@swimlane/nodegit 1.1.5 → 2.0.4

package/utils/{acquireOpenSSL.js → acquireOpenSSL.mjs}

@@ -1,27 +1,29 @@
-const crypto = require("crypto");
-const execPromise = require("./execPromise");
-// for fs.remove. replace with fs.rm after dropping v12 support
-const fse = require("fs-extra");
-const fsNonPromise = require("fs");
-const { promises: fs } = fsNonPromise;
-const path = require("path");
-const got = require("got");
-const { performance } = require("perf_hooks");
-const { promisify } = require("util");
-const stream = require("stream");
-const tar = require("tar-fs");
-const zlib = require("zlib");
+import crypto from "crypto";
+import { spawn } from "child_process";
+import execPromise from "./execPromise.js";
+import got from "got";
+import path from "path";
+import stream from "stream";
+import tar from "tar-fs";
+import zlib from "zlib";
+import { createWriteStream, promises as fs } from "fs";
+import { performance } from "perf_hooks";
+import { promisify } from "util";
+
+import { hostArch, targetArch } from "./buildFlags.js";
 
 const pipeline = promisify(stream.pipeline);
 
-const packageJson = require('../package.json')
+import packageJson from '../package.json' with { type: "json" };
 
-const OPENSSL_VERSION = "1.1.1t";
-const win32BatPath = path.join(__dirname, "build-openssl.bat");
-const vendorPath = path.resolve(__dirname, "..", "vendor");
+const OPENSSL_VERSION = "3.0.18";
+const win32BatPath = path.join(import.meta.dirname, "build-openssl.bat");
+const vendorPath = path.resolve(import.meta.dirname, "..", "vendor");
 const opensslPatchPath = path.join(vendorPath, "patches", "openssl");
 const extractPath = path.join(vendorPath, "openssl");
 
+const exists = (filePath) => fs.stat(filePath).then(() => true).catch(() => false);
+
 const pathsToIncludeForPackage = [
   "include", "lib"
 ];
@@ -58,7 +60,9 @@ const makeHashVerifyOnFinal = (expected) => (digest) => {
 // currently this only needs to be done on linux
 const applyOpenSSLPatches = async (buildCwd, operatingSystem) => {
   try {
-    for (const patchFilename of await fse.readdir(opensslPatchPath)) {
+    await fs.access(opensslPatchPath);
+
+    for (const patchFilename of await fs.readdir(opensslPatchPath)) {
       const patchTarget = patchFilename.split("-")[1];
       if (patchFilename.split(".").pop() === "patch" && (patchTarget === operatingSystem || patchTarget === "all")) {
         console.log(`applying ${patchFilename}`);
@@ -68,6 +72,11 @@ const applyOpenSSLPatches = async (buildCwd, operatingSystem) => {
       }
     }
   } catch(e) {
+    if (e.code === "ENOENT") {
+      // no patches to apply
+      return;
+    }
+
     console.log("Patch application failed: ", e);
     throw e;
   }
@@ -78,8 +87,10 @@ const buildDarwin = async (buildCwd, macOsDeploymentTarget) => {
     throw new Error("Expected macOsDeploymentTarget to be specified");
   }
 
-  const arguments = [
-    process.arch === "x64" ? "darwin64-x86_64-cc" : "darwin64-arm64-cc",
+  const buildConfig = targetArch === "x64" ? "darwin64-x86_64-cc" : "darwin64-arm64-cc";
+
+  const configureArgs = [
+    buildConfig,
     // speed up ecdh on little-endian platforms with 128bit int support
     "enable-ec_nistp_64_gcc_128",
     // compile static libraries
@@ -88,6 +99,8 @@ const buildDarwin = async (buildCwd, macOsDeploymentTarget) => {
     "no-ssl2",
     "no-ssl3",
     "no-comp",
+    // disable tty ui since it fails a bunch of tests on GHA runners and we're just gonna link anyways
+    "no-ui-console",
     // set install directory
     `--prefix="${extractPath}"`,
     `--openssldir="${extractPath}"`,
@@ -95,13 +108,13 @@ const buildDarwin = async (buildCwd, macOsDeploymentTarget) => {
     `-mmacosx-version-min=${macOsDeploymentTarget}`
   ];
 
