Install a specific version

[hectcastro]

How would you recommend that someone use this repository to install a specific version of Node.js? Previously, I was attempting to pin the version number, but it looks like older versions of Node.js are being replaced with newer ones.

My goal is to use a specific version of Node.js, but then not update to the newest version until after some testing occurs.

[ggsddu7]

This is my question too

[rvagg]

https://help.ubuntu.com/community/PinningHowto might be the way to go, /etc/apt/preferences

This is something we're only looking at experimenting with ourselves now for our Docker images, we'll let you know if we come up with an approach we can recommend, but for now, have a look at that wiki link.

[zol]

+1 It would be great to keep old versions available in Packages rather than just the latest.

Unfortunately pinning doesn't help when needing to provision new VM's to match machines in the cluster that are running an older version of the package.

[tecto]

+1 for keeping old versions available in Packages.

Need to be able to apt-get install a specific version (0.10.33 in this case) across multiple servers and then pin the nodejs package to maintain consistency and separately test new versions before rollout.

Reference both https://help.ubuntu.com/community/PinningHowto and http://blog.andrewbeacock.com/2007/03/how-to-install-specific-version-of.html

[chrislea]

Okay, we certainly understand the need. Unfortunately, the reprepro utility which is part of our tooling for publishing the repositories can't do this, so we'll need to look into using something like aptly instead. I'll update here once we have something ready.

[chris-prince]

What about at least providing one repo per major release series (e.g. 0.10.x, 0.12.x)?

This is especially relevant now that Node 0.12 is out. I'd like to have control over when I make the switch from 0.10.x to 0.12.x. (But I am okay with receiving bugfix updates on the track that I'm on.)

I feel like SaltStack PPAs do this well. (https://launchpad.net/~saltstack) In their case:

• ppa:saltstack/salt gives the latest stable release
• ppa:saltstack/salt2014-7 gives the latest stable v2014.7.x release
• ppa:saltstack/salt2014-1 gives the latest stable v2014.1.x release
• etc.

Going forward, I would love to see something similar for Node (e.g. repos node, node-0.10, node-0.12).

[coen-hyde]

This is an issue for us as well. I've switched to compiling from source for the moment as i'm not sure when the nodesouce repo will switch to a 0.12.x release.

[awithersdd]

This really should be fixed, like many we test and lock to a specific release for production, we cannot have apt-get install nodejs=specific version fail because a new release was made nor can we accept every new release as if it were the one tested against.

[retrohacker]

https://github.com/nodesource/docker-node has examples of installing specific versions of node/iojs on debian/ubuntu using dpkg and fedora/centos using rpm. You may want to do gpg verification as well, like https://github.com/iojs/docker-iojs/blob/master/1.6/Dockerfile#L11

[shrop]

Using Meteor and definitely need a way to pin the nodejs since there are version requirements. Thanks for all you you folks do on this distro!

[heston]

Friendly bump on this. I just got bit by a version update causing all of our builds to fail. Very unexpected that previous versions are wiped from the repo when a new one is released.

[retrohacker]

@heston I believe they are only removed from the Release file. They are still in the repo: https://deb.nodesource.com/node_5.x/pool/main/n/nodejs/

Personally I am pinning against specific versions using wget [deb] && dpkg -i [deb].

[heston]

@wblankenship Thanks for the tip. Indeed, I see that the packages are still available, so that's an option. Without them being listed in the repo, it's not as easy to install with a package manager, though.

We're using salt to manage our package installations. It has great support for apt-get, but doesn't work as well with custom installation procedures.

[conatus]

@wblankenship Thanks for the tip too!

Can someone from @nodesource please reply to this issue? We have occasional breaking builds as a result of this decision not to keep the packages around and we need to pin an exact version.

At the risk of sounding off, an allegedly "enterprise" set of packages should really allow this simply.

[retrohacker]

@conatus, thanks for your comment. We understand that this feature has been a pain point for some. I personally had to work with it when building the Docker images for NodeSource.

@chrislea, @rvagg, and I are all on the @nodesource team.

Our current build uses the reprepro tool from the Debian project to host these repositories. As chrislea commented above, the tool is preventing us from doing this. We are looking into alternatives that will offer this feature.

We understand the need to pin to specific versions of Node in production. The rationale behind our Docker images is to support that specific use case. While we work towards a solution that allows apt to directly pin a version, we have a short term solution that I proposed above.

We religiously keep all of the artifacts generated by our builds, incrementing the trailing digit of the .deb in the event we need to do a rebuild. They all exist on deb.nodesource.com. This allows consumers to pin directly to a version of Node. The pools these artifacts are served from can be found at:

• Node 5: https://deb.nodesource.com/node_5.x/pool/main/n/nodejs/
• Node 4: https://deb.nodesource.com/node_4.x/pool/main/n/nodejs/
• io.js 3: https://deb.nodesource.com/iojs_3.x/pool/main/i/iojs/
• io.js 2: https://deb.nodesource.com/iojs_2.x/pool/main/i/iojs/
• io.js 1: https://deb.nodesource.com/iojs_1.x/pool/main/i/iojs/
• Node .12: https://deb.nodesource.com/node_0.12/pool/main/n/nodejs/
• Node .10: https://deb.nodesource.com/node_0.10/pool/main/n/nodejs/

If you are using ansible, as @heston, the apt package supports the deb flag which takes a path to a .deb file on the remote box. Pairing this with get_url will offer a short term solution to version pinning.

