[PATCH 00/20] Bumping node to 20.18.0 and beyond

  • Open
  • quality assurance status badge
Details
3 participants
  • jlicht
  • Ludovic Courtès
  • Ricardo Wurmus
Owner
unassigned
Submitted by
jlicht
Severity
normal
J
J
jlicht wrote on 3 Nov 13:01 +0100
(address . guix-patches@gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
cover.1730634823.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

Hey folks,

As our current node-lts package has quite some security issues, here a bump to a recent release of something that is maintained. After this has been merged, a version bump to the Active LTS version of node (22) is in the works as well.

I also opted to finally move everything and everyone away from the (very insecure) node@10/node-bootstrap package in this series. In case it makes sense to add a deprecated package alias for the now-removed `node` variable, please let me know; I sincerely hope nobody was still using node@10 anywhere.

guix refresh tells me the following:
Building the following 126 packages would ensure 223 dependent packages are rebuilt.
I'd appreciate a reminder as to whether this means this can go straight to master, or rather should be relegated to a specialised branch for the merge train(s).


Jelle Licht (20):
gnu: node: Replace customized nghttp2-for-node by nghttp2.
gnu: Remove nghttp2-for-node.
gnu: node-lts: Replace customized c-ares-for-node by c-ares.
gnu: Remove c-ares-for-node.
gnu: Add libuv-for-node-lts.
gnu: llhttp-bootstrap: Update to 8.1.2.
gnu: node-lts: Update to 20.18.0 [security fixes].
gnu: r-v8: Fix build with node-lts@20.
gnu: cwltool: Use node-lts instead of node.
gnu: python-cwl-utils: Use node-lts instead of node.
gnu: ocaml-ezjsonm: Use node-lts instead of node.
gnu: js-of-ocaml: Use node-lts instead of node.
gnu: fmp: Use node-lts instead of node.
gnu: python-cloudscraper: Use node-lts instead of node.
gnu: qtwebengine-5: Use node-lts instead of node.
gnu: ruby-autoprefixer-rails: Use node-lts instead of node.
gnu: ruby-execjs: Use node-lts instead of node.
gnu: vlang: Use node-lts instead of node.
gnu: esbuild-node: Use node-lts instead of node.
gnu: node: Rename variable node-bootstrap and hide package.

gnu/packages/adns.scm | 22 ----------
gnu/packages/bioinformatics.scm | 4 +-
gnu/packages/cran.scm | 2 +-
gnu/packages/libevent.scm | 24 +++++++++++
gnu/packages/node.scm | 67 +++++++++++++++++++----------
gnu/packages/ocaml.scm | 4 +-
gnu/packages/package-management.scm | 2 +-
gnu/packages/python-web.scm | 2 +-
gnu/packages/qt.scm | 2 +-
gnu/packages/rails.scm | 2 +-
gnu/packages/ruby.scm | 2 +-
gnu/packages/vlang.scm | 2 +-
gnu/packages/web.scm | 39 +----------------
13 files changed, 82 insertions(+), 92 deletions(-)


base-commit: a26ba23cdd476cb5eb8378c4785ccf1bc4145f17
--
2.46.0
J
J
jlicht wrote on 3 Nov 13:03 +0100
[PATCH 03/20] gnu: node-lts: Replace customized c-ares-for-node by c-ares.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
62a226af0b6b89b90cf0e933cbcfa520a552c7e8.1730634823.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node.scm (node-lts) [native-inputs]: Replace c-ares-for-node by
c-ares.
[inputs]: Ditto.

Change-Id: Ibef027d55c14e302d406d6478fed474f67c0d508
---
gnu/packages/node.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (24 lines)
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index 6414b94278..3997042e76 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -936,7 +936,7 @@ (define-public node-lts
(chmod file #o555))))))))
(native-inputs
(list ;; Runtime dependencies for binaries used as a bootstrap.
- c-ares-for-node
+ c-ares
brotli
icu4c
libuv
@@ -952,7 +952,7 @@ (define-public node-lts
(inputs
(list bash-minimal
coreutils
- c-ares-for-node
+ c-ares
icu4c
libuv
llhttp-bootstrap
--
2.46.0
J
J
jlicht wrote on 3 Nov 13:03 +0100
[PATCH 04/20] gnu: Remove c-ares-for-node.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
5242649cd0c3562658c80ef854523722e4560492.1730634823.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

The node-lts package can now be built using the standard c-ares package.

* gnu/packages/adns.scm (c-ares-for-node): Delete variable.

Change-Id: I9e613f2d4aeacb6079d69f5bef22d11eb8dc6b18
---
gnu/packages/adns.scm | 22 ----------------------
1 file changed, 22 deletions(-)

Toggle diff (32 lines)
diff --git a/gnu/packages/adns.scm b/gnu/packages/adns.scm
index bf07219d17..1097b84062 100644
--- a/gnu/packages/adns.scm
+++ b/gnu/packages/adns.scm
@@ -161,25 +161,3 @@ (define-public c-ares/cmake
(arguments
`(;; XXX: Tests require name resolution (the normal variant runs no tests).
#:tests? #f)))))
-
-(define-public c-ares-for-node
- (hidden-package
- (package
- (inherit c-ares)
- (name "c-ares")
- (version "1.18.1")
- (source (origin
- (method url-fetch)
- (uri (string-append
- "https://c-ares.haxx.se/download/" name "-" version
- ".tar.gz"))
- (sha256
- (base32
- "1kxviskwsaa7dcgscvssxa8ps88pdq7kq4z93gxvz7sam2l54z8s"))))
- (arguments
- '(#:phases
- (modify-phases %standard-phases
- (add-before 'check 'filter-live-tests
- (lambda _
- ;; Filter tests that require internet access.
- (setenv "GTEST_FILTER" "-*.Live*:*.FamilyV4*")))))))))
--
2.46.0
J
J
jlicht wrote on 3 Nov 13:03 +0100
[PATCH 05/20] gnu: Add libuv-for-node-lts.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
b6195f2afc485643ac6d95e0e614b8359938564c.1730634823.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

Specific versions of Node depend on specific versions of libuv.

* gnu/packages/libevent.scm (libuv-for-node-lts): New package.

Change-Id: I97f6b96002dde37a0cec56dbfd7ff8722982ff89
---
gnu/packages/libevent.scm | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)

Toggle diff (37 lines)
diff --git a/gnu/packages/libevent.scm b/gnu/packages/libevent.scm
index 20f967757d..202deaea47 100644
--- a/gnu/packages/libevent.scm
+++ b/gnu/packages/libevent.scm
@@ -158,6 +158,30 @@ (define-public libuv-for-node
"0wpb9pz3r8nksnrf4zbixj2kk9whr7abi45ydrwyv2js2ljrc4j3"))))
(properties '((hidden? . #t)))))
+(define-public libuv-for-node-lts
+ ;; When upgrading Node, also upgrade this. Get the version from
+ ;; https://github.com/nodejs/node/blob/main/deps/uv/include/uv/version.h
+ (package
+ (inherit libuv)
+ (name "libuv")
+ (version "1.46.0")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "https://dist.libuv.org/dist/v" version
+ "/libuv-v" version ".tar.gz"))
+ (sha256
+ (base32
+ "1knxvp6bl3y0c87cch1id0z7m7rb6igx55ci93qnbp4zifaq67qi"))
+ (modules '((guix build utils)))
+ (snippet
+ '(begin
+ ;; Disable io_uring by default due to CVE-2024-22017. Can be removed once
+ ;; https://github.com/libuv/libuv/issues/4468 is released and compatible
+ ;; with Node.js
+ (substitute* "src/unix/linux.c"
+ (("val == NULL \\|\\|") "val != NULL &&"))))))
+ (properties '((hidden? . #t)))))
+
(define-public libuv-for-r-httpuv
;; When upgrading r-httpuv, also upgrade this.
(package
--
2.46.0
J
J
jlicht wrote on 3 Nov 13:03 +0100
[PATCH 06/20] gnu: llhttp-bootstrap: Update to 8.1.2.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
0d423ff42382ca1cf2478a10a34d7fed12a43fa1.1730634823.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node.scm (llhttp-bootstrap): Update to 8.1.2.

Change-Id: I4eff26889b2645c031fc9ea896657468d5752953
---
gnu/packages/node.scm | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)

Toggle diff (32 lines)
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index 3997042e76..36ed22e052 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -680,7 +680,7 @@ (define-public node-llparse-bootstrap
(define-public llhttp-bootstrap
(package
(name "llhttp")
- (version "6.0.11")
+ (version "8.1.2")
(source (origin
(method git-fetch)
(uri (git-reference
@@ -689,7 +689,7 @@ (define-public llhttp-bootstrap
(file-name (git-file-name name version))
(sha256
(base32
- "16gaylka6nx9bsff9xga3s8xihxm3k7svrb88lr4dj2s4pzlfga9"))
+ "1808y8mpdcmsi8rxndilngg4nn2fbqfgb29f47kk9mmdpqg5s17r"))
(modules '((guix build utils)))
(snippet
'(begin
@@ -715,6 +715,7 @@ (define-public llhttp-bootstrap
"/bin/esbuild")))
(invoke esbuild
"--platform=node"
+ "--target=node10"
"--outfile=bin/generate.js"
"--bundle" "bin/generate.ts"))))
(add-before 'install 'create-install-directories
--
2.46.0
J
J
jlicht wrote on 3 Nov 13:03 +0100
[PATCH 07/20] gnu: node-lts: Update to 20.18.0 [security fixes].
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
30e6dd2b0115cc792626f77a5bcf4827af5ae92f.1730634823.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node.scm (node-lts): Update to 20.18.0.
[origin]: Delete bundled brotli, ngtcp2 and uv.
[:configure-flags]: Add shared-nghtcp2 flag. Add shared-nghttp3 flag.
[#:phases]<delete-problematic-tests>: Remove tests that fail due to linking to
unbundled libuv.
[native-inputs]: Replace libuv by libuv-for-node-lts.
[inputs]: Replace libuv by libuv-for-node-lts. Add ngtpc2, nghttp3.

Change-Id: I932e64f212283b34f0affad65c3d9f92fdea3d79
---
gnu/packages/node.scm | 28 ++++++++++++++++++++++------
1 file changed, 22 insertions(+), 6 deletions(-)

Toggle diff (89 lines)
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index 36ed22e052..f046f1bad5 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -750,14 +750,14 @@ (define-public llhttp-bootstrap
(define-public node-lts
(package
(inherit node)
- (version "18.19.0")
+ (version "20.18.0")
(source (origin
(method url-fetch)
(uri (string-append "https://nodejs.org/dist/v" version
"/node-v" version ".tar.gz"))
(sha256
(base32
- "05qc1dgmrms73073n4l36jrcxf6ygqj959d3cngy5qclrg0isk6x"))
+ "033jb6kf9jq2qlq7ncvbznkd9wi3zppjl0129k989183qn7rz0f0"))
(modules '((guix build utils)))
(snippet
'(begin
@@ -768,9 +768,12 @@ (define-public node-lts
(not (string-contains file "nodejs-openssl.cnf")))))
;; Remove bundled software, where possible
(for-each delete-file-recursively
- '("deps/cares"
+ '("deps/brotli"
+ "deps/cares"
"deps/icu-small"
"deps/nghttp2"
+ "deps/ngtcp2"
+ "deps/uv"
"deps/zlib"))
(substitute* "Makefile"
;; Remove references to bundled software.
@@ -786,6 +789,8 @@ (define-public node-lts
"--shared-zlib"
"--shared-brotli"
"--with-intl=system-icu"
+ "--shared-ngtcp2"
+ "--shared-nghttp3"
;;Needed for correct snapshot checksums
"--v8-enable-snapshot-compression"))
((#:phases phases)
@@ -874,7 +879,15 @@ (define-public node-lts
;; TODO: Regenerate certs instead.
(for-each delete-file
'("test/parallel/test-tls-passphrase.js"
- "test/parallel/test-tls-server-verify.js"))))
+ "test/parallel/test-tls-server-verify.js"))
+
+ ;; These tests fail when linking to upstream libuv.
+ ;; https://github.com/nodejs/node/commit/3f6addd590
+ (for-each delete-file
+ '("test/parallel/test-process-euid-egid.js"
+ "test/parallel/test-process-initgroups.js"
+ "test/parallel/test-process-setgroups.js"
+ "test/parallel/test-process-uid-gid.js"))))
(add-after 'delete-problematic-tests 'replace-llhttp-sources
(lambda* (#:key inputs #:allow-other-keys)
;; Replace pre-generated llhttp sources
@@ -940,10 +953,11 @@ (define-public node-lts
c-ares
brotli
icu4c
- libuv
+ libuv-for-node-lts
`(,nghttp2 "lib")
openssl
zlib
+ ; ngtcp2? nghttp3?
;; Regular build-time dependencies.
perl
pkg-config
@@ -955,9 +969,11 @@ (define-public node-lts
coreutils
c-ares
icu4c
- libuv
+ libuv-for-node-lts
llhttp-bootstrap
brotli
+ ngtcp2
+ nghttp3
`(,nghttp2 "lib")
openssl
zlib))))
--
2.46.0
J
J
jlicht wrote on 3 Nov 13:03 +0100
[PATCH 08/20] gnu: r-v8: Fix build with node-lts@20.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
255433f5638f1cbea664c583d3453910856cdb56.1730634823.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

The version bump of node-lts from 18 to 20 also bumped the version in the so-file.

* gnu/packages/cran.scm (r-v8)[#:phases]<find-v8>: Look for libnode-so.115 as
provided by node-lts.

Change-Id: Ib5c0d865aea36c7d881efddf4877cbab4b7dd932
---
gnu/packages/cran.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Toggle diff (15 lines)
diff --git a/gnu/packages/cran.scm b/gnu/packages/cran.scm
index dc2a77593a..f69281c177 100644
--- a/gnu/packages/cran.scm
+++ b/gnu/packages/cran.scm
@@ -2454,7 +2454,7 @@ (define-public r-v8
(("^PKG_LIBS=.*")
(string-append "PKG_LIBS="
(assoc-ref inputs "libnode")
- "/lib/libnode.so.108\n")))
+ "/lib/libnode.so.115\n")))
(setenv "INCLUDE_DIR"
(string-append
(assoc-ref inputs "libnode")
--
2.46.0
J
J
jlicht wrote on 3 Nov 13:03 +0100
[PATCH 09/20] gnu: cwltool: Use node-lts instead of node.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
4a40b83d2409c0ebab04b2c42eb7386d6b8df726.1730634823.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/bioinformatics.scm (cwltool)[inputs]: Replace node by node-lts.

Change-Id: Idea8c5cb456080fccd8fff6c6b2c674764ae7bce
---
gnu/packages/bioinformatics.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Toggle diff (15 lines)
diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm
index 3c1c180b7c..3430d3072b 100644
--- a/gnu/packages/bioinformatics.scm
+++ b/gnu/packages/bioinformatics.scm
@@ -5865,7 +5865,7 @@ (define-public cwltool
python-spython
python-typing-extensions
;; Not listed as needed but still necessary:
- node))
+ node-lts))
(native-inputs
(list python-arcp
python-humanfriendly
--
2.46.0
J
J
jlicht wrote on 3 Nov 13:03 +0100
[PATCH 10/20] gnu: python-cwl-utils: Use node-lts instead of node.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
b3a5a1eddebcd64874550962b3f39be7c0e7e726.1730634823.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/bioinformatics.scm (python-cwl-utils)[inputs]: Replace node by
node-lts.

Change-Id: Ia98601db0a9233a96263051e1520a848dbc40a9c
---
gnu/packages/bioinformatics.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Toggle diff (15 lines)
diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm
index 3430d3072b..7d7c5b871a 100644
--- a/gnu/packages/bioinformatics.scm
+++ b/gnu/packages/bioinformatics.scm
@@ -5775,7 +5775,7 @@ (define-public python-cwl-utils
" and not test_remote_packing_github_soft_links"
" and not test_value_from_two_concatenated_expressions"))))
(inputs
- (list node))
+ (list node-lts))
(native-inputs
(list python-mypy-extensions
python-pytest
--
2.46.0
J
J
jlicht wrote on 3 Nov 13:03 +0100
[PATCH 11/20] gnu: ocaml-ezjsonm: Use node-lts instead of node.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
e91fe6ad3af0f3cf18473258f1d91dbef12f7a07.1730634823.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/ocaml.scm (ocaml-ezjsonm)[native-inputs]: Replace node by
node-lts.

Change-Id: Icb79d2ac8cfa424a55e9b5985b8f4dacae7a9f37
---
gnu/packages/ocaml.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Toggle diff (15 lines)
diff --git a/gnu/packages/ocaml.scm b/gnu/packages/ocaml.scm
index 9d29105cdb..dc35bd4d97 100644
--- a/gnu/packages/ocaml.scm
+++ b/gnu/packages/ocaml.scm
@@ -5061,7 +5061,7 @@ (define-public ocaml-ezjsonm
(build-system dune-build-system)
(arguments
`(#:package "ezjsonm"))
- (native-inputs (list ocaml-alcotest js-of-ocaml node))
+ (native-inputs (list ocaml-alcotest js-of-ocaml node-lts))
(propagated-inputs (list ocaml-jsonm ocaml-uutf ocaml-sexplib0 ocaml-hex))
(home-page "https://github.com/mirage/ezjsonm/")
(synopsis "Read and write JSON data")
--
2.46.0
J
J
jlicht wrote on 3 Nov 13:03 +0100
[PATCH 12/20] gnu: js-of-ocaml: Use node-lts instead of node.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
aecb6f1459cdc204a85845fb6d8f71daa0841078.1730634823.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/ocaml.scm (js-of-ocaml)[native-inputs]: Replace node by
node-lts.

