We define `retval` as a tuple and then replace the tuple by "appending"
items with `+=` but that actually creates a new tuple every time.
Because it is intended to be mutable, use a list instead, then return a
tuple from the function, as it should be immutable outside the function.
PR-URL: https://github.com/nodejs/node/pull/41372
Reviewed-By: Christian Clauss <cclauss@me.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Currently using the --openssl-is-fips configuration option in
combination with --ninja is broken.
This commit fixes two issues, one being an issue with the linker/version
script path variable. The second is that the locations of built
artifacts that differ for ninja and make.
ninja:
$ ./configure --openssl-is-fips --ninja
$ ninja -C out/Release
$ ./node --enable-fips -p 'crypto.getFips()'
1
make:
$ ./configure --openssl-is-fips
$ make -j8
$ ./node --enable-fips -p 'crypto.getFips()'
1
PR-URL: https://github.com/nodejs/node/pull/40518
Refs: https://github.com/nodejs/node/issues/40509
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Beth Griggs <bgriggs@redhat.com>
This pull request updates the OpenSSL version that is statically
linked with Node.js from OpenSSl 1.1.1 to quictls OpenSSL 3.0.0+quic.
This pull request will replace the OpenSSL version that is currently
in the deps directory and when performing a normal build
OpenSSL 3.0+quic will be statically linked to the Node.js executable.
We will still be able to dynamically link to OpenSSL 1.1.1 and we have
a CI job which dynamically links to OpenSSL 1.1.1 which is run for
every pull request to make sure that we maintain backward compatibility.
PR-URL: https://github.com/nodejs/node/pull/38512
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
The AIX/IBM i branch in `host_arch_cc()` that hardcodes the compiler
executable to `gcc` precludes picking up either `CC_host` or `CC`
environment variables (if set) as is done on other platforms. On an
AIX/IBM i platform where the compiler is, e.g. `gcc-10` instead of
just `gcc`, the current check will fail to detect the host architecture
and incorrectly default to `ia32`. Removing the AIX/IBM i specific
branch will follow the same logic as on the other platforms:
1. The value, if set, of the `CC_host` environment variable.
2. Otherwise, if set, the value of the `CC` environment variable.
3. `gcc` (`cc` if on macOS).
PR-URL: https://github.com/nodejs/node/pull/39481
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Ash Cripps <acripps@redhat.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Michael Dawson <midawson@redhat.com>
This commit enables FIPS when Node.js is dynamically linking against
quictls/openssl-3.0.
BUILDING.md has been updated with instructions to configure and build
quictls/openssl 3.0.0-alpha-15 and includes a couple of work-arounds
which I believe are fixed in alpha-16 and can be removed when alpha-16
is available. The information might be a little too detailed/verbose
but I thought it would be helpful to at least initially include all the
steps.
PR-URL: https://github.com/nodejs/node/pull/38633
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
V8's build toolchain is not compatible with Python 3 and the CI job
that tests V8 needs to be run with Python 2. Add a fallback to
`find_executable` from `distutils.spawn` to allow the configure
script to run in the V8 test job.
PR-URL: https://github.com/nodejs/node/pull/38632
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Debian based packages of Python 3 do not include `distutils.spawn` and
require an additional apt package to be installed (`python3-distutils`).
Replace use of `distutils.spawn` with `shutil.which`, available in all
versions of Python currently allowed by our configure scripts.
For the `configure` script only, fall back to `distutils.spawn` to allow
friendlier error messages when run on older unsupported versions of
Python (e.g. 2.7).
`configure.py` also uses `distutils.version` -- this appears to be
available in Debian packaged Python 3 without installing
`python3-distutils` so has been left as-is.
PR-URL: https://github.com/nodejs/node/pull/38600
Refs: https://github.com/nodejs/node/issues/30189
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Christian Clauss <cclauss@me.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reintroduces the ngtcp2 and nghttp3 dependencies, building those by
default if the vendored-in openssl (with QUIC support) is used or the
shared openssl defines `OPENSSL_INFO_QUIC`.
Upates the version metadata to reflect whether ngtcp2 and nghttp3 are
present.
ngtcp2 as of
2381f7f7b6
nghttp3 as of
66ad30f0a8
Signed-off-by: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/37682
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
If the shared openssl does not have the `OPENSSL_INFO_QUIC` define,
then it definitely does not have the QUIC apis. This is only a partially
accurate check because it does not detect if the shared openssl was
actually *built* without the OPENSSL_NO_QUIC define set.
Signed-off-by: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/37682
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
* Replace unused identifier with Python convention `_`.
* Remove unneeded parentheses.
* Remove line-wrapping.
I confirmed that this doesn't change the output by running `./configure
--shared-zlib` and confirming that it created the same `common.gypi`
with and without these changes. The code changed here doesn't run unless
there is a `--shared-*` flag.
PR-URL: https://github.com/nodejs/node/pull/36551
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Daijiro Wachi <daijiro.wachi@gmail.com>
This commit adds a configuration option named
openssl-default-cipher-list which takes a colon separated string
specifying ciphers that should be used as the default ciphers instead of
the ones defined in node_constants.
The motivation for this is a use case where Fedora/RHEL would like
to be able to specify a default cipher in the format PROFILE=SYSTEM.
This would enable Fedora/RHEL to have a system wide security level for
all applications.
PR-URL: https://github.com/nodejs/node/pull/33708
Refs: https://docs.fedoraproject.org/en-US/packaging-guidelines/CryptoPolicies/
Reviewed-By: David Carlier <devnexen@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
On Windows there is a program "find.exe" located in
C:\Windows\System32, which is usually in the PATH before
MSYS version of that program (required for running makefile).
The Windows version of the program uses different CLI syntax,
which results in errors like
"File not found - *node_modules*"
This commit specifies the full path to the program, which is also
properly handled by MSYS on Windows.
PR-URL: https://github.com/nodejs/node/pull/33136
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
* Fixes cases in icutools where commands were issued without .exe
* Changes to build scripts
* Add /fp:strict flag so that MSVC's floating point behaves correctly
* Enables marmasm
PR-URL: https://github.com/nodejs/node/pull/32867
Reviewed-By: Christian Clauss <cclauss@me.com>
Reviewed-By: João Reis <reis@janeasystems.com>
This commit adds a configuration time flag named error-on-warn:
$ ./configure --help | grep -A1 error-on-warn
--error-on-warn Turn compiler warnings into errors for node core
sources.
The motivation for this is that CI jobs can use this flag to turn
warnings into errors.
PR-URL: https://github.com/nodejs/node/pull/32685
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Matheus Marchini <mat@mmarchini.me>
