[Group.of.nepali.translators] [Bug 1779863] Re: Ubuntu nodejs package isn't ABI compatible with mainline nodejs.
** Changed in: nodejs (Debian)
Status: New => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1779863
Title:
Ubuntu nodejs package isn't ABI compatible with mainline nodejs.
Status in nodejs package in Ubuntu:
Fix Released
Status in nodejs source package in Trusty:
Invalid
Status in nodejs source package in Xenial:
Invalid
Status in nodejs source package in Bionic:
Fix Released
Status in nodejs source package in Cosmic:
Fix Released
Status in nodejs package in Debian:
Fix Released
Bug description:
[impact]
Pre-built addons for nodejs built against the 8.10 version, which is
what is included in Bionic, will fail to load on Bionic because the
version of nodejs there is built using a newer ABI-incompatible
openssl version.
[test case]
1. Run 'sudo apt install nodejs npm'
2. Run 'mkdir /tmp/lp.1779863'
3. Run 'cd /tmp/lp.1779863'
4. Run 'npm install grpc'
5. Note that it mentions installing a prebuilt binary from remote.
6. Run 'node' and enter the following code:
> const grpc = require('grpc')
> const creds = grpc.ServerCredentials.createSsl(null, [])
> const server = new grpc.Server()
> server.bind('0.0.0.0:8080', creds)
7. Observe that this results in a crash, with an error like:
node: symbol lookup error:
/tmp/lp.1779863/node_modules/grpc/src/node/extension_binary/node-v57-linux-x64-glibc/grpc_node.node:
undefined symbol: SSL_library_init
8. Run 'npm install node-webcrypto-ossl'.
9. Observe that compilation fails due to a header expectation mismatch.
10. Install nodejs from -proposed.
11. Repeat steps 6-9 and observe that the commands succeed without errors.
[regression potential]
Although this SRU changes the ABI of nodejs that is exposed to binary
add-ons, the practical regression potential for this ABI change is
minimal. The archive has been scanned to confirm there are no
reverse-dependencies in Ubuntu which use this part of the ABI, and it
is not feasible to build third-party binaries that are compatible with
nodejs as shipped in 18.04 because the gyp build system used by the
nodejs ecosystem exposes system headers that don't match the symbols
exported by the current Ubuntu nodejs built against OpenSSL 1.1.
Thus, the greatest risk of regression is from someone manually working
around this gyp incompatibility in order to build an add-on which uses
these symbols. This risk is negligible.
Changing this to use openssl1.0 assumes that the security team will
maintain security patches for openssl1.0.
There is no risk of regression in protocol compatibility by switching
back from openssl 1.1 to openssl 1.0, because TLS 1.3 support has not
yet landed in the openssl package in 18.04.
[other info]
alternately, this could be fixed by upgrading the nodejs package in
Bionic (and Cosmic) to a newer nodejs - Debian has version 10.4.0 in
experimental.
also debian 904274 has quite a bit of discussion.
original bug description below.
---
Background:
NodeJS has a native extension API: https://nodejs.org/api/addons.html
It's fairly understood by developers that NodeJS's ABI is stable, and that
one module built using a version of nodejs should work on another semantically
version compatible of nodejs.
NodeJS exposes various third party libraries to the native module
developers. Quote from the addons developers page: "Node.js includes a
number of other statically linked libraries including OpenSSL. These
other libraries are located in the deps/ directory in the Node.js
source tree. Only the libuv,i OpenSSL, V8 and zlib symbols are
purposefully re-exported by Node.js and may be used to various extents
by Addons."
It's fairly understood by developers that native modules have the same
ABI guarantee than the rest of the node API.
The NodeJS ecosystem uses native modules extensively, and it's fairly
common for developers to publish precompiled versions of their
extensions so that the typical end-user can simply npm install their
dependencies without worrying about having a compiler installed. Some
packages will do their own thing (see for instance
https://www.npmjs.com/package/uws), while others will rely on third
party extensions to facilitate their work. See for instance prebuild
(https://www.npmjs.com/package/prebuild) that has a handful of
dependents, or node-pre-gyp (https://www.npmjs.com/package/node-pre-
gyp) that has north of 350 dependents. So the nodejs ecosystem has
roughly 400 native packages that are publishing prebuilt versions of
their extensions.
Problem with the Ubuntu nodejs package:
Put simply, it breaks prebuilt packages that depend on OpenSSL. NodeJS 8.10.0
officially comes with OpenSSL 1.0.2n, while the NodeJS 8.10.0 that comes with
the Ubuntu
[Group.of.nepali.translators] [Bug 1779863] Re: Ubuntu nodejs package isn't ABI compatible with mainline nodejs.
This bug was fixed in the package nodejs - 8.10.0~dfsg-2ubuntu0.3
---
nodejs (8.10.0~dfsg-2ubuntu0.3) bionic; urgency=medium
* Force dependency on openssl1.0
The newer openssl has ABI change, and this version of nodejs
requires building with the older 1.0.2 version of openssl.
(LP: #1779863)
-- Dan Streetman Mon, 23 Jul 2018 16:12:30
-0400
** Changed in: nodejs (Ubuntu Bionic)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1779863
Title:
Ubuntu nodejs package isn't ABI compatible with mainline nodejs.
Status in nodejs package in Ubuntu:
Fix Released
Status in nodejs source package in Trusty:
Invalid
Status in nodejs source package in Xenial:
Invalid
Status in nodejs source package in Bionic:
Fix Released
Status in nodejs source package in Cosmic:
Fix Released
Status in nodejs package in Debian:
New
Bug description:
[impact]
Pre-built addons for nodejs built against the 8.10 version, which is
what is included in Bionic, will fail to load on Bionic because the
version of nodejs there is built using a newer ABI-incompatible
openssl version.
[test case]
1. Run 'sudo apt install nodejs npm'
2. Run 'mkdir /tmp/lp.1779863'
3. Run 'cd /tmp/lp.1779863'
4. Run 'npm install grpc'
5. Note that it mentions installing a prebuilt binary from remote.
6. Run 'node' and enter the following code:
> const grpc = require('grpc')
> const creds = grpc.ServerCredentials.createSsl(null, [])
> const server = new grpc.Server()
> server.bind('0.0.0.0:8080', creds)
7. Observe that this results in a crash, with an error like:
node: symbol lookup error:
/tmp/lp.1779863/node_modules/grpc/src/node/extension_binary/node-v57-linux-x64-glibc/grpc_node.node:
undefined symbol: SSL_library_init
8. Run 'npm install node-webcrypto-ossl'.
9. Observe that compilation fails due to a header expectation mismatch.
10. Install nodejs from -proposed.
11. Repeat steps 6-9 and observe that the commands succeed without errors.
[regression potential]
Although this SRU changes the ABI of nodejs that is exposed to binary
add-ons, the practical regression potential for this ABI change is
minimal. The archive has been scanned to confirm there are no
reverse-dependencies in Ubuntu which use this part of the ABI, and it
is not feasible to build third-party binaries that are compatible with
nodejs as shipped in 18.04 because the gyp build system used by the
nodejs ecosystem exposes system headers that don't match the symbols
exported by the current Ubuntu nodejs built against OpenSSL 1.1.
Thus, the greatest risk of regression is from someone manually working
around this gyp incompatibility in order to build an add-on which uses
these symbols. This risk is negligible.
Changing this to use openssl1.0 assumes that the security team will
maintain security patches for openssl1.0.
There is no risk of regression in protocol compatibility by switching
back from openssl 1.1 to openssl 1.0, because TLS 1.3 support has not
yet landed in the openssl package in 18.04.
[other info]
alternately, this could be fixed by upgrading the nodejs package in
Bionic (and Cosmic) to a newer nodejs - Debian has version 10.4.0 in
experimental.
also debian 904274 has quite a bit of discussion.
original bug description below.
---
Background:
NodeJS has a native extension API: https://nodejs.org/api/addons.html
It's fairly understood by developers that NodeJS's ABI is stable, and that
one module built using a version of nodejs should work on another semantically
version compatible of nodejs.
NodeJS exposes various third party libraries to the native module
developers. Quote from the addons developers page: "Node.js includes a
number of other statically linked libraries including OpenSSL. These
other libraries are located in the deps/ directory in the Node.js
source tree. Only the libuv,i OpenSSL, V8 and zlib symbols are
purposefully re-exported by Node.js and may be used to various extents
by Addons."
It's fairly understood by developers that native modules have the same
ABI guarantee than the rest of the node API.
The NodeJS ecosystem uses native modules extensively, and it's fairly
common for developers to publish precompiled versions of their
extensions so that the typical end-user can simply npm install their
dependencies without worrying about having a compiler installed. Some
packages will do their own thing (see for instance
https://www.npmjs.com/package/uws), while others will rely on third
party extensions to facilitate their work. See for instance prebuild
(https://www.npmjs.com/package/prebuild) that has a handful of
dependents, or node-pre-gyp
[Group.of.nepali.translators] [Bug 1779863] Re: Ubuntu nodejs package isn't ABI compatible with mainline nodejs.
This bug was fixed in the package nodejs - 8.11.2~dfsg-1ubuntu2
---
nodejs (8.11.2~dfsg-1ubuntu2) cosmic; urgency=medium
[ Dan Streetman ]
* Force dependency on openssl1.0
The newer openssl has ABI change, and this version of nodejs
requires building with the older 1.0.2 version of openssl.
(LP: #1779863)
[ Mauricio Faria de Oliveira ]
* d/p/revert-26388feb760c42d5a342a08507f13a3a268918da.patch:
Fix build errors with openssl 1.0.2 due to patch for openssl 1.1.
(LP: #1779863)
* d/p/cd2b80c1f57faa349232276e113fe09be5da1106.patch: Fix test-case
failure (parallel/test-child-process-stdout-ipc) with libuv 1.21+.
-- Mauricio Faria de Oliveira Wed, 12 Sep 2018
16:29:53 -0300
** Changed in: nodejs (Ubuntu Cosmic)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1779863
Title:
Ubuntu nodejs package isn't ABI compatible with mainline nodejs.
Status in nodejs package in Ubuntu:
Fix Released
Status in nodejs source package in Trusty:
Invalid
Status in nodejs source package in Xenial:
Invalid
Status in nodejs source package in Bionic:
Fix Committed
Status in nodejs source package in Cosmic:
Fix Released
Status in nodejs package in Debian:
New
Bug description:
[impact]
Pre-built addons for nodejs built against the 8.10 version, which is
what is included in Bionic, will fail to load on Bionic because the
version of nodejs there is built using a newer ABI-incompatible
openssl version.
[test case]
1. Run 'sudo apt install nodejs npm'
2. Run 'mkdir /tmp/lp.1779863'
3. Run 'cd /tmp/lp.1779863'
4. Run 'npm install grpc'
5. Note that it mentions installing a prebuilt binary from remote.
6. Run 'node' and enter the following code:
> const grpc = require('grpc')
> const creds = grpc.ServerCredentials.createSsl(null, [])
> const server = new grpc.Server()
> server.bind('0.0.0.0:8080', creds)
7. Observe that this results in a crash, with an error like:
node: symbol lookup error:
/tmp/lp.1779863/node_modules/grpc/src/node/extension_binary/node-v57-linux-x64-glibc/grpc_node.node:
undefined symbol: SSL_library_init
8. Run 'npm install node-webcrypto-ossl'.
9. Observe that compilation fails due to a header expectation mismatch.
10. Install nodejs from -proposed.
11. Repeat steps 6-9 and observe that the commands succeed without errors.
[regression potential]
Although this SRU changes the ABI of nodejs that is exposed to binary
add-ons, the practical regression potential for this ABI change is
minimal. The archive has been scanned to confirm there are no
reverse-dependencies in Ubuntu which use this part of the ABI, and it
is not feasible to build third-party binaries that are compatible with
nodejs as shipped in 18.04 because the gyp build system used by the
nodejs ecosystem exposes system headers that don't match the symbols
exported by the current Ubuntu nodejs built against OpenSSL 1.1.
Thus, the greatest risk of regression is from someone manually working
around this gyp incompatibility in order to build an add-on which uses
these symbols. This risk is negligible.
Changing this to use openssl1.0 assumes that the security team will
maintain security patches for openssl1.0.
There is no risk of regression in protocol compatibility by switching
back from openssl 1.1 to openssl 1.0, because TLS 1.3 support has not
yet landed in the openssl package in 18.04.
[other info]
alternately, this could be fixed by upgrading the nodejs package in
Bionic (and Cosmic) to a newer nodejs - Debian has version 10.4.0 in
experimental.
also debian 904274 has quite a bit of discussion.
original bug description below.
---
Background:
NodeJS has a native extension API: https://nodejs.org/api/addons.html
It's fairly understood by developers that NodeJS's ABI is stable, and that
one module built using a version of nodejs should work on another semantically
version compatible of nodejs.
NodeJS exposes various third party libraries to the native module
developers. Quote from the addons developers page: "Node.js includes a
number of other statically linked libraries including OpenSSL. These
other libraries are located in the deps/ directory in the Node.js
source tree. Only the libuv,i OpenSSL, V8 and zlib symbols are
purposefully re-exported by Node.js and may be used to various extents
by Addons."
It's fairly understood by developers that native modules have the same
ABI guarantee than the rest of the node API.
The NodeJS ecosystem uses native modules extensively, and it's fairly
common for developers to publish precompiled versions of their
extensions so that the typical end-user can simply npm install their
dependencies without worrying about
[Group.of.nepali.translators] [Bug 1779863] Re: Ubuntu nodejs package isn't ABI compatible with mainline nodejs.
Nicolas, I accept your correction regarding the risk of binary incompatibility with locally-built binaries referencing the Ubuntu 18.04 nodejs ABI. I have clarified the 'regression potential' in the bug description, and am willing to accept the SRU given my current understanding; however, the bug is missing a clear test case. The bug description currently points to https://github.com/nicolasnoble/openssl- nodejs-ubuntu-demo, but there is no documentation there, so you have to know how to build a node project to reproduce the bug. Can you give step-by-step directions here for what to run from the commandline? ** Changed in: nodejs (Ubuntu Bionic) Status: Won't Fix => Incomplete -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1779863 Title: Ubuntu nodejs package isn't ABI compatible with mainline nodejs. Status in nodejs package in Ubuntu: In Progress Status in nodejs source package in Trusty: Invalid Status in nodejs source package in Xenial: Invalid Status in nodejs source package in Bionic: Incomplete Status in nodejs source package in Cosmic: In Progress Status in nodejs package in Debian: New Bug description: [impact] Pre-built addons for nodejs built against the 8.10 version, which is what is included in Bionic, will fail to load on Bionic because the version of nodejs there is built using a newer ABI-incompatible openssl version. [test case] see comment 4 (and discussion in following comments) [regression potential] Although this SRU changes the ABI of nodejs that is exposed to binary add-ons, the practical regression potential for this ABI change is minimal. The archive has been scanned to confirm there are no reverse-dependencies in Ubuntu which use this part of the ABI, and it is not feasible to build third-party binaries that are compatible with nodejs as shipped in 18.04 because the gyp build system used by the nodejs ecosystem exposes system headers that don't match the symbols exported by the current Ubuntu nodejs built against OpenSSL 1.1. Thus, the greatest risk of regression is from someone manually working around this gyp incompatibility in order to build an add-on which uses these symbols. This risk is negligible. Changing this to use openssl1.0 assumes that the security team will maintain security patches for openssl1.0. There is no risk of regression in protocol compatibility by switching back from openssl 1.1 to openssl 1.0, because TLS 1.3 support has not yet landed in the openssl package in 18.04. [other info] alternately, this could be fixed by upgrading the nodejs package in Bionic (and Cosmic) to a newer nodejs - Debian has version 10.4.0 in experimental. also debian 904274 has quite a bit of discussion. original bug description below. --- Background: NodeJS has a native extension API: https://nodejs.org/api/addons.html It's fairly understood by developers that NodeJS's ABI is stable, and that one module built using a version of nodejs should work on another semantically version compatible of nodejs. NodeJS exposes various third party libraries to the native module developers. Quote from the addons developers page: "Node.js includes a number of other statically linked libraries including OpenSSL. These other libraries are located in the deps/ directory in the Node.js source tree. Only the libuv,i OpenSSL, V8 and zlib symbols are purposefully re-exported by Node.js and may be used to various extents by Addons." It's fairly understood by developers that native modules have the same ABI guarantee than the rest of the node API. The NodeJS ecosystem uses native modules extensively, and it's fairly common for developers to publish precompiled versions of their extensions so that the typical end-user can simply npm install their dependencies without worrying about having a compiler installed. Some packages will do their own thing (see for instance https://www.npmjs.com/package/uws), while others will rely on third party extensions to facilitate their work. See for instance prebuild (https://www.npmjs.com/package/prebuild) that has a handful of dependents, or node-pre-gyp (https://www.npmjs.com/package/node-pre- gyp) that has north of 350 dependents. So the nodejs ecosystem has roughly 400 native packages that are publishing prebuilt versions of their extensions. Problem with the Ubuntu nodejs package: Put simply, it breaks prebuilt packages that depend on OpenSSL. NodeJS 8.10.0 officially comes with OpenSSL 1.0.2n, while the NodeJS 8.10.0 that comes with the Ubuntu package exposes OpenSSL 1.1.0g. Since there are ABI breakages between OpenSSL 1.0.2 and 1.1.0, these ABI breakages are bubbling up to any prebuilt native addon. Here is an example:
[Group.of.nepali.translators] [Bug 1779863] Re: Ubuntu nodejs package isn't ABI compatible with mainline nodejs.
>From the regression potential analysis:
> Any external nodejs addons that were built specifically for the
> current Bionic nodejs will also start failing, until rebuilt against
> the upstream nodejs 8.10 version, or the new Bionic nodejs package.
I consider this a blocker for SRU. We do not guarantee ABI
compatibility with third-party builds of the packages we ship; but we DO
guarantee ABI compatibility with older versions of the same package as
published in Ubuntu stable releases. Making this change to nodejs to
cause it to build against openssl 1.0 instead of openssl 1.1 means that
any user who has already built addons against the current Ubuntu nodejs
ABI in Ubuntu 18.04 will have those addons break on upgrade to the new
version of nodejs. That is not an acceptable experience in an SRU ("I
installed this SRU and the software I had deployed on nodejs has ceased
to work with symbol errors"). While it's regrettable that the nodejs
ABI in 18.04 is incompatible with upstream, a regression of this
magnitude makes this a non-starter for SRU.
** Changed in: nodejs (Ubuntu Bionic)
Status: In Progress => Won't Fix
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1779863
Title:
Ubuntu nodejs package isn't ABI compatible with mainline nodejs.
Status in nodejs package in Ubuntu:
In Progress
Status in nodejs source package in Trusty:
Invalid
Status in nodejs source package in Xenial:
Invalid
Status in nodejs source package in Bionic:
Won't Fix
Status in nodejs source package in Cosmic:
In Progress
Status in nodejs package in Debian:
New
Bug description:
[impact]
Pre-built addons for nodejs built against the 8.10 version, which is
what is included in Bionic, will fail to load on Bionic because the
version of nodejs there is built using a newer ABI-incompatible
openssl version.
[test case]
see comment 4 (and discussion in following comments)
[regression potential]
any nodejs addons built for the current version of nodejs in Bionic
will need to be re-built to pick up the different openssl ABI. This
appears to be a rather significant list of packages. Any external
nodejs addons that were built specifically for the current Bionic
nodejs will also start failing, until rebuilt against the upstream
nodejs 8.10 version, or the new Bionic nodejs package.
Changing this to use openssl1.0 assumes that the security team will
maintain security patches for openssl1.0.
[other info]
alternately, this could be fixed by upgrading the nodejs package in
Bionic (and Cosmic) to a newer nodejs - Debian has version 10.4.0 in
experimental.
also debian 904274 has quite a bit of discussion.
original bug description below.
---
Background:
NodeJS has a native extension API: https://nodejs.org/api/addons.html
It's fairly understood by developers that NodeJS's ABI is stable, and that
one module built using a version of nodejs should work on another semantically
version compatible of nodejs.
NodeJS exposes various third party libraries to the native module
developers. Quote from the addons developers page: "Node.js includes a
number of other statically linked libraries including OpenSSL. These
other libraries are located in the deps/ directory in the Node.js
source tree. Only the libuv,i OpenSSL, V8 and zlib symbols are
purposefully re-exported by Node.js and may be used to various extents
by Addons."
It's fairly understood by developers that native modules have the same
ABI guarantee than the rest of the node API.
The NodeJS ecosystem uses native modules extensively, and it's fairly
common for developers to publish precompiled versions of their
extensions so that the typical end-user can simply npm install their
dependencies without worrying about having a compiler installed. Some
packages will do their own thing (see for instance
https://www.npmjs.com/package/uws), while others will rely on third
party extensions to facilitate their work. See for instance prebuild
(https://www.npmjs.com/package/prebuild) that has a handful of
dependents, or node-pre-gyp (https://www.npmjs.com/package/node-pre-
gyp) that has north of 350 dependents. So the nodejs ecosystem has
roughly 400 native packages that are publishing prebuilt versions of
their extensions.
Problem with the Ubuntu nodejs package:
Put simply, it breaks prebuilt packages that depend on OpenSSL. NodeJS 8.10.0
officially comes with OpenSSL 1.0.2n, while the NodeJS 8.10.0 that comes with
the Ubuntu package exposes OpenSSL 1.1.0g.
Since there are ABI breakages between OpenSSL 1.0.2 and 1.1.0, these
ABI breakages are bubbling up to any prebuilt native addon.
