Currently using the --openssl-is-fips configuration option in
combination with --ninja is broken.
This commit fixes two issues, one being an issue with the linker/version
script path variable. The second is that the locations of built
artifacts that differ for ninja and make.
ninja:
$ ./configure --openssl-is-fips --ninja
$ ninja -C out/Release
$ ./node --enable-fips -p 'crypto.getFips()'
1
make:
$ ./configure --openssl-is-fips
$ make -j8
$ ./node --enable-fips -p 'crypto.getFips()'
1
PR-URL: https://github.com/nodejs/node/pull/40518
Refs: https://github.com/nodejs/node/issues/40509
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Beth Griggs <bgriggs@redhat.com>
This pull request updates the OpenSSL version that is statically
linked with Node.js from OpenSSl 1.1.1 to quictls OpenSSL 3.0.0+quic.
This pull request will replace the OpenSSL version that is currently
in the deps directory and when performing a normal build
OpenSSL 3.0+quic will be statically linked to the Node.js executable.
We will still be able to dynamically link to OpenSSL 1.1.1 and we have
a CI job which dynamically links to OpenSSL 1.1.1 which is run for
every pull request to make sure that we maintain backward compatibility.
PR-URL: https://github.com/nodejs/node/pull/38512
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
https://docs.python.org/3/library/stdtypes.html#str.endswith
One function call should be faster than three function calls per file.
PR-URL: https://github.com/nodejs/node/pull/40017
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Shingo Inoue <leko.noor@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
The AIX/IBM i branch in `host_arch_cc()` that hardcodes the compiler
executable to `gcc` precludes picking up either `CC_host` or `CC`
environment variables (if set) as is done on other platforms. On an
AIX/IBM i platform where the compiler is, e.g. `gcc-10` instead of
just `gcc`, the current check will fail to detect the host architecture
and incorrectly default to `ia32`. Removing the AIX/IBM i specific
branch will follow the same logic as on the other platforms:
1. The value, if set, of the `CC_host` environment variable.
2. Otherwise, if set, the value of the `CC` environment variable.
3. `gcc` (`cc` if on macOS).
PR-URL: https://github.com/nodejs/node/pull/39481
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Ash Cripps <acripps@redhat.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Michael Dawson <midawson@redhat.com>
GYP uses the system path when parsing node.gyp;
However, if system python is different from our
gyp runtime python, like '2.7', gyp would crash.
Co-authored-by: Michaël Zasso <targos@protonmail.com>
PR-URL: https://github.com/nodejs/node/pull/39293
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/39004
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Michael Dawson <midawson@redhat.com>
PR-URL: https://github.com/nodejs/node/pull/38273
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Mary Marchini <oss@mmarchini.me>
This commit enables FIPS when Node.js is dynamically linking against
quictls/openssl-3.0.
BUILDING.md has been updated with instructions to configure and build
quictls/openssl 3.0.0-alpha-15 and includes a couple of work-arounds
which I believe are fixed in alpha-16 and can be removed when alpha-16
is available. The information might be a little too detailed/verbose
but I thought it would be helpful to at least initially include all the
steps.
PR-URL: https://github.com/nodejs/node/pull/38633
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
V8's build toolchain is not compatible with Python 3 and the CI job
that tests V8 needs to be run with Python 2. Add a fallback to
`find_executable` from `distutils.spawn` to allow the configure
script to run in the V8 test job.
PR-URL: https://github.com/nodejs/node/pull/38632
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Debian based packages of Python 3 do not include `distutils.spawn` and
require an additional apt package to be installed (`python3-distutils`).
Replace use of `distutils.spawn` with `shutil.which`, available in all
versions of Python currently allowed by our configure scripts.
For the `configure` script only, fall back to `distutils.spawn` to allow
friendlier error messages when run on older unsupported versions of
Python (e.g. 2.7).
`configure.py` also uses `distutils.version` -- this appears to be
available in Debian packaged Python 3 without installing
`python3-distutils` so has been left as-is.
PR-URL: https://github.com/nodejs/node/pull/38600
Refs: https://github.com/nodejs/node/issues/30189
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Christian Clauss <cclauss@me.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Update the warning threshold to match the minimum supported version
of gcc. Builds can still proceed, but are not guaranteed to work.
PR-URL: https://github.com/nodejs/node/pull/37935
Refs: https://github.com/nodejs/node/pull/37871
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reintroduces the ngtcp2 and nghttp3 dependencies, building those by
default if the vendored-in openssl (with QUIC support) is used or the
shared openssl defines `OPENSSL_INFO_QUIC`.
Upates the version metadata to reflect whether ngtcp2 and nghttp3 are
present.
ngtcp2 as of
2381f7f7b6
nghttp3 as of
66ad30f0a8
Signed-off-by: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/37682
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
If the shared openssl does not have the `OPENSSL_INFO_QUIC` define,
then it definitely does not have the QUIC apis. This is only a partially
accurate check because it does not detect if the shared openssl was
actually *built* without the OPENSSL_NO_QUIC define set.
Signed-off-by: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/37682
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
* Replace unused identifier with Python convention `_`.
* Remove unneeded parentheses.
* Remove line-wrapping.
I confirmed that this doesn't change the output by running `./configure
--shared-zlib` and confirming that it created the same `common.gypi`
with and without these changes. The code changed here doesn't run unless
there is a `--shared-*` flag.
PR-URL: https://github.com/nodejs/node/pull/36551
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Daijiro Wachi <daijiro.wachi@gmail.com>
Currently warning is printed called even if the selection ordering flag
has not been passed.
Only print warning if `--limit-configure-section-file`
has been passed to configure.
Fixes: https://github.com/nodejs/node/issues/35872
PR-URL: https://github.com/nodejs/node/pull/35955
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
This option is now outdated and not used any longer.
PR-URL: https://github.com/nodejs/node/pull/27576
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
The flag improves the experience of debugging V8 with native debuggers.
It doens't incur performance penality, the only downside is an increase
in binary size by approximately 248 Kb.
Ref: https://github.com/nodejs/node/pull/32834
PR-URL: https://github.com/nodejs/node/pull/34705
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: David Carlier <devnexen@gmail.com>
Add a configure flag to build V8 with `-DOBJECT_PRINT`, which will
expose auxiliar functions to inspect heap objects using native
debuggers.
Fixes: https://github.com/nodejs/node/issues/32402
Signed-off-by: Mary Marchini <mmarchini@netflix.com>
PR-URL: https://github.com/nodejs/node/pull/32834
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ujjwal Sharma <ryzokuken@disroot.org>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
The build defaulted to the byte order of the host system but
that can be different from the endianness of the target system.
Refs: https://github.com/nodejs/node/issues/33703#issuecomment-644639158
PR-URL: https://github.com/nodejs/node/pull/33898
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
This commit adds a configuration option named
openssl-default-cipher-list which takes a colon separated string
specifying ciphers that should be used as the default ciphers instead of
the ones defined in node_constants.
The motivation for this is a use case where Fedora/RHEL would like
to be able to specify a default cipher in the format PROFILE=SYSTEM.
This would enable Fedora/RHEL to have a system wide security level for
all applications.
PR-URL: https://github.com/nodejs/node/pull/33708
Refs: https://docs.fedoraproject.org/en-US/packaging-guidelines/CryptoPolicies/
Reviewed-By: David Carlier <devnexen@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
PR-URL: https://github.com/nodejs/node/pull/33541
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
On Windows there is a program "find.exe" located in
C:\Windows\System32, which is usually in the PATH before
MSYS version of that program (required for running makefile).
The Windows version of the program uses different CLI syntax,
which results in errors like
"File not found - *node_modules*"
This commit specifies the full path to the program, which is also
properly handled by MSYS on Windows.
PR-URL: https://github.com/nodejs/node/pull/33136
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
* Fixes cases in icutools where commands were issued without .exe
* Changes to build scripts
* Add /fp:strict flag so that MSVC's floating point behaves correctly
* Enables marmasm
PR-URL: https://github.com/nodejs/node/pull/32867
Reviewed-By: Christian Clauss <cclauss@me.com>
Reviewed-By: João Reis <reis@janeasystems.com>
This commit adds a configuration time flag named error-on-warn:
$ ./configure --help | grep -A1 error-on-warn
--error-on-warn Turn compiler warnings into errors for node core
sources.
The motivation for this is that CI jobs can use this flag to turn
warnings into errors.
PR-URL: https://github.com/nodejs/node/pull/32685
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Matheus Marchini <mat@mmarchini.me>
Add a configure flag that enables building V8 with `-DDEBUG`, in
particular with debug checks enabled and with runtime debugging
features, e.g. inspecting JS objects from debuggers, enabled.
