69be0cf48c3a29ce49921
---
gnu/packages/package-management.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Toggle diff (15 lines)
diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm
index 241d854634..0e364f955d 100644
--- a/gnu/packages/package-management.scm
+++ b/gnu/packages/package-management.scm
@@ -2186,7 +2186,7 @@ (define-public fpm
(native-inputs
(list dpkg
libarchive
- node
+ node-lts
perl-app-cpanminus
python
ruby-rspec
--
2.46.0
J
J
jlicht wrote on 4 Dec 08:49 +0100
[PATCH v2 19/24] gnu: qtwebengine-5: Use node-lts instead of node.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
e277e0bb77bdc4476f07d9ed31613662feffbeb7.1733298337.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/qt.scm (qtwebengine-5)[native-inputs]: Replace node by
node-lts.

Change-Id: If05e9dd0ef4a971074828da66742bb9387536e4d
---
gnu/packages/qt.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Toggle diff (15 lines)
diff --git a/gnu/packages/qt.scm b/gnu/packages/qt.scm
index 722448b4e4..ef873f7d2b 100644
--- a/gnu/packages/qt.scm
+++ b/gnu/packages/qt.scm
@@ -3290,7 +3290,7 @@ (define-public qtwebengine-5
flex
gperf
ninja
- node
+ node-lts
perl
pkg-config
python2-six
--
2.46.0
J
J
jlicht wrote on 4 Dec 08:49 +0100
[PATCH v2 16/24] gnu: js-of-ocaml: Use node-lts instead of node.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
ad4d2170b515271c0ddeeba5f27322d8d887b936.1733298337.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/ocaml.scm (js-of-ocaml)[native-inputs]: Replace node by
node-lts.

Change-Id: Ie7dd4dc25bac75a41d1510df9ecf6cc2c4a2c5a7
---
gnu/packages/ocaml.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Toggle diff (15 lines)
diff --git a/gnu/packages/ocaml.scm b/gnu/packages/ocaml.scm
index 0335ea2242..dab9c1103f 100644
--- a/gnu/packages/ocaml.scm
+++ b/gnu/packages/ocaml.scm
@@ -9081,7 +9081,7 @@ (define-public js-of-ocaml
ocaml-yojson))
(native-inputs
;; for tests
- (list node ocaml-ppx-expect ocaml-num))
+ (list node-lts ocaml-ppx-expect ocaml-num))
(properties `((upstream-name . "js_of_ocaml")))
(home-page "https://ocsigen.org/js_of_ocaml/")
(synopsis "Compiler from OCaml bytecode to Javascript")
--
2.46.0
L
L
Liliana Marie Prikler wrote on 5 Dec 12:16 +0100
Re: [Deprecation RFC] node@10 (a.k.a. node-bootstrap)
(address . 74187@debbugs.gnu.org)
a47d7554b88561bbac908aadb6a08854430e5bc6.camel@gmail.com
Am Mittwoch, dem 04.12.2024 um 09:03 +0100 schrieb Jelle Licht:
Toggle quote (23 lines)
> Hi guix,
>
> I've just sent out the v2 series to bump Node.js and friends:
> https://issues.guix.gnu.org/74187
>
> In this proposed series of patches, the version of Node.js
> (node@10.24.1) we use to bootstrap node-llhttp-bootstrap becomes a
> hidden package. As per my reading of the policy w.r.t. 'removing'
> public packages, consider this message the start of the 1 month
> notice period to speak up and mitigate potential breakage [0].
>
> AFAICS I took care of fixing everything within guix proper, but
> things can break in branches other than master, and in external
> channels. Please reply with any concerns, and cc
> 74187@debbugs.gnu.org for good measure.
>
> Some soft landing options:
> 1. Define a deprecated-package that aliases the 'node' variable to
> 'node-lts'. I'd prefer not doing this, as in the medium term it would
> be nice to have a proper 'node' package that actually tracks the
> latest releases.
>
> 2. Add an entry in news.scm.
I think defining a non-deprecated alias with node → node-lts is in the
spirit of Guix and what we do for other things like GCC, LLVM, etc.
That being said, do we have a node that is fresher than node-lts? If
not, we might in future just rename node-lts to node :)

Cheers
L
L
Ludovic Courtès wrote on 12 Dec 12:17 +0100
Re: [bug#74187] [PATCH v2 00/24] Bumping node to 20.18.0 and beyond
(address . jlicht@fsfe.org)
87ttb9b162.fsf@gnu.org
Hi Jelle,

jlicht@fsfe.org skribis:

Toggle quote (8 lines)
> Revised in V2:
>
> - Bumped node to 20.18.1
> - Fix and build all dependents /w `guix build --dependents node` [0]
> - Fix the i686 build by skipping 64-bit time_t tests in node
>
> [0]: Except for linking ungoogled chromium: I've verified it actually builds, yet the linking step eats all of my RAM and dies locally, which always happens when I try to build chromium.

Again, since qa.guix is not up to speed currently, I would encourage to
go ahead given that your testing gives confidence that nothing bad will
happen. (If you prefer, we could also set up a jobset at ci.guix.)

Thanks,
Ludo’.
J
J
Jelle Licht wrote 6 days ago
(name . Ludovic Courtès)(address . ludo@gnu.org)
875xng4r46.fsf@fsfe.org
Ludovic Courtès <ludo@gnu.org> writes:

Toggle quote (4 lines)
> Again, since qa.guix is not up to speed currently, I would encourage to
> go ahead given that your testing gives confidence that nothing bad will
> happen. (If you prefer, we could also set up a jobset at ci.guix.)

With some small corrections, pushed to master!

I've locally rebuilt all dependents with the following exceptions:
- chromium, which fails at the last linking step due to my /tmp being
"only" 50 GB
- a bunch of python packages that were recently broken on master

Now onwards to node@22 :)
- Jelle
Closed
?
Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send an email to 74187@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 74187
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch