-
Notifications
You must be signed in to change notification settings - Fork 29.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
doc: add note re term-size commit on top of npm #32403
Conversation
Until npm updates update-notifier to a newer version, the dependency tree will contain a version of term-size that has an unsigned macOS binary. This will fail .pkg notarization and will result in failed release builds. We built and signed a term-size and contributed it back to the project for this purpose, but the dependency chain is long enough that it's not likely to be included in a new npm very quickly. Until it is, we need to cherry-pick commit d2f08a1 ontop of any npm updates to master and any other release branch that includes notarization.
Co-Authored-By: Ben Noordhuis <info@bnoordhuis.nl>
Co-Authored-By: Ben Noordhuis <info@bnoordhuis.nl>
.pkg in last nightly, after I ran the cherry-pick documented here, on master https://nodejs.org/download/nightly/v14.0.0-nightly20200322ecfb7b0988/ |
@nodejs/npm This is a fair amount build tooling required in order to get a box drawn around some text saying "an npm update is available", is there any chance that this could be fixed? Note that the dependency on the executable is unnecessary, the equivalent functionality is already present in Node.js as pure-js: sindresorhus/terminal-size#15 (comment) @rvagg will the dependency on an unsigned executable make |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not thrilled that this isn't getting fixed upstream, but that's out of our control, in the meantime, this is what we have to do.
Upstream node is patching `term-size` in order to avoid failing release builds, see: nodejs/node#32403 Given that npm@6 has to support node6 and that dependency chain is long enough, along with many major bumps dropping node6 along the way. I propose we patch it here same as node upstream. - ref: sindresorhus/terminal-size#16
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, agree we Sam, not optimal but what we need to do for now.
Nope! That's the fun of this (sarcasm), it's all about the .pkg building process, once it gets onto your machine then Gatekeeper butts out and you can change the on-disk files all you want. So for now, it only matter that macOS executables in our bundles are signed. My guess is that this is only the beginning though, and maybe macOS is heading toward a container-style install system for packages, like Snaps are. It'll get interesting then. You can't overwrite the |
Until npm updates update-notifier to a newer version, the dependency tree will contain a version of term-size that has an unsigned macOS binary. This will fail .pkg notarization and will result in failed release builds. We built and signed a term-size and contributed it back to the project for this purpose, but the dependency chain is long enough that it's not likely to be included in a new npm very quickly. Until it is, we need to cherry-pick commit d2f08a1 ontop of any npm updates to master and any other release branch that includes notarization. PR-URL: #32403 Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Landed in 10d8e26 |
Until npm updates update-notifier to a newer version, the dependency tree will contain a version of term-size that has an unsigned macOS binary. This will fail .pkg notarization and will result in failed release builds. We built and signed a term-size and contributed it back to the project for this purpose, but the dependency chain is long enough that it's not likely to be included in a new npm very quickly. Until it is, we need to cherry-pick commit d2f08a1 ontop of any npm updates to master and any other release branch that includes notarization. PR-URL: #32403 Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
@rvagg thanks for the patch! @sam-github worry not, we're going to be bringing it upstream to npm@6 npm/cli#1053 so that you can get rid of the extra step 😊 |
Until npm updates update-notifier to a newer version, the dependency tree will contain a version of term-size that has an unsigned macOS binary. This will fail .pkg notarization and will result in failed release builds. We built and signed a term-size and contributed it back to the project for this purpose, but the dependency chain is long enough that it's not likely to be included in a new npm very quickly. Until it is, we need to cherry-pick commit d2f08a1 ontop of any npm updates to master and any other release branch that includes notarization. PR-URL: #32403 Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Upstream node is patching `term-size` in order to avoid failing release builds, see: nodejs/node#32403 Given that npm@6 has to support node6 and that dependency chain is long enough, along with many major bumps dropping node6 along the way. I propose we patch it here same as node upstream. - ref: sindresorhus/terminal-size#16 PR-URL: #1053 Credit: @ruyadorno Close: #1053 Reviewed-by: @ruyadorno
Until npm updates update-notifier to a newer version, the dependency
tree will contain a version of term-size that has an unsigned macOS
binary. This will fail .pkg notarization and will result in failed
release builds. We built and signed a term-size and contributed it back
to the project for this purpose, but the dependency chain is long enough
that it's not likely to be included in a new npm very quickly.
Until it is, we need to cherry-pick commit d2f08a1 ontop of any npm
updates to master and any other release branch that includes
notarization.
The dependency chain is update-notifier -> boxen -> term-size. npm is on update-notifier@^2.5.0 but the latest is 4.1.0 and I can imagine it's a bit intimidating to just jump through those versions without grokking what's changed.
I've done this just now for
master
after the update to npm@6.14.3 in 4a3ccd8.You can see what a failure looks like in the latest master nightly if you have access to ci-release: https://ci-release.nodejs.org/job/iojs+release/5763/nodes=osx1015-release-pkg/
.pkg is missing from https://nodejs.org/download/nightly/v14.0.0-nightly20200320f7771fffd0/
@nodejs/build @nodejs/npm