PR-URL: https://github.com/nodejs/node/pull/32787
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Matheus Marchini <mat@mmarchini.me>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Log the versions of the detected compilers when the configure script
is run with `--verbose` to help verify which compiler is being used if
multiple toolchains are installed on the system.
Signed-off-by: Richard Lau <riclau@uk.ibm.com>
PR-URL: https://github.com/nodejs/node/pull/32715
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
There is lots of space to expand this not-so-well-known acronym in the
option usage message.
PR-URL: https://github.com/nodejs/node/pull/32325
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Matheus Marchini <mat@mmarchini.me>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
This commit makes the configure --without-report flag a no-op.
This commit also updates a test that depends on the report CLI
flags being conditionally present.
PR-URL: https://github.com/nodejs/node/pull/32242
Fixes: https://github.com/nodejs/node/issues/26293
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: David Carlier <devnexen@gmail.com>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
brotli is available as a shared library since 2016, so it makes sense
to allow its use as a system-installed version.
Some of the infrastructure was in place already (node.gyp and
node.gypi), but some bits in the configure script here were missing.
Add them, keeping the default as before, to use the bundled version.
Refs: https://github.com/google/brotli/pull/421
Signed-off-by: André Draszik <git@andred.net>
PR-URL: https://github.com/nodejs/node/pull/32046
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Sometimes it's necessary to pass multiple library names to pkg-config,
e.g. the brotli shared libraries can be pulled in with
pkg-config libbrotlienc libbrotlidec
Update the code to handle both, strings (as used so far), and lists
of strings.
Signed-off-by: André Draszik <git@andred.net>
PR-URL: https://github.com/nodejs/node/pull/32046
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Building Node.js with `--debug` takes a long time and generates
binaries that can be hard to work with due to their size, in
particular because debug builds of V8 are large.
Sometimes, it’s sufficient to build the Node.js parts with native
debugging options enabled. Add an option for that.
PR-URL: https://github.com/nodejs/node/pull/31644
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Santiago Gimeno <santiago.gimeno@gmail.com>
Reviewed-By: Gus Caplan <me@gus.host>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Some Python distributions do not support
context manager protocol (CMP) for BZ2File.
PR-URL: https://github.com/nodejs/node/pull/31198
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Christian Clauss <cclauss@me.com>
Re-introduce the build-time option as a no-op in order to retain
backward compatibility for LTS purposes.
Re: https://github.com/nodejs/node/pull/31063#pullrequestreview-336045756
PR_URL: https://github.com/nodejs/node/pull/31075
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Beth Griggs <Bethany.Griggs@uk.ibm.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Moves the option that instructs Node.js to-remap its static code to
large pages from a configure-time option to a runtime option. This
should make it easy to assess the performance impact of such a change
without having to custom-build.
PR-URL: https://github.com/nodejs/node/pull/30954
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: David Carlier <devnexen@gmail.com>
Reviewed-By: David Carlier <devnexen@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Denys Otrishko <shishugi@gmail.com>
Co-authored-by: David Carlier <devnexen@gmail.com>
When compiled with `--with-intl=small` and
`--with-icu-default-data-dir=PATH`, Node.js will use PATH as a
fallback location for the ICU data.
We will first perform an access check using fopen(PATH, 'r') to
ensure that the file is readable. If it is, we'll set the
icu_data_directory and proceed. There's a slight overhead for the
fopen() check, but it should be barely measurable.
This will be useful for Linux distribution packagers who want to
be able to ship a minimal node binary in a container image but
also be able to add on the full i18n support where needed. With
this patch, it becomes possible to ship the interpreter as
/usr/bin/node in one package for the distribution and to ship the
data files in another package (without a strict dependency
between the two). This means that users of the distribution will
not need to explicitly direct Node.js to locate the ICU data. It
also means that in environments where full internationalization is
not required, they do not need to carry the extra content (with
the associated storage costs).
Refs: https://github.com/nodejs/node/issues/3460
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
PR-URL: https://github.com/nodejs/node/pull/30825
Reviewed-By: Steven R Loomis <srloomis@us.ibm.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Compiling a library with -fPIE won't do, and on Android libraries
are not versioned.
PR-URL: https://github.com/nodejs/node/pull/29388
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Christian Clauss <cclauss@me.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
