| Summary: | net-libs/nodejs: add libressl support | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Nick Wallingford <nick> |
| Component: | Current packages | Assignee: | No maintainer - Look at https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers if you want to take care of it <maintainer-needed> |
| Status: | RESOLVED UPSTREAM | ||
| Severity: | normal | CC: | ao, cedk, fluffysheap, jstein, libressl, marien.zwart, meheschmid, mhkbst, nikulinpi, petross404, roehner, sandino, spiderx, tsmksubc |
| Priority: | Normal | Keywords: | PullRequest |
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| See Also: |
https://github.com/nodejs/node/issues/428 https://github.com/gentoo/gentoo/pull/14460 |
||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | |||
| Bug Blocks: | 561854 | ||
| Attachments: |
Use bundle openssl when compile against libressl
ebuild with support for bundled-ssl experimental libressl patch |
||
|
Description
Nick Wallingford
2017-03-20 20:28:42 UTC
I confirm the extra work needed. I have in my repo a version with the libressl keyword, but it's obviously not compiling. Good news is that there's a PR for that: https://github.com/nodejs/node/pull/9376 and a bunch of bug reports: https://github.com/voidlinux/void-packages/issues/5555 https://github.com/nodejs/node/issues/428 I'll continue tracking those and hopefully provide a working PR for the libressl overlay till it's solved upstream. Glad there's a already a bug open for this. I add my support to this request. I'm running into the same issue as well wrt the bindist USE flag... Libressl overlay has an ebuild with a required USE flag bundled-openssl when compiling with USE=libressl https://github.com/gentoo/libressl/blob/master/net-libs/nodejs/nodejs-6.9.4.ebuild (In reply to Sandino Araico Sanchez from comment #3) > Libressl overlay has an ebuild with a required USE flag bundled-openssl when That's "bundled-ssl" apparently. > compiling with USE=libressl It does not ever appear to compile against dev-libs/libressl. USE=libressl unexpectedly requires USE=bundled-ssl in that ebuild. But the bundled crypto library is openssl, not libressl. We don't use the bundled version of openssl to begin with and we shouldn't start doing it now. > > https://github.com/gentoo/libressl/blob/master/net-libs/nodejs/nodejs-6.9.4. > ebuild That version should be going away soon. Upstream seems not willing to incorporate libressl support https://github.com/nodejs/node/issues/428 The choice of compiling nodejs with USE=bundled-openssl is better (for some) than not compiling at all with libressl. (In reply to Sandino Araico Sanchez from comment #5) > The choice of compiling nodejs with USE=bundled-openssl is better (for some) > than not compiling at all with libressl. Please forget about "bundled". This is Gentoo. We unbundle stuff. We already have a libcrypto and libssl on the system, so we don't want to have another one hiding in /usr/bin/node. Forget "bundled". (In reply to Jeroen Roovers from comment #6) > Please forget about "bundled". This is Gentoo. We unbundle stuff. What's the difference between bundling openssl in nodejs and bundling harfbuzz, graphite2, libjpeg-turbo, libevent, libvpx, and sqlite in Firefox? Or ffmpeg, icu, and libvpx in Chromium? Or harfbuzz, graphite2, icu, libjpeg-turbo, libevent, libvpx, and sqlite in Thunderbird? Or jsoncpp in CMake? Certainly, in a perfect world, we'd unbundle stuff and stuff would work. But unfortunately, nodejs does not work without bundling openssl. Upstream has given us a choice between ideological purity and working software... I'm not sure we've made the correct decision. nodejs 8.1.1 from libressl overlay compiles against libressl 2.6.3 https://github.com/gentoo/libressl/tree/master/net-libs/nodejs As it seems nodejs will not support libressl in the near future and that even OpenBSD does not try to build nodejs against libressl. Why not use the bundled openssl when nodejs is build with ssl and libressl? Created attachment 543960 [details, diff]
Use bundle openssl when compile against libressl
Since 63.0 www-client/firefox depends on nodejs too. It seems setting USE="-npm -ssl" for net-libs/nodejs is a workaround to build firefox. I also have a dream to see LibreSSL supported by nodejs team. But for now I completely support Cédric's proposal. And I have added net-libs/nodejs-8.12.0 and 9.11.2 ebuilds with USE=bundled-ssl to libressl overlay. Is there any chance for this approach to be accepted it the main tree? *** Bug 679302 has been marked as a duplicate of this bug. *** Comment on attachment 543960 [details, diff]
Use bundle openssl when compile against libressl
"Use bundle openssl when compile against libressl" <= What does that mean? It does not make any sense to me, especially seeing what the patch actually does.
nodejs should not build or use its bundled openssl version and your patch does not change that.
(In reply to Jeroen Roovers from comment #14) > > nodejs should not build or use its bundled openssl version and your patch > does not change that. Should we then mask nodejs until upstream fixes libressl compatibility? (In reply to Sandino Araico Sanchez from comment #15) > Should we then mask nodejs until upstream fixes libressl compatibility? You can locally mask whatever you want - I just don't see why it should be done for everyone else, too. (In reply to Jeroen Roovers from comment #16) > (In reply to Sandino Araico Sanchez from comment #15) > > Should we then mask nodejs until upstream fixes libressl compatibility? > > You can locally mask whatever you want - I just don't see why it should be > done for everyone else, too. nodejs should be masked because it is broken and no one cares fixing it. nodejs should be masked because upstream is not willing to fix it. https://github.com/nodejs/node/issues/428 Quoting from Gentoo development guide: > ...or to prevent merging of packages that are broken or break something else. https://devmanual.gentoo.org/profiles/package.mask/index.html An exception for not needing to mask nodejs is allowing the use of bundled openssl library when USE=libressl. This exception does not fix nodejs. It is a workaround for the meantime until we find a permanent or maintainable fix. (In reply to Sandino Araico Sanchez from comment #17) > nodejs should be masked because it is broken and no one cares fixing it. > nodejs should be masked because upstream is not willing to fix it. > https://github.com/nodejs/node/issues/428 net-libs/nodejs is not broken where openssl is installable. > An exception for not needing to mask nodejs is allowing the use of bundled > openssl library when USE=libressl. This exception does not fix nodejs. It is > a workaround for the meantime until we find a permanent or maintainable fix. Just curious: how can you have a strong opinion on using libressl over openssl and still allow yourself to use bundled openssl? I don't know how to conditional mask only on combinations known to be broken: a) mask libressl use flag only in net-libs/nodejs but leave it unmasked on the rest b) mask net-libs/nodejs only when libressl use flag is present, but leave it unmasked when using openssl. It's not comfortable for me to allow bundled openssl as an excemption. It's not the right thing. I wish I had the time to patch nodejs for libressl compatibility but in the meantime I need to have it installed as a dependency for other packages like firefox and chromium. Created attachment 610150 [details]
ebuild with support for bundled-ssl
In tis ebuild I added exactly one of ( openssl libressl bundled-ssl) when USE=ssl
This way the user has the choice of using the bundled OpenSSL library
In this version an error has been added to src_pretend when USE=libressl indicating broken libressl support.
Created attachment 612078 [details, diff]
experimental libressl patch
This patch is not complete yet. It's just a quick and dirty patch to make nodejs compile against libressl.
Some functions are just commented out, others need to be reprogramed or find a place to return meaningful "not supported" errors.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=3f0dbde0268de63e110a81ca0a9cb2408ba35584 commit 3f0dbde0268de63e110a81ca0a9cb2408ba35584 Author: Stefan Strogin <steils@gentoo.org> AuthorDate: 2020-02-06 18:21:04 +0000 Commit: Stefan Strogin <steils@gentoo.org> CommitDate: 2020-02-06 18:21:04 +0000 net-libs/nodejs: version bump to 10.19.0, 12.15.0, 13.8.0 Bug: https://bugs.gentoo.org/613344 Package-Manager: Portage-2.3.87, Repoman-2.3.20 Signed-off-by: Stefan Strogin <steils@gentoo.org> net-libs/nodejs/Manifest | 3 + net-libs/nodejs/nodejs-10.19.0.ebuild | 204 ++++++++++++++++++++++++++++++++ net-libs/nodejs/nodejs-12.15.0.ebuild | 212 ++++++++++++++++++++++++++++++++++ net-libs/nodejs/nodejs-13.8.0.ebuild | 