-  await execPromise(`./Configure ${arguments.join(" ")}`, {
+  await execPromise(`./Configure ${configureArgs.join(" ")}`, {
     cwd: buildCwd
   }, { pipeOutput: true });
 
   await applyOpenSSLPatches(buildCwd, "darwin");
 
-  // only build the libraries, not the tests/fuzzer or apps
+  // only build the libraries, not the fuzzer or apps
   await execPromise("make build_libs", {
     cwd: buildCwd
   }, { pipeOutput: true });
@@ -117,37 +130,36 @@ const buildDarwin = async (buildCwd, macOsDeploymentTarget) => {
 };
 
 const buildLinux = async (buildCwd) => {
-  const arguments = [
-    "linux-x86_64",
-    // Electron(at least on centos7) imports the libcups library at runtime, which has a
-    // dependency on the system libssl/libcrypto which causes symbol conflicts and segfaults.
-    // To fix this we need to hide all the openssl symbols to prevent them from being overridden
-    // by the runtime linker.
-    "-fvisibility=hidden",
-    // compile static libraries
-    "no-shared",
-    // disable ssl2, ssl3, and compression
-    "no-ssl2",
+  const buildConfig = targetArch === "x64" ? "linux-x86_64" : "linux-aarch64";
+
+  const configureArgs = [
+    buildConfig,
+    // disable ssl3, and compression
     "no-ssl3",
     "no-comp",
     // set install directory
     `--prefix="${extractPath}"`,
-    `--openssldir="${extractPath}"`
+    `--openssldir="${extractPath}"`,
+    "--libdir=lib",
   ];
-  await execPromise(`./Configure ${arguments.join(" ")}`, {
+  await execPromise(`./Configure ${configureArgs.join(" ")}`, {
     cwd: buildCwd
   }, { pipeOutput: true });
 
   await applyOpenSSLPatches(buildCwd, "linux");
 
-  // only build the libraries, not the tests/fuzzer or apps
+  // only build the libraries, not the fuzzer or apps
   await execPromise("make build_libs", {
-    cwd: buildCwd
+    cwd: buildCwd,
+    maxBuffer: 10 * 1024 * 1024
   }, { pipeOutput: true });
 
-  await execPromise("make test", {
-    cwd: buildCwd
-  }, { pipeOutput: true });
+  if (hostArch === targetArch) {
+    await execPromise("make test", {
+      cwd: buildCwd,
+      maxBuffer: 10 * 1024 * 1024
+    }, { pipeOutput: true });
+  }
 
   // only install software, not the docs
   await execPromise("make install_sw", {
@@ -156,44 +168,108 @@ const buildLinux = async (buildCwd) => {
   }, { pipeOutput: true });
 };
 
-const buildWin32 = async (buildCwd, vsBuildArch) => {
-  if (!vsBuildArch) {
-    throw new Error("Expected vsBuildArch to be specified");
-  }
+const buildWin32 = async (buildCwd) => {
+  let vcvarsallPath = undefined;
 
-  const programFilesPath = (process.arch === "x64"
-    ? process.env["ProgramFiles(x86)"]
-    : process.env.ProgramFiles) || "C:\\Program Files";
-  const vcvarsallPath = process.env.npm_config_vcvarsall_path || `${
-    programFilesPath
-  }\\Microsoft Visual Studio\\2017\\BuildTools\\VC\\Auxiliary\\Build\\vcvarsall.bat`;
-  try {
-    await fs.stat(vcvarsallPath);
-  } catch {
-    throw new Error(`vcvarsall.bat not found at ${vcvarsallPath}`);
+  if (process.env.npm_config_vcvarsall_path && await exists(process.env.npm_config_vcvarsall_path)) {
+    vcvarsallPath = process.env.npm_config_vcvarsall_path;
+  } else {
+    const potentialMsvsPaths = [];
+
+    // GYP_MSVS_OVERRIDE_PATH is set by node-gyp so this should cover most cases
+    if (process.env.GYP_MSVS_OVERRIDE_PATH) {
+      potentialMsvsPaths.push(process.env.GYP_MSVS_OVERRIDE_PATH);
+    }
+
+    const packageTypes = ["BuildTools", "Community", "Professional", "Enterprise"];
+    const versions = ["2022", "2019"]
+
+    const computePossiblePaths = (parentPath) => {
+      let possiblePaths = []
+      for (const packageType of packageTypes) {
+        for (const version of versions) {
+          possiblePaths.push(path.join(parentPath, version, packageType));
+        }
+      }
+
+      return possiblePaths;
+    }
+    
+    if (process.env["ProgramFiles(x86)"]) {
+      const parentPath  = path.join(process.env["ProgramFiles(x86)"], 'Microsoft Visual Studio');
+      potentialMsvsPaths.push(...computePossiblePaths(parentPath));
+    }
+
+    if (process.env.ProgramFiles) {
+      const parentPath  = path.join(process.env.ProgramFiles, 'Microsoft Visual Studio');
+      potentialMsvsPaths.push(...computePossiblePaths(parentPath));
+    }
+
+    for (const potentialPath of potentialMsvsPaths) {
+      const wholePath = path.join(potentialPath, 'VC', 'Auxiliary', 'Build', 'vcvarsall.bat');
+      console.log("checking", wholePath);
+      if (await exists(wholePath)) {
+        vcvarsallPath = wholePath;
+        break;
+      }
+    }
+
+    if (!vcvarsallPath) {
+      throw new Error(`vcvarsall.bat not found`);
+    }
   }
 