Change-Id: Ie7dd4dc25bac75a41d1510df9ecf6cc2c4a2c5a7
---
gnu/packages/ocaml.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Toggle diff (15 lines)
diff --git a/gnu/packages/ocaml.scm b/gnu/packages/ocaml.scm
index dc35bd4d97..1b7a43ce7e 100644
--- a/gnu/packages/ocaml.scm
+++ b/gnu/packages/ocaml.scm
@@ -9081,7 +9081,7 @@ (define-public js-of-ocaml
ocaml-yojson))
(native-inputs
;; for tests
- (list node ocaml-ppx-expect ocaml-num))
+ (list node-lts ocaml-ppx-expect ocaml-num))
(properties `((upstream-name . "js_of_ocaml")))
(home-page "https://ocsigen.org/js_of_ocaml/")
(synopsis "Compiler from OCaml bytecode to Javascript")
--
2.46.0
J
J
jlicht wrote on 3 Nov 13:04 +0100
[PATCH 14/20] gnu: python-cloudscraper: Use node-lts instead of node.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
f004221af9cb94c8ded4fa36938c4e3fed1c791b.1730634823.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/python-web.scm (python-cloudscraper)[inputs]: Replace node by
node-lts.

Change-Id: Id7a9354c04557d27ec90cfbecd0c8005cf912f1a
---
gnu/packages/python-web.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Toggle diff (15 lines)
diff --git a/gnu/packages/python-web.scm b/gnu/packages/python-web.scm
index d892e03c9d..5d34534e12 100644
--- a/gnu/packages/python-web.scm
+++ b/gnu/packages/python-web.scm
@@ -7615,7 +7615,7 @@ (define-public python-cloudscraper
(invoke "pytest" "-vv"
"-k" "not test_getCookieString_challenge_js_challenge1_16_05_2020")))))))
(inputs
- (list node))
+ (list node-lts))
(propagated-inputs
(list python-js2py
python-polling2
--
2.46.0
J
J
jlicht wrote on 3 Nov 13:04 +0100
[PATCH 15/20] gnu: qtwebengine-5: Use node-lts instead of node.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
68266ca23dae540be3285f15336dad3979698b4d.1730634823.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/qt.scm (qtwebengine-5)[native-inputs]: Replace node by
node-lts.

Change-Id: If05e9dd0ef4a971074828da66742bb9387536e4d
---
gnu/packages/qt.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Toggle diff (15 lines)
diff --git a/gnu/packages/qt.scm b/gnu/packages/qt.scm
index 687c20cd90..62413ce445 100644
--- a/gnu/packages/qt.scm
+++ b/gnu/packages/qt.scm
@@ -3198,7 +3198,7 @@ (define-public qtwebengine-5
flex
gperf
ninja
- node
+ node-lts
perl
pkg-config
python2-six
--
2.46.0
J
J
jlicht wrote on 3 Nov 13:03 +0100
[PATCH 01/20] gnu: node: Replace customized nghttp2-for-node by nghttp2.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
e7f5b78a33194755d3067603ac6a3ec39096461d.1730634823.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/node.scm (node) [native-inputs]: Replace nghttp2-for-node by
nghttp2.
[inputs]: Ditto.
[arguments]<#:phases>: Adjust accordingly by skipping failing tests.

Change-Id: Ia3d63ea1c428c1353d6ec6fda394ccb016eb6603
---
gnu/packages/node.scm | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)

Toggle diff (44 lines)
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index 7c320a00d6..6414b94278 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -48,6 +48,7 @@ (define-module (gnu packages node)
#:use-module (gnu packages icu4c)
#:use-module (gnu packages libevent)
#:use-module (gnu packages linux)
+ #:use-module (gnu packages networking)
#:use-module (gnu packages node-xyz)
#:use-module (gnu packages perl)
#:use-module (gnu packages pkg-config)
@@ -155,6 +156,11 @@ (define-public node
;; See also <https://github.com/nodejs/node/issues/25903>.
"test/sequential/test-performance.js"))
+ ;; These tests fail on recent versions of nghttp2
+ (for-each delete-file
+ '("test/parallel/test-http2-methods.js"
+ "test/parallel/test-http2-multiplex.js"))
+
;; This requires a DNS resolver.
(delete-file "test/parallel/test-dns.js")
@@ -297,7 +303,7 @@ (define-public node
http-parser
icu4c
libuv-for-node
- `(,nghttp2-for-node "lib")
+ `(,nghttp2 "lib")
openssl-1.1
zlib
;; Regular build-time dependencies.
@@ -317,7 +323,7 @@ (define-public node
http-parser
icu4c
libuv-for-node
- `(,nghttp2-for-node "lib")
+ `(,nghttp2 "lib")
openssl
python-wrapper ;for node-gyp (supports python3)
zlib))
--
2.46.0
J
J
jlicht wrote on 3 Nov 13:03 +0100
[PATCH 02/20] gnu: Remove nghttp2-for-node.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
e0c4304032b1e8e4f53f10ff38fc79c8fd3aa9c1.1730634823.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

This hidden package is not needed as the ancient version of node we use to
bootstrap llhttp can be built using the standard nghttp2 package.

* gnu/packages/web.scm (assimp-5.0): Delete variable.

Change-Id: Ib077fcc55c9bf7fd3caab69220aa8c86e5c33f8a
---
gnu/packages/web.scm | 29 -----------------------------
1 file changed, 29 deletions(-)

Toggle diff (42 lines)
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 34739bf088..842c25b509 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -8552,35 +8552,6 @@ (define-public nghttp2
@end itemize\n")
(license license:expat)))
-;; Older variant for Node versions < 17 (upstream commit 43291b98edaa682
-;; add support for newer nghttp2, but is difficult to backport).
-(define-public nghttp2-for-node
- (hidden-package
- (package
- (inherit nghttp2)
- (version "1.44.0")
- (source (origin
- (method url-fetch)
- (uri (string-append "https://github.com/nghttp2/nghttp2/"
- "releases/download/v" version "/"
- "nghttp2-" version ".tar.xz"))
- (sha256
- (base32
- "0p9wvva4g8hwj55x19rbyvnq2dbsnf65rphhxnpqs7ll54xlg6an"))))
- (arguments
- (substitute-keyword-arguments (package-arguments nghttp2)
- ((#:phases phases #~%standard-phases)
- #~(modify-phases #$phases
- (add-after 'unpack 'workaround-broken-python-version-check
- (lambda _
- (substitute* "configure"
- ;; The configure script uses a string comparison to
- ;; determine whether the Python interpreter is recent
- ;; enough, which fails when comparing 3.8 to 3.10.
- ;; Convert to tuples for a more reliable check.
- (("print \\(ver >= '3\\.8'\\)")
- "print (tuple(map(int, ver.split('.'))) >= (3,8))")))))))))))
-
(define-public nghttp3
(package
(name "nghttp3")
--
2.46.0
J
J
jlicht wrote on 3 Nov 13:04 +0100
[PATCH 13/20] gnu: fmp: Use node-lts instead of node.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
dbaf63037dae2f91019d322c2d056010441a1376.1730634823.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/package-management.scm (fpm)[native-inputs]: Repalce node by
node-lts.

Change-Id: I5afdb49e18805722b9e69be0cf48c3a29ce49921
---
gnu/packages/package-management.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Toggle diff (15 lines)
diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm
index 1763d2d59f..18a8d1e981 100644
--- a/gnu/packages/package-management.scm
+++ b/gnu/packages/package-management.scm
@@ -2193,7 +2193,7 @@ (define-public fpm
(native-inputs
(list dpkg
libarchive
- node
+ node-lts
perl-app-cpanminus
python
ruby-rspec
--
2.46.0
J
J
jlicht wrote on 3 Nov 13:04 +0100
[PATCH 20/20] gnu: node: Rename variable node-bootstrap and hide package.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
b15cc2785eb223b6848113c62fcf969a1cd4e8a2.1730634823.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

The formerly known as node package has security issues, so should only be used
to bootstrap more recent and secure versions of node.

* gnu/packages/node.scm (node): Rename to...
(node-bootstrap): ... this, and make it a hidden package.

Change-Id: I536a8f55faa14f8221915467c2981053f4c4d70e
---
gnu/packages/node.scm | 20 ++++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)