208 +++++++++++++++++++++++++++++++++ 4 files changed, 627 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=33c9f12ce5444104b4164bf00db99e584bc0b777 commit 33c9f12ce5444104b4164bf00db99e584bc0b777 Author: Stefan Strogin <steils@gentoo.org> AuthorDate: 2020-02-16 07:02:08 +0000 Commit: Stefan Strogin <steils@gentoo.org> CommitDate: 2020-02-16 07:02:08 +0000 net-libs/nodejs: version bump to 12.16.0 Bug: https://bugs.gentoo.org/613344 Package-Manager: Portage-2.3.89, Repoman-2.3.20 Signed-off-by: Stefan Strogin <steils@gentoo.org> net-libs/nodejs/Manifest | 1 + net-libs/nodejs/nodejs-12.16.0.ebuild | 212 ++++++++++++++++++++++++++++++++++ 2 files changed, 213 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=c2acac6548a6de94d1ca21fea942cb9c1c7e9923 commit c2acac6548a6de94d1ca21fea942cb9c1c7e9923 Author: Stefan Strogin <steils@gentoo.org> AuthorDate: 2020-02-19 21:41:20 +0000 Commit: Stefan Strogin <steils@gentoo.org> CommitDate: 2020-02-19 21:41:20 +0000 net-libs/nodejs: version bump to 12.16.1, 13.9.0 Bug: https://bugs.gentoo.org/613344 Package-Manager: Portage-2.3.89, Repoman-2.3.20 Signed-off-by: Stefan Strogin <steils@gentoo.org> net-libs/nodejs/Manifest | 2 + net-libs/nodejs/nodejs-12.16.1.ebuild | 212 ++++++++++++++++++++++++++++++++++ net-libs/nodejs/nodejs-13.9.0.ebuild | 208 +++++++++++++++++++++++++++++++++ 3 files changed, 422 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c26bf678ea85fdbbbe8d3d14908cd25ca94397c4 commit c26bf678ea85fdbbbe8d3d14908cd25ca94397c4 Author: Stefan Strogin <steils@gentoo.org> AuthorDate: 2020-01-26 14:34:35 +0000 Commit: Stefan Strogin <steils@gentoo.org> CommitDate: 2020-02-25 05:17:13 +0000 net-libs/nodejs: add USE=+system-ssl For now net-libs/nodejs fails to build on LibreSSL systems. Add USE=+system-ssl which can be explicitly disabled in order to use bundled OpenSSL. Bug: https://bugs.gentoo.org/613344 Closes: https://github.com/gentoo/gentoo/pull/14460 Package-Manager: Portage-2.3.85, Repoman-2.3.20 Signed-off-by: Stefan Strogin <steils@gentoo.org> net-libs/nodejs/metadata.xml | 1 + net-libs/nodejs/nodejs-10.19.0.ebuild | 7 ++++--- net-libs/nodejs/nodejs-12.16.1.ebuild | 7 ++++--- net-libs/nodejs/nodejs-13.9.0.ebuild | 7 ++++--- net-libs/nodejs/nodejs-99999999.ebuild | 7 ++++--- 5 files changed, 17 insertions(+), 12 deletions(-) Now LibreSSL users can install net-libs/nodejs[-system-ssl] from the main tree. Make sure you have set USE=-system-ssl for net-libs/nodejs package. The previous workaround of USE=-ssl still seems to work, but now forces to set system-ssl as well. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=f0aa428ad16df1d60822ef9d6007dd5b43945070 commit f0aa428ad16df1d60822ef9d6007dd5b43945070 Author: Stefan Strogin <steils@gentoo.org> AuthorDate: 2020-05-22 01:24:03 +0000 Commit: Stefan Strogin <steils@gentoo.org> CommitDate: 2020-05-22 01:24:03 +0000 net-libs/nodejs: drop as gentoo.git now supports USE=-system-ssl Users can build nodejs with USE=-system-ssl from the main tree instead of USE=bundled-ssl from this overlay. Bug: https://bugs.gentoo.org/613344 Signed-off-by: Stefan Strogin <steils@gentoo.org> net-libs/nodejs/Manifest | 6 - .../files/nodejs-10.3.0-global-npm-config.patch | 20 -- .../nodejs/files/nodejs-13.2.0-paxmarking.patch | 71 ------- net-libs/nodejs/files/nodejs-99999999-llhttp.patch | 20 -- net-libs/nodejs/metadata.xml | 24 --- net-libs/nodejs/nodejs-10.19.0.ebuild | 204 -------------------- net-libs/nodejs/nodejs-12.14.0.ebuild | 212 --------------------- net-libs/nodejs/nodejs-12.16.0.ebuild | 212 --------------------- net-libs/nodejs/nodejs-12.16.1.ebuild | 212 --------------------- net-libs/nodejs/nodejs-13.8.0.ebuild | 208 -------------------- net-libs/nodejs/nodejs-13.9.0.ebuild | 208 -------------------- 11 files changed, 1397 deletions(-) Let upstream sort this out, meanwhile with USE=-system-ssl NodeJS no longer blocks LibreSSL. |