There is a similar story for our rpm packages as well.

[conatus]

Thanks for your reply @wblankenship, very much appreciated.

While this short term fix is certainly acceptable and the Dockerfiles are good examples, NodeSource isn't just any old set of builds. It is the set of builds recommended by the Node.js project itself as an install path. This repo is then a key bit of Node.js infrastructure for anyone running any kind of automation. You at @nodesource seem to intend it to be taken as such. So I hope you will consider working out how to pin versions easily as a matter of some priority in the near term.

Thanks a lot.

[leedm777]

If it helps, Docker addressed a similar problem using reprepro with their patch at moby/moby#16001. Maybe NodeSource can do something similar.

[nicholascapo]

Any word on this, aptly [1] works great for out internal repos, served from nginx.

[1] https://www.aptly.info/

[chrislea]

Yes, we will probably move to aptly since it seems like the best tool that will let us do this. Unfortunately the way the builds are currently automated is fairly tied to reprepro so this isn't a trivial change to make. It will almost certainly happen when we move the repos to be served off of S3 / CloudFront. So both of those are things on the TODO list, but right now there are a couple of other infrastructure updates that we have to make first internally, so these aren't at the top of the list right now.

[danielkza]

Any news on this?

[Daniel15]

We switched from reprepro to Aptly for Yarn, and it works pretty well. I'd recommend it.

[trajano]

Just to add to #33 (comment) I use the Dockerfile approach for building Expo tooling with Gradle on JDK8.

FROM node:16.13.0 as node

FROM gradle:jdk8
COPY --from=node /usr/local/ /usr/local/
RUN npm install -g expo-cli@4 turtle-cli

[e-dong]

@retrohacker
I'm using a Ubuntu 20.04.3 LTS based docker image

ENV NODE_REPO 16.x
ENV NODE_VERSION 16.15.0

RUN wget -O nodejs_${NODE_VERSION}-1nodesource1_amd64.deb https://deb.nodesource.com/node_${NODE_REPO}/pool/main/n/nodejs/nodejs_${NODE_VERSION}-1nodesource1_amd64.deb
RUN dpkg -i nodejs_${NODE_VERSION}-1nodesource1_amd64.deb

But i ran into this error:

Step 7/15 : RUN dpkg -i nodejs_${NODE_VERSION}-1nodesource1_amd64.deb
 ---> Running in 3df495c2ad6f
Selecting previously unselected package nodejs.
(Reading database ... 25329 files and directories currently installed.)
Preparing to unpack nodejs_16.15.0-1nodesource1_amd64.deb ...
Unpacking nodejs (16.15.0-1nodesource1) ...
dpkg: dependency problems prevent configuration of nodejs:
 nodejs depends on python-minimal; however:
  Package python-minimal is not installed.

dpkg: error processing package nodejs (--install):
 dependency problems - leaving unconfigured
Errors were encountered while processing:
 nodejs
The command '/bin/bash -c dpkg -i nodejs_${NODE_VERSION}-1nodesource1_amd64.deb' returned a non-zero code: 1

I tried adding python-minimal beforehand but it fails. python-minimal is deprecated in favor of python2-minimal. Unfortunately that doesn't seem to resolve the issue.
From this post it looks like there is a dependency on python2?
https://www.reddit.com/r/node/comments/g99i2b/ubuntu_2004_is_out_but_nodesource_deb_still/

[slifty]

@e-dong I faced the python-minimal issue as well and think it may have been linked to a past use of running the 16.x` script.

Running this on a totally fresh machine caused no issues, for instance.

curl -o nodejs.deb https://deb.nodesource.com/node_16.x/pool/main/n/nodejs/nodejs_16.17.1-deb-1nodesource1_arm64.deb
apt -y install ./nodejs.deb

(Sorry this comment isn't fully baked; I wanted to mention the clue for future folks facing the problem)

[curledUpSheep]

FYI: I was able to resolve the python-minimal issue by switching from nodejs_${NODEJS_VERSION}-1nodesource1_amd64.deb to nodejs_${NODEJS_VERSION}-deb-1nodesource1_amd64.deb

It seems the file with -deb in the filename includes metadata that fixes the issue.

[Gerst20051]

When I switched to using the -deb version it installed the latest version and printed this message:

root@063d58f6174d:/code# apt-get install -y ./$DEB_FILE
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Note, selecting 'nodejs' instead of './nodejs_16.13.2-deb-1nodesource1_arm64.deb'

[nick4fake]

Good example why pinning is extremely important:
nodejs/node#48444

We are not sure what to do now with all builds failing

[pulsedynamic]

FYI: I was able to resolve the python-minimal issue by switching from nodejs_${NODEJS_VERSION}-1nodesource1_amd64.deb to nodejs_${NODEJS_VERSION}-deb-1nodesource1_amd64.deb

It seems the file with -deb in the filename includes metadata that fixes the issue.

you are a legend, thanks

[mkozjak]

A new proper way to do this, per official documentation, is here:

sudo apt install -y ca-certificates gnupg
curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | sudo gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg

NODE_MAJOR=16
echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_$NODE_MAJOR.x nodistro main" | sudo tee /etc/apt/sources.list.d/nodesource.list
sudo apt update
apt-cache policy nodejs
sudo apt install --yes nodejs=16.15.1-1nodesource1