Toggle diff (63 lines)
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index f046f1bad5..bf7fbebf8f 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -56,9 +56,12 @@ (define-module (gnu packages node)
#:use-module (gnu packages tls)
#:use-module (gnu packages web)
#:use-module (ice-9 match)
+ #:use-module (srfi srfi-1)
#:use-module (srfi srfi-26))
-(define-public node
+;; This should be the latest version of node that still builds without
+;; depending on llhttp.
+(define-public node-bootstrap
(package
(name "node")
(version "10.24.1")
@@ -338,12 +341,8 @@ (define-public node
(license license:expat)
(properties '((max-silent-time . 7200) ;2h, needed on ARM
(timeout . 21600) ;6h
- (cpe-name . "node.js")))))
-
-;; This should be the latest version of node that still builds without
-;; depending on llhttp.
-(define-public node-bootstrap
- (hidden-package node))
+ (cpe-name . "node.js")
+ (hidden? . #t)))))
;; Duplicate of node-semver
(define-public node-semver-bootstrap
@@ -749,7 +748,7 @@ (define-public llhttp-bootstrap
(define-public node-lts
(package
- (inherit node)
+ (inherit node-bootstrap)
(version "20.18.0")
(source (origin
(method url-fetch)
@@ -780,7 +779,7 @@ (define-public node-lts
(("deps/uv/uv.gyp") "")
(("deps/zlib/zlib.gyp") ""))))))
(arguments
- (substitute-keyword-arguments (package-arguments node)
+ (substitute-keyword-arguments (package-arguments node-bootstrap)
((#:configure-flags configure-flags)
''("--shared-cares"
"--shared-libuv"
@@ -976,7 +975,8 @@ (define-public node-lts
nghttp3
`(,nghttp2 "lib")
openssl
- zlib))))
+ zlib))
+ (properties (alist-delete 'hidden? (package-properties node-bootstrap)))))
(define-public libnode
(package/inherit node-lts
--
2.46.0
J
J
jlicht wrote on 3 Nov 13:04 +0100
[PATCH 18/20] gnu: vlang: Use node-lts instead of node.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
710910069bba319bcc0f61c797396a7b995d6c44.1730634823.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/vlang.scm (vlang)[native-inputs]: Replace node by node-lts.

Change-Id: Iaf577f0b9bbd7095392c88c2d2737c0703d3bf96
---
gnu/packages/vlang.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Toggle diff (15 lines)
diff --git a/gnu/packages/vlang.scm b/gnu/packages/vlang.scm
index 4741483f12..db3b6a66aa 100644
--- a/gnu/packages/vlang.scm
+++ b/gnu/packages/vlang.scm
@@ -133,7 +133,7 @@ (define-public vlang
("git" ,git-minimal)
;; For the tests.
("libx11" ,libx11)
- ("node" ,node)
+ ("node" ,node-lts)
("openssl" ,openssl)
("sqlite" ,sqlite)))
(home-page "https://vlang.io/")
--
2.46.0
J
J
jlicht wrote on 3 Nov 13:04 +0100
[PATCH 16/20] gnu: ruby-autoprefixer-rails: Use node-lts instead of node.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
e209aeeb1e4356de5af2f0eaa35dd70404adbcd5.1730634823.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/rails.scm (ruby-autoprefixer-rails)[native-inputs]: Replace
node by node-lts.

Change-Id: Iea7fc9001cb12eecb1257a9a0f83851bd8bc36fd
---
gnu/packages/rails.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Toggle diff (15 lines)
diff --git a/gnu/packages/rails.scm b/gnu/packages/rails.scm
index a28249d9bd..537650cc88 100644
--- a/gnu/packages/rails.scm
+++ b/gnu/packages/rails.scm
@@ -273,7 +273,7 @@ (define-public ruby-autoprefixer-rails
ruby-sprockets
ruby-standard
;; This is used at runtime by ruby-execjs.
- node))
+ node-lts))
(propagated-inputs
(list ruby-execjs))
(synopsis "Parse CSS and add vendor prefixes to CSS rules")
--
2.46.0
J
J
jlicht wrote on 3 Nov 13:04 +0100
[PATCH 19/20] gnu: esbuild-node: Use node-lts instead of node.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
bcb5780bc95bc224ef8e425a93cce0177c1b66dd.1730634823.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/web.scm (esbuild-node)[#:phases]<build-platform>: Remove
workaround needed for building with older versions of Node.
[native-inputs]: Replace node by node-lts.

Change-Id: Iedf30dc1a395e674007c08ce6c0881dbb0f94f0e
---
gnu/packages/web.scm | 10 ++--------
1 file changed, 2 insertions(+), 8 deletions(-)

Toggle diff (37 lines)
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 842c25b509..954da312bd 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -2126,12 +2126,6 @@ (define-public esbuild-node
(add-after 'build 'build-platform
(lambda* (#:key unpack-path #:allow-other-keys)
(with-directory-excursion (string-append "src/" unpack-path)
- ;; We're using Node 10, which doesn't have this method.
- (substitute* "scripts/esbuild.js"
- (("exports.buildNativeLib" m)
- (string-append
- "Object.fromEntries = entries => entries.reduce((result, entry) => (result[entry[0]] = entry[1], result), {});\n"
- m)))
;; Must be writable.
(for-each make-file-writable (find-files "." "."))
(invoke "node" "scripts/esbuild.js"
@@ -2154,7 +2148,7 @@ (define-public esbuild-node
(invoke "make" "test-go"))))))))
(native-inputs
(modify-inputs (package-native-inputs esbuild)
- (append node)))))
+ (append node-lts)))))
(define-public wwwoffle
(package
@@ -9517,7 +9511,7 @@ (define-public archivebox
(build-system python-build-system)
(propagated-inputs
(list curl
- node))
+ node-lts))
(inputs
(list python
youtube-dl
--
2.46.0
J
J
jlicht wrote on 3 Nov 13:04 +0100
[PATCH 17/20] gnu: ruby-execjs: Use node-lts instead of node.
(address . 74187@debbugs.gnu.org)(name . Jelle Licht)(address . jlicht@fsfe.org)
f1516a04f693f0c91a230320294d38ff528ab077.1730634823.git.jlicht@fsfe.org
From: Jelle Licht <jlicht@fsfe.org>

* gnu/packages/ruby.scm (ruby-execjs)[native-inputs]: Replace node by
node-lts.

Change-Id: If7ff42d9865d79c23560fb190db4fdce9ecc621c
---
gnu/packages/ruby.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Toggle diff (15 lines)
diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm
index 5af1bb1cef..c563c100b4 100644
--- a/gnu/packages/ruby.scm
+++ b/gnu/packages/ruby.scm
@@ -3124,7 +3124,7 @@ (define-public ruby-execjs
;; PASSED: test:node
;; SKIPPED: test:duktape, ;; test:javascriptcore, test:jscript,
;; test:miniracer, test:rubyracer, ;; test:rubyrhino, test:v8
- node))
+ node-lts))
(synopsis "Run JavaScript code from Ruby")
(description
"ExecJS lets you run JavaScript code from Ruby. It automatically picks a
--
2.46.0
R
R
Ricardo Wurmus wrote on 3 Nov 19:29 +0100
Re: [bug#74187] [PATCH 08/20] gnu: r-v8: Fix build with node-lts@20.
(address . jlicht@fsfe.org)
87a5egi31j.fsf@elephly.net
jlicht@fsfe.org writes:

Toggle quote (9 lines)
> From: Jelle Licht <jlicht@fsfe.org>
>
> The version bump of node-lts from 18 to 20 also bumped the
> version in the so-file.
>
> * gnu/packages/cran.scm (r-v8)[#:phases]<find-v8>: Look for
> libnode-so.115 as
> provided by node-lts.

This looks okay to me, but I don't see the bump from 18 to 20 on
the master branch, so I'll wait for someone else to apply this
patch when it becomes necessary.

--
Ricardo
L
L
Ludovic Courtès wrote 4 days ago
Re: [bug#74187] [PATCH 00/20] Bumping node to 20.18.0 and beyond
(address . jlicht@fsfe.org)(address . 74187@debbugs.gnu.org)
878qtgg8al.fsf@gnu.org
Hey Jelle,

jlicht@fsfe.org skribis:

Toggle quote (21 lines)
> gnu: node: Replace customized nghttp2-for-node by nghttp2.
> gnu: Remove nghttp2-for-node.
> gnu: node-lts: Replace customized c-ares-for-node by c-ares.
> gnu: Remove c-ares-for-node.
> gnu: Add libuv-for-node-lts.
> gnu: llhttp-bootstrap: Update to 8.1.2.
> gnu: node-lts: Update to 20.18.0 [security fixes].
> gnu: r-v8: Fix build with node-lts@20.
> gnu: cwltool: Use node-lts instead of node.
> gnu: python-cwl-utils: Use node-lts instead of node.
> gnu: ocaml-ezjsonm: Use node-lts instead of node.
> gnu: js-of-ocaml: Use node-lts instead of node.
> gnu: fmp: Use node-lts instead of node.
> gnu: python-cloudscraper: Use node-lts instead of node.
> gnu: qtwebengine-5: Use node-lts instead of node.
> gnu: ruby-autoprefixer-rails: Use node-lts instead of node.
> gnu: ruby-execjs: Use node-lts instead of node.
> gnu: vlang: Use node-lts instead of node.
> gnu: esbuild-node: Use node-lts instead of node.
> gnu: node: Rename variable node-bootstrap and hide package.

Feel empowered to push this if nothing breaks according to your tests.

If you’re not sure and would like to set up a ci.guix jobset, let us
know.

Ludo’.
?
Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send an email to 74187@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 74187
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch