Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package node-gyp - fixes #921625: node-gyp cannot extract tarballs, something that happens when installing big projects from npm. - removes temporarily-needed Breaks:node-modern-syslog, which was only there to speed up migration of nodejs - adds upstream tests as autopkgtest, but not during build to avoid surprises this late winter. Please find the debdiff attached. unblock node-gyp/3.8.0-6 -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-3-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8), LANGUAGE=fr_FR.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
diff -Nru node-gyp-3.8.0/debian/changelog node-gyp-3.8.0/debian/changelog --- node-gyp-3.8.0/debian/changelog 2019-01-28 16:40:25.000000000 +0100 +++ node-gyp-3.8.0/debian/changelog 2019-03-04 00:51:30.000000000 +0100 @@ -1,3 +1,22 @@ +node-gyp (3.8.0-6) unstable; urgency=medium + + * Upstream test suite depends on build-essential + + -- Jérémy Lal <kapo...@melix.org> Mon, 04 Mar 2019 00:51:30 +0100 + +node-gyp (3.8.0-5) unstable; urgency=medium + + [ Mattia Rizzolo ] + * Remove the Breaks:node-modern-syslog added in the previous + upload: it was a workaround to avoid ci testing regression. + + [ Jérémy Lal ] + * Upstream support for node-tar 3 (Closes: #921625) + * Drop node-fstream dependency, unneeded with tar3-compat.patch + * Add upstream test suite to autopkgtests + + -- Jérémy Lal <kapo...@melix.org> Sat, 02 Mar 2019 23:11:39 +0100 + node-gyp (3.8.0-4) unstable; urgency=medium * Team upload diff -Nru node-gyp-3.8.0/debian/control node-gyp-3.8.0/debian/control --- node-gyp-3.8.0/debian/control 2019-01-28 16:37:51.000000000 +0100 +++ node-gyp-3.8.0/debian/control 2019-03-02 19:32:09.000000000 +0100 @@ -18,7 +18,6 @@ , nodejs , libnode-dev , gyp (>= 0.1+20150913git1f374df9) - , node-fstream , node-glob , node-graceful-fs , node-mkdirp @@ -31,7 +30,6 @@ , node-tar , node-which Recommends: build-essential -Breaks: node-modern-syslog (<< 1.1.4-2) Description: Native addon build tool for Node.js node-gyp is a cross-platform command-line tool written in Node.js for compiling native addon modules for Node.js. diff -Nru node-gyp-3.8.0/debian/patches/series node-gyp-3.8.0/debian/patches/series --- node-gyp-3.8.0/debian/patches/series 2019-01-28 16:31:48.000000000 +0100 +++ node-gyp-3.8.0/debian/patches/series 2019-03-02 18:55:56.000000000 +0100 @@ -2,3 +2,4 @@ 2003_fPIC_ia32.patch kfreebsd.patch link_libnode.patch +tar3-compat.patch diff -Nru node-gyp-3.8.0/debian/patches/tar3-compat.patch node-gyp-3.8.0/debian/patches/tar3-compat.patch --- node-gyp-3.8.0/debian/patches/tar3-compat.patch 1970-01-01 01:00:00.000000000 +0100 +++ node-gyp-3.8.0/debian/patches/tar3-compat.patch 2019-03-02 18:55:42.000000000 +0100 @@ -0,0 +1,125 @@ +From 5f924ce62c9bca9ab9c2e547bfb87b9a391271ed Mon Sep 17 00:00:00 2001 +From: isaacs <i...@izs.me> +Date: Tue, 30 May 2017 20:52:45 -0400 +Subject: [PATCH] Upgrade to tar v3 + +Tar version 3 performs better and is more well tested than its +predecessor. npm will be using this in the near future, so there is no +benefit in shipping a node-gyp that uses the slower and less reliable +fstream-based tar. + +This drops support for node 0.x, and thus should be considered a +breaking semver-major change. + +PR-URL: https://github.com/nodejs/node-gyp/pull/1212 +Reviewed-By: Refael Ackermann <ref...@gmail.com> +Reviewed-By: Ben Noordhuis <i...@bnoordhuis.nl> +Reviewed-By: Gibson Fahnestock <gibf...@gmail.com> +--- + lib/install.js | 38 ++++++++++++++++---------------------- + package.json | 5 ++--- + 2 files changed, 18 insertions(+), 25 deletions(-) + +--- a/lib/install.js ++++ b/lib/install.js +@@ -20,10 +20,8 @@ + , rm = require('rimraf') + , path = require('path') + , crypto = require('crypto') +- , zlib = require('zlib') + , log = require('npmlog') + , semver = require('semver') +- , fstream = require('fstream') + , request = require('request') + , mkdir = require('mkdirp') + , processRelease = require('./process-release') +@@ -148,41 +146,33 @@ + var tarPath = gyp.opts.tarball + var badDownload = false + , extractCount = 0 +- , gunzip = zlib.createGunzip() +- , extracter = tar.Extract({ path: devDir, strip: 1, filter: isValid }) + + var contentShasums = {} + var expectShasums = {} + + // checks if a file to be extracted from the tarball is valid. + // only .h header files and the gyp files get extracted +- function isValid () { +- var name = this.path.substring(devDir.length + 1) +- var isValid = valid(name) +- if (name === '' && this.type === 'Directory') { +- // the first directory entry is ok +- return true +- } ++ function isValid (path, entry) { ++ var isValid = valid(path) + if (isValid) { +- log.verbose('extracted file from tarball', name) ++ log.verbose('extracted file from tarball', path) + extractCount++ + } else { + // invalid +- log.silly('ignoring from tarball', name) ++ log.silly('ignoring from tarball', path) + } + return isValid + } + +- gunzip.on('error', cb) +- extracter.on('error', cb) +- extracter.on('end', afterTarball) +- +- // download the tarball, gunzip and extract! ++ // download the tarball and extract! + + if (tarPath) { +- var input = fs.createReadStream(tarPath) +- input.pipe(gunzip).pipe(extracter) +- return ++ return tar.extract({ ++ file: tarPath, ++ strip: 1, ++ filter: isValid, ++ cwd: devDir ++ }).then(afterTarball, cb) + } + + try { +@@ -222,7 +212,11 @@ + }) + + // start unzipping and untaring +- req.pipe(gunzip).pipe(extracter) ++ res.pipe(tar.extract({ ++ strip: 1, ++ cwd: devDir, ++ filter: isValid ++ }).on('close', afterTarball).on('error', cb)) + }) + + // invoked after the tarball has finished being extracted +--- a/package.json ++++ b/package.json +@@ -22,7 +22,6 @@ + "bin": "./bin/node-gyp.js", + "main": "./lib/node-gyp.js", + "dependencies": { +- "fstream": "^1.0.0", + "glob": "^7.0.3", + "graceful-fs": "^4.1.2", + "mkdirp": "^0.5.0", +@@ -32,11 +31,11 @@ + "request": "^2.87.0", + "rimraf": "2", + "semver": "~5.3.0", +- "tar": "^2.0.0", ++ "tar": "^3.1.3", + "which": "1" + }, + "engines": { +- "node": ">= 0.8.0" ++ "node": ">= 4.0.0" + }, + "devDependencies": { + "tape": "~4.2.0", diff -Nru node-gyp-3.8.0/debian/rules node-gyp-3.8.0/debian/rules --- node-gyp-3.8.0/debian/rules 2019-01-28 16:38:33.000000000 +0100 +++ node-gyp-3.8.0/debian/rules 2019-03-02 19:32:09.000000000 +0100 @@ -10,3 +10,4 @@ override_dh_fixperms: dh_fixperms chmod +x debian/node-gyp/usr/share/node-gyp/bin/node-gyp.js + diff -Nru node-gyp-3.8.0/debian/tests/control node-gyp-3.8.0/debian/tests/control --- node-gyp-3.8.0/debian/tests/control 2019-01-28 16:31:48.000000000 +0100 +++ node-gyp-3.8.0/debian/tests/control 2019-03-03 23:33:56.000000000 +0100 @@ -1,3 +1,10 @@ Test-Command: nodejs -e "require('gyp')" Depends: @ +Test-Command: tape test/test-* +Depends: build-essential, @, node-tape, node-nan, node-require-inject, node-bindings +Restrictions: allow-stderr + + + +