   let vcTarget;
-  switch (vsBuildArch) {
-    case "x64": {
+  switch (targetArch) {
+    case "x64":
       vcTarget = "VC-WIN64A";
       break;
-    }
 
-    case "x86": {
+    case "x86":
       vcTarget = "VC-WIN32";
       break;
-    }
-      
-    default: {
-      throw new Error(`Unknown vsBuildArch: ${vsBuildArch}`);
-    }
+
+    case "arm64":
+      vcTarget = "VC-WIN64-ARM";
+      break;
   }
 
-  await execPromise(`"${win32BatPath}" "${vcvarsallPath}" ${vsBuildArch} ${vcTarget}`, {
-    cwd: buildCwd,
-    maxBuffer: 10 * 1024 * 1024 // we should really just use spawn
-  }, { pipeOutput: true });
+  let vsBuildArch = hostArch === targetArch
+    ? hostArch
+    : `${hostArch}_${targetArch}`;
+
+  console.log("Using vcvarsall.bat at: ", vcvarsallPath);
+  console.log("Using vsBuildArch: ", vsBuildArch);
+  console.log("Using vcTarget: ", vcTarget);
+
+  await new Promise((resolve, reject) => {
+    const buildProcess = spawn(`"${win32BatPath}" "${vcvarsallPath}" ${vsBuildArch} ${vcTarget}`, {
+      cwd: buildCwd,
+      shell: process.platform === "win32",
+      env: {
+        ...process.env,
+        NODEGIT_SKIP_TESTS: targetArch !== hostArch ? "1" : undefined
+      }
+    });
+
+    buildProcess.stdout.on("data", function(data) {
+      console.info(data.toString().trim());
+    });
+
+    buildProcess.stderr.on("data", function(data) {
+      console.error(data.toString().trim());
+    });
+
+    buildProcess.on("close", function(code) {
+      if (!code) {
+        resolve();
+      } else {
+        reject(code);
+      }
+    });
+  });
+
+  
 };
 
 const removeOpenSSLIfOudated = async (openSSLVersion) => {
@@ -217,7 +293,7 @@ const removeOpenSSLIfOudated = async (openSSLVersion) => {
     }
 
     console.log("Removing outdated OpenSSL at: ", extractPath);
-    await fse.remove(extractPath);
+    await fs.rm(extractPath, { recursive: true, force: true });
     console.log("Outdated OpenSSL removed.");
   } catch (err) {
     console.log("Remove outdated OpenSSL failed: ", err);
@@ -237,19 +313,13 @@ const makeOnStreamDownloadProgress = () => {
 
 const buildOpenSSLIfNecessary = async ({
   macOsDeploymentTarget,
-  openSSLVersion,
-  vsBuildArch
+  openSSLVersion
 }) => {
   if (process.platform !== "darwin" && process.platform !== "win32" && process.platform !== "linux") {
     console.log(`Skipping OpenSSL build, not required on ${process.platform}`);
     return;
   }
 
-  if (process.platform === "linux" && process.env.NODEGIT_OPENSSL_STATIC_LINK !== "1") {
-    console.log(`Skipping OpenSSL build, NODEGIT_OPENSSL_STATIC_LINK !== 1`);
-    return;
-  }
-
   await removeOpenSSLIfOudated(openSSLVersion);
 
   try {
@@ -261,7 +331,7 @@ const buildOpenSSLIfNecessary = async ({
   const openSSLUrl = getOpenSSLSourceUrl(openSSLVersion);
   const openSSLSha256Url = getOpenSSLSourceSha256Url(openSSLVersion);
 
-  const openSSLSha256 = (await got(openSSLSha256Url)).body.trim();
+  const openSSLSha256 = (await got(openSSLSha256Url)).body.trim().split(' ')[0];
 
   const downloadStream = got.stream(openSSLUrl);
   downloadStream.on("downloadProgress", makeOnStreamDownloadProgress());
@@ -282,7 +352,7 @@ const buildOpenSSLIfNecessary = async ({
   } else if (process.platform === "linux") {
     await buildLinux(buildCwd);
   } else if (process.platform === "win32") {
-    await buildWin32(buildCwd, vsBuildArch);
+    await buildWin32(buildCwd);
   } else {
     throw new Error(`Unknown platform: ${process.platform}`);
   }
@@ -300,11 +370,6 @@ const downloadOpenSSLIfNecessary = async ({
     return;
   }
 
-  if (process.platform === "linux" && process.env.NODEGIT_OPENSSL_STATIC_LINK !== "1") {
-    console.log(`Skipping OpenSSL download, NODEGIT_OPENSSL_STATIC_LINK !== 1`);
-    return;
-  }
-
   try {
     await fs.stat(extractPath);
     console.log("Skipping OpenSSL download, dir exists");
@@ -334,18 +399,17 @@ const downloadOpenSSLIfNecessary = async ({
   console.log("Download finished.");
 }
 
-const getOpenSSLPackageName = () => {
-  let arch = process.arch;
-  if (process.platform === "win32" && (
-    process.arch === "ia32" || process.env.NODEGIT_VS_BUILD_ARCH === "x86"
-  )) {
-    arch = "x86";
-  }
-
-  return `openssl-${OPENSSL_VERSION}-${process.platform}-${arch}.tar.gz`;
+export const getOpenSSLPackageName = () => {
+  return `openssl-${OPENSSL_VERSION}-${process.platform}-${targetArch}.tar.gz`;
 }
 
-const getOpenSSLPackageUrl = () => `${packageJson.binary.host}${getOpenSSLPackageName()}`;
+export const getOpenSSLPackagePath = () => path.join(import.meta.dirname, getOpenSSLPackageName());
+
+const getOpenSSLPackageUrl = () => {
+  const hostUrl = new URL(packageJson.binary.host);
+  hostUrl.pathname = getOpenSSLPackageName();
+  return hostUrl.toString();
+};
 
 const buildPackage = async () => {
   let resolve, reject;
@@ -361,17 +425,17 @@ const buildPackage = async () => {
         return path.extname(name) === ".pc"
           || path.basename(name) === "pkgconfig";
       },
-      dmode: 0755,
-      fmode: 0644
+      dmode: 0o0755,
+      fmode: 0o0644
     }),
     zlib.createGzip(),
     new HashVerify("sha256", (digest) => {
       resolve(digest);
     }),
-    fsNonPromise.createWriteStream(getOpenSSLPackageName())
+    createWriteStream(getOpenSSLPackagePath())
   );
   const digest = await promise;
-  await fs.writeFile(`${getOpenSSLPackageName()}.sha256`, digest);
+  await fs.writeFile(`${getOpenSSLPackagePath()}.sha256`, digest);
 };
 
 const acquireOpenSSL = async () => {
@@ -394,24 +458,15 @@ const acquireOpenSSL = async () => {
 
     let macOsDeploymentTarget;
     if (process.platform === "darwin") {
-      macOsDeploymentTarget = process.argv[2];
+      macOsDeploymentTarget = process.argv[2] ?? process.env.OPENSSL_MACOS_DEPLOYMENT_TARGET
       if (!macOsDeploymentTarget || !macOsDeploymentTarget.match(/\d+\.\d+/)) {
         throw new Error(`Invalid macOsDeploymentTarget: ${macOsDeploymentTarget}`);
       }
     }
 
