| Message ID | 20221118182718.2548901-1-archana.polampalli@windriver.com |
|---|---|
| State | Under Review |
| Delegated to: | Armin Kuster |
| Headers | show |
| Series | [meta-oe,kirkstone,1/1] Nodejs - Upgrade to 16.18.1 | expand |
I see this is now queued in kirkstone-next https://git.openembedded.org/meta-openembedded/commit/?h=kirkstone-next&id=08b6b6846a84d9a0459f42d1d730c9ea1d50c43f I see bunch of recipes failing since this upgrade landed in master, mostly due to npm dependency resolution being more strict now and builds failing with npm ERR! code ERESOLVE npm ERR! ERESOLVE could not resolve ... npm ERR! Fix the upstream dependency conflict, or retry npm ERR! this command with --force, or --legacy-peer-deps npm ERR! to accept an incorrect (and potentially broken) dependency resolution. Can we please delay backporting to kirkstone and langdale a bit more? And if others are seeing similar failures please share them here as well. The older nodejs was using npm@8.5.0, now its npm@8.19.2 more details about this change in behavior from 8.6.0 in https://github.com/npm/cli/issues/4998 Regards, On Fri, Nov 18, 2022 at 7:27 PM Polampalli, Archana < archana.polampalli@windriver.com> wrote: > * Drop Openssl legacy provider patch and install both binaries patch > which are already available in 16.x > * Refresh native binaries patch against 16.x base > > Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> > --- > .../oe-npm-cache | 0 > ....14.bb => nodejs-oe-cache-native_16.18.bb} | 0 > ...patch => 0001-Using-native-binaries.patch} | 40 +++-- > ...Install-both-binaries-and-use-libdir.patch | 96 ----------- > ...5-add-openssl-legacy-provider-option.patch | 151 ------------------ > .../{nodejs_16.14.2.bb => nodejs_16.18.1.bb} | 8 +- > 6 files changed, 27 insertions(+), 268 deletions(-) > rename meta-oe/recipes-devtools/nodejs/{nodejs-oe-cache-16.14 => > nodejs-oe-cache-16.18}/oe-npm-cache (100%) > rename meta-oe/recipes-devtools/nodejs/{nodejs-oe-cache-native_16.14.bb > => nodejs-oe-cache-native_16.18.bb} (100%) > rename > meta-oe/recipes-devtools/nodejs/nodejs/{0002-Using-native-binaries.patch => > 0001-Using-native-binaries.patch} (70%) > delete mode 100644 > meta-oe/recipes-devtools/nodejs/nodejs/0002-Install-both-binaries-and-use-libdir.patch > delete mode 100644 > meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch > rename meta-oe/recipes-devtools/nodejs/{nodejs_16.14.2.bb => > nodejs_16.18.1.bb} (94%) > > diff --git > a/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-16.14/oe-npm-cache > b/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-16.18/oe-npm-cache > similarity index 100% > rename from > meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-16.14/oe-npm-cache > rename to > meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-16.18/oe-npm-cache > diff --git a/meta-oe/recipes-devtools/nodejs/ > nodejs-oe-cache-native_16.14.bb b/meta-oe/recipes-devtools/nodejs/ > nodejs-oe-cache-native_16.18.bb > similarity index 100% > rename from meta-oe/recipes-devtools/nodejs/ > nodejs-oe-cache-native_16.14.bb > rename to meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_16.18.bb > diff --git > a/meta-oe/recipes-devtools/nodejs/nodejs/0002-Using-native-binaries.patch > b/meta-oe/recipes-devtools/nodejs/nodejs/0001-Using-native-binaries.patch > similarity index 70% > rename from > meta-oe/recipes-devtools/nodejs/nodejs/0002-Using-native-binaries.patch > rename to > meta-oe/recipes-devtools/nodejs/nodejs/0001-Using-native-binaries.patch > index 8db1f1dd5..445aaf839 100644 > --- > a/meta-oe/recipes-devtools/nodejs/nodejs/0002-Using-native-binaries.patch > +++ > b/meta-oe/recipes-devtools/nodejs/nodejs/0001-Using-native-binaries.patch > @@ -3,14 +3,17 @@ From: Guillaume Burel <guillaume.burel@stormshield.eu> > Date: Fri, 3 Jan 2020 11:25:54 +0100 > Subject: [PATCH] Using native binaries > > +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> > --- > - node.gyp | 4 ++-- > - tools/v8_gypfiles/v8.gyp | 11 ++++------- > - 2 files changed, 6 insertions(+), 9 deletions(-) > + node.gyp | 2 ++ > + tools/v8_gypfiles/v8.gyp | 5 +++++ > + 2 files changed, 7 insertions(+) > > +diff --git a/node.gyp b/node.gyp > +index 24505da7ba..7d41bd52db 100644 > --- a/node.gyp > +++ b/node.gyp > -@@ -294,6 +294,7 @@ > +@@ -319,6 +319,7 @@ > 'action_name': 'run_mkcodecache', > 'process_outputs_as_sources': 1, > 'inputs': [ > @@ -18,14 +21,16 @@ Subject: [PATCH] Using native binaries > '<(mkcodecache_exec)', > ], > 'outputs': [ > -@@ -319,6 +320,7 @@ > - 'action_name': 'node_mksnapshot', > - 'process_outputs_as_sources': 1, > - 'inputs': [ > -+ '<(PRODUCT_DIR)/v8-qemu-wrapper.sh', > - '<(node_mksnapshot_exec)', > - ], > - 'outputs': [ > +@@ -366,6 +367,7 @@ > + 'action_name': 'node_mksnapshot', > + 'process_outputs_as_sources': 1, > + 'inputs': [ > ++ '<(PRODUCT_DIR)/v8-qemu-wrapper.sh', > + '<(node_mksnapshot_exec)', > + ], > + 'outputs': [ > +diff --git a/tools/v8_gypfiles/v8.gyp b/tools/v8_gypfiles/v8.gyp > +index ed042f8829..371b8e02c2 100644 > --- a/tools/v8_gypfiles/v8.gyp > +++ b/tools/v8_gypfiles/v8.gyp > @@ -68,6 +68,7 @@ > @@ -40,11 +45,11 @@ Subject: [PATCH] Using native binaries > '<@(torque_outputs_inc)', > ], > 'action': [ > -+ '<(PRODUCT_DIR)/v8-qemu-wrapper.sh', > ++ '<(PRODUCT_DIR)/v8-qemu-wrapper.sh', > > '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)torque<(EXECUTABLE_SUFFIX)', > '-o', '<(SHARED_INTERMEDIATE_DIR)/torque-generated', > '-v8-root', '<(V8_ROOT)', > -@@ -225,6 +227,7 @@ > +@@ -211,6 +213,7 @@ > { > 'action_name': 'generate_bytecode_builtins_list_action', > 'inputs': [ > @@ -52,7 +57,7 @@ Subject: [PATCH] Using native binaries > > '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)bytecode_builtins_list_generator<(EXECUTABLE_SUFFIX)', > ], > 'outputs': [ > -@@ -415,6 +418,7 @@ > +@@ -395,6 +398,7 @@ > ], > }, > 'inputs': [ > @@ -60,7 +65,7 @@ Subject: [PATCH] Using native binaries > '<(mksnapshot_exec)', > ], > 'outputs': [ > -@@ -1548,6 +1552,7 @@ > +@@ -1513,6 +1517,7 @@ > { > 'action_name': 'run_gen-regexp-special-case_action', > 'inputs': [ > @@ -68,3 +73,6 @@ Subject: [PATCH] Using native binaries > > '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)gen-regexp-special-case<(EXECUTABLE_SUFFIX)', > ], > 'outputs': [ > +-- > +2.34.1 > + > diff --git > a/meta-oe/recipes-devtools/nodejs/nodejs/0002-Install-both-binaries-and-use-libdir.patch > b/meta-oe/recipes-devtools/nodejs/nodejs/0002-Install-both-binaries-and-use-libdir.patch > deleted file mode 100644 > index 5cb2e9701..000000000 > --- > a/meta-oe/recipes-devtools/nodejs/nodejs/0002-Install-both-binaries-and-use-libdir.patch > +++ /dev/null > @@ -1,96 +0,0 @@ > -From 62ddf8499747fb1e366477d666c0634ad50039a9 Mon Sep 17 00:00:00 2001 > -From: Elliott Sales de Andrade <quantum.analyst@gmail.com> > -Date: Tue, 19 Mar 2019 23:22:40 -0400 > -Subject: [PATCH 2/2] Install both binaries and use libdir. > - > -This allows us to build with a shared library for other users while > -still providing the normal executable. > - > -Taken from - > https://src.fedoraproject.org/rpms/nodejs/raw/rawhide/f/0002-Install-both-binaries-and-use-libdir.patch > - > -Upstream-Status: Pending > - > -Signed-off-by: Elliott Sales de Andrade <quantum.analyst@gmail.com> > -Signed-off-by: Andreas Müller <schnitzeltony@gmail.com> > -Signed-off-by: Khem Raj <raj.khem@gmail.com> > ---- > - configure.py | 7 +++++++ > - tools/install.py | 21 +++++++++------------ > - 2 files changed, 16 insertions(+), 12 deletions(-) > - > -diff --git a/configure.py b/configure.py > -index > 6efb98c2316f089f3167e486282593245373af3f..a6d2ec939e4480dfae703f3978067537abf9f0f0 > 100755 > ---- a/configure.py > -+++ b/configure.py > -@@ -721,10 +721,16 @@ parser.add_argument('--shared', > - dest='shared', > - default=None, > - help='compile shared library for embedding node in another project. > ' + > - '(This mode is not officially supported for regular > applications)') > - > -+parser.add_argument('--libdir', > -+ action='store', > -+ dest='libdir', > -+ default='lib', > -+ help='a directory to install the shared library into') > -+ > - parser.add_argument('--without-v8-platform', > - action='store_true', > - dest='without_v8_platform', > - default=False, > - help='do not initialize v8 platform during node.js startup. ' + > -@@ -1305,10 +1311,11 @@ def configure_node(o): > - o['variables']['debug_nghttp2'] = 'false' > - > - o['variables']['node_no_browser_globals'] = > b(options.no_browser_globals) > - > - o['variables']['node_shared'] = b(options.shared) > -+ o['variables']['libdir'] = options.libdir > - node_module_version = getmoduleversion.get_version() > - > - if options.dest_os == 'android': > - shlib_suffix = 'so' > - elif sys.platform == 'darwin': > -diff --git a/tools/install.py b/tools/install.py > -index > 41cc1cbc60a9480cc08df3aa0ebe582c2becc3a2..11208f9e7166ab60da46d5ace2257c239a7e9263 > 100755 > ---- a/tools/install.py > -+++ b/tools/install.py > -@@ -128,26 +128,23 @@ def subdir_files(path, dest, action): > - for subdir, files_in_path in ret.items(): > - action(files_in_path, subdir + '/') > - > - def files(action): > - is_windows = sys.platform == 'win32' > -- output_file = 'node' > - output_prefix = 'out/Release/' > -+ output_libprefix = output_prefix > - > -- if 'false' == variables.get('node_shared'): > -- if is_windows: > -- output_file += '.exe' > -+ if is_windows: > -+ output_bin = 'node.exe' > -+ output_lib = 'node.dll' > - else: > -- if is_windows: > -- output_file += '.dll' > -- else: > -- output_file = 'lib' + output_file + '.' + > variables.get('shlib_suffix') > -+ output_bin = 'node' > -+ output_lib = 'libnode.' + variables.get('shlib_suffix') > - > -- if 'false' == variables.get('node_shared'): > -- action([output_prefix + output_file], 'bin/' + output_file) > -- else: > -- action([output_prefix + output_file], 'lib/' + output_file) > -+ action([output_prefix + output_bin], 'bin/' + output_bin) > -+ if 'true' == variables.get('node_shared'): > -+ action([output_libprefix + output_lib], variables.get('libdir') + > '/' + output_lib) > - > - if 'true' == variables.get('node_use_dtrace'): > - action(['out/Release/node.d'], 'lib/dtrace/node.d') > - > - # behave similarly for systemtap > --- > -2.33.0 > - > diff --git > a/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch > b/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch > deleted file mode 100644 > index 4d238c03f..000000000 > --- > a/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch > +++ /dev/null > @@ -1,151 +0,0 @@ > -From 86d1c0cc6a5dcf57e413a1cc1c29203e87cf9a14 Mon Sep 17 00:00:00 2001 > -From: Daniel Bevenius <daniel.bevenius@gmail.com> > -Date: Sat, 16 Oct 2021 08:50:16 +0200 > -Subject: [PATCH] src: add --openssl-legacy-provider option > - > -This commit adds an option to Node.js named --openssl-legacy-provider > -and if specified will load OpenSSL 3.0 Legacy provider. > - > -$ ./node --help > -... > ---openssl-legacy-provider enable OpenSSL 3.0 legacy provider > - > -Example usage: > - > -$ ./node --openssl-legacy-provider -p 'crypto.createHash("md4")' > -Hash { > - _options: undefined, > - [Symbol(kHandle)]: Hash {}, > - [Symbol(kState)]: { [Symbol(kFinalized)]: false } > -} > - > -Co-authored-by: Richard Lau <rlau@redhat.com> > -Signed-off-by: Signed-off-by: Andrej Valek <andrej.valek@siemens.com> > -Upstream-Status: Backport [https://github.com/nodejs/node/issues/40455] > ---- > - doc/api/cli.md | 10 ++++++++++ > - src/crypto/crypto_util.cc | 10 ++++++++++ > - src/node_options.cc | 10 ++++++++++ > - src/node_options.h | 7 +++++++ > - .../test-process-env-allowed-flags-are-documented.js | 5 +++++ > - 5 files changed, 42 insertions(+) > - > -diff --git a/doc/api/cli.md b/doc/api/cli.md > -index 74057706bf8d..608b9cdeddf1 100644 > ---- a/doc/api/cli.md > -+++ b/doc/api/cli.md > -@@ -687,6 +687,14 @@ Load an OpenSSL configuration file on startup. Among > other uses, this can be > - used to enable FIPS-compliant crypto if Node.js is built > - against FIPS-enabled OpenSSL. > - > -+### `--openssl-legacy-provider` > -+<!-- YAML > -+added: REPLACEME > -+--> > -+ > -+Enable OpenSSL 3.0 legacy provider. For more information please see > -+[providers readme][]. > -+ > - ### `--pending-deprecation` > - > - <!-- YAML > -@@ -1544,6 +1552,7 @@ Node.js options that are allowed are: > - * `--no-warnings` > - * `--node-memory-debug` > - * `--openssl-config` > -+* `--openssl-legacy-provider` > - * `--pending-deprecation` > - * `--policy-integrity` > - * `--preserve-symlinks-main` > -@@ -1933,6 +1942,7 @@ $ node --max-old-space-size=1536 index.js > - [emit_warning]: process.md#processemitwarningwarning-options > - [jitless]: https://v8.dev/blog/jitless > - [libuv threadpool documentation]: > https://docs.libuv.org/en/latest/threadpool.html > -+[providers readme]: > https://github.com/openssl/openssl/blob/openssl-3.0.0/README-PROVIDERS.md > - [remote code execution]: https://www.owasp.org/index.php/Code_Injection > - [security warning]: > #warning-binding-inspector-to-a-public-ipport-combination-is-insecure > - [timezone IDs]: > https://en.wikipedia.org/wiki/List_of_tz_database_time_zones > -diff <https://en.wikipedia.org/wiki/List_of_tz_database_time_zones-diff> > --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc > -index 7e0c8ba3eb60..796ea3025e41 100644 > ---- a/src/crypto/crypto_util.cc > -+++ b/src/crypto/crypto_util.cc > -@@ -148,6 +148,16 @@ void InitCryptoOnce() { > - } > - #endif > - > -+#if OPENSSL_VERSION_MAJOR >= 3 > -+ // --openssl-legacy-provider > -+ if (per_process::cli_options->openssl_legacy_provider) { > -+ OSSL_PROVIDER* legacy_provider = OSSL_PROVIDER_load(nullptr, > "legacy"); > -+ if (legacy_provider == nullptr) { > -+ fprintf(stderr, "Unable to load legacy provider.\n"); > -+ } > -+ } > -+#endif > -+ > - OPENSSL_init_ssl(0, settings); > - OPENSSL_INIT_free(settings); > - settings = nullptr; > -diff --git a/src/node_options.cc b/src/node_options.cc > -index 00bdc6688a4c..3363860919a9 100644 > ---- a/src/node_options.cc > -+++ b/src/node_options.cc > -@@ -4,6 +4,9 @@ > - #include "env-inl.h" > - #include "node_binding.h" > - #include "node_internals.h" > -+#if HAVE_OPENSSL > -+#include "openssl/opensslv.h" > -+#endif > - > - #include <errno.h> > - #include <sstream> > -diff --git a/src/node_options.h b/src/node_options.h > -index fd772478d04d..1c0e018ab16f 100644 > ---- a/src/node_options.h > -+++ b/src/node_options.h > -@@ -11,6 +11,10 @@ > - #include "node_mutex.h" > - #include "util.h" > - > -+#if HAVE_OPENSSL > -+#include "openssl/opensslv.h" > -+#endif > -+ > - namespace node { > - > - class HostPort { > -@@ -251,6 +255,9 @@ class PerProcessOptions : public Options { > - bool enable_fips_crypto = false; > - bool force_fips_crypto = false; > - #endif > -+#if OPENSSL_VERSION_MAJOR >= 3 > -+ bool openssl_legacy_provider = false; > -+#endif > - > - // Per-process because reports can be triggered outside a known V8 > context. > - bool report_on_fatalerror = false; > -diff --git > a/test/parallel/test-process-env-allowed-flags-are-documented.js > b/test/parallel/test-process-env-allowed-flags-are-documented.js > -index 64626b71f019..8a4e35997907 100644 > ---- a/test/parallel/test-process-env-allowed-flags-are-documented.js > -+++ b/test/parallel/test-process-env-allowed-flags-are-documented.js > -@@ -43,6 +43,10 @@ for (const line of [...nodeOptionsLines, > ...v8OptionsLines]) { > - } > - } > - > -+if (!common.hasOpenSSL3) { > -+ documented.delete('--openssl-legacy-provider'); > -+} > -+ > - // Filter out options that are conditionally present. > - const conditionalOpts = [ > - { > -@@ -50,6 +54,7 @@ const conditionalOpts = [ > - filter: (opt) => { > - return [ > - '--openssl-config', > -+ common.hasOpenSSL3 ? '--openssl-legacy-provider' : '', > - '--tls-cipher-list', > - '--use-bundled-ca', > - '--use-openssl-ca', > - > diff --git a/meta-oe/recipes-devtools/nodejs/nodejs_16.14.2.bb > b/meta-oe/recipes-devtools/nodejs/nodejs_16.18.1.bb > similarity index 94% > rename from meta-oe/recipes-devtools/nodejs/nodejs_16.14.2.bb > rename to meta-oe/recipes-devtools/nodejs/nodejs_16.18.1.bb > index 62188f94a..a67948320 100644 > --- a/meta-oe/recipes-devtools/nodejs/nodejs_16.14.2.bb > +++ b/meta-oe/recipes-devtools/nodejs/nodejs_16.18.1.bb > @@ -1,7 +1,7 @@ > DESCRIPTION = "nodeJS Evented I/O for V8 JavaScript" > HOMEPAGE = "http://nodejs.org" > LICENSE = "MIT & ISC & BSD-2-Clause & BSD-3-Clause & Artistic-2.0" > -LIC_FILES_CHKSUM = "file://LICENSE;md5=6ba5b21ac7a505195ca69344d3d7a94a" > +LIC_FILES_CHKSUM = "file://LICENSE;md5=6e54852cd826c41e80c6d80f6db00a85" > > DEPENDS = "openssl" > DEPENDS:append:class-target = " qemu-native" > @@ -19,9 +19,7 @@ COMPATIBLE_HOST:powerpc = "null" > > SRC_URI = "http://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz \ > file://0001-Disable-running-gyp-files-for-bundled-deps.patch \ > - file://0002-Install-both-binaries-and-use-libdir.patch \ > file://0004-v8-don-t-override-ARM-CFLAGS.patch \ > - file://0005-add-openssl-legacy-provider-option.patch \ > file://big-endian.patch \ > file://mips-less-memory.patch \ > file://system-c-ares.patch \ > @@ -29,7 +27,7 @@ SRC_URI = " > http://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz \ > file://0001-mips-Use-32bit-cast-for-operand-on-mips32.patch \ > " > SRC_URI:append:class-target = " \ > - file://0002-Using-native-binaries.patch \ > + file://0001-Using-native-binaries.patch \ > " > SRC_URI:append:toolchain-clang:x86 = " \ > file://libatomic.patch \ > @@ -37,7 +35,7 @@ SRC_URI:append:toolchain-clang:x86 = " \ > SRC_URI:append:toolchain-clang:powerpc64le = " \ > file://0001-ppc64-Do-not-use-mminimal-toc-with-clang.patch \ > " > -SRC_URI[sha256sum] = > "e922e215cc68eb5f94d33e8a0b61e2c863b7731cc8600ab955d3822da90ff8d1" > +SRC_URI[sha256sum] = > "1f8051a88f86f42064f4415fe7a980e59b0a502ecc8def583f6303bc4d445238" > > S = "${WORKDIR}/node-v${PV}" > > -- > 2.34.1 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#99614): > https://lists.openembedded.org/g/openembedded-devel/message/99614 > Mute This Topic: https://lists.openembedded.org/mt/95118333/3617156 > Group Owner: openembedded-devel+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [ > Martin.Jansa@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- > >
Add Armin to ensure he seems this once he recovers from US Thanksgiving indulgences. On 2022-11-24 12:05, Martin Jansa wrote: > I see this is now queued in kirkstone-next > https://git.openembedded.org/meta-openembedded/commit/?h=kirkstone-next&id=08b6b6846a84d9a0459f42d1d730c9ea1d50c43f > <https://urldefense.com/v3/__https://git.openembedded.org/meta-openembedded/commit/?h=kirkstone-next&id=08b6b6846a84d9a0459f42d1d730c9ea1d50c43f__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAMDDlyDWE$> > > I see bunch of recipes failing since this upgrade landed in master, > mostly due to npm dependency resolution being more strict now and > builds failing with > > npm ERR! code ERESOLVE > npm ERR! ERESOLVE could not resolve > ... > npm ERR! Fix the upstream dependency conflict, or retry > npm ERR! this command with --force, or --legacy-peer-deps > npm ERR! to accept an incorrect (and potentially broken) dependency > resolution. > > Can we please delay backporting to kirkstone and langdale a bit more? Seconded! What recipes encounters this bug? > > And if others are seeing similar failures please share them here as well. > > The older nodejs was using npm@8.5.0, now its npm@8.19.2 more details > about this change in behavior from 8.6.0 in > https://github.com/npm/cli/issues/4998 > <https://urldefense.com/v3/__https://github.com/npm/cli/issues/4998__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAMZmTsAyk$> Someone in the linked issue thread said: "We rolled back to Node v16.15.0, which has a working version of npm 8.5.5." Should we drop the 16.18.x update and stick with 16.15.1 for kirkstone/langdale? For master, I'd like to update to 18, 19, or ideally 20 if it's available before the end of M3. Martin, What version of node make sense to you for master? Do you agree that we should leave master on 16.18.x and people should fix their 'broken' npm dependencies? ../Randy > > Regards, > > On Fri, Nov 18, 2022 at 7:27 PM Polampalli, Archana > <archana.polampalli@windriver.com> wrote: > > * Drop Openssl legacy provider patch and install both binaries patch > which are already available in 16.x > * Refresh native binaries patch against 16.x base > > Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> > --- > .../oe-npm-cache | 0 > ....14.bb > <https://urldefense.com/v3/__http://14.bb__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAMucZHoEo$> > => nodejs-oe-cache-native_16.18.bb > <https://urldefense.com/v3/__http://nodejs-oe-cache-native_16.18.bb__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAM3BdjfLc$>} > | 0 > ...patch => 0001-Using-native-binaries.patch} | 40 +++-- > ...Install-both-binaries-and-use-libdir.patch | 96 ----------- > ...5-add-openssl-legacy-provider-option.patch | 151 > ------------------ > .../{nodejs_16.14.2.bb > <https://urldefense.com/v3/__http://nodejs_16.14.2.bb__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAMmGjEF2k$> > => nodejs_16.18.1.bb > <https://urldefense.com/v3/__http://nodejs_16.18.1.bb__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAMtRkXgYY$>} > | 8 +- > 6 files changed, 27 insertions(+), 268 deletions(-) > rename meta-oe/recipes-devtools/nodejs/{nodejs-oe-cache-16.14 => > nodejs-oe-cache-16.18}/oe-npm-cache (100%) > rename > meta-oe/recipes-devtools/nodejs/{nodejs-oe-cache-native_16.14.bb > <https://urldefense.com/v3/__http://nodejs-oe-cache-native_16.14.bb__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAMcMegzi4$> > => nodejs-oe-cache-native_16.18.bb > <https://urldefense.com/v3/__http://nodejs-oe-cache-native_16.18.bb__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAM3BdjfLc$>} > (100%) > rename > meta-oe/recipes-devtools/nodejs/nodejs/{0002-Using-native-binaries.patch > => 0001-Using-native-binaries.patch} (70%) > delete mode 100644 > meta-oe/recipes-devtools/nodejs/nodejs/0002-Install-both-binaries-and-use-libdir.patch > delete mode 100644 > meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch > rename meta-oe/recipes-devtools/nodejs/{nodejs_16.14.2.bb > <https://urldefense.com/v3/__http://nodejs_16.14.2.bb__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAMmGjEF2k$> > => nodejs_16.18.1.bb > <https://urldefense.com/v3/__http://nodejs_16.18.1.bb__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAMtRkXgYY$>} > (94%) > > diff --git > a/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-16.14/oe-npm-cache > b/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-16.18/oe-npm-cache > similarity index 100% > rename from > meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-16.14/oe-npm-cache > rename to > meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-16.18/oe-npm-cache > diff --git > a/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_16.14.bb > <https://urldefense.com/v3/__http://nodejs-oe-cache-native_16.14.bb__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAMcMegzi4$> > b/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_16.18.bb > <https://urldefense.com/v3/__http://nodejs-oe-cache-native_16.18.bb__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAM3BdjfLc$> > similarity index 100% > rename from > meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_16.14.bb > <https://urldefense.com/v3/__http://nodejs-oe-cache-native_16.14.bb__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAMcMegzi4$> > rename to > meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_16.18.bb > <https://urldefense.com/v3/__http://nodejs-oe-cache-native_16.18.bb__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAM3BdjfLc$> > diff --git > a/meta-oe/recipes-devtools/nodejs/nodejs/0002-Using-native-binaries.patch > b/meta-oe/recipes-devtools/nodejs/nodejs/0001-Using-native-binaries.patch > similarity index 70% > rename from > meta-oe/recipes-devtools/nodejs/nodejs/0002-Using-native-binaries.patch > rename to > meta-oe/recipes-devtools/nodejs/nodejs/0001-Using-native-binaries.patch > index 8db1f1dd5..445aaf839 100644 > --- > a/meta-oe/recipes-devtools/nodejs/nodejs/0002-Using-native-binaries.patch > +++ > b/meta-oe/recipes-devtools/nodejs/nodejs/0001-Using-native-binaries.patch > @@ -3,14 +3,17 @@ From: Guillaume Burel > <guillaume.burel@stormshield.eu> > Date: Fri, 3 Jan 2020 11:25:54 +0100 > Subject: [PATCH] Using native binaries > > +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> > --- > - node.gyp | 4 ++-- > - tools/v8_gypfiles/v8.gyp | 11 ++++------- > - 2 files changed, 6 insertions(+), 9 deletions(-) > + node.gyp | 2 ++ > + tools/v8_gypfiles/v8.gyp | 5 +++++ > + 2 files changed, 7 insertions(+) > > +diff --git a/node.gyp b/node.gyp > +index 24505da7ba..7d41bd52db 100644 > --- a/node.gyp > +++ b/node.gyp > -@@ -294,6 +294,7 @@ > +@@ -319,6 +319,7 @@ > 'action_name': 'run_mkcodecache', > 'process_outputs_as_sources': 1, > 'inputs': [ > @@ -18,14 +21,16 @@ Subject: [PATCH] Using native binaries > '<(mkcodecache_exec)', > ], > 'outputs': [ > -@@ -319,6 +320,7 @@ > - 'action_name': 'node_mksnapshot', > - 'process_outputs_as_sources': 1, > - 'inputs': [ > -+ '<(PRODUCT_DIR)/v8-qemu-wrapper.sh', > - '<(node_mksnapshot_exec)', > - ], > - 'outputs': [ > +@@ -366,6 +367,7 @@ > + 'action_name': 'node_mksnapshot', > + 'process_outputs_as_sources': 1, > + 'inputs': [ > ++ '<(PRODUCT_DIR)/v8-qemu-wrapper.sh', > + '<(node_mksnapshot_exec)', > + ], > + 'outputs': [ > +diff --git a/tools/v8_gypfiles/v8.gyp b/tools/v8_gypfiles/v8.gyp > +index ed042f8829..371b8e02c2 100644 > --- a/tools/v8_gypfiles/v8.gyp > +++ b/tools/v8_gypfiles/v8.gyp > @@ -68,6 +68,7 @@ > @@ -40,11 +45,11 @@ Subject: [PATCH] Using native binaries > '<@(torque_outputs_inc)', > ], > 'action': [ > -+ '<(PRODUCT_DIR)/v8-qemu-wrapper.sh', > ++ '<(PRODUCT_DIR)/v8-qemu-wrapper.sh', > '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)torque<(EXECUTABLE_SUFFIX)', > '-o', '<(SHARED_INTERMEDIATE_DIR)/torque-generated', > '-v8-root', '<(V8_ROOT)', > -@@ -225,6 +227,7 @@ > +@@ -211,6 +213,7 @@ > { > 'action_name': 'generate_bytecode_builtins_list_action', > 'inputs': [ > @@ -52,7 +57,7 @@ Subject: [PATCH] Using native binaries > '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)bytecode_builtins_list_generator<(EXECUTABLE_SUFFIX)', > ], > 'outputs': [ > -@@ -415,6 +418,7 @@ > +@@ -395,6 +398,7 @@ > ], > }, > 'inputs': [ > @@ -60,7 +65,7 @@ Subject: [PATCH] Using native binaries > '<(mksnapshot_exec)', > ], > 'outputs': [ > -@@ -1548,6 +1552,7 @@ > +@@ -1513,6 +1517,7 @@ > { > 'action_name': 'run_gen-regexp-special-case_action', > 'inputs': [ > @@ -68,3 +73,6 @@ Subject: [PATCH] Using native binaries > '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)gen-regexp-special-case<(EXECUTABLE_SUFFIX)', > ], > 'outputs': [ > +-- > +2.34.1 > + > diff --git > a/meta-oe/recipes-devtools/nodejs/nodejs/0002-Install-both-binaries-and-use-libdir.patch > b/meta-oe/recipes-devtools/nodejs/nodejs/0002-Install-both-binaries-and-use-libdir.patch > deleted file mode 100644 > index 5cb2e9701..000000000 > --- > a/meta-oe/recipes-devtools/nodejs/nodejs/0002-Install-both-binaries-and-use-libdir.patch > +++ /dev/null > @@ -1,96 +0,0 @@ > -From 62ddf8499747fb1e366477d666c0634ad50039a9 Mon Sep 17 00:00:00 > 2001 > -From: Elliott Sales de Andrade <quantum.analyst@gmail.com> > -Date: Tue, 19 Mar 2019 23:22:40 -0400 > -Subject: [PATCH 2/2] Install both binaries and use libdir. > - > -This allows us to build with a shared library for other users while > -still providing the normal executable. > - > -Taken from - > https://src.fedoraproject.org/rpms/nodejs/raw/rawhide/f/0002-Install-both-binaries-and-use-libdir.patch > <https://urldefense.com/v3/__https://src.fedoraproject.org/rpms/nodejs/raw/rawhide/f/0002-Install-both-binaries-and-use-libdir.patch__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAMet0aFAI$> > - > -Upstream-Status: Pending > - > -Signed-off-by: Elliott Sales de Andrade <quantum.analyst@gmail.com> > -Signed-off-by: Andreas Müller <schnitzeltony@gmail.com> > -Signed-off-by: Khem Raj <raj.khem@gmail.com> > ---- > - configure.py | 7 +++++++ > - tools/install.py > <https://urldefense.com/v3/__http://install.py__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAMXZ-_c6A$> > | 21 +++++++++------------ > - 2 files changed, 16 insertions(+), 12 deletions(-) > - > -diff --git a/configure.py > <https://urldefense.com/v3/__http://configure.py__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAMFajHJ5c$> > b/configure.py > <https://urldefense.com/v3/__http://configure.py__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAMFajHJ5c$> > -index > 6efb98c2316f089f3167e486282593245373af3f..a6d2ec939e4480dfae703f3978067537abf9f0f0 > 100755 > ---- a/configure.py > <https://urldefense.com/v3/__http://configure.py__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAMFajHJ5c$> > -+++ b/configure.py > <https://urldefense.com/v3/__http://configure.py__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAMFajHJ5c$> > -@@ -721,10 +721,16 @@ parser.add_argument('--shared', > - dest='shared', > - default=None, > - help='compile shared library for embedding node in another > project. ' + > - '(This mode is not officially supported for regular > applications)') > - > -+parser.add_argument('--libdir', > -+ action='store', > -+ dest='libdir', > -+ default='lib', > -+ help='a directory to install the shared library into') > -+ > - parser.add_argument('--without-v8-platform', > - action='store_true', > - dest='without_v8_platform', > - default=False, > - help='do not initialize v8 platform during node.js startup. ' + > -@@ -1305,10 +1311,11 @@ def configure_node(o): > - o['variables']['debug_nghttp2'] = 'false' > - > - o['variables']['node_no_browser_globals'] = > b(options.no_browser_globals) > - > - o['variables']['node_shared'] = b(options.shared) > -+ o['variables']['libdir'] = options.libdir > - node_module_version = getmoduleversion.get_version() > - > - if options.dest_os == 'android': > - shlib_suffix = 'so' > - elif sys.platform == 'darwin': > -diff --git a/tools/install.py > <https://urldefense.com/v3/__http://install.py__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAMXZ-_c6A$> > b/tools/install.py > <https://urldefense.com/v3/__http://install.py__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAMXZ-_c6A$> > -index > 41cc1cbc60a9480cc08df3aa0ebe582c2becc3a2..11208f9e7166ab60da46d5ace2257c239a7e9263 > 100755 > ---- a/tools/install.py > <https://urldefense.com/v3/__http://install.py__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAMXZ-_c6A$> > -+++ b/tools/install.py > <https://urldefense.com/v3/__http://install.py__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAMXZ-_c6A$> > -@@ -128,26 +128,23 @@ def subdir_files(path, dest, action): > - for subdir, files_in_path in ret.items(): > - action(files_in_path, subdir + '/') > - > - def files(action): > - is_windows = sys.platform == 'win32' > -- output_file = 'node' > - output_prefix = 'out/Release/' > -+ output_libprefix = output_prefix > - > -- if 'false' == variables.get('node_shared'): > -- if is_windows: > -- output_file += '.exe' > -+ if is_windows: > -+ output_bin = 'node.exe' > -+ output_lib = 'node.dll' > - else: > -- if is_windows: > -- output_file += '.dll' > -- else: > -- output_file = 'lib' + output_file + '.' + > variables.get('shlib_suffix') > -+ output_bin = 'node' > -+ output_lib = 'libnode.' + variables.get('shlib_suffix') > - > -- if 'false' == variables.get('node_shared'): > -- action([output_prefix + output_file], 'bin/' + output_file) > -- else: > -- action([output_prefix + output_file], 'lib/' + output_file) > -+ action([output_prefix + output_bin], 'bin/' + output_bin) > -+ if 'true' == variables.get('node_shared'): > -+ action([output_libprefix + output_lib], > variables.get('libdir') + '/' + output_lib) > - > - if 'true' == variables.get('node_use_dtrace'): > - action(['out/Release/node.d'], 'lib/dtrace/node.d') > - > - # behave similarly for systemtap > --- > -2.33.0 > - > diff --git > a/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch > b/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch > deleted file mode 100644 > index 4d238c03f..000000000 > --- > a/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch > +++ /dev/null > @@ -1,151 +0,0 @@ > -From 86d1c0cc6a5dcf57e413a1cc1c29203e87cf9a14 Mon Sep 17 00:00:00 > 2001 > -From: Daniel Bevenius <daniel.bevenius@gmail.com> > -Date: Sat, 16 Oct 2021 08:50:16 +0200 > -Subject: [PATCH] src: add --openssl-legacy-provider option > - > -This commit adds an option to Node.js named --openssl-legacy-provider > -and if specified will load OpenSSL 3.0 Legacy provider. > - > -$ ./node --help > -... > ---openssl-legacy-provider enable OpenSSL 3.0 legacy provider > - > -Example usage: > - > -$ ./node --openssl-legacy-provider -p 'crypto.createHash("md4")' > -Hash { > - _options: undefined, > - [Symbol(kHandle)]: Hash {}, > - [Symbol(kState)]: { [Symbol(kFinalized)]: false } > -} > - > -Co-authored-by: Richard Lau <rlau@redhat.com> > -Signed-off-by: Signed-off-by: Andrej Valek <andrej.valek@siemens.com> > -Upstream-Status: Backport > [https://github.com/nodejs/node/issues/40455 > <https://urldefense.com/v3/__https://github.com/nodejs/node/issues/40455__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAMzLcRt8c$>] > ---- > - doc/api/cli.md | 10 > ++++++++++ > - src/crypto/crypto_util.cc | 10 > ++++++++++ > - src/node_options.cc | 10 > ++++++++++ > - src/node_options.h | 7 +++++++ > - .../test-process-env-allowed-flags-are-documented.js | 5 +++++ > - 5 files changed, 42 insertions(+) > - > -diff --git a/doc/api/cli.md > <https://urldefense.com/v3/__http://cli.md__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAMFt6pddQ$> > b/doc/api/cli.md > <https://urldefense.com/v3/__http://cli.md__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAMFt6pddQ$> > -index 74057706bf8d..608b9cdeddf1 100644 > ---- a/doc/api/cli.md > <https://urldefense.com/v3/__http://cli.md__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAMFt6pddQ$> > -+++ b/doc/api/cli.md > <https://urldefense.com/v3/__http://cli.md__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAMFt6pddQ$> > -@@ -687,6 +687,14 @@ Load an OpenSSL configuration file on > startup. Among other uses, this can be > - used to enable FIPS-compliant crypto if Node.js is built > - against FIPS-enabled OpenSSL. > - > -+### `--openssl-legacy-provider` > -+<!-- YAML > -+added: REPLACEME > -+--> > -+ > -+Enable OpenSSL 3.0 legacy provider. For more information please see > -+[providers readme][]. > -+ > - ### `--pending-deprecation` > - > - <!-- YAML > -@@ -1544,6 +1552,7 @@ Node.js options that are allowed are: > - * `--no-warnings` > - * `--node-memory-debug` > - * `--openssl-config` > -+* `--openssl-legacy-provider` > - * `--pending-deprecation` > - * `--policy-integrity` > - * `--preserve-symlinks-main` > -@@ -1933,6 +1942,7 @@ $ node --max-old-space-size=1536 index.js > - [emit_warning]: process.md#processemitwarningwarning-options > - [jitless]: https://v8.dev/blog/jitless > <https://urldefense.com/v3/__https://v8.dev/blog/jitless__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAM4H_FRAA$> > - [libuv threadpool documentation]: > https://docs.libuv.org/en/latest/threadpool.html > <https://urldefense.com/v3/__https://docs.libuv.org/en/latest/threadpool.html__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAMsvK9VnA$> > -+[providers readme]: > https://github.com/openssl/openssl/blob/openssl-3.0.0/README-PROVIDERS.md > <https://urldefense.com/v3/__https://github.com/openssl/openssl/blob/openssl-3.0.0/README-PROVIDERS.md__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAMVhHNfFg$> > - [remote code execution]: > https://www.owasp.org/index.php/Code_Injection > <https://urldefense.com/v3/__https://www.owasp.org/index.php/Code_Injection__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAMM8NUUqY$> > - [security warning]: > #warning-binding-inspector-to-a-public-ipport-combination-is-insecure > - [timezone IDs]: > https://en.wikipedia.org/wiki/List_of_tz_database_time_zones > -diff > <https://urldefense.com/v3/__https://en.wikipedia.org/wiki/List_of_tz_database_time_zones-diff__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAM1Edl0A8$> > --git a/src/crypto/crypto_util.cc > <https://urldefense.com/v3/__http://crypto_util.cc__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAMxy_0MgY$> > b/src/crypto/crypto_util.cc > <https://urldefense.com/v3/__http://crypto_util.cc__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAMxy_0MgY$> > -index 7e0c8ba3eb60..796ea3025e41 100644 > ---- a/src/crypto/crypto_util.cc > <https://urldefense.com/v3/__http://crypto_util.cc__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAMxy_0MgY$> > -+++ b/src/crypto/crypto_util.cc > <https://urldefense.com/v3/__http://crypto_util.cc__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAMxy_0MgY$> > -@@ -148,6 +148,16 @@ void InitCryptoOnce() { > - } > - #endif > - > -+#if OPENSSL_VERSION_MAJOR >= 3 > -+ // --openssl-legacy-provider > -+ if (per_process::cli_options->openssl_legacy_provider) { > -+ OSSL_PROVIDER* legacy_provider = OSSL_PROVIDER_load(nullptr, > "legacy"); > -+ if (legacy_provider == nullptr) { > -+ fprintf(stderr, "Unable to load legacy provider.\n"); > -+ } > -+ } > -+#endif > -+ > - OPENSSL_init_ssl(0, settings); > - OPENSSL_INIT_free(settings); > - settings = nullptr; > -diff --git a/src/node_options.cc > <https://urldefense.com/v3/__http://node_options.cc__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAMmfYpJHc$> > b/src/node_options.cc > <https://urldefense.com/v3/__http://node_options.cc__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAMmfYpJHc$> > -index 00bdc6688a4c..3363860919a9 100644 > ---- a/src/node_options.cc > <https://urldefense.com/v3/__http://node_options.cc__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAMmfYpJHc$> > -+++ b/src/node_options.cc > <https://urldefense.com/v3/__http://node_options.cc__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAMmfYpJHc$> > -@@ -4,6 +4,9 @@ > - #include "env-inl.h" > - #include "node_binding.h" > - #include "node_internals.h" > -+#if HAVE_OPENSSL > -+#include "openssl/opensslv.h" > -+#endif > - > - #include <errno.h> > - #include <sstream> > -diff --git a/src/node_options.h b/src/node_options.h > -index fd772478d04d..1c0e018ab16f 100644 > ---- a/src/node_options.h > -+++ b/src/node_options.h > -@@ -11,6 +11,10 @@ > - #include "node_mutex.h" > - #include "util.h" > - > -+#if HAVE_OPENSSL > -+#include "openssl/opensslv.h" > -+#endif > -+ > - namespace node { > - > - class HostPort { > -@@ -251,6 +255,9 @@ class PerProcessOptions : public Options { > - bool enable_fips_crypto = false; > - bool force_fips_crypto = false; > - #endif > -+#if OPENSSL_VERSION_MAJOR >= 3 > -+ bool openssl_legacy_provider = false; > -+#endif > - > - // Per-process because reports can be triggered outside a > known V8 context. > - bool report_on_fatalerror = false; > -diff --git > a/test/parallel/test-process-env-allowed-flags-are-documented.js > b/test/parallel/test-process-env-allowed-flags-are-documented.js > -index 64626b71f019..8a4e35997907 100644 > ---- a/test/parallel/test-process-env-allowed-flags-are-documented.js > -+++ b/test/parallel/test-process-env-allowed-flags-are-documented.js > -@@ -43,6 +43,10 @@ for (const line of [...nodeOptionsLines, > ...v8OptionsLines]) { > - } > - } > - > -+if (!common.hasOpenSSL3) { > -+ documented.delete('--openssl-legacy-provider'); > -+} > -+ > - // Filter out options that are conditionally present. > - const conditionalOpts = [ > - { > -@@ -50,6 +54,7 @@ const conditionalOpts = [ > - filter: (opt) => { > - return [ > - '--openssl-config', > -+ common.hasOpenSSL3 ? '--openssl-legacy-provider' : '', > - '--tls-cipher-list', > - '--use-bundled-ca', > - '--use-openssl-ca', > - > diff --git a/meta-oe/recipes-devtools/nodejs/nodejs_16.14.2.bb > <https://urldefense.com/v3/__http://nodejs_16.14.2.bb__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAMmGjEF2k$> > b/meta-oe/recipes-devtools/nodejs/nodejs_16.18.1.bb > <https://urldefense.com/v3/__http://nodejs_16.18.1.bb__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAMtRkXgYY$> > similarity index 94% > rename from meta-oe/recipes-devtools/nodejs/nodejs_16.14.2.bb > <https://urldefense.com/v3/__http://nodejs_16.14.2.bb__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAMmGjEF2k$> > rename to meta-oe/recipes-devtools/nodejs/nodejs_16.18.1.bb > <https://urldefense.com/v3/__http://nodejs_16.18.1.bb__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAMtRkXgYY$> > index 62188f94a..a67948320 100644 > --- a/meta-oe/recipes-devtools/nodejs/nodejs_16.14.2.bb > <https://urldefense.com/v3/__http://nodejs_16.14.2.bb__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAMmGjEF2k$> > +++ b/meta-oe/recipes-devtools/nodejs/nodejs_16.18.1.bb > <https://urldefense.com/v3/__http://nodejs_16.18.1.bb__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAMtRkXgYY$> > @@ -1,7 +1,7 @@ > DESCRIPTION = "nodeJS Evented I/O for V8 JavaScript" > HOMEPAGE = "http://nodejs.org > <https://urldefense.com/v3/__http://nodejs.org__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAM4Pdi5yU$>" > LICENSE = "MIT & ISC & BSD-2-Clause & BSD-3-Clause & Artistic-2.0" > -LIC_FILES_CHKSUM = > "file://LICENSE;md5=6ba5b21ac7a505195ca69344d3d7a94a" > +LIC_FILES_CHKSUM = > "file://LICENSE;md5=6e54852cd826c41e80c6d80f6db00a85" > > DEPENDS = "openssl" > DEPENDS:append:class-target = " qemu-native" > @@ -19,9 +19,7 @@ COMPATIBLE_HOST:powerpc = "null" > > SRC_URI = "http://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz > <https://urldefense.com/v3/__http://nodejs.org/dist/v$*7BPV*7D/node-v$*7BPV*7D.tar.xz__;JSUlJQ!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAMRxCfBF8$> > \ > file://0001-Disable-running-gyp-files-for-bundled-deps.patch \ > - file://0002-Install-both-binaries-and-use-libdir.patch \ > file://0004-v8-don-t-override-ARM-CFLAGS.patch \ > - file://0005-add-openssl-legacy-provider-option.patch \ > file://big-endian.patch \ > file://mips-less-memory.patch \ > file://system-c-ares.patch \ > @@ -29,7 +27,7 @@ SRC_URI = > "http://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz > <https://urldefense.com/v3/__http://nodejs.org/dist/v$*7BPV*7D/node-v$*7BPV*7D.tar.xz__;JSUlJQ!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAMRxCfBF8$> > \ > file://0001-mips-Use-32bit-cast-for-operand-on-mips32.patch \ > " > SRC_URI:append:class-target = " \ > - file://0002-Using-native-binaries.patch \ > + file://0001-Using-native-binaries.patch \ > " > SRC_URI:append:toolchain-clang:x86 = " \ > file://libatomic.patch \ > @@ -37,7 +35,7 @@ SRC_URI:append:toolchain-clang:x86 = " \ > SRC_URI:append:toolchain-clang:powerpc64le = " \ > file://0001-ppc64-Do-not-use-mminimal-toc-with-clang.patch \ > " > -SRC_URI[sha256sum] = > "e922e215cc68eb5f94d33e8a0b61e2c863b7731cc8600ab955d3822da90ff8d1" > +SRC_URI[sha256sum] = > "1f8051a88f86f42064f4415fe7a980e59b0a502ecc8def583f6303bc4d445238" > > S = "${WORKDIR}/node-v${PV}" > > -- > 2.34.1 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#99614): > https://lists.openembedded.org/g/openembedded-devel/message/99614 > <https://urldefense.com/v3/__https://lists.openembedded.org/g/openembedded-devel/message/99614__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAMXpka9ds$> > Mute This Topic: > https://lists.openembedded.org/mt/95118333/3617156 > <https://urldefense.com/v3/__https://lists.openembedded.org/mt/95118333/3617156__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAMK7q4q3U$> > Group Owner: openembedded-devel+owner@lists.openembedded.org > <mailto:openembedded-devel%2Bowner@lists.openembedded.org> > Unsubscribe: > https://lists.openembedded.org/g/openembedded-devel/unsub > <https://urldefense.com/v3/__https://lists.openembedded.org/g/openembedded-devel/unsub__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAMM4Y3D7g$> > [Martin.Jansa@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
On Thu, Nov 24, 2022 at 7:06 PM Randy MacLeod <randy.macleod@windriver.com> wrote: > Add Armin to ensure he seems this once he recovers from US Thanksgiving > indulgences. > > On 2022-11-24 12:05, Martin Jansa wrote: > > I see this is now queued in kirkstone-next > > https://git.openembedded.org/meta-openembedded/commit/?h=kirkstone-next&id=08b6b6846a84d9a0459f42d1d730c9ea1d50c43f > <https://urldefense.com/v3/__https://git.openembedded.org/meta-openembedded/commit/?h=kirkstone-next&id=08b6b6846a84d9a0459f42d1d730c9ea1d50c43f__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAMDDlyDWE$> > > I see bunch of recipes failing since this upgrade landed in master, mostly > due to npm dependency resolution being more strict now and builds failing > with > > npm ERR! code ERESOLVE > npm ERR! ERESOLVE could not resolve > ... > npm ERR! Fix the upstream dependency conflict, or retry > npm ERR! this command with --force, or --legacy-peer-deps > npm ERR! to accept an incorrect (and potentially broken) dependency > resolution. > > Can we please delay backporting to kirkstone and langdale a bit more? > > Seconded! > > What recipes encounters this bug? > I've seen it in ~10 recipes, but all are internal and not available in any public layer. I've added --force to them as work around to see how many other recipes will start failing now. There is one more failing from public layer: https://github.com/webosose/meta-webosose/blob/master/meta-webos/recipes-webos/localization-tool/localization-tool-native.bb but that's different issue, caused by the sysroot_stage_all:append() and new nodejs now installing node_gyp_bins with symlink to python3 causing: ERROR: localization-tool-native-1.7.0-r7 do_populate_sysroot: sstate found an absolute path symlink /OE/work/x86_64-linux/localization-tool-native/1.7.0-r7/sysroot-destdir/OE/work/x86_64-linux/localization-tool-native/1.7.0-r7/recipe-sysroot-native/opt/js-loctool/node_modules/node-expat/build/node_gyp_bins/python3 pointing at /OE/hosttools/python3. Please replace this with a relative link. But I haven't narrowed it down yet to see which exact nodejs/npm change caused this. And yes this recipe has other issues as well and doesn't even use npm.bbclass nor npmsw:// fetcher. > And if others are seeing similar failures please share them here as well. > > The older nodejs was using npm@8.5.0, now its npm@8.19.2 more details > about this change in behavior from 8.6.0 in > https://github.com/npm/cli/issues/4998 > <https://urldefense.com/v3/__https://github.com/npm/cli/issues/4998__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAMZmTsAyk$> > > > Someone in the linked issue thread said: > > "We rolled back to Node v16.15.0, which has a working version of > npm 8.5.5." > > Should we drop the 16.18.x update and stick with 16.15.1 for > kirkstone/langdale? > I don't mind keeping it in master, once I figure out how to fix it in master I wouldn't mind it getting backported to kirkstone and langdale as well. This was just warning that this isn't just simple minor upgrade for some and at least some longer delay would be useful. > For master, I'd like to update to 18, 19, or ideally 20 if it's available > before the end of M3. > > Martin, > > What version of node make sense to you for master? > I don't have strong opinion, we have a lot of ugly npm/nodejs recipes in webOS which need to be re-worked first, independently on nodejs version used. > Do you agree that we should leave master on 16.18.x and people should fix > their > 'broken' npm dependencies? > Yes, from that npm bug it looks, that the old behavior was even worse than the current clear failure and the --force as work around seems to work reasonably well, so I don't mind keeping it in master and even eventually backporting it to kirkstone a bit later. Cheers,
On Thu, Nov 24, 2022 at 8:19 PM Martin Jansa via lists.openembedded.org <Martin.Jansa=gmail.com@lists.openembedded.org> wrote: > There is one more failing from public layer: > > https://github.com/webosose/meta-webosose/blob/master/meta-webos/recipes-webos/localization-tool/localization-tool-native.bb > but that's different issue, caused by the sysroot_stage_all:append() and > new nodejs now installing node_gyp_bins with symlink to python3 causing: > > ERROR: localization-tool-native-1.7.0-r7 do_populate_sysroot: sstate found > an absolute path symlink > /OE/work/x86_64-linux/localization-tool-native/1.7.0-r7/sysroot-destdir/OE/work/x86_64-linux/localization-tool-native/1.7.0-r7/recipe-sysroot-native/opt/js-loctool/node_modules/node-expat/build/node_gyp_bins/python3 > pointing at /OE/hosttools/python3. Please replace this with a relative link. > > But I haven't narrowed it down yet to see which exact nodejs/npm change > caused this. > This change was introduced in: https://github.com/nodejs/node-gyp/commit/b9ddcd5bbd93b05b03674836b6ebdae2c2e74c8c and again, not sure how many node recipes might get broken by this, in my layers it was just one (and as work around I've deleted this new node_gyp_bins directory for now).
