Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

nodejs: fix sandboxed build on darwin #262124

Merged
merged 3 commits into from
Jul 8, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 0 additions & 28 deletions pkgs/development/web/nodejs/bypass-xcodebuild.diff

This file was deleted.

24 changes: 24 additions & 0 deletions pkgs/development/web/nodejs/gyp-patches-pre-v22-import-sys.patch
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
Add missing import statement for gyp-patches.nix.

--- a/deps/npm/node_modules/node-gyp/gyp/pylib/gyp/generator/make.py
+++ b/deps/npm/node_modules/node-gyp/gyp/pylib/gyp/generator/make.py
@@ -25,6 +25,7 @@
import os
import re
import subprocess
+import sys
import gyp
import gyp.common
import gyp.xcode_emulation

--- a/tools/gyp/pylib/gyp/generator/make.py
+++ b/tools/gyp/pylib/gyp/generator/make.py
@@ -25,6 +25,7 @@
import os
import re
import subprocess
+import sys
import gyp
import gyp.common
import gyp.xcode_emulation

14 changes: 14 additions & 0 deletions pkgs/development/web/nodejs/gyp-patches-v22-import-sys.patch
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
For some reason Node.js v22 has two different GYP versions vendored, and
only one of them contains `import sys`.

--- a/deps/npm/node_modules/node-gyp/gyp/pylib/gyp/generator/make.py
+++ b/deps/npm/node_modules/node-gyp/gyp/pylib/gyp/generator/make.py
@@ -25,6 +25,7 @@
import os
import re
import subprocess
+import sys
import gyp
import gyp.common
import gyp.xcode_emulation

22 changes: 22 additions & 0 deletions pkgs/development/web/nodejs/gyp-patches.nix
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
{ fetchpatch2 }:
let
name = "gyp-darwin-sandbox.patch";
url = "https://github.com/nodejs/gyp-next/commit/706d04aba5bd18f311dc56f84720e99f64c73466.patch";
in
[
# Fixes builds with Nix sandbox on Darwin for gyp.
# See https://github.com/NixOS/nixpkgs/issues/261820
# and https://github.com/nodejs/gyp-next/pull/216
(fetchpatch2 {
inherit name url;
hash = "sha256-l8FzgLq9CbVJCkXfnTyDQ+vXKCz65wpaffE74oSU+kY=";
stripLen = 1;
extraPrefix = "tools/gyp/";
})
(fetchpatch2 {
inherit name url;
hash = "sha256-UVUn4onXfJgFoAdApLAbliiBgM9rxDdIo53WjFryoBI=";
stripLen = 1;
extraPrefix = "deps/npm/node_modules/node-gyp/gyp/";
})
]
65 changes: 61 additions & 4 deletions pkgs/development/web/nodejs/nodejs.nix
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
{ lib, stdenv, fetchurl, openssl, python, zlib, libuv, util-linux, http-parser, bash
, pkg-config, which, buildPackages
, testers
# for `.pkgs` attribute
, callPackage
# Updater dependencies
Expand Down Expand Up @@ -131,25 +132,74 @@ let

inherit patches;

doCheck = lib.versionAtLeast version "16"; # some tests fail on v14
__darwinAllowLocalNetworking = true; # for tests

# TODO: what about tests when cross-compiling?
# Note that currently stdenv does not run check phase if build ≠ host.
doCheck = true;

# Some dependencies required for tools/doc/node_modules (and therefore
# test-addons, jstest and others) target are not included in the tarball.
# Run test targets that do not require network access.
checkTarget = lib.concatStringsSep " " [
checkTarget = lib.concatStringsSep " " ([
"build-js-native-api-tests"
"build-node-api-tests"
"tooltest"
"cctest"
] ++ lib.optionals (!stdenv.buildPlatform.isDarwin || lib.versionAtLeast version "20") [
# There are some test failures on macOS before v20 that are not worth the
# time to debug for a version that would be eventually removed in less
# than a year (Node.js 18 will be EOL at 2025-04-30). Note that these
# failures are specific to Nix sandbox on macOS and should not affect
# actual functionality.
"test-ci-js"
];
]);

checkFlags = [
# Do not create __pycache__ when running tests.
"PYTHONDONTWRITEBYTECODE=1"
] ++ lib.optionals (!stdenv.buildPlatform.isDarwin || lib.versionAtLeast version "20") [
"FLAKY_TESTS=skip"
# Skip some tests that are not passing in this context
"CI_SKIP_TESTS=test-setproctitle,test-tls-cli-max-version-1.3,test-tls-client-auth,test-child-process-exec-env,test-fs-write-stream-eagain,test-tls-sni-option,test-https-foafssl,test-child-process-uid-gid,test-process-euid-egid,test-process-initgroups,test-process-uid-gid,test-process-setgroups"
"CI_SKIP_TESTS=${lib.concatStringsSep "," ([
"test-child-process-exec-env"
"test-child-process-uid-gid"
"test-fs-write-stream-eagain"
"test-https-foafssl"
"test-process-euid-egid"
"test-process-initgroups"
"test-process-setgroups"
"test-process-uid-gid"
"test-setproctitle"
"test-tls-cli-max-version-1.3"
"test-tls-client-auth"
"test-tls-sni-option"
] ++ lib.optionals stdenv.hostPlatform.isDarwin [
# Disable tests that don’t work under macOS sandbox.
"test-macos-app-sandbox"
"test-os"
"test-os-process-priority"
# This is a bit weird, but for some reason fs watch tests fail with
# sandbox.
"test-fs-promises-watch"
"test-fs-watch"
"test-fs-watch-encoding"
"test-fs-watch-non-recursive"
"test-fs-watch-recursive-add-file"
"test-fs-watch-recursive-add-file-to-existing-subfolder"
"test-fs-watch-recursive-add-file-to-new-folder"
"test-fs-watch-recursive-add-file-with-url"
"test-fs-watch-recursive-add-folder"
"test-fs-watch-recursive-assert-leaks"
"test-fs-watch-recursive-promise"
"test-fs-watch-recursive-symlink"
"test-fs-watch-recursive-sync-write"
"test-fs-watch-recursive-update-file"
"test-fs-watchfile"
"test-runner-run"
"test-runner-watch-mode"
"test-watch-mode-files_watcher"
])}"
];

postInstall = ''
Expand Down Expand Up @@ -210,6 +260,13 @@ let
EOF
'';

passthru.tests = {
version = testers.testVersion {
package = self;
version = "v${version}";
};
};

passthru.updateScript = import ./update.nix {
inherit writeScript coreutils gnugrep jq curl common-updater-scripts gnupg nix runtimeShell;
inherit lib;
Expand Down
6 changes: 5 additions & 1 deletion pkgs/development/web/nodejs/v18.nix
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,10 @@ let
buildPackages = buildPackages // { stdenv = ensureCompatibleCC buildPackages; };
python = python311;
};

gypPatches = callPackage ./gyp-patches.nix { } ++ [
./gyp-patches-pre-v22-import-sys.patch
];
in
buildNodejs {
inherit enableNpm;
Expand All @@ -33,5 +37,5 @@ buildNodejs {
url = "https://github.com/nodejs/node/commit/534c122de166cb6464b489f3e6a9a544ceb1c913.patch";
hash = "sha256-4q4LFsq4yU1xRwNsM1sJoNVphJCnxaVe2IyL6AeHJ/I=";
})
];
] ++ gypPatches;
}
6 changes: 5 additions & 1 deletion pkgs/development/web/nodejs/v20.nix
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,10 @@ let
inherit openssl;
python = python3;
};

gypPatches = callPackage ./gyp-patches.nix { } ++ [
./gyp-patches-pre-v22-import-sys.patch
];
in
buildNodejs {
inherit enableNpm;
Expand All @@ -23,5 +27,5 @@ buildNodejs {
url = "https://github.com/nodejs/node/commit/14863e80584e579fd48c55f6373878c821c7ff7e.patch";
hash = "sha256-I7Wjc7DE059a/ZyXAvAqEGvDudPjxQqtkBafckHCFzo=";
})
];
] ++ gypPatches;
}
6 changes: 5 additions & 1 deletion pkgs/development/web/nodejs/v22.nix
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,10 @@ let
inherit openssl;
python = python3;
};

gypPatches = callPackage ./gyp-patches.nix { } ++ [
./gyp-patches-v22-import-sys.patch
];
in
buildNodejs {
inherit enableNpm;
Expand All @@ -16,5 +20,5 @@ buildNodejs {
./node-npm-build-npm-package-logic.patch
./use-correct-env-in-tests.patch
./bin-sh-node-run-v22.patch
];
] ++ gypPatches;
}