-    let vsBuildArch;
-    if (process.platform === "win32") {
-      vsBuildArch = process.env.NODEGIT_VS_BUILD_ARCH || (process.arch === "x64" ? "x64" : "x86");
-      if (!["x64", "x86"].includes(vsBuildArch)) {
-        throw new Error(`Invalid vsBuildArch: ${vsBuildArch}`);
-      }
-    }
-
     await buildOpenSSLIfNecessary({
       openSSLVersion: OPENSSL_VERSION,
-      macOsDeploymentTarget,
-      vsBuildArch
+      macOsDeploymentTarget
     });
     if (process.env.NODEGIT_OPENSSL_BUILD_PACKAGE) {
       await buildPackage();
@@ -422,15 +477,12 @@ const acquireOpenSSL = async () => {
   }
 };
 
-module.exports = {
-  acquireOpenSSL,
-  getOpenSSLPackageName,
-  OPENSSL_VERSION
-};
-
-if (require.main === module) {
-  acquireOpenSSL().catch((error) => {
+if (process.argv[1] === import.meta.filename) {
+  try {
+    await acquireOpenSSL();
+  }
+  catch(error) {
     console.error("Acquire OpenSSL failed: ", error);
     process.exit(1);
-  });
+  }
 }

package/utils/build-openssl.bat

@@ -1,9 +1,18 @@
+rem Build OpenSSL for Windows
+rem %1 - path to vcvarsall.bat
+rem %2 - architecture argument for vcvarsall.bat
+rem %3 - OpenSSL Configure target
+
 @call %1 %2
 
 perl .\Configure %3 no-shared no-ssl2 no-ssl3 no-comp --prefix="%cd%\.." --openssldir="%cd%\.." || goto :error
 
 nmake || goto :error
-nmake test || goto :error
+
+if "%NODEGIT_SKIP_TESTS%" NEQ "1" (
+  nmake test || goto :error
+)
+
 nmake install || goto :error
 
 goto :EOF

package/utils/buildFlags.js

@@ -10,7 +10,29 @@ try {
   isGitRepo = false;
 }
 
+const convertArch = (archStr) => {
+  const convertedArch = {
+    'ia32': 'x86',
+    'x86': 'x86',
+    'x64': 'x64',
+    'arm64': 'arm64'
+  }[archStr];
+
+  if (!convertedArch) {
+    throw new Error('unsupported architecture');
+  }
+
+  return convertedArch;
+}
+
+const hostArch = convertArch(process.arch);
+const targetArch = process.env.npm_config_arch
+  ? convertArch(process.env.npm_config_arch)
+  : hostArch;
+
 module.exports = {
+  hostArch,
+  targetArch,
   debugBuild: !!process.env.BUILD_DEBUG,
   isElectron: process.env.npm_config_runtime === "electron",
   isGitRepo: isGitRepo,

package/utils/configureLibssh2.js

@@ -2,6 +2,8 @@ var cp = require("child_process");
 var fse = require("fs-extra");
 var path = require("path");
 
+const { hostArch, targetArch } = require("./buildFlags");
+
 const opensslVendorDirectory = path.resolve(__dirname, "..", "vendor", "openssl");
 const libssh2VendorDirectory = path.resolve(__dirname, "..", "vendor", "libssh2");
 const libssh2ConfigureScript = path.join(libssh2VendorDirectory, "configure");
@@ -19,20 +21,21 @@ module.exports = function retrieveExternalDependencies() {
   }
 
   // Run the `configure` script on Linux
+  let cpArgs = ` --with-libssl-prefix=${opensslVendorDirectory}`;
+
+  const archConfigMap = {
+    'x64': 'x86_64-linux-gnu',
+    'arm64': 'aarch64-linux-gnu'
+  };
+
+  cpArgs += ` --build=${archConfigMap[hostArch]}`;
+  cpArgs += ` --host=${archConfigMap[targetArch]}`;
+
   return new Promise(function(resolve, reject) {
-    var newEnv = {};
-    Object.keys(process.env).forEach(function(key) {
-      newEnv[key] = process.env[key];
-    });
-
-    let cpArgs = process.env.NODEGIT_OPENSSL_STATIC_LINK === '1'
-      ? ` --with-libssl-prefix=${opensslVendorDirectory}`
-      : '';
     cp.exec(
       `${libssh2ConfigureScript}${cpArgs}`,
       {
-        cwd: libssh2VendorDirectory,
-        env: newEnv
+        cwd: libssh2VendorDirectory
       },
       function(err, stdout, stderr) {
         if (err) {

package/utils/defaultCxxStandard.js

@@ -1,18 +1,29 @@
 const targetSpecified = process.argv[2] !== 'none';
 
-let isNode18OrElectron20AndUp = false;
+let cxxStandard = '14';
+
 if (targetSpecified) {
-  // Assume electron if target is specified.
+  // --target= is used by both prebuildify (Node version) and electron-rebuild
+  // (Electron version). Node 24+ ships V8 13.x which requires C++20 for the
+  // `requires` clauses in v8-persistent-handle.h; Electron 32+ similarly needs
+  // C++20. Anything older falls back to C++17.
   // If building node 18 / 19 via target, will need to specify C++ standard manually
   const majorVersion = process.argv[2].split('.')[0];
-  isNode18OrElectron20AndUp = majorVersion >= 20;
+  if (Number.parseInt(majorVersion) >= 32) {
+    cxxStandard = '20';
+  } else if (Number.parseInt(majorVersion) >= 24) {
+    cxxStandard = '20';
+  } else if (Number.parseInt(majorVersion) >= 21) {
+    cxxStandard = '17';
+  }
 } else {
+  const abiVersion = Number.parseInt(process.versions.modules) ?? 0;
   // Node 18 === 108
-  isNode18OrElectron20AndUp = Number.parseInt(process.versions.modules) >= 108;
+  if (abiVersion >= 131) {
+    cxxStandard = '20';
+  } else if (abiVersion >= 108) {
+    cxxStandard = '17';
+  }
 }
 
-const defaultCxxStandard = isNode18OrElectron20AndUp
-  ? '17'
-  : '14';
-
-process.stdout.write(defaultCxxStandard);
+process.stdout.write(cxxStandard);

package/utils/uploadOpenSSL.mjs

@@ -0,0 +1,32 @@
+import aws from 'aws-sdk';
+import fs from "fs";
+import path from "path";
+
+import pkgJson from '../package.json' with { type: "json" };
+import { getOpenSSLPackagePath, getOpenSSLPackageName } from './acquireOpenSSL.mjs';
+
+const s3 = new aws.S3();
+
+const uploadBinaryToS3 = (fileName, bucketName, pathToFile) =>
+  s3.upload({
+    Body: fs.createReadStream(pathToFile),
+    Bucket: bucketName,
+    Key: fileName,
+    ACL: "public-read"
+  }).promise();
+
+export const uploadOpenSSL = async () => {
+  const packageName = path.basename(getOpenSSLPackageName());
+  const packagePath = getOpenSSLPackagePath();
+  console.log(`Uploading ${packagePath} to s3://${pkgJson.binary.bucket_name}/${packageName}`);
+  await uploadBinaryToS3(packageName, pkgJson.binary.bucket_name, packagePath);
+  const sha256PackageName = `${packageName}.sha256`;
+  await uploadBinaryToS3(sha256PackageName, pkgJson.binary.bucket_name, `${packagePath}.sha256`);
+};
+
+if (process.argv[1] === import.meta.filename) {
+  uploadOpenSSL().catch((error) => {
+    console.error('Push to S3 failed: ', error);
+    process.exit(1);
+  });
+}

package/lifecycleScripts/install.js

@@ -1,32 +0,0 @@
-var buildFlags = require("../utils/buildFlags");
-
-module.exports = async function install() {
-  console.log("[nodegit] Running install script");
-
-  var args = ["install"];
-
-  if (buildFlags.mustBuild) {
-    console.info(
-      "[nodegit] Pre-built download disabled, building from source.",
-    );
-    args.push("--build-from-source");
-
-    if (buildFlags.debugBuild) {
-      console.info("[nodegit] Building debug version.");
-      args.push("--debug");
-    }
-  } else {
-    args.push("--fallback-to-build");
-  }
-
-  return;
-};
-
-// Called on the command line
-if (require.main === module) {
-  module.exports().catch(function (e) {
-    console.error("[nodegit] ERROR - Could not finish install");
-    console.error("[nodegit] ERROR - finished with error code: " + e);
-    process.exit(e);
-  });
-}