On 11/24/22 2:18 PM, Martin Jansa wrote: > On Thu, Nov 24, 2022 at 7:06 PM Randy MacLeod > <randy.macleod@windriver.com> wrote: > > Add Armin to ensure he seems this once he recovers from US > Thanksgiving indulgences. > > On 2022-11-24 12:05, Martin Jansa wrote: >> I see this is now queued in kirkstone-next >> https://git.openembedded.org/meta-openembedded/commit/?h=kirkstone-next&id=08b6b6846a84d9a0459f42d1d730c9ea1d50c43f >> <https://urldefense.com/v3/__https://git.openembedded.org/meta-openembedded/commit/?h=kirkstone-next&id=08b6b6846a84d9a0459f42d1d730c9ea1d50c43f__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAMDDlyDWE$> >> >> I see bunch of recipes failing since this upgrade landed in >> master, mostly due to npm dependency resolution being more strict >> now and builds failing with >> >> npm ERR! code ERESOLVE >> npm ERR! ERESOLVE could not resolve >> ... >> npm ERR! Fix the upstream dependency conflict, or retry >> npm ERR! this command with --force, or --legacy-peer-deps >> npm ERR! to accept an incorrect (and potentially broken) >> dependency resolution. >> >> Can we please delay backporting to kirkstone and langdale a bit more? > > Seconded! > Noted. will remove from kirkstone-next -armin > > What recipes encounters this bug? > > > I've seen it in ~10 recipes, but all are internal and not available in > any public layer. I've added --force to them as work around to see how > many other recipes will start failing now. > > There is one more failing from public layer: > https://github.com/webosose/meta-webosose/blob/master/meta-webos/recipes-webos/localization-tool/localization-tool-native.bb > but that's different issue, caused by the sysroot_stage_all:append() > and new nodejs now installing node_gyp_bins with symlink to python3 > causing: > > ERROR: localization-tool-native-1.7.0-r7 do_populate_sysroot: sstate > found an absolute path symlink > /OE/work/x86_64-linux/localization-tool-native/1.7.0-r7/sysroot-destdir/OE/work/x86_64-linux/localization-tool-native/1.7.0-r7/recipe-sysroot-native/opt/js-loctool/node_modules/node-expat/build/node_gyp_bins/python3 > pointing at /OE/hosttools/python3. Please replace this with a relative > link. > > But I haven't narrowed it down yet to see which exact nodejs/npm > change caused this. And yes this recipe has other issues as well and > doesn't even use npm.bbclass nor npmsw:// fetcher. > >> >> And if others are seeing similar failures please share them here >> as well. >> >> The older nodejs was using npm@8.5.0, now its npm@8.19.2 more >> details about this change in behavior from 8.6.0 in >> https://github.com/npm/cli/issues/4998 >> <https://urldefense.com/v3/__https://github.com/npm/cli/issues/4998__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAMZmTsAyk$> > > > Someone in the linked issue thread said: > > "We rolled back to Node v16.15.0, which has a working > version of npm 8.5.5." > > Should we drop the 16.18.x update and stick with 16.15.1 for > kirkstone/langdale? > > > I don't mind keeping it in master, once I figure out how to fix it in > master I wouldn't mind it getting backported to kirkstone and langdale > as well. > > This was just warning that this isn't just simple minor upgrade for > some and at least some longer delay would be useful. > > > For master, I'd like to update to 18, 19, or ideally 20 if it's > available before the end of M3. > > Martin, > > What version of node make sense to you for master? > > > I don't have strong opinion, we have a lot of ugly npm/nodejs recipes > in webOS which need to be re-worked first, independently on nodejs > version used. > > Do you agree that we should leave master on 16.18.x and people > should fix their > 'broken' npm dependencies? > > > Yes, from that npm bug it looks, that the old behavior was even worse > than the current clear failure and the --force as work around seems to > work reasonably well, so I don't mind keeping it in master and even > eventually backporting it to kirkstone a bit later. > > Cheers,
On Sat, Nov 26, 2022 at 5:05 PM akuster808 <akuster808@gmail.com> wrote: > > > On 11/24/22 2:18 PM, Martin Jansa wrote: > > On Thu, Nov 24, 2022 at 7:06 PM Randy MacLeod > > <randy.macleod@windriver.com> wrote: > > > > Add Armin to ensure he seems this once he recovers from US > > Thanksgiving indulgences. > > > > On 2022-11-24 12:05, Martin Jansa wrote: > >> I see this is now queued in kirkstone-next > >> > https://git.openembedded.org/meta-openembedded/commit/?h=kirkstone-next&id=08b6b6846a84d9a0459f42d1d730c9ea1d50c43f > >> < > https://urldefense.com/v3/__https://git.openembedded.org/meta-openembedded/commit/?h=kirkstone-next&id=08b6b6846a84d9a0459f42d1d730c9ea1d50c43f__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAMDDlyDWE$ > > > >> > >> I see bunch of recipes failing since this upgrade landed in > >> master, mostly due to npm dependency resolution being more strict > >> now and builds failing with > >> > >> npm ERR! code ERESOLVE > >> npm ERR! ERESOLVE could not resolve > >> ... > >> npm ERR! Fix the upstream dependency conflict, or retry > >> npm ERR! this command with --force, or --legacy-peer-deps > >> npm ERR! to accept an incorrect (and potentially broken) > >> dependency resolution. > >> > >> Can we please delay backporting to kirkstone and langdale a bit > more? > > > > Seconded! > > > > Noted. will remove from kirkstone-next > -armin I've tested my work arounds for both kinds of build failures I've mentioned here and it seems to work fine. Nobody else reported seeing similar failures in this thread, so it might be less wide spread than what I've seen in our internal LGE layers (or other people aren't testing their builds against master often enough, which is their problem and shouldn't block this). I'm no longer against getting this merged in langdale and kirkstone.
On 2022-11-24 14:18, Martin Jansa wrote: > On Thu, Nov 24, 2022 at 7:06 PM Randy MacLeod > <randy.macleod@windriver.com> wrote: > > Add Armin to ensure he seems this once he recovers from US > Thanksgiving indulgences. > > On 2022-11-24 12:05, Martin Jansa wrote: >> I see this is now queued in kirkstone-next >> https://git.openembedded.org/meta-openembedded/commit/?h=kirkstone-next&id=08b6b6846a84d9a0459f42d1d730c9ea1d50c43f >> <https://urldefense.com/v3/__https://git.openembedded.org/meta-openembedded/commit/?h=kirkstone-next&id=08b6b6846a84d9a0459f42d1d730c9ea1d50c43f__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAMDDlyDWE$> >> >> I see bunch of recipes failing since this upgrade landed in >> master, mostly due to npm dependency resolution being more strict >> now and builds failing with >> >> npm ERR! code ERESOLVE >> npm ERR! ERESOLVE could not resolve >> ... >> npm ERR! Fix the upstream dependency conflict, or retry >> npm ERR! this command with --force, or --legacy-peer-deps >> npm ERR! to accept an incorrect (and potentially broken) >> dependency resolution. >> >> Can we please delay backporting to kirkstone and langdale a bit more? > > Seconded! > > What recipes encounters this bug? > > > I've seen it in ~10 recipes, but all are internal and not available in > any public layer. I've added --force to them as work around to see how > many other recipes will start failing now. > > There is one more failing from public layer: > https://github.com/webosose/meta-webosose/blob/master/meta-webos/recipes-webos/localization-tool/localization-tool-native.bb > <https://urldefense.com/v3/__https://github.com/webosose/meta-webosose/blob/master/meta-webos/recipes-webos/localization-tool/localization-tool-native.bb__;!!AjveYdw8EvQ!fVXXP6WGpCWaykh_uWoklqQArJCJQ7A5_YHNHIuOJVZwFc536QpaNTNkS-6VpmURy5ZCL16s1QAAg5Wsei1dqCoqFPA$> > but that's different issue, caused by the sysroot_stage_all:append() > and new nodejs now installing node_gyp_bins with symlink to python3 > causing: > > ERROR: localization-tool-native-1.7.0-r7 do_populate_sysroot: sstate > found an absolute path symlink > /OE/work/x86_64-linux/localization-tool-native/1.7.0-r7/sysroot-destdir/OE/work/x86_64-linux/localization-tool-native/1.7.0-r7/recipe-sysroot-native/opt/js-loctool/node_modules/node-expat/build/node_gyp_bins/python3 > pointing at /OE/hosttools/python3. Please replace this with a relative > link. > > But I haven't narrowed it down yet to see which exact nodejs/npm > change caused this. And yes this recipe has other issues as well and > doesn't even use npm.bbclass nor npmsw:// fetcher. > >> >> And if others are seeing similar failures please share them here >> as well. >> >> The older nodejs was using npm@8.5.0, now its npm@8.19.2 more >> details about this change in behavior from 8.6.0 in >> https://github.com/npm/cli/issues/4998 >> <https://urldefense.com/v3/__https://github.com/npm/cli/issues/4998__;!!AjveYdw8EvQ!bcx80wmigop8Eoea7TohEOVlX1wPfDp0MAiO-8lZQDzv5nw5ai-FPfVsVaCxBstk-GtvN-eKnWtaUipHYjAMZmTsAyk$> > > > Someone in the linked issue thread said: > > "We rolled back to Node v16.15.0, which has a working > version of npm 8.5.5." > > Should we drop the 16.18.x update and stick with 16.15.1 for > kirkstone/langdale? > > > I don't mind keeping it in master, once I figure out how to fix it in > master I wouldn't mind it getting backported to kirkstone and langdale > as well. > > This was just warning that this isn't just simple minor upgrade for > some and at least some longer delay would be useful. > > > For master, I'd like to update to 18, 19, or ideally 20 if it's > available before the end of M3. > > Martin, > > What version of node make sense to you for master? > > > I don't have strong opinion, we have a lot of ugly npm/nodejs recipes > in webOS which need to be re-worked first, independently on nodejs > version used. > > Do you agree that we should leave master on 16.18.x and people > should fix their > 'broken' npm dependencies? > > > Yes, from that npm bug it looks, that the old behavior was even worse > than the current clear failure and the --force as work around seems to > work reasonably well, so I don't mind keeping it in master and even > eventually backporting it to kirkstone a bit later. How about 2 weeks later? We need to either backport a patch or update to 16.18.1 to fix CVE-2022-35255 $ git log --oneline -1 a54283a6387 a54283a638 crypto: fix weak randomness in WebCrypto keygen $ git branch -a --contains a54283a6387 * v16.x remotes/origin/backport-avoid-prototype-pollution remotes/origin/v16.19.0-proposal remotes/origin/v16.x remotes/origin/v16.x-staging $ git tag --contains a54283a6387 v16.17.1 v16.18.0 v16.18.1 My vote is to upgrade since people have had some time to fix their dependencies. ../Randy > > Cheers,