Here is an example:
https://github.com/nicolasnoble/openssl-nodejs-ubuntu-demo
If you build this package under the mainline
[Group.of.nepali.translators] [Bug 1779863] Re: Ubuntu nodejs package isn't ABI compatible with mainline nodejs.
>From reading the debian bug report, it seems like there is considerable discussion that still needs to happen separate from debian or ubuntu packaging. Additionally, this seems to not be an issue in debian, once they update nodejs in the debian repository to the latest version. So, I'll ignore upstream and debian discussion and changes, since that seems to be ongoing, and IIUC won't impact whatever change we make to nodejs in ubuntu (for current releases). Also, I'll mark this bug as affecting only bionic (and possibly cosmic, since debian hasn't yet updated nodejs to 0.10). For trusty and xenial, again IIUC, nodejs is built with the correct openssl so this ABI mismatch problem doesn't exist there. > NodeJS 8.10.0 officially comes with OpenSSL 1.0.2n I think this is an important piece of info here, and I wasn't able to find any "official" documentation that clearly states this - can you provide a link to any docs for this? I'm not disputing it, but if we're going to rebuild nodejs with a different openssl version it would be good to be able to point to upstream docs to justify it. > if you want to reproduce it, you simply need to npm install grpc on Ubuntu > using > Ubuntu's nodejs. Loading and using gRPC (I can build a quick nodejs demo > project if you want) yes, please - I'm not familiar with nodejs or npm, so while I can do 'sudo apt install nodejs ; sudo npm install grpc ; git clone https://github.com/nicolasnoble/openssl-nodejs-ubuntu-demo', I'm not entirely sure what exactly to do after that to reproduce this. It's important (or at least, very helpful) to have specific clear steps to reproduce and verify the bug, and verify the fixed package (even to those not familiar with nodejs/npm). Also, I've built nodejs for bionic in this ppa, altering the build and runtime deps to use bionic's openssl1.0 and libssl1.0-dev; can you test with this build and see if it fixes the problem? https://launchpad.net/~ddstreet/+archive/ubuntu/lp1779863 ** Also affects: nodejs (Ubuntu Cosmic) Importance: Undecided Status: New ** Also affects: nodejs (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: nodejs (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: nodejs (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: nodejs (Ubuntu Trusty) Status: New => Invalid ** Changed in: nodejs (Ubuntu Xenial) Status: New => Invalid ** Changed in: nodejs (Ubuntu Bionic) Status: New => In Progress ** Changed in: nodejs (Ubuntu Cosmic) Status: New => In Progress ** Changed in: nodejs (Ubuntu Bionic) Importance: Undecided => Medium ** Changed in: nodejs (Ubuntu Cosmic) Importance: Undecided => Medium ** Changed in: nodejs (Ubuntu Bionic) Assignee: (unassigned) => Dan Streetman (ddstreet) ** Changed in: nodejs (Ubuntu Cosmic) Assignee: (unassigned) => Dan Streetman (ddstreet) -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1779863 Title: Ubuntu nodejs package isn't ABI compatible with mainline nodejs. Status in nodejs package in Ubuntu: In Progress Status in nodejs source package in Trusty: Invalid Status in nodejs source package in Xenial: Invalid Status in nodejs source package in Bionic: In Progress Status in nodejs source package in Cosmic: In Progress Status in nodejs package in Debian: New Bug description: Background: NodeJS has a native extension API: https://nodejs.org/api/addons.html It's fairly understood by developers that NodeJS's ABI is stable, and that one module built using a version of nodejs should work on another semantically version compatible of nodejs. NodeJS exposes various third party libraries to the native module developers. Quote from the addons developers page: "Node.js includes a number of other statically linked libraries including OpenSSL. These other libraries are located in the deps/ directory in the Node.js source tree. Only the libuv,i OpenSSL, V8 and zlib symbols are purposefully re-exported by Node.js and may be used to various extents by Addons." It's fairly understood by developers that native modules have the same ABI guarantee than the rest of the node API. The NodeJS ecosystem uses native modules extensively, and it's fairly common for developers to publish precompiled versions of their extensions so that the typical end-user can simply npm install their dependencies without worrying about having a compiler installed. Some packages will do their own thing (see for instance https://www.npmjs.com/package/uws), while others will rely on third party extensions to facilitate their work. See for instance prebuild (https://www.npmjs.com/package/prebuild) that has a handful of dependents, or node-pre-gyp