On 2022-12-12 06:10, Martin Jansa wrote: > On Sat, Nov 26, 2022 at 5:05 PM akuster808 <akuster808@gmail.com > <mailto:akuster808@gmail.com>> wrote: > > > > On 11/24/22 2:18 PM, Martin Jansa wrote: > > On Thu, Nov 24, 2022 at 7:06 PM Randy MacLeod > > <randy.macleod@windriver.com > <mailto:randy.macleod@windriver.com>> wrote: > > > > Add Armin to ensure he seems this once he recovers from US > > Thanksgiving indulgences. > > > > On 2022-11-24 12:05, Martin Jansa wrote: > >> I see this is now queued in kirkstone-next > >> > https://git.openembedded.org/meta-openembedded/commit/?h=kirkstone-next&id=08b6b6846a84d9a0459f42d1d730c9ea1d50c43f <https://git.openembedded.org/meta-openembedded/commit/?h=kirkstone-next&id=08b6b6846a84d9a0459f42d1d730c9ea1d50c43f> > >> > <https://git.openembedded.org/meta-openembedded/commit/?h=kirkstone-next&id=08b6b6846a84d9a0459f42d1d730c9ea1d50c43f <https://git.openembedded.org/meta-openembedded/commit/?h=kirkstone-next&id=08b6b6846a84d9a0459f42d1d730c9ea1d50c43f>> > >> > >> I see bunch of recipes failing since this upgrade landed in > >> master, mostly due to npm dependency resolution being more > strict > >> now and builds failing with > >> > >> npm ERR! code ERESOLVE > >> npm ERR! ERESOLVE could not resolve > >> ... > >> npm ERR! Fix the upstream dependency conflict, or retry > >> npm ERR! this command with --force, or --legacy-peer-deps > >> npm ERR! to accept an incorrect (and potentially broken) > >> dependency resolution. > >> > >> Can we please delay backporting to kirkstone and langdale a > bit more? > > > > Seconded! > > > > Noted. will remove from kirkstone-next > -armin > > > I've tested my work arounds for both kinds of build failures I've > mentioned here and it seems to work fine. > > Nobody else reported seeing similar failures in this thread, so it might > be less wide spread than what I've seen in our internal LGE layers (or > other people aren't testing their builds against master often enough, > which is their problem and shouldn't block this). > > I'm no longer against getting this merged in langdale and kirkstone. Oh good. I missed this comment when I sent my previous reply just a few minutes ago. Armin, do you want a new patch or can you merge the one on this thread? ../Randy
On 2022-12-12 10:08, Randy MacLeod via lists.openembedded.org wrote: > On 2022-11-24 14:18, Martin Jansa wrote: >> On Thu, Nov 24, 2022 at 7:06 PM Randy MacLeod >> <randy.macleod@windriver.com> wrote: >> >> Add Armin to ensure he seems this once he recovers from US >> Thanksgiving indulgences. >> >> On 2022-11-24 12:05, Martin Jansa wrote: >>> I see this is now queued in kirkstone-next >>> https://git.openembedded.org/meta-openembedded/commit/?h=kirkstone-next&id=08b6b6846a84d9a0459f42d1d730c9ea1d50c43f <https://git.openembedded.org/meta-openembedded/commit/?h=kirkstone-next&id=08b6b6846a84d9a0459f42d1d730c9ea1d50c43f> >>> >>> I see bunch of recipes failing since this upgrade landed in >>> master, mostly due to npm dependency resolution being more strict >>> now and builds failing with >>> >>> npm ERR! code ERESOLVE >>> npm ERR! ERESOLVE could not resolve >>> ... >>> npm ERR! Fix the upstream dependency conflict, or retry >>> npm ERR! this command with --force, or --legacy-peer-deps >>> npm ERR! to accept an incorrect (and potentially broken) >>> dependency resolution. >>> >>> Can we please delay backporting to kirkstone and langdale a bit more? >> >> Seconded! >> >> What recipes encounters this bug? >> >> >> I've seen it in ~10 recipes, but all are internal and not available in >> any public layer. I've added --force to them as work around to see how >> many other recipes will start failing now. >> >> There is one more failing from public layer: >> https://github.com/webosose/meta-webosose/blob/master/meta-webos/recipes-webos/localization-tool/localization-tool-native.bb <https://github.com/webosose/meta-webosose/blob/master/meta-webos/recipes-webos/localization-tool/localization-tool-native.bb> >> but that's different issue, caused by the sysroot_stage_all:append() >> and new nodejs now installing node_gyp_bins with symlink to python3 >> causing: >> >> ERROR: localization-tool-native-1.7.0-r7 do_populate_sysroot: sstate >> found an absolute path symlink >> /OE/work/x86_64-linux/localization-tool-native/1.7.0-r7/sysroot-destdir/OE/work/x86_64-linux/localization-tool-native/1.7.0-r7/recipe-sysroot-native/opt/js-loctool/node_modules/node-expat/build/node_gyp_bins/python3 pointing at /OE/hosttools/python3. Please replace this with a relative link. >> >> But I haven't narrowed it down yet to see which exact nodejs/npm >> change caused this. And yes this recipe has other issues as well and >> doesn't even use npm.bbclass nor npmsw:// fetcher. >> >>> >>> And if others are seeing similar failures please share them here >>> as well. >>> >>> The older nodejs was using npm@8.5.0, now its npm@8.19.2 more >>> details about this change in behavior from 8.6.0 in >>> https://github.com/npm/cli/issues/4998 >>> <https://github.com/npm/cli/issues/4998> >> >> >> Someone in the linked issue thread said: >> >> "We rolled back to Node v16.15.0, which has a working >> version of npm 8.5.5." >> >> Should we drop the 16.18.x update and stick with 16.15.1 for >> kirkstone/langdale? >> >> >> I don't mind keeping it in master, once I figure out how to fix it in >> master I wouldn't mind it getting backported to kirkstone and langdale >> as well. >> >> This was just warning that this isn't just simple minor upgrade for >> some and at least some longer delay would be useful. >> >> >> For master, I'd like to update to 18, 19, or ideally 20 if it's >> available before the end of M3. >> >> Martin, >> >> What version of node make sense to you for master? >> >> >> I don't have strong opinion, we have a lot of ugly npm/nodejs recipes >> in webOS which need to be re-worked first, independently on nodejs >> version used. >> >> Do you agree that we should leave master on 16.18.x and people >> should fix their >> 'broken' npm dependencies? >> >> >> Yes, from that npm bug it looks, that the old behavior was even worse >> than the current clear failure and the --force as work around seems to >> work reasonably well, so I don't mind keeping it in master and even >> eventually backporting it to kirkstone a bit later. > > > How about 2 weeks later? > > We need to either backport a patch or update to 16.18.1 to fix > CVE-2022-35255 > > $ git log --oneline -1 a54283a6387 > a54283a638 crypto: fix weak randomness in WebCrypto keygen > > $ git branch -a --contains a54283a6387 > * v16.x > remotes/origin/backport-avoid-prototype-pollution > remotes/origin/v16.19.0-proposal > remotes/origin/v16.x > remotes/origin/v16.x-staging > > $ git tag --contains a54283a6387 > v16.17.1 > v16.18.0 > v16.18.1 > > > My vote is to upgrade since people have had some time to fix their > dependencies. No objections so that's good. Armin, The update is in kirkstone-next, will it land in kirkstone and langdale soon? Sorry to nag the npm thing threw us off our usual workflow. ../Randy > > ../Randy > > >> >> Cheers, > > > -- > # Randy MacLeod > # Wind River Linux > > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#100061): https://lists.openembedded.org/g/openembedded-devel/message/100061 > Mute This Topic: https://lists.openembedded.org/mt/95118333/3616765 > Group Owner: openembedded-devel+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [randy.macleod@windriver.com] > -=-=-=-=-=-=-=-=-=-=-=- >
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-16.14/oe-npm-cache b/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-16.18/oe-npm-cache similarity index 100% rename from meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-16.14/oe-npm-cache rename to meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-16.18/oe-npm-cache diff --git a/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_16.14.bb b/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_16.18.bb similarity index 100% rename from meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_16.14.bb rename to meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_16.18.bb diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/0002-Using-native-binaries.patch b/meta-oe/recipes-devtools/nodejs/nodejs/0001-Using-native-binaries.patch similarity index 70% rename from meta-oe/recipes-devtools/nodejs/nodejs/0002-Using-native-binaries.patch rename to meta-oe/recipes-devtools/nodejs/nodejs/0001-Using-native-binaries.patch index 8db1f1dd5..445aaf839 100644 --- a/meta-oe/recipes-devtools/nodejs/nodejs/0002-Using-native-binaries.patch +++ b/meta-oe/recipes-devtools/nodejs/nodejs/0001-Using-native-binaries.patch @@ -3,14 +3,17 @@ From: Guillaume Burel <guillaume.burel@stormshield.eu> Date: Fri, 3 Jan 2020 11:25:54 +0100 Subject: [PATCH] Using native binaries +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> --- - node.gyp | 4 ++-- - tools/v8_gypfiles/v8.gyp | 11 ++++------- - 2 files changed, 6 insertions(+), 9 deletions(-) + node.gyp | 2 ++ + tools/v8_gypfiles/v8.gyp | 5 +++++ + 2 files changed, 7 insertions(+) +diff --git a/node.gyp b/node.gyp +index 24505da7ba..7d41bd52db 100644 --- a/node.gyp +++ b/node.gyp -@@ -294,6 +294,7 @@ +@@ -319,6 +319,7 @@ 'action_name': 'run_mkcodecache', 'process_outputs_as_sources': 1, 'inputs': [ @@ -18,14 +21,16 @@ Subject: [PATCH] Using native binaries '<(mkcodecache_exec)', ], 'outputs': [ -@@ -319,6 +320,7 @@ - 'action_name': 'node_mksnapshot', - 'process_outputs_as_sources': 1, - 'inputs': [ -+ '<(PRODUCT_DIR)/v8-qemu-wrapper.sh', - '<(node_mksnapshot_exec)', - ], - 'outputs': [ +@@ -366,6 +367,7 @@ + 'action_name': 'node_mksnapshot', + 'process_outputs_as_sources': 1, + 'inputs': [ ++ '<(PRODUCT_DIR)/v8-qemu-wrapper.sh', + '<(node_mksnapshot_exec)', + ], + 'outputs': [ +diff --git a/tools/v8_gypfiles/v8.gyp b/tools/v8_gypfiles/v8.gyp +index ed042f8829..371b8e02c2 100644 --- a/tools/v8_gypfiles/v8.gyp +++ b/tools/v8_gypfiles/v8.gyp @@ -68,6 +68,7 @@ @@ -40,11 +45,11 @@ Subject: [PATCH] Using native binaries '<@(torque_outputs_inc)', ], 'action': [ -+ '<(PRODUCT_DIR)/v8-qemu-wrapper.sh', ++ '<(PRODUCT_DIR)/v8-qemu-wrapper.sh', '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)torque<(EXECUTABLE_SUFFIX)', '-o', '<(SHARED_INTERMEDIATE_DIR)/torque-generated', '-v8-root', '<(V8_ROOT)', -@@ -225,6 +227,7 @@ +@@ -211,6 +213,7 @@ { 'action_name': 'generate_bytecode_builtins_list_action', 'inputs': [ @@ -52,7 +57,7 @@ Subject: [PATCH] Using native binaries '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)bytecode_builtins_list_generator<(EXECUTABLE_SUFFIX)', ], 'outputs': [ -@@ -415,6 +418,7 @@ +@@ -395,6 +398,7 @@ ], }, 'inputs': [ @@ -60,7 +65,7 @@ Subject: [PATCH] Using native binaries '<(mksnapshot_exec)', ], 'outputs': [ -@@ -1548,6 +1552,7 @@ +@@ -1513,6 +1517,7 @@ { 'action_name': 'run_gen-regexp-special-case_action', 'inputs': [ @@ -68,3 +73,6 @@ Subject: [PATCH] Using native binaries '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)gen-regexp-special-case<(EXECUTABLE_SUFFIX)', ], 'outputs': [ +-- +2.34.1 + diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/0002-Install-both-binaries-and-use-libdir.patch b/meta-oe/recipes-devtools/nodejs/nodejs/0002-Install-both-binaries-and-use-libdir.patch deleted file mode 100644 index 5cb2e9701..000000000 --- a/meta-oe/recipes-devtools/nodejs/nodejs/0002-Install-both-binaries-and-use-libdir.patch +++ /dev/null @@ -1,96 +0,0 @@ -From 62ddf8499747fb1e366477d666c0634ad50039a9 Mon Sep 17 00:00:00 2001 -From: Elliott Sales de Andrade <quantum.analyst@gmail.com> -Date: Tue, 19 Mar 2019 23:22:40 -0400 -Subject: [PATCH 2/2] Install both binaries and use libdir. - -This allows us to build with a shared library for other users while -still providing the normal executable. - -Taken from - https://src.fedoraproject.org/rpms/nodejs/raw/rawhide/f/0002-Install-both-binaries-and-use-libdir.patch - -Upstream-Status: Pending - -Signed-off-by: Elliott Sales de Andrade <quantum.analyst@gmail.com> -Signed-off-by: Andreas Müller <schnitzeltony@gmail.com> -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - configure.py | 7 +++++++ - tools/install.py | 21 +++++++++------------ - 2 files changed, 16 insertions(+), 12 deletions(-) - -diff --git a/configure.py b/configure.py -index 6efb98c2316f089f3167e486282593245373af3f..a6d2ec939e4480dfae703f3978067537abf9f0f0 100755 ---- a/configure.py -+++ b/configure.py -@@ -721,10 +721,16 @@ parser.add_argument('--shared', - dest='shared', - default=None, - help='compile shared library for embedding node in another project. ' + - '(This mode is not officially supported for regular applications)') - -+parser.add_argument('--libdir', -+ action='store', -+ dest='libdir', -+ default='lib', -+ help='a directory to install the shared library into') -+ - parser.add_argument('--without-v8-platform', - action='store_true', - dest='without_v8_platform', - default=False, - help='do not initialize v8 platform during node.js startup. ' + -@@ -1305,10 +1311,11 @@ def configure_node(o): - o['variables']['debug_nghttp2'] = 'false' - - o['variables']['node_no_browser_globals'] = b(options.no_browser_globals) - - o['variables']['node_shared'] = b(options.shared) -+ o['variables']['libdir'] = options.libdir - node_module_version = getmoduleversion.get_version() - - if options.dest_os == 'android': - shlib_suffix = 'so' - elif sys.platform == 'darwin': -diff --git a/tools/install.py b/tools/install.py -index 41cc1cbc60a9480cc08df3aa0ebe582c2becc3a2..11208f9e7166ab60da46d5ace2257c239a7e9263 100755 ---- a/tools/install.py -+++ b/tools/install.py -@@ -128,26 +128,23 @@ def subdir_files(path, dest, action): - for subdir, files_in_path in ret.items(): - action(files_in_path, subdir + '/') - - def files(action): - is_windows = sys.platform == 'win32' -- output_file = 'node' - output_prefix = 'out/Release/' -+ output_libprefix = output_prefix - -- if 'false' == variables.get('node_shared'): -- if is_windows: -- output_file += '.exe' -+ if is_windows: -+ output_bin = 'node.exe' -+ output_lib = 'node.dll' - else: -- if is_windows: -- output_file += '.dll' -- else: -- output_file = 'lib' + output_file + '.' + variables.get('shlib_suffix') -+ output_bin = 'node' -+ output_lib = 'libnode.' + variables.get('shlib_suffix') - -- if 'false' == variables.get('node_shared'): -- action([output_prefix + output_file], 'bin/' + output_file) -- else: -- action([output_prefix + output_file], 'lib/' + output_file) -+ action([output_prefix + output_bin], 'bin/' + output_bin) -+ if 'true' == variables.get('node_shared'): -+ action([output_libprefix + output_lib], variables.get('libdir') + '/' + output_lib) - - if 'true' == variables.get('node_use_dtrace'): - action(['out/Release/node.d'], 'lib/dtrace/node.d') - - # behave similarly for systemtap --- -2.33.0 - diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch b/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch deleted file mode 100644 index 4d238c03f..000000000 --- a/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch +++ /dev/null @@ -1,151 +0,0 @@ -From 86d1c0cc6a5dcf57e413a1cc1c29203e87cf9a14 Mon Sep 17 00:00:00 2001 -From: Daniel Bevenius <daniel.bevenius@gmail.com> -Date: Sat, 16 Oct 2021 08:50:16 +0200 -Subject: [PATCH] src: add --openssl-legacy-provider option - -This commit adds an option to Node.js named --openssl-legacy-provider -and if specified will load OpenSSL 3.0 Legacy provider. - -$ ./node --help -... ---openssl-legacy-provider enable OpenSSL 3.0 legacy provider - -Example usage: - -$ ./node --openssl-legacy-provider -p 'crypto.createHash("md4")' -Hash { - _options: undefined, - [Symbol(kHandle)]: Hash {}, - [Symbol(kState)]: { [Symbol(kFinalized)]: false } -} - -Co-authored-by: Richard Lau <rlau@redhat.com> -Signed-off-by: Signed-off-by: Andrej Valek <andrej.valek@siemens.com> -Upstream-Status: Backport [https://github.com/nodejs/node/issues/40455] ---- - doc/api/cli.md | 10 ++++++++++ - src/crypto/crypto_util.cc | 10 ++++++++++ - src/node_options.cc | 10 ++++++++++ - src/node_options.h | 7 +++++++ - .../test-process-env-allowed-flags-are-documented.js | 5 +++++ - 5 files changed, 42 insertions(+) - -diff --git a/doc/api/cli.md b/doc/api/cli.md -index 74057706bf8d..608b9cdeddf1 100644 ---- a/doc/api/cli.md -+++ b/doc/api/cli.md -@@ -687,6 +687,14 @@ Load an OpenSSL configuration file on startup. Among other uses, this can be - used to enable FIPS-compliant crypto if Node.js is built - against FIPS-enabled OpenSSL. - -+### `--openssl-legacy-provider` -+<!-- YAML -+added: REPLACEME -+--> -+ -+Enable OpenSSL 3.0 legacy provider. For more information please see -+[providers readme][]. -+ - ### `--pending-deprecation` - - <!-- YAML -@@ -1544,6 +1552,7 @@ Node.js options that are allowed are: - * `--no-warnings` - * `--node-memory-debug` - * `--openssl-config` -+* `--openssl-legacy-provider` - * `--pending-deprecation` - * `--policy-integrity` - * `--preserve-symlinks-main` -@@ -1933,6 +1942,7 @@ $ node --max-old-space-size=1536 index.js - [emit_warning]: process.md#processemitwarningwarning-options - [jitless]: https://v8.dev/blog/jitless - [libuv threadpool documentation]: https://docs.libuv.org/en/latest/threadpool.html -+[providers readme]: https://github.com/openssl/openssl/blob/openssl-3.0.0/README-PROVIDERS.md - [remote code execution]: https://www.owasp.org/index.php/Code_Injection - [security warning]: #warning-binding-inspector-to-a-public-ipport-combination-is-insecure - [timezone IDs]: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones -diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc -index 7e0c8ba3eb60..796ea3025e41 100644 ---- a/src/crypto/crypto_util.cc -+++ b/src/crypto/crypto_util.cc -@@ -148,6 +148,16 @@ void InitCryptoOnce() { - } - #endif - -+#if OPENSSL_VERSION_MAJOR >= 3 -+ // --openssl-legacy-provider -+ if (per_process::cli_options->openssl_legacy_provider) { -+ OSSL_PROVIDER* legacy_provider = OSSL_PROVIDER_load(nullptr, "legacy"); -+ if (legacy_provider == nullptr) { -+ fprintf(stderr, "Unable to load legacy provider.\n"); -+ } -+ } -+#endif -+ - OPENSSL_init_ssl(0, settings); - OPENSSL_INIT_free(settings); - settings = nullptr; -diff --git a/src/node_options.cc b/src/node_options.cc -index 00bdc6688a4c..3363860919a9 100644 ---- a/src/node_options.cc -+++ b/src/node_options.cc -@@ -4,6 +4,9 @@ - #include "env-inl.h" - #include "node_binding.h" - #include "node_internals.h" -+#if HAVE_OPENSSL -+#include "openssl/opensslv.h" -+#endif - - #include <errno.h> - #include <sstream> -diff --git a/src/node_options.h b/src/node_options.h -index fd772478d04d..1c0e018ab16f 100644 ---- a/src/node_options.h -+++ b/src/node_options.h -@@ -11,6 +11,10 @@ - #include "node_mutex.h" - #include "util.h" - -+#if HAVE_OPENSSL -+#include "openssl/opensslv.h" -+#endif -+ - namespace node { - - class HostPort { -@@ -251,6 +255,9 @@ class PerProcessOptions : public Options { - bool enable_fips_crypto = false; - bool force_fips_crypto = false; - #endif -+#if OPENSSL_VERSION_MAJOR >= 3 -+ bool openssl_legacy_provider = false; -+#endif - - // Per-process because reports can be triggered outside a known V8 context. - bool report_on_fatalerror = false; -diff --git a/test/parallel/test-process-env-allowed-flags-are-documented.js b/test/parallel/test-process-env-allowed-flags-are-documented.js -index 64626b71f019..8a4e35997907 100644 ---- a/test/parallel/test-process-env-allowed-flags-are-documented.js -+++ b/test/parallel/test-process-env-allowed-flags-are-documented.js -@@ -43,6 +43,10 @@ for (const line of [...nodeOptionsLines, ...v8OptionsLines]) { - } - } - -+if (!common.hasOpenSSL3) { -+ documented.delete('--openssl-legacy-provider'); -+} -+ - // Filter out options that are conditionally present. - const conditionalOpts = [ - { -@@ -50,6 +54,7 @@ const conditionalOpts = [ - filter: (opt) => { - return [ - '--openssl-config', -+ common.hasOpenSSL3 ? '--openssl-legacy-provider' : '', - '--tls-cipher-list', - '--use-bundled-ca', - '--use-openssl-ca', - diff --git a/meta-oe/recipes-devtools/nodejs/nodejs_16.14.2.bb b/meta-oe/recipes-devtools/nodejs/nodejs_16.18.1.bb similarity index 94% rename from meta-oe/recipes-devtools/nodejs/nodejs_16.14.2.bb rename to meta-oe/recipes-devtools/nodejs/nodejs_16.18.1.bb index 62188f94a..a67948320 100644 --- a/meta-oe/recipes-devtools/nodejs/nodejs_16.14.2.bb +++ b/meta-oe/recipes-devtools/nodejs/nodejs_16.18.1.bb @@ -1,7 +1,7 @@ DESCRIPTION = "nodeJS Evented I/O for V8 JavaScript" HOMEPAGE = "http://nodejs.org" LICENSE = "MIT & ISC & BSD-2-Clause & BSD-3-Clause & Artistic-2.0" -LIC_FILES_CHKSUM = "file://LICENSE;md5=6ba5b21ac7a505195ca69344d3d7a94a" +LIC_FILES_CHKSUM = "file://LICENSE;md5=6e54852cd826c41e80c6d80f6db00a85" DEPENDS = "openssl" DEPENDS:append:class-target = " qemu-native" @@ -19,9 +19,7 @@ COMPATIBLE_HOST:powerpc = "null" SRC_URI = "http://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz \ file://0001-Disable-running-gyp-files-for-bundled-deps.patch \ - file://0002-Install-both-binaries-and-use-libdir.patch \ file://0004-v8-don-t-override-ARM-CFLAGS.patch \ - file://0005-add-openssl-legacy-provider-option.patch \ file://big-endian.patch \ file://mips-less-memory.patch \ file://system-c-ares.patch \ @@ -29,7 +27,7 @@ SRC_URI = "http://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz \ file://0001-mips-Use-32bit-cast-for-operand-on-mips32.patch \ " SRC_URI:append:class-target = " \ - file://0002-Using-native-binaries.patch \ + file://0001-Using-native-binaries.patch \ " SRC_URI:append:toolchain-clang:x86 = " \ file://libatomic.patch \ @@ -37,7 +35,7 @@ SRC_URI:append:toolchain-clang:x86 = " \ SRC_URI:append:toolchain-clang:powerpc64le = " \ file://0001-ppc64-Do-not-use-mminimal-toc-with-clang.patch \ " -SRC_URI[sha256sum] = "e922e215cc68eb5f94d33e8a0b61e2c863b7731cc8600ab955d3822da90ff8d1" +SRC_URI[sha256sum] = "1f8051a88f86f42064f4415fe7a980e59b0a502ecc8def583f6303bc4d445238" S = "${WORKDIR}/node-v${PV}"
* Drop Openssl legacy provider patch and install both binaries patch which are already available in 16.x * Refresh native binaries patch against 16.x base Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> --- .../oe-npm-cache | 0 ....14.bb => nodejs-oe-cache-native_16.18.bb} | 0 ...patch => 0001-Using-native-binaries.patch} | 40 +++-- ...Install-both-binaries-and-use-libdir.patch | 96 ----------- ...5-add-openssl-legacy-provider-option.patch | 151 ------------------ .../{nodejs_16.14.2.bb => nodejs_16.18.1.bb} | 8 +- 6 files changed, 27 insertions(+), 268 deletions(-) rename meta-oe/recipes-devtools/nodejs/{nodejs-oe-cache-16.14 => nodejs-oe-cache-16.18}/oe-npm-cache (100%) rename meta-oe/recipes-devtools/nodejs/{nodejs-oe-cache-native_16.14.bb => nodejs-oe-cache-native_16.18.bb} (100%) rename meta-oe/recipes-devtools/nodejs/nodejs/{0002-Using-native-binaries.patch => 0001-Using-native-binaries.patch} (70%) delete mode 100644 meta-oe/recipes-devtools/nodejs/nodejs/0002-Install-both-binaries-and-use-libdir.patch delete mode 100644 meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch rename meta-oe/recipes-devtools/nodejs/{nodejs_16.14.2.bb => nodejs_16.18.1.bb} (94%)